diff --git a/devices/surface-hub/change-history-surface-hub.md b/devices/surface-hub/change-history-surface-hub.md
index 1a7df44a44..10317bd4e4 100644
--- a/devices/surface-hub/change-history-surface-hub.md
+++ b/devices/surface-hub/change-history-surface-hub.md
@@ -7,7 +7,7 @@ ms.sitesec: library
 author: jdeckerms
 ms.author: jdecker
 ms.topic: article
-ms.date: 06/01/2018
+ms.date: 07/12/2018
 ms.localizationpriority: medium
 ---
 
@@ -15,6 +15,12 @@ ms.localizationpriority: medium
 
 This topic lists new and updated topics in the [Surface Hub Admin Guide]( surface-hub-administrators-guide.md).
 
+## July 2018
+
+New or changed topic | Description
+--- | ---
+[Set up and use Whiteboard to Whiteboard collaboration](whiteboard-collaboration.md) | Added information and links for new Microsoft Whiteboard app release.
+
 ## June 2018
 
 New or changed topic | Description
diff --git a/devices/surface-hub/whiteboard-collaboration.md b/devices/surface-hub/whiteboard-collaboration.md
index 08346d20b4..10f086f358 100644
--- a/devices/surface-hub/whiteboard-collaboration.md
+++ b/devices/surface-hub/whiteboard-collaboration.md
@@ -6,13 +6,16 @@ ms.sitesec: library
 author: jdeckerms
 ms.author: jdecker
 ms.topic: article
-ms.date: 10/20/2017
+ms.date: 07/12/2018
 ms.localizationpriority: medium
 ---
 
 # Set up and use Whiteboard to Whiteboard collaboration (Surface Hub)
 
-Microsoft Whiteboard’s latest update (17.8302.5275X or greater) includes the capability for two Surface Hubs to collaborate in real time on the same board. 
+The Microsoft Whiteboard app includes the capability for two Surface Hubs to collaborate in real time on the same board. 
+
+>[!IMPORTANT]
+>A new Microsoft Whiteboard app was released on July 12, 2018. The existing Whiteboard app that comes installed on Surface Hub and is pinned to the Welcome screen cannot collaborate with the new version that can be installed on the PC. If people in your organization install the new Whiteboard on their PCs, you must install the new Whiteboard on Surface Hub to enable collaboration. To learn more about installing the new Whiteboard on your Surface Hub, see [Whiteboard on Surface Hub opt-in](https://go.microsoft.com/fwlink/p/?LinkId=2004277).
 
 By ensuring that your organization meets the prerequisites, users can then ink, collaborate, and ideate together. 
 
diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index fc15a38c27..b51844c487 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -249,6 +249,7 @@
 #### [Storage](policy-csp-storage.md)
 #### [System](policy-csp-system.md)
 #### [SystemServices](policy-csp-systemservices.md)
+#### [TaskManager](policy-csp-taskmanager.md)
 #### [TaskScheduler](policy-csp-taskscheduler.md)
 #### [TextInput](policy-csp-textinput.md)
 #### [TimeLanguageSettings](policy-csp-timelanguagesettings.md)
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 5e145ab167..ad1d5979b7 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -1623,6 +1623,33 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 
 ## Change history in MDM documentation
 
+### July 2018
+
+<table class="mx-tdBreakAll">
+<colgroup>
+<col width="25%" />
+<col width="75%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>New or updated topic</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
+<td style="vertical-align:top"><p>Added the following new policies in Windows 10, next major version:</p>
+<ul>
+<li>ApplicationManagement/LaunchAppAfterLogOn</li>
+<li>ApplicationManagement/ScheduleForceRestartForUpdateFailures </li>
+<li>TaskManager/AllowEndTask</li>
+<li>WindowsLogon/DontDisplayNetworkSelectionUI</li>
+</ul>
+</td></tr>
+</tbody>
+</table>
+
 ### June 2018
 
 <table class="mx-tdBreakAll">
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 913b873fdc..54c9ef180b 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -389,6 +389,29 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
+### BITS policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-bits.md#bits-bandwidththrottlingendtime" id="bits-bandwidththrottlingendtime">BITS/BandwidthThrottlingEndTime</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-bits.md#bits-bandwidththrottlingstarttime" id="bits-bandwidththrottlingstarttime">BITS/BandwidthThrottlingStartTime</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-bits.md#bits-bandwidththrottlingtransferrate" id="bits-bandwidththrottlingtransferrate">BITS/BandwidthThrottlingTransferRate</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-bits.md#bits-costednetworkbehaviorbackgroundpriority" id="bits-costednetworkbehaviorbackgroundpriority">BITS/CostedNetworkBehaviorBackgroundPriority</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-bits.md#bits-costednetworkbehaviorforegroundpriority" id="bits-costednetworkbehaviorforegroundpriority">BITS/CostedNetworkBehaviorForegroundPriority</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-bits.md#bits-jobinactivitytimeout" id="bits-jobinactivitytimeout">BITS/JobInactivityTimeout</a>
+  </dd>
+</dl>
+
 ### Bluetooth policies
 
 <dl>
@@ -3991,6 +4014,12 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [Autoplay/DisallowAutoplayForNonVolumeDevices](./policy-csp-autoplay.md#autoplay-disallowautoplayfornonvolumedevices)
 -   [Autoplay/SetDefaultAutoRunBehavior](./policy-csp-autoplay.md#autoplay-setdefaultautorunbehavior)
 -   [Autoplay/TurnOffAutoPlay](./policy-csp-autoplay.md#autoplay-turnoffautoplay)
+-   [BITS/BandwidthThrottlingEndTime](./policy-csp-bits.md#bits-bandwidththrottlingendtime)
+-   [BITS/BandwidthThrottlingStartTime](./policy-csp-bits.md#bits-bandwidththrottlingstarttime)
+-   [BITS/BandwidthThrottlingTransferRate](./policy-csp-bits.md#bits-bandwidththrottlingtransferrate)
+-   [BITS/CostedNetworkBehaviorBackgroundPriority](./policy-csp-bits.md#bits-costednetworkbehaviorbackgroundpriority)
+-   [BITS/CostedNetworkBehaviorForegroundPriority](./policy-csp-bits.md#bits-costednetworkbehaviorforegroundpriority)
+-   [BITS/JobInactivityTimeout](./policy-csp-bits.md#bits-jobinactivitytimeout)
 -   [Browser/AllowAddressBarDropdown](./policy-csp-browser.md#browser-allowaddressbardropdown)
 -   [Browser/AllowAutofill](./policy-csp-browser.md#browser-allowautofill)
 -   [Browser/AllowCookies](./policy-csp-browser.md#browser-allowcookies)
diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md
index 39546190c2..39cb905194 100644
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 07/03/2018
+ms.date: 07/11/2018
 ---
 
 # Policy CSP - ApplicationManagement
@@ -590,6 +590,17 @@ The following list shows the supported values:
 <!--Description-->
 List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are launched after logon. This policy allows the IT admin to specify a list of applications that users can run after logging on to the device.
 
+For this policy to work, the Windows apps need to declare in their manifest that they will use the start up task. Example of the declaration here: 
+
+``` syntax
+<desktop:Extension Category="windows.startupTask"> 
+   <desktop:StartupTask TaskId="CoffeeStartupTask" Enabled="true" DisplayName="ms-resource:Description" /> 
+</desktop:Extension>
+```
+
+> [!Note]  
+> This policy only works on modern apps.
+
 <!--/Description-->
 <!--SupportedValues-->
 
diff --git a/windows/client-management/mdm/policy-csp-bits.md b/windows/client-management/mdm/policy-csp-bits.md
new file mode 100644
index 0000000000..c9fdf5ff82
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-bits.md
@@ -0,0 +1,504 @@
+---
+title: Policy CSP - BITS
+description: Policy CSP - BITS
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: MariciaAlforque
+ms.date: 06/29/2018
+---
+
+# Policy CSP - BITS
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+The following bandwidth policies are used together to define the bandwidth-throttling schedule and transfer rate. 
+
+- BITS/BandwidthThrottlingEndTime  
+- BITS/BandwidthThrottlingStartTime  
+- BITS/BandwidthThrottlingTransferRate
+
+If BITS/BandwidthThrottlingStartTime or BITS/BandwidthThrottlingEndTime are NOT defined, but BITS/BandwidthThrottlingTransferRate IS defined, then default values will be used for StartTime and EndTime (8am and 5pm respectively). The time policies are based on the 24-hour clock.
+
+<hr/>
+
+<!--Policies-->
+## BITS policies  
+
+<dl>
+  <dd>
+    <a href="#bits-bandwidththrottlingendtime">BITS/BandwidthThrottlingEndTime</a>
+  </dd>
+  <dd>
+    <a href="#bits-bandwidththrottlingstarttime">BITS/BandwidthThrottlingStartTime</a>
+  </dd>
+  <dd>
+    <a href="#bits-bandwidththrottlingtransferrate">BITS/BandwidthThrottlingTransferRate</a>
+  </dd>
+  <dd>
+    <a href="#bits-costednetworkbehaviorbackgroundpriority">BITS/CostedNetworkBehaviorBackgroundPriority</a>
+  </dd>
+  <dd>
+    <a href="#bits-costednetworkbehaviorforegroundpriority">BITS/CostedNetworkBehaviorForegroundPriority</a>
+  </dd>
+  <dd>
+    <a href="#bits-jobinactivitytimeout">BITS/JobInactivityTimeout</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="bits-bandwidththrottlingendtime"></a>**BITS/BandwidthThrottlingEndTime**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy specifies the bandwidth throttling **end time** that Background Intelligent Transfer Service (BITS) uses for background transfers. This policy setting does not affect foreground transfers. This policy is based on the 24-hour clock.
+
+Value type is integer. Default value is 17 (5 pm).
+
+Supported value range: 0 - 23
+
+You can specify a limit to use during a specific time interval and at all other times. For example, limit the use of network bandwidth to 10 Kbps from 8:00 A.M. to 5:00 P.M., and use all available unused bandwidth the rest of the day's hours.
+
+Using the three policies together (BandwidthThrottlingStartTime, BandwidthThrottlingEndTime, BandwidthThrottlingTransferRate), BITS will limit its bandwidth usage to the specified values. You can specify the limit in kilobits per second (Kbps). If you specify a value less than 2 kilobits, BITS will continue to use approximately 2 kilobits. To prevent BITS transfers from occurring, specify a limit of 0.
+
+If you disable or do not configure this policy setting, BITS uses all available unused bandwidth.
+
+Note: You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does not affect Peercaching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose.
+
+Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs).
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Limit the maximum network bandwidth for BITS background transfers*
+-   GP name: *BITS_MaxBandwidth*
+-   GP element: *BITS_BandwidthLimitSchedTo*
+-   GP path: *Network/Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="bits-bandwidththrottlingstarttime"></a>**BITS/BandwidthThrottlingStartTime**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy specifies the bandwidth throttling **start time** that Background Intelligent Transfer Service (BITS) uses for background transfers. This policy setting does not affect foreground transfers. This policy is based on the 24-hour clock.
+
+Value type is integer. Default value is 8 (8 am).
+
+Supported value range: 0 - 23
+
+You can specify a limit to use during a specific time interval and at all other times. For example, limit the use of network bandwidth to 10 Kbps from 8:00 A.M. to 5:00 P.M., and use all available unused bandwidth the rest of the day's hours.
+
+Using the three policies together (BandwidthThrottlingStartTime, BandwidthThrottlingEndTime, BandwidthThrottlingTransferRate), BITS will limit its bandwidth usage to the specified values. You can specify the limit in kilobits per second (Kbps). If you specify a value less than 2 kilobits, BITS will continue to use approximately 2 kilobits. To prevent BITS transfers from occurring, specify a limit of 0.
+
+If you disable or do not configure this policy setting, BITS uses all available unused bandwidth.
+
+Note: You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does not affect Peercaching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose.
+
+Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs).
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Limit the maximum network bandwidth for BITS background transfers*
+-   GP name: *BITS_MaxBandwidth*
+-   GP element: *BITS_BandwidthLimitSchedFrom*
+-   GP path: *Network/Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="bits-bandwidththrottlingtransferrate"></a>**BITS/BandwidthThrottlingTransferRate**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy specifies the bandwidth throttling **transfer rate** in kilobits per second (Kbps) that Background Intelligent Transfer Service (BITS) uses for background transfers. This policy setting does not affect foreground transfers.
+
+Value type is integer. Default value is 1000.
+
+Supported value range: 0 - 4294967200
+
+You can specify a limit to use during a specific time interval and at all other times. For example, limit the use of network bandwidth to 10 Kbps from 8:00 A.M. to 5:00 P.M., and use all available unused bandwidth the rest of the day's hours.
+
+Using the three policies together (BandwidthThrottlingStartTime, BandwidthThrottlingEndTime, BandwidthThrottlingTransferRate), BITS will limit its bandwidth usage to the specified values. You can specify the limit in kilobits per second (Kbps). If you specify a value less than 2 kilobits, BITS will continue to use approximately 2 kilobits. To prevent BITS transfers from occurring, specify a limit of 0.
+
+If you disable or do not configure this policy setting, BITS uses all available unused bandwidth.
+
+Note: You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does not affect Peercaching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose.
+
+Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs).
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Limit the maximum network bandwidth for BITS background transfers*
+-   GP name: *BITS_MaxBandwidth*
+-   GP element: *BITS_MaxTransferRateText*
+-   GP path: *Network/Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="bits-costednetworkbehaviorbackgroundpriority"></a>**BITS/CostedNetworkBehaviorBackgroundPriority**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting defines the default behavior that the Background Intelligent Transfer Service (BITS) uses for background transfers when the system is connected to a costed network (3G, etc.). Download behavior policies further limit the network usage of background transfers.
+
+If you enable this policy setting, you can define a default download policy for each BITS job priority. This setting does not override a download policy explicitly configured by the application that created the BITS job, but does apply to jobs that are created by specifying only a priority.
+
+For example, you can specify that background jobs are by default to transfer only when on uncosted network connections, but foreground jobs should proceed only when not roaming. The values that can be assigned are:
+-  1 -    Always transfer
+-  2 -    Transfer unless roaming
+-  3 -    Transfer unless surcharge applies (when not roaming or overcap)
+-  4 -    Transfer unless nearing limit (when not roaming or nearing cap)
+-  5 -    Transfer only if unconstrained
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Set default download behavior for BITS jobs on costed networks*
+-   GP name: *BITS_SetTransferPolicyOnCostedNetwork*
+-   GP element: *BITS_TransferPolicyNormalPriorityValue*
+-   GP path: *Network/Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="bits-costednetworkbehaviorforegroundpriority"></a>**BITS/CostedNetworkBehaviorForegroundPriority**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting defines the default behavior that the foreground Intelligent Transfer Service (BITS) uses for foreground transfers when the system is connected to a costed network (3G, etc.). Download behavior policies further limit the network usage of foreground transfers.
+
+If you enable this policy setting, you can define a default download policy for each BITS job priority. This setting does not override a download policy explicitly configured by the application that created the BITS job, but does apply to jobs that are created by specifying only a priority.
+
+For example, you can specify that foreground jobs are by default to transfer only when on uncosted network connections, but foreground jobs should proceed only when not roaming. The values that can be assigned are:
+-  1 -    Always transfer
+-  2 -    Transfer unless roaming
+-  3 -    Transfer unless surcharge applies (when not roaming or overcap)
+-  4 -    Transfer unless nearing limit (when not roaming or nearing cap)
+-  5 -    Transfer only if unconstrained
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Set default download behavior for BITS jobs on costed networks*
+-   GP name: *BITS_SetTransferPolicyOnCostedNetwork*
+-   GP element: *BITS_TransferPolicyForegroundPriorityValue*
+-   GP path: *Network/Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="bits-jobinactivitytimeout"></a>**BITS/JobInactivityTimeout**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting specifies the number of days a pending BITS job can remain inactive before the job is considered abandoned. By default BITS will wait 90 days before considering an inactive job abandoned. After a job is determined to be abandoned, the job is deleted from BITS and any downloaded files for the job are deleted from the disk.
+
+> [!Note]  
+> Any property changes to the job or any successful download action will reset this timeout.
+
+Value type is integer. Default is 90 days.
+
+Supported values range: 0 - 999
+
+Consider increasing the timeout value if computers tend to stay offline for a long period of time and still have pending jobs. 
+Consider decreasing this value if you are concerned about orphaned jobs occupying disk space.
+
+If you disable or do not configure this policy setting, the default value of 90 (days) will be used for the inactive job timeout.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Timeout for inactive BITS jobs*
+-   GP name: *BITS_Job_Timeout*
+-   GP element: *BITS_Job_Timeout_Time*
+-   GP path: *Network/Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+Value type is integer. Default is 90 days.
+
+Supported values range: 0 - 999
+
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
+-   5 - Added in the next major release of Windows 10.
+
+<!--/Policies-->
+
diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md
index fe63238f62..07a7954820 100644
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 05/14/2018
+ms.date: 07/12/2018
 ---
 
 # Policy CSP - WindowsLogon
@@ -143,6 +143,31 @@ If you enable this policy setting, the PC's network connectivity state cannot be
 
 If you disable or don't configure this policy setting, any user can disconnect the PC from the network or can connect the PC to other available networks without signing into Windows.
 
+Here is an example to enable this policy:
+
+``` syntax
+<SyncML xmlns="SYNCML:SYNCML1.2">
+  <SyncBody>
+    <Atomic>
+      <CmdID>300</CmdID>
+      <Replace>
+        <CmdID>301</CmdID>
+        <Item>
+          <Target>
+            <LocURI>./Device/Vendor/MSFT/Policy/Config/WindowsLogon/DontDisplayNetworkSelectionUI</LocURI>
+          </Target>
+          <Meta>
+            <Format xmlns="syncml:metinf">chr</Format>
+          </Meta>
+          <Data><![CDATA[<enabled/>]]></Data>
+        </Item>
+      </Replace>
+    </Atomic>
+    <Final/>
+  </SyncBody>
+</SyncML>
+```
+
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md
index 494351fd7c..70e120e841 100644
--- a/windows/deployment/upgrade/setupdiag.md
+++ b/windows/deployment/upgrade/setupdiag.md
@@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
-ms.date: 05/30/2018
-ms.localizationpriority: medium
+ms.date: 07/10/2018
+ms.localizationpriority: high
 ---
 
 # SetupDiag
@@ -45,6 +45,7 @@ See the [Release notes](#release-notes) section at the bottom of this topic for
 | /LogsPath:\<Path to logs\> | <ul><li>This optional parameter is required only when **/Mode:Offline** is specified.  This tells SetupDiag.exe where to find the log files. These log files can be in a flat folder format, or containing multiple subdirectories.  SetupDiag will recursively search all child directories. This parameter should be omitted when the **/Mode:Online** is specified.</ul> |
 | /ZipLogs:\<True \| False\> | <ul><li>This optional parameter tells SetupDiag.exe to create a zip file continuing its results and all the log files it parsed.  The zip file is created in the same directory where SetupDiag.exe is run.<li>Default: If not specified, a value of 'true' is used.</ul> |
 | /Verbose | <ul><li>This optional parameter will output much more data to the log file produced by SetupDiag.exe.  By default SetupDiag will only produce a log file entry for serious errors.  Using **/Verbose** will cause SetupDiag to always produce a log file with debugging details, which can be useful when reporting a problem with SetupDiag.</ul> |
+| /Format:\<xml \| json\> | <ul><li>This optional parameter can be used to output log files in xml or JSON format.  If this parameter is not specified, text format is used by default.</ul> |
 
 ### Examples:
 
@@ -346,10 +347,23 @@ Each rule name and its associated unique rule identifier are listed with a descr
     - Matches DPX expander failures in the down-level phase of update from WU.  Will output the package name, function, expression and error code.
 41. FindFatalPluginFailure – E48E3F1C-26F6-4AFB-859B-BF637DA49636
     - Matches any plug in failure that setupplatform decides is fatal to setup.  Will output the plugin name, operation and error code.
-
+42. AdvancedInstallerFailed - 77D36C96-32BE-42A2-BB9C-AAFFE64FCADC
+    - Indicates critical failure in the AdvancedInstaller while running an installer package, includes the .exe being called, the phase, mode, component and error codes.
+43. MigrationAbortedDueToPluginFailure - D07A24F6-5B25-474E-B516-A730085940C9
+    - Indicates a critical failure in a migration plugin that causes setup to abort the migration.  Will provide the setup operation, plug in name, plug in action and error code.
+44. DISMAddPackageFailed - 6196FF5B-E69E-4117-9EC6-9C1EAB20A3B9
+    - Indicates a critical failure during a DISM add package operation.  Will specify the Package Name, DISM error and add package error code.
 
 ## Release notes
 
+07/10/2018 - SetupDiag v1.30 is released with 44 rules, as a standalone tool available from the Download Center.
+   - Bug fix for an over-matched plug-in rule. The rule will now correctly match only critical (setup failure) plug-in issues.
+   - New feature: Ability to output logs in JSON and XML format.
+       - Use "/Format:xml" or "/Format:json" command line parameters to specify the new output format. See [sample logs](#sample-logs) at the bottom of this topic.
+       - If the “/Format:xml” or “/Format:json” parameter is omitted, the log output format will default to text.
+   - New Feature: Where possible, specific instructions are now provided in rule output to repair the identified error. For example, instructions are provided to remediate known blocking issues such as uninstalling an incompatible app or freeing up space on the system drive.
+   - 3 new rules added: AdvancedInstallerFailed, MigrationAbortedDueToPluginFailure, DISMAddPackageFailed.
+
 05/30/2018 - SetupDiag v1.20 is released with 41 rules, as a standalone tool available from the Download Center.
    - Fixed a bug in device install failure detection in online mode.
    - Changed SetupDiag to work without an instance of setupact.log. Previously, SetupDiag required at least one setupact.log to operate.  This change enables the tool to analyze update failures that occur prior to calling SetupHost.
@@ -364,6 +378,84 @@ Each rule name and its associated unique rule identifier are listed with a descr
 
 03/30/2018 - SetupDiag v1.00 is released with 26 rules, as a standalone tool available from the Download Center.
 
+## Sample logs
+
+### Text log sample
+
+```
+Matching Profile found: OptionalComponentOpenPackageFailed - 22952520-EC89-4FBD-94E0-B67DF88347F6
+System Information:
+	Machine Name = Offline
+	Manufacturer = MSI
+	Model = MS-7998
+	HostOSArchitecture = x64
+	FirmwareType = PCAT
+	BiosReleaseDate = 20160727000000.000000+000
+	BiosVendor = BIOS Date: 07/27/16 10:01:46 Ver: V1.70
+	BiosVersion = 1.70
+	HostOSVersion = 10.0.15063
+	HostOSBuildString = 15063.0.amd64fre.rs2_release.170317-1834
+	TargetOSBuildString = 10.0.16299.15 (rs3_release.170928-1534)
+	HostOSLanguageId = 2057
+	HostOSEdition = Core
+	RegisteredAV = Windows Defender,
+	FilterDrivers = WdFilter,wcifs,WIMMount,luafv,Wof,FileInfo,
+	UpgradeStartTime = 3/21/2018 9:47:16 PM
+	UpgradeEndTime = 3/21/2018 10:02:40 PM
+	UpgradeElapsedTime = 00:15:24
+	ReportId = dd4db176-4e3f-4451-aef6-22cf46de8bde
+
+Error: SetupDiag reports Optional Component installation failed to open OC Package. Package Name: Foundation, Error: 0x8007001F
+Recommend you check the "Windows Modules Installer" service (Trusted Installer) is started on the system and set to automatic start, reboot and try the update again.  Optionally, you can check the status of optional components on the system (search for Windows Features), uninstall any unneeded optional components, reboot and try the update again.
+Error: SetupDiag reports down-level failure, Operation: Finalize, Error: 0x8007001F - 0x50015
+Refer to https://docs.microsoft.com/en-us/windows/deployment/upgrade/upgrade-error-codes for error information.
+```
+
+### XML log sample
+
+```
+<?xml version="1.0" encoding="utf-16"?>
+<SetupDiag xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="https://docs.microsoft.com/en-us/windows/deployment/upgrade/setupdiag">
+  <Version>1.3.0.0</Version>
+  <ProfileName>DiskSpaceBlockInDownLevel</ProfileName>
+  <ProfileGuid>6080AFAC-892E-4903-94EA-7A17E69E549E</ProfileGuid>
+  <SystemInfo>
+    <MachineName>Offline</MachineName>
+    <Manufacturer>Microsoft Corporation</Manufacturer>
+    <Model>Virtual Machine</Model>
+    <HostOSArchitecture>x64</HostOSArchitecture>
+    <FirmwareType>UEFI</FirmwareType>
+    <BiosReleaseDate>20171012000000.000000+000</BiosReleaseDate>
+    <BiosVendor>Hyper-V UEFI Release v2.5</BiosVendor>
+    <BiosVersion>Hyper-V UEFI Release v2.5</BiosVersion>
+    <HostOSVersion>10.0.14393</HostOSVersion>
+    <HostOSBuildString>14393.1794.amd64fre.rs1_release.171008-1615</HostOSBuildString>
+    <TargetOSBuildString>10.0.16299.15 (rs3_release.170928-1534)</TargetOSBuildString>
+    <HostOSLanguageId>1033</HostOSLanguageId>
+    <HostOSEdition>Core</HostOSEdition>
+    <RegisteredAV />
+    <FilterDrivers />
+    <UpgradeStartTime>2017-12-21T12:56:22</UpgradeStartTime>
+    <UpgradeElapsedTime />
+    <UpgradeEndTime>2017-12-21T13:22:46</UpgradeEndTime>
+    <RollbackStartTime>0001-01-01T00:00:00</RollbackStartTime>
+    <RollbackEndTime>0001-01-01T00:00:00</RollbackEndTime>
+    <RollbackElapsedTime />
+    <CommercialId>Offline</CommercialId>
+    <SetupReportId>06600fcd-acc0-40e4-b7f8-bb984dc8d05a</SetupReportId>
+    <ReportId>06600fcd-acc0-40e4-b7f8-bb984dc8d05a</ReportId>
+  </SystemInfo>
+  <FailureData>Warning: Found Disk Space Hard Block.</FailureData>
+  <Remediation>You must free up at least "6603" MB of space on the System Drive, and try again.</Remediation>
+</SetupDiag>
+```
+
+### JSON log sample
+
+```
+{"Version":"1.3.0.0","ProfileName":"DiskSpaceBlockInDownLevel","ProfileGuid":"6080AFAC-892E-4903-94EA-7A17E69E549E","SystemInfo":{"BiosReleaseDate":"20171012000000.000000+000","BiosVendor":"Hyper-V UEFI Release v2.5","BiosVersion":"Hyper-V UEFI Release v2.5","CV":null,"CommercialId":"Offline","FilterDrivers":"","FirmwareType":"UEFI","HostOSArchitecture":"x64","HostOSBuildString":"14393.1794.amd64fre.rs1_release.171008-1615","HostOSEdition":"Core","HostOSLanguageId":"1033","HostOSVersion":"10.0.14393","MachineName":"Offline","Manufacturer":"Microsoft Corporation","Model":"Virtual Machine","RegisteredAV":"","ReportId":"06600fcd-acc0-40e4-b7f8-bb984dc8d05a","RollbackElapsedTime":"PT0S","RollbackEndTime":"\/Date(-62135568000000-0800)\/","RollbackStartTime":"\/Date(-62135568000000-0800)\/","SDMode":1,"SetupReportId":"06600fcd-acc0-40e4-b7f8-bb984dc8d05a","TargetOSArchitecture":null,"TargetOSBuildString":"10.0.16299.15 (rs3_release.170928-1534)","UpgradeElapsedTime":"PT26M24S","UpgradeEndTime":"\/Date(1513891366000-0800)\/","UpgradeStartTime":"\/Date(1513889782000-0800)\/"},"FailureData":["Warning: Found Disk Space Hard Block."],"DeviceDriverInfo":null,"Remediation":["You must free up at least \"6603\" MB of space on the System Drive, and try again."]}
+```
+
 ## Related topics
 
 [Resolve Windows 10 upgrade errors: Technical information for IT Pros](https://docs.microsoft.com/en-us/windows/deployment/upgrade/resolve-windows-10-upgrade-errors)
\ No newline at end of file
diff --git a/windows/security/TOC.md b/windows/security/TOC.md
index 1a508b07b8..ad302db477 100644
--- a/windows/security/TOC.md
+++ b/windows/security/TOC.md
@@ -1,5 +1,7 @@
 # [Security](index.yml)
 ## [Identity and access management](identity-protection/index.md)
-## [Threat protection](threat-protection/index.md)
 ## [Information protection](information-protection/index.md)
-## [Hardware-based protection](hardware-protection/index.md)
\ No newline at end of file
+## [Hardware-based protection](hardware-protection/index.md)
+## [Threat protection](threat-protection/index.md)
+
+
diff --git a/windows/security/hardware-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md b/windows/security/hardware-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
index 95c6095ae0..3b52d2e805 100644
--- a/windows/security/hardware-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
+++ b/windows/security/hardware-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
@@ -28,7 +28,7 @@ With TPM 1.2 and Windows 10, version 1507 or 1511, you can also take the followi
 
 -   [Turn on or turn off the TPM](#turn-on-or-turn-off)
 
-For information about the TPM cmdlets, see [TPM Cmdlets in Windows PowerShell](http://technet.microsoft.com/library/jj603116.aspx).
+For information about the TPM cmdlets, see [TPM Cmdlets in Windows PowerShell](https://docs.microsoft.com/powershell/module/trustedplatformmodule/?view=win10-ps).
 
 ## About TPM initialization and ownership
 
@@ -165,7 +165,7 @@ This capability was fully removed from TPM.msc in later versions of Windows.
 
 ## Use the TPM cmdlets
 
-You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets in Windows PowerShell](http://technet.microsoft.com/library/jj603116.aspx).
+You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets in Windows PowerShell](https://docs.microsoft.com/powershell/module/trustedplatformmodule/?view=win10-ps).
 
