Merge remote-tracking branch 'refs/remotes/origin/master' into jdshrs2

windows/configuration/configure-windows-telemetry-in-your-organization.md

@@ -98,7 +98,7 @@ Windows telemetry also helps Microsoft better understand how customers use (or d
 
 ### Insights into your own organization
 
-Sharing information with Microsoft helps make Windows and other products better, but it can also help make your internal processes and user experiences better, as well.  Microsoft is in the process of developing a set of analytics customized for your internal use.  The first of these, called [Upgrade Readiness](/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness).
+Sharing information with Microsoft helps make Windows and other products better, but it can also help make your internal processes and user experiences better, as well.  Microsoft is in the process of developing a set of analytics customized for your internal use.  The first of these, called [Upgrade Readiness](/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness).
 
 #### Upgrade Readiness
 

windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md

@@ -24,7 +24,7 @@ localizationpriority: high
 
 The sensor health tile provides information on the individual endpoint’s ability to provide sensor data and communicate with the Windows Defender ATP service. It reports how many machines require attention and helps you identify problematic machines and take action to correct known issues.
 
-![Windows Defender ATP sensor health tile](images/atp-sensor-health-filter.png)
+![Windows Defender ATP sensor health tile](images/atp-portal-sensor.png)
 
 There are two status indicators on the tile that provide information on the number of machines that are not reporting properly to the service:
 -	**Inactive** - Machines that have stopped reporting to the Windows Defender ATP service for more than seven days in the past month.

windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md

@@ -29,14 +29,14 @@ Enable security information and event management (SIEM) integration so you can p
 
 2. Select **Enable SIEM integration**. This activates the **SIEM connector access details** section with pre-populated values and an application is created under you Azure Active Directory (AAD) tenant.
 
-  WARNING:<br>
-  The client secret is only displayed once. Make sure you keep a copy of it in a safe place.<br>
+  > [!WARNING]
+  >The client secret is only displayed once. Make sure you keep a copy of it in a safe place.<br>
   For more information about getting a new secret see, [Learn how to get a new secret](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md#learn-how-to-get-a-new-client-secret).
 
 3. Choose the SIEM type you use in your organization.
 
-  NOTE:<br>
-  If you select HP ArcSight, you'll need to save these two configuration files:<br>
+  > [!NOTE]
+  > If you select HP ArcSight, you'll need to save these two configuration files:<br>
   - WDATP-connector.jsonparser.properties
   - WDATP-connector.properties <br>
 

windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md

@@ -31,11 +31,11 @@ You can use the [Windows Defender ATP portal](https://securitycenter.windows.com
 ## Windows Defender ATP portal
 When you open the portal, you’ll see the main areas of the application:
 
- ![Windows Defender Advanced Threat Protection portal](images/atp-main-portal.png)
+ ![Windows Defender Advanced Threat Protection portal](images/atp-portal.png)
 
-- (1) Search, Feedback, Settings, Help and support
-- (2) Navigation pane
-- (3) Main portal
+- (1) Navigation pane
+- (2) Main portal Search
+- (3) Feedback, Settings, Help and support
 
 > [!NOTE]
 > Malware related detections will only appear if your endpoints are using [Windows Defender Antivirus](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product.
@@ -46,14 +46,13 @@ Area | Description
 :---|:---
 (1) Search bar, Feedback, Settings, Help and support | **Search** - Provides access to the search bar where you can search for file, IP, machine, URL, and user. Displays the Search box: the drop-down list allows you to select the entity type and then enter the search query text.  </br> **Feedback** -Access the feedback button to provide comments about the portal. </br> **Settings** - Gives you access to the configuration settings where you can set time zones, alert suppression rules, and license information. </br> **Help and support** - Gives you access to the Windows Defender ATP guide, Microsoft support, and Premier support.
 (2) Navigation pane | Use the navigation pane to move between the **Dashboard**, **Alerts queue**, **Machines list**, **Service health**, **Preferences setup**, and **Endpoint management**.
-(3) Main portal| Main area where you will see the different views such as the Dashboard, Alerts queue, and Machines list.
 **Dashboard**	| Provides clickable tiles that open detailed information on various alerts that have been detected in your organization.
 **Alerts queue** | Enables you to view separate queues of new, in progress, and resolved alerts.
 **Machines list** | Displays the list of machines that are onboarded to Windows Defender ATP, some information about them, and the corresponding number of alerts.
 **Service health** | Provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues.
 **Preferences setup** |	Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set email notifications, activate the preview experience, and enable or turn off advanced features.
 **Endpoint management** |	Allows you to download the onboarding configuration package. It provides access to endpoint offboarding.
-
+(3) Main portal| Main area where you will see the different views such as the Dashboard, Alerts queue, and Machines list.
 
