diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md
index 71e1bc5d28..6f5546e721 100644
--- a/windows/keep-secure/TOC.md
+++ b/windows/keep-secure/TOC.md
@@ -735,50 +735,46 @@
 ##### [Configure proxy and Internet settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
 ##### [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
 #### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
-#### [Understand the Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
 #### [Use the Windows Defender ATP portal](use-windows-defender-advanced-threat-protection.md)
-#### [Alerts queue overview](alerts-queue-windows-defender-advanced-threat-protection.md)
-#### [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
-##### [Alert process tree](investigate-alerts-windows-defender-advanced-threat-protection.md#alert-process-tree)
-##### [Incident graph](investigate-alerts-windows-defender-advanced-threat-protection.md#incident-graph)
-##### [Alert timeline](investigate-alerts-windows-defender-advanced-threat-protection.md#alert-timeline)
-#### [Consume alerts and create custom threat intelligence](configure-siem-windows-defender-advanced-threat-protection.md)
-##### [Configure an Azure Active Directory application for SIEM integration](configure-aad-windows-defender-advanced-threat-protection.md)
-##### [Configure Splunk to consume Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
-##### [Configure HP ArcSight to consume Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
-##### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-###### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
-###### [Create custom threat intelligence using REST API](custom-ti-api-windows-defender-advanced-threat-protection.md)
-###### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
-#### [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-#### [Machines view overview](machines-view-overview-windows-defender-advanced-threat-protection.md)
-#### [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md)
-##### [Search for specific alerts](investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-alerts)
-##### [Filter events from a specific date](investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
-##### [Export machine timeline events](investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
-##### [Navigate between pages](investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
-#### [Respond to machine alerts](respond-machine-alerts-windows-defender-advanced-threat-protection.md)
-##### [Isolate machines from the network](respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
-##### [Undo machine isolation](respond-machine-alerts-windows-defender-advanced-threat-protection.md#undo-machine-isolation)
-##### [Collect investigation package](respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package)
-##### [Check activity details in Action center](respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
-#### [Check sensor status](check-sensor-status-windows-defender-advanced-threat-protection.md)
-##### [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
-###### [Inactive machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
-###### [Misconfigured machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
-#### [Investigate files](investigate-files-windows-defender-advanced-threat-protection.md)
-#### [Respond to file related alerts](respond-file-alerts-windows-defender-advanced-threat-protection.md)
-##### [Stop and quarantine files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
-##### [Remove file from quarantine](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
-##### [Block files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
-##### [Check activity details in Action center](respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
+##### [View the Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
+##### [View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
+##### [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
+###### [Alert process tree](investigate-alerts-windows-defender-advanced-threat-protection.md#alert-process-tree)
+###### [Incident graph](investigate-alerts-windows-defender-advanced-threat-protection.md#incident-graph)
+###### [Alert timeline](investigate-alerts-windows-defender-advanced-threat-protection.md#alert-timeline)
+##### [Investigate files](investigate-files-windows-defender-advanced-threat-protection.md)
+##### [Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md)
+##### [View and organize the Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)
+##### [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md)
+###### [Search for specific alerts](investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-alerts)
+###### [Filter events from a specific date](investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
+###### [Export machine timeline events](investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
+###### [Navigate between pages](investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
+##### [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md)
+##### [Investigate a user entity](investigate-user-entity-windows-defender-advanced-threat-protection.md)
+##### [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
+#### [Take response actions](response-actions-windows-defender-advanced-threat-protection.md)
+##### [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md)
+###### [Isolate machines from the network](respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
+###### [Undo machine isolation](respond-machine-alerts-windows-defender-advanced-threat-protection.md#undo-machine-isolation)
+###### [Collect investigation package](respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package)
+###### [Check activity details in Action center](respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
+##### [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md)
+###### [Stop and quarantine files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
+###### [Remove file from quarantine](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
+###### [Block files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
+###### [Check activity details in Action center](respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
 ###### [Deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
 ####### [Submit files for analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
 ####### [View deep analysis reports](respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
 ####### [Troubleshoot deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
-#### [Investigate a user entity](investigate-user-entity-windows-defender-advanced-threat-protection.md)
-#### [Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md)
-#### [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md)
+##### [Configure an Azure Active Directory application for SIEM integration](configure-aad-windows-defender-advanced-threat-protection.md)
+##### [Configure Splunk to consume Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
+##### [Configure HP ArcSight to consume Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
+#### [Check sensor status](check-sensor-status-windows-defender-advanced-threat-protection.md)
+##### [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
+###### [Inactive machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
+###### [Misconfigured machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
 #### [Configure Windows Defender ATP preferences settings](preferences-setup-windows-defender-advanced-threat-protection.md)
 ##### [Update general settings](general-settings-windows-defender-advanced-threat-protection.md)
 ##### [Enable advanced features](advanced-features-windows-defender-advacned-threat-protection.md)
diff --git a/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md b/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md
index dac798263b..cfe932a55e 100644
--- a/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md
@@ -1,5 +1,5 @@
 ---
-title: Alerts queue overview in Windows Defender ATP
+title: View and organize the Windows Defender ATP Alerts queue
 description: Learn about how the Windows Defender ATP alerts queue work, and how to sort and filter lists of alerts.
 keywords: alerts, queues, alerts queue, sort, order, filter, manage alerts, new, in progress, resolved, newest, time in queue, severity, time period
 search.product: eADQiWindows 10XVcnh
@@ -11,7 +11,7 @@ author: mjcaparas
 localizationpriority: high
 ---
 