 ## Related topics
 
diff --git a/windows/security/index.yml b/windows/security/index.yml
index b928c6db2b..05c303413e 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -14,7 +14,7 @@ metadata:
 
   keywords: protect, company, data, Windows, device, app, management, Microsoft365, e5, e3
 
-  ms.localizationpriority: medium
+  ms.localizationpriority: high
 
   author: brianlic-msft
 
@@ -22,7 +22,7 @@ metadata:
 
   manager: brianlic
 
-  ms.date: 02/06/2018
+  ms.date: 07/12/2018
 
   ms.topic: article
 
@@ -78,199 +78,17 @@ sections:
 
       title: Information protection
 
-- title: Security features built in to Windows 10 
-
+- title: Windows Defender Advanced Threat Protection
   items:
-
-  - type: paragraph
-
-    text: 'Windows 10 enables critical security features to protect your device right from the start.'
-
-  - type: list
-
-    style: cards
-
-    className: cardsM
-
-    columns: 3
-
-    items:
-
-    - href: \windows\security\hardware-protection\how-hardware-based-containers-help-protect-windows
-
-      html: <p>Protect the boot process and maintain system integrity</p>
-
-      image:
-
-        src: https://docs.microsoft.com/media/common/i_identity-protection.svg
-      
-      title: Windows Defender System Guard
-
-    - href: \windows\security\threat-protection\windows-defender-antivirus\windows-defender-antivirus-in-windows-10
-
-      html: <p>Protect against malware management using next-generation antivirus technologies</p>
-
-      image:
-
-        src: https://docs.microsoft.com/media/common/i_threat-protection.svg
-      
-      title: Windows Defender Antivirus
-
-    - href: \windows\security\information-protection\bitlocker\bitlocker-overview
-
-      html: <p>Prevent data theft from lost or stolen devices</p>
-
-      image:
-
-        src: https://docs.microsoft.com/media/common/i_information-protection.svg
-      
-      title: BitLocker
-
-- title: Security features in Microsoft 365 E3
-
-  items:
-
-  - type: paragraph
-
-    text: 'Windows 10 Enterprise provides the foundation for Microsoft 365 E3 and a secure modern workplace.'
-
-  - type: list
-
-    style: cards
-
-    className: cardsM
-
-    columns: 3
-
-    items:
-
-    - href: \windows\security\identity-protection\hello-for-business\hello-overview
-
-      html: <p>Give users a more personal and secure way to access their devices</p>
-
-      image:
-
-        src: https://docs.microsoft.com/media/common/i_identity-protection.svg
-      
-      title: Windows Hello for Business
-      
-    - href: \windows\security\threat-protection\windows-defender-application-control\windows-defender-application-control
-
-      html: <p>Lock down applications that run on a device</p>
-
-      image:
-
-        src: https://docs.microsoft.com/media/common/i_threat-protection.svg
-      
-      title: Windows Defender Application Control
-
-    - href: \windows\security\information-protection\windows-information-protection\protect-enterprise-data-using-wip
-
-      html: <p>Prevent accidental data leaks from enterprise devices</p>
-
-      image:
-
-        src: https://docs.microsoft.com/media/common/i_information-protection.svg
-      
-      title: Windows Information Protection 
-
-- title: Security features in Microsoft 365 E5
-
-  items:
-
-  - type: paragraph
-
-    text: 'Get all of the protection from Microsoft 365 E3 security, plus these cloud-based security features to help you defend against even the most advanced threats.'
-
-  - type: list
-
-    style: cards
-
-    className: cardsM
-
-    columns: 3
-
-    items:
-
-    - href: https://docs.microsoft.com/azure/active-directory/active-directory-identityprotection
-
-      html: <p>Identity Protection and Privileged Identity Management</p>
-
-      image:
-
-        src: https://docs.microsoft.com/media/common/i_identity-protection.svg
-      
-      title: Azure Active Directory P2
-
-    - href: \windows\security\threat-protection\Windows-defender-atp\windows-defender-advanced-threat-protection
-
-      html: <p>Detect, investigate, and respond to advanced cyberattacks</p>
-
-      image:
-
-        src: https://docs.microsoft.com/media/common/i_threat-protection.svg
-      
-      title: Windows Defender Advanced Threat Protection 
-
-    - href: https://www.microsoft.com/cloud-platform/azure-information-protection
-
-      html: <p>Protect documents and email automatically</p>
-
-      image:
-
-        src: https://docs.microsoft.com/media/common/i_information-protection.svg
-      
-      title: Azure Information Protection P2
-
-- title: Videos
-
-  items:
-
   - type: markdown
-
-    text: ">[![VIDEO](images/next-generation-windows-security-vision.png)](https://www.youtube.com/watch?v=IvZySDNfNpo)"
-
-  - type: markdown
-
-    text: ">[![VIDEO](images/fall-creators-update-next-gen-security.png)](https://www.youtube.com/watch?v=JDGMNFwyUg8)"
-    
-- title: Additional security features in Windows 10 
-
-  items:
-
-  - type: paragraph
-
-    text: 'These additional security features are also built in to Windows 10 Enterprise.'
-
-  - type: list
-
-    style: unordered
-
-    items:
-
-    - html: <a href="/windows/security/identity-protection/windows-firewall/windows-firewall-with-advanced-security">Windows Defender Firewall</a>
-    - html: <a href="/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard">Windows Defender Exploit Guard</a>
-    - html: <a href="/windows/security/identity-protection/credential-guard/credential-guard">Windows Defender Credential Guard</a>
-    - html: <a href="/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control">Windows Defender Application Control</a>  
-    - html: <a href="/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview">Windows Defender Application Guard</a>
-    - html: <a href="/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview">Windows Defender SmartScreen</a>  
-    - html: <a href="/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center">Windows Defender Security Center</a>
-      
-- title: Security Resources
-
-  items:
-
-  - type: list
-
-    style: unordered
-
-    items:
-
-    - html: <a href="https://www.microsoft.com/wdsi">Windows Defender Security Intelligence</a>
-    - html: <a href="https://cloudblogs.microsoft.com/microsoftsecure/">Microsoft Secure blog</a>
-    - html: <a href="https://portal.msrc.microsoft.com/">Security Update blog</a>
-    - html: <a href="https://technet.microsoft.com/security/dn440717.aspx(d=robot)">Microsoft Security Response Center (MSRC)</a>
-    - html: <a href="https://blogs.technet.microsoft.com/msrc/">MSRC Blog</a>
-    - html: <a href="https://www.microsoft.com/wdsi/threats/ransomware">Ransomware FAQ</a>
-    
-
+    text: "
+      Prevent, detect, investigate, and respond to advanced threats. The following capabilities are available across multiple products that make up the Windows Defender ATP platform.
+      <br>&nbsp;<br>
+      <table border='0'><tr><td><b>Attack surface reduction</b></td><td><b>Next generation protection</b></td><td><b>Endpoint detection and response</b></td><td><b>Auto investigation and remediation</b></td><td><b>Security posture</b></td></tr>
+      <tr><td>[Hardware based isolation](https://docs.microsoft.com/en-us/windows/security/hardware-protection/how-hardware-based-containers-help-protect-windows)<br><br>[Application control](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)<br><br>[Exploit protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard)<br><br>[Network protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard)<br><br>[Device restrictions](https://docs.microsoft.com/en-us/intune/device-restrictions-configure)<br><br>[Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard)<br><br>[Network firewall](https://docs.microsoft.com/en-us/windows/security/identity-protection/windows-firewall/windows-firewall-with-advanced-security)<br><br>[Attack surface reduction controls](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)</td>
+      <td>[Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)<br><br>[Machine learning](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus)<br><br>[Automated sandbox service](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus)</td>
+      <td>[Alerts queue](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection)<br><br>[Historical endpoint data](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection#machine-timeline)<br><br>[Realtime and historical threat hunting](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection)<br><br>[API and SIEM integration](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection)<br><br>[Response orchestration](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection)<br><br>[Forensic collection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection#collect-investigation-package-from-machines)<br><br>[Threat intelligence](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection)<br><br>[Advanced detonation and analysis service](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection#deep-analysis)</td>
+      <td>[Automated investigation and remediation](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection)<br><br>[Threat remediation](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection#how-threats-are-remediated)<br><br>[Manage automated investigations](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection#manage-automated-investigations)<br><br>[Analyze automated investigation](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection#analyze-automated-investigations)</td>
+      <td>[Asset inventory](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection)<br><br>[Operating system baseline compliance](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection)<br><br>[Recommended improvement actions](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection)<br><br>[Secure score](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection)<br><br>[Threat analytics](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection)<br><br>[Reporting and trends](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection)</td>
+      </tr>
+      </table>"
\ No newline at end of file
diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 8ece2a49c9..40b7f2653a 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -1,876 +1,916 @@
 # [Threat protection](index.md)
 
 
-## [The Windows Defender Security Center app](windows-defender-security-center/windows-defender-security-center.md)
-### [Customize the Windows Defender Security Center app for your organization](windows-defender-security-center/wdsc-customize-contact-information.md)
-### [Hide Windows Defender Security Center app notifications](windows-defender-security-center/wdsc-hide-notifications.md)
-### [Manage Windows Defender Security Center in Windows 10 in S mode](windows-defender-security-center\wdsc-windows-10-in-s-mode.md)
-### [Virus and threat protection](windows-defender-security-center/wdsc-virus-threat-protection.md)
-### [Account protection](windows-defender-security-center\wdsc-account-protection.md)
-### [Firewall and network protection](windows-defender-security-center\wdsc-firewall-network-protection.md)
-### [App and browser control](windows-defender-security-center\wdsc-app-browser-control.md)
-### [Device security](windows-defender-security-center\wdsc-device-security.md)
-### [Device performance and health](windows-defender-security-center\wdsc-device-performance-health.md)
-### [Family options](windows-defender-security-center\wdsc-family-options.md)
-
 
 
 
 
 ## [Windows Defender Advanced Threat Protection](windows-defender-atp/windows-defender-advanced-threat-protection.md)
-###Get started
-#### [Minimum requirements](windows-defender-atp\minimum-requirements-windows-defender-advanced-threat-protection.md)
-#### [Validate licensing and complete setup](windows-defender-atp\licensing-windows-defender-advanced-threat-protection.md)
-#### [Troubleshoot subscription and portal access issues](windows-defender-atp\troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
-#### [Preview features](windows-defender-atp\preview-windows-defender-advanced-threat-protection.md)
-#### [Data storage and privacy](windows-defender-atp\data-storage-privacy-windows-defender-advanced-threat-protection.md)
-#### [Assign user access to the portal](windows-defender-atp\assign-portal-access-windows-defender-advanced-threat-protection.md)
-### [Onboard machines](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md)
-#### [Onboard previous versions of Windows](windows-defender-atp\onboard-downlevel-windows-defender-advanced-threat-protection.md)
-#### [Onboard Windows 10 machines](windows-defender-atp\configure-endpoints-windows-defender-advanced-threat-protection.md)
-##### [Onboard machines using Group Policy](windows-defender-atp\configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
-##### [Onboard machines using System Center Configuration Manager](windows-defender-atp\configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
-##### [Onboard machines using Mobile Device Management tools](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
-###### [Onboard machines using Microsoft Intune](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#onboard-windows-10-machines-using-microsoft-intune)
-##### [Onboard machines using a local script](windows-defender-atp\configure-endpoints-script-windows-defender-advanced-threat-protection.md)
-##### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](windows-defender-atp\configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
-#### [Onboard servers](windows-defender-atp\configure-server-endpoints-windows-defender-advanced-threat-protection.md)
-#### [Onboard non-Windows machines](windows-defender-atp\configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
-#### [Run a detection test on a newly onboarded machine](windows-defender-atp\run-detection-test-windows-defender-advanced-threat-protection.md)
-#### [Run simulated attacks on machines](windows-defender-atp\attack-simulations-windows-defender-advanced-threat-protection.md)
-#### [Configure proxy and Internet connectivity settings](windows-defender-atp\configure-proxy-internet-windows-defender-advanced-threat-protection.md)
-#### [Troubleshoot onboarding issues](windows-defender-atp\troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
-### [Understand the Windows Defender ATP portal](windows-defender-atp\use-windows-defender-advanced-threat-protection.md)
-#### [Portal overview](windows-defender-atp\portal-overview-windows-defender-advanced-threat-protection.md)
-#### [View the Security operations dashboard](windows-defender-atp\security-operations-dashboard-windows-defender-advanced-threat-protection.md)
-#### [View the Secure Score dashboard and improve your secure score](windows-defender-atp\secure-score-dashboard-windows-defender-advanced-threat-protection.md)
-#### [View the Threat analytics dashboard and take recommended mitigation actions](windows-defender-atp\threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
+### [Windows Defender Security Center](windows-defender-atp/windows-defender-security-center-atp.md)
+####Get started
+##### [Minimum requirements](windows-defender-atp\minimum-requirements-windows-defender-advanced-threat-protection.md)
+##### [Validate licensing and complete setup](windows-defender-atp\licensing-windows-defender-advanced-threat-protection.md)
+##### [Troubleshoot subscription and portal access issues](windows-defender-atp\troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
+##### [Preview features](windows-defender-atp\preview-windows-defender-advanced-threat-protection.md)
+##### [Data storage and privacy](windows-defender-atp\data-storage-privacy-windows-defender-advanced-threat-protection.md)
+##### [Assign user access to the portal](windows-defender-atp\assign-portal-access-windows-defender-advanced-threat-protection.md)
+#### [Onboard machines](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md)
+##### [Onboard Windows 10 machines](windows-defender-atp\configure-endpoints-windows-defender-advanced-threat-protection.md)
+###### [Onboard machines using Group Policy](windows-defender-atp\configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
+###### [Onboard machines using System Center Configuration Manager](windows-defender-atp\configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
+###### [Onboard machines using Mobile Device Management tools](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
+####### [Onboard machines using Microsoft Intune](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#onboard-machines-using-microsoft-intune)
+###### [Onboard machines using a local script](windows-defender-atp\configure-endpoints-script-windows-defender-advanced-threat-protection.md)
+###### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](windows-defender-atp\configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
+##### [Onboard servers](windows-defender-atp\configure-server-endpoints-windows-defender-advanced-threat-protection.md)
+##### [Onboard non-Windows machines](windows-defender-atp\configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
+##### [Run a detection test on a newly onboarded machine](windows-defender-atp\run-detection-test-windows-defender-advanced-threat-protection.md)
+##### [Run simulated attacks on machines](windows-defender-atp\attack-simulations-windows-defender-advanced-threat-protection.md)
+##### [Configure proxy and Internet connectivity settings](windows-defender-atp\configure-proxy-internet-windows-defender-advanced-threat-protection.md)
+##### [Troubleshoot onboarding issues](windows-defender-atp\troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
+#### [Understand the portal ](windows-defender-atp\use-windows-defender-advanced-threat-protection.md)
+##### [Portal overview](windows-defender-atp\portal-overview-windows-defender-advanced-threat-protection.md)
+##### [View the Security operations dashboard](windows-defender-atp\security-operations-dashboard-windows-defender-advanced-threat-protection.md)
+##### [View the Secure Score dashboard and improve your secure score](windows-defender-atp\secure-score-dashboard-windows-defender-advanced-threat-protection.md)
+##### [View the Threat analytics dashboard and take recommended mitigation actions](windows-defender-atp\threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
 
-###Investigate and remediate threats
-####Alerts queue
-##### [View and organize the Alerts queue](windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md)
-##### [Manage alerts](windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md)
-##### [Investigate alerts](windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md)
-##### [Investigate files](windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md)
-##### [Investigate machines](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md)
-##### [Investigate an IP address](windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md)
-##### [Investigate a domain](windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md)
-##### [Investigate a user account](windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md)
+####Investigate and remediate threats
+#####Alerts queue
+###### [View and organize the Alerts queue](windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md)
+###### [Manage alerts](windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md)
+###### [Investigate alerts](windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md)
+###### [Investigate files](windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md)
+###### [Investigate machines](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md)
+###### [Investigate an IP address](windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md)
+###### [Investigate a domain](windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md)
+###### [Investigate a user account](windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md)
 
 
 
 
-####Machines list
-##### [View and organize the Machines list](windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md)
-##### [Manage machine group and tags](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags)
-##### [Alerts related to this machine](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine)
-##### [Machine timeline](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline)
-###### [Search for specific events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events)
-###### [Filter events from a specific date](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
-###### [Export machine timeline events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
-###### [Navigate between pages](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
+#####Machines list
+###### [View and organize the Machines list](windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md)
+###### [Manage machine group and tags](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags)
+###### [Alerts related to this machine](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine)
+###### [Machine timeline](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline)
+####### [Search for specific events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events)
+####### [Filter events from a specific date](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
+####### [Export machine timeline events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
+####### [Navigate between pages](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
 
 
-#### [Take response actions](windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md)
-##### [Take response actions on a machine](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md)
-###### [Collect investigation package](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines)
-###### [Run antivirus scan](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines)
-###### [Restrict app execution](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution)
-###### [Remove app restriction](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction)
-###### [Isolate machines from the network](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
-###### [Release machine from isolation](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation)
-###### [Check activity details in Action center](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
-##### [Take response actions on a file](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md)
-###### [Stop and quarantine files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
-###### [Remove file from quarantine](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
-###### [Block files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
-###### [Remove file from blocked list](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list)
-###### [Check activity details in Action center](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
-###### [Deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
-####### [Submit files for analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
-####### [View deep analysis reports](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
-####### [Troubleshoot deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
+##### [Take response actions](windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md)
+###### [Take response actions on a machine](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md)
+####### [Collect investigation package](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines)
+####### [Run antivirus scan](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines)
+####### [Restrict app execution](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution)
+####### [Remove app restriction](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction)
+####### [Isolate machines from the network](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
+####### [Release machine from isolation](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation)
+####### [Check activity details in Action center](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
 
-#### [Use Automated investigation to investigate and remediate threats](windows-defender-atp\automated-investigations-windows-defender-advanced-threat-protection.md)
-#### [Query data using Advanced hunting](windows-defender-atp\advanced-hunting-windows-defender-advanced-threat-protection.md)
-##### [Advanced hunting reference](windows-defender-atp\advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
-##### [Advanced hunting query language best practices](windows-defender-atp\advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
+###### [Take response actions on a file](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md)
+####### [Stop and quarantine files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
+####### [Remove file from quarantine](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
+####### [Block files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
+####### [Remove file from blocked list](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list)
+####### [Check activity details in Action center](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
+####### [Deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
+######## [Submit files for analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
+######## [View deep analysis reports](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
+######## [Troubleshoot deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
+
+###### [Use Automated investigation to investigate and remediate threats](windows-defender-atp\automated-investigations-windows-defender-advanced-threat-protection.md)
+###### [Query data using Advanced hunting](windows-defender-atp\advanced-hunting-windows-defender-advanced-threat-protection.md)
+####### [Advanced hunting reference](windows-defender-atp\advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
+####### [Advanced hunting query language best practices](windows-defender-atp\advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
 
 
-### [Protect users, data, and devices with conditional access](windows-defender-atp\conditional-access-windows-defender-advanced-threat-protection.md)
+#### [Protect users, data, and devices with conditional access](windows-defender-atp\conditional-access-windows-defender-advanced-threat-protection.md)
 
-###API and SIEM support
-#### [Pull alerts to your SIEM tools](windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md)
-##### [Enable SIEM integration](windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md)
-##### [Configure Splunk to pull alerts](windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md)
-##### [Configure HP ArcSight to pull alerts](windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md)
-##### [Windows Defender ATP alert API fields](windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md)
-##### [Pull alerts using REST API](windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
-##### [Troubleshoot SIEM tool integration issues](windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md)
+####API and SIEM support
+##### [Pull alerts to your SIEM tools](windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md)
+###### [Enable SIEM integration](windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md)
+###### [Configure Splunk to pull alerts](windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md)
+###### [Configure HP ArcSight to pull alerts](windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md)
+###### [Windows Defender ATP alert API fields](windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md)
+###### [Pull alerts using REST API](windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
+###### [Troubleshoot SIEM tool integration issues](windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md)
 
-#### [Use the threat intelligence API to create custom alerts](windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md)
-##### [Understand threat intelligence concepts](windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-##### [Enable the custom threat intelligence application](windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md)
-##### [Create custom threat intelligence alerts](windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md)
-##### [PowerShell code examples](windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md)
-##### [Python code examples](windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md)
-##### [Experiment with custom threat intelligence alerts](windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md)
-##### [Troubleshoot custom threat intelligence issues](windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
-#### [Use the Windows Defender ATP exposed APIs](windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md)
-##### [Supported Windows Defender ATP APIs](windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md)
-######Actor
-####### [Get actor information](windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md)
-####### [Get actor related alerts](windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md)
-######Alerts
-####### [Get alerts](windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md)
-####### [Get alert information by ID](windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md)
-####### [Get alert related actor information](windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md)
-####### [Get alert related domain information](windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md)
-####### [Get alert related file information](windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md)
-####### [Get alert related IP information](windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
-####### [Get alert related machine information](windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
-######Domain
-#######  [Get domain related alerts](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
-####### [Get domain related machines](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md)
-####### [Get domain statistics](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md)
-####### [Is domain seen in organization](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
+##### [Use the threat intelligence API to create custom alerts](windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md)
+###### [Understand threat intelligence concepts](windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
+###### [Enable the custom threat intelligence application](windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md)
+###### [Create custom threat intelligence alerts](windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md)
+###### [PowerShell code examples](windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md)
+###### [Python code examples](windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md)
+###### [Experiment with custom threat intelligence alerts](windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md)
+###### [Troubleshoot custom threat intelligence issues](windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
+##### [Use the Windows Defender ATP exposed APIs](windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md)
+###### [Supported Windows Defender ATP APIs](windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md)
+#######Actor
+######## [Get actor information](windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md)
+######## [Get actor related alerts](windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md)
+#######Alerts
+######## [Get alerts](windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md)
+######## [Get alert information by ID](windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md)
+######## [Get alert related actor information](windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md)
+######## [Get alert related domain information](windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md)
+######## [Get alert related file information](windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md)
+######## [Get alert related IP information](windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
+######## [Get alert related machine information](windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
+########Domain
+#########  [Get domain related alerts](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
+######### [Get domain related machines](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md)
+######### [Get domain statistics](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md)
+######### [Is domain seen in organization](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
 
-######File
-####### [Block file API](windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md)
-####### [Get file information](windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md)
-####### [Get file related alerts](windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md)
-####### [Get file related machines](windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md)
-####### [Get file statistics](windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md)
-####### [Get FileActions collection API](windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md)
-####### [Unblock file API](windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md)
+#######File
+######## [Block file API](windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md)
+######## [Get file information](windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md)
+######## [Get file related alerts](windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md)
+######## [Get file related machines](windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md)
+######## [Get file statistics](windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md)
+######## [Get FileActions collection API](windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md)
+######## [Unblock file API](windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md)
 
-######IP
-####### [Get IP related alerts](windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md)
-####### [Get IP related machines](windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md)
-####### [Get IP statistics](windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md)
-####### [Is IP seen in organization](windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md)
-######Machines
-####### [Collect investigation package API](windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md)
-####### [Find machine information by IP](windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md)
-####### [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
-####### [Get FileMachineAction object API](windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
-####### [Get FileMachineActions collection API](windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
-####### [Get machine by ID](windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md)
-####### [Get machine log on users](windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md)
-####### [Get machine related alerts](windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md)
-####### [Get MachineAction object API](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md)
-####### [Get MachineActions collection API](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md)
-####### [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
-####### [Get package SAS URI API](windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md)
-####### [Isolate machine API](windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md)
-####### [Release machine from isolation API](windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md)
-####### [Remove app restriction API](windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
-####### [Request sample API](windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md)
-####### [Restrict app execution API](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md)
-####### [Run antivirus scan API](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md)
-####### [Stop and quarantine file API](windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md)
+#######IP
+######## [Get IP related alerts](windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md)
+######## [Get IP related machines](windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md)
+######## [Get IP statistics](windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md)
+######## [Is IP seen in organization](windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md)
+#######Machines
+######## [Collect investigation package API](windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md)
+######## [Find machine information by IP](windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md)
+######## [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
+######## [Get FileMachineAction object API](windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
+######## [Get FileMachineActions collection API](windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
+######## [Get machine by ID](windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md)
+######## [Get machine log on users](windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md)
+######## [Get machine related alerts](windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md)
+######## [Get MachineAction object API](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md)
+######## [Get MachineActions collection API](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md)
+######## [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
+######## [Get package SAS URI API](windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md)
+######## [Isolate machine API](windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md)
+######## [Release machine from isolation API](windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md)
+######## [Remove app restriction API](windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
+######## [Request sample API](windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md)
+######## [Restrict app execution API](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md)
+######## [Run antivirus scan API](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md)
+######## [Stop and quarantine file API](windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md)
 
 
 
-######User
-####### [Get alert related user information](windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md)
-####### [Get user information](windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md)
-####### [Get user related alerts](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md)
-####### [Get user related machines](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md)
+#######User
+######## [Get alert related user information](windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md)
+######## [Get user information](windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md)
+######## [Get user related alerts](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md)
+######## [Get user related machines](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md)
 
-###Reporting
-#### [Create and build Power BI reports using Windows Defender ATP data](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md)
+####Reporting
+##### [Create and build Power BI reports using Windows Defender ATP data](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md)
 
-###Check service health and sensor state
-#### [Check sensor state](windows-defender-atp\check-sensor-status-windows-defender-advanced-threat-protection.md)
+####Check service health and sensor state
+##### [Check sensor state](windows-defender-atp\check-sensor-status-windows-defender-advanced-threat-protection.md)
 ##### [Fix unhealthy sensors](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
 ##### [Inactive machines](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
 ##### [Misconfigured machines](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
-#### [Check service health](windows-defender-atp\service-status-windows-defender-advanced-threat-protection.md)
-### [Configure Windows Defender ATP Settings](windows-defender-atp\preferences-setup-windows-defender-advanced-threat-protection.md)
-
-####General
-##### [Update data retention settings](windows-defender-atp\data-retention-settings-windows-defender-advanced-threat-protection.md)
-##### [Configure alert notifications](windows-defender-atp\configure-email-notifications-windows-defender-advanced-threat-protection.md)
-##### [Enable and create Power BI reports using Windows Defender ATP data](windows-defender-atp\powerbi-reports-windows-defender-advanced-threat-protection.md)
-##### [Enable Secure score security controls](windows-defender-atp\enable-secure-score-windows-defender-advanced-threat-protection.md)
-##### [Configure advanced features](windows-defender-atp\advanced-features-windows-defender-advanced-threat-protection.md)
+##### [Check service health](windows-defender-atp\service-status-windows-defender-advanced-threat-protection.md)
 
 
-####Permissions
-##### [Manage portal access using RBAC](windows-defender-atp\rbac-windows-defender-advanced-threat-protection.md)
-##### [Create and manage machine groups](windows-defender-atp\machine-groups-windows-defender-advanced-threat-protection.md)
-
-####APIs
-##### [Enable Threat intel](windows-defender-atp\enable-custom-ti-windows-defender-advanced-threat-protection.md)
-##### [Enable SIEM integration](windows-defender-atp\enable-siem-integration-windows-defender-advanced-threat-protection.md)
-
-####Rules
-##### [Manage suppression rules](windows-defender-atp\manage-suppression-rules-windows-defender-advanced-threat-protection.md)
-##### [Manage automation allowed/blocked](windows-defender-atp\manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
-##### [Manage automation file uploads](windows-defender-atp\manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
-##### [Manage automation folder exclusions](windows-defender-atp\manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
-
-####Machine management
-##### [Onboarding machines](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md)
-##### [Offboarding machines](windows-defender-atp\offboard-machines-windows-defender-advanced-threat-protection.md)
-
-### [Configure Windows Defender ATP time zone settings](windows-defender-atp\time-settings-windows-defender-advanced-threat-protection.md)
-
-### [Access the Windows Defender ATP Community Center](windows-defender-atp\community-windows-defender-advanced-threat-protection.md)
-### [Troubleshoot Windows Defender ATP](windows-defender-atp\troubleshoot-windows-defender-advanced-threat-protection.md)
-#### [Review events and errors on machines with Event Viewer](windows-defender-atp\event-error-codes-windows-defender-advanced-threat-protection.md)
-### [Windows Defender Antivirus compatibility with Windows Defender ATP](windows-defender-atp\defender-compatibility-windows-defender-advanced-threat-protection.md)
-
-##	[Windows Defender Antivirus in Windows 10](windows-defender-antivirus\windows-defender-antivirus-in-windows-10.md)
-### [Windows Defender AV on Windows Server 2016](windows-defender-antivirus\windows-defender-antivirus-on-windows-server-2016.md)
-
-### [Windows Defender Antivirus compatibility](windows-defender-antivirus\windows-defender-antivirus-compatibility.md)
-#### [Use limited periodic scanning in Windows Defender AV](windows-defender-antivirus\limited-periodic-scanning-windows-defender-antivirus.md)
+####[Configure Windows Defender Security Center settings](windows-defender-atp\preferences-setup-windows-defender-advanced-threat-protection.md)
+#####General
+###### [Update data retention settings](windows-defender-atp\data-retention-settings-windows-defender-advanced-threat-protection.md)
+###### [Configure alert notifications](windows-defender-atp\configure-email-notifications-windows-defender-advanced-threat-protection.md)
+###### [Enable and create Power BI reports using Windows Defender Security center data](windows-defender-atp\powerbi-reports-windows-defender-advanced-threat-protection.md)
+###### [Enable Secure score security controls](windows-defender-atp\enable-secure-score-windows-defender-advanced-threat-protection.md)
+###### [Configure advanced features](windows-defender-atp\advanced-features-windows-defender-advanced-threat-protection.md)
 
