From b51b2e7dc1d4aef026e275d602456478cb288979 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 13 Jan 2020 15:05:55 -0800
Subject: [PATCH] Update
 prevent-changes-to-security-settings-with-tamper-protection.md

---
 ...ent-changes-to-security-settings-with-tamper-protection.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
index a7320e6d3c..2237e9088e 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
@@ -140,9 +140,11 @@ If you are using Windows OS [1709](https://docs.microsoft.com/windows/release-in
 
 ## View information about tampering attempts
 
-If you're part of your organization's security team, you can view information about any attempts made to tamper with security settings. When a tampering attempt is detected, an alert is raised the in Microsoft Defender Security Center. Using the rich [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) capabilities and [advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview) in Microsoft Defender ATP, security operations teams can investigate and address such attempts.
+Tampering attempts typically indicate bigger cyberattacks where bad actors change security settings as a way to persist and stay undetected. If you're part of your organization's security team, you can view information about any attempts to tamper with security settings. When a tampering attempt is detected, an alert is raised in the [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/portal-overview) ([https://securitycenter.windows.com](https://securitycenter.windows.com)). 
 
+![Microsoft Defender Security Center](images/tamperattemptalert.png)
 
+Using the rich [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) capabilities and [advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview) in Microsoft Defender ATP, your security operations team can investigate and address such attempts. 
 
 ## Frequently asked questions