From e8c8872bfaa72856a48ca170a6f98f88bf7b9747 Mon Sep 17 00:00:00 2001
From: Beth Levin <elizabeth.levin@microsoft.com>
Date: Tue, 23 Oct 2018 13:53:55 -0700
Subject: [PATCH 01/19] Added SE Labs

---
 .../intelligence/images/se-labs.png           | Bin 0 -> 4397 bytes
 .../intelligence/images/se-labs2.PNG          | Bin 0 -> 2989 bytes
 .../top-scoring-industry-antivirus-tests.md   |  24 +++++++++++++-----
 3 files changed, 17 insertions(+), 7 deletions(-)
 create mode 100644 windows/security/threat-protection/intelligence/images/se-labs.png
 create mode 100644 windows/security/threat-protection/intelligence/images/se-labs2.PNG

diff --git a/windows/security/threat-protection/intelligence/images/se-labs.png b/windows/security/threat-protection/intelligence/images/se-labs.png
new file mode 100644
index 0000000000000000000000000000000000000000..41bdc75e8a2af502a1d222da72540e328677475a
GIT binary patch
literal 4397
zcmV+|5z_97P)<h;3K|Lk000e1NJLTq00CS80024&1^@s6{LJCs00001b5ch_0Itp)
z=>Px#1ZP1_K>z@;j|==^1pojL*GWV{RCr$PozHLF#udkBxK!%2Me77b54}VN3KX#e
zShky7W8HeQjs5|(4n5lj{G&w=ZZ0ii8?f~kSU&brIX$)qJC_1&U|Rwr2LTFL=|2$V
z)W9P7`o3?5<Z!c+c9&dof4mQ1i`<nKTyo|+Z{B<J#-94%<F8EzSTb9me|BrtpDK!?
z%suwK5AKjZZW-G8{NK0E_!A}I<okD4Y--Mvjoz__juY8sYs_)JXS?zX*6d}O`6`Oc
z)17BGp2};AGUc2)d+!B)vf%8!e13f)jV%@2DdE()yXVQ+3w&QLTVq*Vhld~F0~2MB
zUVe6S%fHkpC(qt{;sn1tcAj7Fw5^;xcke#W%Fg4MOt${=`OOV^Lm8S==kAHtkfFVo
z&u+XWFD@7r!KE}^rKq>(PaB7=wTsr;+wM#S7dUH{?}@b+{Yy2VjU-7v`f~gC&Ju2j
zljrV!J?bFPG&|3(v*vdP4~P%B1z*N-meEIFytwg4c|#c*72H0--M8t9FaOnSXAODp
zgO6EM?4~<Y!98{M&Q;<8C=@d^Mz*A$W@NT)Opnvo>E1DOY;Sw}nhb>Rp1XI^QYLPO
z$ePmwg_^Q!JI`-E@MpED3a)o+w9L-48z=l>C#c}oM+H{}w==>H>|h}yT94DEja*!Z
zK`i9VUa5Xov!W0RZj$VuXxf6F1ypeBqk?Np<bNtHGC*uM;v_x;t8^5x1@POl^|wY*
zc81t8_Ai?#vbW)P^rwoVOaUsmEdw_~D7LVcAef^HZ9fp+rL=d6&4(gzW{tUe^6Z_8
z<*O)4cc|dD$S+R+c^N)if6Cfu9yB>Mg=oiVZ?z)2HhKuRgFjUir9)J3TO^L-B0z@e
z|I26BugMz?QiyIC+)5*LEhx$qpn}^Hr%&HM&K7NvQD7~7<PRGMqMI38h`F`qyt)<?
zrF&FxTjF(`o-eFhLwl26A@;?y>yIl|uC;3ADoV$w;I>3$=z>2)9f?+!;}VrtG{j!5
zTt(>?72LL<a%n7C+e#j*TYl=STv*leqM|6Bp@Q2QcG(}W`eobxs14RKV=gTv@d;i3
zuPEK3g4+RY7J`AV82;S4dA^FG)JFxkCCHY3+l<QE35udD4l1}UK^cAH4~-O^Q50q2
zP{D1B$QG-=*xHr4s*2Jz$PdQ~Nc{9KO%?g|`O~SO&NXSZu$FLDy&|c24`!+AmR1X!
zk7{B39bA!nGAoE9kfr7Pxt2&)%TprywCN!0FxA2!W=Wi^5ZT+7uaE!Wc=Z}-m%qc~
zG}&Koqa7Z7&rs#hY$5Y#m}^oCw<X+e4CO+EUT=vzu%b*B2pICO-S##XJ9k{g%0puz
zAcJBF$fmKEQG){l*=EH#TxZftpU8E}ED&2u^<SfGH+40RmtJ8fl1bDF!99b}4tLM^
zep!1lza|XKhgrWWxb3p$f68)O6chKSiqbd`qy0E}1@VMf;5Es|MsXve$0(kJV)aDX
z8mxAHcOxwE2_Pg89*B^Csc}T$&feWT^g0J!8}}j18eIjxX23nmMSr||W-p8I9&k<S
zQfL`8ER2Z$l%ds0FY~R7x)f&5rQoK*W;1_o5Dm)AdX^;{M?F73t!K-&QnPuN+i9&`
zHwL*BoU09*;Pcd_(p~oGutNMWR3b9Bb3p`B465eFlwvJsuxP9I?2RlwvQ9PbH~;ue
zc+Up46SZ(#CP|aN3SsuiyJzm|?g2_;U}|0!Tk`-5U(or787v_#sL_m~_WalW_w91i
zOT%UA%>swdc2;C|4VCVWD#VYxa@karf8W0()@~j52L>6NMh^>@0b8?alAOUk8zzSx
zMicHC|6w8egEj$B!EG7W;LC>s@L(`)(^>~gT|~sJy<ZjE-bcfTMn8x<BuP@X)dmY7
zLEsR_z;!}wtudEI-SNcj+gJ7_xIf12L$9OcYH2akZk)zz<ILpTY_;#20zb0~ZU^9@
zRILYwAGQQ4AiO*(PFpIBG8<HCF4qv-9B&{<wgNu4DWf3iB@ZPKMP>_@q!X&q!QWx&
zx<8dcVVu4bMQ{fc)Y^eX`Zr}|yhdCm4)x)7j5ycr-~!?BOCddn8v~{*o%wnDcJ19D
zW5;fc2SVBQG}n5V1s|^XHjR<~1*;KmggU~J<NT~XrI7_vrt@Qv`*3r_jS$hQ%iyU;
zH8w&U++Pa8JBsl8;hLJ-;F8<SD{eC){t#fa?~34NWY%n!PE2r3&;H7q=$1eG52fjE
z{qe*}VzWER!K4nDUhT&zTPEi4Xe-fUY@gn?09OTfLhyInd48j`RHlqs5L~25iPgw7
zeT_}*xZ5wduuNUu=K8omU;4E_9Vxi$0$%VXqZ!r@zU5#xAek4K$r7!@1yT{*Hu&4`
z{$YOf=Ksv!w|{2-^w(edS0@i@!|r@`YwCkjuz1Nt7xIpCC@fO^->1%(H91spXG3t^
zY{_2X4t=~S>o!MnQoWBePI_;R^Vy-`^1*|qx0r$}t~6SPw{pXoLDTIJpZ!MCdz#;`
z)_u4?e)A{hhu?eKEXA$r{LBFH#0b0d?7DS+Am=|D2&Parx{rp8DU}<kCkuSfupS!!
z_nqtwWmM31SY%Eh0M(?}3YLm#|Na~Mwc`u$E&Id92tSk6W#}At8)bzhObr_r{gwLc
zsrT=^^2aSe-~Yp}w|@GAWBX?N)!W%${`vF&`Zp#5TZu)(m=z26AVf@w*ut<MmcFV1
zkl7-WtvBfp)jZtUuy7|ypY=Fa?syY!iKF1>RQOGYby<Y&h)G@>;Ct8}Z3oSGFxh0$
z6>*w%!R<#@sb#d{qN_e>JOskq%hs9*NT}ed;D&;m2Y}>_5okkj!|NR7IfZQ;v$!Vu
z%^)-_Y(~MzjmCs2BsY;&{#We)NHfc#7rLlIStMA|KlO(rl|jXdGJnWQ?E+|%Km~UW
z!1N9Q0$88@!Yiv?&fc3?15)N6Ou7Bx)Pn$(KOCtHDwgl^U&zc2mM;3tBy!<ZaOVh2
z^&!0diz<-u;HJci;(&-E{}iq%WH(?Ygy}eh1{n$Pg<_hGfADXX{@dvW0V=pGa17xb
zcChe)t#Yvf_Zg{3#`mO2;Z?z%L*RdkleoH)&DhJjdTnumxI$Pl@Ip|fidYuCU;)@f
zrVD055LHP>l=LrG8Zq~4&Jvc&U9m^WsK89|JH`s%6DPbFeD2+s*hvjkaOV_^*p+qg
z43>TRLuCPgbqC880xK)2WJROBEdKpKNS#GUyROV2RuY;A2soiQj89EmMSiOP^|=Pd
zio`{vFit4E7<|lC3{aAW$uj^qc-^VgN;nD?+&Km=2I)8jYUM5h;x1ro3|1^GS7)(0
zL|h@BPEb~1(P5DUM8@TR-&n(f1PRDWPWVkMAb5%$4g5z;Jv?BPd9T@c7J8o3?CLaN
z5OQvc5@ZHp@QUtZFoOjw0(?X+ybA7|<AMPtQ4~vRlQN%RK;7@9o8lfQtXPtPw-DFo
zH>5HbgcKHC<BKFZ#s=b;)pUtSDM%TFZoDNyX;}R{17KCJq>Z_IjkH1g1Qsv`JpWb&
z72G*Tf(SuHdfhR2eu3D=aa`0>aL@+)`LI~$QCtTRt`>{FW0{VR1f^m1^9%q5e6Si6
z7O)IvK_3Gc@Z1W}>dp@;xC?+a*(d(6(ioNb0d54hPhPom0>l8;*&>K+2#a0O#*-wO
zs4FDThle``H75Ffzi>H(x$r8u3qWS0paEccurhC;fOc-#ioem)wPBXE&Lx&QF)A>y
z<-T8WJ9ywn&$Am;a2J4ZS_NOzu(^rKY=Gx!BXh-{GFAdz{$v3um%1M_$2zg@T_v<~
z5t20|dGIQ@Er1Sz=;cun%t=8})sOY9`BnvYj(8oX=feQmBr0)*gj4ouqmrUUrc<AF
zoWzBD0nZ2iTov32lc(qKEywcOa2t=-=ueGV#Nspa3=80g{ty(kR~M4BOo0naN_GLB
zLzbCG{*<vFs^GRjZhg=QH9DJwh=SbPaP^ro57_Ye5^ejVg@pUs1%HTkUlg+GjK~(E
zkASrb?t}@acM#q#cILI#mKG3AU_UaYV@jW8B|zFB)^rny8U?uS!h$tvns)BT4vXm^
zV6B2XVKA)-BbKawjcqkO0!1Uth>8?3W&Q|vFK7y9B)D3@(@f~gMqcbFt}}@BB!bDI
zdk5F1g4+W9R&JX$YF#=?U;$-GV>>}8(*av`g%xGfaM443WGQ%`k&scnTyFFM*=4su
zAeIrCqE-msld`_;A>i-wI7<>IjT=MNIt#R`g4+Ualq*w2!o0jmg2rU2Ocxq;)K_K$
z%IF(^SX&H3(0;I(BDWfIY-E4z568#ai%s@{q_;0cdE6Q8R;KcYz#_X+E`y#xt&uQ@
zM|MvIw<RP+Bv^lqyu4AW42^?qy&fjR_pk~^nLC2OOvPVc1BfjwKG%LwNeorP9QFOV
zE^y1@v)M!+fJl<HWhFeK^<gtLBwsnGgckSWX02Qs6-(*i&Qrl{2{eE>?XBjbixE|}
zz?qPxi=01<-2RlUAhSNHeVUYR39UH@WZgC;V%tk(4>t_d6wxKq3yQT+%{*MT^zyid
z&Fp3!s}k25_m(zGE1Wj4+RGgeN1VpxcIs?-Hx<~%bIAK3?jziJD!46Dh;ERYC8PWS
zm4(Iu4G?AGu!h^e#Lz~6)i7m#5Nl4>@H;Sj8dt<%ak6Fm0>XoHGFCPsU3$G#wAs4#
zI9P1=uoBA^e6h>DIDRpXrCSUPfh)l+HW&@uzp#v{wUN}h^`~Qj?~|`CbJz{I^HgwK
z1`ij7!NdBR7zOi^ZsT?oG(H65q_YGOWmpnugwiRMxy4y^<*FuFeWSD`{H_fAvVo#q
z7R#2hwY(lfrTx^b$6>9z&ZV@6TC=<PY;P3H600_=1B3LZu?zK}08OQKG#f0qALv*9
zm7&1z=l8L&x_MTc2hO>#w})<%ULqr4isI0&!Bn9QByC%3cTw$VP@qdj_c&SMFSf#;
zaT<#%%4wBrfEM3*#Oc)_DqBdiRl*~8>*CGd=aX@^=57j^HRJ=CxP{tXKr+ntcT30n
zcbw(66wyF;Qr?ExV!gn>cR3UY7S(J0^%(f`v0_rhc${s{%Wcw)lsLq(TthE?Qdp^S
zZ?i{9nm+Dt_hp;6_sNoM0p#8x^pn*l0>Wb1R%VCpdQFr)I>;r5>%vw(lts&tA^zJk
zD+u2Qv)X(h=uB|^h&0)1Mr6;k;L4YuHo?uosLsNAyYi3*!W|ro7Azg-25{(JQ!-WS
zW!IYW*@lAK6|g>Fh4|CfsR(Wd4Ez0MAkWap2DK*yzbspn=6F@GO3-#-c@DA^!+U^Y
z+@lKIAi>R%G_k?PhqU{{t~X8h*P0O99C2@?kq;R5gX_V7WcK*FRt~%_Z}7zF(nfeM
zJG5}yWm*L{M;z>At_*(2M}r59z?hBcanr#u72Meo+?+v{+Chjou<>({C7c77m2BA~
z5VqqPD)lNS7hL$82hF@j=>rg2<l0WM1f`oXp#I4y&mDqH>-|ETqk=nSV0wZTGbW=I
zr1-!ZfmO@*O{Q{uj*-<pNEGKF+NK^`C9juu$Ms(+^NVCGa9hGo9|(4#J+bQT!H=3{
z<}0L>A<JQ!+72vCO6<ibGVicO&K4xHB3Q`8s-*2f?uJPM|8^8Ftw^6l4l-dAPIpb%
n>&;U36<g<9sLFSEKQ!k5gwAxd#EUxY00000NkvXXu0mjf<w<l;

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/intelligence/images/se-labs2.PNG b/windows/security/threat-protection/intelligence/images/se-labs2.PNG
new file mode 100644
index 0000000000000000000000000000000000000000..630109a89702f9dfd739ba5759cb0486be8a1e64
GIT binary patch
literal 2989
zcmc&$`CF6M5)Kwb#8yxiqsSIEBZvwJUnMLO0+C&|vX}@4VpT*Et)@UIsUTZ{unGDp
z6lhf}pnzaBK%rPjLcTQg3J54DUx>&iVToZ0jeTzK{SWT_;mkR6p7)uVGw;lECez>7
z<MXY%w;~XT&+(qv69|M7S#c(B*{qNwg6{#vrbIpAaSTxh=}jsWWwNV}D+2K-Pkk*)
zMWL%*^bDgS5MTWEX(@Hb-y<Oq>c{X{*PyF}8L<6<U8uIpdP>ty?6V4uJ;F}gO6H*Q
zo;c+_np#@eKb7&!Q<@BH*RhVy--$o?{DD&rIBJyk)7J&F=}Yr75BG}sw{56UZ`)j*
z$}Q>Z^@NFDFu8vkuwidMiN#jyal^3HhW|6+2Cp&m);~P_*majce;TaG?Eaq87WJAY
zZspC%Kh*Q~*UKj*GHdp{iIcoHue|HJ^Gcs6O*e%u8?vV_!Rti%O8kwMQTg1T@ylu7
z2r_KOO1qb3C*=l|f;Cjn(U-sb11P9IX^HIi_Ks++zkDNE*5TE@;nHc<A^kRcCSp{^
zpKivfcE353?{j|R2m1}lVlc--?6j?Tp|L!1X>$Mik28sdHpN3=k?a;4iI>oo>oKck
z19EYrCVTXOBoHbHfRg<o`_9pg`Eqlf4s%giB3iO5i0Slp=Z|8PZ;N_KqzI2LByTHM
z_GOL_r1~<Q(x&uPdQY@_pC?V-8ypGQ?n(yAAL}G(DG*%Nb}q{y!zQ%1wFGtVX%)Yf
z5%O;z&)?v)Jr@Z)jf2Hbaq;ee7Y>lR0=k=p&-u>u<u;`w+Kc^})u3q=xLN_K7e0tB
zvB7=!;q)F5(OmK0+wdK9E!pNbC7k~tcdGg36cO%tN7Rr-mPpZvswh&+L|3g%9Q!JK
zaI@b<L$Lo=E;sD(-=SGJcI&C-+IoyvU7GTT2L67$yK4z^>=#TZ?w^p%oN=MZe{7Ym
zHQ{0=_mMxP)k56);rxPCh6^x|COSkyZv2$Llip@Lj=Q)fm?NBS!9k1J<mtP~yM^Vz
zpwqbhmB`BN@KTw%t|+n;go|$+DWYQXw=>*qg`;+<Ma}ZS+EaL_cD>RWL(Q5&!5Z^7
zT}H^B;ehUSILE}5p&bA{t}y0H-dw41tHzeo3{o4cGY;nwyY!J56LMGSLK)r2iBM&r
zoD4ty=$%w|UGJrIG9hYs`(EALuvyg<gG|bSFB*7i$BcvBfB_?Q3%Id)hgnPXXa;7Z
z<jByL`+XrnyhU}Hm1ygnkKgV@Wqv~DH-k=b^_<{qxBV<Y2M3N`s)B7#*fZBN|M-p|
z$gVUCiEr*3m#y3fIhpTt<C@_ul$_=*@(ZT%DN_j?09re`NtA^0R`JO{m^h%CSOE&|
zUjL2}8FPUdRbmtOT!NrA{Pez;5jz@AwIpgzBO5_+V$H|L7UDe&liSajon?Boa?|%<
z(;}1e=l<NM*CM@w0r8<hRP0!(M?_>_OMysFmSrf-iE)~(P0n(fuDv>$Lbz$<>`@8E
zYgB6l_t{>(oyjHV7F^bGo2!^P9#llFvrK%|ly&w-(pghpnadfBZ-dZ0I_?7MkB?Bv
zPJWT2TnmdrqQ%Vl!a2H3A|NJ7BrDQ3hgJIAy^s#2LPPWE$b+nV;maX`UKV0%)cLB)
zDLaU^ufk5+2y)u3yiin<u#TV2PKTUk(oQD?y`eTz<df2NI!)RlP;~gjUGnJMUTu*c
zwiABF-L6tTX&1(@B*V|)X>GFA3rDOwpt@MAOLLCs{w^VVZn^HjLPO_GfJ3gd#-PP0
zq%pZf57(X7CVMN&t505*a9fC_$?YB^S>WA+fJXO;VE#%(JqHvye!F+}JetQc4|`Z^
zzOeS{j`_Bp?v%LU3{W5qmjGEt6emW$xW`T`Zd+XO;nKDini7AWaOq>WtBTe>4x$E`
zl-DQJ3dfW5@uMf`Xt9cZHfZAwKC$h6B$fmM&Q21a-;Yz$?_HCz(nrc8YVH&-Y|0CO
zlnUd~leOn4T-mZwJMw7%4JL9`XEn?RqOmSm1z>ir(bZ`+pzhUP$`=h^Wm*;Dfr0A@
zYLg9JX=C|8K|gv0D3F;KX86Y^;&p6Y4;>>us04MNr~+;!Q$t?Qb0~GHGVTjaUU1+(
zE0uA9c5quwjTw1)-%xyVfeBF)9wVhK0<pmpPbq{k0=zBJtcp_i87+%6fsQ7){VOOZ
zDP7*^yhV*8(yM1rfFf__h$!cmQdXk1CfkFM_iiJ+XknAoL~MDx|9u!RfCvzw%Mz-M
zv9Yz<u`!=2@0n!>{ctY$aKiVDCfhlhSmF<<j}(G0+rb>G)d!&9dK-ylD8if$2!p22
zHMNIAfjx;s@U@b7N8ClpIgBvQ9k9OWM@e^NMeOhg%GFP6pY9guuh&?L!T2h74qJTH
z_l65@dO%CW{<W0@gl_eQ6y303Xua@csQ?!PG<Ips7?j1cqMf6MxwO>8LMk15-`$Zb
zbEKr?hghR|K<Fb60goLIYAJd^*TD-qpUp{K%r)Va*|mJKv@6&>7HF9j2T)?yrQ0OM
z+@2V1g|9FQbY;ZDMCt}-zHT@vO46^w1_wiMXjAf~`5o~3p0dvr-Wp*r<_hU@zO^p?
zSA{LAp?Q@x=7w!W4Y*(fwGI=!oQ_z9meyK`RiMcJj1KeMtCz@6`8pi50%~1pZHZqZ
zO|7f$G9^=Nbv4MMp`OBMoFW|)pLbZYnQ9uO$)*c_K>2SL_=iN{0b%&wSU}4Dx@7p|
zvvxg{udP)mW5BSx$^e#IC`cl60YArR*i>(rD{yErYoIvg?XpL6^<nbQsO6rrcbCC%
zgQZ>?UqFD@r;?v5J~nl5AGtK-U=_(ld&lspAD&$%7BA4c_~ZJLsOid9cJna0;y##Z
zcle~SfwbhTqd2yHlexjIJKC~OT)d>DgOS*HBX}obXA;lk1SEb$j&pE(t~bRp8o&2t
z#0~ET(2dmec<D91ZX#kh>NSqIyl7Oq98;~U2v!^37U(K{QWTvc=`w2$(NWN~t2?Ri
zJddMYmVWWxanwN7D+~n}J8wUHX2xJtu-YOj6(1T#oyqkggd;I>Mefm*boQb~YGg!A
z58a>NCED-WIm?0rA#p*>;Ng;t!#uNW<lEN%rRkCKp6ej$T<)IrF=|4e;j)%#plb`9
zIM?=zqV)XnkP8D#feq(152$rtJALdAA{{5{T=i}SPbn8ntYhFzk5%sp)Y}ZT!!ciS
z#49h3I<yUx5>yV=!Rj)X0~$<q_8mV+x!#BBI7D)eC@r+{UhNqLh?52>e%Y!F`Ak|f
z^%i#4?c&T=^S37-?e5_7%EqLcsUP=qke)X!f2-}dcI#Gt#5-ZRmGE2EtM4tvRgA*-
zyLSm#bJi+x&X*{;OVP%>soh~vpd|4eL(W`ieR3ql0SUGGF3$4o^wYq+3^WBgh{Tt&
zus7Awh-)~;(ujeX-it1wkn;7AdhV-8A`W-%g+u6!Xsj!zqAt^H?p$`!+r*xAqj%$O
z#?>jX-T2Y7uZ6QG47RK=#l6CjU%)U*MFR$n<^paKL;Q}L)!Ac@pEMP(G7gcaQK~)6
zESmq1d6CGVqrUe0$%?5ihoYmoFXR6yx<wKv>(nOu4AO%aiV+)uclX8C9XrMN3+IW@
A_5c6?

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
index e984e5abab..2aac833609 100644
--- a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
+++ b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
@@ -17,7 +17,7 @@ ms.date: 09/05/2018
 
 We want to be transparent and have gathered top industry reports that demonstrate our enterprise antivirus capabilities. Note that these tests only provide results for antivirus and do not test for additional security protections.
 
-In the real world, millions of devices are protected from cyberattacks every day, sometimes [milliseconds after a campaign starts](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign?ocid=cx-docs-avreports). Windows Defender AV is  part of the  [next generation](https://www.youtube.com/watch?v=Xy3MOxkX_o4) Windows Defender Advanced Threat Protection ([Windows Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports)) security stack which addresses the latest and most sophisticated threats today. In many cases, customers might not even know they were protected. That's because Windows Defender AV detects and stops malware at first sight by using [machine learning](https://cloudblogs.microsoft.com/microsoftsecure/2018/06/07/machine-learning-vs-social-engineering?ocid=cx-docs-avreports), [artificial intelligence](https://cloudblogs.microsoft.com/microsoftsecure/2018/02/14/how-artificial-intelligence-stopped-an-emotet-outbreak?ocid=cx-docs-avreports), behavioral analysis, and other advanced technologies. 
+In the real world, millions of devices are protected from cyberattacks every day, sometimes [milliseconds after a campaign starts](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign?ocid=cx-docs-avreports). Windows Defender Antivirus is  part of the  [next generation](https://www.youtube.com/watch?v=Xy3MOxkX_o4) Windows Defender Advanced Threat Protection ([Windows Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports)) security stack which addresses the latest and most sophisticated threats today. In many cases, customers might not even know they were protected. That's because Windows Defender Antivirus detects and stops malware at first sight by using [machine learning](https://cloudblogs.microsoft.com/microsoftsecure/2018/06/07/machine-learning-vs-social-engineering?ocid=cx-docs-avreports), [artificial intelligence](https://cloudblogs.microsoft.com/microsoftsecure/2018/02/14/how-artificial-intelligence-stopped-an-emotet-outbreak?ocid=cx-docs-avreports), behavioral analysis, and other advanced technologies.
 
 > [!TIP]
 > Learn why [Windows Defender Antivirus is the most deployed in the enterprise](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/22/why-windows-defender-antivirus-is-the-most-deployed-in-the-enterprise?ocid=cx-docs-avreports).
@@ -27,20 +27,19 @@ In the real world, millions of devices are protected from cyberattacks every day
 
 ## AV-TEST: Perfect protection score of 6.0/6.0 in the latest test
 
-
 The AV-TEST Product Review and Certification Report tests on three categories: protection, performance, and usability. The scores listed below are for the Protection category which has two scores: Real-World Testing and the AV-TEST reference set (known as "Prevalent Malware").
 
 ### May-June 2018 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/june-2018/microsoft-windows-defender-antivirus-4.12-182374/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2v60I?ocid=cx-docs-avreports) <sup>**Latest**</sup>
 
- Windows Defender AV achieved an overall Protection score of 6.0/6.0, detecting 100% of 5,790 malware samples. With the latest results, Windows Defender AV has achieved 100% on 10 of the 12 most recent antivirus tests (combined "Real-World" and "Prevalent malware").
+ Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, detecting 100% of 5,790 malware samples. With the latest results, Windows Defender Antivirus has achieved 100% on 10 of the 12 most recent antivirus tests (combined "Real-World" and "Prevalent malware").
 
 ### March-April 2018 AV-TEST Business User test: [Protection score 5.5/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/april-2018/microsoft-windows-defender-antivirus-4.12-181574/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA?ocid=cx-docs-avreports)
 
- Windows Defender AV achieved an overall Protection score of 5.5/6.0, missing 2 out of 5,680 malware samples (0.035% miss rate).
+ Windows Defender Antivirus achieved an overall Protection score of 5.5/6.0, missing 2 out of 5,680 malware samples (0.035% miss rate).
 
 ### January-February 2018 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/february-2018/microsoft-windows-defender-antivirus-4.12-180674/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE27O5A?ocid=cx-docs-avreports)
 
-Windows Defender AV achieved an overall Protection score of 6.0/6.0, with 5,105 malware samples tested.
+Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, with 5,105 malware samples tested.
 
 |||
 |---|---|
@@ -66,12 +65,23 @@ This test, as defined by AV-Comparatives, attempts to assess the effectiveness o
 This test, as defined by AV-Comparatives, attempts to assesses a security program’s ability to protect a system against infection by malicious files before, during or after execution.
 
 [Historical AV-Comparatives Microsoft tests](https://www.av-comparatives.org/vendors/microsoft/)
+<br></br>
+
+![SE Labs Logo](./images/se-labs2.png)
+
+## SE Labs: Total accuracy rating of AAA in the latest test
+
+SE Labs tests a range of solutions used by products and services to detect and/or protect against attacks, including endpoint software, network appliances and cloud services.
+
+### Enterprise Endpoint Protection April - June 2018: [AAA award](https://selabs.uk/download/enterprise/epp/2018/apr-jun-2018-enterprise.pdf)
+
+In the report, Microsoft's product was called out for the extremely good results due to its ability to block malicious URLs, handle exploits, and classify legitimate applications and websites correctly.
 
 ## To what extent are tests representative of protection in the real world?
 
-It is important to remember that Microsoft sees a wider and broader set of threats beyond what’s tested in the antivirus evaluations highlighted above. Windows Defender AV encounters ~200 million samples every month, and the typical antivirus test consists of between 100-5,000 samples. The vastness of the malware landscape makes it extremely difficult to evaluate the quality of protection against real world threats.
+It is important to remember that Microsoft sees a wider and broader set of threats beyond what’s tested in the antivirus evaluations highlighted above. Windows Defender Antivirus encounters ~200 million samples every month, and the typical antivirus test consists of between 100-5,000 samples. The vastness of the malware landscape makes it extremely difficult to evaluate the quality of protection against real world threats.
 
-The capabilities within [Windows Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports) also provide [additional layers of protection](https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses?ocid=cx-docs-avreports) that are not factored into industry tests. These technologies address some of the latest and most sophisticated threats. Isolating AV from the rest of Windows Defender ATP creates a partial picture of how our security stack operates in the real world. For example, attack surface reduction and endpoint detection & response capabilities can help prevent malware from getting onto devices in the first place. We have proven that Windows Defender ATP components [catch samples that Windows Defender AV missed](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA?ocid=cx-docs-avreports) in these industry tests, which is more representative of how effectively our security suite protects customers in the real world.
+The capabilities within [Windows Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports) also provide [additional layers of protection](https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses?ocid=cx-docs-avreports) that are not factored into industry tests. These technologies address some of the latest and most sophisticated threats. Isolating AV from the rest of Windows Defender ATP creates a partial picture of how our security stack operates in the real world. For example, attack surface reduction and endpoint detection & response capabilities can help prevent malware from getting onto devices in the first place. We have proven that Windows Defender ATP components [catch samples that Windows Defender Antivirus missed](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA?ocid=cx-docs-avreports) in these industry tests, which is more representative of how effectively our security suite protects customers in the real world.
 
 Using independent tests, customers can view one aspect of their security suite but can't assess the complete protection of all the security features. Microsoft is highly engaged in working with several independent testers to evolve security testing to focus on the end-to-end security stack. In the meantime, customers can evaluate Windows Defender Advanced Threat Protection in their own networks by signing up for a [90-day trial of Windows Defender ATP](https://www.microsoft.com/windowsforbusiness/windows-atp?ocid=cx-docs-avreports), or [enabling Preview features on existing tenants](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection?ocid=cx-docs-avreports).
 

From f68e8d10aa35477fc47e8ccba11b907e7500999e Mon Sep 17 00:00:00 2001
From: Beth Levin <elizabeth.levin@microsoft.com>
Date: Tue, 23 Oct 2018 14:10:24 -0700
Subject: [PATCH 02/19] Product testing update

---
 .../intelligence/top-scoring-industry-antivirus-tests.md        | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
index 2aac833609..e192cad54c 100644
--- a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
+++ b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
@@ -77,6 +77,8 @@ SE Labs tests a range of solutions used by products and services to detect and/o
 
 In the report, Microsoft's product was called out for the extremely good results due to its ability to block malicious URLs, handle exploits, and classify legitimate applications and websites correctly.
 
+Note: The product tested was Microsoft System Center Endpoint Protection, which is the same product as Windows Defender Antivirus.
+
 ## To what extent are tests representative of protection in the real world?
 
 It is important to remember that Microsoft sees a wider and broader set of threats beyond what’s tested in the antivirus evaluations highlighted above. Windows Defender Antivirus encounters ~200 million samples every month, and the typical antivirus test consists of between 100-5,000 samples. The vastness of the malware landscape makes it extremely difficult to evaluate the quality of protection against real world threats.

From f47f17af9b7daf596d02c620c10c1a61fe49e582 Mon Sep 17 00:00:00 2001
From: Beth Levin <elizabeth.levin@microsoft.com>
Date: Tue, 23 Oct 2018 14:52:04 -0700
Subject: [PATCH 03/19] More breaks

---
 .../intelligence/top-scoring-industry-antivirus-tests.md         | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
index e192cad54c..0363758dbd 100644
--- a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
+++ b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
@@ -66,6 +66,7 @@ This test, as defined by AV-Comparatives, attempts to assesses a security progra
 
 [Historical AV-Comparatives Microsoft tests](https://www.av-comparatives.org/vendors/microsoft/)
 <br></br>
+<br></br>
 
 ![SE Labs Logo](./images/se-labs2.png)
 

From 29e2bc267e34b2d5a993f661d5d86b703d0deeb2 Mon Sep 17 00:00:00 2001
From: Beth Levin <elizabeth.levin@microsoft.com>
Date: Wed, 24 Oct 2018 10:32:23 -0700
Subject: [PATCH 04/19] Updated SE Labs

---
 .../intelligence/top-scoring-industry-antivirus-tests.md    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
index 0363758dbd..00adfed351 100644
--- a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
+++ b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
@@ -72,11 +72,11 @@ This test, as defined by AV-Comparatives, attempts to assesses a security progra
 
 ## SE Labs: Total accuracy rating of AAA in the latest test
 
-SE Labs tests a range of solutions used by products and services to detect and/or protect against attacks, including endpoint software, network appliances and cloud services.
+SE Labs tests a range of solutions used by products and services to detect and/or protect against attacks, including endpoint software, network appliances, and cloud services.
 
-### Enterprise Endpoint Protection April - June 2018: [AAA award](https://selabs.uk/download/enterprise/epp/2018/apr-jun-2018-enterprise.pdf)
+### Enterprise Endpoint Protection April - June 2018: [AAA award](https://selabs.uk/download/enterprise/epp/2018/apr-jun-2018-enterprise.pdf) <sup>**pdf**</sup>
 
-In the report, Microsoft's product was called out for the extremely good results due to its ability to block malicious URLs, handle exploits, and classify legitimate applications and websites correctly.
+Microsoft's next-generation protection was named as being one of the most effective, stopping all targeted attacks and the vast majority of public threats.
 
 Note: The product tested was Microsoft System Center Endpoint Protection, which is the same product as Windows Defender Antivirus.
 

From b04ea8ad8982cbba3411610ba2b5bd310b40b6a9 Mon Sep 17 00:00:00 2001
From: Beth Levin <elizabeth.levin@microsoft.com>
Date: Wed, 24 Oct 2018 11:27:25 -0700
Subject: [PATCH 05/19] SE Labs update

---
 .../intelligence/top-scoring-industry-antivirus-tests.md        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
index 00adfed351..c45c89dd4b 100644
--- a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
+++ b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
@@ -76,7 +76,7 @@ SE Labs tests a range of solutions used by products and services to detect and/o
 
 ### Enterprise Endpoint Protection April - June 2018: [AAA award](https://selabs.uk/download/enterprise/epp/2018/apr-jun-2018-enterprise.pdf) <sup>**pdf**</sup>
 
-Microsoft's next-generation protection was named as being one of the most effective, stopping all targeted attacks and the vast majority of public threats.
+Microsoft's next-generation protection was named as one of the most effective products, stopping all targeted attacks and the vast majority of public threats.
 
 Note: The product tested was Microsoft System Center Endpoint Protection, which is the same product as Windows Defender Antivirus.
 

From b2528f5e1f47c6a124483199cd5f04397c4eb5e4 Mon Sep 17 00:00:00 2001
From: Beth Levin <elizabeth.levin@microsoft.com>
Date: Wed, 24 Oct 2018 16:23:33 -0700
Subject: [PATCH 06/19] Update SE Labs

---
 .../intelligence/top-scoring-industry-antivirus-tests.md      | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
index c45c89dd4b..3eb922192c 100644
--- a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
+++ b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
@@ -76,9 +76,7 @@ SE Labs tests a range of solutions used by products and services to detect and/o
 
 ### Enterprise Endpoint Protection April - June 2018: [AAA award](https://selabs.uk/download/enterprise/epp/2018/apr-jun-2018-enterprise.pdf) <sup>**pdf**</sup>
 
-Microsoft's next-generation protection was named as one of the most effective products, stopping all targeted attacks and the vast majority of public threats.
-
-Note: The product tested was Microsoft System Center Endpoint Protection, which is the same product as Windows Defender Antivirus.
+Windows Defender ATP next-gen protection was named as one of the most effective products, stopping all targeted attacks and the vast majority of public threats.
 