 
-### [Evaluate Windows Defender Antivirus protection](windows-defender-antivirus\evaluate-windows-defender-antivirus.md)
+#####Permissions
+###### [Manage portal access using RBAC](windows-defender-atp\rbac-windows-defender-advanced-threat-protection.md)
+###### [Create and manage machine groups](windows-defender-atp\machine-groups-windows-defender-advanced-threat-protection.md)
+
+#####APIs
+###### [Enable Threat intel](windows-defender-atp\enable-custom-ti-windows-defender-advanced-threat-protection.md)
+###### [Enable SIEM integration](windows-defender-atp\enable-siem-integration-windows-defender-advanced-threat-protection.md)
+
+#####Rules
+###### [Manage suppression rules](windows-defender-atp\manage-suppression-rules-windows-defender-advanced-threat-protection.md)
+###### [Manage automation allowed/blocked](windows-defender-atp\manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
+###### [Manage automation file uploads](windows-defender-atp\manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
+###### [Manage automation folder exclusions](windows-defender-atp\manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
+
+#####Machine management
+###### [Onboarding machines](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md)
+###### [Offboarding machines](windows-defender-atp\offboard-machines-windows-defender-advanced-threat-protection.md)
+
+#### [Configure Windows Defender Security Center time zone settings](windows-defender-atp\time-settings-windows-defender-advanced-threat-protection.md)
+
+#### [Access the Windows Defender Security Center Community Center](windows-defender-atp\community-windows-defender-advanced-threat-protection.md)
+#### [Troubleshoot Windows Defender ATP service issues](windows-defender-atp\troubleshoot-windows-defender-advanced-threat-protection.md)
+##### [Review events and errors on machines with Event Viewer](windows-defender-atp\event-error-codes-windows-defender-advanced-threat-protection.md)
+#### [Windows Defender Antivirus compatibility with Windows Defender ATP](windows-defender-atp\defender-compatibility-windows-defender-advanced-threat-protection.md)
+
+###	[Windows Defender Antivirus](windows-defender-antivirus\windows-defender-antivirus-in-windows-10.md)
+#### [Windows Defender AV in the Windows Defender Security app](windows-defender-antivirus\windows-defender-security-center-antivirus.md)
+#### [Windows Defender AV on Windows Server 2016](windows-defender-antivirus\windows-defender-antivirus-on-windows-server-2016.md)
+
+#### [Windows Defender Antivirus compatibility](windows-defender-antivirus\windows-defender-antivirus-compatibility.md)
+##### [Use limited periodic scanning in Windows Defender AV](windows-defender-antivirus\limited-periodic-scanning-windows-defender-antivirus.md)
 
 
-### [Deploy, manage updates, and report on Windows Defender Antivirus](windows-defender-antivirus\deploy-manage-report-windows-defender-antivirus.md)
-#### [Deploy and enable Windows Defender Antivirus](windows-defender-antivirus\deploy-windows-defender-antivirus.md)
-##### [Deployment guide for VDI environments](windows-defender-antivirus\deployment-vdi-windows-defender-antivirus.md)
-#### [Report on Windows Defender Antivirus protection](windows-defender-antivirus\report-monitor-windows-defender-antivirus.md)
-##### [Troubleshoot Windows Defender Antivirus reporting in Update Compliance](windows-defender-antivirus\troubleshoot-reporting.md)
-#### [Manage updates and apply baselines](windows-defender-antivirus\manage-updates-baselines-windows-defender-antivirus.md)
-##### [Manage protection and definition updates](windows-defender-antivirus\manage-protection-updates-windows-defender-antivirus.md)
-##### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus\manage-protection-update-schedule-windows-defender-antivirus.md)
-##### [Manage updates for endpoints that are out of date](windows-defender-antivirus\manage-outdated-endpoints-windows-defender-antivirus.md)
-##### [Manage event-based forced updates](windows-defender-antivirus\manage-event-based-updates-windows-defender-antivirus.md)
-##### [Manage updates for mobile devices and VMs](windows-defender-antivirus\manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
+#### [Evaluate Windows Defender Antivirus protection](windows-defender-antivirus\evaluate-windows-defender-antivirus.md)
 
 
-### [Configure Windows Defender Antivirus features](windows-defender-antivirus\configure-windows-defender-antivirus-features.md)
-#### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus\utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
-##### [Enable cloud-delivered protection](windows-defender-antivirus\enable-cloud-protection-windows-defender-antivirus.md)
-##### [Specify the cloud-delivered protection level](windows-defender-antivirus\specify-cloud-protection-level-windows-defender-antivirus.md)
-##### [Configure and validate network connections](windows-defender-antivirus\configure-network-connections-windows-defender-antivirus.md)
-##### [Enable the Block at First Sight feature](windows-defender-antivirus\configure-block-at-first-sight-windows-defender-antivirus.md)
-##### [Configure the cloud block timeout period](windows-defender-antivirus\configure-cloud-block-timeout-period-windows-defender-antivirus.md)
-#### [Configure behavioral, heuristic, and real-time protection](windows-defender-antivirus\configure-protection-features-windows-defender-antivirus.md)
-##### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus\detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
-##### [Enable and configure always-on protection and monitoring](windows-defender-antivirus\configure-real-time-protection-windows-defender-antivirus.md)
-#### [Configure end-user interaction with Windows Defender AV](windows-defender-antivirus\configure-end-user-interaction-windows-defender-antivirus.md)
-##### [Configure the notifications that appear on endpoints](windows-defender-antivirus\configure-notifications-windows-defender-antivirus.md)
-##### [Prevent users from seeing or interacting with the user interface](windows-defender-antivirus\prevent-end-user-interaction-windows-defender-antivirus.md)
-##### [Prevent or allow users to locally modify policy settings](windows-defender-antivirus\configure-local-policy-overrides-windows-defender-antivirus.md)
+#### [Deploy, manage updates, and report on Windows Defender Antivirus](windows-defender-antivirus\deploy-manage-report-windows-defender-antivirus.md)
+##### [Deploy and enable Windows Defender Antivirus](windows-defender-antivirus\deploy-windows-defender-antivirus.md)
+###### [Deployment guide for VDI environments](windows-defender-antivirus\deployment-vdi-windows-defender-antivirus.md)
+##### [Report on Windows Defender Antivirus protection](windows-defender-antivirus\report-monitor-windows-defender-antivirus.md)
+###### [Troubleshoot Windows Defender Antivirus reporting in Update Compliance](windows-defender-antivirus\troubleshoot-reporting.md)
+##### [Manage updates and apply baselines](windows-defender-antivirus\manage-updates-baselines-windows-defender-antivirus.md)
+###### [Manage protection and definition updates](windows-defender-antivirus\manage-protection-updates-windows-defender-antivirus.md)
+###### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus\manage-protection-update-schedule-windows-defender-antivirus.md)
+###### [Manage updates for endpoints that are out of date](windows-defender-antivirus\manage-outdated-endpoints-windows-defender-antivirus.md)
+###### [Manage event-based forced updates](windows-defender-antivirus\manage-event-based-updates-windows-defender-antivirus.md)
+###### [Manage updates for mobile devices and VMs](windows-defender-antivirus\manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
 
 
-### [Customize, initiate, and review the results of scans and remediation](windows-defender-antivirus\customize-run-review-remediate-scans-windows-defender-antivirus.md)
-#### [Configure and validate exclusions in Windows Defender AV scans](windows-defender-antivirus\configure-exclusions-windows-defender-antivirus.md)
-##### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus\configure-extension-file-exclusions-windows-defender-antivirus.md)
-##### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus\configure-process-opened-file-exclusions-windows-defender-antivirus.md)
-##### [Configure exclusions in Windows Defender AV on Windows Server 2016](windows-defender-antivirus\configure-server-exclusions-windows-defender-antivirus.md)
-#### [Configure scanning options in Windows Defender AV](windows-defender-antivirus\configure-advanced-scan-types-windows-defender-antivirus.md)
-#### [Configure remediation for scans](windows-defender-antivirus\configure-remediation-windows-defender-antivirus.md)
-#### [Configure scheduled scans](windows-defender-antivirus\scheduled-catch-up-scans-windows-defender-antivirus.md)
-#### [Configure and run scans](windows-defender-antivirus\run-scan-windows-defender-antivirus.md)
-#### [Review scan results](windows-defender-antivirus\review-scan-results-windows-defender-antivirus.md)
-#### [Run and review the results of a Windows Defender Offline scan](windows-defender-antivirus\windows-defender-offline.md)
+#### [Configure Windows Defender Antivirus features](windows-defender-antivirus\configure-windows-defender-antivirus-features.md)
+##### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus\utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
+###### [Enable cloud-delivered protection](windows-defender-antivirus\enable-cloud-protection-windows-defender-antivirus.md)
+###### [Specify the cloud-delivered protection level](windows-defender-antivirus\specify-cloud-protection-level-windows-defender-antivirus.md)
+###### [Configure and validate network connections](windows-defender-antivirus\configure-network-connections-windows-defender-antivirus.md)
+###### [Enable the Block at First Sight feature](windows-defender-antivirus\configure-block-at-first-sight-windows-defender-antivirus.md)
+###### [Configure the cloud block timeout period](windows-defender-antivirus\configure-cloud-block-timeout-period-windows-defender-antivirus.md)
+##### [Configure behavioral, heuristic, and real-time protection](windows-defender-antivirus\configure-protection-features-windows-defender-antivirus.md)
+###### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus\detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
+###### [Enable and configure always-on protection and monitoring](windows-defender-antivirus\configure-real-time-protection-windows-defender-antivirus.md)
+##### [Configure end-user interaction with Windows Defender AV](windows-defender-antivirus\configure-end-user-interaction-windows-defender-antivirus.md)
+###### [Configure the notifications that appear on endpoints](windows-defender-antivirus\configure-notifications-windows-defender-antivirus.md)
+###### [Prevent users from seeing or interacting with the user interface](windows-defender-antivirus\prevent-end-user-interaction-windows-defender-antivirus.md)
+###### [Prevent or allow users to locally modify policy settings](windows-defender-antivirus\configure-local-policy-overrides-windows-defender-antivirus.md)
+
+
+#### [Customize, initiate, and review the results of scans and remediation](windows-defender-antivirus\customize-run-review-remediate-scans-windows-defender-antivirus.md)
+##### [Configure and validate exclusions in Windows Defender AV scans](windows-defender-antivirus\configure-exclusions-windows-defender-antivirus.md)
+###### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus\configure-extension-file-exclusions-windows-defender-antivirus.md)
+###### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus\configure-process-opened-file-exclusions-windows-defender-antivirus.md)
+###### [Configure exclusions in Windows Defender AV on Windows Server 2016](windows-defender-antivirus\configure-server-exclusions-windows-defender-antivirus.md)
+##### [Configure scanning options in Windows Defender AV](windows-defender-antivirus\configure-advanced-scan-types-windows-defender-antivirus.md)
+##### [Configure remediation for scans](windows-defender-antivirus\configure-remediation-windows-defender-antivirus.md)
+##### [Configure scheduled scans](windows-defender-antivirus\scheduled-catch-up-scans-windows-defender-antivirus.md)
+##### [Configure and run scans](windows-defender-antivirus\run-scan-windows-defender-antivirus.md)
+##### [Review scan results](windows-defender-antivirus\review-scan-results-windows-defender-antivirus.md)
+##### [Run and review the results of a Windows Defender Offline scan](windows-defender-antivirus\windows-defender-offline.md)
 #### [Restore quarantined files in Windows Defender AV](windows-defender-antivirus\restore-quarantined-files-windows-defender-antivirus.md)
 
 
-### [Review event logs and error codes to troubleshoot issues](windows-defender-antivirus\troubleshoot-windows-defender-antivirus.md)
+##### [Review event logs and error codes to troubleshoot issues](windows-defender-antivirus\troubleshoot-windows-defender-antivirus.md)
 
 
 
-### [Manage Windows Defender AV in your business](windows-defender-antivirus\configuration-management-reference-windows-defender-antivirus.md)
-#### [Use Group Policy settings to configure and manage Windows Defender AV](windows-defender-antivirus\use-group-policy-windows-defender-antivirus.md)
-#### [Use System Center Configuration Manager and Microsoft Intune to configure and manage Windows Defender AV](windows-defender-antivirus\use-intune-config-manager-windows-defender-antivirus.md)
-#### [Use PowerShell cmdlets to configure and manage Windows Defender AV](windows-defender-antivirus\use-powershell-cmdlets-windows-defender-antivirus.md)
-#### [Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender AV](windows-defender-antivirus\use-wmi-windows-defender-antivirus.md)
-#### [Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender AV](windows-defender-antivirus\command-line-arguments-windows-defender-antivirus.md)
+##### [Manage Windows Defender AV in your business](windows-defender-antivirus\configuration-management-reference-windows-defender-antivirus.md)
+###### [Use Group Policy settings to configure and manage Windows Defender AV](windows-defender-antivirus\use-group-policy-windows-defender-antivirus.md)
+###### [Use System Center Configuration Manager and Microsoft Intune to configure and manage Windows Defender AV](windows-defender-antivirus\use-intune-config-manager-windows-defender-antivirus.md)
+###### [Use PowerShell cmdlets to configure and manage Windows Defender AV](windows-defender-antivirus\use-powershell-cmdlets-windows-defender-antivirus.md)
+###### [Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender AV](windows-defender-antivirus\use-wmi-windows-defender-antivirus.md)
+###### [Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender AV](windows-defender-antivirus\command-line-arguments-windows-defender-antivirus.md)
 
-## [Windows Defender AV in the Windows Defender Security Center app](windows-defender-antivirus\windows-defender-security-center-antivirus.md)
 
-## [Windows Defender Exploit Guard](windows-defender-exploit-guard\windows-defender-exploit-guard.md)
-### [Evaluate Windows Defender Exploit Guard](windows-defender-exploit-guard\evaluate-windows-defender-exploit-guard.md)
-#### [Use auditing mode to evaluate Windows Defender Exploit Guard](windows-defender-exploit-guard\audit-windows-defender-exploit-guard.md)
-#### [View Exploit Guard events](windows-defender-exploit-guard\event-views-exploit-guard.md)
 
-### [Exploit protection](windows-defender-exploit-guard\exploit-protection-exploit-guard.md)
-#### [Comparison with Enhanced Mitigation Experience Toolkit](windows-defender-exploit-guard\emet-exploit-protection-exploit-guard.md)
-#### [Evaluate Exploit protection](windows-defender-exploit-guard\evaluate-exploit-protection.md)
-#### [Enable Exploit protection](windows-defender-exploit-guard\enable-exploit-protection.md)
-#### [Customize Exploit protection](windows-defender-exploit-guard\customize-exploit-protection.md)
-##### [Import, export, and deploy Exploit protection configurations](windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md)
-### [Attack surface reduction](windows-defender-exploit-guard\attack-surface-reduction-exploit-guard.md)
+
+
+
+
+
+
+
+
+
+
+
+
+
+### [Windows Defender Exploit Guard](windows-defender-exploit-guard\windows-defender-exploit-guard.md)
+#### [Evaluate Windows Defender Exploit Guard](windows-defender-exploit-guard\evaluate-windows-defender-exploit-guard.md)
+##### [Use auditing mode to evaluate Windows Defender Exploit Guard](windows-defender-exploit-guard\audit-windows-defender-exploit-guard.md)
+##### [View Exploit Guard events](windows-defender-exploit-guard\event-views-exploit-guard.md)
+#### [Exploit protection](windows-defender-exploit-guard\exploit-protection-exploit-guard.md)
+##### [Comparison with Enhanced Mitigation Experience Toolkit](windows-defender-exploit-guard\emet-exploit-protection-exploit-guard.md)
+##### [Evaluate Exploit protection](windows-defender-exploit-guard\evaluate-exploit-protection.md)
+##### [Enable Exploit protection](windows-defender-exploit-guard\enable-exploit-protection.md)
+##### [Customize Exploit protection](windows-defender-exploit-guard\customize-exploit-protection.md)
+###### [Import, export, and deploy Exploit protection configurations](windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md)
+##### [Memory integrity](windows-defender-exploit-guard\memory-integrity.md)
+###### [Requirements for virtualization-based protection of code integrity](windows-defender-exploit-guard\requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
+###### [Enable virtualization-based protection of code integrity](windows-defender-exploit-guard\enable-virtualization-based-protection-of-code-integrity.md)
+#### [Attack surface reduction](windows-defender-exploit-guard\attack-surface-reduction-exploit-guard.md)
 #### [Evaluate Attack surface reduction](windows-defender-exploit-guard\evaluate-attack-surface-reduction.md)
 #### [Enable Attack surface reduction](windows-defender-exploit-guard\enable-attack-surface-reduction.md)
 #### [Customize Attack surface reduction](windows-defender-exploit-guard\customize-attack-surface-reduction.md)
 #### [Troubleshoot Attack surface reduction rules](windows-defender-exploit-guard\troubleshoot-asr.md)
-### [Network Protection](windows-defender-exploit-guard\network-protection-exploit-guard.md)
+#### [Network Protection](windows-defender-exploit-guard\network-protection-exploit-guard.md)
 #### [Evaluate Network Protection](windows-defender-exploit-guard\evaluate-network-protection.md)
 #### [Enable Network Protection](windows-defender-exploit-guard\enable-network-protection.md)
 #### [Troubleshoot Network protection](windows-defender-exploit-guard\troubleshoot-np.md)
-### [Controlled folder access](windows-defender-exploit-guard\controlled-folders-exploit-guard.md)
+#### [Controlled folder access](windows-defender-exploit-guard\controlled-folders-exploit-guard.md)
 #### [Evaluate Controlled folder access](windows-defender-exploit-guard\evaluate-controlled-folder-access.md)
 #### [Enable Controlled folder access](windows-defender-exploit-guard\enable-controlled-folders-exploit-guard.md)
 #### [Customize Controlled folder access](windows-defender-exploit-guard\customize-controlled-folders-exploit-guard.md)
-### [Memory integrity](windows-defender-exploit-guard\memory-integrity.md)
-#### [Requirements for virtualization-based protection of code integrity](windows-defender-exploit-guard\requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
-#### [Enable virtualization-based protection of code integrity](windows-defender-exploit-guard\enable-virtualization-based-protection-of-code-integrity.md)
 
