fix toc to include new topics

windows/keep-secure/TOC.md

@@ -736,22 +736,36 @@
 #### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
 #### [Understand the Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
 #### [Use the Windows Defender ATP portal](use-windows-defender-advanced-threat-protection.md)
-##### [Alerts overview](alerts-queue-windows-defender-advanced-threat-protection.md)
-##### [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
+#### [Alerts overview](alerts-queue-windows-defender-advanced-threat-protection.md)
+#### [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
 #### [Consume alerts and create custom indicators](configure-siem-windows-defender-advanced-threat-protection.md)
 ##### [Configure an Azure Active Directory application for SIEM integration](configure-aad-windows-defender-advanced-threat-protection.md)
 ##### [Configure Splunk to consume Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
 ##### [Configure HP ArcSight to consume Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
 ##### [Understand threat indicators](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-##### [Create custom threat indicators using REST API](custom-ti-api-windows-defender-advanced-threat-protection.md)
-#### [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-##### [Machines overview](machines-view-overview-windows-defender-advanced-threat-protection.md)
-##### [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md)
-##### [Investigate files](investigate-files-windows-defender-advanced-threat-protection.md)
-##### [Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md)
-##### [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md)
-##### [Check sensor status](check-sensor-status-windows-defender-advanced-threat-protection.md)
-###### [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
+###### [Create custom threat indicators using REST API](custom-ti-api-windows-defender-advanced-threat-protection.md)
+##### [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
+#### [Machines overview](machines-view-overview-windows-defender-advanced-threat-protection.md)
+#### [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md)
+##### [Isolate machines from the network](investigate-machines-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
+##### [Undo machine isolation](investigate-machines-windows-defender-advanced-threat-protection.md#undo-machine-isolation)
+##### [Collect investigation package](investigate-machines-windows-defender-advanced-threat-protection.md#collect-investigation-package)
+##### [Check activity details in Action center](investigate-machines-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
+#### [Investigate files](investigate-files-windows-defender-advanced-threat-protection.md)
+##### [Stop and quarantine files in your network](investigate-files-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
+##### [Remove file from quarantine](investigate-files-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
+##### [Block files in your network](investigate-files-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
+##### [Check activity details in Action center](investigate-files-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
+##### [Deep analysis]((investigate-files-windows-defender-advanced-threat-protection.md#deep-analysis)
+###### [Submit files for analysis](investigate-files-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
+###### [View deep analysis reports](investigate-files-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
+##### [Troubleshoot deep analysis](investigate-files-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
+#### [Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md)
+#### [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md)
+#### [Check sensor status](check-sensor-status-windows-defender-advanced-threat-protection.md)
+##### [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
+###### [Inactive machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
+###### [Misconfigured machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
 #### [Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md)
 #### [Windows Defender ATP service status](service-status-windows-defender-advanced-threat-protection.md)
 #### [Configure email notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md)

windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md

@@ -199,7 +199,7 @@ A progress bar is displayed and provides information on the different stages of
 > [!NOTE]
 > Depending on machine availability, sample collection time can vary. There is a 3-hour timeout for sample collection. The collection will fail and the operation will abort if there is no online Windows 10 machine reporting at that time. You can re-submit files for deep analysis to get fresh data on the file.
 
-## View deep analysis reports
+### View deep analysis reports
 
 View the deep analysis report that Windows Defender ATP provides to see the details of the deep analysis that was conducted on the file you submitted. This feature is available in the file view context.
 
@@ -238,7 +238,7 @@ HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection
 > [!NOTE]
 > If the value *AllowSampleCollection* is not available, the client will allow sample collection by default.
 
-### Related topics
+## Related topics
 - [Understand the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
 - [Alerts overview](alerts-queue-windows-defender-advanced-threat-protection.md)
 - [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)

windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md

@@ -113,7 +113,6 @@ This machine isolation feature disconnects the compromised machine from the netw
 >[!NOTE]
 >You’ll be able to reconnect the machine back to the network at any time.
 
-## Isolate machine
 1.	Select the machine that you want to isolate. You can select or search for a machine from any of the following views:
 
   -	**Dashboard** – Select the machine name from the Top machines with active alerts section.
@@ -176,7 +175,6 @@ Temp Directories | Contains a set of text files that lists the files located in
 Users and Groups | Provides a list of files that each represent a group and its members.
 CollectionSummaryReport.xls | This file is a summary of the investigation package collection, it contains the list of data points, the command used to extract the data, the execution status, and the error code in case of failure. You can use this report to track if the package includes all the expected data and identify if there were any errors.
 
-## Collect investigation package
 1.	Select the machine that you want to investigate. You can select or search for a machine from any of the following views:
 
   -	**Dashboard** – Select the machine name from the Top machines with active alerts section.
@@ -207,7 +205,7 @@ The **Action center** provides information on actions that were taken on a machi
 ![Image of action center with information](images/atp-action-center-with-info.png)
 
 
-### Related topics
+## Related topics
 - [Understand the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
 - [Alerts overview](alerts-queue-windows-defender-advanced-threat-protection.md)
 - [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)