update machines list

windows/security/threat-protection/windows-defender-atp/machines-list-endpoint-detection-response.md

@@ -1,19 +0,0 @@
----
-title: Machines list in Windows Defender Security Center
-description: View and manage the machines list in Windows Defender Security Center
-keywords: 
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: high
-ms.date: 07/01/2018
----
-
-# Machines list in Windows Defender Security Center
-Learn how you can view and manage the machines list, manage machine groups, and investigate machine related alerts. 
-
-## In this section 

windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md

@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
-ms.date: 04/24/2018
+ms.date: 09/03/2018
 ---
 
 # View and organize the Windows Defender ATP Machines list
@@ -22,44 +22,51 @@ ms.date: 04/24/2018
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-machinesview-abovefoldlink)
 
-The **Machines list** shows a list of the machines in your network, the domain of each machine, when it last reported and the local IP Address it reported on, its **Health state**, the number of active alerts on each machine categorized by alert severity level, and the number of active malware detections. This view allows viewing machines ranked by risk or sensor health state, and keeping track of all machines that are reporting sensor data in your network.
+The **Machines list** shows a list of the machines in your network where alerts were generated. By default, the queue displays machines with alerts seen in the last 30 days.  
 
-Use the Machines list in these main scenarios:
+At a glance you'll see information such as domain, risk level, OS platform, and other details. 
+
+
+There are several options you can choose from to customize the machines list view. 
+On the top navigation you can:
+- Customize columns to add or remove columns 
+- Export the entire list in CSV format
+- Select the items to show per page
+- Navigate between pages
+- Apply filters
+
+
+Use the machine list in these main scenarios:
 
 - **During onboarding**<br>
   During the onboarding process, the **Machines list** is gradually populated with machines as they begin to report sensor data. Use this view to track your onboarded endpoints as they come online. Sort and filter by time of last report, **Active malware category**, or **Sensor health state**, or download the complete endpoint list as a CSV file for offline analysis.
+    
+    >[NOTE]
+    > Exporting the list depends on the number of machines in your organization. It might take a significant amount of time to download, depending on how large your organization is.
+Exporting the list in CSV format displays the data in an unfiltered manner. The CSV file will include all machines in the organization, regardless of any filtering applied in the view itself.
+
 - **Day-to-day work** <br>
-  The **Machines list** enables easy identification of machines most at risk in a glance. High-risk machines have the greatest number and highest-severity alerts; **Sensor health state** provides another dimension to rank machines. Sorting machines by **Active alerts**, and then by **Sensor health state** helps identify the most vulnerable machines and take action on them.
+  The list enables easy identification of machines most at risk in a glance. High-risk machines have the greatest number and highest-severity alerts. Sorting machines by **Active alerts**, helps identify the most vulnerable machines and take action on them.
 
-## Sort, filter, and download the list of machines from the Machines list
-You can sort the **Machines list** by clicking on any column header to sort the view in ascending or descending order.  
 
-Filter the **Machines list** by **Time**, **OS Platform**, **Health**, **Security state**, **Malware category alerts**, **Groups**, or **Tags** to focus on certain sets of machines, according to the desired criteria.  
+![Image of machines list with list of machines](images/machines-list.png)
 
-You can also download the entire list in CSV format using the **Export to CSV** feature.
+## Sort and filter the machine list
+You can apply the following filters to limit the list of alerts and get a more focused view. 
 
-![Image of machines list with list of machines](images/atp-machines-list-view2.png)
 
-You can use the following filters to limit the list of machines displayed during an investigation:
-
-**Time period**</br>
-- 1 day
-- 3 days
-- 7 days
-- 30 days
-- 6 months
-
-**Risk level**</br>
+### Risk level
 Machine risk levels are indicators of the active threats that machines could be exposed to. A machine's risk level is determined using the number of active alerts and their severity levels. You can influence a machine's risk level by resolving associated alerts manually or automatically and also by suppressing an alert.
 
-**OS Platform**</br>
+### OS Platform
 - Windows 10
 - Windows Server 2012 R2
 - Windows Server 2016
 - Other
 
 
-**Sensor health state**</br>
+
+### Health state
 Filter the list to view specific machines grouped together by the following machine health states:
 
 - **Active** – Machines that are actively reporting sensor data to the service.
@@ -71,7 +78,7 @@ Filter the list to view specific machines grouped together by the following mach
 -	**Inactive** – Machines that have completely stopped sending signals for more than 7 days.
 
 
-**Security state**</br>
+### Security state
 Filter the list to view specific machines that are well configured or require attention based on the Windows Defender security controls that are enabled in your organization. 
 
 
@@ -90,15 +97,13 @@ Filter the list to view specific machines grouped together by the following malw
   -	**General malware** – Malware are malicious programs that perform unwanted actions, including actions that can disrupt, cause direct damage, and facilitate intrusion and data theft. Some malware can replicate and spread from one machine to another. Others are able to receive commands from remote attackers and perform activities associated with cyberattacks.
   -	**PUA** – Unwanted software is a category of applications that install and perform undesirable activity without adequate user consent. These applications are not necessarily malicious, but their behaviors often negatively impact the computing experience, even appearing to invade user privacy. Many of these applications display advertising, modify browser settings, and install bundled software.
 
-**Groups and tags** </br>
+### Tags
 You can filter the list based on the grouping and tagging that you've added to individual machines. 
 
 ## Export machine list to CSV
 You can  download a full list of all the machines in your organization, in CSV format. Click the **Export to CSV** button to download the entire list as a CSV file.
 
->[NOTE]
-> Exporting the list depends on the number of machines in your organization. It might take a significant amount of time to download, depending on how large your organization is.
-Exporting the list in CSV format displays the data in an unfiltered manner. The CSV file will include all machines in the organization, regardless of any filtering applied in the view itself.
+
 
 ## Sort the Machines list
 You can sort the **Machines list** by the following columns: