From aeb863ecdc4cbcf39c92c2f1cac80bfb34881a22 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Wed, 12 Feb 2020 17:06:32 -0800
Subject: [PATCH] update toc

---
 windows/security/threat-protection/TOC.md     | 903 +++++++++---------
 .../deployment-phases.md                      |  19 +
 2 files changed, 484 insertions(+), 438 deletions(-)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index c969d4994f..4831f6e084 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -3,375 +3,426 @@
 ## [Overview]()
 ### [What is Microsoft Defender Advanced Threat Protection?](microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md)
 ### [Overview of Microsoft Defender ATP capabilities](microsoft-defender-atp/overview.md)
-### [Threat & Vulnerability Management]()
-#### [Next-generation capabilities](microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md)
-#### [Supported operating systems and platforms](microsoft-defender-atp/tvm-supported-os.md)
-#### [What's in the dashboard and what it means for my organization](microsoft-defender-atp/tvm-dashboard-insights.md)
-#### [Exposure score](microsoft-defender-atp/tvm-exposure-score.md)
-#### [Configuration score](microsoft-defender-atp/configuration-score.md)
-#### [Security recommendation](microsoft-defender-atp/tvm-security-recommendation.md)
-#### [Remediation and exception](microsoft-defender-atp/tvm-remediation.md)
-#### [Software inventory](microsoft-defender-atp/tvm-software-inventory.md)
-#### [Weaknesses](microsoft-defender-atp/tvm-weaknesses.md)
-#### [Scenarios](microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md)
+### [Minimum requirements](microsoft-defender-atp/minimum-requirements.md)
+### [What's new in Microsoft Defender ATP](microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md)
+### [Preview features](microsoft-defender-atp/preview.md)
+### [Data storage and privacy](microsoft-defender-atp/data-storage-privacy.md)
+### [Microsoft Defender ATP for US Government Community Cloud High customers](microsoft-defender-atp/commercial-gov.md)
 
 
 
-### [Attack surface reduction]()
-#### [Overview of attack surface reduction](microsoft-defender-atp/overview-attack-surface-reduction.md)
-#### [Hardware-based isolation]()
-##### [Hardware-based isolation in Windows 10](microsoft-defender-atp/overview-hardware-based-isolation.md)
 
-##### [Application isolation]()
-###### [Application guard overview](windows-defender-application-guard/wd-app-guard-overview.md)
-###### [System requirements](windows-defender-application-guard/reqs-wd-app-guard.md)
+## [How-to guides]()
+### [Deployment guide]()
+#### [Deployment phases](microsoft-defender-atp/deployment-phases.md)
+#### [Phase 1]()
+##### [Product brief](microsoft-defender-atp/product-brief.md)
+###### [Threat & Vulnerability Management]()
+####### [Next-generation capabilities](microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md)
+####### [Supported operating systems and platforms](microsoft-defender-atp/tvm-supported-os.md)
+####### [What's in the dashboard and what it means for my organization](microsoft-defender-atp/tvm-dashboard-insights.md)
+####### [Exposure score](microsoft-defender-atp/tvm-exposure-score.md)
+####### [Configuration score](microsoft-defender-atp/configuration-score.md)
+####### [Security recommendation](microsoft-defender-atp/tvm-security-recommendation.md)
+####### [Remediation and exception](microsoft-defender-atp/tvm-remediation.md)
+####### [Software inventory](microsoft-defender-atp/tvm-software-inventory.md)
+####### [Weaknesses](microsoft-defender-atp/tvm-weaknesses.md)
+####### [Scenarios](microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md)
 
-##### [System integrity](windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md)
+###### [Attack surface reduction]()
+#######[Overview of attack surface reduction](microsoft-defender-atp/overview-attack-surface-reduction.md)
+###### [Hardware-based isolation]()
+####### [Hardware-based isolation in Windows 10](microsoft-defender-atp/overview-hardware-based-isolation.md)
+####### [Application isolation]()
+######## [Application guard overview](windows-defender-application-guard/wd-app-guard-overview.md)
+######## [System requirements](windows-defender-application-guard/reqs-wd-app-guard.md)
 
-#### [Application control](windows-defender-application-control/windows-defender-application-control.md)
-#### [Exploit protection](microsoft-defender-atp/exploit-protection.md)
-#### [Network protection](microsoft-defender-atp/network-protection.md)
+####### [System integrity](windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md)
 
-#### [Web protection]()
-##### [Web protection overview](microsoft-defender-atp/web-protection-overview.md)
-##### [Web threat protection]()
-###### [Web threat protection overview](microsoft-defender-atp/web-threat-protection.md)
-###### [Monitor web security](microsoft-defender-atp/web-protection-monitoring.md)
-###### [Respond to web threats](microsoft-defender-atp/web-protection-response.md)
-##### [Web content filtering](microsoft-defender-atp/web-content-filtering.md)
+###### [Application control](windows-defender-application-control/windows-defender-application-control.md)
+###### [Exploit protection](microsoft-defender-atp/exploit-protection.md)
+###### [Network protection](microsoft-defender-atp/network-protection.md)
 
-#### [Controlled folder access](microsoft-defender-atp/controlled-folders.md)
-#### [Attack surface reduction](microsoft-defender-atp/attack-surface-reduction.md)
-#### [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md)
+###### [Web protection]()
+####### [Web protection overview](microsoft-defender-atp/web-protection-overview.md)
+#######  [Web threat protection]()
+######## [Web threat protection overview](microsoft-defender-atp/web-threat-protection.md)
+######## [Monitor web security](microsoft-defender-atp/web-protection-monitoring.md)
+########[Respond to web threats](microsoft-defender-atp/web-protection-response.md)
+####### [Web content filtering](microsoft-defender-atp/web-content-filtering.md)
 
-### [Next-generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
-#### [Better together: Windows Defender Antivirus and Microsoft Defender ATP](windows-defender-antivirus/why-use-microsoft-antivirus.md)
+###### [Controlled folder access](microsoft-defender-atp/controlled-folders.md)
+###### [Attack surface reduction](microsoft-defender-atp/attack-surface-reduction.md)
+###### [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md)
 
-### [Endpoint detection and response]()
-#### [Endpoint detection and response overview](microsoft-defender-atp/overview-endpoint-detection-response.md)
-#### [Security operations dashboard](microsoft-defender-atp/security-operations-dashboard.md)
+###### [Next-generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
+####### [Better together: Windows Defender Antivirus and Microsoft Defender ATP](windows-defender-antivirus/why-use-microsoft-antivirus.md)
 
-#### [Incidents queue]()
-##### [View and organize the Incidents queue](microsoft-defender-atp/view-incidents-queue.md)
-##### [Manage incidents](microsoft-defender-atp/manage-incidents.md)
-##### [Investigate incidents](microsoft-defender-atp/investigate-incidents.md)
+###### [Endpoint detection and response]()
+#######[Endpoint detection and response overview](microsoft-defender-atp/overview-endpoint-detection-response.md)
 