 ## To what extent are tests representative of protection in the real world?
 

From 557eeb305fa38f1297593ac2ba81679a8222a689 Mon Sep 17 00:00:00 2001
From: Justin Hall <justinha@microsoft.com>
Date: Thu, 25 Oct 2018 16:15:55 -0700
Subject: [PATCH 07/19] edits

---
 .../account-lockout-threshold.md                   | 14 ++++++++------
 .../reset-account-lockout-counter-after.md         |  4 ++--
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
index 1023c1e03f..f881b9fedb 100644
--- a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
+++ b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 author: brianlic-msft
-ms.date: 04/19/2017
+ms.date: 10/25/2018
 ---
 
 # Account lockout threshold
@@ -22,22 +22,22 @@ Describes the best practices, location, values, and security considerations for
 
 The **Account lockout threshold** policy setting determines the number of failed sign-in attempts that will cause a user account to be locked. A locked account cannot be used until you reset it or until the number of minutes specified by the [Account lockout duration](account-lockout-duration.md) policy setting expires. You can set a value from 1 through 999 failed sign-in attempts, or you can specify that the account will never be locked by setting the value to 0. If **Account lockout threshold** is set to a number greater than zero, **Account lockout duration** must be greater than or equal to the value of [Reset account lockout counter after](reset-account-lockout-counter-after.md).
 
-Failed password attempts on workstations or member servers that have been locked by using CTRL+ALT+DELETE or password-protected screen savers do not count as failed sign-in attempts unless [Interactive logon: Require Domain Controller authentication to unlock workstation](interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md) is set to **Enabled**. If Interactive logon: Require Domain Controller authentication to unlock workstation is enabled, repeated failed password attempts to unlock the workstation will count against the account lockout threshold.
-
 Brute force password attacks can be automated to try thousands or even millions of password combinations for any or all user accounts. Limiting the number of failed sign-ins that can be performed nearly eliminates the effectiveness of such attacks.
 However, it is important to note that a denial-of-service (DoS) attack could be performed on a domain that has an account lockout threshold configured. A malicious user could programmatically attempt a series of password attacks against all users in the organization. If the number of attempts is greater than the value of **Account lockout threshold**, the attacker could potentially lock every account.
 
+Failed attempts to unlock a workstation can cause account lockout even if the [Interactive logon: Require Domain Controller authentication to unlock workstation](interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md) security option is disabled. Windows doesn’t need to contact a domain controller for an unlock if you enter the same password that you logged on with, but if you enter a different password, Windows has to contact a domain controller in case you had changed your password from another machine.
+
 ### Possible values
 
 It is possible to configure the following values for the **Account lockout threshold** policy setting:
 -   A user-defined number from 0 through 999
 -   Not defined
 
-Because vulnerabilities can exist when this value is configured and when it is not, organizations should weigh their identified threats and the risks that they are trying to mitigate. For information these settings, see [Countermeasure](#bkmk-countermeasure) in this topic
+Because vulnerabilities can exist when this value is configured and when it is not, organizations should weigh their identified threats and the risks that they are trying to mitigate. For information these settings, see [Countermeasure](#bkmk-countermeasure) in this topic.
 
 ### Best practices
 
-The threshold that you select is a balance between operational efficiency and security, and it depends on your organization's risk level. To allow for user error and to thwart brute force attacks, a setting above 4 and below 10 could be an acceptable starting point for your organization.
+The threshold that you select is a balance between operational efficiency and security, and it depends on your organization's risk level. To allow for user error and to thwart brute force attacks, a value of 10 could be an acceptable starting point for your organization.
 > **Important:**  Implementation of this policy setting is dependent on your operational environment; threat vectors, deployed operating systems, and deployed apps. For more information, see [Implementation considerations](#bkmk-impleconsiderations) in this topic.
  
 ### Location
@@ -72,6 +72,8 @@ Implementation of this policy setting is dependent on your operational environme
 -   When negotiating encryption types between clients, servers, and domain controllers, the Kerberos protocol can automatically retry account sign-in attempts that count toward the threshold limits that you set in this policy setting. In environments where different versions of the operating system are deployed, encryption type negotiation increases.
 -   Not all apps that are used in your environment effectively manage how many times a user can attempt to sign-in. For instance, if a connection drops repeatedly when a user is running the app, all subsequent failed sign-in attempts count toward the account lockout threshold.
 
+For more information about Windows security baseline recommendatiosn for account lockout, see [Configuring Account Lockout](https://blogs.technet.microsoft.com/secguide/2014/08/13/configuring-account-lockout/). 
+
 ## Security considerations
 
 This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation.
@@ -91,7 +93,7 @@ Because vulnerabilities can exist when this value is configured and when it is n
     -   A robust audit mechanism is in place to alert administrators when a series of failed sign-ins occur in the environment.
 -   Configure the **Account lockout threshold** policy setting to a sufficiently high value to provide users with the ability to accidentally mistype their password several times before the account is locked, but ensure that a brute force password attack still locks the account.
 
-    A good recommendation for such a configuration is 50 invalid sign-in attempts, which prevents accidental account lockouts and reduces the number of Help Desk calls, but does not prevent a DoS attack. We recommend this option if your organization cannot implement complex password requirements and an audit policy that alerts administrators to a series of failed sign-in attempts.
+    Windows security baselines recommend configuring a threshold of 10 invalid sign-in attempts, which prevents accidental account lockouts and reduces the number of Help Desk calls, but does not prevent a DoS attack.
     Using this type of policy must be accompanied by a process to unlock locked accounts. It must be possible to implement this policy whenever it is needed to help mitigate massive lockouts caused by an attack on your systems.
 
 ### Potential impact
diff --git a/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md b/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md
index e735885b8d..d836f95a6e 100644
--- a/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md
+++ b/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md
@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 author: brianlic-msft
-ms.date: 04/19/2017
+ms.date: 10/25/2018
 ---
 
 # Reset account lockout counter after
@@ -60,7 +60,7 @@ Users can accidentally lock themselves out of their accounts if they mistype the
 
 ### Countermeasure
 
-Configure the **Reset account lockout counter after** policy setting to 30.
+Configure the **Reset account lockout counter after** policy setting to 15.
 
 ### Potential impact
 

From af48945a657a89daa2edc7b77ff680211a61911c Mon Sep 17 00:00:00 2001
From: Justin Hall <justinha@microsoft.com>
Date: Thu, 25 Oct 2018 16:37:43 -0700
Subject: [PATCH 08/19] eits

---
 .../security-policy-settings/account-lockout-threshold.md       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
index f881b9fedb..8375b9b36f 100644
--- a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
+++ b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
@@ -72,7 +72,7 @@ Implementation of this policy setting is dependent on your operational environme
 -   When negotiating encryption types between clients, servers, and domain controllers, the Kerberos protocol can automatically retry account sign-in attempts that count toward the threshold limits that you set in this policy setting. In environments where different versions of the operating system are deployed, encryption type negotiation increases.
 -   Not all apps that are used in your environment effectively manage how many times a user can attempt to sign-in. For instance, if a connection drops repeatedly when a user is running the app, all subsequent failed sign-in attempts count toward the account lockout threshold.
 
-For more information about Windows security baseline recommendatiosn for account lockout, see [Configuring Account Lockout](https://blogs.technet.microsoft.com/secguide/2014/08/13/configuring-account-lockout/). 
+For more information about Windows security baseline recommendations for account lockout, see [Configuring Account Lockout](https://blogs.technet.microsoft.com/secguide/2014/08/13/configuring-account-lockout/). 
 
 ## Security considerations
 

From 26edcbfcd4d20c134fbc3b0a6dbb31079fb56ba6 Mon Sep 17 00:00:00 2001
From: Beth Levin <elizabeth.levin@microsoft.com>
Date: Fri, 26 Oct 2018 10:06:10 -0700
Subject: [PATCH 09/19] Updated SE Labs

---
 .../intelligence/top-scoring-industry-antivirus-tests.md      | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
index 3eb922192c..828ae2e268 100644
--- a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
+++ b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
@@ -74,6 +74,10 @@ This test, as defined by AV-Comparatives, attempts to assesses a security progra
 
 SE Labs tests a range of solutions used by products and services to detect and/or protect against attacks, including endpoint software, network appliances, and cloud services.
 
+### Enterprise Endpoint Protection July - September 2018: [AAA award](https://selabs.uk/download/enterprise/epp/2018/jul-sep-2018-enterprise.pdf) <sup>**pdf**</sup>
+
+Windows Defender ATP next-gen protection was named as one of the most effective products, protecting against all public and targeted attacks. It showcased its ability to block malicious URLs, deal with exploits, and classify legitimate apps and websites correctly.
+
 ### Enterprise Endpoint Protection April - June 2018: [AAA award](https://selabs.uk/download/enterprise/epp/2018/apr-jun-2018-enterprise.pdf) <sup>**pdf**</sup>
 
 Windows Defender ATP next-gen protection was named as one of the most effective products, stopping all targeted attacks and the vast majority of public threats.

From 6ad2b0deda15bff3a6c6849d800428c48b9fd017 Mon Sep 17 00:00:00 2001
From: Beth Levin <elizabeth.levin@microsoft.com>
Date: Fri, 26 Oct 2018 10:30:36 -0700
Subject: [PATCH 10/19] SE Labs update

---
 .../intelligence/top-scoring-industry-antivirus-tests.md      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
index 828ae2e268..5f2f3fbb28 100644
--- a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
+++ b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
@@ -76,11 +76,11 @@ SE Labs tests a range of solutions used by products and services to detect and/o
 
 ### Enterprise Endpoint Protection July - September 2018: [AAA award](https://selabs.uk/download/enterprise/epp/2018/jul-sep-2018-enterprise.pdf) <sup>**pdf**</sup>
 
-Windows Defender ATP next-gen protection was named as one of the most effective products, protecting against all public and targeted attacks. It showcased its ability to block malicious URLs, deal with exploits, and classify legitimate apps and websites correctly.
+Microsoft's next-gen protection was named as one of the most effective products, stopping all public and targeted attacks. It showcased its ability to block malicious URLs, deal with exploits, and classify legitimate apps and websites correctly.
 
 ### Enterprise Endpoint Protection April - June 2018: [AAA award](https://selabs.uk/download/enterprise/epp/2018/apr-jun-2018-enterprise.pdf) <sup>**pdf**</sup>
 
-Windows Defender ATP next-gen protection was named as one of the most effective products, stopping all targeted attacks and the vast majority of public threats.
+Microsoft's next-gen protection was named as one of the most effective products, stopping all targeted attacks and the vast majority of public threats.
 
 ## To what extent are tests representative of protection in the real world?
 

From cb7eda9f2a1d101da5bf58ca32be8c751d533d13 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Fri, 26 Oct 2018 11:07:16 -0700
Subject: [PATCH 11/19] add note on alerts that are pulled

---
 ...g-rest-api-windows-defender-advanced-threat-protection.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
index 34c1292d77..ad62eb06f9 100644
--- a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
-ms.date: 04/24/2018
+ms.date: 10/26/2018
 ---
 
 # Pull Windows Defender ATP alerts using REST API
@@ -41,6 +41,9 @@ The _Client credential flow_ uses client credentials to authenticate against the
 
 Use the following method in the Windows Defender ATP API to pull alerts in JSON format.
 
+>[!NOTE]
+>Only alerts with a status as "new" are pulled. Alerts with that are "in progress" or "resolved" will not be pulled.
+
 ## Before you begin
 - Before calling the Windows Defender ATP endpoint to pull alerts, you'll need to enable the SIEM integration application in Azure Active Directory (AAD). For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md).
 

From 03d679a2bbe8b71a45b5159cb77b7a1ba10b49a3 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Fri, 26 Oct 2018 11:08:18 -0700
Subject: [PATCH 12/19] typo

---
 ...sing-rest-api-windows-defender-advanced-threat-protection.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
index ad62eb06f9..52d6e869ad 100644
--- a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
@@ -42,7 +42,7 @@ The _Client credential flow_ uses client credentials to authenticate against the
 Use the following method in the Windows Defender ATP API to pull alerts in JSON format.
 
 >[!NOTE]
->Only alerts with a status as "new" are pulled. Alerts with that are "in progress" or "resolved" will not be pulled.
+>Only alerts with a status as "new" are pulled. Alerts that are "in progress" or "resolved" will not be pulled.
 
 ## Before you begin
 - Before calling the Windows Defender ATP endpoint to pull alerts, you'll need to enable the SIEM integration application in Azure Active Directory (AAD). For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md).

From 8873df1656a0a0baafda35777f8936afc72283fc Mon Sep 17 00:00:00 2001
From: Greg Lindsay <Greg.Lindsay@microsoft.com>
Date: Fri, 26 Oct 2018 19:16:46 +0000
Subject: [PATCH 13/19] Merged PR 12399: Added link to SCCM doc on upgrade page

Link added
---
 windows/deployment/upgrade/windows-10-edition-upgrades.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/deployment/upgrade/windows-10-edition-upgrades.md b/windows/deployment/upgrade/windows-10-edition-upgrades.md
index 450da4c243..0ad3bfb8c0 100644
--- a/windows/deployment/upgrade/windows-10-edition-upgrades.md
+++ b/windows/deployment/upgrade/windows-10-edition-upgrades.md
@@ -8,7 +8,7 @@ ms.localizationpriority: medium
 ms.sitesec: library
 ms.pagetype: mobile
 author: greg-lindsay
-ms.date: 07/06/2018
+ms.date: 10/25/2018
 ---
 
 # Windows 10 edition upgrade
@@ -24,6 +24,8 @@ For a list of operating systems that qualify for the Windows 10 Pro Upgrade or W
 
 The following table shows the methods and paths available to change the edition of Windows 10 that is running on your computer. **Note**: The reboot requirement for upgrading from Pro to Enterprise was removed in version 1607.
 
+Note: Although it isn't displayed yet in the table, edition upgrade is also possible using [edition upgrade policy](https://docs.microsoft.com/sccm/compliance/deploy-use/upgrade-windows-version) in System Center Configuratio Manager.
+
 ![not supported](../images/x_blk.png) (X) = not supported</br>
 ![supported, reboot required](../images/check_grn.png) (green checkmark) = supported, reboot required</br>
 ![supported, no reboot](../images/check_blu.png) (blue checkmark) = supported, no reboot required<br>

From 0be53eeed6b01dbfa839aef5eddda0b8bf2080af Mon Sep 17 00:00:00 2001
From: Justin Hall <justinha@microsoft.com>
Date: Fri, 26 Oct 2018 13:49:58 -0700
Subject: [PATCH 14/19] edits

---
 .../security-policy-settings/account-lockout-threshold.md     | 4 ++--
 .../reset-account-lockout-counter-after.md                    | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
index 8375b9b36f..681ff23ad9 100644
--- a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
+++ b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 author: brianlic-msft
-ms.date: 10/25/2018
+ms.date: 10/26/2018
 ---
 
 # Account lockout threshold
@@ -93,7 +93,7 @@ Because vulnerabilities can exist when this value is configured and when it is n
     -   A robust audit mechanism is in place to alert administrators when a series of failed sign-ins occur in the environment.
 -   Configure the **Account lockout threshold** policy setting to a sufficiently high value to provide users with the ability to accidentally mistype their password several times before the account is locked, but ensure that a brute force password attack still locks the account.
 
-    Windows security baselines recommend configuring a threshold of 10 invalid sign-in attempts, which prevents accidental account lockouts and reduces the number of Help Desk calls, but does not prevent a DoS attack.
+    [Windows security baselines](https://docs.microsoft.com/windows/security/threat-protection/windows-security-baselines) recommend configuring a threshold of 10 invalid sign-in attempts, which prevents accidental account lockouts and reduces the number of Help Desk calls, but does not prevent a DoS attack.
     Using this type of policy must be accompanied by a process to unlock locked accounts. It must be possible to implement this policy whenever it is needed to help mitigate massive lockouts caused by an attack on your systems.
 
 ### Potential impact
diff --git a/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md b/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md
index d836f95a6e..8af58b7acd 100644
--- a/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md
+++ b/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md
@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 author: brianlic-msft
-ms.date: 10/25/2018
+ms.date: 10/26/2018
 ---
 
 # Reset account lockout counter after
@@ -60,7 +60,7 @@ Users can accidentally lock themselves out of their accounts if they mistype the
 
 ### Countermeasure
 
-Configure the **Reset account lockout counter after** policy setting to 15.
+[Windows security baselines](https://docs.microsoft.com/windows/security/threat-protection/windows-security-baselines) recommend configuring the **Reset account lockout counter after** policy setting to 15.
 
 ### Potential impact
 

From 4a8a69f511a3f18ad9677417d08f182e6a595998 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Fri, 26 Oct 2018 13:54:12 -0700
Subject: [PATCH 15/19] add link to ask overview page

---
 windows/security/threat-protection/index.md   |  2 +-
 ...ows-defender-advanced-threat-protection.md | 48 ++++++++++++++++++-
 2 files changed, 48 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md
index 43e37f1269..69c6127970 100644
--- a/windows/security/threat-protection/index.md
+++ b/windows/security/threat-protection/index.md
@@ -18,7 +18,7 @@ Windows Defender Advanced Threat Protection (Windows Defender ATP) is a unified
 <center><h2>Windows Defender ATP</center></h2>
 <table>
 <tr>
-<td><a href="#asr"><center><img src="images/ASR_icon.png"> <br><b>Attack surface reduction</b></center></a></td>
+<td><a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction"><center><img src="images/ASR_icon.png"> <br><b>Attack surface reduction</b></center></a></td>
 <td><center><a href="#ngp"><img src="images/ngp_icon.png"><br> <b>Next generation protection</b></a></center></td>
 <td><center><a href="#edr"><img src="images/edr_icon.png"><br> <b>Endpoint detection and response</b></a></center></td>
 <td><center><a href="#ai"><img src="images/AR_icon.png"><br> <b>Automated investigation and remediation</b></a></center></td>
diff --git a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
index b4a4da13ba..d4de5ebbcc 100644
--- a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
@@ -22,10 +22,56 @@ ms.date: 09/03/2018
 
 Windows Defender Advanced Threat Protection is a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
 
-To help you maximize the effectiveness of the security platform, you can configure individual capabilities that surface in Windows Defender Security Center. 
+<center><h2>Windows Defender ATP</center></h2>
+<table>
+<tr>
+<td>
+<a href="#asr">
+<center><img src="images/ASR_icon.png"><br><b>Attack surface reduction</b></center></a></td>
+<td><center><a href="#ngp"><img src="images/ngp_icon.png"><br> <b>Next generation protection</b></a></center></td>
+<td><center><a href="#edr"><img src="images/edr_icon.png"><br> <b>Endpoint detection and response</b></a></center></td>
+<td><center><a href="#ai"><img src="images/AR_icon.png"><br> <b>Automated investigation and remediation</b></a></center></td>
+<td><center><a href="#ss"><img src="images/SS_icon.png"><br><b>Secure score</b></a></center></td>
+<td><center><img src="images/AH_icon.png"><a href="#ah"><br><b>Advanced hunting</b></a></center></td>
+</tr>
+<tr>
+<td colspan="6">
+<a href="#apis"><center><b>Management and APIs</a></b></center></td>
+</tr>
+<tr>
+<td colspan="6"><a href="#mtp"><center><b>Microsoft Threat Protection</a></center></b></td>
+</tr>
+</table>
+<br>
+
+
+Windows Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
+
+-   **Endpoint behavioral sensors**: Embedded in Windows 10, these sensors
+    collect and process behavioral signals from the operating system
+    (for example, process, registry, file, and network communications)
+    and sends this sensor data to your private, isolated, cloud instance of Windows Defender ATP.
+
+
+-   **Cloud security analytics**: Leveraging big-data, machine-learning, and unique Microsoft optics across the Windows ecosystem,
+    enterprise cloud products (such as Office 365), and online assets
+    (such as Bing and SmartScreen URL reputation), behavioral signals
+    are translated into insights, detections, and recommended responses
+    to advanced threats.
+
+-   **Threat intelligence**: Generated by Microsoft hunters, security teams, and augmented by threat intelligence provided by partners, threat intelligence enables Windows Defender ATP to identify attacker
+    tools, techniques, and procedures, and generate alerts when these
+    are observed in collected sensor data.
+
+
+
+
+
 
 The Windows Defender ATP platform is where all the capabilities that are available across multiple products come together to give security operations teams the ability to effectively manage their organization's network.
 
