diff --git a/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
index 9592c54ea3..18204f4978 100644
--- a/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Turn on advanced features in Windows Defender ATP
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedfeats-abovefoldlink)
diff --git a/windows/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md
index 42299706d8..7fe267a6c1 100644
--- a/windows/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# View and organize the Windows Defender Advanced Threat Protection Alerts queue
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-alertsq-abovefoldlink)
@@ -74,6 +74,8 @@ Reviewing the various alerts and their severity can help you decide on the appro
**Detection source**
- Windows Defender AV
- Windows Defender ATP
+- Windows Defender SmartScreen
+- Others
>[!NOTE]
>The Windows Defender Antivirus filter will only appear if your endpoints are using Windows Defender as the default real-time protection antimalware product.
@@ -92,7 +94,7 @@ Selecting an alert brings up the **Alert management** pane where you can manage
You can take immediate action on an alert and see details about an alert in the **Alert management** pane:
- Change the status of an alert from new, to in progress, or resolved.
-- Specify the alert classification from true alert or false alert.
+- Specify the alert classification from true alert or false alert by selecting **In progress**.
Selecting true alert displays the **Determination** drop-down list to provide additional information about the true alert:
- APT
- Malware
diff --git a/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
index 764fe72b5d..909ae6a8eb 100644
--- a/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Windows Defender ATP alert API fields
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-apiportalmapping-abovefoldlink)
diff --git a/windows/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md
index 8c52c26e52..3f28c41ef8 100644
--- a/windows/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Assign user access to the Windows Defender ATP portal
@@ -24,7 +24,7 @@ ms.date: 09/05/2017
- Office 365
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
@@ -83,7 +83,7 @@ For more information see, [Manage Azure AD group and role membership](https://te
7. Under **Directory role**, select **Limited administrator**, then **Security Reader** or **Security Administrator**.
-
+ 
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-portalaccess-belowfoldlink)
diff --git a/windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md
index b4cac17a7c..1ba183765a 100644
--- a/windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Check sensor health state in Windows Defender ATP
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-checksensor-abovefoldlink)
@@ -32,8 +32,9 @@ The sensor health tile provides information on the individual endpoint’s abili
There are two status indicators on the tile that provide information on the number of machines that are not reporting properly to the service:
-- **Inactive** - Machines that have stopped reporting to the Windows Defender ATP service for more than seven days in the past month.
- **Misconfigured** - These machines might partially be reporting sensor data to the Windows Defender ATP service and might have configuration errors that need to be corrected.
+- **Inactive** - Machines that have stopped reporting to the Windows Defender ATP service for more than seven days in the past month.
+
Clicking any of the groups directs you to Machines list, filtered according to your choice.
@@ -50,10 +51,11 @@ You can also download the entire list in CSV format using the **Export to CSV**
You can filter the health state list by the following status:
- **Active** - Machines that are actively reporting to the Windows Defender ATP service.
-- **Inactive** - Machines that have stopped reporting to the Windows Defender ATP service.
- **Misconfigured** - These machines might partially be reporting sensor data to the Windows Defender ATP service but have configuration errors that need to be corrected. Misconfigured machines can have either one or a combination of the following issues:
- **No sensor data** - Machines has stopped sending sensor data. Limited alerts can be triggered from the machine.
- **Impaired communications** - Ability to communicate with machine is impaired. Sending files for deep analysis, blocking files, isolating machine from network and other actions that require communication with the machine may not work.
+- **Inactive** - Machines that have stopped reporting to the Windows Defender ATP service.
+
You can view the machine details when you click on a misconfigured or inactive machine. You’ll see more specific machine information when you click the information icon.
diff --git a/windows/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md
index c4c965309f..7fab21b8af 100644
--- a/windows/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Configure HP ArcSight to pull Windows Defender ATP alerts
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configurearcsight-abovefoldlink)
diff --git a/windows/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
index 1c7f1bf825..adc3f256ef 100644
--- a/windows/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Configure email notifications in Windows Defender ATP
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-emailconfig-abovefoldlink)
diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
index c0c4500c23..3df84f3009 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Configure endpoints using Group Policy
@@ -25,7 +25,7 @@ ms.date: 09/05/2017
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsgp-abovefoldlink)
@@ -116,7 +116,7 @@ For security reasons, the package used to offboard endpoints will expire 30 days
1. Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
- a. Click **Endpoint management** on the **Navigation pane**.
+ a. Click **Endpoint management** > **Clients** on the **Navigation pane**.
b. Click the **Endpoint offboarding** section.
diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
index 690593d58b..a87b04e519 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Configure endpoints using Mobile Device Management tools
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsmdm-abovefoldlink)
@@ -44,11 +44,11 @@ For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThre
1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
- a. Select **Endpoint management** on the **Navigation pane**.
+ a. Select **Endpoint management** > **Clients** on the **Navigation pane**.
b. Select **Mobile Device Management/Microsoft Intune** > **Download package** and save the .zip file.
- 
+ 
2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATP.onboarding*.
@@ -98,6 +98,7 @@ You can use the following onboarding policies to deploy configuration settings o
- Health Status for onboarded machines
- Configuration for onboarded machines
+> [!div class="mx-tableFixed"]
Policy | OMA-URI | Type | Value | Description
:---|:---|:---|:---|:---
Onboarding | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Onboarding | String | Copy content from onboarding MDM file | Onboarding
@@ -182,7 +183,7 @@ For security reasons, the package used to offboard endpoints will expire 30 days
1. Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
- a. Click **Endpoint management** on the **Navigation pane**.
+ a. Click **Endpoint management** > **Clients** on the **Navigation pane**.
b. Click the **Endpoint offboarding** section.
diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
index dccdfe3ee5..c28b6b77f8 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Configure endpoints using System Center Configuration Manager
@@ -24,7 +24,7 @@ ms.date: 09/05/2017
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
- System Center 2012 Configuration Manager or later versions
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointssccm-abovefoldlink)
@@ -48,7 +48,7 @@ You can use existing System Center Configuration Manager functionality to create
1. Open the SCCM configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
- a. Click **Endpoint management** on the **Navigation pane**.
+ a. Click **Endpoint management** > **Clients** on the **Navigation pane**.
b. Select **System Center Configuration Manager 2012/2012 R2/1511/1602**, click **Download package**, and save the .zip file.
@@ -120,7 +120,7 @@ For security reasons, the package used to offboard endpoints will expire 30 days
1. Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
- a. Click **Endpoint management** on the **Navigation pane**.
+ a. Click **Endpoint management** > **Clients** on the **Navigation pane**.
b. Click the **Endpoint offboarding** section.
diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md
index c2d209b804..f6bd888c41 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Configure endpoints using a local script
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink)
@@ -35,7 +35,7 @@ You can also manually onboard individual endpoints to Windows Defender ATP. You
## Onboard endpoints
1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
- a. Click **Endpoint management** on the **Navigation pane**.