-#### [Alerts queue]()
-##### [View and organize the Alerts queue](microsoft-defender-atp/alerts-queue.md)
-##### [Manage alerts](microsoft-defender-atp/manage-alerts.md)
-##### [Investigate alerts](microsoft-defender-atp/investigate-alerts.md)
-##### [Investigate files](microsoft-defender-atp/investigate-files.md)
-##### [Investigate machines](microsoft-defender-atp/investigate-machines.md)
-##### [Investigate an IP address](microsoft-defender-atp/investigate-ip.md)
-##### [Investigate a domain](microsoft-defender-atp/investigate-domain.md)
-###### [Investigate connection events that occur behind forward proxies](microsoft-defender-atp/investigate-behind-proxy.md)
-##### [Investigate a user account](microsoft-defender-atp/investigate-user.md)
+###### [Automated investigation and remediation]()
+####### [Automated investigation and remediation overview](microsoft-defender-atp/automated-investigations.md)
+
+###### [Secure score](microsoft-defender-atp/overview-secure-score.md)
+
+
+##### [Prepare deployment](microsoft-defender-atp/prepare-deployment.md)
+##### [Validate licensing and complete setup](microsoft-defender-atp/licensing.md)
+##### [Assign user access to the portal](microsoft-defender-atp/assign-portal-access.md)
+
+#### [Phase 2]()
+##### [Evaluation lab](microsoft-defender-atp/evaluation-lab.md)
+
+#### [Phase 3]()
+##### [Production deployment](microsoft-defender-atp/production-deployment.md)
+##### [Onboard devices to the service]()
+###### [Onboard machines to Microsoft Defender ATP](microsoft-defender-atp/onboard-configure.md)
+###### [Onboard previous versions of Windows](microsoft-defender-atp/onboard-downlevel.md)
+###### [Onboard Windows 10 machines]()
+####### [Onboarding tools and methods](microsoft-defender-atp/configure-endpoints.md)
+####### [Onboard machines using Group Policy](microsoft-defender-atp/configure-endpoints-gp.md)
+####### [Onboard machines using Microsoft Endpoint Configuration Manager](microsoft-defender-atp/configure-endpoints-sccm.md)
+####### [Onboard machines using Mobile Device Management tools](microsoft-defender-atp/configure-endpoints-mdm.md)
+####### [Onboard machines using a local script](microsoft-defender-atp/configure-endpoints-script.md)
+####### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](microsoft-defender-atp/configure-endpoints-vdi.md)
  
-#### [Machines list]()
-##### [View and organize the Machines list](microsoft-defender-atp/machines-view-overview.md)
-##### [Manage machine group and tags](microsoft-defender-atp/machine-tags.md)
-
-
-#### [Take response actions]()
-##### [Take response actions on a machine]()
-###### [Response actions on machines](microsoft-defender-atp/respond-machine-alerts.md)
-###### [Manage tags](microsoft-defender-atp/respond-machine-alerts.md#manage-tags)
-###### [Initiate an automated investigation](microsoft-defender-atp/respond-machine-alerts.md#initiate-automated-investigation)
-###### [Initiate Live Response session](microsoft-defender-atp/respond-machine-alerts.md#initiate-live-response-session)
-###### [Collect investigation package](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-machines)
-###### [Run antivirus scan](microsoft-defender-atp/respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines)
-###### [Restrict app execution](microsoft-defender-atp/respond-machine-alerts.md#restrict-app-execution)
-###### [Isolate machines from the network](microsoft-defender-atp/respond-machine-alerts.md#isolate-machines-from-the-network)
-###### [Consult a threat expert](microsoft-defender-atp/respond-machine-alerts.md#consult-a-threat-expert)
-###### [Check activity details in Action center](microsoft-defender-atp/respond-machine-alerts.md#check-activity-details-in-action-center)
+###### [Onboard servers](microsoft-defender-atp/configure-server-endpoints.md)
+###### [Onboard non-Windows machines](microsoft-defender-atp/configure-endpoints-non-windows.md)
+###### [Onboard machines without Internet access](microsoft-defender-atp/onboard-offline-machines.md)
+###### [Run a detection test on a newly onboarded machine](microsoft-defender-atp/run-detection-test.md)
+###### [Run simulated attacks on machines](microsoft-defender-atp/attack-simulations.md)
+###### [Configure proxy and Internet connectivity settings](microsoft-defender-atp/configure-proxy-internet.md)
+###### [Create an onboarding or offboarding notification rule](microsoft-defender-atp/onboarding-notification.md)
  
