image and content update all up

windows/keep-secure/TOC.md

@@ -736,7 +736,7 @@
 #### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
 #### [Understand the Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
 #### [Use the Windows Defender ATP portal](use-windows-defender-advanced-threat-protection.md)
-#### [Alerts overview](alerts-queue-windows-defender-advanced-threat-protection.md)
+#### [Alerts queue overview](alerts-queue-windows-defender-advanced-threat-protection.md)
 #### [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
 #### [Consume alerts and create custom indicators](configure-siem-windows-defender-advanced-threat-protection.md)
 ##### [Configure an Azure Active Directory application for SIEM integration](configure-aad-windows-defender-advanced-threat-protection.md)
@@ -745,7 +745,7 @@
 ##### [Understand threat indicators](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
 ###### [Create custom threat indicators using REST API](custom-ti-api-windows-defender-advanced-threat-protection.md)
 ##### [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-#### [Machines overview](machines-view-overview-windows-defender-advanced-threat-protection.md)
+#### [Machines view overview](machines-view-overview-windows-defender-advanced-threat-protection.md)
 #### [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md)
 ##### [Isolate machines from the network](investigate-machines-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
 ##### [Undo machine isolation](investigate-machines-windows-defender-advanced-threat-protection.md#undo-machine-isolation)

windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md

@@ -30,13 +30,12 @@ You can use the [Windows Defender ATP portal](https://securitycenter.windows.com
 
 ## Windows Defender ATP portal
 When you open the portal, you’ll see the main areas of the application:
-- (1) Settings
+
+ ![Windows Defender Advanced Threat Protection portal](images/atp-main-portal.png)
+
+- (1) Search bar, Feedback, Settings, Help
 - (2) Navigation pane
 - (3) Main portal
-- (4) Search bar
-
-
- ![Windows Defender Advanced Threat Protection portal](images/portal-image.png)
 
 > [!NOTE]
 > Malware related detections will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product.
@@ -45,15 +44,15 @@ You can navigate through the portal using the menu options available in all sect
 
 Area | Description
 :---|:---
-(1) Settings | Provides access to configuration settings such as time zone, alert suppression rules, and license information.
+(1) Search bar, Feedback, Settings, Help | Provides access to the search bar where you can search for file, IP, machine, URL, and user. You can also access the feedback button to provide comments about the portal. The settings button gives you access to the configuration settings where you can set time zones, alert suppression rules, and license information. The help button gives access to the Windows Defender ATP guide, Microsoft support, and Premier support.
-(2) Navigation pane | Use the navigation pane to move between the **Dashboard**, **Alerts queue**, **Machines view**, **Preferences setup**, and **Enpoint Management**.
+(2) Navigation pane | Use the navigation pane to move between the **Dashboard**, **Alerts queue**, **Machines view**, **Service health**, **Preferences setup**, and **Enpoint Management**.
 **Dashboard**	| Provides clickable tiles that open detailed information on various alerts that have been detected in your organization.
 **Alerts queue** | Enables you to view separate queues of new, in progress, and resolved alerts.
 **Machines view**| Displays the list of machines that are onboarded to Windows Defender ATP, some information about them, and the corresponding number of alerts.
-**Preferences setup**|	Shows the settings you selected and lets you update your industry preferences and retention policy period.
+**Service health** | Provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service status is healthy or if there are current issues.
-**Enpoint Management**|	Allows you to download the onboarding configuration package.
+**Preferences setup**|	Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set email notifications, activate the preview experience, and enable or turn off advanced features.
+**Endpoint Management**|	Allows you to download the onboarding configuration package. It provides access to endpoint offboarding.
 (3) Main portal| Main area where you will see the different views such as the Dashboard, Alerts queue, and Machines view.
-(4) Search | Search for machines, files, external IP Addresses, or domains across endpoints. The drop-down combo box allows you to select the entity type.
 
 ## Windows Defender ATP icons
 The following table provides information on the icons used all throughout the portal:
@@ -65,6 +64,7 @@ Icon | Description
 ![Active threat icon](images/active-threat-icon.png)| Active threat – Threats actively executing at the time of detection.
 ![Remediated icon](images/remediated-icon.png)| Remediated – Threat removed from the machine
 ![Not remediated icon](images/not-remediated-icon.png)| Not remediated – Threat not removed from the machine.
+![Thunderbolt icon](images/atp-thunderbolt-icon.png) | Indicates events that triggered an alert in the **Alert process tree**.
 
 
 ### Related topic