acronym

windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md

@@ -36,25 +36,25 @@ You can click on affected machines whenever you see them in the portal to open a
 - Any IP address or domain details view
 
 When you investigate a specific machine, you'll see:
-- Machine details, Azure Advanced Threat Protection alerts, Logged on users, and Machine Reporting
+- Machine details, Azure Advanced Threat Protection (Azure ATP) alerts, Logged on users, and Machine Reporting
 - Alerts related to this machine
 - Machine timeline
 
 ![Image of machine view](images/atp-azure-atp-machine.png)
 
-The machine details, Azure Advanced Threat Protection alerts, total logged on users, and machine reporting sections display various attributes about the machine.
+The machine details, Azure ATP alerts, total logged on users, and machine reporting sections display various attributes about the machine.
 
 
 The machine details tile provides information such as the domain and OS of the machine. If there's an investigation package available on the machine, you'll see a link that allows you to download the package.
 
 For more information on how to take action on a machine, see [Take response action on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md).
 
-If you have enabled the Azure Advanced Threat Protection feature and there are alerts related to the machine, you can click on the link that will take you to the Azure Advanced Threat Protection page where more information about the alerts are provided. The Azure Advanced Threat Protection tile also provides details such as the last Azure Active Directory site information and total domain group memberships.
+If you have enabled the Azure ATP feature and there are alerts related to the machine, you can click on the link that will take you to the Azure ATP page where more information about the alerts are provided. The Azure ATP tile also provides details such as the last Azure Active Directory site information and total domain group memberships.
 
 >[!NOTE]
 >You’ll need to enable the integration between Windows Defender ATP and Azure Advanced Threat Protection to use this feature.
 
-For more information on how to enable the Azure Advanced Threat Protection integration, see [Turn on advanced features](advanced-features-windows-defender-advanced-threat-protection.md).
+For more information on how to enable the Azure ATP integration, see [Turn on advanced features](advanced-features-windows-defender-advanced-threat-protection.md).
 
 Clicking on the number of total logged on users in the Logged on users tile opens the Users Details pane that displays the following information for logged on users in the past 30 days:
 

windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md

@@ -10,16 +10,12 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 03/05/2018
 ---
 # Investigate a user account in Windows Defender ATP
 
 **Applies to:**
 
-- Windows 10 Enterprise
-- Windows 10 Education
-- Windows 10 Pro
-- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 
@@ -37,13 +33,25 @@ You can find user account information in the following views:
 A clickable user account link is available in these views, that will take you to the user account details page where more details about the user account are shown.
 
 When you investigate a user account entity, you'll see:
-- User account details and Logged on machines
+- User account details, Azure Advanced Threat Protection (Azure ATP) alerts, and Logged on machines
 - Alerts related to this user
 - Observed in organization (machines logged on to)
 
 ![Image of the user account entity details page](images/atp-user-details-view-tdp.png)
 
-The user account entity details and logged on machines section display various attributes about the user account. You'll see details such as when the user was first and last seen and the total number of machines the user logged on to. You'll also see a list of the machines that the user logged on to, and can expand these to see details of the logon events on each machine.
+The user account entity details, Azure ATP alerts, and logged on machines sections display various attributes about the user account.
+
+The user entity tile provides details about the user such as when the user was first and last seen. Depending on the integration features you enable, you'll see other details. For example, if you enable the Skype for business integration, you'll be able to contact the user from the portal. 
+
+If you have enabled the Azure ATP feature and there are alerts related to the user, you can click on the link that will take you to the Azure ATP page where more information about the alerts are provided. The Azure ATP tile also provides details such as the last AD site, total group memberships, and login failure associated with the user.
+
+You'll also see a list of the machines that the user logged on to, and can expand these to see details of the logon events on each machine.
+
+>[!NOTE]
+>You<6F>ll need to enable the integration between Windows Defender ATP and Azure ATP to use this feature.
+
+
+For more information on how to enable advanced features, see [Turn on advanced features](advanced-features-windows-defender-advanced-threat-protection.md).
 
 The **Alerts related to this user** section provides a list of alerts that are associated with the user account. This list  is a filtered view of the [Alert queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows alerts where the user context is the selected user account, the date when the last activity was detected, a short description of the alert, the machine associated with the alert, the alert's severity, the alert's status in the queue, and who is assigned the alert.