-##### [Take response actions on a file]()
-###### [Response actions on files](microsoft-defender-atp/respond-file-alerts.md)
-###### [Stop and quarantine files in your network](microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network)
-###### [Restore file from quarantine](microsoft-defender-atp/respond-file-alerts.md#restore-file-from-quarantine)
-###### [Add indicators to block or allow a file](microsoft-defender-atp/respond-file-alerts.md#add-indicator-to-block-or-allow-a-file)
-###### [Consult a threat expert](microsoft-defender-atp/respond-file-alerts.md#consult-a-threat-expert)
-###### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center)
-###### [Download or collect file](microsoft-defender-atp/respond-file-alerts.md#download-or-collect-file)
-###### [Deep analysis](microsoft-defender-atp/respond-file-alerts.md#deep-analysis)
-###### [Submit files for analysis](microsoft-defender-atp/respond-file-alerts.md#submit-files-for-analysis)
-###### [View deep analysis reports](microsoft-defender-atp/respond-file-alerts.md#view-deep-analysis-reports)
-###### [Troubleshoot deep analysis](microsoft-defender-atp/respond-file-alerts.md#troubleshoot-deep-analysis)
+###### [Troubleshoot onboarding issues]()
+####### [Troubleshoot issues during onboarding](microsoft-defender-atp/troubleshoot-onboarding.md)
+####### [Troubleshoot subscription and portal access issues](microsoft-defender-atp/troubleshoot-onboarding-error-messages.md)
+
+##### [Role-based access control]()
+##### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md)
+##### [Create and manage roles](microsoft-defender-atp/user-roles.md)
+##### [Create and manage machine groups]()
+###### [Using machine groups](microsoft-defender-atp/machine-groups.md)
+###### [Create and manage machine tags](microsoft-defender-atp/machine-tags.md)
+
+
+
+#### [Configure and manage capabilities]()
+
+##### [Configure attack surface reduction]()
+###### [Attack surface reduction configuration settings](microsoft-defender-atp/configure-attack-surface-reduction.md)
+ 
+##### [Hardware-based isolation]()
+###### [System isolation](windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md)
+ 
+###### [Application isolation]()
+####### [Install Windows Defender Application Guard](windows-defender-application-guard/install-wd-app-guard.md)
+####### [Application control](windows-defender-application-control/windows-defender-application-control.md)
+
+###### [Device control]()
+####### [Control USB devices](device-control/control-usb-devices-using-intune.md)
+ 
+####### [Device Guard]()
+######## [Code integrity](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
+
+######## [Memory integrity]()
+######### [Understand memory integrity](device-guard/memory-integrity.md)
+######### [Hardware qualifications](device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
+######### [Enable HVCI](device-guard/enable-virtualization-based-protection-of-code-integrity.md)
+  
+###### [Exploit protection]()
+####### [Enable exploit protection](microsoft-defender-atp/enable-exploit-protection.md)
+####### [Import/export configurations](microsoft-defender-atp/import-export-exploit-protection-emet-xml.md)
+ 
+###### [Network protection](microsoft-defender-atp/enable-network-protection.md)
+###### [Controlled folder access](microsoft-defender-atp/enable-controlled-folders.md)
+
+###### [Attack surface reduction controls]()
+####### [Enable attack surface reduction rules](microsoft-defender-atp/enable-attack-surface-reduction.md)
+####### [Customize attack surface reduction](microsoft-defender-atp/customize-attack-surface-reduction.md)
+
+###### [Network firewall](windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md)
+ 
+##### [Configure next-generation protection]()
+###### [Configure Windows Defender Antivirus features](windows-defender-antivirus/configure-windows-defender-antivirus-features.md)
+  
+###### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
+####### [Enable cloud-delivered protection](windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md)
+####### [Specify the cloud-delivered protection level](windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md)
+####### [Configure and validate network connections](windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md)
+####### [Prevent security settings changes with tamper protection](windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md)
+####### [Enable Block at first sight](windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md)
+####### [Configure the cloud block timeout period](windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md)
+ 
+###### [Configure behavioral, heuristic, and real-time protection]()
+####### [Configuration overview](windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md)
+####### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
+####### [Enable and configure always-on protection and monitoring](windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md)
+
+###### [Antivirus on Windows Server 2016](windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md)
+
+###### [Antivirus compatibility]()
+####### [Compatibility charts](windows-defender-antivirus/windows-defender-antivirus-compatibility.md)
+####### [Use limited periodic antivirus scanning](windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md)
+ 
+###### [Deploy, manage updates, and report on antivirus]()
+####### [Preparing to deploy](windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md)
+####### [Deploy and enable antivirus](windows-defender-antivirus/deploy-windows-defender-antivirus.md)
+######## [Deployment guide for VDI environments](windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md)
+
+####### [Report on antivirus protection]()
+######## [Review protection status and alerts](windows-defender-antivirus/report-monitor-windows-defender-antivirus.md)
+######## [Troubleshoot antivirus reporting in Update Compliance](windows-defender-antivirus/troubleshoot-reporting.md)
+
+####### [Manage updates and apply baselines]()
+######## [Learn about the different kinds of updates](windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md)
+######## [Manage protection and security intelligence updates](windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md)
+######## [Manage when protection updates should be downloaded and applied](windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md)
+######## [Manage updates for endpoints that are out of date](windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md)
+######## [Manage event-based forced updates](windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md)
+######## [Manage updates for mobile devices and VMs](windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
+ 
+###### [Customize, initiate, and review the results of scans and remediation]()
+####### [Configuration overview](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
+
+####### [Configure and validate exclusions in antivirus scans]()
+######## [Exclusions overview](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
+######## [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
+######## [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
+######## [Configure antivirus exclusions Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
+ 
+####### [Configure scanning antivirus options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
+####### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
+####### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
+####### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
+####### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
+####### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md)
+
+###### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
+ 
+###### [Manage antivirus in your business]()
+####### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
+####### [Use Group Policy settings to configure and manage antivirus](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
+####### [Use Microsoft Endpoint Configuration Manager and Microsoft Intune to configure and manage antivirus](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
+####### [Use PowerShell cmdlets to configure and manage antivirus](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
+####### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
+####### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
+
+###### [Manage scans and remediation]()
+####### [Management overview](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
+
+####### [Configure and validate exclusions in antivirus scans]()
+######## [Exclusions overview](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
+######## [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
+######## [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
+######## [Configure antivirus exclusions on Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
+
+####### [Configure scanning options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
+
+###### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
+####### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
+####### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
+####### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
+####### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
+####### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md)
+####### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
+ 
+###### [Manage next-generation protection in your business]()
+####### [Handle false positives/negatives in Windows Defender Antivirus](windows-defender-antivirus/antivirus-false-positives-negatives.md)
+####### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
+####### [Use Microsoft Intune and Microsoft Endpoint Configuration Manager to manage next generation protection](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
+####### [Use Group Policy settings to manage next generation protection](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
+####### [Use PowerShell cmdlets to manage next generation protection](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
+####### [Use Windows Management Instrumentation (WMI) to manage next generation protection](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
+####### [Use the mpcmdrun.exe command line tool to manage next generation protection](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
+
+##### [Microsoft Defender Advanced Threat Protection for Mac](microsoft-defender-atp/microsoft-defender-atp-mac.md)
+###### [What's New](microsoft-defender-atp/mac-whatsnew.md)
+###### [Deploy]()
+####### [Microsoft Intune-based deployment](microsoft-defender-atp/mac-install-with-intune.md)
+####### [JAMF-based deployment](microsoft-defender-atp/mac-install-with-jamf.md)
+####### [Deployment with a different Mobile Device Management (MDM) system](microsoft-defender-atp/mac-install-with-other-mdm.md)
+####### [Manual deployment](microsoft-defender-atp/mac-install-manually.md)
+###### [Update](microsoft-defender-atp/mac-updates.md)
+###### [Configure]()
+####### [Configure and validate exclusions](microsoft-defender-atp/mac-exclusions.md)
+####### [Set preferences](microsoft-defender-atp/mac-preferences.md)
+####### [Detect and block Potentially Unwanted Applications](microsoft-defender-atp/mac-pua.md)
+###### [Troubleshoot]()
+####### [Troubleshoot performance issues](microsoft-defender-atp/mac-support-perf.md)
+####### [Troubleshoot kernel extension issues](microsoft-defender-atp/mac-support-kext.md)
+###### [Privacy](microsoft-defender-atp/mac-privacy.md)
+###### [Resources](microsoft-defender-atp/mac-resources.md)
+
+##### [Configure Secure score dashboard security controls](microsoft-defender-atp/secure-score-dashboard.md)
+
+##### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md)
+
+
+
+
+
+
+
+### [Operations]()
+#### [Security operations]()
+##### [Portal overview](microsoft-defender-atp/portal-overview.md)
+##### [Security operations dashboard](microsoft-defender-atp/security-operations-dashboard.md)
+
+
+##### [Incidents queue]()
+###### [View and organize the Incidents queue](microsoft-defender-atp/view-incidents-queue.md)
+###### [Manage incidents](microsoft-defender-atp/manage-incidents.md)
+###### [Investigate incidents](microsoft-defender-atp/investigate-incidents.md)
+
+##### [Alerts queue]()
+###### [View and organize the Alerts queue](microsoft-defender-atp/alerts-queue.md)
+###### [Manage alerts](microsoft-defender-atp/manage-alerts.md)
+###### [Investigate alerts](microsoft-defender-atp/investigate-alerts.md)
+###### [Investigate files](microsoft-defender-atp/investigate-files.md)
+###### [Investigate machines](microsoft-defender-atp/investigate-machines.md)
+###### [Investigate an IP address](microsoft-defender-atp/investigate-ip.md)
+###### [Investigate a domain](microsoft-defender-atp/investigate-domain.md)
+####### [Investigate connection events that occur behind forward proxies](microsoft-defender-atp/investigate-behind-proxy.md)
+###### [Investigate a user account](microsoft-defender-atp/investigate-user.md)
+
+##### [Machines list]()
+###### [View and organize the Machines list](microsoft-defender-atp/machines-view-overview.md)
+###### [Manage machine group and tags](microsoft-defender-atp/machine-tags.md)
+
+##### [Take response actions]()
+###### [Take response actions on a machine]()
+####### [Response actions on machines](microsoft-defender-atp/respond-machine-alerts.md)
+####### [Manage tags](microsoft-defender-atp/respond-machine-alerts.md#manage-tags)
+####### [Initiate an automated investigation](microsoft-defender-atp/respond-machine-alerts.md#initiate-automated-investigation)
+####### [Initiate Live Response session](microsoft-defender-atp/respond-machine-alerts.md#initiate-live-response-session)
+####### [Collect investigation package](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-machines)
+####### [Run antivirus scan](microsoft-defender-atp/respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines)
+####### [Restrict app execution](microsoft-defender-atp/respond-machine-alerts.md#restrict-app-execution)
+####### [Isolate machines from the network](microsoft-defender-atp/respond-machine-alerts.md#isolate-machines-from-the-network)
+####### [Consult a threat expert](microsoft-defender-atp/respond-machine-alerts.md#consult-a-threat-expert)
+####### [Check activity details in Action center](microsoft-defender-atp/respond-machine-alerts.md#check-activity-details-in-action-center)
+
+###### [Take response actions on a file]()
+####### [Response actions on files](microsoft-defender-atp/respond-file-alerts.md)
+####### [Stop and quarantine files in your network](microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network)
+####### [Restore file from quarantine](microsoft-defender-atp/respond-file-alerts.md#restore-file-from-quarantine)
+####### [Add indicators to block or allow a file](microsoft-defender-atp/respond-file-alerts.md#add-indicator-to-block-or-allow-a-file)
+####### [Consult a threat expert](microsoft-defender-atp/respond-file-alerts.md#consult-a-threat-expert)
+####### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center)
+####### [Download or collect file](microsoft-defender-atp/respond-file-alerts.md#download-or-collect-file)
+####### [Deep analysis](microsoft-defender-atp/respond-file-alerts.md#deep-analysis)
+####### [Submit files for analysis](microsoft-defender-atp/respond-file-alerts.md#submit-files-for-analysis)
+####### [View deep analysis reports](microsoft-defender-atp/respond-file-alerts.md#view-deep-analysis-reports)
+####### [Troubleshoot deep analysis](microsoft-defender-atp/respond-file-alerts.md#troubleshoot-deep-analysis)
+
+##### [Use the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md)
+###### [Manage actions related to automated investigation and remediation](microsoft-defender-atp/auto-investigation-action-center.md)
 