+ a. Click **Endpoint management** > **Clients** on the **Navigation pane**.
b. Select **Local Script**, click **Download package** and save the .zip file.
diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
index 433ebdcd72..aa48ff798a 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Configure non-persistent virtual desktop infrastructure (VDI) machines
@@ -18,7 +18,7 @@ ms.date: 09/05/2017
**Applies to:**
- Virtual desktop infrastructure (VDI) machines
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configvdi-abovefoldlink)
diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md
index 12896138c5..2e727a1895 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Configure Windows Defender ATP client endpoints
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
Endpoints in your organization must be configured so that the Windows Defender ATP service can get sensor data from them. There are various methods and deployment tools that you can use to configure the endpoints in your organization.
diff --git a/windows/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
index 60d72976e0..d80ae65c71 100644
--- a/windows/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
@@ -24,7 +24,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink)
diff --git a/windows/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
index 343f4351d5..8e51bf936a 100644
--- a/windows/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
@@ -9,7 +9,7 @@ ms.sitesec: library
ms.pagetype: security
author: mjcaparas
localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Configure Windows Defender ATP server endpoints
@@ -20,7 +20,7 @@ ms.date: 09/05/2017
- Windows Server 2016
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configserver-abovefoldlink)
@@ -40,7 +40,7 @@ To onboard your servers to Windows Defender ATP, you’ll need to:
### Turn on Server monitoring from the Windows Defender Security Center portal
-1. In the navigation pane, select **Endpoint management** > **Server management**.
+1. In the navigation pane, select **Endpoint management** > **Servers**.
2. Click **Turn on server monitoring** and confirm that you'd like to proceed with the environment set up. When the set up completes, the **Workspace ID** and **Workspace key** fields are populated with unique values. You'll need to use these values to configure the MMA agent.
diff --git a/windows/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md
index a11b5b6701..657af8b344 100644
--- a/windows/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Pull alerts to your SIEM tools
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configuresiem-abovefoldlink)
@@ -57,8 +57,8 @@ For more information, see [Pull Windows Defender ATP alerts using REST API](pull
Topic | Description
:---|:---
[Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)| Learn about enabling the SIEM integration feature in the **Preferences setup** page in the portal so that you can use and generate the required information to configure supported SIEM tools.
-[Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)| Learn about installing the REST API Modular Input app and other configuration settings to enable Splunk to pull Windows Defender ATP alerts.
[Configure ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)| Learn about installing the HP ArcSight REST FlexConnector package and the files you need to configure ArcSight to pull Windows Defender ATP alerts.
+[Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)| Learn about installing the REST API Modular Input app and other configuration settings to enable Splunk to pull Windows Defender ATP alerts.
[Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) | Understand what data fields are exposed as part of the alerts API and how they map to the Windows Defender ATP portal.
[Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md) | Use the Client credentials OAuth 2.0 flow to pull alerts from Windows Defender ATP using REST API.
[Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md) | Address issues you might encounter when using the SIEM integration feature.
diff --git a/windows/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md
index 60e6cfaceb..d0700c0fa5 100644
--- a/windows/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Configure Splunk to pull Windows Defender ATP alerts
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configuresplunk-abovefoldlink)
diff --git a/windows/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md
index 5fafa61b0a..63ea798361 100644
--- a/windows/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Create custom alerts using the threat intelligence (TI) application program interface (API)
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-customti-abovefoldlink)
diff --git a/windows/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md
index 0c3dc01eda..34e01f4d78 100644
--- a/windows/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# View the Windows Defender Advanced Threat Protection Security operations dashboard
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-secopsdashboard-abovefoldlink)
@@ -43,7 +43,7 @@ From the **Security operations dashboard** you will see aggregated events to fac
It also has clickable tiles that give visual cues on the overall health state of your organization. Each tile opens a detailed view of the corresponding overview.
-## ATP alerts
+## Active alerts
You can view the overall number of active ATP alerts from the last 30 days in your network from the **ATP alerts** tile. Alerts are grouped into **New** and **In progress**.
@@ -54,6 +54,11 @@ For more information see, [Alerts overview](alerts-queue-windows-defender-advanc
The **Latest ATP alerts** section includes the latest active alerts in your network. Each row includes an alert severity category and a short description of the alert. Click an alert to see its detailed view, or **Alerts queue** at the top of the list to go directly to the Alerts queue. For more information see, [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) and [Alerts overview](alerts-queue-windows-defender-advanced-threat-protection.md).
+## Daily machines reporting
+The **Daily machines reporting** tile shows a bar graph that represents the number of machines reporting alerts daily in the last 30 days. Hover over individual bars on the graph to see the exact number of machines reporting in each day.
+
+
+
## Machines at risk
This tile shows you a list of machines with the highest number of active alerts. The total number of alerts for each machine is shown in a circle next to the machine name, and then further categorized by severity levels at the far end of the tile (hover over each severity bar to see its label).
@@ -64,7 +69,7 @@ Click the name of the machine to see details about that machine. For more inform
You can also click **Machines list** at the top of the tile to go directly to the **Machines list**, sorted by the number of active alerts. For more information see, [Investigate machines in the Windows Defender Advanced Threat Protection Machines list](investigate-machines-windows-defender-advanced-threat-protection.md).
## Users at risk
-The tile shows you a list of user accounts with the most active alerts. The total number of alerts for each user is shown in a circle next to the user account, and then further categorized by severity levels at the far end of the tile (hover over each severity bar to see its label).
+The tile shows you a list of user accounts with the most active alerts.
@@ -95,6 +100,8 @@ Clicking on any of these categories will navigate to the [Machines list](investi
> [!NOTE]
> The **Machines with active malware detections** tile will only appear if your endpoints are using [Windows Defender Antivirus](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product.
+
+
## Sensor health
The **Sensor health** tile provides information on the individual endpoint’s ability to provide sensor data to the Windows Defender ATP service. It reports how many machines require attention and helps you identify problematic machines.
@@ -113,10 +120,7 @@ The **Service health** tile informs you if the service is active or if there are
For more information on the service health, see [Check the Windows Defender ATP service health](service-status-windows-defender-advanced-threat-protection.md).
-## Daily machines reporting
-The **Daily machines reporting** tile shows a bar graph that represents the number of machines reporting alerts daily in the last 30 days. Hover over individual bars on the graph to see the exact number of machines reporting in each day.
-
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-secopsdashboard-belowfoldlink)
diff --git a/windows/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md
index 6f7eed13ef..17f7fa36ee 100644
--- a/windows/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Windows Defender ATP data storage and privacy
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
This section covers some of the most frequently asked questions regarding privacy and data handling for Windows Defender ATP.