+To help you maximize the effectiveness of the security platform, you can configure individual capabilities that surface in Windows Defender Security Center. 
+
 ## In this section
 
 Topic | Description

From f753ae02fda19502b7e05f7249ef3cfd7dcbc769 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Fri, 26 Oct 2018 14:04:44 -0700
Subject: [PATCH 16/19] add icons for table

---
 .../windows-defender-atp/images/AH_icon.png      | Bin 0 -> 3707 bytes
 .../windows-defender-atp/images/AR_icon.png      | Bin 0 -> 4124 bytes
 .../windows-defender-atp/images/ASR_icon.png     | Bin 0 -> 4524 bytes
 .../windows-defender-atp/images/EDR_icon.png     | Bin 0 -> 6095 bytes
 .../windows-defender-atp/images/NGP_icon.png     | Bin 0 -> 3733 bytes
 .../windows-defender-atp/images/SS_icon.png      | Bin 0 -> 2802 bytes
 6 files changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 windows/security/threat-protection/windows-defender-atp/images/AH_icon.png
 create mode 100644 windows/security/threat-protection/windows-defender-atp/images/AR_icon.png
 create mode 100644 windows/security/threat-protection/windows-defender-atp/images/ASR_icon.png
 create mode 100644 windows/security/threat-protection/windows-defender-atp/images/EDR_icon.png
 create mode 100644 windows/security/threat-protection/windows-defender-atp/images/NGP_icon.png
 create mode 100644 windows/security/threat-protection/windows-defender-atp/images/SS_icon.png

diff --git a/windows/security/threat-protection/windows-defender-atp/images/AH_icon.png b/windows/security/threat-protection/windows-defender-atp/images/AH_icon.png
new file mode 100644
index 0000000000000000000000000000000000000000..ff9c97c86ec1babf25f5923ca116b48201216dfa
GIT binary patch
literal 3707
zcmV->4utWEP)<h;3K|Lk000e1NJLTq002t>002t}1^@s6I8J)%00004XF*Lt006O%
z3;baP00009a7bBm000ic000ic0Tn1pfB*mh8FWQhbW?9;ba!ELWdLwtX>N2bZe?^J
zG%heMGBNQWX_Wu~4fsh!K~#8N?OS<pRn-}{?bH_8Vo=;mWhmA<)9K<^+d7WZX*;8~
zQ(If1Gqx4`m+ed|k`2Np7y%dD5Cz8xVATN;+QE?}C`(9Ql9!E;ge{N_LKXrcD<paE
z*KfJ!-TSsI<R*E4<acxKJ^T5--#zEM-?{hY8jNAU7$a*C7$a*C7$a*C7$a*Ch#j*0
ze(=#l(OwEZPFo>XFzRFpAsRz-mmk}U8<AagNr;ObniMfGvzU@zp(d*VxIQ5hPo$Tk
zhq8H|#S&pLL6%Rb0&?nsI3jD-hNI}E49<@w#FT+&vf}3*#Ow{_LY5$g_=+I|Ph{~j
zB(i1^S-cEm4Wn=1t-$bDWX;}CX3wk`f(v9t)5_#Wx@z3yFgTtqWU<Y1EW;2)$&LW7
zIq=#8flFjjFmeTCG!bXuvpGzz9haGva3HV@InN1G-$rN+1Fadoyl+Hn<>E5bA;Lw}
z9FxZ}<8V5`DRCX<5n1U+(e3l;Q_`wudf{iM!p<=%g~>O0cFDjIxy`WIELFofs4cot
zh0na)y6H;(C^8#?$z-#h*mMk?l)h}0u}81H8KQ#wQCRUn(plyX+#|~&r-D<goaUM{
z&z38cXdxC(H1}d_$ptLiU5%$cJcS3=R^r;^BHX&H1b<Agz}#(>SesRk?CMT5bbtu-
z3vmi1&k&|(KIurBvdJABOdr8;bs6emr6|I234WjW=pB@Kyw#7F_npN<Zymu6sa{M-
z%td@kE^c1v#SM##@zs=4jGJGA+ZN^Hh6VYUoRo`+i5}ejViBJHxB|OQb%Hn+-(DB0
z-Voh3@u0)!%DTD?4KX4-olWdADN@l1{9|(&Ze8fX_=H?cO+19(ynhO7iZ3Fwp&iFs
zyYbl>KPFNB?>C-6Rfi9S&0W||`^33Bn{n6kUQ9~J#-yYi-1kx*wjXapEA_1#B}1E1
zr*vICWzkv=i_KE1bjh?+^o`60+_AV2*CrKX=JEopJJN$1BCnTcgJ0F<7RD)^&D$N)
z+T?R+r_QJw{AJ5IOrY6z9WB>K-z~+lwjQx}etIBieWhzC;PE2C6|$srODh$(SMGR4
zJ4o?k7)OfDTv3KK-b=VZwo2=SC`N4q+nsddlyWargGe<qr<>xrbv<}|<7teae;Cu3
z7vrO{PIPf~DmRC8X!>>uLncdAwnSumLCUZ_@izHz|4Rj!n3RWEn<`M=q69{Sm2G?Q
zmQzZ>x=`Rl!Q{0P5APLR#I&V_h)?!l)qy6oF*iJ0tri;GgDYe)N#^eJ(kf{IzW;)U
zjJF3%GV0MnO4v&-7*3UxtOG)paY{Al!Qh)Aej3Hut?)Em!JVlGFgY<BX<s&hR=3vG
z>aM~CvUswqGJIoeNQ3)Vkxii)wenD#+7l*|4~a{&0G!Ey%}S@4B`b(a?HZc0&SIl<
zp&g?^zO&SWxcOe1ZS6#&%HwS723)XNDj18-Gic6-C&@+?AbD4#+7YL`p|YE_Fz6Su
z*k;+=9XVOxh!UhRt4L-nP<Xx<GhQgc?Mn*aA>Truk1Cm4aAz6P!FTh6(oRfF$iidq
z9Y=k)imBTbQA;nXA)gdnE(-fm)CAo7LMG;JJ+8}^pQl{R)vPv-mIO{IDZC`Nl(yo=
z)I$7x^<gw~J8@%Ti7Zlz#XWrm`0k?p_|^gs3TcWNqLeHrIBn-iYpY%l1$GfS$hvE<
zrmhBO%7AlC-8L%t=hoBYt7YT0+)MI6@d;t>zy-3{n+8_yYY;n?nsHXPGwezC38%(N
zt@URs&sP~hOC>nZcHs7E7t3geaC1r~rZ3JGUoQM+T|FX_WrP?Q{HUeb@T0UG+(kyV
ziapVw)}g&cN}DS;4lQRm^OQzDOxn)#$pdBSo-?wIT3g&HH1-G6Q-25}ONX{Yf8fXX
zmhyI7pPYwhKCK3=MuM$Mcu&rBXjy;Yx;*Q`doXnIL@Mv_V@lE?{PLaSXd~NcPcBp2
zMp#a8aS)=A71l*m@DuNuEft7MIE20RmcZ5_2<ysZgcS?`T;E!<7J^2zPAwFE@p2Yz
zvGQ=ZnIAo-(1gh7yENi5<mxI=e~lUEDcrX*2S0c*5A-mj2Bw8x1MMSr7BRCAIEd*3
zG?}p8+lukD6gQN03}}RaBz@SpsLRk9>kB2c|GPakn|z}a0q@zVkm*H3XvqL!Rh5e<
zV?6*U9x&jhJGydNQOgx_QVa3i&I<#uThd5l(x2%p7!k<gh9ZiXTlQbr4n+%l>bem>
zKNs_MT_oemFZOt|8(L5OFy1q&DE7HOn3{TMoRw#{pqrk!G9IP5e;&t#6P-TXzO(?3
zZK{#CuEFxyfj8#tvT&cg!%$`;OBPNR)#Jde&UEzR^^B8PxwkrM`0LhMeO<Dl7BB9t
z!pbiw|BD(bv%?Ci_uAeH)OP9eX7E|nA3T_x9mRFjuNi}7p>b&JRaV~oz4eG+REQZX
z%aOMCjL0B$MK)XhRT)*-QQj=F=nPcJA|ay9lD7vG%Wd-Ewz;2Ud_qptaBWgPu1P*3
zuY)Hf(B?TI*SdPhW^l-n_$|~=&IOteawk}{=t6}exTas0``^~{I4lFdOyn_gC4L=^
zIf2F;pO`0aUB8xe7}rtxM9yQmSSG6the`BcditZ2vSUDmjlL5R$YOEyXeMuSUri78
z)Y5W`5*B5VAx+N5zcRW4c^MpP>^hv@PyKLzMs+;~2W_b{tGuZ@&_9RW)|JQQ@JSVL
z$FgGF^XdtFR^`X;YP+s8uxzEx4vC1cXoyIb6Gp&jVMitVSUE_`Y?W!ud5q9{Cf`kj
z_it48qvo<7)1S}BuhvySRzKxwxn18G27-Rc>JQnpRHx4O;F)b_<c<$!@ZkZE?!)o6
z9^AAjA5U(slQ$TqWMHyIt~F$`P7^~j7G~n%wdH7&oPmime9))vzH?m|PkYtn2iqt$
zSeb^2tV<LgdAkVHQV-!2O?MfFPb0{gE<6*5d~!?rUnSyFJovn(%OMKK^qF@x7&2MB
z^p@{ED^HvCMVBqRMF+`c3pu<{3Y0Jo=g482xo|(ex1tc0v>a`EwC2@f$Yk;GS@pfR
zh3wWN@07|?RL@$=0v`4VfQRA_9sABgZr+?vYUOp2TM`VJECw&dKdd{9smYl*(5M2t
zCgA`fH-|zC#UFkn5Algv`0|{YZ|=YqvUr=Y{X{n=CS>Ec>q>EnZ5QRqR~U|1FfqP{
z##t%eCbjhV(AG;zQry&W#zG-&c^o>}jr**k2b0N_d1!T^d>V6eW)FQCidKGHr1+mV
z9>rw3qwgPX7sYiSpu*ZQJFdY#avOkeFU-Q6|L6~JO}WOx;VfZGbecAS4-iQ=req_V
z1Tq^Kx8Mp{d@wPE7yY;+H48JB<{+oBM;_rpD$&I#$FPae7=JgMGH*X-rI!lX+OwmL
z+!!lr1wQeWXY;e$s>xl*$Fn=?<-sGc>bn6KmLVy`gvlEK;Dhpuh)eR|r!N<vj!GlV
zuHcjn{cflqS;g)Jm50}7FrB<td?WijCMJ9F(3?ll$R9jNCN={?uuB;F%#vUT^P_{(
z3qG&I1iHfyt|r3BpvjwcE|=Pp;FIG}1jtG+2brz_LhA`A!QJrdmv_CbLexEJ1t@9Z
zZ-zlNU4ttIo}uEYN*9QoXaB29;wP^ZA^Tjn{Ori@<6S-1<TI<Jhe7zvQfLdErE*YT
z{7`A6wYGR?Eyg9};%*`;^PKUi9F1LsYcosFc8UpGn$dvx`Cd$0;>8+Ivna<e+Kei!
zv`i0areCCkei&lGDwZqTLH-4xmu%wi)|X>^aslprsQ~%si73<GFu}E%Wx%4c(0qq^
zNp3sUCQrD@i5@)oY9V&l^xz_u^Gvhf9`Q9AS$Y$gBz~KInhfJ}+fU-w1s?e^$WtFz
zqV}?78-s|_KHY??WEt_)e(A3b*j`m#_G8ZGTJfqUCg<aaD{}Dq!E>l3$A~?C{zAmB
zcn?`*{fWrp?|;OB7;kn<zO1=|+3ywOrc^J!kywD~OLFjOCC@T-8~CHHeh2US1>R8L
z`pgQ2&I`XNfADNCp4@yEw=6BjxRe4+SyYUBSC`_+502ycoz+O*(;{y*?|btYUZFk9
zzdt>NU%y?3JJXKfn^b@Df+GBQ^--+xwxOPw94=C#VFbuBO6k&M_u^>t6|D6(<MB<k
zn3-0Bn->>h%7T2dKZW>8av8p!Qi8aYJWO4bk7>(F@Uyp0B5_v}GAi3}fgCV3;(8-S
zlCohZOJU|0#puK_wn6MTHW7QJ7cL{St_`b;`CDHe9(?y0cGq4)eq#r!+k4SY?3gbw
z=Aoc8>3O6uB4nvbq^k8nK#5a-h;{ezUXTt?y&v%jht$Axb<>tBNew;}Vi&FWNMS^l
zp<a!uc8;26P4k(zJMv>T{^g&kDx_#jO><;)FhVxVK3h>Mtusn8h!l1m^q(_J17t~6
ztB%GAR+*hKG8iG76|S2zZQ{B0mY-#2mIIOM3qtA*Cq|5{NC+rxMRXZvip{crt!x!C
ztc$=IA0dn?S)uTlnYFQ8euE%R<|vR74WmyMk->cM4DvMi5hwp|==kT%F|xwJWaTyZ
zFe7C*{+?c-uEQv}2Yn$X$Wl^hpXc+VwyOt?SI8gZWyrIOuCanqCyS}jpdPxW?7Ub)
z49qM;mpZ66K_-9H5fCC~Y*q|ICp=+{to|`Jv#thXWDNpiWDNpiWDNpiWDNpiWDOX=
Z{{b<lPRnXsx@-Ud002ovPDHLkV1l$W0`mX>