 
 ##### [Investigate entities using Live response]()
 ###### [Investigate entities on machines](microsoft-defender-atp/live-response.md)
 ###### [Live response command examples](microsoft-defender-atp/live-response-command-examples.md)
 
-### [Automated investigation and remediation]()
-#### [Automated investigation and remediation overview](microsoft-defender-atp/automated-investigations.md)
-#### [Use the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md)
-#### [Manage actions related to automated investigation and remediation](microsoft-defender-atp/auto-investigation-action-center.md)
+##### [Threat analytics](microsoft-defender-atp/threat-analytics.md)
 
-### [Secure score](microsoft-defender-atp/overview-secure-score.md)
-### [Threat analytics](microsoft-defender-atp/threat-analytics.md)
+##### [Advanced hunting]()
+###### [Advanced hunting overview](microsoft-defender-atp/advanced-hunting-overview.md)
+###### [Learn the query language](microsoft-defender-atp/advanced-hunting-query-language.md)
+###### [Use shared queries](microsoft-defender-atp/advanced-hunting-shared-queries.md)
+###### [Advanced hunting schema reference]()
+####### [Understand the schema](microsoft-defender-atp/advanced-hunting-schema-reference.md)
+####### [DeviceAlertEvents](microsoft-defender-atp/advanced-hunting-devicealertevents-table.md)
+####### [DeviceFileEvents](microsoft-defender-atp/advanced-hunting-devicefileevents-table.md)
+####### [DeviceImageLoadEvents](microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md)
+####### [DeviceLogonEvents](microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md)
+####### [DeviceInfo](microsoft-defender-atp/advanced-hunting-deviceinfo-table.md)
+####### [DeviceNetworkInfo](microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md)
+####### [DeviceEvents](microsoft-defender-atp/advanced-hunting-deviceevents-table.md)
+####### [DeviceFileCertificateInfoBeta](microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md)
+####### [DeviceNetworkEvents](microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md)
+####### [DeviceProcessEvents](microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md)
+####### [DeviceRegistryEvents](microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md)
+####### [DeviceTvmSoftwareInventoryVulnerabilities](microsoft-defender-atp/advanced-hunting-tvm-softwareinventory-table.md)
+####### [DeviceTvmSoftwareVulnerabilitiesKB](microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md)
+####### [DeviceTvmSecureConfigurationAssessment](microsoft-defender-atp/advanced-hunting-tvm-configassessment-table.md)
+####### [DeviceTvmSecureConfigurationAssessmentKB](microsoft-defender-atp/advanced-hunting-tvm-secureconfigkb-table.md)
+###### [Apply query best practices](microsoft-defender-atp/advanced-hunting-best-practices.md)
+
+##### [Microsoft Threat Experts](microsoft-defender-atp/microsoft-threat-experts.md)
+
+##### [Reporting]()
+###### [Power BI - How to use API - Samples](microsoft-defender-atp/api-power-bi.md)
+###### [Create and build Power BI reports using Microsoft Defender ATP data connectors (deprecated)](microsoft-defender-atp/powerbi-reports.md)
+###### [Threat protection reports](microsoft-defender-atp/threat-protection-reports.md)
+###### [Machine health and compliance reports](microsoft-defender-atp/machine-reports.md)
 
-### [Advanced hunting]()
-#### [Advanced hunting overview](microsoft-defender-atp/advanced-hunting-overview.md)
-#### [Learn the query language](microsoft-defender-atp/advanced-hunting-query-language.md)
-#### [Use shared queries](microsoft-defender-atp/advanced-hunting-shared-queries.md)
-#### [Advanced hunting schema reference]()
-##### [Understand the schema](microsoft-defender-atp/advanced-hunting-schema-reference.md)
-##### [DeviceAlertEvents](microsoft-defender-atp/advanced-hunting-devicealertevents-table.md)
-##### [DeviceFileEvents](microsoft-defender-atp/advanced-hunting-devicefileevents-table.md)
-##### [DeviceImageLoadEvents](microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md)
-##### [DeviceLogonEvents](microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md)
-##### [DeviceInfo](microsoft-defender-atp/advanced-hunting-deviceinfo-table.md)
-##### [DeviceNetworkInfo](microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md)
-##### [DeviceEvents](microsoft-defender-atp/advanced-hunting-deviceevents-table.md)
-##### [DeviceFileCertificateInfoBeta](microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md)
-##### [DeviceNetworkEvents](microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md)
-##### [DeviceProcessEvents](microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md)
-##### [DeviceRegistryEvents](microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md)
-##### [DeviceTvmSoftwareInventoryVulnerabilities](microsoft-defender-atp/advanced-hunting-tvm-softwareinventory-table.md)
-##### [DeviceTvmSoftwareVulnerabilitiesKB](microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md)
-##### [DeviceTvmSecureConfigurationAssessment](microsoft-defender-atp/advanced-hunting-tvm-configassessment-table.md)
-##### [DeviceTvmSecureConfigurationAssessmentKB](microsoft-defender-atp/advanced-hunting-tvm-secureconfigkb-table.md)
-#### [Apply query best practices](microsoft-defender-atp/advanced-hunting-best-practices.md)
 
