diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index d109fd20f0..d4f971d7d4 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -15582,6 +15582,11 @@
"redirect_document_id": false
},
{
+"source_path": "windows/security/threat-protection/microsoft-defender-atp/licensing.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment",
+"redirect_document_id": true
+},
+{
"source_path": "windows/release-information/status-windows-10-1703.yml",
"redirect_url": "https://docs.microsoft.com/windows/release-information/windows-message-center",
"redirect_document_id": true
diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
index 291b0a7d56..ce948dbf85 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
@@ -23,6 +23,10 @@ ms.date: 9/10/2019
This article describes the network connections that Windows 10 components make to Microsoft and the Mobile Device Management/Configuration Service Provider (MDM/CSP) and custom Open Mobile Alliance Uniform Resource Identifier ([OMA URI](https://docs.microsoft.com/intune/custom-settings-windows-10)) policies available to IT Professionals using Microsoft Intune to help manage the data shared with Microsoft. If you want to minimize connections from Windows to Microsoft services, or configure privacy settings, there are a number of settings for consideration. For example, you can configure diagnostic data to the lowest level for your edition of Windows and evaluate other connections Windows makes to Microsoft services you want to turn off using the instructions in this article. While it is possible to minimize network connections to Microsoft, there are many reasons why these communications are enabled by default, such as updating malware definitions and maintaining current certificate revocation lists. This data helps us deliver a secure, reliable, and up-to-date experience.
+Note: The 1903 settings in the Windows Restricted Traffic Limited Functionality Baseline package are applicable to 1909 Windows Enterprise devices.
+
+Note: If a user executes the "Reset this PC" command (Settings -> Update & Security -> Recovery) with the "Keep my files" option the Windows Restricted Traffic Limited Functionality Baseline settings will need to be re-applied to in order re-restrict the device. Also, egress traffic may occur during the period leading up to the re-applications of the Restricted Traffic Limited Functionality Baseline settings.
+
>[!IMPORTANT]
>- The Allowed Traffic endpoints for an MDM configuration are here: [Allowed Traffic](#bkmk-mdm-allowedtraffic)
> - CRL (Certificate Revocation List) and OCSP (Online Certificate Status Protocol) network traffic cannot be disabled and will still show up in network traces. CRL and OCSP checks are made to the issuing certificate authorities. Microsoft is one of these authorities. There are many others such as DigiCert, Thawte, Google, Symantec, and VeriSign.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md b/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md
index 42ce3aa2b6..779b617625 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md
@@ -26,6 +26,8 @@ Conducting a comprehensive security product evaluation can be a complex process
The Microsoft Defender ATP evaluation lab is designed to eliminate the complexities of machine and environment configuration so that you can
focus on evaluating the capabilities of the platform, running simulations, and seeing the prevention, detection, and remediation features in action.
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4qLUM]
+
When you get started with the lab, you'll be guided through a simple set-up process where you can specify the type of configuration that best suits your needs.
After the lab setup process is complete, you can add Windows 10 or Windows Server 2019 machines. These test machines come pre-configured to have the latest and greatest OS versions with the right security components in place and Office 2019 Standard installed.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md
index 379a0c8d3e..664d337477 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md
@@ -30,6 +30,9 @@ When you investigate an incident, you'll see:
- Incident comments and actions
- Tabs (alerts, machines, investigations, evidence, graph)
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4qLUV]
+
+
## Analyze incident details
Click an incident to see the **Incident pane**. Select **Open incident page** to see the incident details and related information (alerts, machines, investigations, evidence, graph).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/licensing.md b/windows/security/threat-protection/microsoft-defender-atp/licensing.md
deleted file mode 100644
index c86b827fd6..0000000000
--- a/windows/security/threat-protection/microsoft-defender-atp/licensing.md
+++ /dev/null
@@ -1,123 +0,0 @@
----
-title: Validate licensing provisioning and complete Microsoft Defender ATP set up
-description: Validating licensing provisioning, setting up initial preferences, and completing the user set up for Microsoft Defender Advanced Threat Protection portal.
-keywords: license, licensing, account, set up, validating licensing, windows defender atp
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: article
----
-
-# Validate licensing provisioning and complete set up for Microsoft Defender ATP
-
-**Applies to:**
-
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-validatelicense-abovefoldlink)
-
-## Check license state
-
-Checking for the license state and whether it got properly provisioned, can be done through the admin center or through the **Microsoft Azure portal**.
-
-1. To view your licenses go to the **Microsoft Azure portal** and navigate to the [Microsoft Azure portal license section](https://portal.azure.com/#blade/Microsoft_AAD_IAM/LicensesMenuBlade/Products).
-
- 
-
-1. Alternately, in the admin center, navigate to **Billing** > **Subscriptions**.
-
- - On the screen you will see all the provisioned licenses and their current **Status**.
-
- 
-
-
-## Cloud Service Provider validation
-
-To gain access into which licenses are provisioned to your company, and to check the state of the licenses, go to the admin center.
-
-1. From the **Partner portal**, click on the **Administer services > Office 365**.
