resolved conflict

windows/security/index.yml

@@ -22,7 +22,7 @@ metadata:
 
   manager: brianlic
 
-  ms.date: 07/12/2018
+  ms.date: 08/01/2018
 
   ms.topic: article
 
@@ -78,17 +78,3 @@ sections:
 
       title: Information protection
 
-- title: Windows Defender Advanced Threat Protection
-  items:
-  - type: markdown
-    text: "
-      Prevent, detect, investigate, and respond to advanced threats. The following capabilities are available across multiple products that make up the Windows Defender ATP platform.
-      <br>&nbsp;<br>
-      <table border='0'><tr><td><b>Attack surface reduction</b></td><td><b>Next generation protection</b></td><td><b>Endpoint detection and response</b></td><td><b>Auto investigation and remediation</b></td><td><b>Security posture</b></td></tr>
-      <tr><td>[Hardware based isolation](https://docs.microsoft.com/en-us/windows/security/hardware-protection/how-hardware-based-containers-help-protect-windows)<br><br>[Application control](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)<br><br>[Exploit protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard)<br><br>[Network protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard)<br><br>[Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard)<br><br>[Network firewall](https://docs.microsoft.com/en-us/windows/security/identity-protection/windows-firewall/windows-firewall-with-advanced-security)<br><br>[Attack surface reduction controls](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)</td>
-      <td>[Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)<br><br>[Machine learning](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus)<br><br>[Automated sandbox service](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus)</td>
-      <td>[Alerts queue](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection)<br><br>[Historical endpoint data](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection#machine-timeline)<br><br>[Realtime and historical threat hunting](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection)<br><br>[API and SIEM integration](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection)<br><br>[Response orchestration](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection)<br><br>[Forensic collection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection#collect-investigation-package-from-machines)<br><br>[Threat intelligence](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection)<br><br>[Advanced detonation and analysis service](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection#deep-analysis)</td>
-      <td>[Automated investigation and remediation](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection)<br><br>[Threat remediation](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection#how-threats-are-remediated)<br><br>[Manage automated investigations](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection#manage-automated-investigations)<br><br>[Analyze automated investigation](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection#analyze-automated-investigations)</td>
-      <td>[Asset inventory](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection)<br><br>[Operating system baseline compliance](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection)<br><br>[Recommended improvement actions](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection)<br><br>[Secure score](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection)<br><br>[Threat analytics](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection)<br><br>[Reporting and trends](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection)</td>
-      </tr>
-      </table>"

windows/security/threat-protection/TOC.md

@@ -4,17 +4,30 @@
 
 
 
-
 ## [Windows Defender Advanced Threat Protection](windows-defender-atp/windows-defender-advanced-threat-protection.md)
-### [Windows Defender Security Center](windows-defender-atp/windows-defender-security-center-atp.md)
-####Get started
-##### [Minimum requirements](windows-defender-atp\minimum-requirements-windows-defender-advanced-threat-protection.md)
-##### [Validate licensing and complete setup](windows-defender-atp\licensing-windows-defender-advanced-threat-protection.md)
-##### [Troubleshoot subscription and portal access issues](windows-defender-atp\troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
-##### [Preview features](windows-defender-atp\preview-windows-defender-advanced-threat-protection.md)
-##### [Data storage and privacy](windows-defender-atp\data-storage-privacy-windows-defender-advanced-threat-protection.md)
-##### [Assign user access to the portal](windows-defender-atp\assign-portal-access-windows-defender-advanced-threat-protection.md)
-#### [Onboard machines](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md)
+
+### [Get started](fake2.md)
+#### [Minimum requirements](windows-defender-atp\minimum-requirements-windows-defender-advanced-threat-protection.md)
+#### [Validate licensing and complete setup](windows-defender-atp\licensing-windows-defender-advanced-threat-protection.md)
+#### [Troubleshoot subscription and portal access issues](windows-defender-atp\troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
+#### [Preview features](windows-defender-atp\preview-windows-defender-advanced-threat-protection.md)
+#### [Data storage and privacy](windows-defender-atp\data-storage-privacy-windows-defender-advanced-threat-protection.md)
+#### [Assign user access to the portal](windows-defender-atp\assign-portal-access-windows-defender-advanced-threat-protection.md)
+
+#### [Evaluate Windows Defender ATP](evaluate.md)
+##### [Evaluate Attack surface reduction - ASR controls](windows-defender-exploit-guard\evaluate-attack-surface-reduction.md)
+##### [Evaluate Exploit protection](windows-defender-exploit-guard\evaluate-exploit-protection.md)
+##### [Evaluate Network Protection](windows-defender-exploit-guard\evaluate-network-protection.md)
+##### [Evaluate Controlled folder access](windows-defender-exploit-guard\evaluate-controlled-folder-access.md)
+##### [Evaluate Windows Defender Antivirus protection](windows-defender-antivirus\evaluate-windows-defender-antivirus.md)
+##### [Evaluate Windows Defender Exploit Guard-rewrite](windows-defender-exploit-guard\evaluate-windows-defender-exploit-guard.md)
+##### [Use auditing mode to evaluate Windows Defender Exploit Guard](windows-defender-exploit-guard\audit-windows-defender-exploit-guard.md)
+##### [Testing scenarios using Windows Defender Application Guard in your business or organization](windows-defender-application-guard/test-scenarios-wd-app-guard.md)
+
+
+
+### [Onboard and configure machines to Windows Defender ATP](onboard.md)
+#### [Onboard machines - need to revise this page](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md)
 ##### [Onboard previous versions of Windows](windows-defender-atp\onboard-downlevel-windows-defender-advanced-threat-protection.md)
 ##### [Onboard Windows 10 machines](windows-defender-atp\configure-endpoints-windows-defender-advanced-threat-protection.md)
 ###### [Onboard machines using Group Policy](windows-defender-atp\configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
@@ -29,156 +42,65 @@
 ##### [Run simulated attacks on machines](windows-defender-atp\attack-simulations-windows-defender-advanced-threat-protection.md)
 ##### [Configure proxy and Internet connectivity settings](windows-defender-atp\configure-proxy-internet-windows-defender-advanced-threat-protection.md)
 ##### [Troubleshoot onboarding issues](windows-defender-atp\troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
-#### [Understand the portal ](windows-defender-atp\use-windows-defender-advanced-threat-protection.md)
-##### [Portal overview](windows-defender-atp\portal-overview-windows-defender-advanced-threat-protection.md)
-##### [View the Security operations dashboard](windows-defender-atp\security-operations-dashboard-windows-defender-advanced-threat-protection.md)
-##### [View the Secure Score dashboard and improve your secure score](windows-defender-atp\secure-score-dashboard-windows-defender-advanced-threat-protection.md)
-##### [View the Threat analytics dashboard and take recommended mitigation actions](windows-defender-atp\threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
-
-####Investigate and remediate threats
-#####Alerts queue
-###### [View and organize the Alerts queue](windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md)
-###### [Manage alerts](windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md)
-###### [Investigate alerts](windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md)
-###### [Investigate files](windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md)
-###### [Investigate machines](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md)
-###### [Investigate an IP address](windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md)
-###### [Investigate a domain](windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md)
-###### [Investigate a user account](windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md)
 
 
 