> [!NOTE]
diff --git a/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md
index 0f7c42f24e..e35be7bc63 100644
--- a/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Windows Defender compatibility
@@ -24,7 +24,7 @@ ms.date: 09/05/2017
- Windows Defender
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-defendercompat-abovefoldlink)
diff --git a/windows/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md
index 4e98e3b3b4..1893d4aeea 100644
--- a/windows/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Enable the custom threat intelligence API in Windows Defender ATP
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-enablecustomti-abovefoldlink)
diff --git a/windows/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md
index a95a52eb1d..9a6a327429 100644
--- a/windows/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Enable Security Analytics security controls
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
Set the baselines for calculating the score of Windows Defender security controls on the Security Analytics dashboard. If you use third-party solutions, consider excluding the corresponding controls from the calculations.
diff --git a/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md
index b34a43be0e..237d8c2a56 100644
--- a/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Enable SIEM integration in Windows Defender ATP
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-enablesiem-abovefoldlink)
@@ -56,7 +56,7 @@ You can now proceed with configuring your SIEM solution or connecting to the ale
## Related topics
- [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
-- [Configure ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
+- [Configure HP ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
- [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md
index f23dc99857..1f4a5344b8 100644
--- a/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
@@ -25,7 +25,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/library/aa745633(v=bts.10).aspx) on individual endpoints.
diff --git a/windows/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md
index 6085998914..b196a3f4fa 100644
--- a/windows/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Experiment with custom threat intelligence (TI) alerts
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-experimentcustomti-abovefoldlink)
diff --git a/windows/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md
index 73a2c6b1c7..8ee8c7f559 100644
--- a/windows/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Use the Windows Defender ATP exposed APIs
diff --git a/windows/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md
index cd1e27c74b..770e413442 100644
--- a/windows/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Find machine information by interal IP
diff --git a/windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
index 07eef0d4b5..2637d2528e 100644
--- a/windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Fix unhealthy sensors in Windows Defender ATP
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-fixsensor-abovefoldlink)
diff --git a/windows/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md
index 2a702cecc7..e096e90a23 100644
--- a/windows/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Update general Windows Defender ATP settings
@@ -22,7 +22,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-gensettings-abovefoldlink)
diff --git a/windows/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md
index b5745d86a0..9920dd76bc 100644
--- a/windows/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Get actor information
diff --git a/windows/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md
index d22c9702da..5789d02bfa 100644
--- a/windows/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Get actor related alerts
diff --git a/windows/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md
index 5a3baedc8a..b134792b71 100644
--- a/windows/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Get alert information by ID
diff --git a/windows/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md
index 8727105bd0..298732bdd3 100644
--- a/windows/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Get alert related actor information
diff --git a/windows/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md
index d22d6043a1..4aff86fc8e 100644
--- a/windows/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Get alert related domain information
diff --git a/windows/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md
index 7020f3ddb1..0caa3eb0fa 100644
--- a/windows/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Get alert related files information
diff --git a/windows/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md
index 83ff265f9a..f381d54582 100644
--- a/windows/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Get alert related IP information
diff --git a/windows/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md
index 1051f8e032..5b7faaa789 100644
--- a/windows/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Get alert related machine information
diff --git a/windows/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md
index 008f657eb7..6676824c44 100644
--- a/windows/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Get alert related user information
diff --git a/windows/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md
index 27cbaabe0a..8f77b172b9 100644
--- a/windows/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Get alerts
diff --git a/windows/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md
index 4ade44c5d8..1d9c9340f2 100644
--- a/windows/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Get domain related alerts
diff --git a/windows/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md
index 630af76023..395a145017 100644
--- a/windows/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Get domain related machines
diff --git a/windows/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md
index 168ba45b95..d32758960c 100644
--- a/windows/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Get domain statistics
diff --git a/windows/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md
index bf5224ea2c..e8124fcdaa 100644
--- a/windows/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Get file information
diff --git a/windows/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md
index 0bc15888fe..0055fa9420 100644
--- a/windows/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Get file related alerts
diff --git a/windows/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md
index 0dd8cbb37e..7eff513d50 100644
--- a/windows/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Get file related machines
diff --git a/windows/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md
index cf4bdfb5bb..7ea388e1a0 100644
--- a/windows/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Get file statistics
diff --git a/windows/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md
index cc3eaf628c..e98f575d57 100644
--- a/windows/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Get IP related alerts
diff --git a/windows/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md
index 5a3164c261..69e883df58 100644
--- a/windows/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Get IP related machines
diff --git a/windows/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md
index 077f8220bb..a5f398316d 100644
--- a/windows/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Get IP statistics
diff --git a/windows/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md
index eefe82c97b..68308e5936 100644
--- a/windows/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Get machine by ID
diff --git a/windows/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md
index 837fece398..c973e3b688 100644
--- a/windows/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Get machine log on users
diff --git a/windows/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md
index 0afb16bf58..92fc5fc946 100644
--- a/windows/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Get machine related alerts
diff --git a/windows/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md
index 7674740001..c3006c0f0b 100644
--- a/windows/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Get machines
diff --git a/windows/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md
index cf588557dc..77b3f3d49b 100644
--- a/windows/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Get user information
diff --git a/windows/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md
index 88cc381aaf..84eb273e6d 100644
--- a/windows/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Get user related alerts
diff --git a/windows/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md
index 46b715810b..3ac3929e17 100644
--- a/windows/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Get user related machines
diff --git a/windows/threat-protection/windows-defender-atp/images/alerts-q-bulk.png b/windows/threat-protection/windows-defender-atp/images/alerts-q-bulk.png
index 22be821960..6849bcd582 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/alerts-q-bulk.png and b/windows/threat-protection/windows-defender-atp/images/alerts-q-bulk.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/analysis-results.png b/windows/threat-protection/windows-defender-atp/images/analysis-results.png
index 4d2afd09eb..7623d10e93 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/analysis-results.png and b/windows/threat-protection/windows-defender-atp/images/analysis-results.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-alert-details.png b/windows/threat-protection/windows-defender-atp/images/atp-alert-details.png
index 238b7e880b..d3f3d68920 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-alert-details.png and b/windows/threat-protection/windows-defender-atp/images/atp-alert-details.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-alert-mgt-pane.png b/windows/threat-protection/windows-defender-atp/images/atp-alert-mgt-pane.png
