Merged PR 14238: incidents to ga

windows/security/threat-protection/windows-defender-atp/incidents-queue.md

@@ -11,14 +11,12 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
-ms.date: 10/08/2018
 ---
 
-# Incidents queue in Windows Defender ATP
+# Incidents in Windows Defender ATP
 **Applies to:**
 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
 
-[!include[Prerelease information](prerelease.md)]
 
 When a cybersecurity threat is emerging, or a potential attacker is deploying its tactics, techniques/tools, and procedures (TTPs) on the network, Windows Defender ATP will quickly trigger alerts and launch matching automatic investigations. 
 

windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md

@@ -11,7 +11,6 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
-ms.date: 10/08/2018
 ---
 
 # Investigate incidents in Windows Defender ATP
@@ -19,7 +18,6 @@ ms.date: 10/08/2018
 **Applies to:**
 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
 
-[!include[Prerelease information](prerelease.md)]
 
 Investigate incidents that affect your network, understand what they mean, and collate evidence to resolve them. 
 
@@ -36,6 +34,7 @@ Alerts are grouped into incidents based on the following reasons:
 - Manual association - A user manually linked the alerts
 - Proximate time - The alerts were triggered on the same machine within a certain timeframe
 - Same file - The files associated with the alert are exactly the same
+- Same URL - The URL that triggered the alert is exactly the same
 
 ![Image of alerts tab in incident page showing the Linked by tool tip](images/atp-incidents-alerts-tooltip.png)
 

windows/security/threat-protection/windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md

@@ -19,9 +19,6 @@ ms.date: 010/08/2018
 **Applies to:**
 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
 
-[!include[Prerelease information](prerelease.md)]
-
-
 Managing incidents is an important part of every cybersecurity operation. You can manage incidents by selecting an incident from the **Incidents queue** or the **Incidents management pane**. You can assign incidents to yourself, change the status, classify, rename, or comment on them to keep track of their progress. 
 
 ![Image of the incidents management pane](images/atp-incidents-mgt-pane.png)

windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md

@@ -41,11 +41,6 @@ The following features are included in the preview release:
 - [Information protection](information-protection-in-windows-overview.md)<br>
 Windows Defender ATP is seamlessly integrated in Microsoft Threat Protection to provide a complete and comprehensive data loss prevention (DLP) solution for Windows devices. This solution is delivered and managed as part of the unified Microsoft 365 information protection suite. 
 
-
-- [Incidents](incidents-queue.md)<br>
-Windows Defender ATP applies correlation analytics and aggregates all related alerts and investigations into an incident. Doing so helps narrate a broader story of an attack, thus providing you with the right visuals (upgraded incident graph) and data representations to understand and deal with complex cross-entity threats to your organization's network.
-
-
 - [Integration with Microsoft Cloud App Security](microsoft-cloud-app-security-integration.md)<br>
 Microsoft Cloud App Security leverages Windows Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Windows Defender ATP monitored machines.
 

windows/security/threat-protection/windows-defender-atp/view-incidents-queue.md

@@ -18,7 +18,6 @@ ms.date: 10/08/2018
 **Applies to:**
 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
 
-[!include[Prerelease information](prerelease.md)]
 
 The **Incidents queue** shows a collection of incidents that were flagged from machines in your network. It helps you sort through incidents to prioritize and create an informed cybersecurity response decision.
 

windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md

@@ -20,6 +20,9 @@ ms.localizationpriority: medium
 Here are the new features in the latest release of Windows Defender ATP.
 
 ## Windows Defender ATP 1809
+- [Incidents](incidents-queue.md)<br>
+Windows Defender ATP applies correlation analytics and aggregates all related alerts and investigations into an incident. Doing so helps narrate a broader story of an attack, thus providing you with the right visuals (upgraded incident graph) and data representations to understand and deal with complex cross-entity threats to your organization's network.
+
 - [Support for iOS and Android devices](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection#turn-on-third-party-integration)<br> Support for iOS and Android devices are now supported.
 
 - [Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard)<br>