diff --git a/windows/security/information-protection/TOC.md b/windows/security/information-protection/TOC.md
index 00aaec6903..2853e95b50 100644
--- a/windows/security/information-protection/TOC.md
+++ b/windows/security/information-protection/TOC.md
@@ -30,28 +30,29 @@
 ## [Kernel DMA Protection for Thunderbolt™ 3](kernel-dma-protection-for-thunderbolt.md)
 
 ## [Protect your enterprise data using Windows Information Protection (WIP)](windows-information-protection\protect-enterprise-data-using-wip.md)
-### [Create a Windows Information Protection (WIP) policy using Microsoft Intune](windows-information-protection\overview-create-wip-policy.md)
-#### [Create a Windows Information Protection (WIP) policy using the classic console for Microsoft Intune](windows-information-protection\create-wip-policy-using-intune.md)
-##### [Deploy your Windows Information Protection (WIP) policy using the classic console for Microsoft Intune](windows-information-protection\deploy-wip-policy-using-intune.md)
-##### [Associate and deploy a VPN policy for Windows Information Protection (WIP) using the classic console for Microsoft Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune.md)
-#### [Create a Windows Information Protection (WIP) policy with MDM using the Azure portal for Microsoft Intune](windows-information-protection\create-wip-policy-using-intune-azure.md)
-##### [Deploy your Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune](windows-information-protection\deploy-wip-policy-using-intune-azure.md)
-##### [Associate and deploy a VPN policy for Windows Information Protection (WIP) using the Azure portal for Microsoft Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune-azure.md)
-#### [Create a Windows Information Protection (WIP) policy with MAM using the Azure portal for Microsoft Intune](windows-information-protection\create-wip-policy-using-mam-intune-azure.md)
-### [Create a Windows Information Protection (WIP) policy using System Center Configuration Manager](windows-information-protection\overview-create-wip-policy-sccm.md)
-#### [Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager](windows-information-protection\create-wip-policy-using-sccm.md)
-### [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](windows-information-protection\create-and-verify-an-efs-dra-certificate.md)
-### [Determine the Enterprise Context of an app running in Windows Information Protection (WIP)](windows-information-protection\wip-app-enterprise-context.md)
-### [Mandatory tasks and settings required to turn on Windows Information Protection (WIP)](windows-information-protection\mandatory-settings-for-wip.md)
-### [Testing scenarios for Windows Information Protection (WIP)](windows-information-protection\testing-scenarios-for-wip.md)
-### [Limitations while using Windows Information Protection (WIP)](windows-information-protection\limitations-with-wip.md)
-### [How to collect Windows Information Protection (WIP) audit event logs](windows-information-protection\collect-wip-audit-event-logs.md)
-### [General guidance and best practices for Windows Information Protection (WIP)](windows-information-protection\guidance-and-best-practices-wip.md)
-#### [Enlightened apps for use with Windows Information Protection (WIP)](windows-information-protection\enlightened-microsoft-apps-and-wip.md)
-#### [Unenlightened and enlightened app behavior while using Windows Information Protection (WIP)](windows-information-protection\app-behavior-with-wip.md)
-#### [Recommended Enterprise Cloud Resources and Neutral Resources network settings with Windows Information Protection (WIP)](windows-information-protection\recommended-network-definitions-for-wip.md)
-#### [Using Outlook Web Access with Windows Information Protection (WIP)](windows-information-protection\using-owa-with-wip.md)
-### [Fine-tune Windows Information Protection (WIP) with WIP Learning](windows-information-protection\wip-learning.md)
+### [Create a WIP policy using Microsoft Intune](windows-information-protection\overview-create-wip-policy.md)
+#### [Create a WIP policy using the classic console for Microsoft Intune](windows-information-protection\create-wip-policy-using-intune.md)
+##### [Deploy your WIP policy using the classic console for Microsoft Intune](windows-information-protection\deploy-wip-policy-using-intune.md)
+##### [Associate and deploy a VPN policy for WIP using the classic console for Microsoft Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune.md)
+#### [Create a WIP policy with MDM using the Azure portal for Microsoft Intune](windows-information-protection\create-wip-policy-using-intune-azure.md)
+##### [Deploy your WIP policy using the Azure portal for Microsoft Intune](windows-information-protection\deploy-wip-policy-using-intune-azure.md)
+##### [Associate and deploy a VPN policy for WIP using the Azure portal for Microsoft Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune-azure.md)
+#### [Create a WIP policy with MAM using the Azure portal for Microsoft Intune](windows-information-protection\create-wip-policy-using-mam-intune-azure.md)
+### [Create a WIP policy using System Center Configuration Manager](windows-information-protection\overview-create-wip-policy-sccm.md)
+#### [Create and deploy a WIP policy using System Center Configuration Manager](windows-information-protection\create-wip-policy-using-sccm.md)
+### [Create and verify an EFS Data Recovery Agent (DRA) certificate](windows-information-protection\create-and-verify-an-efs-dra-certificate.md)
+### [Determine the Enterprise Context of an app running in WIP](windows-information-protection\wip-app-enterprise-context.md)
+### [Mandatory tasks and settings required to turn on WIP](windows-information-protection\mandatory-settings-for-wip.md)
+### [Testing scenarios for WIP](windows-information-protection\testing-scenarios-for-wip.md)
+### [Limitations while using WIP](windows-information-protection\limitations-with-wip.md)
+### [How to collect WIP audit event logs](windows-information-protection\collect-wip-audit-event-logs.md)
+### [General guidance and best practices for WIP](windows-information-protection\guidance-and-best-practices-wip.md)
+#### [Enlightened apps for use with WIP](windows-information-protection\enlightened-microsoft-apps-and-wip.md)
+#### [Unenlightened and enlightened app behavior while using WI)](windows-information-protection\app-behavior-with-wip.md)
+#### [Recommended Enterprise Cloud Resources and Neutral Resources network settings with WIP](windows-information-protection\recommended-network-definitions-for-wip.md)
+#### [Using Outlook Web Access with WIP](windows-information-protection\using-owa-with-wip.md)
+### [Fine-tune WIP Learning](windows-information-protection\wip-learning.md)
+### [How WIP works with sensitivity labels](windows-information-protection\how-wip-works-with-labels.md)
 