index 33cb7862f6..cb4a38b529 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-alert-mgt-pane.png and b/windows/threat-protection/windows-defender-atp/images/atp-alert-mgt-pane.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-alert-page.png b/windows/threat-protection/windows-defender-atp/images/atp-alert-page.png
index 2f834e986c..a077b3eaef 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-alert-page.png and b/windows/threat-protection/windows-defender-atp/images/atp-alert-page.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-alert-process-tree.png b/windows/threat-protection/windows-defender-atp/images/atp-alert-process-tree.png
index 4dfdc73f8c..b6ff98567a 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-alert-process-tree.png and b/windows/threat-protection/windows-defender-atp/images/atp-alert-process-tree.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-alert-status.png b/windows/threat-protection/windows-defender-atp/images/atp-alert-status.png
index bc0275c622..c19d6ac3ab 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-alert-status.png and b/windows/threat-protection/windows-defender-atp/images/atp-alert-status.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-alert-timeline.png b/windows/threat-protection/windows-defender-atp/images/atp-alert-timeline.png
index 9745627e88..12537a9efb 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-alert-timeline.png and b/windows/threat-protection/windows-defender-atp/images/atp-alert-timeline.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-alerts-queue-user.png b/windows/threat-protection/windows-defender-atp/images/atp-alerts-queue-user.png
index 61ff260c38..d1c0c571f4 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-alerts-queue-user.png and b/windows/threat-protection/windows-defender-atp/images/atp-alerts-queue-user.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-alerts-selected.png b/windows/threat-protection/windows-defender-atp/images/atp-alerts-selected.png
index 8cf482904e..e644d84f5c 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-alerts-selected.png and b/windows/threat-protection/windows-defender-atp/images/atp-alerts-selected.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-alertsq2.png b/windows/threat-protection/windows-defender-atp/images/atp-alertsq2.png
index 2b0253847e..811e554851 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-alertsq2.png and b/windows/threat-protection/windows-defender-atp/images/atp-alertsq2.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-azure-api-access.png b/windows/threat-protection/windows-defender-atp/images/atp-azure-api-access.png
index 31a49811ec..99a4f4137c 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-azure-api-access.png and b/windows/threat-protection/windows-defender-atp/images/atp-azure-api-access.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-azure-create.png b/windows/threat-protection/windows-defender-atp/images/atp-azure-create.png
index a222f09880..8687fd302e 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-azure-create.png and b/windows/threat-protection/windows-defender-atp/images/atp-azure-create.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-azure-intune-create-profile.png b/windows/threat-protection/windows-defender-atp/images/atp-azure-intune-create-profile.png
index 7bb3ec3bb5..50f90d86d2 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-azure-intune-create-profile.png and b/windows/threat-protection/windows-defender-atp/images/atp-azure-intune-create-profile.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-azure-new-app.png b/windows/threat-protection/windows-defender-atp/images/atp-azure-new-app.png
index effefd5424..a4a07d3b92 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-azure-new-app.png and b/windows/threat-protection/windows-defender-atp/images/atp-azure-new-app.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-azure-required-permissions.png b/windows/threat-protection/windows-defender-atp/images/atp-azure-required-permissions.png
index ce3d0672a6..7cc6a7fb57 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-azure-required-permissions.png and b/windows/threat-protection/windows-defender-atp/images/atp-azure-required-permissions.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-azure-select-permissions.png b/windows/threat-protection/windows-defender-atp/images/atp-azure-select-permissions.png
index 5aa454b9c8..47161ff880 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-azure-select-permissions.png and b/windows/threat-protection/windows-defender-atp/images/atp-azure-select-permissions.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-azure-ui-user-access.png b/windows/threat-protection/windows-defender-atp/images/atp-azure-ui-user-access.png
index f62d84df10..697cee2833 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-azure-ui-user-access.png and b/windows/threat-protection/windows-defender-atp/images/atp-azure-ui-user-access.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-create-dashboard.png b/windows/threat-protection/windows-defender-atp/images/atp-create-dashboard.png
index 5a04cb5fd5..0797d7527e 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-create-dashboard.png and b/windows/threat-protection/windows-defender-atp/images/atp-create-dashboard.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-custom-oma-uri.png b/windows/threat-protection/windows-defender-atp/images/atp-custom-oma-uri.png
index 614424a2ae..ab99d084ff 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-custom-oma-uri.png and b/windows/threat-protection/windows-defender-atp/images/atp-custom-oma-uri.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-download-connector.png b/windows/threat-protection/windows-defender-atp/images/atp-download-connector.png
index 8166caf6ae..5c6fbe3a1f 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-download-connector.png and b/windows/threat-protection/windows-defender-atp/images/atp-download-connector.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-intune-add-oma.png b/windows/threat-protection/windows-defender-atp/images/atp-intune-add-oma.png
index 87586e7bd2..16095237a4 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-intune-add-oma.png and b/windows/threat-protection/windows-defender-atp/images/atp-intune-add-oma.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-intune-deploy-policy.png b/windows/threat-protection/windows-defender-atp/images/atp-intune-deploy-policy.png
index a4f155428d..f28ceec416 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-intune-deploy-policy.png and b/windows/threat-protection/windows-defender-atp/images/atp-intune-deploy-policy.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-intune-group.png b/windows/threat-protection/windows-defender-atp/images/atp-intune-group.png
index 345a260612..75da475049 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-intune-group.png and b/windows/threat-protection/windows-defender-atp/images/atp-intune-group.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-intune-manage-deployment.png b/windows/threat-protection/windows-defender-atp/images/atp-intune-manage-deployment.png
index 450cb83369..a6c5642c37 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-intune-manage-deployment.png and b/windows/threat-protection/windows-defender-atp/images/atp-intune-manage-deployment.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-intune-policy-name.png b/windows/threat-protection/windows-defender-atp/images/atp-intune-policy-name.png
index b45b2c5211..f8069cc4f7 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-intune-policy-name.png and b/windows/threat-protection/windows-defender-atp/images/atp-intune-policy-name.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-intune-save-policy.png b/windows/threat-protection/windows-defender-atp/images/atp-intune-save-policy.png
index b4adb7c064..d0276f1df5 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-intune-save-policy.png and b/windows/threat-protection/windows-defender-atp/images/atp-intune-save-policy.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machine-details-view.png b/windows/threat-protection/windows-defender-atp/images/atp-machine-details-view.png
index 3d9b39c0f9..674f388e5d 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-machine-details-view.png and b/windows/threat-protection/windows-defender-atp/images/atp-machine-details-view.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-details-panel.png b/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-details-panel.png
index 0c7f50581f..1d0a60dc13 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-details-panel.png and b/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-details-panel.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-export.png b/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-export.png
index c90cef7b32..80fc5d0f56 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-export.png and b/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-export.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-filter.png b/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-filter.png
index 51e693533e..752b6c0426 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-filter.png and b/windows/threat-protection/windows-defender-atp/images/atp-machine-timeline-filter.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machines-list-view.png b/windows/threat-protection/windows-defender-atp/images/atp-machines-list-view.png
index 7c10c6b14f..3c1c653dd1 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-machines-list-view.png and b/windows/threat-protection/windows-defender-atp/images/atp-machines-list-view.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-mapping5.png b/windows/threat-protection/windows-defender-atp/images/atp-mapping5.png
index 405fbaf384..9279e1eb89 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-mapping5.png and b/windows/threat-protection/windows-defender-atp/images/atp-mapping5.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-mapping6.png b/windows/threat-protection/windows-defender-atp/images/atp-mapping6.png