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/windows-defender-atp/images/AR_icon.png b/windows/security/threat-protection/windows-defender-atp/images/AR_icon.png
new file mode 100644
index 0000000000000000000000000000000000000000..887498f7bcf8f4ade668464d437a8b9d7f1707f7
GIT binary patch
literal 4124
zcmV+%5aaKOP)<h;3K|Lk000e1NJLTq002t>002t}1^@s6I8J)%00001b5ch_0Itp)
z=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D02y>eSaefwW^{L9
za%BK;VQFr3E^cLXAT%y8E;2FkAZe8V01u2wL_t(|UhP^3a2(YcKI0f-Ff9oTPAE<w
zm{5{Xh7^)X!b}*F8N!4FCS}rSE^?ELY%oT0YzxaB20LH}w>UVC3&qA*2Gs6!cal!M
zSnXu#Wa(5+r)qWS%m3cnce{JHDtD4CGr3RN-S^(U^1pBY|KI<;JrlwhHNs>CfiPJ?
zAWT*e2$K~A!ej-3Fj+w$OjZyGlNAKQWCejRSwY|elQpPZ1qS(_rgTuG)Y3r=utO<V
zA@5Hth9ygg7rKx`Pg$XdPJ@F3zETNUN1O7mBVk+`8b<2tf@+o=oL%Lihajqt&L2BF
zu`jy??r#59`m;X-?c)WZ`$P3O3bI&J**ti`w5|Pf428{uc<EFfZg?dVlNYAq$#+U|
zs-g>B%6$$}K}M^-ePCZ>h3IYQen&x;c>1!VV8zqd7gJ`a>j8FVG~@nFMKH~^VaA$V
zJg~J8lNMNT{faa!_|S!%rhcWigvMlj{%$-md~d`1tN=$F8iZdGM4hLDncS0m$}oA6
z9ak?&$Da?nU_I9bXKOFkr_|${YqMdRlY*JC`PgFdz{MIVU=s01#{b0&VSFJ*FhURx
zK3Jisz8~2+4SiT}yc*Z9bl|disrd2sG91irK|6C=8f3b=G3%%c*F<H&6k)}qJ4$e*
zpabnXMPq%BKUKqF)S4Bv0czU1&ktf7X~>=H^T^~<@%6R&h)b-8t4*3E)usB{sZ$di
zFK)-<yGqG4?U)voiN77Hgsr+0Drc(3ju)5&suX$zVTMNC4ArebC(Yw%K?@#zs}!br
z7ED`i=NgmY?$x!F;e!}Kq$TRRfgR~hxOYP#nWhD|#pEF7Q#UGF{QcSZK*(T>Q8;)N
z{MpmQB#A7~v_b7$O{Ld#;<+PLxMqo+Ov!@B-adm5O4`w3C<!a{yWyA3CuhIxqgvcZ
zZ%tD~D!#X^2)nbrXztNgq%`|yMeM|7)k`=Q1WA_sQz3Hl0IJ9Vtxl-J?W<{0v(32Y
zwH&-@_rOhWKLM&o6H&ERUIW4I@MvDC%ewfisteEj%SkT>8@{l}il_HE@!8o9jcF2m
zeY2!?tg&H4vib)!11nbvEp6>&JqPld@uSxZh@=#JX?YqV$(iSSwceYxV8UztjNa@d
zl$yM*sISt|L|yL9ZNbA^X)H3$n^xGd<it4?HIdC~z=@*2@xq8?dAs^KVLkm!of!fL
zPa&uKhkuvj@&#sYa=+eFg80hwJTezxZN$W7PD_^_N?j$zAkxyD)H~%J16Y$#i(6Ku
z!SrG>z7y-fc6&V<dsJdYO>rJ8Mj%TJ!rZYsIaOF^TQ63ga$!0Jk){`taDQAj{+Z>4
zPMKI;pR9~9>WlJ{`r)9~U^KCuIMlR&-Q9`59xTJu`N^c!iFj;BE>4uTlH39p$qbDL
z>7v>GC$|yb-;~8kx{=J_rH@@GZPS~a5kzU=J?4+PsXS2QsIGL<Y|^@ktLaWk9xC+W
zC$HzgG%FF;EH-2QF(-;WK4&>*jKaY)fyA?vC~fY>ed{P-q?qX`a<ECR4$Xb4%O@lc
zZ4V;P;H9LEy#DS?FIJtZLB!Dt%sx_%r6(%!x}_fR&JMUbmC6dZ8T*svN1*$BKjO@8
z+#F30a<&EQPFE>+#*R^ImR7_9PdB~o9QbBzCW=}$+C)N&Kc3-d25s9$awjZm|IPjq
z-1sUjYvz*)lasz|ZZbvnN%R27l;&D+<uV6;ur&{{2{kD4#Z;^(ZEqsaN95Y4B09;#
z`(E{NwNf&6jHp@u;xQC@dvWKQY<xG)fr<`|nlqXGp0pOJ?k@axe>tv*B&{TZZjH&t
z6MJ2Vim%6Js~g+W+*p_5#;o`1@clQ6Y29cc;!<#LTt40*4Q$tTt9dYDvrw;fo2*`#
z7TORUe-X(tLJ=n`3*TO!fwETp>skw~V?9>fhHp{KWtwHd9kkqu{-hQT3S8UC3;X*i
z=9rl|y;tPLGY6cQLJRK87uzW)tww#9=#%v=$x=sAu|9<~Ye6bv;$2F~*fA_wMnW)*
zjx5$%&~T`*9bbKgX;Ug`mJ{i<od%AaA#my~WaWDtO_)KNY?@~!-&P5avOy?=2_sx|
zvWCLw$P#o|NPA}fojF@GEq~6!t!Rcyrm7+AB+{&$`6-o(Pbf;iYdr;_WLj$z+~`wp
z8Dav+GL~qxX4p)@;cxbo!SsA81*&C4lyubMs!&7_q=^!tFXEnl{9`2@`0~pRS|4WP
zWVvoHH2|TL6*#WM2xe&9XtZSQ&+%aD0t>zolZo_t86v90NTI|yS}hahtVK$>2bG=<
zo@W%V_@t4{(T->KRiLSdwK2v7kY$X~kk!&Vh$nWJbB7-NNsUs<AbVw3Ns!3%)F7i|
zfD^OR;l+%o&+y{@JhV}N428}8xNl=2u7Ama<K=#Vm<FMdrIjrZ7tCkbtJ^Vsr2{un
zaA<GTt$#F7g%T-tX4^i%4tpc6U6P8)^Ua7&tU;$@!K}uTQ;diVEIC;}#I(jrmN70E
zSv%8fF=bu~ezm)hN9#sV4Neu4MQz(s>uI@?f~gBrDE?~Df9WB-Til5+QqcPN&Qdh8
z9YzC8fP**2NMtc3SbnmSLWLwOr-ind4x__pVk%+GsA7}cxSUA3W@#$k&hThjsEnu8
z_uw1!hP`Kf9`YKD*M1?Br4AE-3qlstgjq*i6n&eq&FT?_T#7-I($Zz)r)ObtwTof}
z6oVq>Q_{wWBwQC|#h#pI<&FfkS0+-@+=mA?<>3}GaoaiLw_@mKD33r~FtVOMTFv*}
zx7(XUp@LnsteHG39^a13MxwG(W=p>nC(mKhyky+GG7Sd{TX}gP#3V{7QhjK1K5l;1
z0ZaAgoGj+f7agx6Gfd`YB_ITFdb{!GgA{wsPQl%A1vpf6o*Z=@5o@NkVkV9jON}!Y
zm?7KKi@Vlk;|`J`!)@#{KQ}&$VT-vMljkPmg~O$gHRSXgdImB7{j-?7$cm}UXc@CG
zgVv3?IH3sz<Tj7?B_Q#EvkTWz=<tKBMQ{%BmFIIsR(x3tu3KisgPU_urC5rbJ_FlF
zk2+b6%Ole$Zpz1}m717|SJBoc_!7XH<Ypow6Ms5X1K*;+4--I^MnVlnLzcUvAK!bU
z5MNki!+(qPK1l9HG*O_rC#@c-725lfAZ2Vt!{l4>-1!0gbVn&^WjeMy+LY2jgzmG3
z#swpbwTw-4^DW*dcNL(yU-m_07<S7F{cni8pii9N%xLA>_#nLvi<^huG7gC>BM~$h
zqZvAgtf2)ir^!6DF$b4LSSW;OP)ZpBCDIt2ALI-Mk>A)uBo$!FVh6Tbn}%$`aLM>A
zwo^KDO(xf@l3~bVIFQ$ZsgYJpe<>Zu&gjjJs~DfLAVbM;@SN@*kmzi~jmvGgA*Kk)
zZnZ9h$f;%P&9va=WKHl+sn}M|!hM`9VTOUCixT#Aebs4-xn?Kf=IBi9&u!5xUt}w}
zEu%s;RhAHkmpc37!AeY8U_<ojdd+u925oB~P9f`(*;f8eTn3zNDp{(yN=_+grZ?8|
zk6pAVwqV*)I~KlQg^apx-*>%{AYKT<#V1h^`n6ZHa7#=UQfjpRQXQRPgN2c0nRqiS
z@b=)2)tR{KwH%z${J2Wh4tAzAU8IJv?|N^hc`ze7gPeXcZi{hX_J5r?kmZ5d)rCA-
z6%~1b^x8fgrA&Nr6W2-s(H}e54(T!$#70>0x5MZ7GRX&39TA)Ag=xMWuU^crJ4Pt+
zcH!>THvXyp*+WibH~7C1#l+az-@sC9yYTGcv$$ymwSO^zCS=2xR%YY&HMy9%E)UbA
zb6|>0$E~kekx(T=18T1!BCn|z_fimhZB#nmFVp-ikiZ_@@sbuixTS#lHzVew3UOl`
z5E5DE`v&ljv^soije~!Yo)MFQ4av2r@!Kv@r>9S|S3+7%2i8)XC*CQ=eXnH_Id)nX
z+Hv=54&1qcCOX%Gr}q`3LkT&!mhxUiextdGYu7K|DMz!iA)nvajR;yXOp8pRrB)&y
ze=8sMb3?~s!6Im~gjfQ3o^H%JR)J|tQpvQEC|E4Qd&SLst3`#>EWL(FuuVO8XD`l>
zw&Zzwcsi%48xL&E!W9t-csE}z#HlU&kg90d+4g=svaJADP|&+M-HW#}8u=UA^xSED
zJtiHS%r$7}Rvup9upuD?&7vvutzQ9VfFG5%;umihlSx@|Rip)fIb4M_THxyUqJ+f0
zlzKA6&h&arnw^XvZp$MASx=I32GR4rtQK5NYs9Hh*_brXimR8}@Zw=7avHQd5krp=
zEJ89v@zWu_5cTAZx7!+U&-z@xqj2l$EHbk?xM+Ez1^+mz@jnbAr<|4FgR#Z-&v)c=
zzqZ+2%gb05?bwa<I(>R?2`B1jq}A`AY1V}$Mn5wd3qm4GKnP6Ii>rcsPahV4Sc$K^
zO#W<c3V!(d85}5RMVoHH%i8!&#Mg~_?*nqwQ%O^2#%7|hNd~|2zGz@^da>PHjk6uv
z{@6V_M3r$vXqu&5hXOOrc;|UMwWkD^Ewo|^`ISGsTfu+y=KrjfX(=FG;6LyXCG0)-
z9GR7g%yH@QDkUycTBwZ-Aa4#^DQJu%S#pZ%U1mzV9A3T!Y?@=nEvp=O`E&y<fOTrd
zTgtZFOnF+s?(V@?R_5S_m$MLGs=nFu^;n9vRW(jPNo$M7fRN2lj<3qWQepz~EK$_b
zhn4Ylm`;(mX^s^SZz;mA%vRk;Qnj{<JWnqoPt;>d6p=kY9UJ4Fx_WXHl{mdA8ud9A
zgh-Yuh)-Z&iq3T5DUs!1x|BeX`tSc;iK`Z;VM=5Me!I6E@fDps?$V-`-hOY`Jhb+t
z0CkQ9cdpIF+QcT5(K3rcjxNU#Zj&Ya$x`JU4~&T{tsuI*OlT`8Xrln~UwLhK<P8cn
zB5Y)04n%!)j+Q$8{KLhEC2jcS&NDF0OU0EG3Oskj1zW9Vg+P7kM(3BnfiyLYZij?1
zn4#ZOGZ09vA#2M6sA%m+OhO~A5wq#7X~RQX3h}!G74#NO=N~T~{l^&`DQV|UUVwU#
zD$Bc2dz8@T{qKzjLMF>6&ae{6n@U~3$}E>w+k?LzuEsRdBGU^A6ei?gleH0U8GS45
zI8Vaf6zKcnb@=(hVGLyb{~=6P5cph>#SKhnf)^FOfiEetgwGj7-@pL6di&AZquDr~
zFs?31vQ##hBOjmzwbP^dLakgU0KVWY?6XG3rKnk#KEh-LfiPJ?AWT*e2$K~A!eosa
a!2bXNd0Y~)RJf%80000<MNUMnLSTXm;mL6T

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/windows-defender-atp/images/ASR_icon.png b/windows/security/threat-protection/windows-defender-atp/images/ASR_icon.png
new file mode 100644
index 0000000000000000000000000000000000000000..28b5b3156f33ca8f932afeb34c13b6309d8440a7
GIT binary patch
literal 4524
zcmV;d5mWAoP)<h;3K|Lk000e1NJLTq002t>002t}1^@s6I8J)%00001b5ch_0Itp)
z=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D02y>eSaefwW^{L9
za%BK;VQFr3E^cLXAT%y8E;2FkAZe8V01+HXL_t(|UhP{6bQIT>6#|Tnnb_EKaEyKC
zB*g1Xn9Ss44zUyaB*t+jL*hy1%;b1H<0N)i1QPpVgTVrXj05(t2-yk(+hP$2ECxGl
zHXtM<b*mTc3))&sYiq47sU@@_-FdHmRabSZTk2LMLFVX+s`~Zo{q5HK@4xq}3BUw=
z#spb@V1g_^FhQ0dm>|m!OpxUV#+|GI`RWbBJ-?k8f6Zbxl;bZ9ci=R1XYtNqcHGDs
zKtCOx2QBF67dKiA2>CmOu5s0@zjVUJmn<5%I&^;_=;AtV7slCUi2-{;A7wZ748Ypi
zk8(#pDm!k$*42-j9+d5NVVue0k*j3YcMsr-wFi4r+7J|9gO@+H;JJtb%=@2QJi9Ls
zKaIM9-^P|>+m$AqD!hrJ_FG=49v_T|EY}W;J9Tz&LX~j66DW5K;3JbA{}Nq@2j9*>
zz$!B)uQuR;O(uMETPB{`k%`B{GBA6y3HPiuNYAHjNXK{I&%x#|Z7|vT<eC^fwUrjM
zEot-Id*CT&c=$<{=$LCm;;vt^N1Rr*htFDRnqfFo;J}X~3yA<D?j|C>zrP48&Nt#<
zW-GodbHG&Fg)CbaGU~c;y|M!*^4k!aXvcz2DlltvIs!rrcq}{{?<Y5+wo9#>q1rRi
zvS?aPyJ2w7@bHZ+k2TAkke~GrvC`e7Ls!*}pwB8W{jCg4BBFkFxC}>f+fePe<!KEZ
zgf_Bg*D5;^bhZW$ZZr{Tdb|`>h|luc(5O{3rC%~!@BTdau33Xx9KIX%#L}hWb}Wf6
z!|c#31T0O(Q#<nzVX&j2M;4O6^(d5S>m1w$7yDDO120AuVe+zMOj~2Xf<uM)#L$4^
zmOgX|F)tXpzr(>NvV3WR2hmKYVmh6>(TdHND)Br`x4&9XHfLE9z8RK@^%rW9)7Y!2
zPa#8-BTXftqncbgm`qg%Yi|zVLt``M?aRmH70H;oJOxj_my6$>w&0+_hBRvjtnGbh
zy#>&}QGt(SsT0iJJAed>9jCHvIG$dQD19}pRu!Z@<@o35Qanz^`QFvZM9?+NSfj@e
zBW_^lwHjm*NxgC%4229)uTr}^wE3K-sqW@yRgv8~lGTJ?A1fv8&A{Z4>zGF5JsO&c
zXCg}Q??)@J_IxGwr&c4zT!#~xHk`}1(e!swZJ*!=S)!BY3LW^yRx@U-)nWRIBuooQ
zAYu{`5S)k^>-BgdJPSWRl#j40mAG8q0kYE?C<7H&Q73B)UzKMJ_q6-HVjopaYo{Zd
z=Jv7dW-R)=0uOF0Lcoe_>YE+`L5Y|el8AejC*s~Usd#W*3f{R`CJOq2Vaei7^$)1V
z`;$xu0#;|@vE7Aau#524xf1M3ti!RaRwR(>7q<1mt{s~UNh1d3bB0p0LYk}Cpdyky
z_lM-AI@NNFCc1q)wHfz?(ux~w#N6FE*m$W5p%=@s`b;sN`>2!_2P1wHTO^n89ljZO
z>J$^kh{@_i;MxoXoo_(5lrt1~5Sl|BlM`AA*RudqqtMCV6jLRU%NKcCa_`Pt+A%*e
zpB9oN%vfi@!nk5&Huh*r)6355!sJzHc;iH|oZ~xuBa0z-ipiR?){NjUY;Hqv1#6PX
z<@4a@3KSWy5>D+AQ0rA;>FmRX3sso8ffkb`*YUmGS%}GOL5EXNEfJg3j;X8kcq4W!
z$&wM1-9coTu#CuZac@QuVrYCOV(20r^v8}b`*Vs!CmnJ5?U=VG2LX$dF>}2UtIk&7
zhFvw@YFz@+WJV^fG>oxk$ryXG25Y29i9aPTtGN$L&s0!2lt$W=j2}}>d8VLUa$y8q
z<=JF>QPPR$B8w$kwlJ<#%J&C%Bw1RhBndQ8qtO|yWVmxln{=4{wi#Q#tVJdHRNheB
z)=$&477uJR(+Wwk=!$eKK4p=g`i?tt8oCpvKwsO7|2|ocNo$QXU>z15w&1eGp^<ha
zmN=qm>cBJmXk}cQf~Vfg$NXbW2wY>vqLcq`rXl^Yp^{NY-um8@2FwX3Z3@z1&W>E{
zPHCiYN-_Mdwv3TODi{<`vFL^jOeGujA4kezwsqr3K{xJNorc%P%yrOUd^C$8c~VHI
z=)lXLS`e_(h{>ys_|I4?4Arhqi*O|bIJ`Mzw&U-16-e6j_`CUtNNYl~96lV+YQvOO
zIx_GjBEt{dv1C<u+`{&&HaxOb1mJUb=i{Ks?i{qFfs*zq2Vkh_!mGzCD7ZG!VZ`fk
zR;1T;OQb9KG{cT5D^rQAG1Dyd&5bo#9Q1xs*oyg46s`p8F@3!WL1(IvOR=Rl@OJbE
zDK^XrBVuV~{D%+nDAKT_Rm+k*hL}u6v&PhB$&C?Nfkf6)cd}GIrKIN82{}lSQY^uL
zT8Gop+ARgWfBh!813{^nw>KXr$&Ye4D|5AFjBDi%ynKj=4N0bWRgV>Ct;lcj{u(8+
zR_gHk*m0PKM`g`gbhcjIMR1GHIORGd0g<nj6<4-Eu{q6nW)B6vi?3lOk+tE16(#Mi
zn=2Bza+%tjeb|1b77uSEuYJ)q{9tbmPLrQC^nMnFJL#>Myi$*aC&$6hI$h9(yJ>}a
z<zyYiuC6iwacJ+9vo?n(+CaaO26CHjV)5xxOkb5kQz!}ZKg`BOatG8&Cu^Wwo~b@x
z(uNlf<Vo`PuTR0Ii&m656k^r7o$YG0@qn%o0n2q*PM*HM@QEyK^Iui;;(^WCn18SW
zBB~HiwKDGDXW~#&fP)A-Y;M4}-!&oN_t)_7COyKhRH3$8okEhd5SLI+Mt{S3EACs%
z#3te=kvX_zX_KG&hIhWKqA8n#u!IIV$9MQ_;FUg`8~X9B9od+>D<5Tc?|YCeuUI41
zDhU`Hy73#b8B>-glMzqGuRbn7lC?vA%23;5@YIScXv4F6X_``?%*5_Us6}0u+P*}r
zNIK!XmlOPLl3j*L!HM`J+dq;SejE5IGB7`iEWksX%}6ZM4A9N+GB`(@TTgRqUm7`=
zVH9#KO2(7h)3H}?BX_`+PEkgjb6Rd8_<yaqXN{hSO~o%iE<&P}KY{oLZTqzyz4#H?
zwg=WFA*p6e$zlx9TOL6087ro&)+55u=rS<rqV1i0!&D@aBl)XOODIgy<8JbxUprxe
zsa72{OY*LQQih#NUjF}ncMh$LDR^vqCO$}QA~!)LR#-EVm&=Kg49=628t7^|@byhP
zeD@FOusXcEBHrM)foB{tw<2&=8vg54HQ63HQ-*sVt)0NT3H5k5G*jA?V;|^ndJEcl
zPAG8GN^@N=etV)q@`t9<OL>*j>~N}3w*QDAm$L4yGt|6DQ;Rh1e@82!ws~JMBC-ti
z{di=1E}qzV12>vI+by>J7m7RaQWS5Aq~U8DObGehO3tMwRN)S5w2A%B{rYA+#xWo{
zmveXJAllrFRu?4@Z-+~WZ<WfONNFMKorJDi19<glDJCsXMHG4QUg5ba3BHl#_U6fq
z;FY5ma_;mvXl#*lc@RR*LUU;2CEgNAN5HaFJR4bz_<XzOM;<IkH*&R{omg=b{}y9G
z;EGi8+Ra!TUy0lX*Qw%V3`0O}hhVJh#5dkC;_)yOa_l3EJ$%<JCQRzB=<+eLCsQZ}
z`$@FL`N5RQIGt<9_sR3-AeKM3Z~3YYWxQA71lOb9S9kPd8^wULw@|1;w&|bt72srU
zt7c1BfNwR;`vf5>v@7&#J-xUTX|Zq(!#!2Vd4u!)o`y;ll@x>g;6NenS!YCSo`XV+
zUWA;jqL70^6<W1^7F~kNmYXilrFhGND1Nu+iulWNsT3&Be9KIsP7R9N6(WVa=(ae^
z|9pcaD5Q&8dhnfHS!4>*aIxIg_6Zr^Y8{cyVsQ0Q<OWPzXTslpP>g@vL-E<tWc<z6
zbiAL^2(3MK?@BQlq4gJPFpGb)K-2WakBV`=v{MtRFg+rY96StFD~E(sP{@W|Ymf~4
zYq1t|knK_-(yC<}8Y3f1uDgb&(2EDj9SAlea6`7VYNghwyWo<b#(;NI-%sR`b4gQ;
zr|E2(reO&-RNeH{S&^rfR??ni-JzDsv~}aj@NCR_+k|vVJ0FYyBi1aX&Er|kn7+<{
zSz$%E-l&~Id{NY#oXh4OEQ`0|UfvQ8*5O}2F2+@>cCU%$v{YzQp3~kTWZ11)_?cCD
zF<UR!@%9gS8oreGj6Y)<${iwy<@LBS>QE9Ee^xfgFtcqxl-`WFJK1Yb!MC=hV-E$h
z4Luq`PD+Q!(^jFTg^>2yaEQrl#a(L*_%^v9ypRyocjF45s`Zhq!F6%BmE1h?o#wum
zj=*J!h#)(rz+B&r*N#&xMlm4AW3L=3L0YYLEfO_I3$2$o&bhJ_9iD8MXQbEn;OU(?
z2qgFBXm+cd>lNNebb%k5rFNSkk);`6Y;Fs_wmKCLQIH!~(uu<vjhGW^K)}N5czQ=V
zqKpk_cN$l5^+*!mYP00Dd$t0Xe#qAvvVkujCTDnYGM1dF^5sXoqfOS(U{@gYay2HA
zQ+fZE0?b%%!VDtsjkt1T)oYjQ(S?&NnJD%=R(xI~`D`zIScozXGChL}$SnJYQ6r1d
z+S`wXakM%v(PPruOoXR4yZk208>9itSKr_&rzjSO<y*=53=GlX>36fCs~++tvAys~
zqZEuDS#pmn+IsNPM|tEw>G12=N>mBM>I!*qd=W|Qc{qqt?!>agvh#YQv}OG07BkKk
zDqAo@UP%c^d$rmPG@mePWNB?rUUM&Ah#<liCy|R_L8)6TrbucvN-gaUA)!K~wK?pj
zg(o%Ou9Z4Gv@s3GvhB|2igT;fqdohJQJsbYq7yldeR$yjIiE|e<E29-$Z`JSR#2mM
zSbKPb_h<Y~W7AhQ>2v-=n~aFbQUZGgqNU;67#^camf9V0&THwT7?H!ERLt97gv3f^
zvya~N0RL|ZRa&GxgXLI1SbK#63+ZY{AA-)1(@9hQ(Jdy54(u*QNU2w?+f&MSjJjsI
zcZUPxSC5m^8k~kF!g6sm%dYu^rqDGsSVsF(O$L8y{sp@SOH#<;&BD17{#7Z1=@R~!
zIHb~aC_VB7@nn!2<AyOHOWUAG+qwqu=J{GoTVuxk>kZgKp@&W5{5Z>a>?=K$!X_cl
z*6&ol1K)WsN1Ea<MioLYVm^Y9<@&fPQJwbQV*@^83~ZKXbW%S*G_~Rp{?7x!Dfs25
zrO=UfxI+v_8J<Whxiww=(*D@YH_6!zNyVc0N|Zal7ZN;bsy1ivQ-3gSWGT2**@fp1
z+#shh8FO}IAkxqXyK_UF2diiT=ZSpQsjC&8SP)I+mL=m6vQK+-Eojs7<aQkkj5Aqc
zC}kbDu;x$vc}pk#M&Xs1LJtn4kmdh>7<RP|U*Bw$_RD@6Re%H{T!l*QNFmA&U&pwT
zrR@w)z*7aS_}=?8Ef*%xYGy=uf>k1i!9T8zzhTGo5&Q$TM9kW#$CfK~sMXp!o_3N^
zR*nB~10D?b65eYVSF(7R?(eUxy%+1wmE*p3$r5QljL1f0S`!w>mth+J{$XhnxgQ0%
zT+!iS80w@|2kCvVo*~LgrI>h$e9stno25W>Nu1gATrRca=YK4~l#uI^Ch_r9cn0?C
zY-r*wRxfZNUmmFU;SPq2ENkizY~7}5s18aySpGg3ZLncMR6f>zQI7m3w=HTH>A@K4
znKx+5u$EGe*Ee%pG)oLwIrGVxlF&jNxoi=NH!l5Y#H6ISRZ}hkBZK>%j<dqsHVyA!
zxNFt~S$@Dt-UM00V?wh=f(f$xzyw)-V1g_^FhQ0dm>|n%0RIQ|**nK84~&lh0000<
KMNUMnLSTaIBAoyL