 
-## [Windows Defender Application Control](windows-defender-application-control/windows-defender-application-control.md)
-
-## [Control the health of Windows 10-based devices](protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md)
-
-## [Windows Defender Device Guard: virtualization-based security and WDAC](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
-
-## [Windows Defender SmartScreen](windows-defender-smartscreen/windows-defender-smartscreen-overview.md)
-### [Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md)
-### [Set up and use Windows Defender SmartScreen on individual devices](windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md)
-
-##[Windows Defender Application Guard](windows-defender-application-guard/wd-app-guard-overview.md)
-###[System requirements for Windows Defender Application Guard](windows-defender-application-guard/reqs-wd-app-guard.md)
-###[Prepare and install Windows Defender Application Guard](windows-defender-application-guard/install-wd-app-guard.md)
-###[Configure the Group Policy settings for Windows Defender Application Guard](windows-defender-application-guard/configure-wd-app-guard.md)
-###[Testing scenarios using Windows Defender Application Guard in your business or organization](windows-defender-application-guard/test-scenarios-wd-app-guard.md)
-###[Frequently Asked Questions - Windows Defender Application Guard](windows-defender-application-guard/faq-wd-app-guard.md)
-
-## [Mitigate threats by using Windows 10 security features](overview-of-threat-mitigations-in-windows-10.md)
-
-## [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md)
-
-## [Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-intrusion-detection.md)
-
-## [Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md)
-
-## [Security auditing](auditing/security-auditing-overview.md)
-### [Basic security audit policies](auditing/basic-security-audit-policies.md)
-#### [Create a basic audit policy for an event category](auditing/create-a-basic-audit-policy-settings-for-an-event-category.md)
-#### [Apply a basic audit policy on a file or folder](auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md)
-#### [View the security event log](auditing/view-the-security-event-log.md)
-#### [Basic security audit policy settings](auditing/basic-security-audit-policy-settings.md)
-##### [Audit account logon events](auditing/basic-audit-account-logon-events.md)
-##### [Audit account management](auditing/basic-audit-account-management.md)
-##### [Audit directory service access](auditing/basic-audit-directory-service-access.md)
-##### [Audit logon events](auditing/basic-audit-logon-events.md)
-##### [Audit object access](auditing/basic-audit-object-access.md)
-##### [Audit policy change](auditing/basic-audit-policy-change.md)
-##### [Audit privilege use](auditing/basic-audit-privilege-use.md)
-##### [Audit process tracking](auditing/basic-audit-process-tracking.md)
-##### [Audit system events](auditing/basic-audit-system-events.md)
-### [Advanced security audit policies](auditing/advanced-security-auditing.md)
-#### [Planning and deploying advanced security audit policies](auditing/planning-and-deploying-advanced-security-audit-policies.md)
-#### [Advanced security auditing FAQ](auditing/advanced-security-auditing-faq.md)
-##### [Which editions of Windows support advanced audit policy configuration](auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md)
-#### [Using advanced security auditing options to monitor dynamic access control objects](auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md)
-##### [Monitor the central access policies that apply on a file server](auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md)
-##### [Monitor the use of removable storage devices](auditing/monitor-the-use-of-removable-storage-devices.md)
-##### [Monitor resource attribute definitions](auditing/monitor-resource-attribute-definitions.md)
-##### [Monitor central access policy and rule definitions](auditing/monitor-central-access-policy-and-rule-definitions.md)
-##### [Monitor user and device claims during sign-in](auditing/monitor-user-and-device-claims-during-sign-in.md)
-##### [Monitor the resource attributes on files and folders](auditing/monitor-the-resource-attributes-on-files-and-folders.md)
-##### [Monitor the central access policies associated with files and folders](auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md)
-##### [Monitor claim types](auditing/monitor-claim-types.md)
-#### [Advanced security audit policy settings](auditing/advanced-security-audit-policy-settings.md)
-##### [Audit Credential Validation](auditing/audit-credential-validation.md)
-###### [Event 4774 S, F: An account was mapped for logon.](auditing/event-4774.md)
-###### [Event 4775 F: An account could not be mapped for logon.](auditing/event-4775.md)
-###### [Event 4776 S, F: The computer attempted to validate the credentials for an account.](auditing/event-4776.md)
-###### [Event 4777 F: The domain controller failed to validate the credentials for an account.](auditing/event-4777.md)
-##### [Audit Kerberos Authentication Service](auditing/audit-kerberos-authentication-service.md)
-###### [Event 4768 S, F: A Kerberos authentication ticket, TGT, was requested.](auditing/event-4768.md)
-###### [Event 4771 F: Kerberos pre-authentication failed.](auditing/event-4771.md)
-###### [Event 4772 F: A Kerberos authentication ticket request failed.](auditing/event-4772.md)
-##### [Audit Kerberos Service Ticket Operations](auditing/audit-kerberos-service-ticket-operations.md)
-###### [Event 4769 S, F: A Kerberos service ticket was requested.](auditing/event-4769.md)
-###### [Event 4770 S: A Kerberos service ticket was renewed.](auditing/event-4770.md)
-###### [Event 4773 F: A Kerberos service ticket request failed.](auditing/event-4773.md)
-##### [Audit Other Account Logon Events](auditing/audit-other-account-logon-events.md)
-##### [Audit Application Group Management](auditing/audit-application-group-management.md)
-##### [Audit Computer Account Management](auditing/audit-computer-account-management.md)
-###### [Event 4741 S: A computer account was created.](auditing/event-4741.md)
-###### [Event 4742 S: A computer account was changed.](auditing/event-4742.md)
-###### [Event 4743 S: A computer account was deleted.](auditing/event-4743.md)
-##### [Audit Distribution Group Management](auditing/audit-distribution-group-management.md)
-###### [Event 4749 S: A security-disabled global group was created.](auditing/event-4749.md)
-###### [Event 4750 S: A security-disabled global group was changed.](auditing/event-4750.md)
-###### [Event 4751 S: A member was added to a security-disabled global group.](auditing/event-4751.md)
-###### [Event 4752 S: A member was removed from a security-disabled global group.](auditing/event-4752.md)
-###### [Event 4753 S: A security-disabled global group was deleted.](auditing/event-4753.md)
-##### [Audit Other Account Management Events](auditing/audit-other-account-management-events.md)
-###### [Event 4782 S: The password hash an account was accessed.](auditing/event-4782.md)
-###### [Event 4793 S: The Password Policy Checking API was called.](auditing/event-4793.md)
-##### [Audit Security Group Management](auditing/audit-security-group-management.md)
-###### [Event 4731 S: A security-enabled local group was created.](auditing/event-4731.md)
-###### [Event 4732 S: A member was added to a security-enabled local group.](auditing/event-4732.md)
-###### [Event 4733 S: A member was removed from a security-enabled local group.](auditing/event-4733.md)
-###### [Event 4734 S: A security-enabled local group was deleted.](auditing/event-4734.md)
-###### [Event 4735 S: A security-enabled local group was changed.](auditing/event-4735.md)
-###### [Event 4764 S: A group’s type was changed.](auditing/event-4764.md)
-###### [Event 4799 S: A security-enabled local group membership was enumerated.](auditing/event-4799.md)
-##### [Audit User Account Management](auditing/audit-user-account-management.md)
-###### [Event 4720 S: A user account was created.](auditing/event-4720.md)
-###### [Event 4722 S: A user account was enabled.](auditing/event-4722.md)
-###### [Event 4723 S, F: An attempt was made to change an account's password.](auditing/event-4723.md)
-###### [Event 4724 S, F: An attempt was made to reset an account's password.](auditing/event-4724.md)
-###### [Event 4725 S: A user account was disabled.](auditing/event-4725.md)
-###### [Event 4726 S: A user account was deleted.](auditing/event-4726.md)
-###### [Event 4738 S: A user account was changed.](auditing/event-4738.md)
-###### [Event 4740 S: A user account was locked out.](auditing/event-4740.md)
-###### [Event 4765 S: SID History was added to an account.](auditing/event-4765.md)
-###### [Event 4766 F: An attempt to add SID History to an account failed.](auditing/event-4766.md)
-###### [Event 4767 S: A user account was unlocked.](auditing/event-4767.md)
-###### [Event 4780 S: The ACL was set on accounts which are members of administrators groups.](auditing/event-4780.md)
-###### [Event 4781 S: The name of an account was changed.](auditing/event-4781.md)
-###### [Event 4794 S, F: An attempt was made to set the Directory Services Restore Mode administrator password.](auditing/event-4794.md)
-###### [Event 4798 S: A user's local group membership was enumerated.](auditing/event-4798.md)
-###### [Event 5376 S: Credential Manager credentials were backed up.](auditing/event-5376.md)
-###### [Event 5377 S: Credential Manager credentials were restored from a backup.](auditing/event-5377.md)
-##### [Audit DPAPI Activity](auditing/audit-dpapi-activity.md)
-###### [Event 4692 S, F: Backup of data protection master key was attempted.](auditing/event-4692.md)
-###### [Event 4693 S, F: Recovery of data protection master key was attempted.](auditing/event-4693.md)
-###### [Event 4694 S, F: Protection of auditable protected data was attempted.](auditing/event-4694.md)
-###### [Event 4695 S, F: Unprotection of auditable protected data was attempted.](auditing/event-4695.md)
-##### [Audit PNP Activity](auditing/audit-pnp-activity.md)
-###### [Event 6416 S: A new external device was recognized by the System.](auditing/event-6416.md)
-###### [Event 6419 S: A request was made to disable a device.](auditing/event-6419.md)
-###### [Event 6420 S: A device was disabled.](auditing/event-6420.md)
-###### [Event 6421 S: A request was made to enable a device.](auditing/event-6421.md)
-###### [Event 6422 S: A device was enabled.](auditing/event-6422.md)
-###### [Event 6423 S: The installation of this device is forbidden by system policy.](auditing/event-6423.md)
-###### [Event 6424 S: The installation of this device was allowed, after having previously been forbidden by policy.](auditing/event-6424.md)
-##### [Audit Process Creation](auditing/audit-process-creation.md)
-###### [Event 4688 S: A new process has been created.](auditing/event-4688.md)
-###### [Event 4696 S: A primary token was assigned to process.](auditing/event-4696.md)
-##### [Audit Process Termination](auditing/audit-process-termination.md)
-###### [Event 4689 S: A process has exited.](auditing/event-4689.md)
-##### [Audit RPC Events](auditing/audit-rpc-events.md)
-###### [Event 5712 S: A Remote Procedure Call, RPC, was attempted.](auditing/event-5712.md)
-##### [Audit Detailed Directory Service Replication](auditing/audit-detailed-directory-service-replication.md)
-###### [Event 4928 S, F: An Active Directory replica source naming context was established.](auditing/event-4928.md)
-###### [Event 4929 S, F: An Active Directory replica source naming context was removed.](auditing/event-4929.md)
-###### [Event 4930 S, F: An Active Directory replica source naming context was modified.](auditing/event-4930.md)
-###### [Event 4931 S, F: An Active Directory replica destination naming context was modified.](auditing/event-4931.md)
-###### [Event 4934 S: Attributes of an Active Directory object were replicated.](auditing/event-4934.md)
-###### [Event 4935 F: Replication failure begins.](auditing/event-4935.md)
-###### [Event 4936 S: Replication failure ends.](auditing/event-4936.md)
-###### [Event 4937 S: A lingering object was removed from a replica.](auditing/event-4937.md)
-##### [Audit Directory Service Access](auditing/audit-directory-service-access.md)
-###### [Event 4662 S, F: An operation was performed on an object.](auditing/event-4662.md)
-###### [Event 4661 S, F: A handle to an object was requested.](auditing/event-4661.md)
-##### [Audit Directory Service Changes](auditing/audit-directory-service-changes.md)
-###### [Event 5136 S: A directory service object was modified.](auditing/event-5136.md)
-###### [Event 5137 S: A directory service object was created.](auditing/event-5137.md)
-###### [Event 5138 S: A directory service object was undeleted.](auditing/event-5138.md)
-###### [Event 5139 S: A directory service object was moved.](auditing/event-5139.md)
-###### [Event 5141 S: A directory service object was deleted.](auditing/event-5141.md)
-##### [Audit Directory Service Replication](auditing/audit-directory-service-replication.md)
-###### [Event 4932 S: Synchronization of a replica of an Active Directory naming context has begun.](auditing/event-4932.md)
-###### [Event 4933 S, F: Synchronization of a replica of an Active Directory naming context has ended.](auditing/event-4933.md)
-##### [Audit Account Lockout](auditing/audit-account-lockout.md)
-###### [Event 4625 F: An account failed to log on.](auditing/event-4625.md)
-##### [Audit User/Device Claims](auditing/audit-user-device-claims.md)
-###### [Event 4626 S: User/Device claims information.](auditing/event-4626.md)
-##### [Audit Group Membership](auditing/audit-group-membership.md)
-###### [Event 4627 S: Group membership information.](auditing/event-4627.md)
-##### [Audit IPsec Extended Mode](auditing/audit-ipsec-extended-mode.md)
-##### [Audit IPsec Main Mode](auditing/audit-ipsec-main-mode.md)
-##### [Audit IPsec Quick Mode](auditing/audit-ipsec-quick-mode.md)
-##### [Audit Logoff](auditing/audit-logoff.md)
-###### [Event 4634 S: An account was logged off.](auditing/event-4634.md)
-###### [Event 4647 S: User initiated logoff.](auditing/event-4647.md)
-##### [Audit Logon](auditing/audit-logon.md)
-###### [Event 4624 S: An account was successfully logged on.](auditing/event-4624.md)
-###### [Event 4625 F: An account failed to log on.](auditing/event-4625.md)
-###### [Event 4648 S: A logon was attempted using explicit credentials.](auditing/event-4648.md)
-###### [Event 4675 S: SIDs were filtered.](auditing/event-4675.md)
-##### [Audit Network Policy Server](auditing/audit-network-policy-server.md)
-##### [Audit Other Logon/Logoff Events](auditing/audit-other-logonlogoff-events.md)
-###### [Event 4649 S: A replay attack was detected.](auditing/event-4649.md)
-###### [Event 4778 S: A session was reconnected to a Window Station.](auditing/event-4778.md)
-###### [Event 4779 S: A session was disconnected from a Window Station.](auditing/event-4779.md)
-###### [Event 4800 S: The workstation was locked.](auditing/event-4800.md)
-###### [Event 4801 S: The workstation was unlocked.](auditing/event-4801.md)
-###### [Event 4802 S: The screen saver was invoked.](auditing/event-4802.md)
-###### [Event 4803 S: The screen saver was dismissed.](auditing/event-4803.md)
-###### [Event 5378 F: The requested credentials delegation was disallowed by policy.](auditing/event-5378.md)
-###### [Event 5632 S, F: A request was made to authenticate to a wireless network.](auditing/event-5632.md)
-###### [Event 5633 S, F: A request was made to authenticate to a wired network.](auditing/event-5633.md)
-##### [Audit Special Logon](auditing/audit-special-logon.md)
-###### [Event 4964 S: Special groups have been assigned to a new logon.](auditing/event-4964.md)
-###### [Event 4672 S: Special privileges assigned to new logon.](auditing/event-4672.md)
-##### [Audit Application Generated](auditing/audit-application-generated.md)
-##### [Audit Certification Services](auditing/audit-certification-services.md)
-##### [Audit Detailed File Share](auditing/audit-detailed-file-share.md)
-###### [Event 5145 S, F: A network share object was checked to see whether client can be granted desired access.](auditing/event-5145.md)
-##### [Audit File Share](auditing/audit-file-share.md)
-###### [Event 5140 S, F: A network share object was accessed.](auditing/event-5140.md)
-###### [Event 5142 S: A network share object was added.](auditing/event-5142.md)
-###### [Event 5143 S: A network share object was modified.](auditing/event-5143.md)
-###### [Event 5144 S: A network share object was deleted.](auditing/event-5144.md)
-###### [Event 5168 F: SPN check for SMB/SMB2 failed.](auditing/event-5168.md)
-##### [Audit File System](auditing/audit-file-system.md)
-###### [Event 4656 S, F: A handle to an object was requested.](auditing/event-4656.md)
-###### [Event 4658 S: The handle to an object was closed.](auditing/event-4658.md)
-###### [Event 4660 S: An object was deleted.](auditing/event-4660.md)
-###### [Event 4663 S: An attempt was made to access an object.](auditing/event-4663.md)
-###### [Event 4664 S: An attempt was made to create a hard link.](auditing/event-4664.md)
-###### [Event 4985 S: The state of a transaction has changed.](auditing/event-4985.md)
-###### [Event 5051: A file was virtualized.](auditing/event-5051.md)
-###### [Event 4670 S: Permissions on an object were changed.](auditing/event-4670.md)
-##### [Audit Filtering Platform Connection](auditing/audit-filtering-platform-connection.md)
-###### [Event 5031 F: The Windows Firewall Service blocked an application from accepting incoming connections on the network.](auditing/event-5031.md)
-###### [Event 5150: The Windows Filtering Platform blocked a packet.](auditing/event-5150.md)
-###### [Event 5151: A more restrictive Windows Filtering Platform filter has blocked a packet.](auditing/event-5151.md)
-###### [Event 5154 S: The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections.](auditing/event-5154.md)
-###### [Event 5155 F: The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections.](auditing/event-5155.md)
-###### [Event 5156 S: The Windows Filtering Platform has permitted a connection.](auditing/event-5156.md)
-###### [Event 5157 F: The Windows Filtering Platform has blocked a connection.](auditing/event-5157.md)
-###### [Event 5158 S: The Windows Filtering Platform has permitted a bind to a local port.](auditing/event-5158.md)
-###### [Event 5159 F: The Windows Filtering Platform has blocked a bind to a local port.](auditing/event-5159.md)
-##### [Audit Filtering Platform Packet Drop](auditing/audit-filtering-platform-packet-drop.md)
-###### [Event 5152 F: The Windows Filtering Platform blocked a packet.](auditing/event-5152.md)
-###### [Event 5153 S: A more restrictive Windows Filtering Platform filter has blocked a packet.](auditing/event-5153.md)
-##### [Audit Handle Manipulation](auditing/audit-handle-manipulation.md)
-###### [Event 4690 S: An attempt was made to duplicate a handle to an object.](auditing/event-4690.md)
-##### [Audit Kernel Object](auditing/audit-kernel-object.md)
-###### [Event 4656 S, F: A handle to an object was requested.](auditing/event-4656.md)
-###### [Event 4658 S: The handle to an object was closed.](auditing/event-4658.md)
-###### [Event 4660 S: An object was deleted.](auditing/event-4660.md)
-###### [Event 4663 S: An attempt was made to access an object.](auditing/event-4663.md)
-##### [Audit Other Object Access Events](auditing/audit-other-object-access-events.md)
-###### [Event 4671: An application attempted to access a blocked ordinal through the TBS.](auditing/event-4671.md)
-###### [Event 4691 S: Indirect access to an object was requested.](auditing/event-4691.md)
-###### [Event 5148 F: The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded.](auditing/event-5148.md)
-###### [Event 5149 F: The DoS attack has subsided and normal processing is being resumed.](auditing/event-5149.md)
-###### [Event 4698 S: A scheduled task was created.](auditing/event-4698.md)
-###### [Event 4699 S: A scheduled task was deleted.](auditing/event-4699.md)
-###### [Event 4700 S: A scheduled task was enabled.](auditing/event-4700.md)
-###### [Event 4701 S: A scheduled task was disabled.](auditing/event-4701.md)
-###### [Event 4702 S: A scheduled task was updated.](auditing/event-4702.md)
-###### [Event 5888 S: An object in the COM+ Catalog was modified.](auditing/event-5888.md)
-###### [Event 5889 S: An object was deleted from the COM+ Catalog.](auditing/event-5889.md)
-###### [Event 5890 S: An object was added to the COM+ Catalog.](auditing/event-5890.md)
-##### [Audit Registry](auditing/audit-registry.md)
-###### [Event 4663 S: An attempt was made to access an object.](auditing/event-4663.md)
-###### [Event 4656 S, F: A handle to an object was requested.](auditing/event-4656.md)
-###### [Event 4658 S: The handle to an object was closed.](auditing/event-4658.md)
-###### [Event 4660 S: An object was deleted.](auditing/event-4660.md)
-###### [Event 4657 S: A registry value was modified.](auditing/event-4657.md)
-###### [Event 5039: A registry key was virtualized.](auditing/event-5039.md)
-###### [Event 4670 S: Permissions on an object were changed.](auditing/event-4670.md)
-##### [Audit Removable Storage](auditing/audit-removable-storage.md)
-##### [Audit SAM](auditing/audit-sam.md)
-###### [Event 4661 S, F: A handle to an object was requested.](auditing/event-4661.md)
-##### [Audit Central Access Policy Staging](auditing/audit-central-access-policy-staging.md)
-###### [Event 4818 S: Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy.](auditing/event-4818.md)
-##### [Audit Audit Policy Change](auditing/audit-audit-policy-change.md)
-###### [Event 4670 S: Permissions on an object were changed.](auditing/event-4670.md)
-###### [Event 4715 S: The audit policy, SACL, on an object was changed.](auditing/event-4715.md)
-###### [Event 4719 S: System audit policy was changed.](auditing/event-4719.md)
-###### [Event 4817 S: Auditing settings on object were changed.](auditing/event-4817.md)
-###### [Event 4902 S: The Per-user audit policy table was created.](auditing/event-4902.md)
-###### [Event 4906 S: The CrashOnAuditFail value has changed.](auditing/event-4906.md)
-###### [Event 4907 S: Auditing settings on object were changed.](auditing/event-4907.md)
-###### [Event 4908 S: Special Groups Logon table modified.](auditing/event-4908.md)
-###### [Event 4912 S: Per User Audit Policy was changed.](auditing/event-4912.md)
-###### [Event 4904 S: An attempt was made to register a security event source.](auditing/event-4904.md)
-###### [Event 4905 S: An attempt was made to unregister a security event source.](auditing/event-4905.md)
-##### [Audit Authentication Policy Change](auditing/audit-authentication-policy-change.md)
-###### [Event 4706 S: A new trust was created to a domain.](auditing/event-4706.md)
-###### [Event 4707 S: A trust to a domain was removed.](auditing/event-4707.md)
-###### [Event 4716 S: Trusted domain information was modified.](auditing/event-4716.md)
-###### [Event 4713 S: Kerberos policy was changed.](auditing/event-4713.md)
-###### [Event 4717 S: System security access was granted to an account.](auditing/event-4717.md)
-###### [Event 4718 S: System security access was removed from an account.](auditing/event-4718.md)
-###### [Event 4739 S: Domain Policy was changed.](auditing/event-4739.md)
-###### [Event 4864 S: A namespace collision was detected.](auditing/event-4864.md)
-###### [Event 4865 S: A trusted forest information entry was added.](auditing/event-4865.md)
-###### [Event 4866 S: A trusted forest information entry was removed.](auditing/event-4866.md)
-###### [Event 4867 S: A trusted forest information entry was modified.](auditing/event-4867.md)
-##### [Audit Authorization Policy Change](auditing/audit-authorization-policy-change.md)
-###### [Event 4703 S: A user right was adjusted.](auditing/event-4703.md)
-###### [Event 4704 S: A user right was assigned.](auditing/event-4704.md)
-###### [Event 4705 S: A user right was removed.](auditing/event-4705.md)
-###### [Event 4670 S: Permissions on an object were changed.](auditing/event-4670.md)
-###### [Event 4911 S: Resource attributes of the object were changed.](auditing/event-4911.md)
-###### [Event 4913 S: Central Access Policy on the object was changed.](auditing/event-4913.md)
-##### [Audit Filtering Platform Policy Change](auditing/audit-filtering-platform-policy-change.md)
-##### [Audit MPSSVC Rule-Level Policy Change](auditing/audit-mpssvc-rule-level-policy-change.md)
-###### [Event 4944 S: The following policy was active when the Windows Firewall started.](auditing/event-4944.md)
-###### [Event 4945 S: A rule was listed when the Windows Firewall started.](auditing/event-4945.md)
-###### [Event 4946 S: A change has been made to Windows Firewall exception list. A rule was added.](auditing/event-4946.md)
-###### [Event 4947 S: A change has been made to Windows Firewall exception list. A rule was modified.](auditing/event-4947.md)
-###### [Event 4948 S: A change has been made to Windows Firewall exception list. A rule was deleted.](auditing/event-4948.md)
-###### [Event 4949 S: Windows Firewall settings were restored to the default values.](auditing/event-4949.md)
-###### [Event 4950 S: A Windows Firewall setting has changed.](auditing/event-4950.md)
-###### [Event 4951 F: A rule has been ignored because its major version number was not recognized by Windows Firewall.](auditing/event-4951.md)
-###### [Event 4952 F: Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced.](auditing/event-4952.md)
-###### [Event 4953 F: Windows Firewall ignored a rule because it could not be parsed.](auditing/event-4953.md)
-###### [Event 4954 S: Windows Firewall Group Policy settings have changed. The new settings have been applied.](auditing/event-4954.md)
-###### [Event 4956 S: Windows Firewall has changed the active profile.](auditing/event-4956.md)
-###### [Event 4957 F: Windows Firewall did not apply the following rule.](auditing/event-4957.md)
-###### [Event 4958 F: Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer.](auditing/event-4958.md)
-##### [Audit Other Policy Change Events](auditing/audit-other-policy-change-events.md)
-###### [Event 4714 S: Encrypted data recovery policy was changed.](auditing/event-4714.md)
-###### [Event 4819 S: Central Access Policies on the machine have been changed.](auditing/event-4819.md)
-###### [Event 4826 S: Boot Configuration Data loaded.](auditing/event-4826.md)
-###### [Event 4909: The local policy settings for the TBS were changed.](auditing/event-4909.md)
-###### [Event 4910: The group policy settings for the TBS were changed.](auditing/event-4910.md)
-###### [Event 5063 S, F: A cryptographic provider operation was attempted.](auditing/event-5063.md)
-###### [Event 5064 S, F: A cryptographic context operation was attempted.](auditing/event-5064.md)
-###### [Event 5065 S, F: A cryptographic context modification was attempted.](auditing/event-5065.md)
-###### [Event 5066 S, F: A cryptographic function operation was attempted.](auditing/event-5066.md)
-###### [Event 5067 S, F: A cryptographic function modification was attempted.](auditing/event-5067.md)
-###### [Event 5068 S, F: A cryptographic function provider operation was attempted.](auditing/event-5068.md)
-###### [Event 5069 S, F: A cryptographic function property operation was attempted.](auditing/event-5069.md)
-###### [Event 5070 S, F: A cryptographic function property modification was attempted.](auditing/event-5070.md)
-###### [Event 5447 S: A Windows Filtering Platform filter has been changed.](auditing/event-5447.md)
-###### [Event 6144 S: Security policy in the group policy objects has been applied successfully.](auditing/event-6144.md)
-###### [Event 6145 F: One or more errors occurred while processing security policy in the group policy objects.](auditing/event-6145.md)
-##### [Audit Sensitive Privilege Use](auditing/audit-sensitive-privilege-use.md)
-###### [Event 4673 S, F: A privileged service was called.](auditing/event-4673.md)
-###### [Event 4674 S, F: An operation was attempted on a privileged object.](auditing/event-4674.md)
-###### [Event 4985 S: The state of a transaction has changed.](auditing/event-4985.md)
-##### [Audit Non Sensitive Privilege Use](auditing/audit-non-sensitive-privilege-use.md)
-###### [Event 4673 S, F: A privileged service was called.](auditing/event-4673.md)
-###### [Event 4674 S, F: An operation was attempted on a privileged object.](auditing/event-4674.md)
-###### [Event 4985 S: The state of a transaction has changed.](auditing/event-4985.md)
-##### [Audit Other Privilege Use Events](auditing/audit-other-privilege-use-events.md)
-###### [Event 4985 S: The state of a transaction has changed.](auditing/event-4985.md)
-##### [Audit IPsec Driver](auditing/audit-ipsec-driver.md)
-##### [Audit Other System Events](auditing/audit-other-system-events.md)
-###### [Event 5024 S: The Windows Firewall Service has started successfully.](auditing/event-5024.md)
-###### [Event 5025 S: The Windows Firewall Service has been stopped.](auditing/event-5025.md)
-###### [Event 5027 F: The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy.](auditing/event-5027.md)
-###### [Event 5028 F: The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy.](auditing/event-5028.md)
-###### [Event 5029 F: The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy.](auditing/event-5029.md)
-###### [Event 5030 F: The Windows Firewall Service failed to start.](auditing/event-5030.md)
-###### [Event 5032 F: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.](auditing/event-5032.md)
-###### [Event 5033 S: The Windows Firewall Driver has started successfully.](auditing/event-5033.md)
-###### [Event 5034 S: The Windows Firewall Driver was stopped.](auditing/event-5034.md)
-###### [Event 5035 F: The Windows Firewall Driver failed to start.](auditing/event-5035.md)
-###### [Event 5037 F: The Windows Firewall Driver detected critical runtime error. Terminating.](auditing/event-5037.md)
-###### [Event 5058 S, F: Key file operation.](auditing/event-5058.md)
-###### [Event 5059 S, F: Key migration operation.](auditing/event-5059.md)
-###### [Event 6400: BranchCache: Received an incorrectly formatted response while discovering availability of content.](auditing/event-6400.md)
-###### [Event 6401: BranchCache: Received invalid data from a peer. Data discarded.](auditing/event-6401.md)
-###### [Event 6402: BranchCache: The message to the hosted cache offering it data is incorrectly formatted.](auditing/event-6402.md)
-###### [Event 6403: BranchCache: The hosted cache sent an incorrectly formatted response to the client.](auditing/event-6403.md)
-###### [Event 6404: BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate.](auditing/event-6404.md)
-###### [Event 6405: BranchCache: %2 instances of event id %1 occurred.](auditing/event-6405.md)
-###### [Event 6406: %1 registered to Windows Firewall to control filtering for the following: %2.](auditing/event-6406.md)
-###### [Event 6407: 1%.](auditing/event-6407.md)
-###### [Event 6408: Registered product %1 failed and Windows Firewall is now controlling the filtering for %2.](auditing/event-6408.md)
-###### [Event 6409: BranchCache: A service connection point object could not be parsed.](auditing/event-6409.md)
-##### [Audit Security State Change](auditing/audit-security-state-change.md)
-###### [Event 4608 S: Windows is starting up.](auditing/event-4608.md)
-###### [Event 4616 S: The system time was changed.](auditing/event-4616.md)
-###### [Event 4621 S: Administrator recovered system from CrashOnAuditFail.](auditing/event-4621.md)
-##### [Audit Security System Extension](auditing/audit-security-system-extension.md)
-###### [Event 4610 S: An authentication package has been loaded by the Local Security Authority.](auditing/event-4610.md)
-###### [Event 4611 S: A trusted logon process has been registered with the Local Security Authority.](auditing/event-4611.md)
-###### [Event 4614 S: A notification package has been loaded by the Security Account Manager.](auditing/event-4614.md)
-###### [Event 4622 S: A security package has been loaded by the Local Security Authority.](auditing/event-4622.md)
-###### [Event 4697 S: A service was installed in the system.](auditing/event-4697.md)
-##### [Audit System Integrity](auditing/audit-system-integrity.md)
-###### [Event 4612 S: Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.](auditing/event-4612.md)
-###### [Event 4615 S: Invalid use of LPC port.](auditing/event-4615.md)
-###### [Event 4618 S: A monitored security event pattern has occurred.](auditing/event-4618.md)
-###### [Event 4816 S: RPC detected an integrity violation while decrypting an incoming message.](auditing/event-4816.md)
-###### [Event 5038 F: Code integrity determined that the image hash of a file is not valid.](auditing/event-5038.md)
-###### [Event 5056 S: A cryptographic self-test was performed.](auditing/event-5056.md)
-###### [Event 5062 S: A kernel-mode cryptographic self-test was performed.](auditing/event-5062.md)
-###### [Event 5057 F: A cryptographic primitive operation failed.](auditing/event-5057.md)
-###### [Event 5060 F: Verification operation failed.](auditing/event-5060.md)
-###### [Event 5061 S, F: Cryptographic operation.](auditing/event-5061.md)
-###### [Event 6281 F: Code Integrity determined that the page hashes of an image file are not valid.](auditing/event-6281.md)
-###### [Event 6410 F: Code integrity determined that a file does not meet the security requirements to load into a process.](auditing/event-6410.md)
-##### [Other Events](auditing/other-events.md)
-###### [Event 1100 S: The event logging service has shut down.](auditing/event-1100.md)
-###### [Event 1102 S: The audit log was cleared.](auditing/event-1102.md)
-###### [Event 1104 S: The security log is now full.](auditing/event-1104.md)
-###### [Event 1105 S: Event log automatic backup.](auditing/event-1105.md)
-###### [Event 1108 S: The event logging service encountered an error while processing an incoming event published from %1.](auditing/event-1108.md)
-##### [Appendix A: Security monitoring recommendations for many audit events](auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md)
-##### [Registry (Global Object Access Auditing) ](auditing/registry-global-object-access-auditing.md)
-##### [File System (Global Object Access Auditing) ](auditing/file-system-global-object-access-auditing.md)
-
-## [Security policy settings](security-policy-settings/security-policy-settings.md)
-### [Administer security policy settings](security-policy-settings/administer-security-policy-settings.md)
-#### [Network List Manager policies](security-policy-settings/network-list-manager-policies.md)
-### [Configure security policy settings](security-policy-settings/how-to-configure-security-policy-settings.md)
-### [Security policy settings reference](security-policy-settings/security-policy-settings-reference.md)
-#### [Account Policies](security-policy-settings/account-policies.md)
-##### [Password Policy](security-policy-settings/password-policy.md)
-###### [Enforce password history](security-policy-settings/enforce-password-history.md)
-###### [Maximum password age](security-policy-settings/maximum-password-age.md)
-###### [Minimum password age](security-policy-settings/minimum-password-age.md)
-###### [Minimum password length](security-policy-settings/minimum-password-length.md)
-###### [Password must meet complexity requirements](security-policy-settings/password-must-meet-complexity-requirements.md)
-###### [Store passwords using reversible encryption](security-policy-settings/store-passwords-using-reversible-encryption.md)
-##### [Account Lockout Policy](security-policy-settings/account-lockout-policy.md)
-###### [Account lockout duration](security-policy-settings/account-lockout-duration.md)
-###### [Account lockout threshold](security-policy-settings/account-lockout-threshold.md)
-###### [Reset account lockout counter after](security-policy-settings/reset-account-lockout-counter-after.md)
-##### [Kerberos Policy](security-policy-settings/kerberos-policy.md)
-###### [Enforce user logon restrictions](security-policy-settings/enforce-user-logon-restrictions.md)
-###### [Maximum lifetime for service ticket](security-policy-settings/maximum-lifetime-for-service-ticket.md)
-###### [Maximum lifetime for user ticket](security-policy-settings/maximum-lifetime-for-user-ticket.md)
-###### [Maximum lifetime for user ticket renewal](security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md)
-###### [Maximum tolerance for computer clock synchronization](security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md)
-#### [Audit Policy](security-policy-settings/audit-policy.md)
-#### [Security Options](security-policy-settings/security-options.md)
-##### [Accounts: Administrator account status](security-policy-settings/accounts-administrator-account-status.md)
-##### [Accounts: Block Microsoft accounts](security-policy-settings/accounts-block-microsoft-accounts.md)
-##### [Accounts: Guest account status](security-policy-settings/accounts-guest-account-status.md)
-##### [Accounts: Limit local account use of blank passwords to console logon only](security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md)
-##### [Accounts: Rename administrator account](security-policy-settings/accounts-rename-administrator-account.md)
-##### [Accounts: Rename guest account](security-policy-settings/accounts-rename-guest-account.md)
-##### [Audit: Audit the access of global system objects](security-policy-settings/audit-audit-the-access-of-global-system-objects.md)
-##### [Audit: Audit the use of Backup and Restore privilege](security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md)
-##### [Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings](security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md)
-##### [Audit: Shut down system immediately if unable to log security audits](security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md)
-##### [DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax](security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md)
-##### [DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax](security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md)
-##### [Devices: Allow undock without having to log on](security-policy-settings/devices-allow-undock-without-having-to-log-on.md)
-##### [Devices: Allowed to format and eject removable media](security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md)
-##### [Devices: Prevent users from installing printer drivers](security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md)
-##### [Devices: Restrict CD-ROM access to locally logged-on user only](security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md)
-##### [Devices: Restrict floppy access to locally logged-on user only](security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md)
-##### [Domain controller: Allow server operators to schedule tasks](security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md)
-##### [Domain controller: LDAP server signing requirements](security-policy-settings/domain-controller-ldap-server-signing-requirements.md)
-##### [Domain controller: Refuse machine account password changes](security-policy-settings/domain-controller-refuse-machine-account-password-changes.md)
-##### [Domain member: Digitally encrypt or sign secure channel data (always)](security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md)
-##### [Domain member: Digitally encrypt secure channel data (when possible)](security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md)
-##### [Domain member: Digitally sign secure channel data (when possible)](security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md)
-##### [Domain member: Disable machine account password changes](security-policy-settings/domain-member-disable-machine-account-password-changes.md)
-##### [Domain member: Maximum machine account password age](security-policy-settings/domain-member-maximum-machine-account-password-age.md)
-##### [Domain member: Require strong (Windows 2000 or later) session key](security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md)
-##### [Interactive logon: Display user information when the session is locked](security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md)
-##### [Interactive logon: Don't display last signed-in](security-policy-settings/interactive-logon-do-not-display-last-user-name.md)
-##### [Interactive logon: Don't display username at sign-in](security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md)
-##### [Interactive logon: Do not require CTRL+ALT+DEL](security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md)
-##### [Interactive logon: Machine account lockout threshold](security-policy-settings/interactive-logon-machine-account-lockout-threshold.md)
-##### [Interactive logon: Machine inactivity limit](security-policy-settings/interactive-logon-machine-inactivity-limit.md)
-##### [Interactive logon: Message text for users attempting to log on](security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md)
-##### [Interactive logon: Message title for users attempting to log on](security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md)
-##### [Interactive logon: Number of previous logons to cache (in case domain controller is not available)](security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md)
-##### [Interactive logon: Prompt user to change password before expiration](security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md)
-##### [Interactive logon: Require Domain Controller authentication to unlock workstation](security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md)
-##### [Interactive logon: Require smart card](security-policy-settings/interactive-logon-require-smart-card.md)
-##### [Interactive logon: Smart card removal behavior](security-policy-settings/interactive-logon-smart-card-removal-behavior.md)
-##### [Microsoft network client: Digitally sign communications (always)](security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md)
-##### [SMBv1 Microsoft network client: Digitally sign communications (always)](security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md)
-##### [SMBv1 Microsoft network client: Digitally sign communications (if server agrees)](security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md)
-##### [Microsoft network client: Send unencrypted password to third-party SMB servers](security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md)
-##### [Microsoft network server: Amount of idle time required before suspending session](security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md)
-##### [Microsoft network server: Attempt S4U2Self to obtain claim information](security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md)
-##### [Microsoft network server: Digitally sign communications (always)](security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md)
-##### [SMBv1 Microsoft network server: Digitally sign communications (always)](security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md)
-##### [SMBv1 Microsoft network server: Digitally sign communications (if client agrees)](security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md)
-##### [Microsoft network server: Disconnect clients when logon hours expire](security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md)
-##### [Microsoft network server: Server SPN target name validation level](security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md)
-##### [Network access: Allow anonymous SID/Name translation](security-policy-settings/network-access-allow-anonymous-sidname-translation.md)
-##### [Network access: Do not allow anonymous enumeration of SAM accounts](security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md)
-##### [Network access: Do not allow anonymous enumeration of SAM accounts and shares](security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md)
-##### [Network access: Do not allow storage of passwords and credentials for network authentication](security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md)
-##### [Network access: Let Everyone permissions apply to anonymous users](security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md)
-##### [Network access: Named Pipes that can be accessed anonymously](security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md)
-##### [Network access: Remotely accessible registry paths](security-policy-settings/network-access-remotely-accessible-registry-paths.md)
-##### [Network access: Remotely accessible registry paths and subpaths](security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md)
-##### [Network access: Restrict anonymous access to Named Pipes and Shares](security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md)
-#####  [Network access: Restrict clients allowed to make remote calls to SAM](security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md)
-##### [Network access: Shares that can be accessed anonymously](security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md)
-##### [Network access: Sharing and security model for local accounts](security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md)
-##### [Network security: Allow Local System to use computer identity for NTLM](security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md)
-##### [Network security: Allow LocalSystem NULL session fallback](security-policy-settings/network-security-allow-localsystem-null-session-fallback.md)
-##### [Network security: Allow PKU2U authentication requests to this computer to use online identities](security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md)
-##### [Network security: Configure encryption types allowed for Kerberos Win7 only](security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md)
-##### [Network security: Do not store LAN Manager hash value on next password change](security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md)
-##### [Network security: Force logoff when logon hours expire](security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md)
-##### [Network security: LAN Manager authentication level](security-policy-settings/network-security-lan-manager-authentication-level.md)
-##### [Network security: LDAP client signing requirements](security-policy-settings/network-security-ldap-client-signing-requirements.md)
-##### [Network security: Minimum session security for NTLM SSP based (including secure RPC) clients](security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md)
-##### [Network security: Minimum session security for NTLM SSP based (including secure RPC) servers](security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md)
-##### [Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication](security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md)
-##### [Network security: Restrict NTLM: Add server exceptions in this domain](security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md)
-##### [Network security: Restrict NTLM: Audit incoming NTLM traffic](security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md)
-##### [Network security: Restrict NTLM: Audit NTLM authentication in this domain](security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md)
-##### [Network security: Restrict NTLM: Incoming NTLM traffic](security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md)
-##### [Network security: Restrict NTLM: NTLM authentication in this domain](security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md)
-##### [Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers](security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md)
-##### [Recovery console: Allow automatic administrative logon](security-policy-settings/recovery-console-allow-automatic-administrative-logon.md)
-##### [Recovery console: Allow floppy copy and access to all drives and folders](security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md)
-##### [Shutdown: Allow system to be shut down without having to log on](security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md)
-##### [Shutdown: Clear virtual memory pagefile](security-policy-settings/shutdown-clear-virtual-memory-pagefile.md)
-##### [System cryptography: Force strong key protection for user keys stored on the computer](security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md)
-##### [System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing](security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md)
-##### [System objects: Require case insensitivity for non-Windows subsystems](security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md)
-##### [System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)](security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md)
-##### [System settings: Optional subsystems](security-policy-settings/system-settings-optional-subsystems.md)
-##### [System settings: Use certificate rules on Windows executables for Software Restriction Policies](security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md)
-##### [User Account Control: Admin Approval Mode for the Built-in Administrator account](security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md)
-##### [User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop](security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md)
-##### [User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode](security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md)
-##### [User Account Control: Behavior of the elevation prompt for standard users](security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md)
-##### [User Account Control: Detect application installations and prompt for elevation](security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md)
-##### [User Account Control: Only elevate executables that are signed and validated](security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md)
-##### [User Account Control: Only elevate UIAccess applications that are installed in secure locations](security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md)
-##### [User Account Control: Run all administrators in Admin Approval Mode](security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md)
-##### [User Account Control: Switch to the secure desktop when prompting for elevation](security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md)
-##### [User Account Control: Virtualize file and registry write failures to per-user locations](security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md)
-#### [Advanced security audit policy settings](security-policy-settings/secpol-advanced-security-audit-policy-settings.md)
-#### [User Rights Assignment](security-policy-settings/user-rights-assignment.md)
-##### [Access Credential Manager as a trusted caller](security-policy-settings/access-credential-manager-as-a-trusted-caller.md)
-##### [Access this computer from the network](security-policy-settings/access-this-computer-from-the-network.md)
-##### [Act as part of the operating system](security-policy-settings/act-as-part-of-the-operating-system.md)
-##### [Add workstations to domain](security-policy-settings/add-workstations-to-domain.md)
-##### [Adjust memory quotas for a process](security-policy-settings/adjust-memory-quotas-for-a-process.md)
-##### [Allow log on locally](security-policy-settings/allow-log-on-locally.md)
-##### [Allow log on through Remote Desktop Services](security-policy-settings/allow-log-on-through-remote-desktop-services.md)
-##### [Back up files and directories](security-policy-settings/back-up-files-and-directories.md)
-##### [Bypass traverse checking](security-policy-settings/bypass-traverse-checking.md)
-##### [Change the system time](security-policy-settings/change-the-system-time.md)
-##### [Change the time zone](security-policy-settings/change-the-time-zone.md)
-##### [Create a pagefile](security-policy-settings/create-a-pagefile.md)
-##### [Create a token object](security-policy-settings/create-a-token-object.md)
-##### [Create global objects](security-policy-settings/create-global-objects.md)
-##### [Create permanent shared objects](security-policy-settings/create-permanent-shared-objects.md)
-##### [Create symbolic links](security-policy-settings/create-symbolic-links.md)
-##### [Debug programs](security-policy-settings/debug-programs.md)
-##### [Deny access to this computer from the network](security-policy-settings/deny-access-to-this-computer-from-the-network.md)
-##### [Deny log on as a batch job](security-policy-settings/deny-log-on-as-a-batch-job.md)
-##### [Deny log on as a service](security-policy-settings/deny-log-on-as-a-service.md)
-##### [Deny log on locally](security-policy-settings/deny-log-on-locally.md)
-##### [Deny log on through Remote Desktop Services](security-policy-settings/deny-log-on-through-remote-desktop-services.md)
-##### [Enable computer and user accounts to be trusted for delegation](security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md)
-##### [Force shutdown from a remote system](security-policy-settings/force-shutdown-from-a-remote-system.md)
-##### [Generate security audits](security-policy-settings/generate-security-audits.md)
-##### [Impersonate a client after authentication](security-policy-settings/impersonate-a-client-after-authentication.md)
-##### [Increase a process working set](security-policy-settings/increase-a-process-working-set.md)
-##### [Increase scheduling priority](security-policy-settings/increase-scheduling-priority.md)
-##### [Load and unload device drivers](security-policy-settings/load-and-unload-device-drivers.md)
-##### [Lock pages in memory](security-policy-settings/lock-pages-in-memory.md)
-##### [Log on as a batch job](security-policy-settings/log-on-as-a-batch-job.md)
-##### [Log on as a service](security-policy-settings/log-on-as-a-service.md)
-##### [Manage auditing and security log](security-policy-settings/manage-auditing-and-security-log.md)
-##### [Modify an object label](security-policy-settings/modify-an-object-label.md)
-##### [Modify firmware environment values](security-policy-settings/modify-firmware-environment-values.md)
-##### [Perform volume maintenance tasks](security-policy-settings/perform-volume-maintenance-tasks.md)
-##### [Profile single process](security-policy-settings/profile-single-process.md)
-##### [Profile system performance](security-policy-settings/profile-system-performance.md)
-##### [Remove computer from docking station](security-policy-settings/remove-computer-from-docking-station.md)
-##### [Replace a process level token](security-policy-settings/replace-a-process-level-token.md)
-##### [Restore files and directories](security-policy-settings/restore-files-and-directories.md)
-##### [Shut down the system](security-policy-settings/shut-down-the-system.md)
-##### [Synchronize directory service data](security-policy-settings/synchronize-directory-service-data.md)
-##### [Take ownership of files or other objects](security-policy-settings/take-ownership-of-files-or-other-objects.md)
 
