Merge branch 'master' of https://cpubwin.visualstudio.com/_git/it-client into FromPrivateRepo

education/windows/configure-windows-for-education.md

@@ -33,6 +33,16 @@ In Windows 10, version 1703 (Creators Update), it is straightforward to configur
 | **Bing search advertising** | Ad free search with Bing | Disables ads when searching the internet with Bing in Microsoft Edge | Depending on your specific requirements, there are different ways to configure this as detailed in [Ad-free search with Bing](#ad-free-search-with-bing) | Depending on your specific requirements, there are different ways to configure this as detailed in [Ad-free search with Bing](#ad-free-search-with-bing) | Depending on your specific requirements, there are different ways to configure this as detailed in [Ad-free search with Bing](#ad-free-search-with-bing) |
 | **Apps** | **SetEduPolicies** | Preinstalled apps like Microsoft Edge, Movies & TV, Groove, and Skype become education ready </br></br> * Any app can detect Windows is running in an education ready configuration through [IsEducationEnvironment](https://docs.microsoft.com/uwp/api/windows.system.profile.educationsettings) | This is already set | This is already set | The policy must be set |
 
+## Considerations for diagnostic data in Windows 10 Education
+Your diagnostic data settings and how you configure them depend on the version of Windows 10 Education you're running. 
+
+- For Windows 10 Education, version 1703 and version 1709, the diagnostic data level is set to Basic *only if* the computer is provisioned for Education, which you do setting **SharedPC\SetEduPolicies** to TRUE. This, in turn, sets the  **System\AllowTelemetry** group policy to Basic. If the computer isn't provisioned or if the diagnostic level is not set via Group Policy, MDM, or OOBE (note that Azure AD-joined computers won't show OOBE consent form), the computer will fall back to Full diagnostic data collection. You can use [Setup School PC](use-set-up-school-pcs-app.md) to provision the computer.  
+
+- For Windows 10 Education, version 1803, and later, setting **SharedPC\SetEduPolicies** to TRUE does *not* set the **System\AllowTelemetry** to Basic. Unless you set the diagnostic level via Group Policy, MDM, or OOBE, the computer will fall back to Full diagnostic data collection. For these computers, set the diagnostic level using [Group Policy](https://docs.microsoft.com/windows/privacy/configure-windows-diagnostic-data-in-your-organization#use-group-policy-to-set-the-diagnostic-data-level) or [MDM](https://docs.microsoft.com/windows/privacy/configure-windows-diagnostic-data-in-your-organization#use-mdm-to-set-the-diagnostic-data-level).
+
+- If you modify the diagnostic data level for Windows 10 Education, version 1703 and version 1709, those modifications are saved when you upgrade to version 1803 or later.
+ 
+
 
 ## Recommended configuration
 It is easy to be education ready when using Microsoft products. We recommend the following configuration:
@@ -109,7 +119,7 @@ Set **Computer Configuration > Administrative Templates > Windows Components > S
 ## SetEduPolicies
 **SetEduPolicies** is a policy that applies a set of configuration behaviors to Windows. It is a policy node in the [SharedPC configuration service provider](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/sharedpc-csp).
 
-Use one of these methods to set this policy. 
+Use one of the following methods to set this policy. 
 
 ### MDM
 - Intune for Education automatically sets this policy in the **All devices** group policy configuration.

windows/privacy/diagnostic-data-viewer-overview.md

@@ -67,6 +67,9 @@ The Diagnostic Data Viewer provides you with the following features to view and
 
     Selecting an event opens the detailed JSON view, which provides the exact details uploaded to Microsoft. Microsoft uses this info to continually improve the Windows operating system.
 
+    >[!Important]
+    >Seeing an event does not necessarily mean it has been uploaded yet. It’s possible that some events are still queued and will be uploaded at a later time.
+    
      ![View your diagnostic events](images/ddv-event-view.png)
 
 - **Search your diagnostic events.** The **Search** box at the top of the screen lets you search amongst all of the diagnostic event details. The returned search results include any diagnostic event that contains the matching text. 

windows/security/information-protection/encrypted-hard-drive.md

@@ -6,11 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-author: justinha
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: conceptual
+author: brianlic-msft
 ms.date: 04/19/2017
 ---
 

windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md

@@ -13,7 +13,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 02/26/2019
+ms.date: 02/27/2019
 ---
 
 # Create a Windows Information Protection (WIP) policy using the classic console for Microsoft Intune
@@ -362,7 +362,7 @@ There are no default locations included with WIP, you must add each of your netw
         <tr>
             <td>Enterprise Cloud Resources</td>
             <td><strong>With proxy:</strong> contoso.sharepoint.com,contoso.internalproxy1.com|<br>contoso.visualstudio.com,contoso.internalproxy2.com<p><strong>Without proxy:</strong> contoso.sharepoint.com|contoso.visualstudio.com</td>
-            <td>Specify the cloud resources to be treated as corporate and protected by WIP.<p>For each cloud resource, you may also optionally specify a proxy server from your Enterprise Internal Proxy Servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Enterprise Internal Proxy Servers is considered enterprise.<p>If you have multiple resources, you must separate them using the "|" delimiter. If you don’t use proxy servers, you must also include the "," delimiter just before the "|". For example: <code>URL &lt;,proxy&gt;|URL &lt;,proxy&gt;</code>.<p><strong>Important</strong><br>In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can’t tell whether it’s attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the <code>/&#42;AppCompat&#42;/</code> string to the setting. For example: <code>URL &lt;,proxy&gt;|URL &lt;,proxy&gt;|/&#42;AppCompat&#42;/</code>.<p>When using this string, we recommend that you also turn on [Azure Active Directory Conditional Access](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access), using the <strong>Domain joined or marked as compliant</strong> option, which blocks apps from accessing any enterprise cloud resources that are protected by conditional access.</td>
+            <td>Specify the cloud resources to be treated as corporate and protected by WIP.<p>For each cloud resource, you may also optionally specify a proxy server from your Enterprise Internal Proxy Servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Enterprise Internal Proxy Servers is considered enterprise.<p>If you have multiple resources, you must separate them using the "|" delimiter. If you don’t use proxy servers, you must also include the "," delimiter just before the "|". For example: <code>URL &lt;,proxy&gt;|URL &lt;,proxy&gt;</code>.<p>Personal applications will be able to access Enterprise Cloud Resources if the resource in the Enterprise Cloud Resource Policy has a blank space or an invalid character, such as a trailing dot in the URL. <p><strong>Important</strong><br>In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can’t tell whether it’s attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the <code>/&#42;AppCompat&#42;/</code> string to the setting. For example: <code>URL &lt;,proxy&gt;|URL &lt;,proxy&gt;|/&#42;AppCompat&#42;/</code>.<p>When using this string, we recommend that you also turn on [Azure Active Directory Conditional Access](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access), using the <strong>Domain joined or marked as compliant</strong> option, which blocks apps from accessing any enterprise cloud resources that are protected by conditional access.</td>
         </tr>
         <tr>
             <td>Enterprise Network Domain Names (Required)</td>

windows/security/threat-protection/TOC.md

@@ -96,6 +96,10 @@
 
 
 
+#### [Microsoft Threat Experts](windows-defender-atp/microsoft-threat-experts.md)
+
+
+
 #### [Portal overview](windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md)
 
 
@@ -344,6 +348,10 @@
 ##### [Configure managed security service provider (MSSP) support](windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md)
 