 
-#####Machines list
-###### [View and organize the Machines list](windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md)
-###### [Manage machine group and tags](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags)
-###### [Alerts related to this machine](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine)
-###### [Machine timeline](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline)
-####### [Search for specific events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events)
-####### [Filter events from a specific date](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
-####### [Export machine timeline events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
-####### [Navigate between pages](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
-
-
-##### [Take response actions](windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md)
-###### [Take response actions on a machine](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md)
-####### [Collect investigation package](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines)
-####### [Run antivirus scan](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines)
-####### [Restrict app execution](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution)
-####### [Remove app restriction](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction)
-####### [Isolate machines from the network](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
-####### [Release machine from isolation](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation)
-####### [Check activity details in Action center](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
-
-###### [Take response actions on a file](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md)
-####### [Stop and quarantine files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
-####### [Remove file from quarantine](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
-####### [Block files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
-####### [Remove file from blocked list](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list)
-####### [Check activity details in Action center](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
-####### [Deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
-######## [Submit files for analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
-######## [View deep analysis reports](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
-######## [Troubleshoot deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
-
-###### [Query data using Advanced hunting](windows-defender-atp\advanced-hunting-windows-defender-advanced-threat-protection.md)
-####### [Advanced hunting reference](windows-defender-atp\advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
-####### [Advanced hunting query language best practices](windows-defender-atp\advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
-
-#### [Use Automated investigation to investigate and remediate threats](windows-defender-atp\automated-investigations-windows-defender-advanced-threat-protection.md)
-####  [Protect users, data, and devices with conditional access](windows-defender-atp\conditional-access-windows-defender-advanced-threat-protection.md)
-
-####API and SIEM support
-##### [Pull alerts to your SIEM tools](windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md)
-###### [Enable SIEM integration](windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md)
-###### [Configure Splunk to pull alerts](windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md)
-###### [Configure HP ArcSight to pull alerts](windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md)
-###### [Windows Defender ATP alert API fields](windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md)
-###### [Pull alerts using REST API](windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
-###### [Troubleshoot SIEM tool integration issues](windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md)
-
-##### [Use the threat intelligence API to create custom alerts](windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md)
-###### [Understand threat intelligence concepts](windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-###### [Enable the custom threat intelligence application](windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md)
-###### [Create custom threat intelligence alerts](windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md)
-###### [PowerShell code examples](windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md)
-###### [Python code examples](windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md)
-###### [Experiment with custom threat intelligence alerts](windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md)
-###### [Troubleshoot custom threat intelligence issues](windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
-##### [Use the Windows Defender ATP exposed APIs](windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md)
-###### [Supported Windows Defender ATP APIs](windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md)
-#######Actor
-######## [Get actor information](windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md)
-######## [Get actor related alerts](windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md)
-#######Alerts
-######## [Get alerts](windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md)
-######## [Get alert information by ID](windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md)
-######## [Get alert related actor information](windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md)
-######## [Get alert related domain information](windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md)
-######## [Get alert related file information](windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md)
-######## [Get alert related IP information](windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
-######## [Get alert related machine information](windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
-########Domain
-#########  [Get domain related alerts](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
-######### [Get domain related machines](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md)
-######### [Get domain statistics](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md)
-######### [Is domain seen in organization](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
-
-#######File
-######## [Block file](windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md)
-######## [Get file information](windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md)
-######## [Get file related alerts](windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md)
-######## [Get file related machines](windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md)
-######## [Get file statistics](windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md)
-######## [Get FileActions collection](windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md)
-######## [Unblock file](windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md)
-
-#######IP
-######## [Get IP related alerts](windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md)
-######## [Get IP related machines](windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md)
-######## [Get IP statistics](windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md)
-######## [Is IP seen in organization](windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md)
-#######Machines
-######## [Collect investigation package](windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md)
-######## [Find machine information by IP](windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md)
-######## [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
-######## [Get FileMachineAction object](windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
-######## [Get FileMachineActions collection](windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
-######## [Get machine by ID](windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md)
-######## [Get machine log on users](windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md)
-######## [Get machine related alerts](windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md)
-######## [Get MachineAction object](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md)
-######## [Get MachineActions collection](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md)
-######## [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
-######## [Get package SAS URI](windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md)
-######## [Isolate machine](windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md)
-######## [Release machine from isolation](windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md)
-######## [Remove app restriction](windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
-######## [Request sample](windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md)
-######## [Restrict app execution](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md)
-######## [Run antivirus scan](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md)
-######## [Stop and quarantine file](windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md)
+####[Configure ASR](configure1.md)
+##### [System requirements for Windows Defender Application Guard](windows-defender-application-guard/reqs-wd-app-guard.md)
+##### [Prepare and install Windows Defender Application Guard](windows-defender-application-guard/install-wd-app-guard.md)
+##### [Configure the Group Policy settings for Windows Defender Application Guard](windows-defender-application-guard/configure-wd-app-guard.md)
 
 
 
-#######User
-######## [Get alert related user information](windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md)
-######## [Get user information](windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md)
-######## [Get user related alerts](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md)
-######## [Get user related machines](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md)
-
-####Reporting
-##### [Create and build Power BI reports using Windows Defender ATP data](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md)
-
-####Check service health and sensor state
-##### [Check sensor state](windows-defender-atp\check-sensor-status-windows-defender-advanced-threat-protection.md)
-##### [Fix unhealthy sensors](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
-##### [Inactive machines](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
-##### [Misconfigured machines](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
-##### [Check service health](windows-defender-atp\service-status-windows-defender-advanced-threat-protection.md)
 
 
-####[Configure Windows Defender Security Center settings](windows-defender-atp\preferences-setup-windows-defender-advanced-threat-protection.md)
+
+#### [Configure Next generation protection](windows-defender-antivirus\windows-defender-antivirus-in-windows-10.md)
+##### [Windows Defender AV on Windows Server 2016](windows-defender-antivirus\windows-defender-antivirus-on-windows-server-2016.md)
+##### [Windows Defender Antivirus compatibility](windows-defender-antivirus\windows-defender-antivirus-compatibility.md)
+###### [Use limited periodic scanning in Windows Defender AV](windows-defender-antivirus\limited-periodic-scanning-windows-defender-antivirus.md)
+
+##### [Deploy, manage updates, and report on Windows Defender Antivirus](windows-defender-antivirus\deploy-manage-report-windows-defender-antivirus.md)
+###### [Deploy and enable Windows Defender Antivirus](windows-defender-antivirus\deploy-windows-defender-antivirus.md)
+####### [Deployment guide for VDI environments](windows-defender-antivirus\deployment-vdi-windows-defender-antivirus.md)
+###### [Report on Windows Defender Antivirus protection](windows-defender-antivirus\report-monitor-windows-defender-antivirus.md)
+####### [Troubleshoot Windows Defender Antivirus reporting in Update Compliance](windows-defender-antivirus\troubleshoot-reporting.md)
+###### [Manage updates and apply baselines](windows-defender-antivirus\manage-updates-baselines-windows-defender-antivirus.md)
+####### [Manage protection and definition updates](windows-defender-antivirus\manage-protection-updates-windows-defender-antivirus.md)
+####### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus\manage-protection-update-schedule-windows-defender-antivirus.md)
+####### [Manage updates for endpoints that are out of date](windows-defender-antivirus\manage-outdated-endpoints-windows-defender-antivirus.md)
+####### [Manage event-based forced updates](windows-defender-antivirus\manage-event-based-updates-windows-defender-antivirus.md)
+####### [Manage updates for mobile devices and VMs](windows-defender-antivirus\manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
+
+##### [Customize, initiate, and review the results of scans and remediation](windows-defender-antivirus\customize-run-review-remediate-scans-windows-defender-antivirus.md)
+###### [Configure and validate exclusions in Windows Defender AV scans](windows-defender-antivirus\configure-exclusions-windows-defender-antivirus.md)
+####### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus\configure-extension-file-exclusions-windows-defender-antivirus.md)
+####### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus\configure-process-opened-file-exclusions-windows-defender-antivirus.md)
+####### [Configure exclusions in Windows Defender AV on Windows Server 2016](windows-defender-antivirus\configure-server-exclusions-windows-defender-antivirus.md)
+###### [Configure scanning options in Windows Defender AV](windows-defender-antivirus\configure-advanced-scan-types-windows-defender-antivirus.md)
+###### [Configure remediation for scans](windows-defender-antivirus\configure-remediation-windows-defender-antivirus.md)
+###### [Configure scheduled scans](windows-defender-antivirus\scheduled-catch-up-scans-windows-defender-antivirus.md)
+###### [Configure and run scans](windows-defender-antivirus\run-scan-windows-defender-antivirus.md)
+###### [Review scan results](windows-defender-antivirus\review-scan-results-windows-defender-antivirus.md)
+###### [Run and review the results of a Windows Defender Offline scan](windows-defender-antivirus\windows-defender-offline.md)
+##### [Restore quarantined files in Windows Defender AV](windows-defender-antivirus\restore-quarantined-files-windows-defender-antivirus.md)
+##### [Manage Windows Defender AV in your business](windows-defender-antivirus\configuration-management-reference-windows-defender-antivirus.md)
+###### [Use Group Policy settings to configure and manage Windows Defender AV](windows-defender-antivirus\use-group-policy-windows-defender-antivirus.md)
+###### [Use System Center Configuration Manager and Microsoft Intune to configure and manage Windows Defender AV](windows-defender-antivirus\use-intune-config-manager-windows-defender-antivirus.md)
+###### [Use PowerShell cmdlets to configure and manage Windows Defender AV](windows-defender-antivirus\use-powershell-cmdlets-windows-defender-antivirus.md)
+###### [Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender AV](windows-defender-antivirus\use-wmi-windows-defender-antivirus.md)
+###### [Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender AV](windows-defender-antivirus\command-line-arguments-windows-defender-antivirus.md)
+
+
+
+
+
+#### [Configure AutoIR - needs new content, u can configure through the portal settings + link to the settings page](configure3.md)
+
+
+
+#### [Windows Defender Security Center settings](windows-defender-atp\preferences-setup-windows-defender-advanced-threat-protection.md)
 #####General
 ###### [Update data retention settings](windows-defender-atp\data-retention-settings-windows-defender-advanced-threat-protection.md)
 ###### [Configure alert notifications](windows-defender-atp\configure-email-notifications-windows-defender-advanced-threat-protection.md)
@@ -187,9 +109,7 @@
 ###### [Configure advanced features](windows-defender-atp\advanced-features-windows-defender-advanced-threat-protection.md)
 