 
 #### [Custom detections]()
 ##### [Understand custom detection rules](microsoft-defender-atp/overview-custom-detections.md)
 ##### [Create and manage custom detections rules](microsoft-defender-atp/custom-detection-rules.md)
 
+
+#### [Security administration]()
+##### [Threat & Vulnerability Management]()
+###### [Threat & Vulnerability Management overview](microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md)
+###### [Supported operating systems and platforms](microsoft-defender-atp/tvm-supported-os.md)
+###### [What's in the dashboard and what it means for my organization](microsoft-defender-atp/tvm-dashboard-insights.md)
+###### [Exposure score](microsoft-defender-atp/tvm-exposure-score.md)
+###### [Configuration score](microsoft-defender-atp/configuration-score.md)
+###### [Security recommendation](microsoft-defender-atp/tvm-security-recommendation.md)
+###### [Remediation and exception](microsoft-defender-atp/tvm-remediation.md)
+###### [Software inventory](microsoft-defender-atp/tvm-software-inventory.md)
+###### [Weaknesses](microsoft-defender-atp/tvm-weaknesses.md)
+###### [Scenarios](microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md)
+
+##### [Manage machine configuration]()
+###### [Ensure your machines are configured properly](microsoft-defender-atp/configure-machines.md)
+###### [Monitor and increase machine onboarding](microsoft-defender-atp/configure-machines-onboarding.md)
+###### [Increase compliance to the security baseline](microsoft-defender-atp/configure-machines-security-baseline.md)
+###### [Optimize ASR rule deployment and detections](microsoft-defender-atp/configure-machines-asr.md)
+
+## Reference
+
+### [Configure portal settings]()
+#### [Set up preferences](microsoft-defender-atp/preferences-setup.md)
+#### [General]()
+##### [Update data retention settings](microsoft-defender-atp/data-retention-settings.md)
+##### [Configure alert notifications](microsoft-defender-atp/configure-email-notifications.md)
+##### [Enable and create Power BI reports using Windows Defender Security center data](microsoft-defender-atp/powerbi-reports.md)
+##### [Enable Secure score security controls](microsoft-defender-atp/enable-secure-score.md)
+##### [Configure advanced features](microsoft-defender-atp/advanced-features.md)
+
+#### [Permissions]()
+##### [Use basic permissions to access the portal](microsoft-defender-atp/basic-permissions.md)
+##### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md)
+###### [Create and manage roles](microsoft-defender-atp/user-roles.md)
+###### [Create and manage machine groups](microsoft-defender-atp/machine-groups.md)
+####### [Create and manage machine tags](microsoft-defender-atp/machine-tags.md)
+
+#### [APIs]()
+##### [Enable Threat intel (Deprecated)](microsoft-defender-atp/enable-custom-ti.md)
+##### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)
+ 
+#### [Rules]()
+##### [Manage suppression rules](microsoft-defender-atp/manage-suppression-rules.md)
+##### [Manage indicators](microsoft-defender-atp/manage-indicators.md)
+##### [Manage automation file uploads](microsoft-defender-atp/manage-automation-file-uploads.md)
+##### [Manage automation folder exclusions](microsoft-defender-atp/manage-automation-folder-exclusions.md)
+ 
+#### [Machine management]()
+##### [Onboarding machines](microsoft-defender-atp/onboard-configure.md)
+##### [Offboarding machines](microsoft-defender-atp/offboard-machines.md)
+ 
+### [Configure Microsoft Defender Security Center time zone settings](microsoft-defender-atp/time-settings.md)
+
+
+
 ### [Management and APIs]()
 #### [Overview of management and APIs](microsoft-defender-atp/management-apis.md)
 