 
+#### [Configure and manage Microsoft Threat Experts capabilities](windows-defender-atp/configure-microsoft-threat-experts.md)
+
+
+
 #### Configure Microsoft threat protection integration
 ##### [Configure conditional access](windows-defender-atp/configure-conditional-access-windows-defender-advanced-threat-protection.md)
 ##### [Configure Microsoft Cloud App Security integration](windows-defender-atp/microsoft-cloud-app-security-config.md)

windows/security/threat-protection/index.md

@@ -1,7 +1,7 @@
 ---
 title: Threat Protection (Windows 10)
 description: Learn how Windows Defender ATP helps protect against threats.
-keywords: threat protection, windows defender advanced threat protection, attack surface reduction, next generation protection, endpoint detection and response, automated investigation and response, secure score, advanced hunting
+keywords: threat protection, windows defender advanced threat protection, attack surface reduction, next generation protection, endpoint detection and response, automated investigation and response, microsoft threat experts, secure score, advanced hunting
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -19,18 +19,19 @@ ms.date: 10/04/2018
 <table>
 <tr>
 <td><a href="#asr"><center><img src="images/ASR_icon.png"> <br><b>Attack surface reduction</b></center></a></td>
-<td><center><a href="#ngp"><img src="images/ngp_icon.png"><br> <b>Next generation protection</b></a></center></td>
-<td><center><a href="#edr"><img src="images/edr_icon.png"><br> <b>Endpoint detection and response</b></a></center></td>
+<td><center><a href="#ngp"><img src="images/NGP_icon.png"><br> <b>Next generation protection</b></a></center></td>
+<td><center><a href="#edr"><img src="images/EDR_icon.png"><br> <b>Endpoint detection and response</b></a></center></td>
 <td><center><a href="#ai"><img src="images/AR_icon.png"><br> <b>Automated investigation and remediation</b></a></center></td>
+<td><center><a href="#mte"><img src="images/MTE_icon.png"><br> <b>Microsoft Threat Experts</b></a></center></td>
 <td><center><a href="#ss"><img src="images/SS_icon.png"><br><b>Secure score</b></a></center></td>
 <td><center><img src="images/AH_icon.png"><a href="#ah"><br><b>Advanced hunting</b></a></center></td>
 </tr>
 <tr>
-<td colspan="6">
+<td colspan="7">
 <a href="#apis"><center><b>Management and APIs</a></b></center></td>
 </tr>
 <tr>
-<td colspan="6"><a href="#mtp"><center><b>Microsoft Threat Protection</a></center></b></td>
+<td colspan="7"><a href="#mtp"><center><b>Microsoft Threat Protection</a></center></b></td>
 </tr>
 </table>
 <br>
@@ -83,6 +84,16 @@ In conjunction with being able to quickly respond to advanced attacks, Windows D
 - [Manage automated investigations](windows-defender-atp/manage-auto-investigation-windows-defender-advanced-threat-protection.md)
 - [Analyze automated investigation](windows-defender-atp/manage-auto-investigation-windows-defender-advanced-threat-protection.md#analyze-automated-investigations)
 
+<a name="mte"></a>
+
+**[Microsoft Threat Experts](windows-defender-atp/microsoft-threat-experts.md)**<br>
+In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. 
+
+- [Targeted attack notification](windows-defender-atp/microsoft-threat-experts.md)
+- [Experts-on-demand](windows-defender-atp/microsoft-threat-experts.md)
+- [Configure your Microsoft Threat Protection managed hunting service](windows-defender-atp/configure-microsoft-threat-experts.md)
+
+
 <a name="ss"></a>
 
 **[Secure score](windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md)**<br>

windows/security/threat-protection/windows-defender-application-control/applocker/TOC.md

@@ -2,7 +2,6 @@
 # [AppLocker](applocker-overview.md)
 
 ## [Administer AppLocker](administer-applocker.md)
-### [Administer AppLocker using MDM](administer-applocker-using-mdm.md)
 ### [Maintain AppLocker policies](maintain-applocker-policies.md)
 ### [Edit an AppLocker policy](edit-an-applocker-policy.md)
 ### [Test and update an AppLocker policy](test-and-update-an-applocker-policy.md)

windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker-using-mdm.md

@@ -1,24 +0,0 @@
----
-title: Administering AppLocker by using Mobile Device Management (MDM) (Windows 10)
-description: This topic for IT professionals describes concepts and lists procedures to help you manage Packaged apps with AppLocker as part of your overall application control strategy.
-ms.assetid: 6d0c99e7-0284-4547-a30a-0685a9916650
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.localizationpriority: medium
-author: justinha
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: conceptual
-ms.date: 03/01/2018
----
-
-# Administering AppLocker by using Mobile Device Management (MDM)
-
-**Applies to**
- -   Windows 10 
- -   Windows Server
-
- 

windows/security/threat-protection/windows-defender-atp/TOC.md

@@ -94,6 +94,10 @@
 #### [Information protection in Windows overview](information-protection-in-windows-overview.md)
 