 ## [Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md)
 
diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md
new file mode 100644
index 0000000000..d6e203d6de
--- /dev/null
+++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md
@@ -0,0 +1,86 @@
+---
+title: How Windows Information Protection (WIP) protects files with a sensitivity label (Windows 10)
+description: Explains how Windows Information Protection works with other Microsoft information protection technologies to protect files that have a sensitivity label.
+keywords: sensitivity, labels, WIP, Windows Information Protection, EDP, Enterprise Data Protection
+ms.prod: w10
+ms.mktglfcycl: explore
+ms.sitesec: library
+ms.pagetype: security
+author: justinha
+ms.localizationpriority: medium
+ms.date: 10/04/2018
+---
+
+# How Windows Information Protection protects files with a sensitivity label 
+
+**Applies to:**
+
+- Windows 10, version 1809
+
+This topic explains how Windows Information Protection works with other Microsoft information protection technologies to protect files that have a sensitivity label. 
+Microsoft information protection technologies work together as an integrated solution to help enterprises:
+
+- Discover corporate data on endpoint devices
+- Classify and label information based on its content and context
+- Protect corporate data from unintentionally leaving to non-business environments
+- Enable audit reports of user interactions with corporate data on endpoint devices
+
+Microsoft information protection technologies include:
+
+- [Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) is built in to Windows 10 and protects data at rest on endpoint devices, and manages apps to protect data in use.
+
+- [Office 365 Information Protection](https://docs.microsoft.com/office365/securitycompliance/office-365-info-protection-for-gdpr-overview) is a solution to classify, protect, and monitor personal data in Office 365 and other Software-as-a-Service (SaaS) apps.
+
+- [Azure Information Protection](https://docs.microsoft.com/azure/information-protection/what-is-information-protection) is a cloud-based solution that can be purchased either standalone or as part of Microsoft 365 Enterprise. It helps an organization classify and protect its documents and emails by applying labels. End users can choose and apply sensitivity labels from a bar that appears below the ribbon in Office apps:
+
+  ![Sensitivity labels](images/sensitivity-labels.png)
+
+## Default WIP behaviors for a sensitivity label
+
+Enterprises can create and manage sensitivity labels on the **Labels** page in the Office 365 Security & Compliance Center. 
+When you create a sensitivity label, you can specify that endpoint protection should apply to content with that label. 
+WIP enforces default endpoint protection depending on how the sensitivity label is configured:
+
+- When the sensitivity label is configured for endpoint protection of content that includes business data, the device enforces work protection for documents with the label
+- When the sensitivity label is *not configured* for endpoint protection, the device reverts to whatever WIP policy has been defined in Intune or System Center Configuration Manager (SCCM):
+  - If the document is downloaded from a work site, the device enforces work protection
+  - If the document is downloaded from a personal site, no work protection is applied
+
+For more information about labels, see [Overview of labels](https://docs.microsoft.com/office365/securitycompliance/labels).
+
+## Use cases 
+
+This sections covers how WIP works with sensitivity labels in specific use cases. 
+
+### User downloads from or creates a document on a work site
+
+If WIP policy is deployed, any document that is downloaded from a work site, or created on a work site, will have WIP protection regradless of whether the document has a sensitivity label.
+
+If the document also has a sensitivity label, which can be Office or PDF files, WIP protection is applied according to the label. 
+
+### User downloads a confidential Office or PDF document from a personal site 
+
+Windows Defender ATP scans for any file that gets modified or created, including files that were created on a personal site. 
+If the file has a sensitivity label, the corresponding WIP protection gets applied even though the file came from a personal site. 
+For example: 
+
+1. Sara creates a PDF file on a Mac and labels it as **Confidential**.
+2. She emails the PDF from her Gmail account to Laura.
+3. Laura opens the PDF file on her Windows 10 device. 
+4. WIP policy gets applied and the file is protected.
+
+The PDF file doesn't need any work context beyond the sensitivity label. 
+
+## Prerequisites
+
+- Windows 10, version 1809
+- [Windows Defender Advanced Threat Protection (WDATP)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) scans content for a label and applies corresponding WIP protection
+- [Sensitivity labels](https://docs.microsoft.com/office365/securitycompliance/labels) need to be configured in the Office 365 Security & Compliance Center
+- [WIP policy](create-wip-policy-using-intune-azure.md) needs to be applied to endpoint devices.
+
+
+
+
+
+
+
diff --git a/windows/security/information-protection/windows-information-protection/images/sensitivity-labels.png b/windows/security/information-protection/windows-information-protection/images/sensitivity-labels.png
new file mode 100644
index 0000000000..89a133bcbe
Binary files /dev/null and b/windows/security/information-protection/windows-information-protection/images/sensitivity-labels.png differ
diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md
index be736a9d69..7102b79096 100644
--- a/windows/security/threat-protection/index.md
+++ b/windows/security/threat-protection/index.md
@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: security
 author: dansimp
 ms.localizationpriority: medium
-ms.date: 09/07/2018
+ms.date: 10/04/2018
 ---
 
 # Threat Protection