 
-## [Windows security baselines](windows-security-baselines.md)
+### [Windows Defender Application Control](windows-defender-application-control/windows-defender-application-control.md)
+
+
+
+
+
+
+### [Windows Defender Application Guard](windows-defender-application-guard/wd-app-guard-overview.md)
+#### [System requirements for Windows Defender Application Guard](windows-defender-application-guard/reqs-wd-app-guard.md)
+#### [Prepare and install Windows Defender Application Guard](windows-defender-application-guard/install-wd-app-guard.md)
+#### [Configure the Group Policy settings for Windows Defender Application Guard](windows-defender-application-guard/configure-wd-app-guard.md)
+#### [Testing scenarios using Windows Defender Application Guard in your business or organization](windows-defender-application-guard/test-scenarios-wd-app-guard.md)
+#### [Frequently Asked Questions - Windows Defender Application Guard](windows-defender-application-guard/faq-wd-app-guard.md)
+
+
+## Other security features
+### [The Windows Security app](windows-defender-security-center/windows-defender-security-center.md)
+#### [Customize the Windows Security app for your organization](windows-defender-security-center/wdsc-customize-contact-information.md)
+#### [Hide Windows Security app notifications](windows-defender-security-center/wdsc-hide-notifications.md)
+#### [Manage Windows Security app in Windows 10 in S mode](windows-defender-security-center\wdsc-windows-10-in-s-mode.md)
+#### [Virus and threat protection](windows-defender-security-center/wdsc-virus-threat-protection.md)
+#### [Account protection](windows-defender-security-center\wdsc-account-protection.md)
+#### [Firewall and network protection](windows-defender-security-center\wdsc-firewall-network-protection.md)
+#### [App and browser control](windows-defender-security-center\wdsc-app-browser-control.md)
+#### [Device security](windows-defender-security-center\wdsc-device-security.md)
+#### [Device performance and health](windows-defender-security-center\wdsc-device-performance-health.md)
+#### [Family options](windows-defender-security-center\wdsc-family-options.md)
+
+
+### [Windows Defender SmartScreen](windows-defender-smartscreen/windows-defender-smartscreen-overview.md)
+#### [Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md)
+#### [Set up and use Windows Defender SmartScreen on individual devices](windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md)
+
+
+### [Windows Defender Device Guard: virtualization-based security and WDAC](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
+
+
+### [Control the health of Windows 10-based devices](protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md)
+
+### [Mitigate threats by using Windows 10 security features](overview-of-threat-mitigations-in-windows-10.md)
+
+### [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md)
+
+### [Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-intrusion-detection.md)
+
+### [Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md)
+
+### [Security auditing](auditing/security-auditing-overview.md)
+
+#### [Basic security audit policies](auditing/basic-security-audit-policies.md)
+##### [Create a basic audit policy for an event category](auditing/create-a-basic-audit-policy-settings-for-an-event-category.md)
+##### [Apply a basic audit policy on a file or folder](auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md)
+##### [View the security event log](auditing/view-the-security-event-log.md)
+
+##### [Basic security audit policy settings](auditing/basic-security-audit-policy-settings.md)
+###### [Audit account logon events](auditing/basic-audit-account-logon-events.md)
+###### [Audit account management](auditing/basic-audit-account-management.md)
+###### [Audit directory service access](auditing/basic-audit-directory-service-access.md)
+###### [Audit logon events](auditing/basic-audit-logon-events.md)
+###### [Audit object access](auditing/basic-audit-object-access.md)
+###### [Audit policy change](auditing/basic-audit-policy-change.md)
+###### [Audit privilege use](auditing/basic-audit-privilege-use.md)
+###### [Audit process tracking](auditing/basic-audit-process-tracking.md)
+###### [Audit system events](auditing/basic-audit-system-events.md)
+
+##### [Advanced security audit policies](auditing/advanced-security-auditing.md)
+###### [Planning and deploying advanced security audit policies](auditing/planning-and-deploying-advanced-security-audit-policies.md)
+###### [Advanced security auditing FAQ](auditing/advanced-security-auditing-faq.md)
+####### [Which editions of Windows support advanced audit policy configuration](auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md)
+
+###### [Using advanced security auditing options to monitor dynamic access control objects](auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md)
+####### [Monitor the central access policies that apply on a file server](auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md)
+####### [Monitor the use of removable storage devices](auditing/monitor-the-use-of-removable-storage-devices.md)
+####### [Monitor resource attribute definitions](auditing/monitor-resource-attribute-definitions.md)
+####### [Monitor central access policy and rule definitions](auditing/monitor-central-access-policy-and-rule-definitions.md)
+####### [Monitor user and device claims during sign-in](auditing/monitor-user-and-device-claims-during-sign-in.md)
+####### [Monitor the resource attributes on files and folders](auditing/monitor-the-resource-attributes-on-files-and-folders.md)
+####### [Monitor the central access policies associated with files and folders](auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md)
+####### [Monitor claim types](auditing/monitor-claim-types.md)
+
+###### [Advanced security audit policy settings](auditing/advanced-security-audit-policy-settings.md)
+####### [Audit Credential Validation](auditing/audit-credential-validation.md)
+####### [Event 4774 S, F: An account was mapped for logon.](auditing/event-4774.md)
+####### [Event 4775 F: An account could not be mapped for logon.](auditing/event-4775.md)
+####### [Event 4776 S, F: The computer attempted to validate the credentials for an account.](auditing/event-4776.md)
+####### [Event 4777 F: The domain controller failed to validate the credentials for an account.](auditing/event-4777.md)
+###### [Audit Kerberos Authentication Service](auditing/audit-kerberos-authentication-service.md)
+####### [Event 4768 S, F: A Kerberos authentication ticket, TGT, was requested.](auditing/event-4768.md)
+####### [Event 4771 F: Kerberos pre-authentication failed.](auditing/event-4771.md)
+####### [Event 4772 F: A Kerberos authentication ticket request failed.](auditing/event-4772.md)
+###### [Audit Kerberos Service Ticket Operations](auditing/audit-kerberos-service-ticket-operations.md)
+####### [Event 4769 S, F: A Kerberos service ticket was requested.](auditing/event-4769.md)
+####### [Event 4770 S: A Kerberos service ticket was renewed.](auditing/event-4770.md)
+####### [Event 4773 F: A Kerberos service ticket request failed.](auditing/event-4773.md)
+###### [Audit Other Account Logon Events](auditing/audit-other-account-logon-events.md)
+###### [Audit Application Group Management](auditing/audit-application-group-management.md)
+###### [Audit Computer Account Management](auditing/audit-computer-account-management.md)
+####### [Event 4741 S: A computer account was created.](auditing/event-4741.md)
+####### [Event 4742 S: A computer account was changed.](auditing/event-4742.md)
+####### [Event 4743 S: A computer account was deleted.](auditing/event-4743.md)
+###### [Audit Distribution Group Management](auditing/audit-distribution-group-management.md)
+####### [Event 4749 S: A security-disabled global group was created.](auditing/event-4749.md)
+####### [Event 4750 S: A security-disabled global group was changed.](auditing/event-4750.md)
+####### [Event 4751 S: A member was added to a security-disabled global group.](auditing/event-4751.md)
+####### [Event 4752 S: A member was removed from a security-disabled global group.](auditing/event-4752.md)
+####### [Event 4753 S: A security-disabled global group was deleted.](auditing/event-4753.md)
+###### [Audit Other Account Management Events](auditing/audit-other-account-management-events.md)
+####### [Event 4782 S: The password hash an account was accessed.](auditing/event-4782.md)
+####### [Event 4793 S: The Password Policy Checking API was called.](auditing/event-4793.md)
+###### [Audit Security Group Management](auditing/audit-security-group-management.md)
+####### [Event 4731 S: A security-enabled local group was created.](auditing/event-4731.md)
+####### [Event 4732 S: A member was added to a security-enabled local group.](auditing/event-4732.md)
+####### [Event 4733 S: A member was removed from a security-enabled local group.](auditing/event-4733.md)
+####### [Event 4734 S: A security-enabled local group was deleted.](auditing/event-4734.md)
+####### [Event 4735 S: A security-enabled local group was changed.](auditing/event-4735.md)
+####### [Event 4764 S: A group’s type was changed.](auditing/event-4764.md)
+####### [Event 4799 S: A security-enabled local group membership was enumerated.](auditing/event-4799.md)
+###### [Audit User Account Management](auditing/audit-user-account-management.md)
+####### [Event 4720 S: A user account was created.](auditing/event-4720.md)
+####### [Event 4722 S: A user account was enabled.](auditing/event-4722.md)
+####### [Event 4723 S, F: An attempt was made to change an account's password.](auditing/event-4723.md)
+####### [Event 4724 S, F: An attempt was made to reset an account's password.](auditing/event-4724.md)
+####### [Event 4725 S: A user account was disabled.](auditing/event-4725.md)
+####### [Event 4726 S: A user account was deleted.](auditing/event-4726.md)
+####### [Event 4738 S: A user account was changed.](auditing/event-4738.md)
+####### [Event 4740 S: A user account was locked out.](auditing/event-4740.md)
+####### [Event 4765 S: SID History was added to an account.](auditing/event-4765.md)
+####### [Event 4766 F: An attempt to add SID History to an account failed.](auditing/event-4766.md)
+####### [Event 4767 S: A user account was unlocked.](auditing/event-4767.md)
+####### [Event 4780 S: The ACL was set on accounts which are members of administrators groups.](auditing/event-4780.md)
+####### [Event 4781 S: The name of an account was changed.](auditing/event-4781.md)
+####### [Event 4794 S, F: An attempt was made to set the Directory Services Restore Mode administrator password.](auditing/event-4794.md)
+####### [Event 4798 S: A user's local group membership was enumerated.](auditing/event-4798.md)
+####### [Event 5376 S: Credential Manager credentials were backed up.](auditing/event-5376.md)
+####### [Event 5377 S: Credential Manager credentials were restored from a backup.](auditing/event-5377.md)
+###### [Audit DPAPI Activity](auditing/audit-dpapi-activity.md)
+####### [Event 4692 S, F: Backup of data protection master key was attempted.](auditing/event-4692.md)
+####### [Event 4693 S, F: Recovery of data protection master key was attempted.](auditing/event-4693.md)
+####### [Event 4694 S, F: Protection of auditable protected data was attempted.](auditing/event-4694.md)
+####### [Event 4695 S, F: Unprotection of auditable protected data was attempted.](auditing/event-4695.md)
+###### [Audit PNP Activity](auditing/audit-pnp-activity.md)
+####### [Event 6416 S: A new external device was recognized by the System.](auditing/event-6416.md)
+####### [Event 6419 S: A request was made to disable a device.](auditing/event-6419.md)
+####### [Event 6420 S: A device was disabled.](auditing/event-6420.md)
+####### [Event 6421 S: A request was made to enable a device.](auditing/event-6421.md)
+####### [Event 6422 S: A device was enabled.](auditing/event-6422.md)
+####### [Event 6423 S: The installation of this device is forbidden by system policy.](auditing/event-6423.md)
+####### [Event 6424 S: The installation of this device was allowed, after having previously been forbidden by policy.](auditing/event-6424.md)
+###### [Audit Process Creation](auditing/audit-process-creation.md)
+####### [Event 4688 S: A new process has been created.](auditing/event-4688.md)
+####### [Event 4696 S: A primary token was assigned to process.](auditing/event-4696.md)
+###### [Audit Process Termination](auditing/audit-process-termination.md)
+####### [Event 4689 S: A process has exited.](auditing/event-4689.md)
+###### [Audit RPC Events](auditing/audit-rpc-events.md)
+####### [Event 5712 S: A Remote Procedure Call, RPC, was attempted.](auditing/event-5712.md)
+###### [Audit Detailed Directory Service Replication](auditing/audit-detailed-directory-service-replication.md)
+####### [Event 4928 S, F: An Active Directory replica source naming context was established.](auditing/event-4928.md)
+####### [Event 4929 S, F: An Active Directory replica source naming context was removed.](auditing/event-4929.md)
+####### [Event 4930 S, F: An Active Directory replica source naming context was modified.](auditing/event-4930.md)
+####### [Event 4931 S, F: An Active Directory replica destination naming context was modified.](auditing/event-4931.md)
+####### [Event 4934 S: Attributes of an Active Directory object were replicated.](auditing/event-4934.md)
+####### [Event 4935 F: Replication failure begins.](auditing/event-4935.md)
+####### [Event 4936 S: Replication failure ends.](auditing/event-4936.md)
+####### [Event 4937 S: A lingering object was removed from a replica.](auditing/event-4937.md)
+###### [Audit Directory Service Access](auditing/audit-directory-service-access.md)
+####### [Event 4662 S, F: An operation was performed on an object.](auditing/event-4662.md)
+####### [Event 4661 S, F: A handle to an object was requested.](auditing/event-4661.md)
+###### [Audit Directory Service Changes](auditing/audit-directory-service-changes.md)
+####### [Event 5136 S: A directory service object was modified.](auditing/event-5136.md)
+####### [Event 5137 S: A directory service object was created.](auditing/event-5137.md)
+####### [Event 5138 S: A directory service object was undeleted.](auditing/event-5138.md)
+####### [Event 5139 S: A directory service object was moved.](auditing/event-5139.md)
+####### [Event 5141 S: A directory service object was deleted.](auditing/event-5141.md)
+###### [Audit Directory Service Replication](auditing/audit-directory-service-replication.md)
+####### [Event 4932 S: Synchronization of a replica of an Active Directory naming context has begun.](auditing/event-4932.md)
+####### [Event 4933 S, F: Synchronization of a replica of an Active Directory naming context has ended.](auditing/event-4933.md)
+###### [Audit Account Lockout](auditing/audit-account-lockout.md)
+####### [Event 4625 F: An account failed to log on.](auditing/event-4625.md)
+###### [Audit User/Device Claims](auditing/audit-user-device-claims.md)
+####### [Event 4626 S: User/Device claims information.](auditing/event-4626.md)
+###### [Audit Group Membership](auditing/audit-group-membership.md)
+####### [Event 4627 S: Group membership information.](auditing/event-4627.md)
+###### [Audit IPsec Extended Mode](auditing/audit-ipsec-extended-mode.md)
+###### [Audit IPsec Main Mode](auditing/audit-ipsec-main-mode.md)
+###### [Audit IPsec Quick Mode](auditing/audit-ipsec-quick-mode.md)
+###### [Audit Logoff](auditing/audit-logoff.md)
+####### [Event 4634 S: An account was logged off.](auditing/event-4634.md)
+####### [Event 4647 S: User initiated logoff.](auditing/event-4647.md)
+###### [Audit Logon](auditing/audit-logon.md)
+####### [Event 4624 S: An account was successfully logged on.](auditing/event-4624.md)
+####### [Event 4625 F: An account failed to log on.](auditing/event-4625.md)
+####### [Event 4648 S: A logon was attempted using explicit credentials.](auditing/event-4648.md)
+####### [Event 4675 S: SIDs were filtered.](auditing/event-4675.md)
+###### [Audit Network Policy Server](auditing/audit-network-policy-server.md)
+###### [Audit Other Logon/Logoff Events](auditing/audit-other-logonlogoff-events.md)
+####### [Event 4649 S: A replay attack was detected.](auditing/event-4649.md)
+####### [Event 4778 S: A session was reconnected to a Window Station.](auditing/event-4778.md)
+####### [Event 4779 S: A session was disconnected from a Window Station.](auditing/event-4779.md)
+####### [Event 4800 S: The workstation was locked.](auditing/event-4800.md)
+####### [Event 4801 S: The workstation was unlocked.](auditing/event-4801.md)
+####### [Event 4802 S: The screen saver was invoked.](auditing/event-4802.md)
+####### [Event 4803 S: The screen saver was dismissed.](auditing/event-4803.md)
+####### [Event 5378 F: The requested credentials delegation was disallowed by policy.](auditing/event-5378.md)
+####### [Event 5632 S, F: A request was made to authenticate to a wireless network.](auditing/event-5632.md)
+####### [Event 5633 S, F: A request was made to authenticate to a wired network.](auditing/event-5633.md)
+###### [Audit Special Logon](auditing/audit-special-logon.md)
+####### [Event 4964 S: Special groups have been assigned to a new logon.](auditing/event-4964.md)
+####### [Event 4672 S: Special privileges assigned to new logon.](auditing/event-4672.md)
+###### [Audit Application Generated](auditing/audit-application-generated.md)
+###### [Audit Certification Services](auditing/audit-certification-services.md)
+###### [Audit Detailed File Share](auditing/audit-detailed-file-share.md)
+####### [Event 5145 S, F: A network share object was checked to see whether client can be granted desired access.](auditing/event-5145.md)
+###### [Audit File Share](auditing/audit-file-share.md)
+####### [Event 5140 S, F: A network share object was accessed.](auditing/event-5140.md)
+####### [Event 5142 S: A network share object was added.](auditing/event-5142.md)
+####### [Event 5143 S: A network share object was modified.](auditing/event-5143.md)
+####### [Event 5144 S: A network share object was deleted.](auditing/event-5144.md)
+####### [Event 5168 F: SPN check for SMB/SMB2 failed.](auditing/event-5168.md)
+###### [Audit File System](auditing/audit-file-system.md)
+####### [Event 4656 S, F: A handle to an object was requested.](auditing/event-4656.md)
+####### [Event 4658 S: The handle to an object was closed.](auditing/event-4658.md)
+####### [Event 4660 S: An object was deleted.](auditing/event-4660.md)
+####### [Event 4663 S: An attempt was made to access an object.](auditing/event-4663.md)
+####### [Event 4664 S: An attempt was made to create a hard link.](auditing/event-4664.md)
+####### [Event 4985 S: The state of a transaction has changed.](auditing/event-4985.md)
+####### [Event 5051: A file was virtualized.](auditing/event-5051.md)
+####### [Event 4670 S: Permissions on an object were changed.](auditing/event-4670.md)
+###### [Audit Filtering Platform Connection](auditing/audit-filtering-platform-connection.md)
+####### [Event 5031 F: The Windows Firewall Service blocked an application from accepting incoming connections on the network.](auditing/event-5031.md)
+####### [Event 5150: The Windows Filtering Platform blocked a packet.](auditing/event-5150.md)
+####### [Event 5151: A more restrictive Windows Filtering Platform filter has blocked a packet.](auditing/event-5151.md)
+####### [Event 5154 S: The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections.](auditing/event-5154.md)
+####### [Event 5155 F: The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections.](auditing/event-5155.md)
+####### [Event 5156 S: The Windows Filtering Platform has permitted a connection.](auditing/event-5156.md)
+####### [Event 5157 F: The Windows Filtering Platform has blocked a connection.](auditing/event-5157.md)
+####### [Event 5158 S: The Windows Filtering Platform has permitted a bind to a local port.](auditing/event-5158.md)
+####### [Event 5159 F: The Windows Filtering Platform has blocked a bind to a local port.](auditing/event-5159.md)
+###### [Audit Filtering Platform Packet Drop](auditing/audit-filtering-platform-packet-drop.md)
+####### [Event 5152 F: The Windows Filtering Platform blocked a packet.](auditing/event-5152.md)
+####### [Event 5153 S: A more restrictive Windows Filtering Platform filter has blocked a packet.](auditing/event-5153.md)
+###### [Audit Handle Manipulation](auditing/audit-handle-manipulation.md)
+####### [Event 4690 S: An attempt was made to duplicate a handle to an object.](auditing/event-4690.md)
+###### [Audit Kernel Object](auditing/audit-kernel-object.md)
+####### [Event 4656 S, F: A handle to an object was requested.](auditing/event-4656.md)
+####### [Event 4658 S: The handle to an object was closed.](auditing/event-4658.md)
+####### [Event 4660 S: An object was deleted.](auditing/event-4660.md)
+####### [Event 4663 S: An attempt was made to access an object.](auditing/event-4663.md)
+###### [Audit Other Object Access Events](auditing/audit-other-object-access-events.md)
+####### [Event 4671: An application attempted to access a blocked ordinal through the TBS.](auditing/event-4671.md)
+####### [Event 4691 S: Indirect access to an object was requested.](auditing/event-4691.md)
+####### [Event 5148 F: The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded.](auditing/event-5148.md)
+####### [Event 5149 F: The DoS attack has subsided and normal processing is being resumed.](auditing/event-5149.md)
+####### [Event 4698 S: A scheduled task was created.](auditing/event-4698.md)
+####### [Event 4699 S: A scheduled task was deleted.](auditing/event-4699.md)
+####### [Event 4700 S: A scheduled task was enabled.](auditing/event-4700.md)
+####### [Event 4701 S: A scheduled task was disabled.](auditing/event-4701.md)
+####### [Event 4702 S: A scheduled task was updated.](auditing/event-4702.md)
+####### [Event 5888 S: An object in the COM+ Catalog was modified.](auditing/event-5888.md)
+####### [Event 5889 S: An object was deleted from the COM+ Catalog.](auditing/event-5889.md)
+####### [Event 5890 S: An object was added to the COM+ Catalog.](auditing/event-5890.md)
+###### [Audit Registry](auditing/audit-registry.md)
+####### [Event 4663 S: An attempt was made to access an object.](auditing/event-4663.md)
+####### [Event 4656 S, F: A handle to an object was requested.](auditing/event-4656.md)
+####### [Event 4658 S: The handle to an object was closed.](auditing/event-4658.md)
+####### [Event 4660 S: An object was deleted.](auditing/event-4660.md)
+####### [Event 4657 S: A registry value was modified.](auditing/event-4657.md)
+####### [Event 5039: A registry key was virtualized.](auditing/event-5039.md)
+####### [Event 4670 S: Permissions on an object were changed.](auditing/event-4670.md)
+###### [Audit Removable Storage](auditing/audit-removable-storage.md)
+###### [Audit SAM](auditing/audit-sam.md)
+####### [Event 4661 S, F: A handle to an object was requested.](auditing/event-4661.md)
+###### [Audit Central Access Policy Staging](auditing/audit-central-access-policy-staging.md)
+####### [Event 4818 S: Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy.](auditing/event-4818.md)
+###### [Audit Audit Policy Change](auditing/audit-audit-policy-change.md)
+####### [Event 4670 S: Permissions on an object were changed.](auditing/event-4670.md)
+####### [Event 4715 S: The audit policy, SACL, on an object was changed.](auditing/event-4715.md)
+####### [Event 4719 S: System audit policy was changed.](auditing/event-4719.md)
+####### [Event 4817 S: Auditing settings on object were changed.](auditing/event-4817.md)
+####### [Event 4902 S: The Per-user audit policy table was created.](auditing/event-4902.md)
+####### [Event 4906 S: The CrashOnAuditFail value has changed.](auditing/event-4906.md)
+####### [Event 4907 S: Auditing settings on object were changed.](auditing/event-4907.md)
+####### [Event 4908 S: Special Groups Logon table modified.](auditing/event-4908.md)
+####### [Event 4912 S: Per User Audit Policy was changed.](auditing/event-4912.md)
+####### [Event 4904 S: An attempt was made to register a security event source.](auditing/event-4904.md)
+####### [Event 4905 S: An attempt was made to unregister a security event source.](auditing/event-4905.md)
+###### [Audit Authentication Policy Change](auditing/audit-authentication-policy-change.md)
+####### [Event 4706 S: A new trust was created to a domain.](auditing/event-4706.md)
+####### [Event 4707 S: A trust to a domain was removed.](auditing/event-4707.md)
+####### [Event 4716 S: Trusted domain information was modified.](auditing/event-4716.md)
+####### [Event 4713 S: Kerberos policy was changed.](auditing/event-4713.md)
+####### [Event 4717 S: System security access was granted to an account.](auditing/event-4717.md)
+####### [Event 4718 S: System security access was removed from an account.](auditing/event-4718.md)
+####### [Event 4739 S: Domain Policy was changed.](auditing/event-4739.md)
+####### [Event 4864 S: A namespace collision was detected.](auditing/event-4864.md)
+####### [Event 4865 S: A trusted forest information entry was added.](auditing/event-4865.md)
+####### [Event 4866 S: A trusted forest information entry was removed.](auditing/event-4866.md)
+####### [Event 4867 S: A trusted forest information entry was modified.](auditing/event-4867.md)
+###### [Audit Authorization Policy Change](auditing/audit-authorization-policy-change.md)
+####### [Event 4703 S: A user right was adjusted.](auditing/event-4703.md)
+####### [Event 4704 S: A user right was assigned.](auditing/event-4704.md)
+####### [Event 4705 S: A user right was removed.](auditing/event-4705.md)
+####### [Event 4670 S: Permissions on an object were changed.](auditing/event-4670.md)
+####### [Event 4911 S: Resource attributes of the object were changed.](auditing/event-4911.md)
+####### [Event 4913 S: Central Access Policy on the object was changed.](auditing/event-4913.md)
+###### [Audit Filtering Platform Policy Change](auditing/audit-filtering-platform-policy-change.md)
+###### [Audit MPSSVC Rule-Level Policy Change](auditing/audit-mpssvc-rule-level-policy-change.md)
+####### [Event 4944 S: The following policy was active when the Windows Firewall started.](auditing/event-4944.md)
+####### [Event 4945 S: A rule was listed when the Windows Firewall started.](auditing/event-4945.md)
+####### [Event 4946 S: A change has been made to Windows Firewall exception list. A rule was added.](auditing/event-4946.md)
+####### [Event 4947 S: A change has been made to Windows Firewall exception list. A rule was modified.](auditing/event-4947.md)
+####### [Event 4948 S: A change has been made to Windows Firewall exception list. A rule was deleted.](auditing/event-4948.md)
+####### [Event 4949 S: Windows Firewall settings were restored to the default values.](auditing/event-4949.md)
+####### [Event 4950 S: A Windows Firewall setting has changed.](auditing/event-4950.md)
+####### [Event 4951 F: A rule has been ignored because its major version number was not recognized by Windows Firewall.](auditing/event-4951.md)
+####### [Event 4952 F: Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced.](auditing/event-4952.md)
+####### [Event 4953 F: Windows Firewall ignored a rule because it could not be parsed.](auditing/event-4953.md)
+####### [Event 4954 S: Windows Firewall Group Policy settings have changed. The new settings have been applied.](auditing/event-4954.md)
+####### [Event 4956 S: Windows Firewall has changed the active profile.](auditing/event-4956.md)
+####### [Event 4957 F: Windows Firewall did not apply the following rule.](auditing/event-4957.md)
+####### [Event 4958 F: Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer.](auditing/event-4958.md)
+###### [Audit Other Policy Change Events](auditing/audit-other-policy-change-events.md)
+####### [Event 4714 S: Encrypted data recovery policy was changed.](auditing/event-4714.md)
+####### [Event 4819 S: Central Access Policies on the machine have been changed.](auditing/event-4819.md)
+####### [Event 4826 S: Boot Configuration Data loaded.](auditing/event-4826.md)
+####### [Event 4909: The local policy settings for the TBS were changed.](auditing/event-4909.md)
+####### [Event 4910: The group policy settings for the TBS were changed.](auditing/event-4910.md)
+####### [Event 5063 S, F: A cryptographic provider operation was attempted.](auditing/event-5063.md)
+####### [Event 5064 S, F: A cryptographic context operation was attempted.](auditing/event-5064.md)
+####### [Event 5065 S, F: A cryptographic context modification was attempted.](auditing/event-5065.md)
+####### [Event 5066 S, F: A cryptographic function operation was attempted.](auditing/event-5066.md)
+####### [Event 5067 S, F: A cryptographic function modification was attempted.](auditing/event-5067.md)
+####### [Event 5068 S, F: A cryptographic function provider operation was attempted.](auditing/event-5068.md)
+####### [Event 5069 S, F: A cryptographic function property operation was attempted.](auditing/event-5069.md)
+####### [Event 5070 S, F: A cryptographic function property modification was attempted.](auditing/event-5070.md)
+####### [Event 5447 S: A Windows Filtering Platform filter has been changed.](auditing/event-5447.md)
+####### [Event 6144 S: Security policy in the group policy objects has been applied successfully.](auditing/event-6144.md)
+####### [Event 6145 F: One or more errors occurred while processing security policy in the group policy objects.](auditing/event-6145.md)
+###### [Audit Sensitive Privilege Use](auditing/audit-sensitive-privilege-use.md)
+####### [Event 4673 S, F: A privileged service was called.](auditing/event-4673.md)
+####### [Event 4674 S, F: An operation was attempted on a privileged object.](auditing/event-4674.md)
+####### [Event 4985 S: The state of a transaction has changed.](auditing/event-4985.md)
+###### [Audit Non Sensitive Privilege Use](auditing/audit-non-sensitive-privilege-use.md)
+####### [Event 4673 S, F: A privileged service was called.](auditing/event-4673.md)
+####### [Event 4674 S, F: An operation was attempted on a privileged object.](auditing/event-4674.md)
+####### [Event 4985 S: The state of a transaction has changed.](auditing/event-4985.md)
+###### [Audit Other Privilege Use Events](auditing/audit-other-privilege-use-events.md)
+####### [Event 4985 S: The state of a transaction has changed.](auditing/event-4985.md)
+###### [Audit IPsec Driver](auditing/audit-ipsec-driver.md)
+###### [Audit Other System Events](auditing/audit-other-system-events.md)
+####### [Event 5024 S: The Windows Firewall Service has started successfully.](auditing/event-5024.md)
+####### [Event 5025 S: The Windows Firewall Service has been stopped.](auditing/event-5025.md)
+####### [Event 5027 F: The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy.](auditing/event-5027.md)
+####### [Event 5028 F: The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy.](auditing/event-5028.md)
+####### [Event 5029 F: The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy.](auditing/event-5029.md)
+####### [Event 5030 F: The Windows Firewall Service failed to start.](auditing/event-5030.md)
+####### [Event 5032 F: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.](auditing/event-5032.md)
+####### [Event 5033 S: The Windows Firewall Driver has started successfully.](auditing/event-5033.md)
+####### [Event 5034 S: The Windows Firewall Driver was stopped.](auditing/event-5034.md)
+####### [Event 5035 F: The Windows Firewall Driver failed to start.](auditing/event-5035.md)
+####### [Event 5037 F: The Windows Firewall Driver detected critical runtime error. Terminating.](auditing/event-5037.md)
+####### [Event 5058 S, F: Key file operation.](auditing/event-5058.md)
+####### [Event 5059 S, F: Key migration operation.](auditing/event-5059.md)
+####### [Event 6400: BranchCache: Received an incorrectly formatted response while discovering availability of content.](auditing/event-6400.md)
+####### [Event 6401: BranchCache: Received invalid data from a peer. Data discarded.](auditing/event-6401.md)
+####### [Event 6402: BranchCache: The message to the hosted cache offering it data is incorrectly formatted.](auditing/event-6402.md)
+####### [Event 6403: BranchCache: The hosted cache sent an incorrectly formatted response to the client.](auditing/event-6403.md)
+####### [Event 6404: BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate.](auditing/event-6404.md)
+####### [Event 6405: BranchCache: %2 instances of event id %1 occurred.](auditing/event-6405.md)
+####### [Event 6406: %1 registered to Windows Firewall to control filtering for the following: %2.](auditing/event-6406.md)
+####### [Event 6407: 1%.](auditing/event-6407.md)
+####### [Event 6408: Registered product %1 failed and Windows Firewall is now controlling the filtering for %2.](auditing/event-6408.md)
+####### [Event 6409: BranchCache: A service connection point object could not be parsed.](auditing/event-6409.md)
+###### [Audit Security State Change](auditing/audit-security-state-change.md)
+####### [Event 4608 S: Windows is starting up.](auditing/event-4608.md)
+####### [Event 4616 S: The system time was changed.](auditing/event-4616.md)
+####### [Event 4621 S: Administrator recovered system from CrashOnAuditFail.](auditing/event-4621.md)
+###### [Audit Security System Extension](auditing/audit-security-system-extension.md)
+####### [Event 4610 S: An authentication package has been loaded by the Local Security Authority.](auditing/event-4610.md)
+####### [Event 4611 S: A trusted logon process has been registered with the Local Security Authority.](auditing/event-4611.md)
+####### [Event 4614 S: A notification package has been loaded by the Security Account Manager.](auditing/event-4614.md)
+####### [Event 4622 S: A security package has been loaded by the Local Security Authority.](auditing/event-4622.md)
+####### [Event 4697 S: A service was installed in the system.](auditing/event-4697.md)
+###### [Audit System Integrity](auditing/audit-system-integrity.md)
+####### [Event 4612 S: Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.](auditing/event-4612.md)
+####### [Event 4615 S: Invalid use of LPC port.](auditing/event-4615.md)
+####### [Event 4618 S: A monitored security event pattern has occurred.](auditing/event-4618.md)
+####### [Event 4816 S: RPC detected an integrity violation while decrypting an incoming message.](auditing/event-4816.md)
+####### [Event 5038 F: Code integrity determined that the image hash of a file is not valid.](auditing/event-5038.md)
+####### [Event 5056 S: A cryptographic self-test was performed.](auditing/event-5056.md)
+####### [Event 5062 S: A kernel-mode cryptographic self-test was performed.](auditing/event-5062.md)
+####### [Event 5057 F: A cryptographic primitive operation failed.](auditing/event-5057.md)
+####### [Event 5060 F: Verification operation failed.](auditing/event-5060.md)
+####### [Event 5061 S, F: Cryptographic operation.](auditing/event-5061.md)
+####### [Event 6281 F: Code Integrity determined that the page hashes of an image file are not valid.](auditing/event-6281.md)
+####### [Event 6410 F: Code integrity determined that a file does not meet the security requirements to load into a process.](auditing/event-6410.md)
+###### [Other Events](auditing/other-events.md)
+####### [Event 1100 S: The event logging service has shut down.](auditing/event-1100.md)
+####### [Event 1102 S: The audit log was cleared.](auditing/event-1102.md)
+####### [Event 1104 S: The security log is now full.](auditing/event-1104.md)
+####### [Event 1105 S: Event log automatic backup.](auditing/event-1105.md)
+####### [Event 1108 S: The event logging service encountered an error while processing an incoming event published from %1.](auditing/event-1108.md)
+###### [Appendix A: Security monitoring recommendations for many audit events](auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md)
+###### [Registry (Global Object Access Auditing) ](auditing/registry-global-object-access-auditing.md)
+###### [File System (Global Object Access Auditing) ](auditing/file-system-global-object-access-auditing.md)
+ 
+
+
+
+
+#### [Security policy settings](security-policy-settings/security-policy-settings.md)
+#### [Administer security policy settings](security-policy-settings/administer-security-policy-settings.md)
+##### [Network List Manager policies](security-policy-settings/network-list-manager-policies.md)
+#### [Configure security policy settings](security-policy-settings/how-to-configure-security-policy-settings.md)
+#### [Security policy settings reference](security-policy-settings/security-policy-settings-reference.md)
+##### [Account Policies](security-policy-settings/account-policies.md)
+###### [Password Policy](security-policy-settings/password-policy.md)
+####### [Enforce password history](security-policy-settings/enforce-password-history.md)
+####### [Maximum password age](security-policy-settings/maximum-password-age.md)
+####### [Minimum password age](security-policy-settings/minimum-password-age.md)
+####### [Minimum password length](security-policy-settings/minimum-password-length.md)
+####### [Password must meet complexity requirements](security-policy-settings/password-must-meet-complexity-requirements.md)
+####### [Store passwords using reversible encryption](security-policy-settings/store-passwords-using-reversible-encryption.md)
+###### [Account Lockout Policy](security-policy-settings/account-lockout-policy.md)
+####### [Account lockout duration](security-policy-settings/account-lockout-duration.md)
+####### [Account lockout threshold](security-policy-settings/account-lockout-threshold.md)
+####### [Reset account lockout counter after](security-policy-settings/reset-account-lockout-counter-after.md)
+###### [Kerberos Policy](security-policy-settings/kerberos-policy.md)
+####### [Enforce user logon restrictions](security-policy-settings/enforce-user-logon-restrictions.md)
+####### [Maximum lifetime for service ticket](security-policy-settings/maximum-lifetime-for-service-ticket.md)
+####### [Maximum lifetime for user ticket](security-policy-settings/maximum-lifetime-for-user-ticket.md)
+####### [Maximum lifetime for user ticket renewal](security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md)
+####### [Maximum tolerance for computer clock synchronization](security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md)
+##### [Audit Policy](security-policy-settings/audit-policy.md)
+##### [Security Options](security-policy-settings/security-options.md)
+###### [Accounts: Administrator account status](security-policy-settings/accounts-administrator-account-status.md)
+###### [Accounts: Block Microsoft accounts](security-policy-settings/accounts-block-microsoft-accounts.md)
+###### [Accounts: Guest account status](security-policy-settings/accounts-guest-account-status.md)
+###### [Accounts: Limit local account use of blank passwords to console logon only](security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md)
+###### [Accounts: Rename administrator account](security-policy-settings/accounts-rename-administrator-account.md)
+###### [Accounts: Rename guest account](security-policy-settings/accounts-rename-guest-account.md)
+###### [Audit: Audit the access of global system objects](security-policy-settings/audit-audit-the-access-of-global-system-objects.md)
+###### [Audit: Audit the use of Backup and Restore privilege](security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md)
+###### [Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings](security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md)
+###### [Audit: Shut down system immediately if unable to log security audits](security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md)
+###### [DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax](security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md)
+###### [DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax](security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md)
+###### [Devices: Allow undock without having to log on](security-policy-settings/devices-allow-undock-without-having-to-log-on.md)
+###### [Devices: Allowed to format and eject removable media](security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md)
+###### [Devices: Prevent users from installing printer drivers](security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md)
+###### [Devices: Restrict CD-ROM access to locally logged-on user only](security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md)
+###### [Devices: Restrict floppy access to locally logged-on user only](security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md)
+###### [Domain controller: Allow server operators to schedule tasks](security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md)
+###### [Domain controller: LDAP server signing requirements](security-policy-settings/domain-controller-ldap-server-signing-requirements.md)
+###### [Domain controller: Refuse machine account password changes](security-policy-settings/domain-controller-refuse-machine-account-password-changes.md)
+###### [Domain member: Digitally encrypt or sign secure channel data (always)](security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md)
+###### [Domain member: Digitally encrypt secure channel data (when possible)](security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md)
+###### [Domain member: Digitally sign secure channel data (when possible)](security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md)
+###### [Domain member: Disable machine account password changes](security-policy-settings/domain-member-disable-machine-account-password-changes.md)
+###### [Domain member: Maximum machine account password age](security-policy-settings/domain-member-maximum-machine-account-password-age.md)
+###### [Domain member: Require strong (Windows 2000 or later) session key](security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md)
+###### [Interactive logon: Display user information when the session is locked](security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md)
+###### [Interactive logon: Don't display last signed-in](security-policy-settings/interactive-logon-do-not-display-last-user-name.md)
+###### [Interactive logon: Don't display username at sign-in](security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md)
+###### [Interactive logon: Do not require CTRL+ALT+DEL](security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md)
+###### [Interactive logon: Machine account lockout threshold](security-policy-settings/interactive-logon-machine-account-lockout-threshold.md)
+###### [Interactive logon: Machine inactivity limit](security-policy-settings/interactive-logon-machine-inactivity-limit.md)
+###### [Interactive logon: Message text for users attempting to log on](security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md)
+###### [Interactive logon: Message title for users attempting to log on](security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md)
+###### [Interactive logon: Number of previous logons to cache (in case domain controller is not available)](security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md)
+###### [Interactive logon: Prompt user to change password before expiration](security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md)
+###### [Interactive logon: Require Domain Controller authentication to unlock workstation](security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md)
+###### [Interactive logon: Require smart card](security-policy-settings/interactive-logon-require-smart-card.md)
+###### [Interactive logon: Smart card removal behavior](security-policy-settings/interactive-logon-smart-card-removal-behavior.md)
+###### [Microsoft network client: Digitally sign communications (always)](security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md)
+###### [SMBv1 Microsoft network client: Digitally sign communications (always)](security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md)
+###### [SMBv1 Microsoft network client: Digitally sign communications (if server agrees)](security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md)
+###### [Microsoft network client: Send unencrypted password to third-party SMB servers](security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md)
+###### [Microsoft network server: Amount of idle time required before suspending session](security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md)
+###### [Microsoft network server: Attempt S4U2Self to obtain claim information](security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md)
+###### [Microsoft network server: Digitally sign communications (always)](security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md)
+###### [SMBv1 Microsoft network server: Digitally sign communications (always)](security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md)
+###### [SMBv1 Microsoft network server: Digitally sign communications (if client agrees)](security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md)
+###### [Microsoft network server: Disconnect clients when logon hours expire](security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md)
+###### [Microsoft network server: Server SPN target name validation level](security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md)
+###### [Network access: Allow anonymous SID/Name translation](security-policy-settings/network-access-allow-anonymous-sidname-translation.md)
+###### [Network access: Do not allow anonymous enumeration of SAM accounts](security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md)
+###### [Network access: Do not allow anonymous enumeration of SAM accounts and shares](security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md)
+###### [Network access: Do not allow storage of passwords and credentials for network authentication](security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md)
+###### [Network access: Let Everyone permissions apply to anonymous users](security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md)
+###### [Network access: Named Pipes that can be accessed anonymously](security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md)
+###### [Network access: Remotely accessible registry paths](security-policy-settings/network-access-remotely-accessible-registry-paths.md)
+###### [Network access: Remotely accessible registry paths and subpaths](security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md)
+###### [Network access: Restrict anonymous access to Named Pipes and Shares](security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md)
+######  [Network access: Restrict clients allowed to make remote calls to SAM](security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md)
+###### [Network access: Shares that can be accessed anonymously](security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md)
+###### [Network access: Sharing and security model for local accounts](security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md)
+###### [Network security: Allow Local System to use computer identity for NTLM](security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md)
+###### [Network security: Allow LocalSystem NULL session fallback](security-policy-settings/network-security-allow-localsystem-null-session-fallback.md)
+###### [Network security: Allow PKU2U authentication requests to this computer to use online identities](security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md)
+###### [Network security: Configure encryption types allowed for Kerberos Win7 only](security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md)
+###### [Network security: Do not store LAN Manager hash value on next password change](security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md)
+###### [Network security: Force logoff when logon hours expire](security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md)
+###### [Network security: LAN Manager authentication level](security-policy-settings/network-security-lan-manager-authentication-level.md)
+###### [Network security: LDAP client signing requirements](security-policy-settings/network-security-ldap-client-signing-requirements.md)
+###### [Network security: Minimum session security for NTLM SSP based (including secure RPC) clients](security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md)
+###### [Network security: Minimum session security for NTLM SSP based (including secure RPC) servers](security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md)
+###### [Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication](security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md)
+###### [Network security: Restrict NTLM: Add server exceptions in this domain](security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md)
+###### [Network security: Restrict NTLM: Audit incoming NTLM traffic](security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md)
+###### [Network security: Restrict NTLM: Audit NTLM authentication in this domain](security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md)
+###### [Network security: Restrict NTLM: Incoming NTLM traffic](security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md)
+###### [Network security: Restrict NTLM: NTLM authentication in this domain](security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md)
+###### [Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers](security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md)
+###### [Recovery console: Allow automatic administrative logon](security-policy-settings/recovery-console-allow-automatic-administrative-logon.md)
+###### [Recovery console: Allow floppy copy and access to all drives and folders](security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md)
+###### [Shutdown: Allow system to be shut down without having to log on](security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md)
+###### [Shutdown: Clear virtual memory pagefile](security-policy-settings/shutdown-clear-virtual-memory-pagefile.md)
+###### [System cryptography: Force strong key protection for user keys stored on the computer](security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md)
+###### [System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing](security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md)
+###### [System objects: Require case insensitivity for non-Windows subsystems](security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md)
+###### [System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)](security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md)
+###### [System settings: Optional subsystems](security-policy-settings/system-settings-optional-subsystems.md)
+###### [System settings: Use certificate rules on Windows executables for Software Restriction Policies](security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md)
+###### [User Account Control: Admin Approval Mode for the Built-in Administrator account](security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md)
+###### [User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop](security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md)
+###### [User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode](security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md)
+###### [User Account Control: Behavior of the elevation prompt for standard users](security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md)
+###### [User Account Control: Detect application installations and prompt for elevation](security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md)
+###### [User Account Control: Only elevate executables that are signed and validated](security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md)
+###### [User Account Control: Only elevate UIAccess applications that are installed in secure locations](security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md)
+###### [User Account Control: Run all administrators in Admin Approval Mode](security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md)
+###### [User Account Control: Switch to the secure desktop when prompting for elevation](security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md)
+###### [User Account Control: Virtualize file and registry write failures to per-user locations](security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md)
+##### [Advanced security audit policy settings](security-policy-settings/secpol-advanced-security-audit-policy-settings.md)
+##### [User Rights Assignment](security-policy-settings/user-rights-assignment.md)
+###### [Access Credential Manager as a trusted caller](security-policy-settings/access-credential-manager-as-a-trusted-caller.md)
+###### [Access this computer from the network](security-policy-settings/access-this-computer-from-the-network.md)
+###### [Act as part of the operating system](security-policy-settings/act-as-part-of-the-operating-system.md)
+###### [Add workstations to domain](security-policy-settings/add-workstations-to-domain.md)
+###### [Adjust memory quotas for a process](security-policy-settings/adjust-memory-quotas-for-a-process.md)
+###### [Allow log on locally](security-policy-settings/allow-log-on-locally.md)
+###### [Allow log on through Remote Desktop Services](security-policy-settings/allow-log-on-through-remote-desktop-services.md)
+###### [Back up files and directories](security-policy-settings/back-up-files-and-directories.md)
+###### [Bypass traverse checking](security-policy-settings/bypass-traverse-checking.md)
+###### [Change the system time](security-policy-settings/change-the-system-time.md)
+###### [Change the time zone](security-policy-settings/change-the-time-zone.md)
+###### [Create a pagefile](security-policy-settings/create-a-pagefile.md)
+###### [Create a token object](security-policy-settings/create-a-token-object.md)
+###### [Create global objects](security-policy-settings/create-global-objects.md)
+###### [Create permanent shared objects](security-policy-settings/create-permanent-shared-objects.md)
+###### [Create symbolic links](security-policy-settings/create-symbolic-links.md)
+###### [Debug programs](security-policy-settings/debug-programs.md)
+###### [Deny access to this computer from the network](security-policy-settings/deny-access-to-this-computer-from-the-network.md)
+###### [Deny log on as a batch job](security-policy-settings/deny-log-on-as-a-batch-job.md)
+###### [Deny log on as a service](security-policy-settings/deny-log-on-as-a-service.md)
+###### [Deny log on locally](security-policy-settings/deny-log-on-locally.md)
+###### [Deny log on through Remote Desktop Services](security-policy-settings/deny-log-on-through-remote-desktop-services.md)
+###### [Enable computer and user accounts to be trusted for delegation](security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md)
+###### [Force shutdown from a remote system](security-policy-settings/force-shutdown-from-a-remote-system.md)
+###### [Generate security audits](security-policy-settings/generate-security-audits.md)
+###### [Impersonate a client after authentication](security-policy-settings/impersonate-a-client-after-authentication.md)
+###### [Increase a process working set](security-policy-settings/increase-a-process-working-set.md)
+###### [Increase scheduling priority](security-policy-settings/increase-scheduling-priority.md)
+###### [Load and unload device drivers](security-policy-settings/load-and-unload-device-drivers.md)
+###### [Lock pages in memory](security-policy-settings/lock-pages-in-memory.md)
+###### [Log on as a batch job](security-policy-settings/log-on-as-a-batch-job.md)
+###### [Log on as a service](security-policy-settings/log-on-as-a-service.md)
+###### [Manage auditing and security log](security-policy-settings/manage-auditing-and-security-log.md)
+###### [Modify an object label](security-policy-settings/modify-an-object-label.md)
+###### [Modify firmware environment values](security-policy-settings/modify-firmware-environment-values.md)
+###### [Perform volume maintenance tasks](security-policy-settings/perform-volume-maintenance-tasks.md)
+###### [Profile single process](security-policy-settings/profile-single-process.md)
+###### [Profile system performance](security-policy-settings/profile-system-performance.md)
+###### [Remove computer from docking station](security-policy-settings/remove-computer-from-docking-station.md)
+###### [Replace a process level token](security-policy-settings/replace-a-process-level-token.md)
+###### [Restore files and directories](security-policy-settings/restore-files-and-directories.md)
+###### [Shut down the system](security-policy-settings/shut-down-the-system.md)
+###### [Synchronize directory service data](security-policy-settings/synchronize-directory-service-data.md)
+###### [Take ownership of files or other objects](security-policy-settings/take-ownership-of-files-or-other-objects.md)
+
+
+
+
+
+
+### [Windows security baselines](windows-security-baselines.md)
 ### [Security Compliance Toolkit](security-compliance-toolkit-10.md)
 ### [Get support](get-support-for-security-baselines.md)
 