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/windows-defender-atp/images/EDR_icon.png b/windows/security/threat-protection/windows-defender-atp/images/EDR_icon.png
new file mode 100644
index 0000000000000000000000000000000000000000..7e6df62bdf71f23e6027dfa925c8d50d6cbac772
GIT binary patch
literal 6095
zcmV;=7cl6FP)<h;3K|Lk000e1NJLTq002t>002t}1^@s6I8J)%00001b5ch_0Itp)
z=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D02y>eSaefwW^{L9
za%BK;VQFr3E^cLXAT%y8E;2FkAZe8V02e<=L_t(|UhP{6cvVG~PJ$?6x8jJO%iz9@
z;7Wh)PWQC!(%t%v<IJ?vV|UxOb~|nmvXexXutiyv%>`OO8&E`4umKSTWGBnZ_VSXv
z<Ygs$2w6!&)_?v}b?>|Pg(Z0q2j}~8v~ufiRj2;?&#80jJ_0Z({gy$n{E$Jg{E$Jg
z{E$Jg{E$Jg{E$Jg{E$Jg{E$Jg{E$Jg{E$Au>hb>7wPWRE_e|ma9^dCWSxu{H!}}=>
z2;W$Wr&s3TKUcU}a`7K4SYMvYl7~O6%17*$O03ChMqXpP@wO>_^*gX~Mwpe>0KE3i
zVf^%M4=#`QVA!-`44GPjz^TOuoKlQ{Ni36#5HO_#LA-w6v_f1x+k;=eUw}7uH-fmG
z5jiPX-g)z>^cbhQt{Ed@-1DBxt#1C6qNTc{8*_J6;D%YL2nbC_KzKF+BC`+>#^Zzx
z7G4i=V911I9;Kx4S{jc|KFjAKTs%54CO!pk>?lWRYnRcoC06gIMy8l&<`wIX)b)QS
zmwuR`y#p=!%xvDeXPx_AZ(-T&X~L7svv5wNgWzN$AS#D|IdN8K0&a*)!DGujcxC-T
zO#ZeK@w*OT`p!d$+){zxeN>3M<~cDUYCnM^fZ+s;?+=Yg!7tx);Zs)~8m#&7iq^oc
zhk3<*Zi@MwzHh%{mwuR`)lhHg>q=Ee4>o4k<4>!zaq%RwB$O->kT}@D;6&U*5a#Zz
zgrm9z4V`ulS|VPmsJRoLyX)|$wFS5|HW2~i$-r;{I|C!49e8R*Ce~#hLPh)WTCmIU
z#-Y!xJI8xQOW$Dey%WFgE8<E@n!B*OxCwK%7vqt4UAQ1xOo=7Zt$_+o!l=nfnDR{t
ziW_=6?Bj{m^HG+sJau^NJvWAhB+xu*x?;*S-}54q@Ze%6Uf))XUB%5PJ<^R<{n|-I
z+=lL<?@^xIXR#qYSDKtvEuF}$ZAV&F2M&}S#rC2WY{;&|`w3;3x-}oaTjRl93v<Y#
zR0PrY1cV5a2vQ_LB48t;lJQ?3xba<4laE?buc!MdXzGNcq5}!#?Z~R{P|Os7EYWXO
zAMM8Cy%ma?!$PGW`oA!mXR!FU6pVZ=756Q2<GHmS#BVFa-yD_LoZE=KC2dHl>_A2h
zOZ8FIw35ygUzmK)?9!)$H*xPEaFaIX;@T+=Ts=JtqvA4g$rLC4;k7iJ8%gGbBvDyW
zT%0jyTO4v2XI?3vjwhDoU~PI0&CODzjm1&birIAfPcF~LZEv`6CEFb}H3K)!a^e^7
zx)HVcAhs1YqUl&)j)H~`EZ$v)hu(JKqS!P9hRFg!;M8KlGTwne`nlmzDY$5o6PHhQ
z;i?%fTr)EZ*G<}ozb2L#E%i_OWR@vMxw1XKnzQ#ZK@oo;B}|S4MLAu9M29VG3JOmn
zh)&%5Ru;m)@L-F(0k!Q`Tf)|)iZ+BXzPfRGI)(((q&P5TR-ttM!V+mqz#q4te#(L0
ze^i7`c}-|M4rmpv-PoK{hv+Xoc<`NU{Npqi&WU1MVFDc47EBPO2!PUd7<GPm7Z;L3
zqXkPeL5?r|0877ml=YX^(xk++Vsa5QF$Y7UTsSW_6Bl#FZivsq0}EYvW@R?w>5n#L
zHNeAVszbf4MM&?cY(q4I%+a%`IGubz2*HUY6Qgqw7?Xvd=xo(?P;?doSpryB10<N2
zy_SNfKPtiJ*^Q`eJ9bFo0ZUqXu$%5-d15tQ`+K3%=b?98xbsaiDn1*-V~sY0_hIh7
zV*R2`P8lq_v=gis6<D0D2scJe%f@sr^Pgqb<D0w|Bvp38LtAO+Ja$E*uf>kyR)lOS
z$LN^^NkRZ&jwl@?MSyWBaO4<3z!XsGoFMXCz*H=z?;9E8z!S?0vBXi2oVpG*3C9z;
zF8Um7>0<QXg>{~zxcLoXE?46T`!Vl0V4Y0-0_&x<R9FR$F5I)I0A<Z5ngc3IfbzN8
zt<G%5vujFmZJfME6BdxTDh3iH0U<DkO!5MvLGmraGz&ZhngpkG=I1fix|@s%+gOG5
zxy>kKI@D=%9la&Lxr45OlT97If3Q9guxN(#D|au-<I=C^w2Svzx_VI5)S(!(B(WL6
zUzFl!^PRXbMx4K_R-Dm^dhiMuf}~iZfDo_@@ND2{Q#7urqXtX8FJVXoi}<+ER9r&8
z_TZvSOjuurrH&?SD`|zBlhwqmfvPESk%f1?W%yPx!@UCzmhMS|MI}SX5DxtA1$ii}
zw+!Iplp6dCXYHz~sTdZeXHOMjff}?maBmS%Okj8%B4F~U!SV&rEQ(oD%xA=mqj+5w
z83kM>hD}W8ikgD^=Qyx7x!fD<W>MdJ=gT4@{&N37gQepuk#??z3M|f|D0J__d=xe4
zrAeL$*-(yvSM<GrNX;T`R^|W=u+$*UBG<I93L?{n@Hxex7`HM{T@29VC`I1)f+<I<
z=ze&V{zZ>hk}+jdk=Lh5?554|djm_0cJNe2Rzou8zC|8_WicyaQ?)iV@kd^8G(c(q
zEW#Mg8eP0A9v!?mdhuNXmRcQ!l@hbbpk>9BdZYl$XQUkgRJCI+3}#;%M4eVSF>T91
z3oOQE_b6tut?$PSwRp`?QWq+5*TOs$*vv3yOAW76ktnUSEdP2iVq(1JJvRymY=WrH
z4IdT|;Zy<Un0O~{nvsE<re|REj5LNCS-51Hn{Aok$h&fsbKQnD5d@#68OS(m#@1q(
zp_!|$9e2I?y@4gX(%kCcas0Ym?Xx)BW9R20uhxp9W^6lzz;IHWtk6o!K=hzgQP)h?
z*+5dE0-qyTvi&kLHVG@z>X65Ya2;w#W=%VCYL8-XO%EPfUaI>i@QPhVA2JyM-jG8V
zVb%~%-kfcvUh7C>sy23x3D$s{p(WxZBfl(QN8;eKaMSEuxENrXGH-W1hDPw7G8Ic{
zv)IkgDtfRAJc+r+CE*3ea=!VXmW_Ewm~(QV5+fO)2N57CR$ErvvQIXYEPZEBrO^VA
zP}PnxuNy0K@Bz%*V}WG?dNS!ZSR!#-IkS>~G55P-x(f*<)|TZmM<aebktP};O6$Sc
zl|Qz~bK0a-U`iHT7Mp_aN@Vwoaav~=I#ht$g9@Ve_)-SM<Jta1vYYQKpoCqDWfo8p
zk|@6yk<C>(1FIZ|RC^*jO4@Plbh1i;HNa-r8|{VrYUl^VXUWcj6JO=j8+U*&bDMDK
zB)vJ;dzQ_j*(GKu_iY1|YvU5};-~pgaW4I1M|U>^TkR8<Cm+VS;mi{mh6F{6V;6wU
zcg^;7djg)^lV>lQoQbd9jj9ci4emBv!fT>q5W%uDt3TZGi&-Bz5991eVU`;|Vl4AP
zVwG_RNUUtZ&9gWlNvOR8u!_$4bY1+5x@PzudFS$}>137Of$Hq)MmviPAg{R_4=msS
z$8nMfl*CuMeZzchz+3H0n;E#CxnOd+<yV(E8gOp3fW;g!ECGK_E;H`*Px|fPMYa_-
zVdPZt8(DOoDVWBU#tit1o7(ZnVge=0yw?O}5GP_9uSv)tOc<Ypm%k`hIi&2{w{!XG
zX1C(Il<B{`pJrpUEjtrx)%6W_r5+H&zL+R0_HrTk+2Sk|YO1PHO#h||fpinHV{+M)
zbZpIU5Y>B$@0jh<hZ*|5<gD$)Epw=_1a%=P_~S<&7;&jecV75}3xLE!oMD}w7@)9N
z=e8o|LRMWpEggFfnyl(ltfD32P+J#fZp^}Om$~qV)%kd4RUV#O<;MT4Ex=ui3&|vz
z7!8)$kBZrZfguk3c}+IVZAM9Z{_=6YnrJCE&&@$@ofZ06a>`)&N)_9Fd<hklWI8k*
z_b$psL8JB5o4adqRs>fY&bmFXlVX~PRXF=%hQUb~zo85*O2;0wchX-GFafQF_1d;h
z9B%JcrGcf5&uph@-T!tW8Ir+vWFqW+>2}YikDI^K3L893vVXo%CR$259$QfWU#ye@
zx_T;L^%mJL3g3{YC@!nbrEyu<o^P#)TZ>z81#>cCi(U=&Z2N*_6;b^9nNI90)2!+u
zK(Yb~v&3(8k*#9p<e9oJl3dw=2j9_Vrt?GHzGj$A67Pj);WGNbT}4NXw}350ZMZUy
z6G<}+3QI!7mU1;7UpYQVruYSx$cL$1nWCs@q?>U}2Ig%q^+w30EuHxFyW(4@6qPoE
zMm-o?C?P?lm?}+W!lp`Q2SO?`is3>h0TQ3p$<?rnrGub#ck3SZmLJ6fi}<c&5oC{U
zkKjmO(w+(-cpjXBhu?Ff%C<o`Z%;kWilqBs&^#hK5vwxlj5`#u`F@DsU?o>|;M$p_
zvg{_1&QGpzqf$+g_HZ-4E@ybb{LvQsNU^};kpq)x{dW4ljGALZ&~~y*m?hzZ04B1(
ztPS@qV4n&oX-7f`+XSdWAerV2nUJW`9CPt$r1}1S70ou(@K>{4NUt*bRY2LmItgz5
z2g_)rnv?wRAJS3E*J1)TioxlQB5T0km5}a+DXIWb4NMnZ*Q^q-ezT?$DOGK7R<t0k
zq7^BnO(;3sqCgVA)nfuxPN3f61j(MfFiK)9X-l!oEV>T~IIozJioM0Ad+5OdGIGo;
zvR!ssxi~$w`XHJWSvkR8R+*rg<yi5XS)%@ey%iW5PC#UbflfAVOPP1Cy`E<D$G=hO
z;8ZmTyYp3bS>ENyfnGd4Pwm}b$0Ygc8JV~-E&=P(Ym}-cqxP1z;O@CJ9~Hezdt!1L
z9L-i6P^?RE`}E3OFg&B^LC@Y*hjSzqqrVzX$G;%KW`bU^1Et^VE&hRJ%tA8l?ph8|
z&y;+{$wZDBLr~Ud)#HMRNs4*eTm&dRAnn7Xa9}FtA!B6Y?xh6W|5iFYYRYv#drFVs
z&e;S>zWm7ZDlE`ItM-(s%Qf~R_ZVzm5PkrkyQ~zatfdPNzsp5QQXKYoOMC_#WV6We
zAvv-111zgaGwy2QtUbH7h(L*1WaFI3biA8jr9Ou{dhna&G{bRBf4uunx(K_xY~#CX
z_2MAT3s1tzw8KUV1nOWT#?B<*61m6ZYSU9~Snq3xPM{@Tll=14MEvVgm-11jtjuh{
z`I58Bhu+XMJhzTvifMx0vGLds<oX25YS66f^L4IzjEJQpmrXWC)sMWBjp7zjQs3Xq
zyz#;)`No*Zf$|v>ECFbu8$-mDWUxF2yqd&BIR`byTE4TS5x31u<aJ?`21+wio19O~
zChc)Tgq<TI_TY=`THOfssO6+R`2i<&0{s=ix;Qo!YqNEtt^yKTiZ&Mh(Q2Pm`T)xY
zRj<aXxh(%`nQYle5Sp#NO26Y}S2tSu{EKUIIp72in1e9}W}2X`lM!Uqg%ch4JX8CT
zUB!*KRe<uc(gfP@O#-e7p0vTDO!U<Qcz#W;4sH$k*x9JsR;;2K{@XGS_13HtkhF6*
zC)g|}mVSU`H6S6P4iojY6{&T4TSk;&Z1v9zUC33RjP-pd!-6q0sH}Vq_5x&?pjs7!
zlkwjx3)Rn(c9%5cc1gwwl-_d}AT$^jSUfit3B7B|bM}4H^dvZ{&7Xqwpp>9Ix`e(;
zzD98}&yPvP^0X%JeL>4)m2t4j3B+%orJL5*s%UnPEf;oah0Y31#^h~Pde2*Hg5}9I
z_z^RFWsU}`RMIQHhNg4b<WxrfNAO))3+{NGK#4P_nJN(Ec?FofBR~sS8aTZ(%67Pj
zoELfkZzoo({zNyK&NuhgU|1;KfZB`C#1qSMQQoRqrS)gA9r`2v0PE!PX;vdHnL@A>
z)foaXDgL&^jJtXu`n~!Y0UdWh0jfTz(pO2)Iy5W=FMe5p&poa9$sC$9BX7kbVU-+x
z05a;luG(N-_WR{0OfRh~)Cs*Y>H`&RxKX}*%MJze)RB|Y@QKS{l`)B@BBu>jGn3uF
zaD@p77gM8eVv_y%`*|q!&LU9I+<`~mB@@IC83Pwzb=9mKgnrwIJLeN<0;NDvPG9>Z
zuU}H&n5&=^nxFVCvhZOpES@GSBR<T4@2L-Ie&eMt2^li*!Y75OHv&N`2=!l18!VBe
zigw&FPvRxnp2@+`kVHf?P_-vA`zwy(C$o*<Qa~jL7fs8>s2K!KVlBQmL@~z%$N<b+
zH^CxEye59|_Bk%>DKpbyrbzrdYdZtxQ1&6_#~APyK9flOL{1$hEdv6U$kOCGTqvQ0
zm?MM33mKHINHv2)t>#w+Eyk~B_?!SH8+eff*angcEfg@?S1A@sF`T{Jm-k1<yYN-M
z;m{4XtZ~+3q^y1tEQ?c*PQ{W0oe`LFI)DurSYnRB>klGGzW%6L&BQfvDcF){?SYGI
z$ZaNI^iT4;P%$OL#Pp7;Ugb>i<eo}z<h}xn_n1hJd7VJzS=%onJBp5QMI@tS$AdmE
zD9nMEKPytdRkh2R2g}ePpI-JcM$jtBj%AER|8-k@I%6kuVEVx=o)$WEn%+3FK=Mn2
zK|V#mVbQ*db;YP;jD0f;TMK*{l}r=AZyp&dKV^~tn3=^x@8!T_{_@R>kW{=Ue#_~D
zrTUgX+Myq)Y{i}PIJ*KEqi@-y8#~*HoxK2)orFi;CR3RB21J<O0yQ`aAOT7N#=(b?
zalr}r)lxV8kMEXFGFQHzFQ6$;aPU3pFAcZOPRCw`BFC3A4VD)$t;pB;O}IgVQ7Rr7
zqjy$seLWpp^UMzf`nmk3E-w287#_xWNP<TKrod5V$D?AC0~banA^giC6df^`V!SUw
z>;v*SUiP?DKj}36B$~dNNtgkre*Sc2z<icgNB-*Cy6ie!F@+$A4~g~gn1LJO99TuC
zuic1#PPXuuCe~o|OoBU(&y!^eH2K6nJ^?>{D-EBz4yy>?6nS%9Rvm7Qr{5Exq6rk!
zt}CY`;IkZaQITxJ0Be9`0Kl@V<E!3U4)Ti03`WTsWg?*&xM*S`;=VbEL$)8}ili_#
z`twI_oFBdq0Wa;xsMvjo`??6ldY8^C4P8B$y|V(B#t>Nf$|Sy#6LMW#BG%_vNpw$7
zm(t`13|4QrfG^y2xJkBJ$N>4>l?0<hCnTuA@j$ipTL}?~u|LVEMeO=KY%gj&W}rz`
zZFpv-N2f8e2PWYM<E>j?Phl8gZ4qg(r2OE(GDXxfl$4syPi!w~!UGFvj&#B*T#!Ov
zG<s$#7VWP^`LUl_e5AOg2XlAVFe#_mNl+`HiIk9JJh<3}edT5XZD^rT5<RpjYEgG|
z^%P~`!7^$hcGaAR+VI<zxi~w5fXR>5V#F++IEVS+6YuBHgj!(xxtEf%qdi!WQjcFO
zCL7hiq!53`_sGs4M<wI=Pm7S#`z4B=DAC1&N^4`+$bT6?Gqfwy`>4Z;YWc#vtrAzs
z_dD@76D5k56)zPdW76>K>U?ZwQk~5>c6CNQe!V0c!v$PfBov$Yd{`Q;XBP0*o@(ZM
zwtmd2Rp})sy54^o5U{iw^4C;|N298*5-jy^4>fEX-Hmv3iAS?6Led@aW%NM|VlSQQ
z!X5JqFd|yaR<Z%cVrnNe6T_n%c;bURY%4PNr9^ZO%JRHthIlIjBc~0PsgGSzOGnn^
zf8{@9K-Qg-rcTV-QHjxWnD5D#BFX1umq7hvO#&!Pk`RK)x%}J0v2VIDfA1mnkF6}x
zAZbw@se?YV`tq$=Xa357_$;l$@f0~$G5e=@sX6GJL;hZhYvLJ*svpV`C|Ll)($y~s
zZ<*`Hl&$5+s<uV$221TC{dXJYuFrh?@t#?i{gwfD@TVfOZ@#ajRsF;Af0{$*9i57M
z7v*5i&MNiK-TGK8m7E3!{gwd)>-0qe07;5BIBSv1q}<}q{{<9%%MS{y6Nxe@o4-3#
zat6WrVX&ni;#Ktj1+&huc)h_OSbfVNvra_@!SX`}!SX`}!SX`}!SX`}!RogF{|ke5
Vj8@u(9&-Qy002ovPDHLkV1n`xl(hf=