 
-#####Permissions
-###### [Manage portal access using RBAC](windows-defender-atp\rbac-windows-defender-advanced-threat-protection.md)
-###### [Create and manage machine groups](windows-defender-atp\machine-groups-windows-defender-advanced-threat-protection.md)
+
 
 #####APIs
 ###### [Enable Threat intel](windows-defender-atp\enable-custom-ti-windows-defender-advanced-threat-protection.md)
@@ -205,77 +125,16 @@
 ###### [Onboarding machines](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md)
 ###### [Offboarding machines](windows-defender-atp\offboard-machines-windows-defender-advanced-threat-protection.md)
 
-#### [Configure Windows Defender Security Center time zone settings](windows-defender-atp\time-settings-windows-defender-advanced-threat-protection.md)
+##### [Configure Windows Defender Security Center time zone settings](windows-defender-atp\time-settings-windows-defender-advanced-threat-protection.md)
+
+
+
+
+### [Windows Defender Security Center](windows-defender-atp\use-windows-defender-advanced-threat-protection.md)
+#### [Portal overview](windows-defender-atp\portal-overview-windows-defender-advanced-threat-protection.md)
+#### [View the Security operations dashboard - consdier moving to the relevant pillar](windows-defender-atp\security-operations-dashboard-windows-defender-advanced-threat-protection.md)
 
 #### [Access the Windows Defender Security Center Community Center](windows-defender-atp\community-windows-defender-advanced-threat-protection.md)
-#### [Troubleshoot Windows Defender ATP service issues](windows-defender-atp\troubleshoot-windows-defender-advanced-threat-protection.md)
-##### [Review events and errors on machines with Event Viewer](windows-defender-atp\event-error-codes-windows-defender-advanced-threat-protection.md)
-#### [Windows Defender Antivirus compatibility with Windows Defender ATP](windows-defender-atp\defender-compatibility-windows-defender-advanced-threat-protection.md)
-
-###	[Windows Defender Antivirus](windows-defender-antivirus\windows-defender-antivirus-in-windows-10.md)
-#### [Windows Defender AV in the Windows Defender Security app](windows-defender-antivirus\windows-defender-security-center-antivirus.md)
-#### [Windows Defender AV on Windows Server 2016](windows-defender-antivirus\windows-defender-antivirus-on-windows-server-2016.md)
-
-#### [Windows Defender Antivirus compatibility](windows-defender-antivirus\windows-defender-antivirus-compatibility.md)
-##### [Use limited periodic scanning in Windows Defender AV](windows-defender-antivirus\limited-periodic-scanning-windows-defender-antivirus.md)
-
-
-#### [Evaluate Windows Defender Antivirus protection](windows-defender-antivirus\evaluate-windows-defender-antivirus.md)
-
-
-#### [Deploy, manage updates, and report on Windows Defender Antivirus](windows-defender-antivirus\deploy-manage-report-windows-defender-antivirus.md)
-##### [Deploy and enable Windows Defender Antivirus](windows-defender-antivirus\deploy-windows-defender-antivirus.md)
-###### [Deployment guide for VDI environments](windows-defender-antivirus\deployment-vdi-windows-defender-antivirus.md)
-##### [Report on Windows Defender Antivirus protection](windows-defender-antivirus\report-monitor-windows-defender-antivirus.md)
-###### [Troubleshoot Windows Defender Antivirus reporting in Update Compliance](windows-defender-antivirus\troubleshoot-reporting.md)
-##### [Manage updates and apply baselines](windows-defender-antivirus\manage-updates-baselines-windows-defender-antivirus.md)
-###### [Manage protection and definition updates](windows-defender-antivirus\manage-protection-updates-windows-defender-antivirus.md)
-###### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus\manage-protection-update-schedule-windows-defender-antivirus.md)
-###### [Manage updates for endpoints that are out of date](windows-defender-antivirus\manage-outdated-endpoints-windows-defender-antivirus.md)
-###### [Manage event-based forced updates](windows-defender-antivirus\manage-event-based-updates-windows-defender-antivirus.md)
-###### [Manage updates for mobile devices and VMs](windows-defender-antivirus\manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
-
-
-#### [Configure Windows Defender Antivirus features](windows-defender-antivirus\configure-windows-defender-antivirus-features.md)
-##### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus\utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
-###### [Enable cloud-delivered protection](windows-defender-antivirus\enable-cloud-protection-windows-defender-antivirus.md)
-###### [Specify the cloud-delivered protection level](windows-defender-antivirus\specify-cloud-protection-level-windows-defender-antivirus.md)
-###### [Configure and validate network connections](windows-defender-antivirus\configure-network-connections-windows-defender-antivirus.md)
-###### [Enable the Block at First Sight feature](windows-defender-antivirus\configure-block-at-first-sight-windows-defender-antivirus.md)
-###### [Configure the cloud block timeout period](windows-defender-antivirus\configure-cloud-block-timeout-period-windows-defender-antivirus.md)
-##### [Configure behavioral, heuristic, and real-time protection](windows-defender-antivirus\configure-protection-features-windows-defender-antivirus.md)
-###### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus\detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
-###### [Enable and configure always-on protection and monitoring](windows-defender-antivirus\configure-real-time-protection-windows-defender-antivirus.md)
-##### [Configure end-user interaction with Windows Defender AV](windows-defender-antivirus\configure-end-user-interaction-windows-defender-antivirus.md)
-###### [Configure the notifications that appear on endpoints](windows-defender-antivirus\configure-notifications-windows-defender-antivirus.md)
-###### [Prevent users from seeing or interacting with the user interface](windows-defender-antivirus\prevent-end-user-interaction-windows-defender-antivirus.md)
-###### [Prevent or allow users to locally modify policy settings](windows-defender-antivirus\configure-local-policy-overrides-windows-defender-antivirus.md)
-
-
-#### [Customize, initiate, and review the results of scans and remediation](windows-defender-antivirus\customize-run-review-remediate-scans-windows-defender-antivirus.md)
-##### [Configure and validate exclusions in Windows Defender AV scans](windows-defender-antivirus\configure-exclusions-windows-defender-antivirus.md)
-###### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus\configure-extension-file-exclusions-windows-defender-antivirus.md)
-###### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus\configure-process-opened-file-exclusions-windows-defender-antivirus.md)
-###### [Configure exclusions in Windows Defender AV on Windows Server 2016](windows-defender-antivirus\configure-server-exclusions-windows-defender-antivirus.md)
-##### [Configure scanning options in Windows Defender AV](windows-defender-antivirus\configure-advanced-scan-types-windows-defender-antivirus.md)
-##### [Configure remediation for scans](windows-defender-antivirus\configure-remediation-windows-defender-antivirus.md)
-##### [Configure scheduled scans](windows-defender-antivirus\scheduled-catch-up-scans-windows-defender-antivirus.md)
-##### [Configure and run scans](windows-defender-antivirus\run-scan-windows-defender-antivirus.md)
-##### [Review scan results](windows-defender-antivirus\review-scan-results-windows-defender-antivirus.md)
-##### [Run and review the results of a Windows Defender Offline scan](windows-defender-antivirus\windows-defender-offline.md)
-#### [Restore quarantined files in Windows Defender AV](windows-defender-antivirus\restore-quarantined-files-windows-defender-antivirus.md)
-
-
-##### [Review event logs and error codes to troubleshoot issues](windows-defender-antivirus\troubleshoot-windows-defender-antivirus.md)
-
-
-
-##### [Manage Windows Defender AV in your business](windows-defender-antivirus\configuration-management-reference-windows-defender-antivirus.md)
-###### [Use Group Policy settings to configure and manage Windows Defender AV](windows-defender-antivirus\use-group-policy-windows-defender-antivirus.md)
-###### [Use System Center Configuration Manager and Microsoft Intune to configure and manage Windows Defender AV](windows-defender-antivirus\use-intune-config-manager-windows-defender-antivirus.md)
-###### [Use PowerShell cmdlets to configure and manage Windows Defender AV](windows-defender-antivirus\use-powershell-cmdlets-windows-defender-antivirus.md)
-###### [Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender AV](windows-defender-antivirus\use-wmi-windows-defender-antivirus.md)
-###### [Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender AV](windows-defender-antivirus\command-line-arguments-windows-defender-antivirus.md)
 
