content for interoperability

windows/security/threat-protection/TOC.md

@@ -345,6 +345,10 @@
 ###### [Threat protection reports](windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md)
 ###### [Machine health and compliance reports](windows-defender-atp/machine-reports-windows-defender-advanced-threat-protection.md)
 
+##### Interoperability
+###### [Partner applications](windows-defender-atp/partner-applications.md)
+
+
 ##### Role-based access control
 ###### [Manage portal access using RBAC](windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md)
 ####### [Create and manage roles](windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md)

windows/security/threat-protection/windows-defender-atp/TOC.md

@@ -338,6 +338,10 @@
 ##### [Threat protection reports](threat-protection-reports-windows-defender-advanced-threat-protection.md)
 ##### [Machine health and compliance reports](machine-reports-windows-defender-advanced-threat-protection.md)
 
+
+#### Interoperability
+##### [Partner applications](partner-applications.md)
+
 #### Role-based access control
 ##### [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md)
 ###### [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md)

windows/security/threat-protection/windows-defender-atp/partner-applications.md

@@ -0,0 +1,64 @@
+---
+title: Partner applications in Microsoft Defender ATP   
+description: View supported partner connections so enhance the detection, investigation, and threat intelligence capabilities of the platform
+keywords: partners, applications, third-party, connections, sentinelone, lookout, bitdefender, corrata, morphisec, paloalto, ziften, better mobile
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: conceptual
+---
+
+# Partner applications in Microsoft Defender ATP 
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+
+Microsoft Defender ATP supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform.
+
+
+The support for third-party solutions help to further streamline, integrate, and orchestrate defenses from other vendors with Microsoft Defender ATP; enabling security teams to effectively respond better to modern threats.
+
+Microsoft Defender ATP seamlessly integrates with existing security solutions - providing out of the box integration with SIEM, ticketing and IT service management solutions, managed security service providers (MSSP), IoC indicators ingestions and matching, automated device investigation and remediation based on external alerts, and integration with Security orchestration and automation response (SOAR) systems. 
+
+## SIEM integration
+Microsoft Defender ATP supports SIEM integration through a variety of methods <20> specialized SIEM system interface with out of the box connectors, a generic alert API enabling custom implementations, and an action API enabling alert status management.  For more information, see [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md).
+
+## Ticketing and IT service management 
+Ticketing solution integration helps to implement manual and automatic response processes. Microsoft Defender ATP can help to create tickets automatically when an alert is generated and resolve the alerts when tickets are closed using the alerts API. 
+
+## Security orchestration and automation response (SOAR) integration 
+Orchestration solutions can help build playbooks and integrate the rich data model and actions that Microsoft Defender ATP APIs expose to orchestrate responses, such as query for device data, trigger machine isolation, block/allow, resolve alert and others. 
+
+## External alert correlation and Automated investigation and remediation  
+Microsoft Defender ATP offers unique automated investigation and remediation capabilities to drive incident response at scale.
+  
+Integrating the automated investigation and response capability with other solutions such as IDS and firewalls help to address alerts and minimize the complexities surrounding network and device signal correlation, effectively streamlining the investigation and threat remediation actions on devices.  
+
+External alerts can be pushed into Microsoft Defender ATP and is presented side-by-side with additional device-based alerts from Microsoft Defender ATP. This view provides a full context of the alert - with the real process and the full story of attack.  
+
+## Indicators matching
+You can use threat-intelligence from providers and aggregators to maintain and use indicators of compromise (IOCs).
+
+Microsoft Defender ATP allows you to integrate with such solutions and act on IoCs by correlating its rich telemetry and creating alerts when there's a match; leveraging prevention and automated response capabilities to block execution and take remediation actions when there<72>s a match.
+
+Microsoft Defender ATP currently supports IOC matching and remediation for file and network indicators. Blocking is supported for file indicators.  
+
+## Support for non-Windows platforms
+Microsoft Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the portal and better protect your organization's network. This experience leverages on a third-party security products<74> sensor data giving you a unified experience.
+
+
+
+
+
+
+

windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md

@@ -25,10 +25,12 @@ Here are the new features in the latest release of Windows Defender ATP as well
 
 ## April 2019
 ### In preview
-The following capability is included in the April 2019 preview release. 
+The following capabilities  are included in the April 2019 preview release. 
 
 - [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/next-gen-threat-and-vuln-mgt) <BR> A new built-in capability that uses a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations. 
 
+- [Interoperability](https://docs.microsoft.com/windows/security/threat-protection/partner-applications) <BR> Microsoft Defender ATP supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform.
+
 ## March 2019
 ### In preview
 The following capability are included in the March 2019 preview release.