-## [Windows 10 Mobile security guide](windows-10-mobile-security-guide.md)
+### [Windows 10 Mobile security guide](windows-10-mobile-security-guide.md)
 
 ## [Change history for Threat protection](change-history-for-threat-protection.md)
diff --git a/windows/security/threat-protection/images/wdatp-pillars2.png b/windows/security/threat-protection/images/wdatp-pillars2.png
new file mode 100644
index 0000000000..60725244e5
Binary files /dev/null and b/windows/security/threat-protection/images/wdatp-pillars2.png differ
diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md
index f2c623bd85..b589ac9a69 100644
--- a/windows/security/threat-protection/index.md
+++ b/windows/security/threat-protection/index.md
@@ -10,19 +10,27 @@ ms.date: 02/05/2018
 ---
 
 # Threat Protection
+Windows Defender Advanced Threat Protection (ATP) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Windows Defender ATP protects endpoints from cyber threats; detects advanced attacks and data breaches, automates security incidents and improves security posture.
+
+![Windows Defender ATP components](images/wdatp-pillars2.png)
+
+The following capabilities are available across multiple products that make up the Windows Defender ATP platform. 
+
+**Attack surface reduction**<br>
+The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations. 
+
+**Next generation protection**<br>
+To further reinforce the security perimeter of your network, Windows Defender ATP uses next generation protection designed to catch all types of emerging threats.
+
+**Endpoint protection and response**<br>
+Endpoint protection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars. 
+
+**Auto investigation and remediation**<br>
+In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. 
+
+**Security posture**<br>
+Windows Defender ATP provides a security posture capability to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security state of your network.
+
+
 
-Learn more about how to help protect against threats in Windows 10 and Windows 10 Mobile.
 
-| Section | Description |
-|-|-|
-|[Windows Defender Security Center](windows-defender-security-center/windows-defender-security-center.md)|Learn about the easy-to-use app that brings together common Windows security features.|
-|[Windows Defender Advanced Threat Protection](windows-defender-atp/windows-defender-advanced-threat-protection.md)|Provides info about Windows Defender Advanced Threat Protection (Windows Defender ATP), an out-of-the-box Windows enterprise security service that enables enterprise cybersecurity teams to detect and respond to advanced threats on their networks.|
-|[Windows Defender Antivirus in Windows 10](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)|Provides info about Windows Defender Antivirus, a built-in antimalware solution that helps provide security and antimalware management for desktops, portable computers, and servers. Includes a list of system requirements and new features.|
-|[Windows Defender Application Guard](windows-defender-application-guard/wd-app-guard-overview.md)|Provides info about Windows Defender Application Guard, the hardware-based virtualization solution that helps to isolate a device and operating system from an untrusted browser session.|
-|[Windows Defender Application Control](windows-defender-application-control/windows-defender-application-control.md)|Explains how Windows Defender Application Control restricts the applications that users are allowed to run and the code that runs in the System Core (kernel).|
-|[Enable HVCI](windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md)|Explains how to enable HVCI to protect Windows kernel-mode processes against the injection and execution of malicious or unverified code.|
-|[Windows Defender Smart​Screen](windows-defender-smartscreen/windows-defender-smartscreen-overview.md) |Learn more about Windows Defender SmartScreen.|
-|[Mitigate threats by using Windows 10 security features](overview-of-threat-mitigations-in-windows-10.md) |Learn more about mitigating threats in Windows 10.|
-|[Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md) |Use Group Policy to override individual **Process Mitigation Options** settings and help to enforce specific app-related security policies.|
-|[Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-intrusion-detection.md) |Learn about an approach to collect events from devices in your organization. This article talks about events in both normal operations and when an intrusion is suspected. |
-|[Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md) |Provides info about how to help protect your company from attacks which may originate from untrusted or attacker controlled font files. |
diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md
index a8defba7ee..fafa4f08f0 100644
--- a/windows/security/threat-protection/windows-defender-atp/TOC.md
+++ b/windows/security/threat-protection/windows-defender-atp/TOC.md
@@ -1,4 +1,4 @@
-# [Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md)
+# [Windows Defender Security Center](windows-defender-security-center-atp.md)
 ##Get started
 ### [Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md)
 ### [Validate licensing and complete setup](licensing-windows-defender-advanced-threat-protection.md)
@@ -21,7 +21,7 @@
 ### [Run simulated attacks on machines](attack-simulations-windows-defender-advanced-threat-protection.md)
 ### [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
 ### [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
-## [Understand the Windows Defender ATP portal](use-windows-defender-advanced-threat-protection.md)
+## [Understand the portal](use-windows-defender-advanced-threat-protection.md)
 ### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
 ### [View the Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md)
 ### [View the Secure Score dashboard and improve your secure score](secure-score-dashboard-windows-defender-advanced-threat-protection.md)
@@ -165,7 +165,7 @@
 ### [Inactive machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
 ### [Misconfigured machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
 ### [Check service health](service-status-windows-defender-advanced-threat-protection.md)
-## [Configure Windows Defender ATP Settings](preferences-setup-windows-defender-advanced-threat-protection.md)
+## [Configure Windows Defender Security Center settings](preferences-setup-windows-defender-advanced-threat-protection.md)
 
 ###General
 #### [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md)
@@ -193,9 +193,9 @@
 #### [Onboarding machines](onboard-configure-windows-defender-advanced-threat-protection.md)
 #### [Offboarding machines](offboard-machines-windows-defender-advanced-threat-protection.md)
 
-## [Configure Windows Defender ATP time zone settings](time-settings-windows-defender-advanced-threat-protection.md)
+## [Configure Windows Defender Security Center zone settings](time-settings-windows-defender-advanced-threat-protection.md)
 
 ## [Access the Windows Defender ATP Community Center](community-windows-defender-advanced-threat-protection.md)
-## [Troubleshoot Windows Defender ATP](troubleshoot-windows-defender-advanced-threat-protection.md)
+## [Troubleshoot Windows Defender ATP service issues](troubleshoot-windows-defender-advanced-threat-protection.md)
 ### [Review events and errors on machines with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)
-## [Windows Defender Antivirus compatibility with Windows Defender ATP](defender-compatibility-windows-defender-advanced-threat-protection.md)
+
diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
index 28dc66fbb4..b414111b05 100644
--- a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
@@ -71,7 +71,7 @@ When you complete the integration steps on both portals, you'll be able to see r
 ## Office 365 Threat Intelligence connection
 This feature is only available if you have an active Office 365 E5 or the Threat Intelligence add-on. For more information, see the Office 365 Enterprise E5 product page.
 