 
 
@@ -289,52 +148,250 @@
 
 
 
+### [Attack surface reduction - Chris, Amitai, Justin](windows-defender-exploit-guard\attack-surface-reduction-exploit-guard.md)
+#### [Hardware based isolation](windows-defender-application-guard/wd-app-guard-overview.md)
+##### [Frequently Asked Questions - Windows Defender Application Guard](windows-defender-application-guard/faq-wd-app-guard.md)
+#### [Windows Defender Application Control](windows-defender-application-control/windows-defender-application-control.md)
 
 
-
-### [Windows Defender Exploit Guard](windows-defender-exploit-guard\windows-defender-exploit-guard.md)
-#### [Evaluate Windows Defender Exploit Guard](windows-defender-exploit-guard\evaluate-windows-defender-exploit-guard.md)
-##### [Use auditing mode to evaluate Windows Defender Exploit Guard](windows-defender-exploit-guard\audit-windows-defender-exploit-guard.md)
-##### [View Exploit Guard events](windows-defender-exploit-guard\event-views-exploit-guard.md)
-#### [Exploit protection](windows-defender-exploit-guard\exploit-protection-exploit-guard.md)
+#### [Exploit protection - Chris, Amitai, Justin](windows-defender-exploit-guard\exploit-protection-exploit-guard.md)
 ##### [Comparison with Enhanced Mitigation Experience Toolkit](windows-defender-exploit-guard\emet-exploit-protection-exploit-guard.md)
-##### [Evaluate Exploit protection](windows-defender-exploit-guard\evaluate-exploit-protection.md)
-##### [Enable Exploit protection](windows-defender-exploit-guard\enable-exploit-protection.md)
+
+##### [Enable Exploit protection - Chris, Amitai, Justin](windows-defender-exploit-guard\enable-exploit-protection.md)
 ##### [Customize Exploit protection](windows-defender-exploit-guard\customize-exploit-protection.md)
 ###### [Import, export, and deploy Exploit protection configurations](windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md)
-##### [Memory integrity](windows-defender-exploit-guard\memory-integrity.md)
-###### [Requirements for virtualization-based protection of code integrity](windows-defender-exploit-guard\requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
-###### [Enable virtualization-based protection of code integrity](windows-defender-exploit-guard\enable-virtualization-based-protection-of-code-integrity.md)
-#### [Attack surface reduction](windows-defender-exploit-guard\attack-surface-reduction-exploit-guard.md)
-#### [Evaluate Attack surface reduction](windows-defender-exploit-guard\evaluate-attack-surface-reduction.md)
-#### [Enable Attack surface reduction](windows-defender-exploit-guard\enable-attack-surface-reduction.md)
-#### [Customize Attack surface reduction](windows-defender-exploit-guard\customize-attack-surface-reduction.md)
-#### [Troubleshoot Attack surface reduction rules](windows-defender-exploit-guard\troubleshoot-asr.md)
+
 #### [Network Protection](windows-defender-exploit-guard\network-protection-exploit-guard.md)
-#### [Evaluate Network Protection](windows-defender-exploit-guard\evaluate-network-protection.md)
-#### [Enable Network Protection](windows-defender-exploit-guard\enable-network-protection.md)
-#### [Troubleshoot Network protection](windows-defender-exploit-guard\troubleshoot-np.md)
+
+##### [Enable Network Protection](windows-defender-exploit-guard\enable-network-protection.md)
+##### [Troubleshoot Network protection](windows-defender-exploit-guard\troubleshoot-np.md)
 #### [Controlled folder access](windows-defender-exploit-guard\controlled-folders-exploit-guard.md)
-#### [Evaluate Controlled folder access](windows-defender-exploit-guard\evaluate-controlled-folder-access.md)
-#### [Enable Controlled folder access](windows-defender-exploit-guard\enable-controlled-folders-exploit-guard.md)
-#### [Customize Controlled folder access](windows-defender-exploit-guard\customize-controlled-folders-exploit-guard.md)
+
+##### [Enable Controlled folder access](windows-defender-exploit-guard\enable-controlled-folders-exploit-guard.md)
+##### [Customize Controlled folder access](windows-defender-exploit-guard\customize-controlled-folders-exploit-guard.md)
+
+
+
+##### [Enable Attack surface reduction](windows-defender-exploit-guard\enable-attack-surface-reduction.md)
+##### [Customize Attack surface reduction](windows-defender-exploit-guard\customize-attack-surface-reduction.md)
+##### [Troubleshoot Attack surface reduction rules](windows-defender-exploit-guard\troubleshoot-asr.md)
+
+### [Next gen protection - Andrea, Chris, Amitai](windows-defender-antivirus\configure-windows-defender-antivirus-features.md)
+#### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus\utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
+##### [Enable cloud-delivered protection](windows-defender-antivirus\enable-cloud-protection-windows-defender-antivirus.md)
+##### [Specify the cloud-delivered protection level](windows-defender-antivirus\specify-cloud-protection-level-windows-defender-antivirus.md)
+##### [Configure and validate network connections](windows-defender-antivirus\configure-network-connections-windows-defender-antivirus.md)
+##### [Enable the Block at First Sight feature](windows-defender-antivirus\configure-block-at-first-sight-windows-defender-antivirus.md)
+##### [Configure the cloud block timeout period](windows-defender-antivirus\configure-cloud-block-timeout-period-windows-defender-antivirus.md)
+#### [Configure behavioral, heuristic, and real-time protection](windows-defender-antivirus\configure-protection-features-windows-defender-antivirus.md)
+##### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus\detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
+##### [Enable and configure always-on protection and monitoring](windows-defender-antivirus\configure-real-time-protection-windows-defender-antivirus.md)
+
+
+
+### [Endpoint detection and response - Tomer B.](faketopic.md)
+####Alerts queue
+##### [View and organize the Alerts queue](windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md)
+##### [Manage alerts](windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md)
+##### [Investigate alerts](windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md)
+##### [Investigate files](windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md)
+##### [Investigate machines](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md)
+##### [Investigate an IP address](windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md)
+##### [Investigate a domain](windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md)
+##### [Investigate a user account](windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md)
+
+####Machines list
+##### [View and organize the Machines list](windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md)
+##### [Manage machine group and tags](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags)
+##### [Alerts related to this machine](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine)
+##### [Machine timeline](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline)
+###### [Search for specific events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events)
+###### [Filter events from a specific date](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
+###### [Export machine timeline events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
+###### [Navigate between pages](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
+
+
+#### [Take response actions](windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md)
+##### [Take response actions on a machine](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md)
+###### [Collect investigation package](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines)
+###### [Run antivirus scan](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines)
+###### [Restrict app execution](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution)
+###### [Remove app restriction](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction)
+###### [Isolate machines from the network](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
+###### [Release machine from isolation](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation)
+###### [Check activity details in Action center](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
+
+##### [Take response actions on a file](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md)
+###### [Stop and quarantine files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
+###### [Remove file from quarantine](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
+###### [Block files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
+###### [Remove file from blocked list](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list)
+###### [Check activity details in Action center](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
+###### [Deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
+###### [Submit files for analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
+###### [View deep analysis reports](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
+###### [Troubleshoot deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
+
+
+
+#### [Query data using Advanced hunting](windows-defender-atp\advanced-hunting-windows-defender-advanced-threat-protection.md)
+##### [Advanced hunting reference](windows-defender-atp\advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
+##### [Advanced hunting query language best practices](windows-defender-atp\advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
+
+
+### [Automatic investigation and remediation - Benny](windows-defender-atp\automated-investigations-windows-defender-advanced-threat-protection.md)
