add take response topic, rename topics, update toc

windows/keep-secure/TOC.md

@@ -735,50 +735,46 @@
 ##### [Configure proxy and Internet settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
 ##### [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
 #### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
-#### [Understand the Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
 #### [Use the Windows Defender ATP portal](use-windows-defender-advanced-threat-protection.md)
-#### [Alerts queue overview](alerts-queue-windows-defender-advanced-threat-protection.md)
+##### [View the Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
-#### [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
+##### [View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
-##### [Alert process tree](investigate-alerts-windows-defender-advanced-threat-protection.md#alert-process-tree)
+##### [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
-##### [Incident graph](investigate-alerts-windows-defender-advanced-threat-protection.md#incident-graph)
+###### [Alert process tree](investigate-alerts-windows-defender-advanced-threat-protection.md#alert-process-tree)
-##### [Alert timeline](investigate-alerts-windows-defender-advanced-threat-protection.md#alert-timeline)
+###### [Incident graph](investigate-alerts-windows-defender-advanced-threat-protection.md#incident-graph)
-#### [Consume alerts and create custom threat intelligence](configure-siem-windows-defender-advanced-threat-protection.md)
+###### [Alert timeline](investigate-alerts-windows-defender-advanced-threat-protection.md#alert-timeline)
-##### [Configure an Azure Active Directory application for SIEM integration](configure-aad-windows-defender-advanced-threat-protection.md)
+##### [Investigate files](investigate-files-windows-defender-advanced-threat-protection.md)
-##### [Configure Splunk to consume Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
+##### [Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md)
-##### [Configure HP ArcSight to consume Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
+##### [View and organize the Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)
-##### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
+##### [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md)
-###### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+###### [Search for specific alerts](investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-alerts)
-###### [Create custom threat intelligence using REST API](custom-ti-api-windows-defender-advanced-threat-protection.md)
+###### [Filter events from a specific date](investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
-###### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
+###### [Export machine timeline events](investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
-#### [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
+###### [Navigate between pages](investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
-#### [Machines view overview](machines-view-overview-windows-defender-advanced-threat-protection.md)
+##### [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md)
-#### [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md)
+##### [Investigate a user entity](investigate-user-entity-windows-defender-advanced-threat-protection.md)
-##### [Search for specific alerts](investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-alerts)
+##### [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-##### [Filter events from a specific date](investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
+#### [Take response actions](response-actions-windows-defender-advanced-threat-protection.md)
-##### [Export machine timeline events](investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
+##### [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md)
-##### [Navigate between pages](investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
+###### [Isolate machines from the network](respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
-#### [Respond to machine alerts](respond-machine-alerts-windows-defender-advanced-threat-protection.md)
+###### [Undo machine isolation](respond-machine-alerts-windows-defender-advanced-threat-protection.md#undo-machine-isolation)
-##### [Isolate machines from the network](respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
+###### [Collect investigation package](respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package)
-##### [Undo machine isolation](respond-machine-alerts-windows-defender-advanced-threat-protection.md#undo-machine-isolation)
+###### [Check activity details in Action center](respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
-##### [Collect investigation package](respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package)
+##### [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md)
-##### [Check activity details in Action center](respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
+###### [Stop and quarantine files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
-#### [Check sensor status](check-sensor-status-windows-defender-advanced-threat-protection.md)
+###### [Remove file from quarantine](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
-##### [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
+###### [Block files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
-###### [Inactive machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
+###### [Check activity details in Action center](respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
-###### [Misconfigured machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
-#### [Investigate files](investigate-files-windows-defender-advanced-threat-protection.md)
-#### [Respond to file related alerts](respond-file-alerts-windows-defender-advanced-threat-protection.md)
-##### [Stop and quarantine files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
-##### [Remove file from quarantine](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
-##### [Block files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
-##### [Check activity details in Action center](respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
 ###### [Deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
 ####### [Submit files for analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
 ####### [View deep analysis reports](respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
 ####### [Troubleshoot deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
-#### [Investigate a user entity](investigate-user-entity-windows-defender-advanced-threat-protection.md)
+##### [Configure an Azure Active Directory application for SIEM integration](configure-aad-windows-defender-advanced-threat-protection.md)
-#### [Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md)
+##### [Configure Splunk to consume Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
-#### [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md)
+##### [Configure HP ArcSight to consume Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
+#### [Check sensor status](check-sensor-status-windows-defender-advanced-threat-protection.md)
+##### [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
+###### [Inactive machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
+###### [Misconfigured machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
 #### [Configure Windows Defender ATP preferences settings](preferences-setup-windows-defender-advanced-threat-protection.md)
 ##### [Update general settings](general-settings-windows-defender-advanced-threat-protection.md)
 ##### [Enable advanced features](advanced-features-windows-defender-advacned-threat-protection.md)

windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md

@@ -1,5 +1,5 @@
 ---
-title: Alerts queue overview in Windows Defender ATP
+title: View and organize the Windows Defender ATP Alerts queue
 description: Learn about how the Windows Defender ATP alerts queue work, and how to sort and filter lists of alerts.
 keywords: alerts, queues, alerts queue, sort, order, filter, manage alerts, new, in progress, resolved, newest, time in queue, severity, time period
 search.product: eADQiWindows 10XVcnh
@@ -11,7 +11,7 @@ author: mjcaparas
 localizationpriority: high
 ---
 
