Merge branch 'atp-phase2' of https://cpubwin.visualstudio.com/_git/it-client into atp-phase2

windows/security/threat-protection/index.md

@@ -119,7 +119,7 @@ Bring the power of Microsoft threat protection to your organization.
 - [Azure ATP](/windows-defender-atp/threat-protection-integration.md)
 - [Azure Security Center](/windows-defender-atp/threat-protection-integration.md)
 - [Skype for Business](/windows-defender-atp/threat-protection-integration.md) 
-- [Microsoft Cloud App Security](/windows-defender-atp/threat-protection-integration.md)
+- [Microsoft Cloud App Security](/windows-defender-atp/microsoft-cloud-app-security-integration.md)
 
 
 

windows/security/threat-protection/windows-defender-atp/TOC.md

@@ -131,14 +131,11 @@
 
 #### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
 
-
-
-
 ### [Microsoft threat protection](threat-protection-integration.md)
 ####  [Protect users, data, and devices with conditional access](conditional-access-windows-defender-advanced-threat-protection.md)
+#### [Microsoft Cloud App Security integration](microsoft-cloud-app-security-integration.md)
 ### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
 
-
 ## [Get started](get-started.md)
 ### [Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md)
 ### [Validate licensing and complete setup](licensing-windows-defender-advanced-threat-protection.md)
@@ -147,7 +144,6 @@
 ### [Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md)
 ### [Assign user access to the portal](assign-portal-access-windows-defender-advanced-threat-protection.md)
 
-
 ### [Evaluate Windows Defender ATP](evaluate-atp.md)
 ####Evaluate attack surface reduction
 ##### [Hardware-based isolation](../windows-defender-application-guard/test-scenarios-wd-app-guard.md)
@@ -159,7 +155,6 @@
 ##### [Network firewall](../windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
 #### [Next gen protection](../windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
 
- 
 
 ### [Access the Windows Defender Security Center Community Center](community-windows-defender-advanced-threat-protection.md)
 
@@ -197,8 +192,6 @@
 #### [Network firewall](../windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md)
 
 
- 
-
 ### [Configure next generation protection](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md)
 #### [Utilize Microsoft cloud-delivered protection](../windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
 ##### [Enable cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md)
@@ -213,7 +206,6 @@
 #### [Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md)
 ##### [Use limited periodic antivirus scanning](../windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md)
 
-
  
 #### [Deploy, manage updates, and report on Windows Defender Antivirus](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md)
 ##### [Deploy and enable Windows Defender Antivirus](../windows-defender-antivirus/deploy-windows-defender-antivirus.md)
@@ -268,8 +260,8 @@
 
 
 
-
-
+### Configure Microsoft threat protection
+#### [Microsoft Cloud App Security](microsoft-cloud-app-security-config.md)
 
 
 

windows/security/threat-protection/windows-defender-atp/evaluate-atp.md

@@ -16,7 +16,7 @@ ms.date: 08/10/2018
 # Evaluate Windows Defender ATP 
 Windows Defender Advanced Threat Protection (Windows Defender ATP) is a unified platform for preventative protection, post-breach detection, automated investigation, and response.
 
-You can evaluate Windows Defender Advanced Threat Protection in your organization by [Starting your free trial](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp)
+You can evaluate Windows Defender Advanced Threat Protection in your organization by [starting your free trial](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp).
 
 You can also evaluate the different security capabilities in Windows Defender ATP by using the following instructions. 
 

windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md

@@ -0,0 +1,37 @@
+---
+title: Microsoft Cloud App Security
+description: Information protection in MIP and Windows
+ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: brianlic-msft
+ms.date: 04/19/2017
+---
+
+# Microsoft Cloud App Security Configuration
+
+## How do I use it?
+
+To benefit from Windows Defender Advanced Threat Protection (ATP) cloud app discovery signals, turn on Microsoft Cloud App Security integration in the **Windows Defender ATP Settings** page, under **Advanced features**:
+
+![Advanced features](./images/advanced-features.png)
+
+Once activated, Windows Defender ATP will immediately start forwarding discovery signals to Cloud App Security.
+
+## View the data collected
+
+1. Browse to the [Cloud App Security portal](portal.cloudappsecurity.com)
+
+2. Navigate to the Cloud Discovery dashboard
+
+3. Select **Win10 Endpoint Users report**, which contains the data coming from Windows Defender ATP.
+
+![Win10 endpoint users](./images/win10-endpoint-users.png)
+
+This report is similar to the existing discovery report with one major difference: you can now benefit from visibility to the machine context.
+
+Notice the new **Machine**s tab that allows you to view the data split to the device dimensions. This is available in the main report page or any subpage (e.g., when drilling down to a specific cloud app).
+
+![Cloud discovery](./images/cloud-discovery.png)

windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md

@@ -0,0 +1,27 @@
+---
+title: Microsoft Cloud App Security
+description: Information protection in MIP and Windows
+ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: brianlic-msft
+ms.date: 04/19/2017
+---
+
+# Microsoft Cloud App Security Integration
+
+## Overview
+
+[Cloud App Security](https://docs.microsoft.com/cloud-app-security/what-is-cloud-app-security) gives you visibility into your cloud apps and services by allowing you to control and limit access to cloud apps, while enforcing compliance requirements on data stored in the cloud.
+
+Cloud App Security integrates into your eco-system in two places:
+
+1. Firewall and proxy servers route your endpoints traffic to the web and forward cloud traffic logs to Cloud App Security.
+
+2. Cloud App Security connects to your cloud app public API to enable control and governance of the data stored on cloud apps.
+
+![Cloud apps](./images/cloud-apps.png)
+
+For more information, see [configure MCAS](microsoft-cloud-security-config.md).

windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md

@@ -14,25 +14,13 @@ ms.author: v-anbic
 ms.date: 08/08/2018
 ---
 
-# Customize Attack surface reduction
+# Customize attack surface reduction
 
 **Applies to:**
 
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 
-
-
-
-
-
-
-
-
-
-
-
-
 Attack surface reduction helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines. 
 