 ## Windows Defender ATP icons
 The following table provides information on the icons used all throughout the portal:

windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md

@@ -86,12 +86,19 @@ detect sophisticated cyber-attacks, providing:
 Topic | Description
 :---|:---
 [Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md) | This overview topic for IT professionals provides information on the minimum requirements to use Windows Defender ATP such as network and data storage configuration, and endpoint hardware and software requirements, and deployment channels.
+[Preview features](preview-windows-defender-advanced-threat-protection.md) | Learn about new features in the Windows Defender ATP preview release and enable the preview experience.
 [Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md)| Learn about how Windows Defender ATP collects and handles information and where data is stored.
 [Assign user access to the Windows Defender ATP portal](assign-portal-access-windows-defender-advanced-threat-protection.md)| Before users can access the portal, they'll need to be granted specific roles in Azure Active Directory.
 [Onboard endpoints and set up access](onboard-configure-windows-defender-advanced-threat-protection.md) | You'll need to onboard and configure the Windows Defender ATP service and the endpoints in your network before you can use the service. Learn about how you can assign users to the Windows Defender ATP service in Azure Active Directory (AAD) and using a configuration package to configure endpoints.
 [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md) | Understand the main features of the service and how it leverages Microsoft technology to protect enterprise endpoints from sophisticated cyber attacks.
 [Use the Windows Defender Advanced Threat Protection portal](use-windows-defender-advanced-threat-protection.md) | Learn about the capabilities of Windows Defender ATP to help you investigate alerts that might be indicators of possible breaches in your enterprise.
+[Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md) | Learn about pulling alerts from the Windows Defender ATP portal using supported security information and events management (SIEM) tools.
+[Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md) | Understand threat intelligence concepts, then enable the custom threat intelligence application so that you can proceed to create custom threat intelligence alerts that are specific to your organization.
+[Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md) | Check the sensor health state on endpoints to verify that they are providing sensor data and communicating with the Windows Defender ATP service.
 [Windows Defender Advanced Threat Protection settings](settings-windows-defender-advanced-threat-protection.md) | Learn about setting the time zone and configuring the suppression rules to configure the service to your requirements.  
+[Configure Windows Defender ATP preferences settings](preferences-setup-windows-defender-advanced-threat-protection.md) | Use the Preferences setup menu to modify general settings, advanced features, enable the preview experience, email notifications, and the custom threat intelligence feature.
+[Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md) | Configure time zone settings, suppression rules, and view license information.
+[Windows Defender ATP service health](service-status-windows-defender-advanced-threat-protection.md) | Verify that the service health is running properly or if there are current issues.
 [Troubleshoot Windows Defender Advanced Threat Protection](troubleshoot-windows-defender-advanced-threat-protection.md) | This topic contains information to help IT Pros find workarounds for the known issues and troubleshoot issues in Windows Defender ATP.
 [Review events and errors on endpoints with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)| Review events and errors associated with event IDs to determine if further troubleshooting steps are required.
 [Windows Defender compatibility](defender-compatibility-windows-defender-advanced-threat-protection.md) | Learn about how Windows Defender works in conjunction with Windows Defender ATP.