-### [Integrations]()
-#### [Microsoft Defender ATP integrations](microsoft-defender-atp/threat-protection-integration.md)
-#### [Protect users, data, and devices with conditional access](microsoft-defender-atp/conditional-access.md)
-#### [Microsoft Cloud App Security integration overview](microsoft-defender-atp/microsoft-cloud-app-security-integration.md)
-
-### [Information protection in Windows overview]()
-#### [Windows integration](microsoft-defender-atp/information-protection-in-windows-overview.md)
-#### [Use sensitivity labels to prioritize incident response](microsoft-defender-atp/information-protection-investigation.md)
-
-### [Microsoft Threat Experts](microsoft-defender-atp/microsoft-threat-experts.md)
-
-### [Portal overview](microsoft-defender-atp/portal-overview.md)
-### [Microsoft Defender ATP for US Government Community Cloud High customers](microsoft-defender-atp/commercial-gov.md)
-
-
-## [Deployment guide]()
-### [Product brief](microsoft-defender-atp/product-brief.md)
-### [Prepare deployment](microsoft-defender-atp/prepare-deployment.md)
-### [Evaluate capabilities](microsoft-defender-atp/evaluation-lab.md)
-### [Production deployment](microsoft-defender-atp/production-deployment.md)
-### [Helpful resources](microsoft-defender-atp/helpful-resources.md)
-
-
-## [Get started]()
-### [What's new in Microsoft Defender ATP](microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md)
-### [Minimum requirements](microsoft-defender-atp/minimum-requirements.md)
-### [Validate licensing and complete setup](microsoft-defender-atp/licensing.md)
-### [Evaluation lab](microsoft-defender-atp/evaluation-lab.md)
-### [Preview features](microsoft-defender-atp/preview.md)
-### [Data storage and privacy](microsoft-defender-atp/data-storage-privacy.md)
-### [Assign user access to the portal](microsoft-defender-atp/assign-portal-access.md)
-
-
-
-
-### [Evaluate Microsoft Defender ATP]()
-#### [Attack surface reduction and next-generation capability evaluation]()
-##### [Attack surface reduction and nex-generation evaluation overview](microsoft-defender-atp/evaluate-atp.md)
-##### [Hardware-based isolation](windows-defender-application-guard/test-scenarios-wd-app-guard.md)
-##### [Application control](windows-defender-application-control/audit-windows-defender-application-control-policies.md)
-##### [Exploit protection](microsoft-defender-atp/evaluate-exploit-protection.md)
-##### [Network Protection](microsoft-defender-atp/evaluate-network-protection.md)
-##### [Controlled folder access](microsoft-defender-atp/evaluate-controlled-folder-access.md)
-##### [Attack surface reduction](microsoft-defender-atp/evaluate-attack-surface-reduction.md)
-##### [Network firewall](windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
-##### [Evaluate next-generation protection](windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
-
-### [Access the Windows Defender Security Center Community Center](microsoft-defender-atp/community.md)
-
-## [Configure and manage capabilities]()
-
-### [Configure attack surface reduction]()
-#### [Attack surface reduction configuration settings](microsoft-defender-atp/configure-attack-surface-reduction.md)
-
-
-### [Hardware-based isolation]()
-#### [System isolation](windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md)
-
-#### [Application isolation]()
-##### [Install Windows Defender Application Guard](windows-defender-application-guard/install-wd-app-guard.md)
-##### [Application control](windows-defender-application-control/windows-defender-application-control.md)
-
-#### [Device control]()
-##### [Control USB devices](device-control/control-usb-devices-using-intune.md)
-
-##### [Device Guard]()
-###### [Code integrity](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
-
-###### [Memory integrity]()
-####### [Understand memory integrity](device-guard/memory-integrity.md)
-####### [Hardware qualifications](device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
-####### [Enable HVCI](device-guard/enable-virtualization-based-protection-of-code-integrity.md)
-
-#### [Exploit protection]()
-##### [Enable exploit protection](microsoft-defender-atp/enable-exploit-protection.md)
-##### [Import/export configurations](microsoft-defender-atp/import-export-exploit-protection-emet-xml.md)
-
-#### [Network protection](microsoft-defender-atp/enable-network-protection.md)
-#### [Controlled folder access](microsoft-defender-atp/enable-controlled-folders.md)
-
-#### [Attack surface reduction controls]()
-##### [Enable attack surface reduction rules](microsoft-defender-atp/enable-attack-surface-reduction.md)
-##### [Customize attack surface reduction](microsoft-defender-atp/customize-attack-surface-reduction.md)
-
-#### [Network firewall](windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md)
-
-
-
-
-### [Configure next-generation protection]()
-#### [Configure Windows Defender Antivirus features](windows-defender-antivirus/configure-windows-defender-antivirus-features.md)
-
-#### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
-##### [Enable cloud-delivered protection](windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md)
-##### [Specify the cloud-delivered protection level](windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md)
-##### [Configure and validate network connections](windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md)
-##### [Prevent security settings changes with tamper protection](windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md)
-##### [Enable Block at first sight](windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md)
-##### [Configure the cloud block timeout period](windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md)
-
-#### [Configure behavioral, heuristic, and real-time protection]()
-##### [Configuration overview](windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md)
-##### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
-##### [Enable and configure always-on protection and monitoring](windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md)
-
-#### [Antivirus on Windows Server 2016](windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md)
-
-#### [Antivirus compatibility]()
-##### [Compatibility charts](windows-defender-antivirus/windows-defender-antivirus-compatibility.md)
-##### [Use limited periodic antivirus scanning](windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md)
-
-#### [Deploy, manage updates, and report on antivirus]()
-##### [Preparing to deploy](windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md)
-##### [Deploy and enable antivirus](windows-defender-antivirus/deploy-windows-defender-antivirus.md)
-###### [Deployment guide for VDI environments](windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md)
-
-##### [Report on antivirus protection]()
-###### [Review protection status and alerts](windows-defender-antivirus/report-monitor-windows-defender-antivirus.md)
-###### [Troubleshoot antivirus reporting in Update Compliance](windows-defender-antivirus/troubleshoot-reporting.md)
-
-##### [Manage updates and apply baselines]()
-###### [Learn about the different kinds of updates](windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md)
-###### [Manage protection and security intelligence updates](windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md)
-###### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md)
-###### [Manage updates for endpoints that are out of date](windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md)
-###### [Manage event-based forced updates](windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md)
-###### [Manage updates for mobile devices and VMs](windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
-
-#### [Customize, initiate, and review the results of scans and remediation]()
-##### [Configuration overview](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
-
-##### [Configure and validate exclusions in antivirus scans]()
-###### [Exclusions overview](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
-###### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
-###### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
-###### [Configure antivirus exclusions Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
-
-##### [Configure scanning antivirus options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
-##### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
-##### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
-##### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
-##### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
-##### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md)
-
-#### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
-
-#### [Manage antivirus in your business]()
-##### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
-##### [Use Group Policy settings to configure and manage antivirus](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
-##### [Use Microsoft Endpoint Configuration Manager and Microsoft Intune to configure and manage antivirus](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
-##### [Use PowerShell cmdlets to configure and manage antivirus](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
-##### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
-##### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
-
-#### [Manage scans and remediation]()
-##### [Management overview](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
-
-##### [Configure and validate exclusions in antivirus scans]()
-###### [Exclusions overview](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
-###### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
-###### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
-###### [Configure antivirus exclusions on Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
-
-##### [Configure scanning options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
-
-#### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
-##### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
-##### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
-##### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
-##### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
-##### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md)
-##### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
-
-#### [Manage next-generation protection in your business]()
-##### [Handle false positives/negatives in Windows Defender Antivirus](windows-defender-antivirus/antivirus-false-positives-negatives.md)
-##### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
-##### [Use Microsoft Intune and Microsoft Endpoint Configuration Manager to manage next generation protection](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
-##### [Use Group Policy settings to manage next generation protection](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
-##### [Use PowerShell cmdlets to manage next generation protection](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
-##### [Use Windows Management Instrumentation (WMI) to manage next generation protection](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
-##### [Use the mpcmdrun.exe command line tool to manage next generation protection](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
-
-### [Microsoft Defender Advanced Threat Protection for Mac](microsoft-defender-atp/microsoft-defender-atp-mac.md)
-#### [What's New](microsoft-defender-atp/mac-whatsnew.md)
-#### [Deploy]()
-##### [Microsoft Intune-based deployment](microsoft-defender-atp/mac-install-with-intune.md)
-##### [JAMF-based deployment](microsoft-defender-atp/mac-install-with-jamf.md)
-##### [Deployment with a different Mobile Device Management (MDM) system](microsoft-defender-atp/mac-install-with-other-mdm.md)
-##### [Manual deployment](microsoft-defender-atp/mac-install-manually.md)
-#### [Update](microsoft-defender-atp/mac-updates.md)
-#### [Configure]()
-##### [Configure and validate exclusions](microsoft-defender-atp/mac-exclusions.md)
-##### [Set preferences](microsoft-defender-atp/mac-preferences.md)
-##### [Detect and block Potentially Unwanted Applications](microsoft-defender-atp/mac-pua.md)
-#### [Troubleshoot]()
-##### [Troubleshoot performance issues](microsoft-defender-atp/mac-support-perf.md)
-##### [Troubleshoot kernel extension issues](microsoft-defender-atp/mac-support-kext.md)
-#### [Privacy](microsoft-defender-atp/mac-privacy.md)
-#### [Resources](microsoft-defender-atp/mac-resources.md)
-
-
-### [Configure Secure score dashboard security controls](microsoft-defender-atp/secure-score-dashboard.md)
-
-### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md)
-
-### [Management and API support]()
-#### [Onboard devices to the service]()
-##### [Onboard machines to Microsoft Defender ATP](microsoft-defender-atp/onboard-configure.md)
-##### [Onboard previous versions of Windows](microsoft-defender-atp/onboard-downlevel.md)
-##### [Onboard Windows 10 machines]()
-###### [Onboarding tools and methods](microsoft-defender-atp/configure-endpoints.md)
-###### [Onboard machines using Group Policy](microsoft-defender-atp/configure-endpoints-gp.md)
-###### [Onboard machines using Microsoft Endpoint Configuration Manager](microsoft-defender-atp/configure-endpoints-sccm.md)
-###### [Onboard machines using Mobile Device Management tools](microsoft-defender-atp/configure-endpoints-mdm.md)
-###### [Onboard machines using a local script](microsoft-defender-atp/configure-endpoints-script.md)
-###### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](microsoft-defender-atp/configure-endpoints-vdi.md)
-
-##### [Onboard servers](microsoft-defender-atp/configure-server-endpoints.md)
-##### [Onboard non-Windows machines](microsoft-defender-atp/configure-endpoints-non-windows.md)
-##### [Onboard machines without Internet access](microsoft-defender-atp/onboard-offline-machines.md)
-##### [Run a detection test on a newly onboarded machine](microsoft-defender-atp/run-detection-test.md)
-##### [Run simulated attacks on machines](microsoft-defender-atp/attack-simulations.md)
-##### [Configure proxy and Internet connectivity settings](microsoft-defender-atp/configure-proxy-internet.md)
-##### [Create an onboarding or offboarding notification rule](microsoft-defender-atp/onboarding-notification.md)
-
-
-##### [Troubleshoot onboarding issues]()
-###### [Troubleshoot issues during onboarding](microsoft-defender-atp/troubleshoot-onboarding.md)
-###### [Troubleshoot subscription and portal access issues](microsoft-defender-atp/troubleshoot-onboarding-error-messages.md)
-
 #### [Microsoft Defender ATP API]()
 ##### [Get started]()
 ###### [Microsoft Defender ATP API license and terms](microsoft-defender-atp/api-terms-of-use.md)
@@ -492,100 +543,99 @@
 ###### [Advanced Hunting using PowerShell](microsoft-defender-atp/run-advanced-query-sample-powershell.md)
 ###### [Using OData Queries](microsoft-defender-atp/exposed-apis-odata-samples.md)
 
