diff --git a/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md
index cc4e951918..f788a1dd65 100644
--- a/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md
@@ -28,9 +28,8 @@ Security is recognized as a key component in running an enterprise, however some
To address this demand, managed security service providers (MSSP) offer to deliver managed detection and response (MDR) services on top of Windows Defender ATP.
-Windows Defender ATP adds support for this scenario by providing MSSP integration.
+Windows Defender ATP adds support for this scenario and to allow MSSPs to take the following actions:
- The integration will allow MSSPs to take the following actions:
- Get access to MSSP customer's Windows Defender Security Center portal
- Get email notifications, and
- Fetch alerts through security information and event management (SIEM) tools
diff --git a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
index 648a1a52d3..be77829814 100644
--- a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
@@ -39,7 +39,7 @@ Turn on the preview experience setting to be among the first to try upcoming fea
The following features are included in the preview release:
- [Threat analytics](threat-analytics.md)
-Threat analytics helps security operations teams continually assess their environment for emerging threats and outbreaks within minutes and take actions to contain and increase organizational resilience.
+Threat Analytics is a set of interactive reports published by the Windows Defender ATP research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess impact on their environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats.
- [Custom detection](overview-custom-detections.md)
With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious or emerging threats. This can be done by leveraging the power of Advanced hunting through the creation of custom detection rules.
diff --git a/windows/security/threat-protection/windows-defender-atp/threat-analytics.md b/windows/security/threat-protection/windows-defender-atp/threat-analytics.md
index ea7116fad4..7f7e2bf703 100644
--- a/windows/security/threat-protection/windows-defender-atp/threat-analytics.md
+++ b/windows/security/threat-protection/windows-defender-atp/threat-analytics.md
@@ -21,12 +21,12 @@ ms.date: 09/03/2018
Cyber threats are emerging more frequently and prevalently. It is critical for enterprises to be able to quickly assess their security posture, including impact, and organizational resilience in the context of specific emerging threats.
-Threat analytics helps security operations teams continually assess their environment for emerging threats and outbreaks within minutes and take actions to contain and increase organizational resilience.
+Threat Analytics is a set of interactive reports published by the Windows Defender ATP research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess impact on their environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats.
+
>[!NOTE]
>Threat analytics requires all Windows Defender ATP components to be running, including Next generation protection and Attack surface reduction.
-Microsoft security teams continuously updates Windows Defender ATP Threat analytics with data on identified emerging threats.
Each threat report provides a summary to describe details such as where the threat is coming from, where it's been seen, or techniques and tools that were used by the threat.
@@ -40,15 +40,21 @@ The dashboard shows the impact in your organization through the following tiles:
## Organizational impact
-You can assess the organizational impact of a threat using the Machines with alerts and Machines with alerts over time tiles.
+You can assess the organizational impact of a threat using the **Machines with alerts** and **Machines with alerts over time** tiles.
The **Machine with alerts** shows the specific number of **Active alerts** and **Resolved alerts**. Clicking on the **Active** or **Resolved** parts of the pies brings you to the Alerts queue filtered based on the specific threat alerts so security operations teams can investigate and respond to contain this threat.
+
+
+
+
+
+
The **Machine with alerts over time**, shows the number of distinct machines with **Active** and **Resolved alerts over time**. An indication of threat containment is reflected by the number of **Resolved alerts**. Total number of Resolved alerts increasing over time is a good indication of threat containment.
## Organizational resilience
-The** Mitigation recommendations** section provides specific actionable recommendations to improve your visibility into this threat and increase your organizational resilience.
+The **Mitigation recommendations** section provides specific actionable recommendations to improve your visibility into this threat and increase your organizational resilience.
The **Mitigation status** and **Mitigation status over time** shows the endpoint configuration status assessed based on the recommended mitigations. Clicking on the **Mitigated** or **Unmitigated** parts of the pies brings you to the Machines list filtered based on the machines that are missing at least one specific threat mitigation.