-# Alerts queue overview
+# View and organize the Windows Defender Advanced Threat Protection Alerts queue
 
 **Applies to:**
 
diff --git a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md
index cc4c62a2e0..7c3121f6c5 100644
--- a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md
@@ -1,5 +1,5 @@
 ---
-title: Understand the Windows Defender Advanced Threat Protection Dashboard
+title: View the Windows Defender Advanced Threat Protection Dashboard
 description: Use the Dashboard to identify machines at risk, keep track of the status of the service, and see statistics and information about machines and alerts.
 keywords: dashboard, alerts, new, in progress, resolved, risk, machines at risk, infections, reporting, statistics, charts, graphs, health, active malware detections, threat category, categories, password stealer, ransomware, exploit, threat, low severity, active malware
 search.product: eADQiWindows 10XVcnh
@@ -11,7 +11,7 @@ author: mjcaparas
 localizationpriority: high
 ---
 
-# Understand the Windows Defender Advanced Threat Protection Dashboard
+# View the Windows Defender Advanced Threat Protection Dashboard
 
 **Applies to:**
 
diff --git a/windows/keep-secure/machines-view-overview-windows-defender-advanced-threat-protection.md b/windows/keep-secure/machines-view-overview-windows-defender-advanced-threat-protection.md
index c1ea6bcab3..c8526dc061 100644
--- a/windows/keep-secure/machines-view-overview-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/machines-view-overview-windows-defender-advanced-threat-protection.md
@@ -1,6 +1,6 @@
 ---
-title: Machines view overview
-description: Understand the available features that you can use from the Machines view such as sorting, filtering, and exporting the machine list which can enhance investigations.
+title: View and organize the Windows Defender ATP machines view
+description: Learn about the available features that you can use from the Machines view such as sorting, filtering, and exporting the machine list which can enhance investigations.
 keywords: sort, filter, export, csv, machine name, domain, last seen, internal IP, health state, active alerts, active malware detections, threat category, review alerts, network, connection, malware, type, password stealer, ransomware, exploit, threat, general malware, unwanted software
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -11,7 +11,7 @@ author: mjcaparas
 localizationpriority: high
 ---
 
-# Machines view overview
+# View and organize the Windows Defender ATP machines view
 
 **Applies to:**
 
diff --git a/windows/keep-secure/respond-file-alerts-windows-defender-advanced-threat-protection.md b/windows/keep-secure/respond-file-alerts-windows-defender-advanced-threat-protection.md
index 52f726d143..d3b73e96dc 100644
--- a/windows/keep-secure/respond-file-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/respond-file-alerts-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
 ---
-title: Respond to file related alerts in Windows Defender Advanced Threat Protection
-description: Respond to file related alerts by stopping and quarantining a file or blocking a file and checking activity details.
-keywords: respond, isolate, isolate machine, collect investigation package, action center, deep analyis
+title: Take response actions on a file in Windows Defender Advanced Threat Protection
+description: Take response actions on file related alerts by stopping and quarantining a file or blocking a file and checking activity details.
+keywords: respond, stop and quarantine, block file, deep analysis
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -11,7 +11,7 @@ author: mjcaparas
 localizationpriority: high
 ---
 
-# Respond to file related alerts in Windows Defender ATP
+# Take response actions on a file
 
 **Applies to:**
 
diff --git a/windows/keep-secure/respond-machine-alerts-windows-defender-advanced-threat-protection.md b/windows/keep-secure/respond-machine-alerts-windows-defender-advanced-threat-protection.md
index abc40d1187..651a38ddec 100644
--- a/windows/keep-secure/respond-machine-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/respond-machine-alerts-windows-defender-advanced-threat-protection.md
@@ -1,6 +1,6 @@
 ---
-title: Respond to machine alerts in Windows Defender Advanced Threat Protection
-description: Respond to machine alerts by isolating machines, collecting an investigation package, and checking activity details.
+title: Take response actions on a machine in Windows Defender Advanced Threat Protection
+description: Take response actions on a machine by isolating machines, collecting an investigation package, and checking activity details.
 keywords: respond, isolate, isolate machine, collect investigation package, action center
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -11,7 +11,7 @@ author: mjcaparas
 localizationpriority: high
 ---
 
-# Respond to machine alerts in Windows Defender ATP
+# Take response actions on a machine
 
 **Applies to:**
 
diff --git a/windows/keep-secure/response-actions-windows-defender-advanced-threat-protection.md b/windows/keep-secure/response-actions-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..2d774e26ab
--- /dev/null
+++ b/windows/keep-secure/response-actions-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,35 @@
+---
+title: Take response actions on files and machines in Windows Defender Advanced Threat Protection
+description: Take response actions on files and machines by stopping and quarantining files, blocking a file, isolating machines, or collecting an investigation package.
+keywords: respond, stop and quarantine, block file, deep analysis, isolate machine, collect investigation package, action center
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+---
+
+# Take response actions in Windows Defender ATP
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+<span style="color:#ED1C24;">[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
+
+You can take response actions on machines and files to quickly respond to detected attacks so that you can contain or reduce and prevent further damage caused by malicious attackers in your organization.
+
+>[!NOTE]
+> These response actions are only available for machines on Windows 10, version  1703.
+
+## In this section
+Topic | Description
+:---|:---
+[Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md)| Isolate machines or collect an investigation package.
+[Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md)| Stop and quarantine files or block a file from your network.