-#### [Windows updates (KB) info]()
-##### [Get KbInfo collection](microsoft-defender-atp/get-kbinfo-collection.md)
 
-#### [Common Vulnerabilities and Exposures (CVE) to KB map]()
-##### [Get CVE-KB map](microsoft-defender-atp/get-cvekbmap-collection.md)
-
-#### [Pull detections to your SIEM tools]()
 #### [Raw data streaming API]()
 ##### [Raw data streaming (preview)](microsoft-defender-atp/raw-data-export.md)
 ##### [Stream advanced hunting events to Azure Events hub](microsoft-defender-atp/raw-data-export-event-hub.md)
 ##### [Stream advanced hunting events to your storage account](microsoft-defender-atp/raw-data-export-storage.md)
 
 
-#### [SIEM integration]()
-##### [Understand threat intelligence concepts](microsoft-defender-atp/threat-indicator-concepts.md)
-##### [Learn about different ways to pull detections](microsoft-defender-atp/configure-siem.md)
-##### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)
-##### [Configure Splunk to pull detections](microsoft-defender-atp/configure-splunk.md)
-##### [Configure HP ArcSight to pull detections](microsoft-defender-atp/configure-arcsight.md)
-##### [Microsoft Defender ATP detection fields](microsoft-defender-atp/api-portal-mapping.md)
-##### [Pull detections using SIEM REST API](microsoft-defender-atp/pull-alerts-using-rest-api.md)
-##### [Troubleshoot SIEM tool integration issues](microsoft-defender-atp/troubleshoot-siem.md)
-
-
-#### [Reporting]()
-##### [Power BI - How to use API - Samples](microsoft-defender-atp/api-power-bi.md)
-##### [Create and build Power BI reports using Microsoft Defender ATP data connectors (deprecated)](microsoft-defender-atp/powerbi-reports.md)
-##### [Threat protection reports](microsoft-defender-atp/threat-protection-reports.md)
-##### [Machine health and compliance reports](microsoft-defender-atp/machine-reports.md)
-
 #### [Partners & APIs]()
 ##### [Partner applications](microsoft-defender-atp/partner-applications.md)
 ##### [Connected applications](microsoft-defender-atp/connected-applications.md)
 ##### [API explorer](microsoft-defender-atp/api-explorer.md)
 
 
-#### [Manage machine configuration]()
-##### [Ensure your machines are configured properly](microsoft-defender-atp/configure-machines.md)
-##### [Monitor and increase machine onboarding](microsoft-defender-atp/configure-machines-onboarding.md)
-##### [Increase compliance to the security baseline](microsoft-defender-atp/configure-machines-security-baseline.md)
-##### [Optimize ASR rule deployment and detections](microsoft-defender-atp/configure-machines-asr.md)
 
+### [Pull detections to your SIEM tools]()
 
