WTP updaes

windows/security/threat-protection/microsoft-defender-atp/web-threat-protection-monitoring.md

@@ -28,7 +28,7 @@ Web threat protection lets you monitor your organization’s web browsing securi
  
     ![Image of the card showing web threats protection blocks over time](images/wtp-blocks-over-time.png)
 
-- **Web threat protection summary** — this card displays total blocks in the past 30 days, showing distribution across the different types of web threats. Clicking a slice opens the list of the domains of the URLs that were blocked.
+- **Web threat protection summary** — this card displays the total web threat protection blocks in the past 30 days, showing distribution across the different types of web threats. Clicking a slice opens the list of the domains that were blocked.
 
     ![Image of the card showing web threats protection summary](images/wtp-summary.png)
 
@@ -37,19 +37,20 @@ Web threat protection lets you monitor your organization’s web browsing securi
 
 ## Types of web threats
 Web threat protection categorizes malicious and unwanted websites as:
-- Phishing — websites that contain spoofed web forms and other phishing mechanisms designed to trick users into divulging their credentials
+- **Phishing** — websites that contain spoofed web forms and other phishing mechanisms designed to trick users into divulging credentials and other sensitive information
-- Malicious — websites in that host malware and exploit code
+- **Malicious** — websites that host malware and exploit code
-- Custom indicator — websites, represented by URLs or domains, that you have added to your indicator list for blocking
+- **Custom indicator** — websites whose URLs or domains you've added to your [custom indicator list](manage-indicators.md) for blocking
 
 ## View the domain list
-Clicking on specific web threat category in the **Web threat protection summary** card opens the **Domains** page with a list of the blocked domains prefiltered under that threat category. 
+Clicking on a specific web threat category in the **Web threat protection summary** card opens the **Domains** page, which shows a list of the blocked domains prefiltered under that threat category. The page provides the following information for each domain:
-The page provides an aggregated domain-level view along with the following information for each domain:
+
-- **Access count** — number of requests for pages in the domain
+- **Access count** — number of requests for URLs in the domain
 - **Blocks** — number of times requests are blocked
 - **Access trend** — change in number of access attempts
 - **Threat category** — type of web threat
 - **Machines** — number of machines with access attempts
-Selecting a domain opens a flyout that shows the list of URLs in that domain and the list machines with access attempts.
+
+Selecting a domain opens a panel that shows the list of URLs in that domain that have been accessed. The panel also lists machines that have attempted to access URLs in the domain.
 
 ## Related topics
 - [Web threat protection overview](web-threat-protection-overview.md)

windows/security/threat-protection/microsoft-defender-atp/web-threat-protection-overview.md

@@ -22,7 +22,7 @@ ms.date: 08/30/2019
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
 
-Web threat protection in Microsoft Defender ATP secures your devices against web threats without relying on a web proxy, providing security for devices that are either away or on premises. By integrating with Microsoft Edge as well as popular third-party browsers like Chrome and Firefox, web threat protection stops access to phishing sites, malware vectors, exploit sites, untrusted or low-reputation sites, as well as sites that you have blocked in your [custom indicator list](manage-indicators.md).
+Web threat protection in Microsoft Defender ATP secures your machines against web threats without relying on a web proxy, providing security for devices that are either away or on premises. By integrating with Microsoft Edge as well as popular third-party browsers like Chrome and Firefox, web threat protection stops access to phishing sites, malware vectors, exploit sites, untrusted or low-reputation sites, as well as sites that you have blocked in your [custom indicator list](manage-indicators.md).
 