index 2681a11815..7c56b48153 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-mapping6.png and b/windows/threat-protection/windows-defender-atp/images/atp-mapping6.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-mapping7.png b/windows/threat-protection/windows-defender-atp/images/atp-mapping7.png
index e46a8edac4..8e5589a6ca 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-mapping7.png and b/windows/threat-protection/windows-defender-atp/images/atp-mapping7.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-mdm-onboarding-package.png b/windows/threat-protection/windows-defender-atp/images/atp-mdm-onboarding-package.png
index b97c524a43..468deeecad 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-mdm-onboarding-package.png and b/windows/threat-protection/windows-defender-atp/images/atp-mdm-onboarding-package.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-oma-uri-values.png b/windows/threat-protection/windows-defender-atp/images/atp-oma-uri-values.png
index bad96b9438..e3f49da272 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-oma-uri-values.png and b/windows/threat-protection/windows-defender-atp/images/atp-oma-uri-values.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-powerbi-navigator.png b/windows/threat-protection/windows-defender-atp/images/atp-powerbi-navigator.png
index 2061e53383..2c2c75ac33 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-powerbi-navigator.png and b/windows/threat-protection/windows-defender-atp/images/atp-powerbi-navigator.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-preferences-setup.png b/windows/threat-protection/windows-defender-atp/images/atp-preferences-setup.png
index bf67591f66..44c06d3b66 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-preferences-setup.png and b/windows/threat-protection/windows-defender-atp/images/atp-preferences-setup.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-save-tag.png b/windows/threat-protection/windows-defender-atp/images/atp-save-tag.png
index 47cedd37ae..fa8cd7b575 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-save-tag.png and b/windows/threat-protection/windows-defender-atp/images/atp-save-tag.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-siem-integration.png b/windows/threat-protection/windows-defender-atp/images/atp-siem-integration.png
index 0205980406..493b64b828 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-siem-integration.png and b/windows/threat-protection/windows-defender-atp/images/atp-siem-integration.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping13.png b/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping13.png
index 7aa79c89b8..7a8d78a19e 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping13.png and b/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping13.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping3.png b/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping3.png
index 191941085d..4891cca8d7 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping3.png and b/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping3.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping4.png b/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping4.png
index ebc702179f..7d984e8eb0 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping4.png and b/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping4.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-stop-quarantine.png b/windows/threat-protection/windows-defender-atp/images/atp-stop-quarantine.png
index e1d37a4f65..b2ae248d35 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-stop-quarantine.png and b/windows/threat-protection/windows-defender-atp/images/atp-stop-quarantine.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-threat-intel-api.png b/windows/threat-protection/windows-defender-atp/images/atp-threat-intel-api.png
index ef6720b29e..3eece11ebd 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-threat-intel-api.png and b/windows/threat-protection/windows-defender-atp/images/atp-threat-intel-api.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-user-details.png b/windows/threat-protection/windows-defender-atp/images/atp-user-details.png
index 1d852999b9..4a7a82d003 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-user-details.png and b/windows/threat-protection/windows-defender-atp/images/atp-user-details.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/sccm-deployment.png b/windows/threat-protection/windows-defender-atp/images/sccm-deployment.png
index 99d9b858d8..6b25ca200c 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/sccm-deployment.png and b/windows/threat-protection/windows-defender-atp/images/sccm-deployment.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/submit-file.png b/windows/threat-protection/windows-defender-atp/images/submit-file.png
index 9240eccabf..309fd3074c 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/submit-file.png and b/windows/threat-protection/windows-defender-atp/images/submit-file.png differ
diff --git a/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md
index c743b8f2cb..804852f8a8 100644
--- a/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Investigate Windows Defender Advanced Threat Protection alerts
@@ -19,11 +19,15 @@ ms.date: 09/05/2017
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatealerts-abovefoldlink)
-Investigate alerts that are affecting your network, what they mean, and how to resolve them. Use the alert details view to see various tiles that provide information about alerts. You can also manage an alert and see alert metadata along with other information that can help you make better decisions on how to approach them.
+Investigate alerts that are affecting your network, what they mean, and how to resolve them.
+
+Click an alert to see the alert details view and the various tiles that provide information about the alert.
+
+You can also manage an alert and see alert metadata along with other information that can help you make better decisions on how to approach them.
diff --git a/windows/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md
index e7a73b2f71..e92155911a 100644
--- a/windows/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Investigate a domain associated with a Windows Defender ATP alert
@@ -22,24 +22,32 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatedomain-abovefoldlink)
Investigate a domain to see if machines and servers in your enterprise network have been communicating with a known malicious domain.
+You can investigate a domain by using the search feature or by clicking on a domain link from the **Machine timeline**.
+
You can see information from the following sections in the URL view:
-- URL details
+- URL details, Contacts, Nameservers
+- Alerts related to this URL
- URL in organization
-- Prevalence in organization
-- Communication with URL from organization
+- Most recent observed machines with URL
-The URL address details section shows attributes of the URL such as its contacts and nameservers.
+## URL Worldwide
+The URL details, contacts, and nameservers sections display various attributes about the URL.
+## Alerts related to this URL
+The **Alerts related to this URL** section provides a list of alerts that are associated with the URL.
+
+## URL in organization
The **URL in organization** section provides details on the prevalence of the URL in the organization.
-The **Communication with URL in organization** section provides a chronological view on the events and associated alerts that were observed on the URL.
+## Most recent observed machinew with URL
+The **Most recent observed machinew with URL** section provides a chronological view on the events and associated alerts that were observed on the URL.
**Investigate a domain:**
diff --git a/windows/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md
index e90acdfa3d..809e147a03 100644
--- a/windows/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Investigate a file associated with a Windows Defender ATP alert
@@ -22,12 +22,14 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatefiles-abovefoldlink)
Investigate the details of a file associated with a specific alert, behavior, or event to help determine if the file exhibits malicious activities, identify the attack motivation, and understand the potential scope of the breach.
+You can investigate files by using the search feature, clicking on a link from the **Alert process tree**, **Incident graph**, **Artifact timeline**, or from an event listed in the **Machine timeline**.
+
You can get information from the following sections in the file view:
- File details, Malware detection, Prevalence worldwide
diff --git a/windows/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md
index beae2f18fb..b2f993d4d2 100644
--- a/windows/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Investigate an IP address associated with a Windows Defender ATP alert
@@ -22,7 +22,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
@@ -32,15 +32,22 @@ Identifying all machines in the organization that communicated with a suspected
You can find information from the following sections in the IP address view:
-- IP address details
+- IP worldwide, Reverse DNS names
+- Alerts related to this IP
- IP in organization
-- Communication with IP from organization
+- Most recent observed machines with IP
-The IP address details section shows attributes of the IP address such as its ASN and its reverse IPs.
+## IP Worldwide and Reverse DNS names
+The IP address details section shows attributes of the IP address such as its ASN and its Reverse DNS names.
+## Alerts related to this IP
+The **Alerts related to this IP** section provides a list of alerts that are associated with the IP.
+
+## IP in organization
The **IP in organization** section provides details on the prevalence of the IP address in the organization.
-The **Communication with IP in organization** section provides a chronological view on the events and associated alerts that were observed on the IP address.