+
+
+###Security posture
+#### [Secure posture - Evald](windows-defender-atp\secure-score-dashboard-windows-defender-advanced-threat-protection.md)
+#### [View the Threat analytics dashboard and take recommended mitigation actions - Evald](windows-defender-atp\threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
+
+
+
+### [Management and APIs](management-apis.md)
+#### [Pull alerts to your SIEM tools](windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md)
+##### [Enable SIEM integration](windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md)
+##### [Configure Splunk to pull alerts](windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md)
+##### [Configure HP ArcSight to pull alerts](windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md)
+##### [Windows Defender ATP alert API fields](windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md)
+##### [Pull alerts using REST API](windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
+##### [Troubleshoot SIEM tool integration issues](windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md)
+
+#### [Use the Windows Defender ATP exposed APIs](windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md)
+##### [Supported Windows Defender ATP APIs](windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md)
+######Actor
+####### [Get actor information](windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md)
+####### [Get actor related alerts](windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md)
+######Alerts
+####### [Get alerts](windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md)
+####### [Get alert information by ID](windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md)
+####### [Get alert related actor information](windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md)
+####### [Get alert related domain information](windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md)
+####### [Get alert related file information](windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md)
+####### [Get alert related IP information](windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
+####### [Get alert related machine information](windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
+#######Domain
+########  [Get domain related alerts](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
+######## [Get domain related machines](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md)
+######## [Get domain statistics](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md)
+######## [Is domain seen in organization](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
+
+######File
+####### [Block file API](windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md)
+####### [Get file information](windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md)
+####### [Get file related alerts](windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md)
+####### [Get file related machines](windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md)
+####### [Get file statistics](windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md)
+####### [Get FileActions collection API](windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md)
+####### [Unblock file API](windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md)
+
+######IP
+####### [Get IP related alerts](windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md)
+####### [Get IP related machines](windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md)
+####### [Get IP statistics](windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md)
+####### [Is IP seen in organization](windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md)
+######Machines
+####### [Collect investigation package API](windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md)
+####### [Find machine information by IP](windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md)
+####### [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
+####### [Get FileMachineAction object API](windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
+####### [Get FileMachineActions collection API](windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
+####### [Get machine by ID](windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md)
+####### [Get machine log on users](windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md)
+####### [Get machine related alerts](windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md)
+####### [Get MachineAction object API](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md)
+####### [Get MachineActions collection API](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md)
+####### [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
+####### [Get package SAS URI API](windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md)
+####### [Isolate machine API](windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md)
+####### [Release machine from isolation API](windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md)
+####### [Remove app restriction API](windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
+####### [Request sample API](windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md)
+####### [Restrict app execution API](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md)
+####### [Run antivirus scan API](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md)
+####### [Stop and quarantine file API](windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md)
+
+
+
+######User
+####### [Get alert related user information](windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md)
+####### [Get user information](windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md)
+####### [Get user related alerts](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md)
+####### [Get user related machines](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md)
+
+
+
+
+#### [Use the threat intelligence API to create custom alerts](windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md)
+##### [Understand threat intelligence concepts](windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
+##### [Enable the custom threat intelligence application](windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md)
+##### [Create custom threat intelligence alerts](windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md)
+##### [PowerShell code examples](windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md)
+##### [Python code examples](windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md)
+##### [Experiment with custom threat intelligence alerts](windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md)
+##### [Troubleshoot custom threat intelligence issues](windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
+
+#### [Reporting](reporting.md)
+##### [Create and build Power BI reports using Windows Defender ATP data](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md)
+
+#### [Permissions](permissions.md)
+##### [Manage portal access using RBAC](windows-defender-atp\rbac-windows-defender-advanced-threat-protection.md)
+##### [Create and manage machine groups](windows-defender-atp\machine-groups-windows-defender-advanced-threat-protection.md)
+
+
+
+### [Microsoft threat protection - Heike or Raviv or Alon - need to make new page - put anchors inside for each integ](integration.md)
+####  [Protect users, data, and devices with conditional access](windows-defender-atp\conditional-access-windows-defender-advanced-threat-protection.md)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+###Troubleshoot Windows Defender ATP
+#### [Review AV/NEXT GEN event logs and error codes to troubleshoot issues - Amitai, etc](windows-defender-antivirus\troubleshoot-windows-defender-antivirus.md)
+
+####Troubleshoot sensor state - Ask Heike name of sensor
+##### [Check sensor state](windows-defender-atp\check-sensor-status-windows-defender-advanced-threat-protection.md)
+##### [Fix unhealthy sensors](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
+##### [Inactive machines](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
+##### [Misconfigured machines](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
+##### [Review events and errors on machines with Event Viewer](windows-defender-atp\event-error-codes-windows-defender-advanced-threat-protection.md)
+
+#### [Troubleshoot Windows Defender ATP service issues](windows-defender-atp\troubleshoot-windows-defender-advanced-threat-protection.md)
+##### [Check service health](windows-defender-atp\service-status-windows-defender-advanced-threat-protection.md)
+
+
+
+
+
+
 
 
 
 
-### [Windows Defender Application Control](windows-defender-application-control/windows-defender-application-control.md)
 
 
 
 
 
 
-### [Windows Defender Application Guard](windows-defender-application-guard/wd-app-guard-overview.md)
-#### [System requirements for Windows Defender Application Guard](windows-defender-application-guard/reqs-wd-app-guard.md)
-#### [Prepare and install Windows Defender Application Guard](windows-defender-application-guard/install-wd-app-guard.md)
-#### [Configure the Group Policy settings for Windows Defender Application Guard](windows-defender-application-guard/configure-wd-app-guard.md)
-#### [Testing scenarios using Windows Defender Application Guard in your business or organization](windows-defender-application-guard/test-scenarios-wd-app-guard.md)
-#### [Frequently Asked Questions - Windows Defender Application Guard](windows-defender-application-guard/faq-wd-app-guard.md)
 
