add machine risk in investigate machines

windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md

@@ -36,27 +36,22 @@ You can click on affected machines whenever you see them in the portal to open a
 - Any IP address or domain details view
 
 When you investigate a specific machine, you'll see:
-- Machine details, Azure Advanced Threat Protection (Azure ATP) alerts, Logged on users, and Machine Reporting
+- Machine details, Logged on users, Machine risk, and Machine Reporting
 - Alerts related to this machine
 - Machine timeline
 
 ![Image of machine view](images/atp-azure-atp-machine.png)
 
-The machine details, Azure ATP alerts, total logged on users, and machine reporting sections display various attributes about the machine.
-
+The machine details, logged on users, machine risk, and machine reporting sections display various attributes about the machine.
 
+**Machine details**</br>
 The machine details tile provides information such as the domain and OS of the machine. If there's an investigation package available on the machine, you'll see a link that allows you to download the package.
 
 For more information on how to take action on a machine, see [Take response action on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md).
 
-If you have enabled the Azure ATP feature and there are alerts related to the machine, you can click on the link that will take you to the Azure ATP page where more information about the alerts are provided. The Azure ATP tile also provides details such as the last Azure Active Directory site information and total domain group memberships.
 
->[!NOTE]
->You’ll need to enable the integration between Windows Defender ATP and Azure Advanced Threat Protection to use this feature.
-
-For more information on how to enable the Azure ATP integration, see [Turn on advanced features](advanced-features-windows-defender-advanced-threat-protection.md).
-
-Clicking on the number of total logged on users in the Logged on users tile opens the Users Details pane that displays the following information for logged on users in the past 30 days:
+**Logged on users**</br>
+Clicking on the logged on users in the Logged on users tile opens the Users Details pane that displays the following information for logged on users in the past 30 days:
 
 -	Interactive and remote interactive logins
 -	Network, batch, and system logins
@@ -67,6 +62,19 @@ You'll also see details such as logon types for each user account, the user grou
 
  For more information, see [Investigate user entities](investigate-user-windows-defender-advanced-threat-protection.md).
 
+**Machine risk**</br>
+The Machine risk tile shows the overall risk assesment of a machine. A machine's risk level is determined using the number of active alerts and their severity levels. You can influence a machine's risk level by resolving associated alerts manually or automatically. It also gives a quick indicator of the active threats that machines could be exposed to. 
+
+If you have enabled the Azure ATP feature and there are alerts related to the machine, you can click on the link that will take you to the Azure ATP page where more information about the alerts are provided. The Azure ATP tile also provides details such as the last Azure Active Directory site information and total domain group memberships.
+
+>[!NOTE]
+>You’ll need to enable the integration between Windows Defender ATP and Azure Advanced Threat Protection to use this feature.
+
+For more information on how to enable the Azure ATP integration, see [Turn on advanced features](advanced-features-windows-defender-advanced-threat-protection.md).
+
+**Machine reporting**</br>
+Provides the last internal IP and exteral IP of the machine. It also shows when the machine was first and last seen reporting to the service. 
+
 ## Manage machine group and tags
 Machine group and tags support proper mapping of the network, enabling you to attach different tags to machines to capture context and to enable dynamic groups creation as part of an incident. 
 

windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md

@@ -54,6 +54,10 @@ You can use the following filters to limit the list of machines displayed during
 - 30 days
 - 6 months
 
+**Risk level**</br>
+Machine risk levels are quick indicators of the active threats that machines could be exposed to. A machine's risk level is determined using the number of active alerts and their severity levels. You can influence a machine's risk level by resolving associated alerts manually or automatically.
+
+
 **OS Platform**</br>
 - Windows 10
 - Windows Server 2012 R2
@@ -98,7 +102,8 @@ You can filter the list based on the grouping and tagging that you've added to i
 ## Export machine list to CSV
 You can  download a full list of all the machines in your organization, in CSV format. Click the **Export to CSV** button to download the entire list as a CSV file.
 
-**Note**: Exporting the list depends on the number of machines in your organization. It might take a significant amount of time to download, depending on how large your organization is.
+>[NOTE]
+> Exporting the list depends on the number of machines in your organization. It might take a significant amount of time to download, depending on how large your organization is.
 Exporting the list in CSV format displays the data in an unfiltered manner. The CSV file will include all machines in the organization, regardless of any filtering applied in the view itself.
 
 ## Sort the Machines list