+## Most recent observed machines with IP
+The **Most recent observed machines with IP** section provides a chronological view on the events and associated alerts that were observed on the IP address.
**Investigate an external IP:**
diff --git a/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md
index d9ae0d1c13..43552b2d21 100644
--- a/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Investigate machines in the Windows Defender ATP Machines list
@@ -19,7 +19,7 @@ ms.date: 09/05/2017
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatemachines-abovefoldlink)
@@ -111,7 +111,7 @@ You can manage tags from the Actions button or by selecting a machine from the M
## Alerts related to this machine
The **Alerts related to this machine** section provides a list of alerts that are associated with the machine. You can also manage alerts from this section by clicking the circle icons to the left of the alert (or using Ctrl or Shift + click to select multiple alerts).
-This list is a filtered version of the [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows the date when the alert's last activity was detected, a short description of the alert, the user account associated with the alert, the alert's severity, the alert's status in the queue, and who is addressing the alert. You'll also see a list of displayed alerts and you'll be able to quickly know the total number of alerts on the machine.
+This list is a filtered version of the [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows the date when the alert's last activity was detected, a short description of the alert, the user account associated with the alert, the alert's severity, the alert's status in the queue, and who is addressing the alert.
You can also choose to highlight an alert from the **Alerts related to this machine** or from the **Machine timeline** section to see the correlation between the alert and its related events on the machine by right-clicking on the alert and selecting **Select and mark events**. This highlights the alert and its related events and helps distinguish them from other alerts and events appearing in the timeline. Highlighted events are displayed in all information levels whether you choose to view the timeline by **Detections**, **Behaviors**, or **Verbose**.
diff --git a/windows/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md
index 1b36dc7c3c..a23a1b8c1c 100644
--- a/windows/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Investigate a user account in Windows Defender ATP
@@ -22,7 +22,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatgeuser-abovefoldlink)
diff --git a/windows/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md
index 5d32e4419b..f5d740c1f2 100644
--- a/windows/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Is domain seen in org
diff --git a/windows/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md
index 9dfc6cd763..04d0ad5900 100644
--- a/windows/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Is IP seen in org
diff --git a/windows/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md
index 414ba7c045..02ed4731ee 100644
--- a/windows/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md
@@ -22,7 +22,6 @@ ms.date: 09/10/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-validatelicense-abovefoldlink)
diff --git a/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md
index 205494624b..68e00fed1d 100644
--- a/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# View and organize the Windows Defender ATP Machines list
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-machinesview-abovefoldlink)
diff --git a/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
index 21c56a7475..713b6e43f7 100644
--- a/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Manage Windows Defender Advanced Threat Protection alerts
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-managealerts-abovefoldlink)
diff --git a/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
index 6f4ca6d581..e389fe6cf4 100644
--- a/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Minimum requirements for Windows Defender ATP
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
There are some minimum requirements for onboarding your network and endpoints.
@@ -63,7 +63,7 @@ Endpoints on your network must be running one of these editions.
The hardware requirements for Windows Defender ATP on endpoints is the same as those for the supported editions.
> [!NOTE]
-> Endpoints that are running Windows Server and mobile versions of Windows are not supported.
+> Endpoints that are running mobile versions of Windows are not supported.
#### Internet connectivity
Internet connectivity on endpoints is required.
diff --git a/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
index 358f434974..68514478d8 100644
--- a/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Onboard and set up Windows Defender Advanced Threat Protection
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
diff --git a/windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
index ac5a0f7173..e4f57cb105 100644
--- a/windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: DulceMV
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Windows Defender Advanced Threat Protection portal overview
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
@@ -40,8 +40,8 @@ When you open the portal, you’ll see the main areas of the application:
- (1) Navigation pane
-- (2) Main portal Search
-- (3) Feedback, Settings, Help and support
+- (2) Main portal
+- (3) Search, Feedback, Settings, Help and support
> [!NOTE]
> Malware related detections will only appear if your endpoints are using [Windows Defender Antivirus](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product.
@@ -50,15 +50,15 @@ You can navigate through the portal using the menu options available in all sect
Area | Description
:---|:---
-(1) Search bar, Feedback, Settings, Help and support | **Search** - Provides access to the search bar where you can search for file, IP, machine, URL, and user. Displays the Search box: the drop-down list allows you to select the entity type and then enter the search query text. **Feedback** -Access the feedback button to provide comments about the portal. **Settings** - Gives you access to the configuration settings where you can set time zones and view license information. **Help and support** - Gives you access to the Windows Defender ATP guide, Microsoft support, and Premier support.
-(2) Navigation pane | Use the navigation pane to move between the **Dashboards**, **Alerts queue**, **Machines list**, **Service health**, **Preferences setup**, and **Endpoint management**.
+(1) Navigation pane | Use the navigation pane to move between the **Dashboards**, **Alerts queue**, **Machines list**, **Service health**, **Preferences setup**, and **Endpoint management**.
**Dashboards** | Enables you to view the Security operations or the Security analytics dashboard.
**Alerts queue** | Enables you to view separate queues of new, in progress, resolved alerts, alerts assigned to you, and suppression rules.
**Machines list** | Displays the list of machines that are onboarded to Windows Defender ATP, some information about them, and the corresponding number of alerts.
**Service health** | Provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues.
-**Preferences setup** | Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set email notifications, activate the preview experience, enable or turn off advanced features, and build Power BI reports.
-**Endpoint management** | Allows you to download the onboarding configuration package. It provides access to endpoint offboarding.
-(3) Main portal| Main area where you will see the different views such as the Dashboards, Alerts queue, and Machines list.
+**Preferences setup** | Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set other configuration settings such as email notifications, activate the preview experience, enable or turn off advanced features, SIEM integration, threat intel API, build Power BI reports, and set baselines for the Security analytics dashboard.
+**Endpoint management** | Provides access to endpoints such as clients and servers. Allows you to download the onboarding configuration package for endpoints. It also provides access to endpoint offboarding.
+(2) Main portal| Main area where you will see the different views such as the Dashboards, Alerts queue, and Machines list.
+(3) Search bar, Feedback, Settings, Help and support | **Search** - Provides access to the search bar where you can search for file, IP, machine, URL, and user. Displays the Search box: the drop-down list allows you to select the entity type and then enter the search query text. **Feedback** - Access the feedback button to provide comments about the portal. **Settings** - Gives you access to the configuration settings where you can set time zones and view license information. **Help and support** - Gives you access to the Windows Defender ATP guide, Microsoft support, and Premier support.