 With web threat protection in Microsoft Defender ATP, you get:
 - Comprehensive visibility of web browsing security
@@ -31,12 +31,13 @@ With web threat protection in Microsoft Defender ATP, you get:
 
 ## Prerequisites
 Web threat protection uses network protection to provide web browsing security on Microsoft Edge and third-party web browsers.
-To turn on network protection on devices:
+
+To turn on network protection on your machines:
 - Edit the Microsoft Defender ATP security baseline under **Web & Network Protection** to enable network protection before deploying or redeploying it. [Learn about reviewing and assigning the Microsoft Defender ATP security baseline](configure-machines-security-baseline.md#review-and-assign-the-microsoft-defender-atp-security-baseline)
 - Turn network protection on using Intune device configuration, SCCM, Group Policy, or your MDM solution. [Read more about enabling network protection](enable-network-protection.md)  
 
 >[!Note]
->If you set network protection set to **Audit only**, blocking will be unavailable. Also, you will be able to detect and log attempts to access malicious and unwanted websites on Microsoft Edge only.
+>If you set network protection to **Audit only**, blocking will be unavailable. Also, you will be able to detect and log attempts to access malicious and unwanted websites on Microsoft Edge only.
 
 
 ## In this section

windows/security/threat-protection/microsoft-defender-atp/web-threat-protection-response.md

@@ -26,14 +26,14 @@ Web threat protection in Microsoft Defender APT lets you efficiently investigate
 
 ## View web threat alerts
 Microsoft Defender ATP generates the following [alerts](manage-alerts.md) for malicious or suspicious web activity:
-- **Suspicious connection blocked by network protection** — this alert is generated when an attempt to access a malicious website or a website in your custom indicator list is stopped by network protection in blocked mode
+- **Suspicious connection blocked by network protection** — this alert is generated when an attempt to access a malicious website or a website in your custom indicator list is *stopped* by network protection in *'*block* mode
-- **Suspicious connection detected by network protection** — this alert is generated when an attempt to access a malicious website or a website in your custom indicator list is detected by network protection in audit mode
+- **Suspicious connection detected by network protection** — this alert is generated when an attempt to access a malicious website or a website in your custom indicator list is detected by network protection in *audit only* mode
 
 Each alert provides the following information: 
 - Machine that attempted to access the blocked website
 - Application or program used to send the web request
 - Malicious URL or URL in the custom indicator list
-- Recommended actions for this type of detections
+- Recommended actions for responders
 
 ![Image of an alert related to web threat protection](images/wtp-alert.png)
 
@@ -41,10 +41,10 @@ Each alert provides the following information:
 >To reduce the volume of alerts, Microsoft Defender ATP consolidates web threat protection detections for the same domain on the same machine each day to a single alert. Only one alert is generated and counted into the [web protection report](web-threat-protection-monitoring.md).
 
 ## Inspect website details
-You can dive deeper by selecting the URL or domain of the website in the alert. This opens a page about that particular website providing various information, including:
+You can dive deeper by selecting the URL or domain of the website in the alert. This opens a page about that particular URL or domain with various information, including:
-- All machines that attempted to access the URL or domain
+- Machines that attempted to access website
-- All incidents and alerts related to the URL or domain
+- Incidents and alerts related to the website
-- How frequent the URL or domain was seen in events in your organization
+- How frequent the website was seen in events in your organization
 
 ![Image of the domain or URL entity details page](images/wtp-website-details.png)
 
@@ -57,14 +57,12 @@ You can also check the machine that attempted to access a blocked URL. Selecting
 
 ## Web browser and Windows notifications for end users
 
-With web threat protection in Microsoft Defender ATP, your end users will be blocked from visiting malicious or unwanted websites using Microsoft Edge or other browsers.
+With web threat protection in Microsoft Defender ATP, your end users will be blocked from visiting malicious or unwanted websites using Microsoft Edge or other browsers. Because blocking is performed by [network protection](network-protection-exploit-guard.md), they will see a generic error from the web browser. They will also see a notification from Windows.
-
-Because blocking is performed by [network protection](network-protection-exploit-guard.md), they will see a generic error from the web browser. They will also see a notification from Windows.
 
 ![Image of Microsoft Edge showing a 403 error and the Windows notification](images/wtp-browser-blocking-page.png)
 *Web threat blocked by Microsoft Edge*
 
-![Image of Chrome showing a secure connection warning and the Windows notification](images/wtp-browser-blocking-page.png)
+![Image of Chrome showing a secure connection warning and the Windows notification](images/wtp-chrome-browser-blocking-page.png)
 *Web threat blocked by the Chrome web browser*
 
 ## Related topics