-When you enable this feature, you'll be able to incorporate data from Office 365 Advanced Threat Protection into the Windows Defender ATP portal to conduct a holistic security investigation across Office 365 mailboxes and Windows machines.
+When you enable this feature, you'll be able to incorporate data from Office 365 Advanced Threat Protection into Windows Defender Security Center to conduct a holistic security investigation across Office 365 mailboxes and Windows machines.
 
 >[!NOTE]
 >You'll need to have the appropriate license to enable this feature. 
diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md
index f86299df06..538e981c02 100644
--- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md
@@ -134,7 +134,7 @@ These steps guide you on modifying and overwriting an existing query.
 
 The result set has several capabilities to provide you with effective investigation, including:
 
-- Columns that return entity-related objects, such as Machine name, Machine ID, File name, SHA1, User, IP, and URL, are linked to their entity pages in the Windows Defender ATP portal.
+- Columns that return entity-related objects, such as Machine name, Machine ID, File name, SHA1, User, IP, and URL, are linked to their entity pages in Windows Defender Security Center.
 - You can right-click on a cell in the result set and add a filter to your written query. The current filtering options are **include**, **exclude** or **advanced filter**, which provides additional filtering options on the cell value. These cell values are part of the row set. 
 
 ![Image of Windows Defender ATP Advanced hunting result set](images/atp-advanced-hunting-results-filter.png)
diff --git a/windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
index 8f108fac32..677b25564f 100644
--- a/windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
@@ -1,6 +1,6 @@
 ---
 title: Windows Defender ATP alert API fields
-description: Understand how the alert API fields map to the values in the Windows Defender ATP portal.
+description: Understand how the alert API fields map to the values in Windows Defender Security Center
 keywords: alerts, alert fields, fields, api, fields, pull alerts, rest api, request, response
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -28,7 +28,7 @@ ms.date: 10/16/2017
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-apiportalmapping-abovefoldlink) 
 
-Understand what data fields are exposed as part of the alerts API and how they map to the Windows Defender ATP portal.
+Understand what data fields are exposed as part of the alerts API and how they map to Windows Defender Security Center.
 
 
 ##	Alert API fields and portal mapping
diff --git a/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md
index 0be5072e10..e948d94905 100644
--- a/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md
@@ -1,5 +1,5 @@
 ---
-title: Assign user access to the Windows Defender ATP portal
+title: Assign user access to Windows Defender Security Center
 description: Assign read and write or read only access to the Windows Defender Advanced Threat Protection portal.
 keywords: assign user roles, assign read and write access, assign read only access, user, user roles, roles
 search.product: eADQiWindows 10XVcnh
@@ -13,7 +13,7 @@ ms.localizationpriority: medium
 ms.date: 04/24/2018
 ---
 
-# Assign user access to the Windows Defender ATP portal
+# Assign user access to Windows Defender Security Center
 **Applies to:**
 
 - Windows 10 Enterprise
diff --git a/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md
index 72c39bb7dd..295192756c 100644
--- a/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md
@@ -30,7 +30,7 @@ There are several spaces you can explore to learn about specific information:
 
 
 There are several ways you can access the Community Center:
-- In the Windows Defender ATP portal navigation pane, select **Community center**.  A new browser tab opens and takes you to the Windows Defender ATP Tech Community page. 
+- In the Windows Defender Security Center navigation pane, select **Community center**.  A new browser tab opens and takes you to the Windows Defender ATP Tech Community page. 
 - Access the community through the [Windows Defender Advanced Threat Protection Tech Community](https://techcommunity.microsoft.com/t5/Windows-Defender-Advanced-Threat/ct-p/WindowsDefenderAdvanced) page
 
 
diff --git a/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md
index 1443633294..432cfcfa13 100644
--- a/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md
@@ -88,13 +88,13 @@ You need to make sure that all your devices are enrolled in Intune. You can use
 
 
 
-There are steps you'll need to take in the Windows Defender ATP portal, the Intune portal, and Azure AD portal.
+There are steps you'll need to take in Windows Defender Security Center, the Intune portal, and Azure AD portal.
 
 > [!NOTE] 
 > You'll need a Microsoft Intune environment, with Intune managed and Azure AD joined Windows 10 devices.
 
 Take the following steps to enable conditional access:
-- Step 1: Turn on the Microsoft Intune connection from the Windows Defender ATP portal
+- Step 1: Turn on the Microsoft Intune connection from Windows Defender Security Center
 - Step 2: Turn on the Windows Defender ATP integration in Intune
 - Step 3: Create the compliance policy in Intune
 - Step 4: Assign the policy 
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md
index 6854feeff6..c4633c09c3 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md
@@ -1,6 +1,6 @@
 ---
 title: Configure HP ArcSight to pull Windows Defender ATP alerts
-description: Configure HP ArcSight to receive and pull alerts from the Windows Defender ATP portal.
+description: Configure HP ArcSight to receive and pull alerts from Windows Defender Security Center
 keywords: configure hp arcsight, security information and events management tools, arcsight
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
index 4d3e7b1cbb..980252189b 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
@@ -34,7 +34,7 @@ ms.date: 04/24/2018
 > To use Group Policy (GP) updates to deploy the package, you must be on Windows Server 2008 R2 or later.
 
 ## Onboard machines using Group Policy
-1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Windows Defender Security Center](https://securitycenter.windows.com/):
  
     a.  In the navigation pane, select **Settings** > **Onboarding**.
 
@@ -64,7 +64,7 @@ ms.date: 04/24/2018
 > After onboarding the machine, you can choose to run a detection test to verify that the machine is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP machine](run-detection-test-windows-defender-advanced-threat-protection.md).
 
 ## Additional Windows Defender ATP configuration settings
-For each machine, you can state whether samples can be collected from the machine when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.
+For each machine, you can state whether samples can be collected from the machine when a request is made through Windows Defender Security Center to submit a file for deep analysis.
 
 You can use Group Policy (GP) to configure settings, such as settings for the sample sharing used in the deep analysis feature.
 
@@ -120,7 +120,7 @@ For security reasons, the package used to Offboard machines will expire 30 days
 > [!NOTE]
 > Onboarding and offboarding policies must not be deployed on the same machine at the same time, otherwise this will cause unpredictable collisions.
 
-1.	Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+1.	Get the offboarding package from [Windows Defender Security Center](https://securitycenter.windows.com/):
 
     a. In the navigation pane, select **Settings** > **Offboarding**.
 
@@ -154,7 +154,7 @@ For security reasons, the package used to Offboard machines will expire 30 days
 With Group Policy there isn’t an option to monitor deployment of policies on the machines. Monitoring can be done directly on the portal, or by using the different deployment tools.
 
 ## Monitor machines using the portal
-1.	Go to the [Windows Defender ATP portal](https://securitycenter.windows.com/).
+1.	Go to [Windows Defender Security Center](https://securitycenter.windows.com/).
 2.	Click **Machines list**.
 3.	Verify that machines are appearing.
 
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
index 9decf3868e..83f63e9c62 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
@@ -54,7 +54,7 @@ For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThre
     - **Onboard Configuration Package**: Browse and select the **WindowsDefenderATP.onboarding** file you downloaded. This file enables a setting so devices can report to the Windows Defender ATP service.
     - **Sample sharing for all files**: Allows samples to be collected, and shared with Windows Defender ATP. For example, if you see a suspicious file, you can submit it to Windows Defender ATP for deep analysis.
     - **Expedite telemetry reporting frequency**: For devices that are at high risk, enable this setting so it reports telemetry to the Windows Defender ATP service more frequently.
-    - **Offboard Configuration Package**: If you want to remove Windows Defender ATP monitoring, you can download an offboarding package from the Windows Defender ATP portal, and add it. Otherwise, skip this property.
+    - **Offboard Configuration Package**: If you want to remove Windows Defender ATP monitoring, you can download an offboarding package from Windows Defender Security Center, and add it. Otherwise, skip this property.
    
 7. Select **OK**, and **Create** to save your changes, which creates the profile.
 
@@ -62,7 +62,7 @@ For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThre
 
 ### Onboard and monitor machines using the classic Intune console
 
-1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Windows Defender Security Center](https://securitycenter.windows.com/):
 
     a. In the navigation pane, select **Settings** > **Onboarding**.
 
@@ -145,7 +145,7 @@ For security reasons, the package used to Offboard machines will expire 30 days
 > [!NOTE]
 > Onboarding and offboarding policies must not be deployed on the same machine at the same time, otherwise this will cause unpredictable collisions.
 
-1.	Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+1.	Get the offboarding package from [Windows Defender Security Center](https://securitycenter.windows.com/):
 
    a. In the navigation pane, select **Settings** > **Offboarding**.
 
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md
index ae90065fd3..71b333c546 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md
@@ -24,7 +24,7 @@ ms.date: 04/24/2018
 
 
 
-Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the Windows Defender ATP portal and better protect your organization's network. This experience leverages on a third-party security products’ sensor data. 
+Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Windows Defender Security Center and better protect your organization's network. This experience leverages on a third-party security products’ sensor data. 
 
 You'll need to know the exact Linux distros and macOS X versions that are compatible with Windows Defender ATP for the integration to work. 
 
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
index 04552bb241..cbc1b85dda 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
@@ -47,7 +47,7 @@ You can use existing System Center Configuration Manager functionality to create
 ### Onboard machines using System Center Configuration Manager
 
 
-1. Open the SCCM configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+1. Open the SCCM configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Windows Defender Security Center](https://securitycenter.windows.com/):
 
     a. In the navigation pane, select **Settings** > **Onboarding**.
     
@@ -70,7 +70,7 @@ You can use existing System Center Configuration Manager functionality to create
 > After onboarding the machine, you can choose to run a detection test to verify that an machine is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP machine](run-detection-test-windows-defender-advanced-threat-protection.md).
 
 ### Configure sample collection settings
-For each machine, you can set a configuration value to state whether samples can be collected from the machine when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.
+For each machine, you can set a configuration value to state whether samples can be collected from the machine when a request is made through Windows Defender Security Center to submit a file for deep analysis.
 
 You can set a compliance rule for configuration item in System Center Configuration Manager to change the sample share setting on a machine.
 This rule should be a *remediating* compliance rule configuration item that sets the value of a registry key on targeted machines to make sure they’re complaint.
@@ -125,7 +125,7 @@ For security reasons, the package used to Offboard machines will expire 30 days
 > [!NOTE]
 > Onboarding and offboarding policies must not be deployed on the same machine at the same time, otherwise this will cause unpredictable collisions.
 
-1.	Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+1.	Get the offboarding package from [Windows Defender Security Center](https://securitycenter.windows.com/):
 
     a. In the navigation pane, select **Settings** >  **Offboarding**.
 
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md
index 1ccd8fbdf2..8236a40cf4 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md
@@ -34,7 +34,7 @@ You can also manually onboard individual machines to Windows Defender ATP. You m
 > The script has been optimized to be used on a limited number of machines (1-10 machines). To deploy to scale, use other deployment options. For more information on using other deployment options, see [Onboard Window 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
 
 ## Onboard machines 
-1.  Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+1.  Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Windows Defender Security Center](https://securitycenter.windows.com/):
 
     a.  In the navigation pane, select **Settings** > **Onboarding**.
 
@@ -66,7 +66,7 @@ For information on how you can manually validate that the machine is compliant a
 > After onboarding the machine, you can choose to run a detection test to verify that an machine is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
 
 ## Configure sample collection settings
-For each machine, you can set a configuration value to state whether samples can be collected from the machine when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.
+For each machine, you can set a configuration value to state whether samples can be collected from the machine when a request is made through Windows Defender Security Center to submit a file for deep analysis.
 
 You can manually configure the sample sharing setting on the machine by using *regedit* or creating and running a *.reg* file.  
 
@@ -92,7 +92,7 @@ For security reasons, the package used to Offboard machines will expire 30 days
 > [!NOTE]
 > Onboarding and offboarding policies must not be deployed on the same machine at the same time, otherwise this will cause unpredictable collisions.
 
-1.	Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+1.	Get the offboarding package from [Windows Defender Security Center](https://securitycenter.windows.com/):
 
     a.  In the navigation pane, select **Settings** > **Offboarding**.
 
@@ -126,7 +126,7 @@ You can follow the different verification steps in the [Troubleshoot onboarding
 Monitoring can also be done directly on the portal, or by using the different deployment tools.
 
 ### Monitor machines using the portal
-1.	Go to the Windows Defender ATP portal.
+1.	Go to Windows Defender Security Center.
 
 2.	Click **Machines list**.
 
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
index c26f608d94..7f15b0fc5c 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
@@ -38,7 +38,7 @@ You can onboard VDI machines using a single entry or multiple entries for each m
 >[!WARNING]
 > For environments where there are low resource configurations, the VDI boot proceedure might slow the Windows Defender ATP sensor onboarding. 
 
-1.  Open the VDI configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+1.  Open the VDI configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Windows Defender Security Center](https://securitycenter.windows.com/):
 
     a.  In the navigation pane, select **Settings** > **Onboarding**.
 
@@ -78,8 +78,8 @@ You can onboard VDI machines using a single entry or multiple entries for each m
 
       d. Logon to machine with another user.
       
-      e. **For single entry for each machine**: Check only one entry in the Windows Defender ATP portal.<br>
-    **For multiple entries for each machine**: Check multiple entries in the Windows Defender ATP portal.
+      e. **For single entry for each machine**: Check only one entry in Windows Defender Security Center.<br>
+    **For multiple entries for each machine**: Check multiple entries in Windows Defender Security Center.
 
 7. Click **Machines list** on the Navigation pane.
 
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md
index 1866f253bb..c0ae298a7a 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
-ms.date: 04/24/2018
+ms.date: 07/12/2018
 ---
 
 # Onboard Windows 10 machines
@@ -27,7 +27,7 @@ ms.date: 04/24/2018
 
 Machines in your organization must be configured so that the Windows Defender ATP service can get sensor data from them. There are various methods and deployment tools that you can use to configure the machines in your organization.
 
-Windows Defender ATP supports the following deployment tools and methods:
+The following deployment tools and methods are supported:
 
 - Group Policy
 - System Center Configuration Manager
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
index 0941965015..22fd6a1f44 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
@@ -91,9 +91,9 @@ If a proxy or firewall is blocking all traffic by default and allowing only spec
 Service location | Microsoft.com DNS record
 :---|:---
 Common URLs for all locations | ```*.blob.core.windows.net``` <br>```crl.microsoft.com```<br> ```ctldl.windowsupdate.com``` <br>```events.data.microsoft.com```
-US | ```us.vortex-win.data.microsoft.com```<br> ```us-v20.events.data.microsoft.com```<br>```winatp-gw-cus.microsoft.com``` <br>```winatp-gw-eus.microsoft.com```
-Europe | ```eu.vortex-win.data.microsoft.com```<br>```eu-v20.events.data.microsoft.com```<br>```winatp-gw-neu.microsoft.com```<br>```winatp-gw-weu.microsoft.com```
-UK | ```uk.vortex-win.data.microsoft.com``` <br>```uk-v20.events.data.microsoft.com```<br>```winatp-gw-uks.microsoft.com```<br>```winatp-gw-ukw.microsoft.com```
+European Union | ```eu.vortex-win.data.microsoft.com```<br>```eu-v20.events.data.microsoft.com```<br>```winatp-gw-neu.microsoft.com```<br>```winatp-gw-weu.microsoft.com```
+United Kingdom | ```uk.vortex-win.data.microsoft.com``` <br>```uk-v20.events.data.microsoft.com```<br>```winatp-gw-uks.microsoft.com```<br>```winatp-gw-ukw.microsoft.com```
+United States | ```us.vortex-win.data.microsoft.com```<br> ```us-v20.events.data.microsoft.com```<br>```winatp-gw-cus.microsoft.com``` <br>```winatp-gw-eus.microsoft.com```
 
 
 If a proxy or firewall is blocking anonymous traffic, as Windows Defender ATP  sensor is connecting from system context, make sure anonymous traffic is permitted in the above listed URLs.
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
index e174b920d6..5947c3167a 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
@@ -27,7 +27,7 @@ ms.date: 05/08/2018
 
 Windows Defender ATP extends support to also include the Windows Server operating system, providing advanced attack detection and investigation capabilities, seamlessly through the Windows Defender Security Center console.
 