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/windows-defender-atp/images/NGP_icon.png b/windows/security/threat-protection/windows-defender-atp/images/NGP_icon.png
new file mode 100644
index 0000000000000000000000000000000000000000..df1b70e0419c0ff32e0f8a170dd8e7aa2709d0a5
GIT binary patch
literal 3733
zcmV;G4r=j<P)<h;3K|Lk000e1NJLTq002t>002t}1^@s6I8J)%00001b5ch_0Itp)
z=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D02y>eSaefwW^{L9
za%BK;VQFr3E^cLXAT%y8E;2FkAZe8V01gF7L_t(|UhP{6kW|GPo)y;O@IcWLC5JHv
zlayr{HG*K7D8{G>NvcwnqD)L;P$_PfJp^G{5Cn<H4a>1wiUFdC0xE)>d(R#-v-f=;
z?7i&l>^XaU`TO;I^Lnn`d2e>9BsJgc|6ad--TnXl&EJ1_zc*_@06rr?mIegK(trS2
z8W12$0|I1eK!7X_2#}=#0kSk8K$Zps$kKoSSsD-^O9OP1H7K7soUb@|-k@|=?z1aO
zdn!)oCTZ^J$JLHrwDu05pJ%&)x8mA}s7HWHmKW7Bs8uT9t&9$`SW~Xex##g5b{ue|
zT+7tk2XUpg7kg7%u<TSN<{mD=iwE-X%UzjxZeI@mdaM-xjH}1F@@~`;c`62^7P$^r
zc+TZ;%~!8^O1bu2Unf}#SlY7!en-5oqOiRm+Y*~GdtVlAUzr5Ml4KZ`CL(AVJ6m7~
zF=5<_1l+JJ4u-`^xFs|hzu1+9cjKE-WK;ajy<HA(`3&Mc&$bN({V|LAtK>BbhF9E5
z{fsfU;?b>HFf2;M#Ly(n+L?vLpI2dDsugb~w&S*_T>NBPDgKq;j>B12gnxAvv-jlS
zmM|i9VFDhbx*ug)(Jr^?3WWmI8qqG%!%3tI@xB62d47_m3<ch}A_~-WC&{Ji9=vq4
z9AiR~F)kztbB|WyM7|ZZoqfCz!9r|KU7v|3b{C=9E@u)NyZdpfpbdZexC}QgPeL%Y
zG4FUe66);ek;|x1E%I)Y92&%1GWrKRWXkX>z$>B};f%Uo;B09ZUO!QdJ0fX#(UAK2
z_FQ~qxrTO?BL`CIdvQ-x24?Imz*Wa^Q(>hT7h`J0LtAoSSP+LPQD%yD)wo#Rg9d?I
z4%Ir&ief4IaI*NdGZ<N}c?$G<mIri_mg){5uCg0jV(am%m=fHw%8Z~TM%=$S50Mud
zP;^b{m0+xFT{4k%_c}9?m5*8*AL42$xey_@$&QF`uHxReG7&_>dD5E}yzqW0wvx^(
z6<w&X0j#<hB)nnJgL}E>aA+p0yMGYHO+7Hxbi!C^!`UJ$KDM-A)1|BU+ozRyd{+r3
zlkq`I6EHqJ6_4*O#@m<bk=@t>)tUOqAcX+6OWd=}m`<Km)1l<6-?aFhGs-RXJ%~DA
zhevi4VqADS#?S<D`|1olyrUFzkCbE0*&6IOHsX`aR-7qp$A#inWY^iyD>Wm38J@<X
z7icEy8yZ$KXedpI$|6!sm=uwU@u5ZpFE>&wGUCq249wbFh>)+Ua4N4IRUKj%*_2Nr
z8_15Lshli}M3&-NPGI#Mo#SU#s=_vilX+HzeqD{HqKn8ov&g1YvWep3ieyX-OUA7$
z({MZ4J9B#`%#9QuB#>>Q0TSFY9MDYGzSMTyu)>7N>+&%BKr#OKVF~7+sKmyL^*EAY
zg|XI-nl5+<yu)KyvLuL|aqbw?SxdUp>-%sb&xUOYjR-qajn|G>;17q(anqaGL|huq
zmC`u%iV-9$I=utIVJ5tCvIz~;pEhcnt-QUf@EyL9r44MjGO4D+lhK8^IXng5mQi4J
zz<0|vleJ$aYw4E_at?#DLcPR|23d+Vw!Q&88=XsJ8F9Y+dXZ)7z>VQ1EI!@nP{X2<
zl-A3VjFBPBvk`2s`OIEUma}L14(&0^WJ55`Jc~{@DD#PQR4F6TFvEx#IkMdKxAykq
zY1(gkCd)T_b&%D8u|(Fw)Aep-sb}AmyJ9qlAtx)3$V$ce>*ranWD&?7ee^iPAF{lE
zMG9F1L>3!{Dc6~-Fn6*>0{?epMH5-UjI2`)vKex4_hPCRjLtCR@H`B)*{qMO@H8i~
zRPhg-EWX_tDY6u+7+KHkWn_t-rOj^5Wbt)Y8Wx=rhap$0_?XX7Y?Z4SiL9xzXQ_Kb
zf597<mJa*!adVhB8w$#u;3-d+XVKDuhT-B<$~ud6O6izqB}0MN;73N*-BB6bvpT#z
zf!7M&wiL76)>+={^_;JntV3oSElSfd|D>|c;$*Sry{YyDM_HkgMAllFEDz7K^g!|U
zrk;Mx+Let-Z=~UJCEK8haJAfXPc)NtB)1b2C}zEMtP0(J^oN<lMM-h8Sj?KSD{sU-
ztH#!c2j4McN~9TSjmpC!e$Q8EChJT^7j9dbisuiOpru=kE7}yRQ0u8=jhtsG$ZPDy
z_ajsAz}xBSOAn1Z4b5bk8+-7h4Q4#DH5-*9+@XxtKHRg;f|+}Y(4st09U)vUw_;Lg
z0%q?qp`}ls-I~d&?dZd^GzH(b+KlaKR$Q#^mEP-VmNItk!ddzHa#c5WTe>iLZ4T~#
zrwGw$Z8)B7#gWW5pXDf%EG|mkF_KU7Y<T^PDg-S~z~aw}r029l!}ER3WZ4G>vFP(E
z7(y~Jab*T>j!47AuoOuqXb`2&M4HN_Yg+$|3pZoT8#ypUkSt9lF_NTclVwzInQ~3(
zB`F9BNkdS0CW4ly;-FD^w8RPVOv?z7#c&|K9b+T1FyYN?JhnX>Pi&_djAX`kS|e@C
zl;rW@WIL5(vW@DI%-WHO2j9&`@Tx3Kips_8=se7c$-#?<d=yspAWP@sd6E}MSo*gy
zxp-=S0mi<Og*(<*5MSlI)fvvmMCc+brNNFLtT$uY=3FE;_2XLaAX<6`&`Q$M!_r!W
z*JH1_&ez&;R}>Mry9kw?gRoOqy0r)eY=_8seI#F&bVw`rr}t!|UXFzdN$l(^VY<j_
z?;FHlJ}#18c*bN{<y`+^YPQn~J_9ppHf&(;)kXlUm5?thVOSK0O&6;LVt7i679C{q
z<`0{#7`r?Lzdl$jyge3IO~XMf%a<T2^tH3uaQe<d$KH^=2^vnMpNY_!4uWo;%51XZ
zzKvP9YjrwO8|1e-jza1WOniZ6vXq7^Xzw<22gR+BL>$i-yvtY35?EnH#HS7_S-!zj
zhxvQwjTdWSSQv{}J}HxaM&Jzj)tr1a9CVY#usg94hQ-MgT#M04Lz97jSH6Lj6U(wi
z=@iMcG(2_isElW3xAf!3@8sZCT120dUs6ckD5V%&Ef^ZQ$WnegQPDAoCuwUkc1b)A
zTAF#L2Ia1%@{P1b`mIBa?gcMzwVO^6U)NBqO2RA0D`Arr4aj7vlqu)op@S^`Vex_C
zh@}-bh9uLppMe6af6H!V7(SuFv)sGNbIufZV)AMezOz09Nww-LUn#cnlqBx;y+cQU
zXW)t$tmFWHK3WFDYgh2vXJzOTv^$9P5eiw%vqZAg7F4|=Ty>ODJbgO4fI@^38)BQi
z{@l`2TSGx7S<WywbmM`I=@_#l4hPbj<Xq~4BR(jd9NIW<kCnyRt}RG9n77C`*oq_c
zOdSRFB)kw)f~!uOegEJWS)$>GGg>ijSv<bGT75mv$zr9L!R##7aECXt7<g@&e4!aB
zPa0Z0bANg(Caf^xhZ{2yTchU}7v7<ZEX8oLk_)9-v|4qJ0xAv1pKUS0+^9ZaQ%IA#
z!>UNR?iiXZ_EAXZkn)7aP8YZ1?ltMSDJ&K5XDZ7XZ`!oOKe8MbJl#UehnJ5P!Z7a=
zp52#?qBgz=<afoRXAJLIu26I0tGn>iO&K)%C1Cx<I;fh5(x?r7#w>0OH-{gqJMGfO
z)-dlfejk&MGN&0*@&!5Vj-kk6;EpV76I?2#z7r2^vB2<pES8)sm$qXJk~Y!x{Dgk8
z1S2GagzJJfJD%A?guNPzIWYy~VJcw~1ztMf3t4<1viiJ@#M%x#yv0nz|1$o5v>5e5
zK$psSR;3HN$r3$8TIflHu`8aRd##U#Vm@^u7PF&sg&4-lsdYsRO_qC|v!(5rMzb*U
zsDB(QL0uPLBq*lv7Ch_H1D!F886X=Wos?^lLLl#&9dq8N7&bp1kG+?Lb7k(kGZDji
zmZFpS>4&r!p1LL#h6S-$c%qa%O4clWaY{*cl=DXbIz7wP2-&mPSvoTC&Q{R2W!@*{
z($Bi5MwxKP+y-Hul+PTDtf_0wn7%_Ki+5f@Gez#T7p~$a+Q5%rmWcJ=R^ggmDL`jN
zmh@ql>?l<B6MhDG?-0#w>K#Pn**XM=rqUWH1z}&;qsr-xGcReZw>$QRB3a7)j3ztg
zvfaYMINY<wgafI~@~lTtlsU?)^+pP#M3(Ad@^=gtcRw&$aX&2<4GWU++<_8Ytn8BS
za!6!(c*)A@9?7=ip?7K0SQw9)JF}&KMo=&?C_ZLUHA|x2@EfB?)&O-t>V#-K5L?@e
z-yABYPA6k(q#2v9G@(wO!Ay<(sl)VL1!$7<a$EYa<WvnNM5G{Sxe>2^R)zdFl}Oe;
zZ&}qbS{N0wqz*8m2H8s|PMEm*uI}ikxYK|;SJ6yHi^vxb6iWXY5!cj@@4c0YnR`o+
zX9JF9wd2wE$eR`=VcMn~?4zwro8vzZWQyp-<0aGQN*23z&C`!ji&?6X++g*{!F=N@
z8cNR{q}g&oJf=_#`rVOQ+_^3f_iic1oR2CnJ|YdlAx6CX?<%C!scSWfAUQ2GDJEsG
z9PXhbfl(w&h0+OjcI{AY*8n!hHR8Svw6LV1X$Z}QAtYOR0y}+ME<UhWVHLbdYJ=EP
z+H!8sJ>U7he;7ToBr9dJ`Ja3(K)7V_YW^2h6vxsrZG#1o7wS=>vg86*QS?(4{EiAw
zW%S~@c$Ny)bVm#mdcz*<#8<Q-t=1;|Q<QTV?eMEIgQJ1#OqK}0J8`}6-$2&?3>-5=
zfUMyW@GLzDkfi|uvNRw-mIegK(trS2J_Gm<>jzLMsu{zi00000NkvXXu0mjfd3pnb