 
 ## Other security features
@@ -437,7 +494,7 @@
 ####### [Event 4733 S: A member was removed from a security-enabled local group.](auditing/event-4733.md)
 ####### [Event 4734 S: A security-enabled local group was deleted.](auditing/event-4734.md)
 ####### [Event 4735 S: A security-enabled local group was changed.](auditing/event-4735.md)
-####### [Event 4764 S: A group’s type was changed.](auditing/event-4764.md)
+####### [Event 4764 S: A group’s type was changed.](auditing/event-4764.md)
 ####### [Event 4799 S: A security-enabled local group membership was enumerated.](auditing/event-4799.md)
 ###### [Audit User Account Management](auditing/audit-user-account-management.md)
 ####### [Event 4720 S: A user account was created.](auditing/event-4720.md)

windows/security/threat-protection/configure1.md

@@ -0,0 +1,16 @@
+---
+title: 
+description: 
+keywords: 
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 07/01/2018
+---
+
+# To do: Amitai and Andrea and Justin

windows/security/threat-protection/configure3.md

@@ -0,0 +1,18 @@
+---
+title: 
+description: 
+keywords: 
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 07/01/2018
+---
+
+# TO do: Benny and joey to write this topic
+
+You can configure it through the portal, see Settings

windows/security/threat-protection/evaluate.md

@@ -0,0 +1 @@
+EVALUATE WDATP

windows/security/threat-protection/integration.md

@@ -0,0 +1,20 @@
+---
+title: 
+description: 
+keywords: 
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 07/01/2018
+---
+
+# TO do: Heike, Alon, or Raviv
+
+These are all the products that WDATP integrates with then link to their documentation.
+
+Have links to the different configuration settings and put links there.

windows/security/threat-protection/management-apis.md

@@ -0,0 +1,26 @@
+---
+title: 
+description: 
+keywords: 
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 07/01/2018
+---
+
+# To do: Raviv 
+
+Talk about all the tools that you can use with WDATP 
+
+OR one liner
+
+wdatp allows you to interact with the platform and other systems
+
+enable to manage and interact with the system
+
+APIs, SIEM connectors, Reporting, powerbi, etc

windows/security/threat-protection/onboard.md

@@ -0,0 +1,16 @@
+---
+title: 
+description: 
+keywords: 
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 07/01/2018
+---
+
+# TO do: naama and joey to write this topic

windows/security/threat-protection/troubleshoot-sense.md

@@ -0,0 +1,18 @@
+---
+title: 
+description: 
+keywords: 
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 07/01/2018
+---
+
+# TO do: Heike
+
+What do you want to call sense 

windows/security/threat-protection/windows-defender-atp/TOC.md

@@ -1,33 +1,170 @@
-# [Windows Defender Security Center](windows-defender-security-center-atp.md)
-##Get started
+# [Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md)
+
+
+## [Get started](../fake2.md)
 ### [Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md)
 ### [Validate licensing and complete setup](licensing-windows-defender-advanced-threat-protection.md)
 ### [Troubleshoot subscription and portal access issues](troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
 ### [Preview features](preview-windows-defender-advanced-threat-protection.md)
 ### [Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md)
 ### [Assign user access to the portal](assign-portal-access-windows-defender-advanced-threat-protection.md)
-## [Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md)
-### [Onboard previous versions of Windows](onboard-downlevel-windows-defender-advanced-threat-protection.md)
-### [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
-#### [Onboard machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
-#### [Onboard machines using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
-#### [Onboard machines using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
-##### [Onboard machines using Microsoft Intune](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#onboard-windows-10-machines-using-microsoft-intune)
-#### [Onboard machines using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
-#### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
-### [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md)
-### [Onboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
-### [Run a detection test on a newly onboarded machine](run-detection-test-windows-defender-advanced-threat-protection.md)
-### [Run simulated attacks on machines](attack-simulations-windows-defender-advanced-threat-protection.md)
-### [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
-### [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
-## [Understand the portal](use-windows-defender-advanced-threat-protection.md)
-### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
-### [View the Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md)
-### [View the Secure Score dashboard and improve your secure score](secure-score-dashboard-windows-defender-advanced-threat-protection.md)
-### [View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
 