-# Alerts queue overview
+# View and organize the Windows Defender Advanced Threat Protection Alerts queue
 
 **Applies to:**
 

windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md

@@ -1,5 +1,5 @@
 ---
-title: Understand the Windows Defender Advanced Threat Protection Dashboard
+title: View the Windows Defender Advanced Threat Protection Dashboard
 description: Use the Dashboard to identify machines at risk, keep track of the status of the service, and see statistics and information about machines and alerts.
 keywords: dashboard, alerts, new, in progress, resolved, risk, machines at risk, infections, reporting, statistics, charts, graphs, health, active malware detections, threat category, categories, password stealer, ransomware, exploit, threat, low severity, active malware
 search.product: eADQiWindows 10XVcnh
@@ -11,7 +11,7 @@ author: mjcaparas
 localizationpriority: high
 ---
 
-# Understand the Windows Defender Advanced Threat Protection Dashboard
+# View the Windows Defender Advanced Threat Protection Dashboard
 
 **Applies to:**
 

windows/keep-secure/machines-view-overview-windows-defender-advanced-threat-protection.md

@@ -1,6 +1,6 @@
 ---
-title: Machines view overview
+title: View and organize the Windows Defender ATP machines view
-description: Understand the available features that you can use from the Machines view such as sorting, filtering, and exporting the machine list which can enhance investigations.
+description: Learn about the available features that you can use from the Machines view such as sorting, filtering, and exporting the machine list which can enhance investigations.
 keywords: sort, filter, export, csv, machine name, domain, last seen, internal IP, health state, active alerts, active malware detections, threat category, review alerts, network, connection, malware, type, password stealer, ransomware, exploit, threat, general malware, unwanted software
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -11,7 +11,7 @@ author: mjcaparas
 localizationpriority: high
 ---
 
-# Machines view overview
+# View and organize the Windows Defender ATP machines view
 
 **Applies to:**
 

windows/keep-secure/respond-file-alerts-windows-defender-advanced-threat-protection.md

@@ -1,7 +1,7 @@
 ---
-title: Respond to file related alerts in Windows Defender Advanced Threat Protection
+title: Take response actions on a file in Windows Defender Advanced Threat Protection
-description: Respond to file related alerts by stopping and quarantining a file or blocking a file and checking activity details.
+description: Take response actions on file related alerts by stopping and quarantining a file or blocking a file and checking activity details.
-keywords: respond, isolate, isolate machine, collect investigation package, action center, deep analyis
+keywords: respond, stop and quarantine, block file, deep analysis
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -11,7 +11,7 @@ author: mjcaparas
 localizationpriority: high
 ---
 
-# Respond to file related alerts in Windows Defender ATP
+# Take response actions on a file
 
 **Applies to:**
 

windows/keep-secure/respond-machine-alerts-windows-defender-advanced-threat-protection.md

@@ -1,6 +1,6 @@
 ---
-title: Respond to machine alerts in Windows Defender Advanced Threat Protection
+title: Take response actions on a machine in Windows Defender Advanced Threat Protection
-description: Respond to machine alerts by isolating machines, collecting an investigation package, and checking activity details.
+description: Take response actions on a machine by isolating machines, collecting an investigation package, and checking activity details.
 keywords: respond, isolate, isolate machine, collect investigation package, action center
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -11,7 +11,7 @@ author: mjcaparas
 localizationpriority: high
 ---
 
-# Respond to machine alerts in Windows Defender ATP
+# Take response actions on a machine
 
 **Applies to:**
 

windows/keep-secure/response-actions-windows-defender-advanced-threat-protection.md

@@ -0,0 +1,35 @@
+---
+title: Take response actions on files and machines in Windows Defender Advanced Threat Protection
+description: Take response actions on files and machines by stopping and quarantining files, blocking a file, isolating machines, or collecting an investigation package.
+keywords: respond, stop and quarantine, block file, deep analysis, isolate machine, collect investigation package, action center
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+---
+
+# Take response actions in Windows Defender ATP
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+<span style="color:#ED1C24;">[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
+
+You can take response actions on machines and files to quickly respond to detected attacks so that you can contain or reduce and prevent further damage caused by malicious attackers in your organization.
+
+>[!NOTE]
+> These response actions are only available for machines on Windows 10, version  1703.
+
+## In this section
+Topic | Description
+:---|:---
+[Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md)| Isolate machines or collect an investigation package.
+[Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md)| Stop and quarantine files or block a file from your network.