 This topic describes how to customize Attack surface reduction by [excluding files and folders](#exclude-files-and-folders) or [adding custom text to the notification](#customize-the-notification) alert that appears on a user's computer.

windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md

@@ -16,7 +16,7 @@ ms.date: 08/08/2018
 
 
 
-# Customize Controlled folder access
+# Customize controlled folder access
 
 
 **Applies to:**
@@ -24,19 +24,6 @@ ms.date: 08/08/2018
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 
-
-
-
-
-
-
-
-
-
-
-
-
-
 Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. 
 
 This topic describes how to customize the following settings of the Controlled folder access feature with the Windows Defender Security Center app, Group Policy, PowerShell, and mobile device management (MDM) configuration service providers (CSPs):

windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md

@@ -43,7 +43,7 @@ You configure these settings using the Windows Defender Security Center on an in
 It also describes how to enable or configure the mitigations using Windows Defender Security Center, PowerShell, and MDM CSPs. This is the first step in creating a configuration that you can deploy across your network. The next step involves [generating or exporting, importing, and deploying the configuration to multiple devices](import-export-exploit-protection-emet-xml.md).
 
 >[!WARNING] 
->Some security mitigation technologies may have compatibility issues with some applications. You should test Exploit protection in all target use scenarios by using [audit mode](audit-windows-defender-exploit-guard.md) before deploying the configuration across a production environment or the rest of your network.
+>Some security mitigation technologies may have compatibility issues with some applications. You should test exploit protection in all target use scenarios by using [audit mode](evaluate-exploit-protection.md) before deploying the configuration across a production environment or the rest of your network.
 
 ## Exploit protection mitigations
 

windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md

@@ -16,7 +16,7 @@ ms.date: 08/08/2018
 
 
 
-# Enable Controlled folder access
+# Enable controlled folder access
 
 
 **Applies to:**
@@ -24,29 +24,15 @@ ms.date: 08/08/2018
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 
-
-
-
-
-
-
-
-
-
-
-
-
-
 Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
 
 This topic describes how to enable Controlled folder access with the Windows Defender Security Center app, Group Policy, PowerShell, and mobile device management (MDM) configuration service providers (CSPs). 
 
 
-## Enable and audit Controlled folder access
+## Enable and audit controlled folder access
 
-You can enable Controlled folder access with the Windows Defender Security Center app, Group Policy, PowerShell, or MDM CSPs. You can also set the feature to audit mode. Audit mode allows you to test how the feature would work (and review events) without impacting the normal use of the machine.
+You can enable controlled folder access with the Security Center app, Group Policy, PowerShell, or MDM CSPs. You can also set the feature to audit mode. Audit mode allows you to test how the feature would work (and review events) without impacting the normal use of the machine.
 
-For further details on how audit mode works, and when you might want to use it, see the [audit Windows Defender Exploit Guard topic](audit-windows-defender-exploit-guard.md).
 
 >[!NOTE]
 >The Controlled folder access feature will display the state in the Windows Defender Security Center app under **Virus & threat protection settings**.

windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md

@@ -16,26 +16,13 @@ ms.date: 08/09/2018
 
 
 
-# Protect your network with Windows Defender Exploit Guard
+# Protect your network from malicious content on the Internet
 
 **Applies to:**
 
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-Supported in Windows 10 Enterprise, Network protection helps reduce the attack surface of your devices from Internet-based events. It prevents employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. 
+Network protection helps reduce the attack surface of your devices from Internet-based events. It prevents employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. 
 
 It expands the scope of [Windows Defender SmartScreen](../windows-defender-smartscreen/windows-defender-smartscreen-overview.md) to block all outbound HTTP(s) traffic that attempts to connect to low-reputation sources (based on the domain or hostname).
 
@@ -45,14 +32,12 @@ It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md
 >You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
 
 
-Network protection works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) - which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
+Network protection works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md), which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
 
 When Network protection blocks a connection, a notification will be displayed from the Action Center. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors.
 
 You can also use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how Network protection would impact your organization if it were enabled.
 
-
-
 ## Requirements
 
 Network protection requires Windows 10 Enterprise E3 and Windows Defender AV real-time protection.

windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md

@@ -38,7 +38,7 @@ To help address your organizational network security challenges, Windows Defende
 | Topic | Description
 | - | - |
 | [Isolating Microsoft Store Apps on Your Network](isolating-apps-on-your-network.md) | You can customize your Windows Defender Firewall configuration to isolate the network access of Microsoft Store apps that run on devices. |
-| [Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012](securing-end-to-end-ipsec-connections-by-using-ikev2.md) | You can use IKEv2 to help secure your end-to-end IPSec connections. |
+| [Securing End-to-End IPsec Connections by Using IKEv2](securing-end-to-end-ipsec-connections-by-using-ikev2.md) | You can use IKEv2 to help secure your end-to-end IPSec connections. |
 | [Windows Defender Firewall with Advanced Security Administration with Windows PowerShell](windows-firewall-with-advanced-security-administration-with-windows-powershell.md) | Learn more about using Windows PowerShell to manage the Windows Defender Firewall. |
 | [Windows Defender Firewall with Advanced Security Design Guide](windows-firewall-with-advanced-security-design-guide.md) | Learn how to create a design for deploying Windows Defender Firewall with Advanced Security. |
 | [Windows Defender Firewall with Advanced Security Deployment Guide](windows-firewall-with-advanced-security-deployment-guide.md) |  Learn how to deploy Windows Defender Firewall with Advanced Security. |