-#### [Role-based access control]()
-##### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md)
-##### [Create and manage roles](microsoft-defender-atp/user-roles.md)
-##### [Create and manage machine groups]()
-###### [Using machine groups](microsoft-defender-atp/machine-groups.md)
-###### [Create and manage machine tags](microsoft-defender-atp/machine-tags.md)
-
-#### [Configure managed security service provider (MSSP) integration](microsoft-defender-atp/configure-mssp-support.md)
-
-## [Partner integration scenarios]()
-### [Technical partner opportunities](microsoft-defender-atp/partner-integration.md)
-### [Managed security service provider opportunity](microsoft-defender-atp/mssp-support.md)
-### [Become a Microsoft Defender ATP partner](microsoft-defender-atp/get-started-partner-integration.md)
-
-
-## [Configure Microsoft threat protection integration]()
-### [Configure conditional access](microsoft-defender-atp/configure-conditional-access.md)
-### [Configure Microsoft Cloud App Security integration](microsoft-defender-atp/microsoft-cloud-app-security-config.md)
-### [Configure information protection in Windows](microsoft-defender-atp/information-protection-in-windows-config.md)
-
-## [Configure portal settings]()
-### [Set up preferences](microsoft-defender-atp/preferences-setup.md)
-### [General]()
-#### [Update data retention settings](microsoft-defender-atp/data-retention-settings.md)
-#### [Configure alert notifications](microsoft-defender-atp/configure-email-notifications.md)
-#### [Enable and create Power BI reports using Windows Defender Security center data](microsoft-defender-atp/powerbi-reports.md)
-#### [Enable Secure score security controls](microsoft-defender-atp/enable-secure-score.md)
-#### [Configure advanced features](microsoft-defender-atp/advanced-features.md)
-
-### [Permissions]()
-#### [Use basic permissions to access the portal](microsoft-defender-atp/basic-permissions.md)
-#### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md)
-##### [Create and manage roles](microsoft-defender-atp/user-roles.md)
-##### [Create and manage machine groups](microsoft-defender-atp/machine-groups.md)
-###### [Create and manage machine tags](microsoft-defender-atp/machine-tags.md)
-
-### [APIs]()
-#### [Enable Threat intel (Deprecated)](microsoft-defender-atp/enable-custom-ti.md)
+### [SIEM integration]()
+#### [Understand threat intelligence concepts](microsoft-defender-atp/threat-indicator-concepts.md)
+#### [Learn about different ways to pull detections](microsoft-defender-atp/configure-siem.md)
 #### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)
+#### [Configure Splunk to pull detections](microsoft-defender-atp/configure-splunk.md)
+#### [Configure HP ArcSight to pull detections](microsoft-defender-atp/configure-arcsight.md)
+#### [Microsoft Defender ATP detection fields](microsoft-defender-atp/api-portal-mapping.md)
+#### [Pull detections using SIEM REST API](microsoft-defender-atp/pull-alerts-using-rest-api.md)
+#### [Troubleshoot SIEM tool integration issues](microsoft-defender-atp/troubleshoot-siem.md)
+
+### [Partner integration scenarios]()
+#### [Technical partner opportunities](microsoft-defender-atp/partner-integration.md)
+#### [Managed security service provider opportunity](microsoft-defender-atp/mssp-support.md)
+#### [Become a Microsoft Defender ATP partner](microsoft-defender-atp/get-started-partner-integration.md)
+
+### [Configure managed security service provider (MSSP) integration](microsoft-defender-atp/configure-mssp-support.md)
+
+
+### [Configure Microsoft threat protection integration]()
+#### [Configure conditional access](microsoft-defender-atp/configure-conditional-access.md)
+#### [Configure Microsoft Cloud App Security integration](microsoft-defender-atp/microsoft-cloud-app-security-config.md)
+#### [Configure information protection in Windows](microsoft-defender-atp/information-protection-in-windows-config.md)
+
+### [Integrations]()
+#### [Microsoft Defender ATP integrations](microsoft-defender-atp/threat-protection-integration.md)
+#### [Protect users, data, and devices with conditional access](microsoft-defender-atp/conditional-access.md)
+#### [Microsoft Cloud App Security integration overview](microsoft-defender-atp/microsoft-cloud-app-security-integration.md)
+
+
+### [Information protection in Windows overview]()
+#### [Windows integration](microsoft-defender-atp/information-protection-in-windows-overview.md)
+#### [Use sensitivity labels to prioritize incident response](microsoft-defender-atp/information-protection-investigation.md)
+
+
+### [Evaluate Microsoft Defender ATP]()
+#### [Attack surface reduction and next-generation capability evaluation]()
+##### [Attack surface reduction and nex-generation evaluation overview](microsoft-defender-atp/evaluate-atp.md)
+##### [Hardware-based isolation](windows-defender-application-guard/test-scenarios-wd-app-guard.md)
+##### [Application control](windows-defender-application-control/audit-windows-defender-application-control-policies.md)
+##### [Exploit protection](microsoft-defender-atp/evaluate-exploit-protection.md)
+##### [Network Protection](microsoft-defender-atp/evaluate-network-protection.md)
+##### [Controlled folder access](microsoft-defender-atp/evaluate-controlled-folder-access.md)
+##### [Attack surface reduction](microsoft-defender-atp/evaluate-attack-surface-reduction.md)
+##### [Network firewall](windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
+##### [Evaluate next-generation protection](windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
+
+
+
+### [Access the Windows Defender Security Center Community Center](microsoft-defender-atp/community.md)
+
+
+
+
+### [Helpful resources](microsoft-defender-atp/helpful-resources.md)
+
+
+
+### [Troubleshoot Microsoft Defender ATP]()
+#### [Troubleshoot sensor state]()
+##### [Check sensor state](microsoft-defender-atp/check-sensor-status.md)
+##### [Fix unhealthy sensors](microsoft-defender-atp/fix-unhealthy-sensors.md)
+##### [Inactive machines](microsoft-defender-atp/fix-unhealthy-sensors.md#inactive-machines)
+##### [Misconfigured machines](microsoft-defender-atp/fix-unhealthy-sensors.md#misconfigured-machines)
+##### [Review sensor events and errors on machines with Event Viewer](microsoft-defender-atp/event-error-codes.md)
+  
+#### [Troubleshoot Microsoft Defender ATP service issues]()
+##### [Troubleshoot service issues](microsoft-defender-atp/troubleshoot-mdatp.md)
+##### [Check service health](microsoft-defender-atp/service-status.md)
+
+#### [Troubleshoot live response issues]()
+##### [Troubleshoot issues related to live response](microsoft-defender-atp/troubleshoot-live-response.md)
  
-### [Rules]()
-#### [Manage suppression rules](microsoft-defender-atp/manage-suppression-rules.md)
-#### [Manage indicators](microsoft-defender-atp/manage-indicators.md)
-#### [Manage automation file uploads](microsoft-defender-atp/manage-automation-file-uploads.md)
-#### [Manage automation folder exclusions](microsoft-defender-atp/manage-automation-folder-exclusions.md)
- 
-### [Machine management]()
-#### [Onboarding machines](microsoft-defender-atp/onboard-configure.md)
-#### [Offboarding machines](microsoft-defender-atp/offboard-machines.md)
- 
-### [Configure Microsoft Defender Security Center time zone settings](microsoft-defender-atp/time-settings.md)
+#### [Troubleshoot attack surface reduction]()
+##### [Network protection](microsoft-defender-atp/troubleshoot-np.md)
+##### [Attack surface reduction rules](microsoft-defender-atp/troubleshoot-asr.md)
+  
+#### [Troubleshoot next-generation protection](windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md)
 
 
 
@@ -593,29 +643,6 @@
 
 
 
-## [Troubleshoot Microsoft Defender ATP]()
-### [Troubleshoot sensor state]()
-#### [Check sensor state](microsoft-defender-atp/check-sensor-status.md)
-#### [Fix unhealthy sensors](microsoft-defender-atp/fix-unhealthy-sensors.md)
-#### [Inactive machines](microsoft-defender-atp/fix-unhealthy-sensors.md#inactive-machines)
-#### [Misconfigured machines](microsoft-defender-atp/fix-unhealthy-sensors.md#misconfigured-machines)
-#### [Review sensor events and errors on machines with Event Viewer](microsoft-defender-atp/event-error-codes.md)
-
-### [Troubleshoot Microsoft Defender ATP service issues]()
-#### [Troubleshoot service issues](microsoft-defender-atp/troubleshoot-mdatp.md)
-#### [Check service health](microsoft-defender-atp/service-status.md)
-
-### [Troubleshoot live response issues]()
-#### [Troubleshoot issues related to live response](microsoft-defender-atp/troubleshoot-live-response.md)
-
-### [Troubleshoot attack surface reduction]()
-#### [Network protection](microsoft-defender-atp/troubleshoot-np.md)
-#### [Attack surface reduction rules](microsoft-defender-atp/troubleshoot-asr.md)
- 
-### [Troubleshoot next-generation protection](windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md)
-
-
-
 ## [Security intelligence](intelligence/index.md)
 ### [Understand malware & other threats](intelligence/understanding-malware.md)
 #### [Prevent malware infection](intelligence/prevent-malware-infection.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
new file mode 100644
index 0000000000..fa216c1628
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
@@ -0,0 +1,19 @@
+---
+title: Deployment phases
+description: 
+keywords: 
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance  
+ms.topic: article
+---
+
+# Deployment phases
\ No newline at end of file