-
-2. Clicking on the **Partner portal** link will leverage the **Admin on behalf** option and will give you access to the customer admin center.
-
- 
-
-## Access Microsoft Defender Security Center for the first time
-
-When accessing [Microsoft Defender Security Center](https://SecurityCenter.Windows.com) for the first time there will be a setup wizard that will guide you through some initial steps. At the end of the setup wizard there will be a dedicated cloud instance of Microsoft Defender ATP created.
-
-1. Each time you access the portal you will need to validate that you are authorized to access the product. This **Set up your permissions** step will only be available if you are not currently authorized to access the product.
-
- 
-
- Once the authorization step is completed, the **Welcome** screen will be displayed.
-
-2. The **Welcome** screen will provide some details as to what is about to occur during the set up wizard.
-
- 
-
- You will need to set up your preferences for Microsoft Defender Security Center.
-
-3. Set up preferences
-
- 
-
- 1. **Select data storage location**
When onboarding the service for the first time, you can choose to store your data in the Microsoft Azure datacenters in the United States, the European Union, or the United Kingdom. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Microsoft will not transfer the data from the specified geolocation.
-
- > [!WARNING]
- > This option cannot be changed without completely offboarding from Microsoft Defender ATP and completing a new enrollment process.
-
- 2. **Select the data retention policy**
Microsoft Defender ATP will store data up to a period of 6 months in your cloud instance, however, you have the option to set the data retention period for a shorter timeframe during this step of the set up process.
-
- > [!NOTE]
- > This option can be changed at a later time.
-
- 3. **Select the size of your organization**
You will need to indicate the size of your organization based on an estimate of the number of employees currently employed.
-
- > [!NOTE]
- > The **organization size** question is not related to how many licenses were purchased for your organization. It is used by the service to optimize the creation of the data cluster for your organization.
-
- 4. **Turn on preview features**
Learn about new features in the Microsoft Defender ATP preview release and be among the first to try upcoming features by turning on **Preview features**.
-
- You'll have access to upcoming features which you can provide feedback on to help improve the overall experience before features are generally available.
-
- - Toggle the setting between On and Off to choose **Preview features**.
-
- > [!NOTE]
- > This option can be changed at a later time.
-
-4. You will receive a warning notifying you that you won't be able to change some of your preferences once you click **Continue**.
-
- > [!NOTE]
- > Some of these options can be changed at a later time in Microsoft Defender Security Center.
-
- 
-
-5. A dedicated cloud instance of Microsoft Defender Security Center is being created at this time. This step will take an average of 5 minutes to complete.
-
-6. You are almost done. Before you can start using Microsoft Defender ATP you'll need to:
-
- - [Onboard Windows 10 machines](configure-endpoints.md)
-
- - Run detection test (optional)
-
- 
-
- > [!IMPORTANT]
- > If you click **Start using Microsoft Defender ATP** before onboarding machines you will receive the following notification:
- > 
-
-7. After onboarding machines you can click **Start using Microsoft Defender ATP**. You will now launch Microsoft Defender ATP for the first time.
-
-## Related topics
-- [Onboard machines to the Microsoft Defender Advanced Threat Protection service](onboard-configure.md)
-- [Troubleshoot onboarding process and portal access issues](troubleshoot-onboarding-error-messages.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md
index ddd34985a3..80231ef03d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md
@@ -27,6 +27,8 @@ Live response is a capability that gives you instantaneous access to a machine u
Live response is designed to enhance investigations by enabling you to collect forensic data, run scripts, send suspicious entities for analysis, remediate threats, and proactively hunt for emerging threats.
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4qLUW]
+
With live response, analysts will have the ability to:
- Run basic and advanced commands to do investigative work
- Download files such as malware samples and outcomes of PowerShell scripts
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-integration.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-integration.md
index b005d81545..1dd8377db2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-integration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-integration.md
@@ -34,6 +34,9 @@ Microsoft Cloud App Security (Cloud App Security) is a comprehensive solution th
Cloud App Security discovery relies on cloud traffic logs being forwarded to it from enterprise firewall and proxy servers. Microsoft Defender ATP integrates with Cloud App Security by collecting and forwarding all cloud app networking activities, providing unparalleled visibility to cloud app usage. The monitoring functionality is built into the device, providing complete coverage of network activity.
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4r4yQ]
+
+
The integration provides the following major improvements to the existing Cloud App Security discovery:
- Available everywhere - Since the network activity is collected directly from the endpoint, it's available wherever the device is, on or off corporate network, as it's no longer depended on traffic routed through the enterprise firewall or proxy servers.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md
index 54dc6d37fa..1aabe438b0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md
@@ -29,6 +29,9 @@ ms.topic: article
Microsoft Defender ATP supports streaming all the events available through [Advanced Hunting](advanced-hunting-overview.md) to an [Event Hubs](https://docs.microsoft.com/azure/event-hubs/) and/or [Azure storage account](https://docs.microsoft.com/azure/event-hubs/).
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4r4ga]
+
+
## In this section
Topic | Description