## Windows Defender ATP icons
The following table provides information on the icons used all throughout the portal:
diff --git a/windows/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md
index 705ff8da95..f025daa7f6 100644
--- a/windows/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md
@@ -9,7 +9,7 @@ ms.sitesec: library
ms.pagetype: security
author: mjcaparas
localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Create and build Power BI reports using Windows Defender ATP data
@@ -21,7 +21,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-powerbireports-abovefoldlink)
diff --git a/windows/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md
index c1070db950..6f6ffb301b 100644
--- a/windows/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# PowerShell code examples for the custom threat intelligence API
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
This article provides PowerShell code examples for using the custom threat intelligence API.
diff --git a/windows/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md
index 504d423fd0..8da98842db 100644
--- a/windows/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Configure Windows Defender ATP preferences settings
@@ -22,7 +22,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-prefsettings-abovefoldlink)
diff --git a/windows/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md
index 1c08c4225a..6cb826c966 100644
--- a/windows/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Turn on the preview experience in Windows Defender ATP
@@ -22,13 +22,17 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-previewsettings-abovefoldlink)
Turn on the preview experience setting to be among the first to try upcoming features.
1. In the navigation pane, select **Preferences setup** > **Preview experience**.
+
+ 
+
+
2. Toggle the setting between **On** and **Off** and select **Save preferences**.
## Related topics
diff --git a/windows/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
index 3dfbb8db03..c727d8143d 100644
--- a/windows/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Windows Defender ATP preview features
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
The Windows Defender ATP service is constantly being updated to include new feature enhancements and capabilities.
@@ -42,33 +42,7 @@ Turn on the preview experience setting to be among the first to try upcoming fea
2. Toggle the setting between **On** and **Off** and select **Save preferences**.
## Preview features
-The following features are included in the preview release:
-
-- [Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
-You can now onboard VDI machines to the Windows Defender ATP service.
-
-- [Configure server endpoints](configure-server-endpoints-windows-defender-advanced-threat-protection.md)
-Windows Defender ATP supports the onboarding of the following servers:
- - Windows Server 2012 R2
- - Windows Server 2016
-
-- [View the Windows Defender ATP Security analytics dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md)
-The Security Analytics dashboard expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place.
-
-- [Restrict app execution](respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution)
-You can lock down a device and prevent subsequent attempts of potentially malicious programs from running.
-
-- [Run Windows Defender Antivirus scan on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines)
-As part of the investigation or response process, you can remotely initiate an antivirus scan to help identify and remediate malware that might be present on a compromised machine.
-
-- [Manage machine group and tags](investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags)
-Machine group and tags support proper mapping of the network, enabling you to attach different tags to machines to capture context and to enable dynamic groups creation as part of an incident.
-
-- [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
-Windows Defender ATP supports the use of Power BI data connectors to enable you to connect and access Windows Defender ATP data using Microsoft Graph.
-
-- [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md)
- Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you, to automate workflows and innovate based on Windows Defender ATP capabilities.
+There are currently no preview features.
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-preview-belowfoldlink)
diff --git a/windows/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
index 8a7b308e76..3b35025ce9 100644
--- a/windows/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Pull Windows Defender ATP alerts using REST API
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-pullalerts-abovefoldlink)
@@ -196,7 +196,7 @@ HTTP error code | Description
## Related topics
- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
-- [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
- [Configure ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
+- [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
- [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md
index 222900d1ef..0ca06b1365 100644
--- a/windows/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Python code examples for the custom threat intelligence API
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
## Before you begin
You must [install](http://docs.python-requests.org/en/master/user/install/#install) the "[requests](http://docs.python-requests.org/en/master/)" python library.
diff --git a/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
index 5f18a842a7..10734a86ca 100644
--- a/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Take response actions on a file
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-responddile-abovefoldlink)
@@ -77,7 +77,7 @@ In the machine timeline, a new event is added for each machine where a file was
For prevalent files in the organization, a warning is shown before an action is implemented to validate that the operation is intended.
-### Remove file from quarantine
+## Remove file from quarantine
You can roll back and remove a file from quarantine if you’ve determined that it’s clean after an investigation. Run the following command on each machine where the file was quarantined.
1. Open an elevated command–line prompt on the endpoint:
@@ -136,7 +136,7 @@ When a file is being blocked on the endpoint, the following notification is disp
For prevalent files in the organization, a warning is shown before an action is implemented to validate that the operation is intended.
-### Remove file from blocked list
+## Remove file from blocked list
1. Select the file you want to remove from the blocked list. You can select a file from any of the following views or use the Search box:
- **Alerts** - Click the file links from the Description or Details in the Artifact timeline
@@ -189,7 +189,7 @@ When the sample is collected, Windows Defender ATP runs the file in is a secure
- Search box - select **File** from the drop–down menu and enter the file name
2. In the **Deep analysis** section of the file view, click **Submit**.
-
+ 
>**Note** Only PE files are supported, including _.exe_ and _.dll_ files
@@ -202,10 +202,10 @@ A progress bar is displayed and provides information on the different stages of
View the deep analysis report that Windows Defender ATP provides to see the details of the deep analysis that was conducted on the file you submitted. This feature is available in the file view context.
-You can view the comprehensive report that provides details on:
+You can view the comprehensive report that provides details on the following sections:
-– Observed behaviors
-– Associated artifacts
+- Behaviors
+- Observables
The details provided can help you investigate if there are indications of a potential attack.
@@ -213,9 +213,9 @@ The details provided can help you investigate if there are indications of a pote
1. Select the file you submitted for deep analysis.
2. Click **See the report below**. Information on the analysis is displayed.
-
+ 
-### Troubleshooting deep analysis
+### Troubleshoot deep analysis
If you encounter a problem when trying to submit a file, try each of the following troubleshooting steps.
diff --git a/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md
index 0aa55c8947..ffd0412eb8 100644
--- a/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Take response actions on a machine
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-respondmachine-abovefoldlink)
diff --git a/windows/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md
index 095581b550..6f30bcb438 100644
--- a/windows/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Take response actions in Windows Defender ATP
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-responseactions-abovefoldlink)
diff --git a/windows/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md
index 8baf528def..7eaf489912 100644
--- a/windows/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md
@@ -9,7 +9,7 @@ ms.sitesec: library
ms.pagetype: security
author: mjcaparas
localizationpriority: high
-ms.date: 10/02/2017
+ms.date: 10/17/2017
---
# View the Windows Defender Advanced Threat Protection Security analytics dashboard
@@ -22,7 +22,7 @@ ms.date: 10/02/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-sadashboard-abovefoldlink)
@@ -179,7 +179,7 @@ Block Win32 imports from Macro code in Office | 92E97FA1-2EDF-4476-BDD6-9DD0B4DD
##### Controlled Folder Access
-The Controlled Folder Access setting must be configured to **Audit** or **Block mode**.
+The Controlled Folder Access setting must be configured to **Audit mode** or **Enabled**.
>[!NOTE]
> Audit mode, allows you to see audit events in the Windows Defender ATP Machine timeline however it does not block suspicious applications.
diff --git a/windows/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md
index 64db7e6e2b..d378143d10 100644
--- a/windows/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Check the Windows Defender Advanced Threat Protection service health
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-servicestatus-abovefoldlink)
@@ -57,4 +57,4 @@ When an issue is resolved, it gets recorded in the **Status history** tab.
