re org 2

windows/security/threat-protection/windows-defender-atp/edr-windows-defender-advanced-threat-protection.md

@@ -0,0 +1,79 @@
+---
+title: Windows Defender Advanced Threat Protection endpoint detection and response capabilities
+description: Windows Defender Advanced Threat Protection is an enterprise security service that helps detect and respond to possible cybersecurity threats related to advanced persistent threats.
+keywords: introduction to Windows Defender Advanced Threat Protection, introduction to Windows Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 04/24/2018
+---
+
+# Windows Defender Advanced Threat Protection endpoint detection and response capabilities
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-main-abovefoldlink)
+>
+>For more info about Windows 10 Enterprise Edition features and functionality, see [Windows 10 Enterprise edition](https://www.microsoft.com/WindowsForBusiness/buy).
+
+Windows Defender Advanced Threat Protection (Windows Defender ATP) is a security service that enables enterprise customers to detect, investigate, and respond to advanced threats on their networks.
+
+The endpoint detection and response (EDR) capabilities in Windows Defender ATP leverages Microsoft technology and expertise to
+detect sophisticated cyber-attacks, providing:
+
+- Behavior-based, cloud-powered, advanced attack detection
+
+    Finds the attacks that made it past all other defenses (post breach detection), provides actionable, correlated alerts for known and unknown adversaries trying to hide their activities on machines.
+
+- Rich timeline for forensic investigation and mitigation
+
+    Easily investigate the scope of breach or suspected behaviours on any machine through a rich machine timeline. File, URLs, and network connection inventory across the network. Gain additional insight using deep collection and analysis (“detonation”) for any file or URLs.
+
+- Built in unique threat intelligence knowledge base
+
+    Unparalleled threat optics provides actor details and intent context for every threat intel-based detection – combining first and third-party intelligence sources.
+
+- Automated investigation and remediation
+
+    Significantly reduces alert volume by leveraging inspection algorithms used by analysts to examine alerts and take remediation action. 
+
+Machine investigation capabilities in this service let you drill down
+into security alerts and understand the scope and nature of a potential
+breach. You can submit files for deep analysis and receive the results
+without leaving the [Windows Defender ATP portal](https://securitycenter.windows.com). The automated investigation and remediation capability reduces the volume of alerts by leveraging various inspection algorithms to resolve breaches. You can also track and improve you organization's security posture.
+
+
+
+
+## In this section
+
+Topic | Description
+:---|:---
+Get started  |  Learn about the minimum requirements, validate licensing and complete setup, know about preview features, understand data storage and privacy, and how to assign user access to the portal.
+[Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md) | Learn about onboarding client, server, and non-Windows machines. Learn how to run a detection test, configure proxy and Internet connectivity settings, and how to troubleshoot potential onboarding issues.
+[Understand the Windows Defender ATP portal](use-windows-defender-advanced-threat-protection.md) | Understand the Security operations, Secure Score, and Threat analytics dashboards as well as how to navigate the portal.
+Investigate and remediate threats | Investigate alerts, machines, and take response actions to remediate threats.
+API and SIEM support | Use the supported APIs to pull and create custom alerts, or automate workflows. Use the supported SIEM tools to pull alerts from the Windows Defender ATP portal.
+Reporting | Create and build Power BI reports using Windows Defender ATP data.
+Check service health and sensor state | Verify that the service is running and check the sensor state on machines.
+[Configure Windows Defender settings](preferences-setup-windows-defender-advanced-threat-protection.md) | Configure general settings, turn on the preview experience, notifications, and enable other features.
+[Access the Windows Defender ATP Community Center](community-windows-defender-advanced-threat-protection.md) | Access the Windows Defender ATP Community Center to learn, collaborate, and share experiences about the product.
+[Troubleshoot Windows Defender ATP](troubleshoot-windows-defender-advanced-threat-protection.md) | This section addresses issues that might arise as you use the Windows Defender Advanced Threat service.
+[Windows Defender Antivirus compatibility with Windows Defender ATP](defender-compatibility-windows-defender-advanced-threat-protection.md) | Understand how Windows Defender Antivirus integrates with Windows Defender ATP. 
+
+
+## Related topic
+[Windows Defender ATP helps detect sophisticated threats](https://www.microsoft.com/itshowcase/Article/Content/854/Windows-Defender-ATP-helps-detect-sophisticated-threats)

windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md

@@ -13,7 +13,7 @@ ms.localizationpriority: high
 ms.date: 04/24/2018
 ---
 
-# Windows Defender Advanced Threat Protection
+# Windows Defender Advanced Threat Protection capabilities
 
 **Applies to:**