-##Investigate and remediate threats
+
+### [Evaluate Windows Defender ATP](../evaluate.md)
+#### [Evaluate Attack surface reduction - ASR controls](../windows-defender-exploit-guard/evaluate-attack-surface-reduction.md)
+#### [Evaluate Exploit protection](../windows-defender-exploit-guard/evaluate-exploit-protection.md)
+#### [Evaluate Network Protection](../windows-defender-exploit-guard/evaluate-network-protection.md)
+#### [Evaluate Controlled folder access](../windows-defender-exploit-guard/evaluate-controlled-folder-access.md)
+#### [Evaluate Windows Defender Antivirus protection](../windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
+#### [Evaluate Windows Defender Exploit Guard-rewrite](../windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md)
+#### [Use auditing mode to evaluate Windows Defender Exploit Guard](../windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md)
+#### [Testing scenarios using Windows Defender Application Guard in your business or organization](../windows-defender-application-guard//test-scenarios-wd-app-guard.md)
+ 
+ 
+## [Onboard and configure machines to Windows Defender ATP](../onboard.md)
+### [Onboard machines - need to revise this page](onboard-configure-windows-defender-advanced-threat-protection.md)
+#### [Onboard previous versions of Windows](onboard-downlevel-windows-defender-advanced-threat-protection.md)
+#### [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
+##### [Onboard machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
+##### [Onboard machines using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
+##### [Onboard machines using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
+###### [Onboard machines using Microsoft Intune](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#onboard-machines-using-microsoft-intune)
+##### [Onboard machines using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
+##### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
+#### [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md)
+#### [Onboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
+#### [Run a detection test on a newly onboarded machine](run-detection-test-windows-defender-advanced-threat-protection.md)
+#### [Run simulated attacks on machines](attack-simulations-windows-defender-advanced-threat-protection.md)
+#### [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
+#### [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
+
+
+###[Configure Attack surface reduction](../configure1.md)
+#### [System requirements for Windows Defender Application Guard](../windows-defender-application-guard//reqs-wd-app-guard.md)
+#### [Prepare and install Windows Defender Application Guard](../windows-defender-application-guard//install-wd-app-guard.md)
+#### [Configure the Group Policy settings for Windows Defender Application Guard](../windows-defender-application-guard//configure-wd-app-guard.md)
+ 
+ 
+### [Configure Next generation protection](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
+#### [Windows Defender AV on Windows Server 2016](../windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md)
+#### [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md)
+##### [Use limited periodic scanning in Windows Defender AV](../windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md)
+ 
+ 
+#### [Deploy, manage updates, and report on Windows Defender Antivirus](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md)
+##### [Deploy and enable Windows Defender Antivirus](../windows-defender-antivirus/deploy-windows-defender-antivirus.md)
+###### [Deployment guide for VDI environments](../windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md)
+##### [Report on Windows Defender Antivirus protection](../windows-defender-antivirus/report-monitor-windows-defender-antivirus.md)
+###### [Troubleshoot Windows Defender Antivirus reporting in Update Compliance](../windows-defender-antivirus/troubleshoot-reporting.md)
+##### [Manage updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md)
+###### [Manage protection and definition updates](../windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md)
+###### [Manage when protection updates should be downloaded and applied](../windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md)
+###### [Manage updates for endpoints that are out of date](../windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md)
+###### [Manage event-based forced updates](../windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md)
+###### [Manage updates for mobile devices and VMs](../windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
+
+
+#### [Customize, initiate, and review the results of scans and remediation](../windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
+##### [Configure and validate exclusions in Windows Defender AV scans](../windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
+###### [Configure and validate exclusions based on file name, extension, and folder location](../windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
+###### [Configure and validate exclusions for files opened by processes](../windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
+###### [Configure exclusions in Windows Defender AV on Windows Server 2016](../windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
+##### [Configure scanning options in Windows Defender AV](../windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
+##### [Configure remediation for scans](../windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
+##### [Configure scheduled scans](../windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
+##### [Configure and run scans](../windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
+##### [Review scan results](../windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
+##### [Run and review the results of a Windows Defender Offline scan](../windows-defender-antivirus/windows-defender-offline.md)
+#### [Restore quarantined files in Windows Defender AV](../windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
+#### [Manage Windows Defender AV in your business](../windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
+##### [Use Group Policy settings to configure and manage Windows Defender AV](../windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
+##### [Use System Center Configuration Manager and Microsoft Intune to configure and manage Windows Defender AV](../windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
+##### [Use PowerShell cmdlets to configure and manage Windows Defender AV](../windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
+##### [Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender AV](../windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
+##### [Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender AV](../windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
+
+
+### [Configure Automatic investigation and remediation  - needs new content, u can configure through the portal settings + link to the settings page](../configure3.md)
+
+
+### [Windows Defender Security Center settings](preferences-setup-windows-defender-advanced-threat-protection.md)
+####General
+##### [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md)
+##### [Configure alert notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md)
+##### [Enable and create Power BI reports using Windows Defender Security center data](powerbi-reports-windows-defender-advanced-threat-protection.md)
+##### [Enable Secure score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md)
+##### [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md)
+ 
+ 
+####APIs
+##### [Enable Threat intel](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+##### [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md)
+
+
+####Rules
+##### [Manage suppression rules](manage-suppression-rules-windows-defender-advanced-threat-protection.md)
+##### [Manage automation allowed/blocked](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
+##### [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
+##### [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
+
+
+####Machine management
+##### [Onboarding machines](onboard-configure-windows-defender-advanced-threat-protection.md)
+##### [Offboarding machines](offboard-machines-windows-defender-advanced-threat-protection.md)
+ 
+ 
+#### [Configure Windows Defender Security Center time zone settings](time-settings-windows-defender-advanced-threat-protection.md)
+
+
+## [Windows Defender Security Center](use-windows-defender-advanced-threat-protection.md)
+### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
+### [View the Security operations dashboard - consdier moving to the relevant pillar](security-operations-dashboard-windows-defender-advanced-threat-protection.md)
+ 
+### [Access the Windows Defender Security Center Community Center](community-windows-defender-advanced-threat-protection.md)
+
+
+## [Attack surface reduction - Chris, Amitai, Justin](../windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md)
+### [Hardware based isolation](../windows-defender-application-guard//wd-app-guard-overview.md)
+#### [Frequently Asked Questions - Windows Defender Application Guard](../windows-defender-application-guard//faq-wd-app-guard.md)
+### [Windows Defender Application Control](../windows-defender-application-control/windows-defender-application-control.md)
+
+
+### [Exploit protection - Chris, Amitai, Andrea](../windows-defender-exploit-guard/exploit-protection-exploit-guard.md)
+#### [Comparison with Enhanced Mitigation Experience Toolkit](../windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md)
+ 
+#### [Enable Exploit protection](../windows-defender-exploit-guard/enable-exploit-protection.md)
+#### [Customize Exploit protection](../windows-defender-exploit-guard/customize-exploit-protection.md)
+##### [Import, export, and deploy Exploit protection configurations](../windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md)
+
+### [Network Protection](../windows-defender-exploit-guard/network-protection-exploit-guard.md)
+ 
+#### [Enable Network Protection](../windows-defender-exploit-guard/enable-network-protection.md)
+#### [Troubleshoot Network protection](../windows-defender-exploit-guard/troubleshoot-np.md)
+### [Controlled folder access](../windows-defender-exploit-guard/controlled-folders-exploit-guard.md)
+
+
+#### [Enable Controlled folder access](../windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md)
+#### [Customize Controlled folder access](../windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md)
+
+
+#### [Enable Attack surface reduction](../windows-defender-exploit-guard/enable-attack-surface-reduction.md)
+#### [Customize Attack surface reduction](../windows-defender-exploit-guard/customize-attack-surface-reduction.md)
+#### [Troubleshoot Attack surface reduction rules](../windows-defender-exploit-guard/troubleshoot-asr.md)
+
+
+## [Next gen protection - Andrea, Chris, Amitai](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md)
+### [Utilize Microsoft cloud-delivered protection](../windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
+#### [Enable cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md)
+#### [Specify the cloud-delivered protection level](../windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md)
+#### [Configure and validate network connections](../windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md)
+#### [Enable the Block at First Sight feature](../windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md)
+#### [Configure the cloud block timeout period](../windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md)
+### [Configure behavioral, heuristic, and real-time protection](../windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md)
+#### [Detect and block Potentially Unwanted Applications](../windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
+#### [Enable and configure always-on protection and monitoring](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md)
+
+
+## [Endpoint detection and response - Tomer B.](../faketopic.md)
 ###Alerts queue
 #### [View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
 #### [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
@@ -37,10 +174,7 @@
 #### [Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md)
 #### [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md)
 #### [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md)
-
-
-
-
+ 
 ###Machines list
 #### [View and organize the Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
 #### [Manage machine group and tags](investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags)
@@ -61,6 +195,8 @@
 ##### [Isolate machines from the network](respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
 ##### [Release machine from isolation](respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation)
 ##### [Check activity details in Action center](respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
+
+
 #### [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md)
 ##### [Stop and quarantine files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
 ##### [Remove file from quarantine](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
@@ -68,18 +204,25 @@
 ##### [Remove file from blocked list](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list)
 ##### [Check activity details in Action center](respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
 ##### [Deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
-###### [Submit files for analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
-###### [View deep analysis reports](respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
-###### [Troubleshoot deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
+##### [Submit files for analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
+##### [View deep analysis reports](respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
+##### [Troubleshoot deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
+
 
 ### [Query data using Advanced hunting](advanced-hunting-windows-defender-advanced-threat-protection.md)
 #### [Advanced hunting reference](advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
 #### [Advanced hunting query language best practices](advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
 
-## [Use Automated investigation to investigate and remediate threats](automated-investigations-windows-defender-advanced-threat-protection.md)
 
-## [Protect data with conditional access](conditional-access-windows-defender-advanced-threat-protection.md)
-##API and SIEM support
+## [Automatic investigation and remediation - Benny](automated-investigations-windows-defender-advanced-threat-protection.md)
+ 
+ 
+##Security posture
+### [Secure posture - Evald](secure-score-dashboard-windows-defender-advanced-threat-protection.md)
+### [View the Threat analytics dashboard and take recommended mitigation actions - Evald](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
+
+
+## [Management and APIs](../management-apis.md)
 ### [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md)
 #### [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md)
 #### [Configure Splunk to pull alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
@@ -88,14 +231,7 @@
 #### [Pull alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
 #### [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)
 
-### [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md)
-#### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-#### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
-#### [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md)
-#### [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md)
-#### [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md)
-#### [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
-#### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
+
 ### [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md)
 #### [Supported Windows Defender ATP APIs](supported-apis-windows-defender-advanced-threat-protection.md)
 #####Actor
@@ -109,20 +245,22 @@
 ###### [Get alert related file information](get-alert-related-files-info-windows-defender-advanced-threat-protection.md)
 ###### [Get alert related IP information](get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
 ###### [Get alert related machine information](get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
-#####Domain
-######  [Get domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
-###### [Get domain related machines](get-domain-related-machines-windows-defender-advanced-threat-protection.md)
-###### [Get domain statistics](get-domain-statistics-windows-defender-advanced-threat-protection.md)
-###### [Is domain seen in organization](is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
+######Domain
+#######  [Get domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
+####### [Get domain related machines](get-domain-related-machines-windows-defender-advanced-threat-protection.md)
+####### [Get domain statistics](get-domain-statistics-windows-defender-advanced-threat-protection.md)
+####### [Is domain seen in organization](is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
+
 