The **Status history** tab reflects all the historical issues that were seen and resolved. You'll see details of the resolved issues along with the other information that were included while it was being resolved.
### Related topic
-- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
+- [View the Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md
index 51307867de..3a6898510d 100644
--- a/windows/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: DulceMV
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Windows Defender Advanced Threat Protection settings
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-settings-abovefoldlink)
diff --git a/windows/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md
index 04e81e2885..21a0c08e76 100644
--- a/windows/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Supported Windows Defender ATP APIs
diff --git a/windows/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md
index 1a8543fe50..b314b0c51e 100644
--- a/windows/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Understand threat intelligence concepts
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-threatindicator-abovefoldlink)
diff --git a/windows/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md
index 109ede1a84..de19af3792 100644
--- a/windows/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Troubleshoot custom threat intelligence issues
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
You might need to troubleshoot issues while using the custom threat intelligence feature.
diff --git a/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md
index 6bfdddc1a8..10a3c85cee 100644
--- a/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md
@@ -13,7 +13,7 @@ ms.localizationpriority: high
ms.date: 09/10/2017
---
-## Troubleshoot onboarding and error messages
+# Troubleshoot onboarding and error messages
**Applies to:**
@@ -23,7 +23,6 @@ ms.date: 09/10/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-troublshootonboarding-abovefoldlink)
diff --git a/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
index 9fbbf9f078..6cadefb400 100644
--- a/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Troubleshoot Windows Defender Advanced Threat Protection onboarding issues
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
You might need to troubleshoot the Windows Defender ATP onboarding process if you encounter issues.
This page provides detailed steps to troubleshoot onboarding issues that might occur when deploying with one of the deployment tools and common errors that might occur on the endpoints.
@@ -90,12 +90,13 @@ If none of the event logs and troubleshooting steps work, download the Local scr
**Microsoft Intune error codes and OMA-URIs**:
+
Error Code Hex | Error Code Dec | Error Description | OMA-URI | Possible cause and troubleshooting steps
:---|:---|:---|:---|:---
0x87D1FDE8 | -2016281112 | Remediation failed | Onboarding
Offboarding | **Possible cause:** Onboarding or offboarding failed on a wrong blob: wrong signature or missing PreviousOrgIds fields.
**Troubleshooting steps:**
Check the event IDs in the [View agent onboarding errors in the endpoint event log](#view-agent-onboarding-errors-in-the-endpoint-event-log) section.
Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/library/windows/hardware/mt632120%28v=vs.85%29.aspx).
- | | | Onboarding
Offboarding
SampleSharing | **Possible cause:** Windows Defender ATP Policy registry key does not exist or the OMA DM client doesn't have permissions to write to it.
**Troubleshooting steps:** Ensure that the following registry key exists: ```HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```.
If it doesn't exist, open an elevated command and add the key.
- | | | SenseIsRunning
OnboardingState
OrgId | **Possible cause:** An attempt to remediate by read-only property. Onboarding has failed.
**Troubleshooting steps:** Check the troubleshooting steps in [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](#troubleshoot-windows-defender-advanced-threat-protection-onboarding-issues).
Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/library/windows/hardware/mt632120%28v=vs.85%29.aspx).
- | | | All | **Possible cause:** Attempt to deploy Windows Defender ATP on non-supported SKU/Platform, particularly Holographic SKU.
Currently is supported platforms: Enterprise, Education, and Professional.
Server is not supported.
+ | | | | Onboarding
Offboarding
SampleSharing | **Possible cause:** Windows Defender ATP Policy registry key does not exist or the OMA DM client doesn't have permissions to write to it.
**Troubleshooting steps:** Ensure that the following registry key exists: ```HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```
If it doesn't exist, open an elevated command and add the key.
+ | | | | SenseIsRunning
OnboardingState
OrgId | **Possible cause:** An attempt to remediate by read-only property. Onboarding has failed.
**Troubleshooting steps:** Check the troubleshooting steps in [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](#troubleshoot-windows-defender-advanced-threat-protection-onboarding-issues).
Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/library/windows/hardware/mt632120%28v=vs.85%29.aspx).
+ || | | All | **Possible cause:** Attempt to deploy Windows Defender ATP on non-supported SKU/Platform, particularly Holographic SKU.
Currently is supported platforms: Enterprise, Education, and Professional.
Server is not supported.
0x87D101A9 | -2016345687 |Syncml(425): The requested command failed because the sender does not have adequate access control permissions (ACL) on the recipient. | All | **Possible cause:** Attempt to deploy Windows Defender ATP on non-supported SKU/Platform, particularly Holographic SKU.
Currently is supported platforms: Enterprise, Education, and Professional.
diff --git a/windows/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md
index b8da894820..94458ed80b 100644
--- a/windows/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Troubleshoot SIEM tool integration issues
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
You might need to troubleshoot issues while pulling alerts in your SIEM tools.
@@ -54,7 +54,7 @@ If your client secret expires or if you've misplaced the copy provided when you
## Related topics
- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
-- [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
- [Configure ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
+- [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md
index c0885c2510..b2616e4e94 100644
--- a/windows/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Troubleshoot Windows Defender Advanced Threat Protection
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
This section addresses issues that might arise as you use the Windows Defender Advanced Threat service.
diff --git a/windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md
index ae473cd899..43f09e0864 100644
--- a/windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Use the threat intelligence API to create custom alerts
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-customti-abovefoldlink)
diff --git a/windows/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
index a0f9d4ce21..f047ce5ac2 100644
--- a/windows/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Use the Windows Defender Advanced Threat Protection portal
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-usewdatp-abovefoldlink)
diff --git a/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
index 17124a8070..18063807da 100644
--- a/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/17/2017
---
# Windows Defender Advanced Threat Protection
@@ -23,7 +23,7 @@ ms.date: 09/05/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Prerelease information](prerelease.md)]
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-main-abovefoldlink)
>
@@ -98,6 +98,7 @@ Topic | Description
[Use the Windows Defender Advanced Threat Protection portal](use-windows-defender-advanced-threat-protection.md) | Learn about the capabilities of Windows Defender ATP to help you investigate alerts that might be indicators of possible breaches in your enterprise.
[Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md) | Learn about pulling alerts from the Windows Defender ATP portal using supported security information and events management (SIEM) tools.
[Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md) | Understand threat intelligence concepts, then enable the custom threat intelligence application so that you can proceed to create custom threat intelligence alerts that are specific to your organization.
+[Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md) | Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you to automate workflows and innovate based on Windows Defender ATP capabilities.
[Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) | Understand the security status of your organization, including the status of machines, alerts, and investigations using the Windows Defender ATP reporting feature that integrates with Power BI.
[Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md) | Check the sensor health state on endpoints to verify that they are providing sensor data and communicating with the Windows Defender ATP service.
[Configure Windows Defender ATP preferences settings](preferences-setup-windows-defender-advanced-threat-protection.md) | Use the Preferences setup menu to modify general settings, advanced features, enable the preview experience, email notifications, and the custom threat intelligence feature.