update images and text in machines

2025-06-21 13:23:36 +00:00 · 2018-02-16 11:36:03 -08:00
parent f00e13c7ba
commit b82ea35f9e
4 changed files with 23 additions and 5 deletions
--- a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 03/05/2018
 ---

 # Turn on advanced features in Windows Defender ATP
@ -47,11 +47,21 @@ For more information, see [Investigate a user account](investigate-user-windows-
 ## Skype for Business integration
 Enabling the Skype for Business integration gives you the ability to communicate with users using Skype for Business, email, or phone. This can be handy when you need to communicate with the user and mitigate risks.

+## Azure Advanced Threat Protection integration
+The integration with Azure Advanced Threat Protection allows you to pivot directly into another Microsoft Identity security product. Azure Advanced Threat Protection augments an investigation with additional insights about a suspected compromised account and related resources. By enabling this feature, you'll enrich the machine-based investigation capability by pivoting across the network from an identify point of view.
+
+
+>[!NOTE]
+>You'll need to have the appropriate license to enable this feature. 
+
 ## Office 365 Threat Intelligence connection
 This feature is only available if you have an active Office 365 E5 or the Threat Intelligence add-on. For more information, see the Office 365 Enterprise E5 product page.

 When you enable this feature, you'll be able to incorporate data from Office 365 Advanced Threat Protection into the Windows Defender ATP portal to conduct a holistic security investigation across Office 365 mailboxes and Windows machines.

+>[!NOTE]
+>You'll need to have the appropriate license to enable this feature. 
+
 To receive contextual machine integration in Office 365 Threat Intelligence, you'll need to enable the Windows Defender ATP settings in the Security & Compliance dashboard. For more information, see [Office 365 Threat Intelligence overview](https://support.office.com/en-us/article/Office-365-Threat-Intelligence-overview-32405DA5-BEE1-4A4B-82E5-8399DF94C512).

 ## Enable advanced features
--- a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-atp-machine-user.png
+++ b/windows/security/threat-protection/windows-defender-atp/images/atp-azure-atp-machine-user.png
--- a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-atp-machine.png
+++ b/windows/security/threat-protection/windows-defender-atp/images/atp-azure-atp-machine.png
--- a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md
@ -36,24 +36,32 @@ You can click on affected machines whenever you see them in the portal to open a
 - Any IP address or domain details view

 When you investigate a specific machine, you'll see:
- Machine details, Logged on users, and Machine Reporting
+- Machine details, Azure Advanced Threat Protection alerts, Logged on users, and Machine Reporting
 - Alerts related to this machine
 - Machine timeline

-![Image of machine view](images/atp-machine-details-view.png)
+![Image of machine view](images/atp-azure-atp-machine.png)
+
+The machine details, Azure Advanced Threat Protection alerts, total logged on users, and machine reporting sections display various attributes about the machine.

-The machine details, total logged on users, and machine reporting sections display various attributes about the machine.

 The machine details tile provides information such as the domain and OS of the machine. If there's an investigation package available on the machine, you'll see a link that allows you to download the package.

 For more information on how to take action on a machine, see [Take response action on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md).

+If you have enabled the Azure Advanced Threat Protection feature and there are alerts related to the machine, you can click on the link that will take you to the Azure Advanced Threat Protection page where more information about the alerts are provided. The Azure Advanced Threat Protection tile also provides details such as the last Azure Active Directory site information and total domain group memberships.
+
+>[!NOTE]
+>You’ll need to enable the integration between Windows Defender ATP and Azure Advanced Threat Protection to use this feature.
+
+For more information on how to enable the Azure Advanced Threat Protection integration, see [Turn on advanced features](advanced-features-windows-defender-advanced-threat-protection.md).
+
 Clicking on the number of total logged on users in the Logged on users tile opens the Users Details pane that displays the following information for logged on users in the past 30 days:

 -	Interactive and remote interactive logins
 -	Network, batch, and system logins

-![Image of user details pane](images/atp-user-details.png)
+![Image of user details pane](images/atp-azure-atp-machine-user.png)

 You'll also see details such as logon types for each user account, the user group, and when the account logon occurred.