 #####File
-###### [Block file](block-file-windows-defender-advanced-threat-protection.md)
+###### [Block file API](block-file-windows-defender-advanced-threat-protection.md)
 ###### [Get file information](get-file-information-windows-defender-advanced-threat-protection.md)
 ###### [Get file related alerts](get-file-related-alerts-windows-defender-advanced-threat-protection.md)
 ###### [Get file related machines](get-file-related-machines-windows-defender-advanced-threat-protection.md)
 ###### [Get file statistics](get-file-statistics-windows-defender-advanced-threat-protection.md)
-###### [Get FileActions collection](get-fileactions-collection-windows-defender-advanced-threat-protection.md)
-###### [Unblock file](unblock-file-windows-defender-advanced-threat-protection.md)
+###### [Get FileActions collection API](get-fileactions-collection-windows-defender-advanced-threat-protection.md)
+###### [Unblock file API](unblock-file-windows-defender-advanced-threat-protection.md)
+
 
 #####IP
 ###### [Get IP related alerts](get-ip-related-alerts-windows-defender-advanced-threat-protection.md)
@@ -130,26 +268,25 @@
 ###### [Get IP statistics](get-ip-statistics-windows-defender-advanced-threat-protection.md)
 ###### [Is IP seen in organization](is-ip-seen-org-windows-defender-advanced-threat-protection.md)
 #####Machines
-###### [Collect investigation package](collect-investigation-package-windows-defender-advanced-threat-protection.md)
+###### [Collect investigation package API](collect-investigation-package-windows-defender-advanced-threat-protection.md)
 ###### [Find machine information by IP](find-machine-info-by-ip-windows-defender-advanced-threat-protection.md)
 ###### [Get machines](get-machines-windows-defender-advanced-threat-protection.md)
-###### [Get FileMachineAction object](get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
-###### [Get FileMachineActions collection](get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
+###### [Get FileMachineAction object API](get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
+###### [Get FileMachineActions collection API](get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
 ###### [Get machine by ID](get-machine-by-id-windows-defender-advanced-threat-protection.md)
 ###### [Get machine log on users](get-machine-log-on-users-windows-defender-advanced-threat-protection.md)
 ###### [Get machine related alerts](get-machine-related-alerts-windows-defender-advanced-threat-protection.md)
-###### [Get MachineAction object](get-machineaction-object-windows-defender-advanced-threat-protection.md)
-###### [Get MachineActions collection](get-machineactions-collection-windows-defender-advanced-threat-protection.md)
+###### [Get MachineAction object API](get-machineaction-object-windows-defender-advanced-threat-protection.md)
+###### [Get MachineActions collection API](get-machineactions-collection-windows-defender-advanced-threat-protection.md)
 ###### [Get machines](get-machines-windows-defender-advanced-threat-protection.md)
-###### [Get package SAS URI](get-package-sas-uri-windows-defender-advanced-threat-protection.md)
-###### [Isolate machine](isolate-machine-windows-defender-advanced-threat-protection.md)
-###### [Release machine from isolation](unisolate-machine-windows-defender-advanced-threat-protection.md)
-###### [Remove app restriction](unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
-###### [Request sample](request-sample-windows-defender-advanced-threat-protection.md)
-###### [Restrict app execution](restrict-code-execution-windows-defender-advanced-threat-protection.md)
-###### [Run antivirus scan](run-av-scan-windows-defender-advanced-threat-protection.md)
-###### [Stop and quarantine file](stop-quarantine-file-windows-defender-advanced-threat-protection.md)
-
+###### [Get package SAS URI API](get-package-sas-uri-windows-defender-advanced-threat-protection.md)
+###### [Isolate machine API](isolate-machine-windows-defender-advanced-threat-protection.md)
+###### [Release machine from isolation API](unisolate-machine-windows-defender-advanced-threat-protection.md)
+###### [Remove app restriction API](unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
+###### [Request sample API](request-sample-windows-defender-advanced-threat-protection.md)
+###### [Restrict app execution API](restrict-code-execution-windows-defender-advanced-threat-protection.md)
+###### [Run antivirus scan API](run-av-scan-windows-defender-advanced-threat-protection.md)
+###### [Stop and quarantine file API](stop-quarantine-file-windows-defender-advanced-threat-protection.md)
 
 
 #####User
@@ -158,46 +295,58 @@
 ###### [Get user related alerts](get-user-related-alerts-windows-defender-advanced-threat-protection.md)
 ###### [Get user related machines](get-user-related-machines-windows-defender-advanced-threat-protection.md)
 
-##Reporting
-### [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
 
-##Check service health and sensor state
-### [Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md)
-### [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
-### [Inactive machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
-### [Misconfigured machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
-### [Check service health](service-status-windows-defender-advanced-threat-protection.md)
-## [Configure Windows Defender Security Center settings](preferences-setup-windows-defender-advanced-threat-protection.md)
-
-###General
-#### [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md)
-#### [Configure alert notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md)
-#### [Enable and create Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
-#### [Enable Secure score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md)
-#### [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md)
+### [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md)
+#### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
+#### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+#### [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md)
+#### [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md)
+#### [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md)
+#### [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
+#### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
 
 
-###Permissions
+### [Reporting](../reporting.md)
+#### [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
+
+
+### [Permissions](../permissions.md)
 #### [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md)
 #### [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md)
 
-###APIs
-#### [Enable Threat intel](enable-custom-ti-windows-defender-advanced-threat-protection.md)
-#### [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md)
 
-###Rules
-#### [Manage suppression rules](manage-suppression-rules-windows-defender-advanced-threat-protection.md)
-#### [Manage automation allowed/blocked](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
-#### [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
-#### [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
+## [Microsoft threat protection - Heike or Raviv or Alon - need to make new page - put anchors inside for each integ](../integration.md)
+###  [Protect users, data, and devices with conditional access](conditional-access-windows-defender-advanced-threat-protection.md)
+
+
+##Troubleshoot Windows Defender ATP
+### [Review AV/NEXT GEN event logs and error codes to troubleshoot issues - Amitai, etc](../windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md)
+
+
+###Troubleshoot sensor state - Ask Heike name of sensor
+#### [Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md)
+#### [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
+#### [Inactive machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
+#### [Misconfigured machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
+#### [Review events and errors on machines with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)
+ 
+### [Troubleshoot Windows Defender ATP service issues](troubleshoot-windows-defender-advanced-threat-protection.md)
+#### [Check service health](service-status-windows-defender-advanced-threat-protection.md)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 
-###Machine management
-#### [Onboarding machines](onboard-configure-windows-defender-advanced-threat-protection.md)
-#### [Offboarding machines](offboard-machines-windows-defender-advanced-threat-protection.md)
 
-## [Configure Windows Defender Security Center zone settings](time-settings-windows-defender-advanced-threat-protection.md)
 
-## [Access the Windows Defender ATP Community Center](community-windows-defender-advanced-threat-protection.md)
-## [Troubleshoot Windows Defender ATP service issues](troubleshoot-windows-defender-advanced-threat-protection.md)
-### [Review events and errors on machines with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)
 

windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md

@@ -23,7 +23,7 @@ ms.date: 05/21/2018
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
+BENNY: look at this page and see if there are "settings/ configurations" if yes, point them to the settings page and remove it from here.
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automated-investigations-abovefoldlink)
 

windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md

@@ -18,7 +18,11 @@ ms.date: 07/01/2018
 **Applies to:**
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-You need to onboard machines to Windows Defender ATP before you can use the service.
+You need to turn on the sensor to give visibility within Windows Defender ATP.
+
+JOEY: LOOK INTO THIS AGAIN - REVISE
+OWNER: NAAMA
+
 
 For more information, see [Onboard your Windows 10 machines to Windows Defender ATP](https://www.youtube.com/watch?v=JT7VGYfeRlA&feature=youtu.be).
 

windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md

@@ -32,7 +32,7 @@ Use the **Settings** menu to modify general settings, advanced features, enable
 
 Topic | Description
 :---|:---
-[Update general settings](data-retention-settings-windows-defender-advanced-threat-protection.md) | Modify your general settings that were previously defined as part of the onboarding process.
+General settings | Modify your general settings that were previously defined as part of the onboarding process.
 Permissions | Manage portal access using RBAC as well as machine groups.
 APIs | Enable the threat intel and SIEM integration.
 Rules | Configure suppressions rules and automation settings.