-Windows Defender ATP supports the onboarding of the following servers:
+The service supports the onboarding of the following servers:
 - Windows Server 2012 R2
 - Windows Server 2016
 - Windows Server, version 1803
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md
index a7014a264b..f499b17917 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md
@@ -57,6 +57,6 @@ Topic | Description
 [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)| Learn about enabling the SIEM integration feature in the **Settings** page in the portal so that you can use and generate the required information to configure supported SIEM tools.
 [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)| Learn about installing the REST API Modular Input app and other configuration settings to enable Splunk to pull Windows Defender ATP alerts.
 [Configure HP ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)| Learn about installing the HP ArcSight REST FlexConnector package and the files you need to configure ArcSight to pull Windows Defender ATP alerts.
-[Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) | Understand what data fields are exposed as part of the alerts API and how they map to the Windows Defender ATP portal.
+[Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) | Understand what data fields are exposed as part of the alerts API and how they map to Windows Defender Security Center.
 [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md) | Use the Client credentials OAuth 2.0 flow to pull alerts from Windows Defender ATP using REST API.
 [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md) | Address issues you might encounter when using the SIEM integration feature.
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md
index 922db1acba..ed37cdaedb 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md
@@ -1,6 +1,6 @@
 ---
 title: Configure Splunk to pull Windows Defender ATP alerts
-description: Configure Splunk to receive and pull alerts from the Windows Defender ATP portal.
+description: Configure Splunk to receive and pull alerts from Windows Defender Security Center.
 keywords: configure splunk, security information and events management tools, splunk
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
diff --git a/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md
index 4274ab7f39..43933756ec 100644
--- a/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md
@@ -135,7 +135,7 @@ Content-Type: application/json;
 }
 ```
 
-The following values correspond to the alert sections surfaced on the Windows Defender ATP portal:
+The following values correspond to the alert sections surfaced on Windows Defender Security Center:
 ![Image of alert from the portal](images/atp-custom-ti-mapping.png)
 
 Highlighted section | JSON key name
diff --git a/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md
index b77656d1fc..1d1154af3b 100644
--- a/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md
@@ -27,7 +27,7 @@ ms.date: 04/24/2018
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-enablecustomti-abovefoldlink) 
 
-Before you can create custom threat intelligence (TI) using REST API, you'll need to set up the custom threat intelligence application through the Windows Defender ATP portal.
+Before you can create custom threat intelligence (TI) using REST API, you'll need to set up the custom threat intelligence application through Windows Defender Security Center.
 
 1. In the navigation pane, select **Settings** >  **Threat intel**.
 
diff --git a/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md
index 6ad34e8a8f..44e55b2b9b 100644
--- a/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md
@@ -27,7 +27,7 @@ ms.date: 04/24/2018
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-enablesiem-abovefoldlink) 
 
-Enable security information and event management (SIEM) integration so you can pull alerts from the Windows Defender ATP portal using your SIEM solution or by connecting directly to the alerts REST API.
+Enable security information and event management (SIEM) integration so you can pull alerts from Windows Defender Security Center using your SIEM solution or by connecting directly to the alerts REST API.
 
 1. In the navigation pane, select **Settings** > **SIEM**.
 
@@ -55,7 +55,7 @@ Enable security information and event management (SIEM) integration so you can p
   > [!NOTE]
   > You'll need to generate a new Refresh token every 90 days. 
 
-You can now proceed with configuring your SIEM solution or connecting to the alerts REST API through programmatic access. You'll need to use the tokens when configuring your SIEM solution to allow it to receive alerts from the Windows Defender ATP portal.
+You can now proceed with configuring your SIEM solution or connecting to the alerts REST API through programmatic access. You'll need to use the tokens when configuring your SIEM solution to allow it to receive alerts from Windows Defender Security Center.
 
 
 
diff --git a/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md
index bbbdb8c3b5..137a1b8070 100644
--- a/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md
@@ -139,7 +139,7 @@ This step will guide you in simulating an event in connection to a malicious IP
 ## Step 4: Explore the custom alert in the portal
 This step will guide you in exploring the custom alert in the portal.
 
-1.	Open the [Windows Defender ATP portal](http://securitycenter.windows.com/) on a browser.
+1.	Open [Windows Defender Security Center](http://securitycenter.windows.com/) on a browser.
 
 2.	Log in with your Windows Defender ATP credentials.
 
diff --git a/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
index e0888ae096..8d04e19940 100644
--- a/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
@@ -37,7 +37,7 @@ An inactive machine is not necessarily flagged due to an issue. The following ac
 If the machine has not been in use for more than 7 days for any reason, it will remain in an ‘Inactive’ status in the portal.
 
 **Machine was reinstalled or renamed**</br>
-A reinstalled or renamed machine will generate a new machine entity in Windows Defender ATP portal. The previous machine entity will remain with an ‘Inactive’ status in the portal. If you reinstalled a machine and deployed the Windows Defender ATP package, search for the new machine name to verify that the machine is reporting normally.
+A reinstalled or renamed machine will generate a new machine entity in Windows Defender Security Center. The previous machine entity will remain with an ‘Inactive’ status in the portal. If you reinstalled a machine and deployed the Windows Defender ATP package, search for the new machine name to verify that the machine is reporting normally.
 
 **Machine was offboarded**</br>
 If the machine was offboarded it will still appear in machines list. After 7 days, the machine health state should change to inactive.
diff --git a/windows/security/threat-protection/windows-defender-atp/images/WDATP-components.png b/windows/security/threat-protection/windows-defender-atp/images/WDATP-components.png
new file mode 100644
index 0000000000..51f4335265
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/WDATP-components.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/components.png b/windows/security/threat-protection/windows-defender-atp/images/components.png
index 04ab864727..0ddc52f5d3 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/components.png and b/windows/security/threat-protection/windows-defender-atp/images/components.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/wdatp-pillars.png b/windows/security/threat-protection/windows-defender-atp/images/wdatp-pillars.png
new file mode 100644
index 0000000000..06ad5e6ed2
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/wdatp-pillars.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/wdatp-pillars2.png b/windows/security/threat-protection/windows-defender-atp/images/wdatp-pillars2.png
new file mode 100644
index 0000000000..60725244e5
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/wdatp-pillars2.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md
index ee311f4d0e..778f8d48b4 100644
--- a/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md
@@ -50,9 +50,9 @@ To gain access into which licenses are provisioned to your company, and to check
 
    ![Image of O365 admin portal](images\atp-O365-admin-portal-customer.png)
 
-## Access the Windows Defender ATP portal for the first time
+## Access Windows Defender Security Center for the first time
 
-When accessing the [Windows Defender ATP portal](https://SecurityCenter.Windows.com) for the first time there will be a setup wizard that will guide you through some initial steps. At the end of the setup wizard there will be a dedicated cloud instance of Windows Defender ATP created.
+When accessing [Windows Defender Security Center](https://SecurityCenter.Windows.com) for the first time there will be a setup wizard that will guide you through some initial steps. At the end of the setup wizard there will be a dedicated cloud instance of Windows Defender ATP created.
 
 1. Each time you access the portal you will need to validate that you are authorized to access the product. This **Set up your permissions** step will only be available if you are not currently authorized to access the product.
 
@@ -64,7 +64,7 @@ When accessing the [Windows Defender ATP portal](https://SecurityCenter.Windows.
 
 	![Image of Welcome screen for portal set up](images\atp-portal-welcome-screen.png)
 
-	You will need to set up your preferences for the Windows Defender ATP portal.
+	You will need to set up your preferences for Windows Defender Security Center.
 
 3. When onboarding the service for the first time, you can choose to store your data in the Microsoft Azure datacenters in the European Union, the United Kingdom, or the United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Microsoft will not transfer the data from the specified geolocation.
 
@@ -108,11 +108,11 @@ When accessing the [Windows Defender ATP portal](https://SecurityCenter.Windows.
 8. You will receive a warning notifying you that you won't be able to change some of your preferences once you click **Continue**.
 
 	> [!NOTE]
-	> Some of these options can be changed at a later time in the Windows Defender ATP portal.
+	> Some of these options can be changed at a later time in Windows Defender Security Center.
 
 	![Image of final preference set up](images\atp-final-preference-setup.png)
 
-9. A dedicated cloud instance of the Windows Defender ATP portal is being created at this time. This step will take an average of 5 minutes to complete.
+9. A dedicated cloud instance of Windows Defender Security Center portal is being created at this time. This step will take an average of 5 minutes to complete.
 
 	![Image of Windows Defender ATP cloud instance](images\atp-windows-cloud-instance-creation.png)
 
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
index 7f2592ffce..4860f91956 100644
--- a/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
@@ -57,7 +57,7 @@ Whenever a change or comment is made to an alert, it is recorded in the **Commen
 Added comments instantly appear on the pane.
 
 ## Suppress alerts
-There might be scenarios where you need to suppress alerts from appearing in the Windows Defender ATP portal. Windows Defender ATP lets you create suppression rules for specific alerts that are known to be innocuous such as known tools or processes in your organization. 
+There might be scenarios where you need to suppress alerts from appearing in Windows Defender Security Center. Windows Defender ATP lets you create suppression rules for specific alerts that are known to be innocuous such as known tools or processes in your organization. 
 
 Suppression rules can be created from an existing alert. They can be disabled and reenabled if needed.
 
diff --git a/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
index 0316cfd397..2c3da444dd 100644
--- a/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
@@ -9,8 +9,8 @@ ms.sitesec: library
 ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
-ms.localizationpriority: medium
-ms.date: 06/15/2018
+ms.localizationpriority: high
+ms.date: 07/01/2018
 ---
 
 # Minimum requirements for Windows Defender ATP
@@ -23,17 +23,11 @@ ms.date: 06/15/2018
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
-
 There are some minimum requirements for onboarding machines to the service.
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-minreqs-abovefoldlink)
 
-## Minimum requirements
-You must be on Windows 10, version 1607 at a minimum.
-For more information, see [Windows 10 Enterprise edition](https://www.microsoft.com/en-us/WindowsForBusiness/buy).
-
-### Licensing requirements
+## Licensing requirements
 Windows Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers:
 
 - Windows 10 Enterprise E5
@@ -42,105 +36,7 @@ Windows Defender Advanced Threat Protection requires one of the following Micros
 
 For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2).
 
-### Browser requirements
-Internet Explorer and Microsoft Edge are supported. Any HTML5 compliant browsers are also supported. 
-
-### Network and data storage and configuration requirements
-When you run the onboarding wizard for the first time, you must choose where your Windows Defender Advanced Threat Protection-related information is stored: in the European Union, the United Kingdom, or the United States datacenter.
-
-> [!NOTE]
-> -   You cannot change your data storage location after the first-time setup.
-> -   Review the [Windows Defender ATP data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md) for more information on where and how Microsoft stores your data.
-
-### Hardware and software requirements
-
-The Windows Defender ATP agent only supports the following editions of Windows 10:
-
-- Windows 10 Enterprise
-- Windows 10 Education
-- Windows 10 Pro
-- Windows 10 Pro Education
-
-Machines on your network must be running one of these editions.
-
-The hardware requirements for Windows Defender ATP on machines is the same as those for the supported editions.
-
-> [!NOTE]
-> Machines that are running mobile versions of Windows are not supported.
-
-#### Internet connectivity
-Internet connectivity on machines is required either directly or through proxy.
-
-The Windows Defender ATP sensor can utilize a daily average bandwidth of 5MB to communicate with the Windows Defender ATP cloud service and report cyber data.
-
-For more information on additional proxy configuration settings see, [Configure machine proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) .
-
-Before you onboard machines, the diagnostic data service must be enabled. The service is enabled by default in Windows 10.
-
-<span id="telemetry-and-diagnostics-settings" />
-### Diagnostic data settings
-You must ensure that the diagnostic data service is enabled on all the machines in your organization.
-By default, this service is enabled, but it's good practice to check to ensure that you'll get sensor data from them.
-
-**Use the command line to check the Windows 10 diagnostic data service startup type**:
-
-1.  Open an elevated command-line prompt on the machine:
-
-  a.  Go to **Start** and type **cmd**.
-
-  b.  Right-click **Command prompt** and select **Run as administrator**.
-
-2.  Enter the following command, and press **Enter**:
-
-    ```text
-    sc qc diagtrack
-    ```
-
-If the service is enabled, then the result should look like the following screenshot:
-
-![Result of the sc query command for diagtrack](images/windefatp-sc-qc-diagtrack.png)
-
-If the **START_TYPE** is not set to **AUTO_START**, then you'll need to set the service to automatically start.
-
-
-
-**Use the command line to set the Windows 10 diagnostic data service to automatically start:**
-
-1.  Open an elevated command-line prompt on the endpoint:
-
-	  a. Go to **Start** and type **cmd**.
-
-    b. Right-click **Command prompt** and select **Run as administrator**.
-
-2.  Enter the following command, and press **Enter**:
-
-    ```text
-    sc config diagtrack start=auto
-    ```
-
-3.  A success message is displayed. Verify the change by entering the following command, and press **Enter**:
-
-    ```text
-    sc qc diagtrack
-    ```
-
-## Windows Defender Antivirus signature updates are configured
-The Windows Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them. 
-
-You must configure the signature updates on the Windows Defender ATP machines whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md).
-
-When Windows Defender Antivirus is not the active antimalware in your organization and you use the Windows Defender ATP service, Windows Defender Antivirus goes on passive mode. If your organization has disabled Windows Defender Antivirus through group policy or other methods, machines that are onboarded to Windows Defender ATP must be excluded from this group policy.
-
-Depending on the server version you're onboarding, you might need to configure a Group Policy setting to run on passive mode. For more information, see [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md).
-
-For more information, see [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
-
-## Windows Defender Antivirus Early Launch Antimalware (ELAM) driver is enabled
-If you're running Windows Defender Antivirus as the primary antimalware product on your machines, the Windows Defender ATP agent will successfully onboard.
-
-If you're running a third-party antimalware client and use Mobile Device Management solutions or System Center Configuration Manager (current branch) version 1606, you'll need to ensure that the Windows Defender Antivirus ELAM driver is enabled. For more information, see [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy).
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=technet-wd-atp-minreq-belowfoldlink1)
 
 ## Related topic
 - [Validate licensing and complete setup](licensing-windows-defender-advanced-threat-protection.md)
+- [Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
index 1c84acc786..97d408e645 100644
--- a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
@@ -9,8 +9,8 @@ ms.sitesec: library
 ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
-ms.localizationpriority: medium
-ms.date: 06/19/2018
+ms.localizationpriority: high
+ms.date: 07/01/2018
 ---
 
 # Onboard machines to the Windows Defender ATP service
@@ -18,14 +18,14 @@ ms.date: 06/19/2018
 **Applies to:**
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
-
 You need to onboard machines to Windows Defender ATP before you can use the service.
 
 For more information, see [Onboard your Windows 10 machines to Windows Defender ATP](https://www.youtube.com/watch?v=JT7VGYfeRlA&feature=youtu.be).
 
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
+
 ## Licensing requirements
 Windows Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers:
 
@@ -60,11 +60,77 @@ The hardware requirements for Windows Defender ATP on machines is the same as th
 
 
 ### Other supported operating systems
+-  macOSX
+-  Linux
+
 >[!NOTE]
 >You'll need to know the exact Linux distros and macOS X versions that are compatible with Windows Defender ATP for the integration to work. 
 
--  macOS X
--  Linux
+
+### Network and data storage and configuration requirements
+When you run the onboarding wizard for the first time, you must choose where your Windows Defender Advanced Threat Protection-related information is stored: in the European Union, the United Kingdom, or the United States datacenter.
+
+> [!NOTE]
+> -   You cannot change your data storage location after the first-time setup.
+> -   Review the [Windows Defender ATP data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md) for more information on where and how Microsoft stores your data.
+
+<span id="telemetry-and-diagnostics-settings" />
+### Diagnostic data settings
+You must ensure that the diagnostic data service is enabled on all the machines in your organization.
+By default, this service is enabled, but it's good practice to check to ensure that you'll get sensor data from them.
+
+**Use the command line to check the Windows 10 diagnostic data service startup type**:
+
+1.  Open an elevated command-line prompt on the machine:
+
+  a.  Go to **Start** and type **cmd**.
+
+  b.  Right-click **Command prompt** and select **Run as administrator**.
+
+2.  Enter the following command, and press **Enter**:
+
+    ```text
+    sc qc diagtrack
+    ```
+
+If the service is enabled, then the result should look like the following screenshot:
+
+![Result of the sc query command for diagtrack](images/windefatp-sc-qc-diagtrack.png)
+
+If the **START_TYPE** is not set to **AUTO_START**, then you'll need to set the service to automatically start.
+
+
+
+**Use the command line to set the Windows 10 diagnostic data service to automatically start:**
+
+1.  Open an elevated command-line prompt on the endpoint:
+
+	  a. Go to **Start** and type **cmd**.
+
+    b. Right-click **Command prompt** and select **Run as administrator**.
+
+2.  Enter the following command, and press **Enter**:
+
+    ```text
+    sc config diagtrack start=auto
+    ```
+
+3.  A success message is displayed. Verify the change by entering the following command, and press **Enter**:
+
+    ```text
+    sc qc diagtrack
+    ```
+
+
+
+#### Internet connectivity
+Internet connectivity on machines is required either directly or through proxy.
+
+The Windows Defender ATP sensor can utilize a daily average bandwidth of 5MB to communicate with the Windows Defender ATP cloud service and report cyber data.
+
+For more information on additional proxy configuration settings see, [Configure machine proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) .
+
+Before you onboard machines, the diagnostic data service must be enabled. The service is enabled by default in Windows 10.
 
 
 ## Windows Defender Antivirus configuration requirement
@@ -79,14 +145,19 @@ If you are onboarding servers and Windows Defender Antivirus is not the active a
 
 For more information, see [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
 
+## Windows Defender Antivirus Early Launch Antimalware (ELAM) driver is enabled
+If you're running Windows Defender Antivirus as the primary antimalware product on your machines, the Windows Defender ATP agent will successfully onboard.
+
+If you're running a third-party antimalware client and use Mobile Device Management solutions or System Center Configuration Manager (current branch) version 1606, you'll need to ensure that the Windows Defender Antivirus ELAM driver is enabled. For more information, see [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy).
+
 
 ## In this section
 Topic | Description
 :---|:---
-[Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md) | You'll need to onboard machines for it to report to the Windows Defender ATP service. Learn about the tools and methods you can use to configure machines in your enterprise.
 [Onboard previous versions of Windows](onboard-downlevel-windows-defender-advanced-threat-protection.md)| Onboard Windows 7 and Windows 8.1 machines to Windows Defender ATP. 
-[Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md) |  Onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP. 
-[Onboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md) | Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the Windows Defender ATP portal and better protect your organization's network. This experience leverages on a third-party security products' sensor data. 
+[Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md) | You'll need to onboard machines for it to report to the Windows Defender ATP service. Learn about the tools and methods you can use to configure machines in your enterprise.
+[Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md) |  Onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP 
+[Onboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md) | Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Windows Defender Security Center and better protect your organization's network. This experience leverages on a third-party security products' sensor data. 
 [Run a detection test on a newly onboarded machine](run-detection-test-windows-defender-advanced-threat-protection.md) | Run a script on a newly onboarded machine to verify that it is properly reporting to the Windows Defender ATP service.
 [Configure proxy and Internet settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)| Enable communication with the Windows Defender ATP cloud service by configuring the proxy and Internet connectivity settings.
 [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) | Learn about resolving issues that might arise during onboarding.
diff --git a/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
index ebbbabf5d5..bbee7b2a62 100644
--- a/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
 ---
 title: Windows Defender Advanced Threat Protection portal overview
-description: Use the Windows Defender ATP portal to monitor your enterprise network and assist in responding to alerts to potential advanced persistent threat (APT) activity or data breaches.
-keywords: Windows Defender ATP portal, portal, cybersecurity threat intelligence, dashboard, alerts queue, machines list, settings, machine management, advanced attacks
+description: Use Windows Defender Security Center to monitor your enterprise network and assist in responding to alerts to potential advanced persistent threat (APT) activity or data breaches.
+keywords: Windows Defender Security Center, portal, cybersecurity threat intelligence, dashboard, alerts queue, machines list, settings, machine management, advanced attacks
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -27,14 +27,14 @@ ms.date: 04/24/2018
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) 
 
-Enterprise security teams can use the Windows Defender ATP portal to monitor and assist in responding to alerts of potential advanced persistent threat (APT) activity or data breaches.
+Enterprise security teams can use Windows Defender Security Center to monitor and assist in responding to alerts of potential advanced persistent threat (APT) activity or data breaches.
 
-You can use the [Windows Defender ATP portal](https://securitycenter.windows.com/) to:
+You can use [Windows Defender Security Center](https://securitycenter.windows.com/) to:
 - View, sort, and triage alerts from your endpoints
 - Search for more information on observed indicators such as files and IP Addresses
 - Change Windows Defender ATP settings, including time zone and review licensing information.
 
-## Windows Defender ATP portal
+## Windows Defender Security Center
 When you open the portal, you’ll see the main areas of the application:
 
  ![Windows Defender Advanced Threat Protection portal](images/dashboard.png)
diff --git a/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md
index c31724c417..ee949dfc75 100644
--- a/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md
@@ -35,7 +35,7 @@ You can easily get started by:
 - Creating a dashboard on the Power BI service 
 - Building a custom dashboard on Power BI Desktop and tweaking it to fit the visual analytics and reporting requirements of your organization 
 
-You can access these options from the Windows Defender ATP portal. Both the Power BI service and Power BI Desktop are supported. 
+You can access these options from Windows Defender Security Center. Both the Power BI service and Power BI Desktop are supported. 
 
 ## Create a Windows Defender ATP dashboard on Power BI service
 Windows Defender ATP makes it easy to create a Power BI dashboard by providing an option straight from the portal. 
diff --git a/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md
index a9f374c00d..769e84dfb8 100644
--- a/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md
@@ -1,5 +1,5 @@
 ---
-title: Configure Windows Defender ATP settings
+title: Configure Windows Defender Security Center settings
 description: Use the settings page to configure general settings, permissions, apis, and rules.
 keywords: settings, general settings, permissions, apis, rules
 search.product: eADQiWindows 10XVcnh
@@ -12,7 +12,7 @@ author: mjcaparas
 ms.localizationpriority: medium
 ms.date: 04/24/2018
 ---
-# Configure Windows Defender ATP settings
+# Configure Windows Defender Security Center settings
 
 **Applies to:**
 
diff --git a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
index e3ead52979..aab70fb694 100644
--- a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
@@ -1,6 +1,6 @@
 ---
 title: Pull Windows Defender ATP alerts using REST API
-description: Pull alerts from the Windows Defender ATP portal REST API.
+description: Pull alerts from Windows Defender ATP REST API.
 keywords: alerts, pull alerts, rest api, request, response
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
diff --git a/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md
index 0fc53246c7..6c6e1ced73 100644
--- a/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md
@@ -1,5 +1,5 @@
 ---
-title: Use role-based access control to grant fine-grained access to the Windows Defender ATP portal
+title: Use role-based access control to grant fine-grained access to Windows Defender Security Center
 description: Create roles and groups within your security operations to grant access to the portal.
 keywords: rbac, role, based, access, control, groups, control, tier, aad
 search.product: eADQiWindows 10XVcnh
@@ -57,12 +57,12 @@ Before using RBAC, it's important that you understand the roles that can grant p
 > [!WARNING]
 > Before enabling the feature, it's important that you have a Global Administrator role or Security Administrator role in Azure AD and that you have your Azure AD groups ready to reduce the risk of being locked out of the portal. 
 
-When you first log in to the Windows Defender ATP portal, you're granted either full access or read only access. Full access rights are granted to users with Security Administrator or Global Administrator roles in Azure AD. Read only access is granted to users with a Security Reader role in Azure AD. 
+When you first log in to Windows Defender Security Center, you're granted either full access or read only access. Full access rights are granted to users with Security Administrator or Global Administrator roles in Azure AD. Read only access is granted to users with a Security Reader role in Azure AD. 
 
 Someone with a Windows Defender ATP Global administrator role has unrestricted access to all machines, regardless of their machine group association and the Azure AD user groups assignments
 
 > [!WARNING]
-> Initially, only those with Azure AD Global Administrator or Security Administrator rights will be able to create and assign roles in the Windows Defender ATP portal, therefore, having the right groups ready in Azure AD is important.
+> Initially, only those with Azure AD Global Administrator or Security Administrator rights will be able to create and assign roles in Windows Defender Security Center, therefore, having the right groups ready in Azure AD is important.
 >
 > **Turning on role-based access control will cause users with read-only permissions (for example, users assigned to Azure AD Security reader role) to lose access until they are assigned to a role.** 
 >
diff --git a/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md
index 36a1a0a80b..e9cb11bc67 100644
--- a/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
 ---
-title: Windows Defender Advanced Threat Protection time zone settings
+title: Windows Defender Security Center time zone settings
 description: Use the menu to configure the time zone and view license information.
-keywords: Windows Defender ATP settings, Windows Defender, cybersecurity threat intelligence, advanced threat protection, time zone, utc, local time, license
+keywords: settings, Windows Defender, cybersecurity threat intelligence, advanced threat protection, time zone, utc, local time, license
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -13,7 +13,7 @@ ms.localizationpriority: medium
 ms.date: 02/13/2018
 ---
 
-# Windows Defender Advanced Threat Protection time zone settings
+# Windows Defender Security Center time zone settings
 
 **Applies to:**
 
diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md
index 7bc886f9c7..ef5f861a65 100644
--- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md
@@ -29,11 +29,11 @@ ms.date: 11/28/2017
 
 This page provides detailed steps to troubleshoot issues that might occur when setting up your Windows Defender ATP service.
 
-If you receive an error message, the Windows Defender ATP portal will provide a detailed explanation on what the issue is and relevant links will be supplied.
+If you receive an error message, Windows Defender Security Center will provide a detailed explanation on what the issue is and relevant links will be supplied.
 
 ## No subscriptions found
 
-If while accessing the Windows Defender ATP portal you get a **No subscriptions found** message, it means the Azure Active Directory (AAD) used to login the user to the portal, does not have a Windows Defender ATP license.
+If while accessing Windows Defender Security Center you get a **No subscriptions found** message, it means the Azure Active Directory (AAD) used to login the user to the portal, does not have a Windows Defender ATP license.
 
 Potential reasons:
 - The Windows E5 and Office E5 licenses are separate licenses.
@@ -48,7 +48,7 @@ For both cases you should contact Microsoft support at [General Windows Defender
 
 ## Your subscription has expired
 
-If while accessing the Windows Defender ATP portal you get a **Your subscription has expired** message, your online service subscription has expired. Windows Defender ATP subscription, like any other online service subscription, has an expiration date. 
+If while accessing Windows Defender Security Center you get a **Your subscription has expired** message, your online service subscription has expired. Windows Defender ATP subscription, like any other online service subscription, has an expiration date. 
 
 You can choose to renew or extend the license at any point in time. When accessing the portal after the expiration date a **Your subscription has expired** message will be presented with an option to download the machine offboarding package, should you choose to not renew the license.
 
diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md
index 6a78b01173..37aca9ce88 100644
--- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md
@@ -1,5 +1,5 @@
 ---
-title: Troubleshoot Windows Defender Advanced Threat Protection
+title: Troubleshoot Windows Defender Advanced Threat Protection service issues
 description: Find solutions and work arounds to known issues such as server errors when trying to access the service.
 keywords: troubleshoot Windows Defender Advanced Threat Protection, troubleshoot Windows ATP, server error, access denied, invalid credentials, no data, dashboard portal, whitelist, event viewer
 search.product: eADQiWindows 10XVcnh
@@ -10,17 +10,12 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
-ms.date: 10/23/2017
+ms.date: 07/12/2017
 ---
 
-# Troubleshoot Windows Defender Advanced Threat Protection
+# Troubleshoot service issues
 
 **Applies to:**
-
-- Windows 10 Enterprise
-- Windows 10 Education
-- Windows 10 Pro
-- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 
@@ -32,7 +27,7 @@ If you encounter a server error when trying to access the service, you’ll need
 Configure your browser to allow cookies.
 
 ### Elements or data missing on the portal
-If some UI elements or data is missing on the Windows Defender ATP portal it’s possible that proxy settings are blocking it.
+If some UI elements or data is missing on Windows Defender Security Center it’s possible that proxy settings are blocking it.
 
 Make sure that `*.securitycenter.windows.com` is included the proxy whitelist.
 
diff --git a/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md
index f394f62b34..b8fed131a5 100644
--- a/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md
@@ -36,7 +36,7 @@ You can use the code examples to guide you in creating calls to the custom threa
 Topic | Description
 :---|:---
 [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) |  Understand the concepts around threat intelligence so that you can effectively create custom intelligence for your organization.
-[Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md) | Set up the custom threat intelligence application through the Windows Defender ATP portal so that you can create custom threat intelligence (TI) using REST API.
+[Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md) | Set up the custom threat intelligence application through Windows Defender Security Center so that you can create custom threat intelligence (TI) using REST API.
 [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md) | Create custom threat intelligence alerts so that you can generate specific alerts that are applicable to your organization.
 [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md) | Use the PowerShell code examples to guide you in using the custom threat intelligence API.
 [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md) | Use the Python code examples to guide you in using the custom threat intelligence API.
diff --git a/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
index e875c22f43..07cec03da7 100644
--- a/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
@@ -1,6 +1,6 @@
 ---
 title: Use the Windows Defender Advanced Threat Protection portal
-description: Learn about the features on Windows Defender ATP portal, including how alerts work, and suggestions on how to investigate possible breaches and attacks.
+description: Learn about the features on Windows Defender Security Center, including how alerts work, and suggestions on how to investigate possible breaches and attacks.
 keywords: dashboard, alerts queue, manage alerts, investigation, investigate alerts, investigate machines, submit files, deep analysis, high, medium, low, severity, ioc, ioa
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -27,7 +27,7 @@ ms.date: 03/12/2018
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-usewdatp-abovefoldlink) 
 
-You can use the Windows Defender ATP portal to carry out an end-to-end security breach investigation through the dashboards.
+You can use Windows Defender Security Center to carry out an end-to-end security breach investigation through the dashboards.
 
 Use the **Security operations** dashboard to gain insight on the various alerts on machines and users in your network.
 
diff --git a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
index ee4cd6878f..07eee21200 100644
--- a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
@@ -1,6 +1,6 @@
 ---
-title: Windows Defender Advanced Threat Protection 
-description: Windows Defender Advanced Threat Protection is an enterprise security service that helps detect and respond to possible cybersecurity threats related to advanced persistent threats.
+title: Windows Defender Advanced Threat Protection
+description: Windows Defender Advanced Threat Protection is an enterprise security platform that helps secops to prevent, detect, investigate, and respond to possible cybersecurity threats related to advanced persistent threats.
 keywords: introduction to Windows Defender Advanced Threat Protection, introduction to Windows Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -9,18 +9,13 @@ ms.sitesec: library
 ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
-ms.localizationpriority: medium
-ms.date: 04/24/2018
+ms.localizationpriority: high
+ms.date: 07/12/2018
 ---
 
 # Windows Defender Advanced Threat Protection
 
 **Applies to:**
-
-- Windows 10 Enterprise
-- Windows 10 Education
-- Windows 10 Pro
-- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 
@@ -29,78 +24,22 @@ ms.date: 04/24/2018
 >
 >For more info about Windows 10 Enterprise Edition features and functionality, see [Windows 10 Enterprise edition](https://www.microsoft.com/WindowsForBusiness/buy).
 
-Windows Defender Advanced Threat Protection (Windows Defender ATP) is a security service that enables enterprise customers to detect, investigate, and respond to advanced threats on their networks.
+Windows Defender Advanced Threat Protection is a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
 
-Get a quick, but in-depth overview of Windows Defender ATP for Windows 10 and the new capabilities in Windows 10, version 1703 see [Windows Defender ATP for Windows 10 Creators Update](https://technet.microsoft.com/en-au/windows/mt782787).
+To help you maximize the effectiveness of the security platform, you can configure individual capabilities that surface in Windows Defender Security Center. 
 
-Windows Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
-
--   **Endpoint behavioral sensors**: Embedded in Windows 10, these sensors
-    collect and process behavioral signals from the operating system
-    (for example, process, registry, file, and network communications)
-    and sends this sensor data to your private, isolated, cloud instance of Windows Defender ATP.
-
-
--   **Cloud security analytics**: Leveraging big-data, machine-learning, and
-    unique Microsoft optics across the Windows ecosystem (such as the
-    [Microsoft Malicious Software Removal Tool](https://www.microsoft.com/en-au/download/malicious-software-removal-tool-details.aspx),
-    enterprise cloud products (such as Office 365), and online assets
-    (such as Bing and SmartScreen URL reputation), behavioral signals
-    are translated into insights, detections, and recommended responses
-    to advanced threats.
-
--   **Threat intelligence**: Generated by Microsoft hunters, security teams,
-    and augmented by threat intelligence provided by partners, threat
-    intelligence enables Windows Defender ATP to identify attacker
-    tools, techniques, and procedures, and generate alerts when these
-    are observed in collected sensor data.
-
-    ![Windows Defender ATP service component](images/components.png)
-
-Machine investigation capabilities in this service let you drill down
-into security alerts and understand the scope and nature of a potential
-breach. You can submit files for deep analysis and receive the results
-without leaving the [Windows Defender ATP portal](https://securitycenter.windows.com). The automated investigation and remediation capability reduces the volume of alerts by leveraging various inspection algorithms to resolve breaches.
-
-Windows Defender ATP works with existing Windows security technologies
-on machines, such as Windows Defender Antivirus, AppLocker, and Windows Defender Device Guard. It
-can also work side-by-side with third-party security solutions and
-antimalware products.
-
-Windows Defender ATP leverages Microsoft technology and expertise to
-detect sophisticated cyber-attacks, providing:
-
-- Behavior-based, cloud-powered, advanced attack detection
-
-    Finds the attacks that made it past all other defenses (post breach detection), provides actionable, correlated alerts for known and unknown adversaries trying to hide their activities on machines.
-
-- Rich timeline for forensic investigation and mitigation
-
-    Easily investigate the scope of breach or suspected behaviours on any machine through a rich machine timeline. File, URLs, and network connection inventory across the network. Gain additional insight using deep collection and analysis (“detonation”) for any file or URLs.
-
-- Built in unique threat intelligence knowledge base
-
-    Unparalleled threat optics provides actor details and intent context for every threat intel-based detection – combining first and third-party intelligence sources.
-
-- Automated investigation and remediation
-
-    Significantly reduces alert volume by leveraging inspection algorithms used by analysts to examine alerts and take remediation action. 
+The Windows Defender ATP platform is where all the capabilities that are available across multiple products come together to give security operations teams the ability to effectively manage their organization's network.
 
 ## In this section
 
 Topic | Description
 :---|:---
-Get started  |  Learn about the minimum requirements, validate licensing and complete setup, know about preview features, understand data storage and privacy, and how to assign user access to the portal.
-[Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md) | Learn about onboarding client, server, and non-Windows machines. Learn how to run a detection test, configure proxy and Internet connectivity settings, and how to troubleshoot potential onboarding issues.
-[Understand the Windows Defender ATP portal](use-windows-defender-advanced-threat-protection.md) | Understand the Security operations, Secure Score, and Threat analytics dashboards as well as how to navigate the portal.
-Investigate and remediate threats | Investigate alerts, machines, and take response actions to remediate threats.
-API and SIEM support | Use the supported APIs to pull and create custom alerts, or automate workflows. Use the supported SIEM tools to pull alerts from the Windows Defender ATP portal.
-Reporting | Create and build Power BI reports using Windows Defender ATP data.
-Check service health and sensor state | Verify that the service is running and check the sensor state on machines.
-[Configure Windows Defender settings](preferences-setup-windows-defender-advanced-threat-protection.md) | Configure general settings, turn on the preview experience, notifications, and enable other features.
-[Access the Windows Defender ATP Community Center](community-windows-defender-advanced-threat-protection.md) | Access the Windows Defender ATP Community Center to learn, collaborate, and share experiences about the product.
-[Troubleshoot Windows Defender ATP](troubleshoot-windows-defender-advanced-threat-protection.md) | This section addresses issues that might arise as you use the Windows Defender Advanced Threat service.
-[Windows Defender Antivirus compatibility with Windows Defender ATP](defender-compatibility-windows-defender-advanced-threat-protection.md) | Understand how Windows Defender Antivirus integrates with Windows Defender ATP. 
+[Windows Defender Security Center](windows-defender-security-center-atp.md) | Windows Defender Security Center is the portal where you can access Windows Defender Advanced Threat Protection capabilities. It gives enterprise security operations teams a single pane of glass experience to help secure networks.
+[Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) | Windows Defender Antivirus is a built-in antimalware solution that provides security and antimalware management for desktops, portable computers, and servers.
+[Windows Defender Exploit Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard) | Windows Defender Exploit Guard (Windows Defender EG) is a new set of host intrusion prevention capabilities for Windows 10, allowing you to manage and reduce the attack surface of apps used by your employees.
+[Windows Defender Application Control](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control) | Windows Defender Application Control (WDAC) can help mitigate security threats by restricting the applications that users are allowed to run and the code that runs in the System Core (kernel). 
+[Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview) | Windows Defender Application Guard helps to isolate enterprise-defined untrusted sites, protecting your company while your employees browse the Internet. 
+
 
 
 ## Related topic
diff --git a/windows/security/threat-protection/windows-defender-atp/windows-defender-security-center-atp.md b/windows/security/threat-protection/windows-defender-atp/windows-defender-security-center-atp.md
new file mode 100644
index 0000000000..244a14ea0d
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/windows-defender-security-center-atp.md
@@ -0,0 +1,38 @@
+---
+title: Windows Defender Security Center
+description: Windows Defender Security Center is the portal where you can access Windows Defender Advanced Threat Protection.
+keywords: windows, defender, security, center, defender, advanced, threat, protection
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 07/01/2018
+---
+
+# Windows Defender Security Center
+
+**Applies to:**
+
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+Windows Defender Security Center is the portal where you can access Windows Defender Advanced Threat Protection capabilities. It gives enterprise security operations teams a single pane of glass experience to help secure networks.
+
+## In this section
+
+Topic | Description
+:---|:---
+Get started  |  Learn about the minimum requirements, validate licensing and complete setup, know about preview features, understand data storage and privacy, and how to assign user access to the portal.
+[Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md) | Learn about onboarding client, server, and non-Windows machines. Learn how to run a detection test, configure proxy and Internet connectivity settings, and how to troubleshoot potential onboarding issues.
+[Understand the portal](use-windows-defender-advanced-threat-protection.md) | Understand the Security operations, Secure Score, and Threat analytics dashboards as well as how to navigate the portal.
+Investigate and remediate threats | Investigate alerts, machines, and take response actions to remediate threats.
+API and SIEM support | Use the supported APIs to pull and create custom alerts, or automate workflows. Use the supported SIEM tools to pull alerts from Windows Defender Security Center.
+Reporting | Create and build Power BI reports using Windows Defender ATP data.
+Check service health and sensor state | Verify that the service is running and check the sensor state on machines.
+[Configure Windows Defender Security Center settings](preferences-setup-windows-defender-advanced-threat-protection.md) | Configure general settings, turn on the preview experience, notifications, and enable other features.
+[Access the Windows Defender ATP Community Center](community-windows-defender-advanced-threat-protection.md) | Access the Windows Defender ATP Community Center to learn, collaborate, and share experiences about the product.
+[Troubleshoot service issues](troubleshoot-windows-defender-advanced-threat-protection.md) | This section addresses issues that might arise as you use the Windows Defender Advanced Threat service.
+
diff --git a/windows/security/wdatp/images/WDATP-components.png b/windows/security/wdatp/images/WDATP-components.png
new file mode 100644
index 0000000000..51f4335265
Binary files /dev/null and b/windows/security/wdatp/images/WDATP-components.png differ
diff --git a/windows/security/wdatp/images/wdatp-pillars.png b/windows/security/wdatp/images/wdatp-pillars.png
new file mode 100644
index 0000000000..06ad5e6ed2
Binary files /dev/null and b/windows/security/wdatp/images/wdatp-pillars.png differ
diff --git a/windows/security/wdatp/images/wdatp-pillars2.png b/windows/security/wdatp/images/wdatp-pillars2.png
new file mode 100644
index 0000000000..bbe88f3638
Binary files /dev/null and b/windows/security/wdatp/images/wdatp-pillars2.png differ
diff --git a/windows/security/wdatp/index.md b/windows/security/wdatp/index.md
new file mode 100644
index 0000000000..cb401fa3e4
--- /dev/null
+++ b/windows/security/wdatp/index.md
@@ -0,0 +1,48 @@
+---
+title: Windows Defender Advanced Threat Protection
+description: Windows Defender Advanced Threat Protection is an enterprise security service that helps detect and respond to possible cybersecurity threats related to advanced persistent threats.
+keywords: introduction to Windows Defender Advanced Threat Protection, introduction to Windows Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.date: 06/04/2018
+---
+
+# Windows Defender Advanced Threat Protection
+
+Windows Defender Advanced Threat Protection (Windows Defender ATP)is a unified platform for preventative protection, post-breach detection, automated investigation and response, employing intelligent protection to protect endpoints from cyber threats.
+
+
+![Windows Defender ATP components](images/wdatp-pillars2.png)
+
+**Attack surface reduction**<br>
+The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations. 
+
+**Next generation protection**<br>
+To further reinforce the security perimeter of your network, Windows Defender ATP uses next generation protection designed to catch all types of emerging threats.
+
+**Endpoint detection and response**<br>
+Endpoint detection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars. 
+
+**Auto investigation and remediation**<br>
+In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. 
+
+**Security posture**<br>
+Windows Defender ATP also provides a security posture capability to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security state of your network.
+
+**Management and APIs**<br>
+Windows Defender ATP provides integrated configuration management in the cloud. The service also supports third-party mobile device management (MDM) tools, cross-platform support, and APIs that allow customers to create custom threat intelligence and  automate workflows.
+
+Understand how capabilities align within the Windows Defender ATP suite offering:
+
+
+ Attack surface reduction | Next generation protection | Endpoint detection and response | Auto investigation and remediation | Security posture 
+:---|:---|:---|:---|:---
+ [Hardware based isolation](https://docs.microsoft.com/en-us/windows/security/hardware-protection/)<br><br> [Application control](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)<br><br> [Exploit protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard)<br><br> [Network protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard)<br><br> [Controlled folder access](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard) | [Machine learning](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus) <br><br>  [Antivirus](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) <br><br> [Threat intelligence](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection)<br><br>  [Sandbox service](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection#deep-analysis) |  [Response containment](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection) <br><br> [Realtime and historical threat hunting](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection) <br><br> [Threat intelligence and custom detections](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection) | [Forensic collection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection#collect-investigation-package-from-machines) <br><br> [Response orchestration](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection) <br><br> [Historical endpoint data](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection#machine-timeline) <br><br> [Artificial intelligence response playbooks](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection) | [Asset inventory](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection) <br> [Operating system baseline compliance](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection) <br><br> [Recommended improvement actions](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection#improvement-opportunities)<br> <br> [Secure score](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection) <br><br> [Threat analytics](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection) <br><br> [Reporting and trends](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection)
+
+These capabilities are available across multiple products that make up the Windows Defender ATP platform. For more information on how to leverage all the Windows Defender ATP capabilities, see [Threat protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/index).
+
+