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/windows-defender-atp/images/SS_icon.png b/windows/security/threat-protection/windows-defender-atp/images/SS_icon.png
new file mode 100644
index 0000000000000000000000000000000000000000..95908405ce803b04ac68da74e5b8471fdbf83514
GIT binary patch
literal 2802
zcmV<O3Jvv%P)<h;3K|Lk000e1NJLTq002t>002t}1^@s6I8J)%00001b5ch_0Itp)
z=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D02y>eSaefwW^{L9
za%BK;VQFr3E^cLXAT%y8E;2FkAZe8V019GBL_t(|UhSK0a8y?r$1~#xr|LKgBc!$z
zXZ+xFS}0A>ep08cgBTF}qN5J9T6J_<m{Oqx5}-3WBmvqoQ&4#;v{VhC9l}&+>Zl0h
zJ)4)^K;FP)H-SK!geK%=H*dRtpXZ))_MY9n*}XU2lqK$e=Gk-ZbI<E9&pG$*-J1-g
zWm{=j4wQ!FKxtSGl!oO%X;==FhUGwMSPnD;SRrAYge83`rtpZ8G&IMsLSZm!1R|fL
z@g!9|s)*5sKa7l)+EYSUqB*kzvw4*>&!wKsF`Iu*eXP#L?JTmKwVh)6=!1_7E8M)w
zMD-UWo6v0X9xydd9y^<mSg?t3+E|9%gxL(|xRdJcaqRq?4;$b0;>8j#HkJ7B65H8S
zG_R3vI@^ht&iSzU?0@lgr4J)Pg-gvbJ~SK4&}>Mx;u{{v>ch?W^cEK~cX^QcN+X#E
z_jBGjP7&Kh<6?WojfFJE`^grNKVw5BR{YL|-pMI3FZmgri&kP-R4-gTBpRvyU<40r
zzl1f%+fjBsfbuRsN;~~1BP;c#s*R%hx*uoT{P^;3J$Uk9J$k36Xi6%Q!n2%K@%Joh
zNCawRa8~z@V$se@yijsOdhQ+dj{(bHZ8Tu@5iC|Drs<(2+~5_Y2^m$a8iMuEu1fs!
zuh*p~nX(>eJn<itr>&<duZ~r_-NQj-?Tv(GR|z9aX)GkVWa+S?rzVd1Gx`k6%14^U
zZAZQVKen7}$GShYWBnhmkzK|5ciPA(rQ>J+d<};xdlBGEAc<iu-{Zkk2kR_hO*e9u
z4OpV;*ffz9-LN>0T((?Q`NcU?;z;x8CvC{pJ&Xl;E_`BBwXroU&M(75J4&&5XDRus
zkg>56-+SAKVZLV|bq|M-O|YI$HY{D^Hes34&&a$*Vddh~$Xk?&r@EV?$lP9oH7DCp
zGcb<&+heGujmh)j7>d2)SX^)gYfk8}f(ERlFGF3nVTH@-XE;x$x%ko%5q;8}s+M3a
z%&nlYG)s@E=3(H`J#K>K#jv&vQwJ6)(WH&#9X9Elp=xjXv2a@@es-$KxI5R?a65=c
z3JKO*6j>3l8fniGw+>EZ1D2SLeOPv8Pi456Y%^R#>%*=XR_3+}{G4EoOP><MdbGfe
zwHA@Zu#y~E=0-hk^J+L24563)#J6a0J(L>8dF}WPH6>c3r5FLoIV=}1LxT0(X&shm
zr{Q+Uh^)1|XX&u$)`4O5Cm)uO-N>r&4Pf0nEm(P^4LOHfk#nRK-yvIhlzd0qu;yqJ
zPSoBszRZT<Xl-*Yy3Kfs2dmx^7GDh;>1vn)d)68EO?+naMSOmT8(FWn;_=s7u<W&F
zWbbdnmkOGY@%%+>EV(LSv8V+nbd17g1(({h2o?oxgsfqidsfnyp&HnPHo$nWPG9cB
z{H^84{YM`<N9d+;C<N~iaAOoW)jEm!d9`@qoL5ea7Nhzjm|ew{*ciB=SjZ^^%aple
zC4kk~i+Nkh@Oo*l^q8vbo<wH8iz2ICi!5tdbBiUKELhh4ManiTUGZV{VcyH7D7?@k
zJ&akDI^Q*ch50quaIPb2VyYE$kF=|liLB`c?hF=}5OMh*g7pOnOGTDh-ySA`lS~#*
z9<0Ru&r)Pn5UdZRhb2mJWG%?6p=D^oQu0rQ&^;7@Z_p3#;26AjI3F-lwhr<S1bFA<
zw#a11DY?Pxat=#K!HQglqJ=Ac0sQb#HI^4vVOarNC6?``bT_5s``W%594qTG%IZo!
zEbBS55-daOO7>vIZtw=IsAZ@IRzZ_~Fuxr0^4(ZL_h;WebOkH^(2SLbTd;&~Ju+Ub
zMechk4a-`IV9noBj-qg6nI*!JMawXHVwF7sJeXIG9~b*DL|fbl&0~mcgsQ*WK8ATa
z>IqitliB3%S!%4&vl2@Fp5>v)B3OkN<19l9SQR}KS$U=S$*F77W9py25#z!zyRcZ+
zkd#sm)-%P|V%mJaW0qk>d_SFDX;=m*t;aar?8DL;nM<(DryiW@7OQk*g{6av9)VCA
zmIK*<6-#;U!J-~xrx~M!u&i!O=hmLZUiyfgW{eWR(okuQ&8^5%PeqhXFB`C88%Ql!
z{8;&;z>+iM4`tJ6j_+CGr?9xNsIxeHB4h(rtmal^+1KpBiuZ_S8dwhyto3PFLgzaP
z7EO9XNqf>@)!yPCS?3HavxEW5h^$yxRSYYCrjb=)2}}IQ+JH63y-_cQqzWwlb?4<$
zym~1%vdV5uAT!TpxeOT=?^(~Dj(tS)FZqaO>wDeOW6FS)TY+DkX_6jOR|W`H5y6W2
z`94Kp6}x-z*<WA6Z!Yx1PbWv|HfEH@G(q|IeL;$>I_-BuQ^v!;{Br!LxWlM7ChKxq
z(msaIZFgbwx!5-iU9=1rZm+^Kr(1D{>roxQ?60aH_)38rtB$o}C>0_rT7Pfp$D$oo
zSX|JARmZO*=gkh}9P7YZS_)YQI*_rU!g|l5N%NjHZ>I-2w8yNb@;PsMv6}Kr-)P5u
zTU{vp_bpl46u-<ie_IXa?`p)#x4N*3>f{{r;=5G;iQjwisoYvxqMaC(k#*zlN0#_x
z-5w8N@A+<I7gp1LQI91>by!+dOIC-+_PFsxQ8f-;>NMW<)NgXG^at?$BXw9-R8M6a
z@EFxyO8F&xT;Rg<XF728LsiS{ua(BK_E00$YcR?$-DBFryKC`-6D`I&`>KW!S+ns@
z>2zXPi+5JwSAXe}gD?lr8lDW{>cBXf?@Xb^ut_6rC2Jd)KyQG)lNoi$WYy8B5IShB
zv<yz7bx@RT<$9EF8JI*L)e)FvP5IC+K=s;<a#T<Dp{$vF-Ml7cO%}uA7jQYUlKd8p
zwM1m`+ja`p3?(P5CK6v<ir*I0CF&=ZS&x@tmRyFj@G_ew*(1YRWVL67$E^TFeMvRW
zD?ew2--IQOmDE|&#Ya@vEMh)2Fr=Lbi+yDB)Q#aOg5|+e2R^1{X#CRvMb^f%v+*AM
z?5aNy#8>xu@U4Rlv<&4R&8B7yi<jZLGu@zDAao4_UNX*mrExym)VT=by4tZ`j_ySb
zQ~n6k>cyO6<MBkb-91WIPr99WxUd=D*k3FEcgMaQ!V<Au-7|_W=3c;ko2%$D+<@#N
zH?rtzl(n~xtX>-V>0B0Fl?<cf$JrnDart_xtCb-$+LLDbseM^Dd_G){kGUQh^`E_m
zO}0x{N7W|xoxQIfj}$cElbh%Z`^n1~{5T@3ZD0&PJ?X(W-?)q?4_v18Pj-+m$8Jjb
z<yOw~CaO&NM7c=6?z@bq5AZ9D;+RvF7wz%O{-T`fGt#&{Y1EEk`uPJMe0_gCo;%eB
zcmJg24i`@|f<<=*7@P>wJr(T%WSqv!$MZ!Smr>=S^Lpyk^!h{c2Gyx%1nd7*X;==F
zhUGx_1T1l5>U29!n!+8Y6f7PUgP9Bl5tx|5opEg^zH6*f5|&AWza$5P^aZ)!FFkjY
zmHKX$-m~l|6(cM4m4@X&X;==FhUGwMSPqniWm~}i0Go99Nb_s0y8r+H07*qoM6N<$
Eg2&coF#rGn

literal 0
HcmV?d00001


From a19985ef33a97c395da9990ae8b81e2f188d3e4e Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Fri, 26 Oct 2018 14:19:13 -0700
Subject: [PATCH 17/19] beef up wdatp page

---
 windows/security/threat-protection/index.md   |  4 +-
 ...ows-defender-advanced-threat-protection.md | 84 ++++++++++++++-----
 2 files changed, 64 insertions(+), 24 deletions(-)

diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md
index 69c6127970..090b0c62f7 100644
--- a/windows/security/threat-protection/index.md
+++ b/windows/security/threat-protection/index.md
@@ -18,7 +18,7 @@ Windows Defender Advanced Threat Protection (Windows Defender ATP) is a unified
 <center><h2>Windows Defender ATP</center></h2>
 <table>
 <tr>
-<td><a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction"><center><img src="images/ASR_icon.png"> <br><b>Attack surface reduction</b></center></a></td>
+<td><a href="#asr"><center><img src="images/ASR_icon.png"> <br><b>Attack surface reduction</b></center></a></td>
 <td><center><a href="#ngp"><img src="images/ngp_icon.png"><br> <b>Next generation protection</b></a></center></td>
 <td><center><a href="#edr"><img src="images/edr_icon.png"><br> <b>Endpoint detection and response</b></a></center></td>
 <td><center><a href="#ai"><img src="images/AR_icon.png"><br> <b>Automated investigation and remediation</b></a></center></td>
@@ -113,7 +113,7 @@ Integrate Windows Defender Advanced Threat Protection into your existing workflo
 <a name="mtp"></a>
 
 **[Microsoft Threat Protection](windows-defender-atp/threat-protection-integration.md)** <br>
-Bring the power of Microsoft threat protection to your organization. Windows Defender ATP is part of the Microsoft Threat Protection solution that helps implement end-to-end security across possible attack surfaces in the modern workplace.
+ Windows Defender ATP is part of the Microsoft Threat Protection solution that helps implement end-to-end security across possible attack surfaces in the modern workplace. Bring the power of Microsoft threat protection to your organization.
 - [Conditional access](windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md)
 - [O365 ATP](windows-defender-atp/threat-protection-integration.md)
 - [Azure ATP](windows-defender-atp/threat-protection-integration.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
index d4de5ebbcc..4a485418f9 100644
--- a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
 ---
 title: Windows Defender Advanced Threat Protection
 description: Windows Defender Advanced Threat Protection is an enterprise security platform that helps secops to prevent, detect, investigate, and respond to possible cybersecurity threats related to advanced persistent threats.
-keywords: introduction to Windows Defender Advanced Threat Protection, introduction to Windows Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence
+keywords: introduction to Windows Defender Advanced Threat Protection, introduction to Windows Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence, attack surface reduction, next generation protection, automated investigation and remediation, secure score, advanced hunting, microsoft threat protection
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
-ms.date: 09/03/2018
+ms.date: 10/26/2018
 ---
 
 # Windows Defender Advanced Threat Protection
@@ -22,6 +22,29 @@ ms.date: 09/03/2018
 
 Windows Defender Advanced Threat Protection is a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
 
+indows Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
+
+-   **Endpoint behavioral sensors**: Embedded in Windows 10, these sensors
+    collect and process behavioral signals from the operating system
+    (for example, process, registry, file, and network communications)
+    and sends this sensor data to your private, isolated, cloud instance of Windows Defender ATP.
+
+
+-   **Cloud security analytics**: Leveraging big-data, machine-learning, and
+    unique Microsoft optics across the Windows ecosystem (such as the
+    [Microsoft Malicious Software Removal Tool](https://www.microsoft.com/en-au/download/malicious-software-removal-tool-details.aspx),
+    enterprise cloud products (such as Office 365), and online assets
+    (such as Bing and SmartScreen URL reputation), behavioral signals
+    are translated into insights, detections, and recommended responses
+    to advanced threats.
+
+-   **Threat intelligence**: Generated by Microsoft hunters, security teams,
+    and augmented by threat intelligence provided by partners, threat
+    intelligence enables Windows Defender ATP to identify attacker
+    tools, techniques, and procedures, and generate alerts when these
+    are observed in collected sensor data.
+
+
 <center><h2>Windows Defender ATP</center></h2>
 <table>
 <tr>
@@ -45,34 +68,51 @@ Windows Defender Advanced Threat Protection is a platform designed to help enter
 <br>
 
 
-Windows Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
+<a name="asr"></a>
 
--   **Endpoint behavioral sensors**: Embedded in Windows 10, these sensors
-    collect and process behavioral signals from the operating system
-    (for example, process, registry, file, and network communications)
-    and sends this sensor data to your private, isolated, cloud instance of Windows Defender ATP.
+**[Attack surface reduction](windows-defender-atp/overview-attack-surface-reduction.md)**<br>
+The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations. 
+
+<a name="ngp"></a>
+
+**[Next generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)**<br>
+To further reinforce the security perimeter of your network, Windows Defender ATP uses next generation protection designed to catch all types of emerging threats.
+
+<a name="edr"></a>
+
+**[Endpoint protection and response](windows-defender-atp/overview-endpoint-detection-response.md)**<br>
+Endpoint protection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars. 
+
+<a name="ai"></a>
+
+**[Automated investigation and remediation](windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md)**<br>
+In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. 
 
 
--   **Cloud security analytics**: Leveraging big-data, machine-learning, and unique Microsoft optics across the Windows ecosystem,
-    enterprise cloud products (such as Office 365), and online assets
-    (such as Bing and SmartScreen URL reputation), behavioral signals
-    are translated into insights, detections, and recommended responses
-    to advanced threats.
+<a name="ss"></a>
 
--   **Threat intelligence**: Generated by Microsoft hunters, security teams, and augmented by threat intelligence provided by partners, threat intelligence enables Windows Defender ATP to identify attacker
-    tools, techniques, and procedures, and generate alerts when these
-    are observed in collected sensor data.
+**[Secure score](windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md)**<br>
+Windows Defender ATP includes a secure score to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization.
+
+<a name="ah"></a>
+
+**[Advanced hunting](windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md)**<br>
+Create custom threat intelligence and use a powerful search and query tool to hunt for possible threats in your organization.
+
+<a name="apis"></a>
+
+**[Management and APIs](windows-defender-atp/management-apis.md)**<br>
+Integrate Windows Defender Advanced Threat Protection into your existing workflows.
+
+<a name="mtp"></a>
+
+**[Microsoft Threat Protection](windows-defender-atp/threat-protection-integration.md)** <br>
+ Windows Defender ATP is part of the Microsoft Threat Protection solution that helps implement end-to-end security across possible attack surfaces in the modern workplace. Bring the power of Microsoft threat protection to your organization.
 
 
 
-
-
-
-The Windows Defender ATP platform is where all the capabilities that are available across multiple products come together to give security operations teams the ability to effectively manage their organization's network.
-
-To help you maximize the effectiveness of the security platform, you can configure individual capabilities that surface in Windows Defender Security Center. 
-
 ## In this section
+To help you maximize the effectiveness of the security platform, you can configure individual capabilities that surface in Windows Defender Security Center. 
 
 Topic | Description
 :---|:---

From 6e0aa2d8df987cc8b17b25aa942f284ea3aeec86 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Fri, 26 Oct 2018 14:20:28 -0700
Subject: [PATCH 18/19] edits

---
 .../windows-defender-advanced-threat-protection.md     | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
index 4a485418f9..9e116899be 100644
--- a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
@@ -25,16 +25,12 @@ Windows Defender Advanced Threat Protection is a platform designed to help enter
 indows Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
 
 -   **Endpoint behavioral sensors**: Embedded in Windows 10, these sensors
-    collect and process behavioral signals from the operating system
-    (for example, process, registry, file, and network communications)
-    and sends this sensor data to your private, isolated, cloud instance of Windows Defender ATP.
+    collect and process behavioral signals from the operating system and sends this sensor data to your private, isolated, cloud instance of Windows Defender ATP.
 
 
 -   **Cloud security analytics**: Leveraging big-data, machine-learning, and
-    unique Microsoft optics across the Windows ecosystem (such as the
-    [Microsoft Malicious Software Removal Tool](https://www.microsoft.com/en-au/download/malicious-software-removal-tool-details.aspx),
-    enterprise cloud products (such as Office 365), and online assets
-    (such as Bing and SmartScreen URL reputation), behavioral signals
+    unique Microsoft optics across the Windows ecosystem,
+    enterprise cloud products (such as Office 365), and online assets, behavioral signals
     are translated into insights, detections, and recommended responses
     to advanced threats.
 

From 7fadbbc86143e77f0ef385f393d544678a7e335a Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Fri, 26 Oct 2018 14:40:09 -0700
Subject: [PATCH 19/19] fix links

---
 ...indows-defender-advanced-threat-protection.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
index 9e116899be..abe99e8194 100644
--- a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
@@ -66,43 +66,43 @@ indows Defender ATP uses the following combination of technology built into Wind
 
 <a name="asr"></a>
 
-**[Attack surface reduction](windows-defender-atp/overview-attack-surface-reduction.md)**<br>
+**[Attack surface reduction](overview-attack-surface-reduction.md)**<br>
 The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations. 
 
 <a name="ngp"></a>
 
-**[Next generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)**<br>
+**[Next generation protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)**<br>
 To further reinforce the security perimeter of your network, Windows Defender ATP uses next generation protection designed to catch all types of emerging threats.
 
 <a name="edr"></a>
 
-**[Endpoint protection and response](windows-defender-atp/overview-endpoint-detection-response.md)**<br>
+**[Endpoint protection and response](overview-endpoint-detection-response.md)**<br>
 Endpoint protection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars. 
 
 <a name="ai"></a>
 
-**[Automated investigation and remediation](windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md)**<br>
+**[Automated investigation and remediation](automated-investigations-windows-defender-advanced-threat-protection.md)**<br>
 In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. 
 
 
 <a name="ss"></a>
 
-**[Secure score](windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md)**<br>
+**[Secure score](overview-secure-score-windows-defender-advanced-threat-protection.md)**<br>
 Windows Defender ATP includes a secure score to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization.
 
 <a name="ah"></a>
 
-**[Advanced hunting](windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md)**<br>
+**[Advanced hunting](overview-hunting-windows-defender-advanced-threat-protection.md)**<br>
 Create custom threat intelligence and use a powerful search and query tool to hunt for possible threats in your organization.
 
 <a name="apis"></a>
 
-**[Management and APIs](windows-defender-atp/management-apis.md)**<br>
+**[Management and APIs](management-apis.md)**<br>
 Integrate Windows Defender Advanced Threat Protection into your existing workflows.
 
 <a name="mtp"></a>
 
-**[Microsoft Threat Protection](windows-defender-atp/threat-protection-integration.md)** <br>
+**[Microsoft Threat Protection](threat-protection-integration.md)** <br>
  Windows Defender ATP is part of the Microsoft Threat Protection solution that helps implement end-to-end security across possible attack surfaces in the modern workplace. Bring the power of Microsoft threat protection to your organization.