 
+
+### [Microsoft Threat Experts](microsoft-threat-experts.md)
+
+
 ### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
 
 
@@ -331,6 +335,11 @@
 
 #### [Configure managed security service provider (MSSP) support](configure-mssp-support-windows-defender-advanced-threat-protection.md)
 
+
+
+
+### [Configure and manage Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md)
+
 ### Configure Microsoft Threat Protection integration
 #### [Configure conditional access](configure-conditional-access-windows-defender-advanced-threat-protection.md)
 #### [Configure Microsoft Cloud App Security in Windows](microsoft-cloud-app-security-config.md)

windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md

@@ -1,7 +1,7 @@
 ---
 title: View and organize the Windows Defender ATP Alerts queue
 description: Learn about how the Windows Defender ATP alerts queues work, and how to sort and filter lists of alerts.
-keywords: alerts, queues, alerts queue, sort, order, filter, manage alerts, new, in progress, resolved, newest, time in queue, severity, time period
+keywords: alerts, queues, alerts queue, sort, order, filter, manage alerts, new, in progress, resolved, newest, time in queue, severity, time period, microsoft threat experts alerts
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@@ -77,7 +77,7 @@ Corresponds to the automated investigation state.
 You can choose between showing alerts that are assigned to you or automation.
 
 ### Detection source
-Select the source that triggered the alert detection.
+Select the source that triggered the alert detection.  Microsoft Threat Experts preview participants can now filter and see detections from the new threat experts managed hunting service. 
 
 >[!NOTE]
 >The Windows Defender Antivirus filter will only appear if machines are using Windows Defender Antivirus as the default real-time protection antimalware product.

windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md

@@ -0,0 +1,116 @@
+---
+title: Configure and manage Microsoft Threat Experts capabilities
+description: You need to register to Microsoft Threats Experts preview to configure, manage, and use it in your daily security operations and security administration work.
+keywords: Microsoft Threat Experts, managed threat hunting service, MTE, Microsoft managed hunting service
+search.product: Windows 10
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMV
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+ms.date: 02/28/2019
+---
+
+# Configure and manage Microsoft Threat Experts capabilities
+**Applies to:**
+
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
+
+[!include[Prerelease<73>information](prerelease.md)]
+
+## Before you begin 
+To experience the full Microsoft Threat Experts preview capability in Windows Defender ATP, you need to have a valid Premier customer service and support account. However, Premier charges will not be incurred during the preview.
+ 
+You also need to ensure that you have Windows Defender ATP deployed in your environment with machines enrolled, and not just on a laboratory set-up. 
+
+ 
+## Register to Microsoft Threat Experts preview 
+If you're already a Windows Defender ATP customer, you can apply for preview through the Windows Defender ATP portal. 
+
+1. From the navigation pane, go to **Settings > General > Advanced features > Threat Experts**.
+
+2. Click **Apply for preview**. 
+
+3. In the **Apply for preview** dialog box, read and make sure you understand the preview's terms of agreement.    
+
+4. Enter your name and email address so that Microsoft can get back to you on your application. 
+
+5. Read the privacy statement, then click **Submit** when you're done. 
+
+ >[!NOTE]
+ >You will receive a welcome email once your application is approved. Then, from the navigation pane, go to **Settings** > **General** > **Advanced features** to turn the **Threat Experts** toggle on. Click **Save preferences**. 
+
+
+## Receive targeted attack notification from Microsoft Threat Experts 
+You can receive targeted attack notification from Microsoft Threat Experts through the following:  
+- The Windows Defender ATP portal's **Alerts** dashboard  
+- Your email, if you choose to configure it 
+
+To receive targeted attack notifications through email, you need to create an email notification rule.
+
+### Create an email notification rule 
+You can create rules to send email notifications for notification recipients. See Configure alert notifications to create, edit, delete, or troubleshoot email notification, for details.
+
+
+## View the targeted attack notification  
+You'll start receiving targeted attack notification from Microsoft Threat Experts in your email after you have configured your system to receive email notification.  
+
+1. Click the link in the email to go to the corresponding alert context in the dashboard tagged with **Threat experts**. 
+
+2. From the dashboard, select the same alert topic that you got from the email, to view the details.  
+
+
+## Ask a Microsoft threat expert about suspicious cybersecurity activities in your organization 
+You can partner with Microsoft Threat Experts who can be engaged directly from within the Windows Defender Security Center for timely and accurate response. Experts provide insights needed to better understand complex threats, targeted attack notifications that you get, or if you need more information about the alerts, a potentially compromised machine, or a threat intelligence context that you see on your portal dashboard. 
+
+1. Navigate to the portal page with the relevant information that you'd like to investigate, for example, the **Incident** page. Ensure that the page for the relevant alert or machine is in view before raising an inquiry. 
+2. From the upper right-hand menu, click **?**, then select **Ask a threat expert**.
+3. Asking a threat expert is a two-step process: you need to provide the necessary information and open a support ticket. 
+    
+    **Step 1: Provide information**    
+    a.  Provide enough information to give the Microsoft Threat Experts enough context to start the investigation. Select the inquiry category from the **Provide information > Inquiry** details drop-down menu. <br>      
+    
+    b.  Enter the additional details to give the threat experts more context of what you’d like to investigate. Click **Next**, and it takes you to the **Open support ticket** tab. <br>
+    
+    c.  Remember to use the ID number from the **Open a support ticket** tab page and include it to the details you will provide in the subsequent Customer Services and Support (CSS) pages. <br>
+
+    **Step 2: Open a support ticket**
+    
+ >[!NOTE]
+ >To experience the full Microsoft Threat Experts preview capability in Windows Defender ATP, you need to have a Premier customer service and support account.  However, you will not be charged for the Experts-on-demand service during the preview.
+
+    a. In the **New support request** customer support page, select the following from the dropdown menu and then click **Next**: <br>
+
+     - **Select the product family**: **Security**
+     - **Select a product**: **Microsoft Threat Experts**
+     - **Select a category that best describes the issue**: **Windows Defender ATP**
+     - **Select a problem that best describes the issue**: Choose according to your inquiry category  
+       
+    b. Fill out the fields with the necessary information about the issue and use the auto-generated ID when you open a Customer Services and Support (CSS) ticket. Then, click **Next**.
+    
+    c. In the **Select a support plan** page, select **Professional No Charge**.
+
+    d. The severity of your issue has been pre-selected by default, per the support plan, **Professional No Charge**, that you'll use for this public preview. Select the time zone by which you'd like to receive the correspondence. Then, click **Next**.
+    
+    e. Verify your contact details and add another if necessary. Then, click **Next**.
+
+    f. Review the summary of your support request, and update if necessary. Make sure that you read and understand the **Microsoft Services Agreement** and **Privacy Statement**. Then, click **Submit**. You will see the confirmation page indicating the response time and your support request number.
+
+## Scenario
+
+### Receive a progress report about your managed hunting inquiry 
+Response from Microsoft Threat Experts varies according to your inquiry. They will email a progress report to you regarding the Ask a threat expert inquiry that you've submitted, within two days, to communicate the investigation status from the following categories: 
+- More information is needed to continue with the investigation 
+- A file or several file samples are needed to determine the technical context 
+- Investigation requires more time   
+- Initial information was enough to conclude the investigation 
+
+It is crucial to respond in a timely manner to keep the investigation moving. See the Premier customer service and support service level agreement for details.  
+

windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts.md

@@ -0,0 +1,47 @@
+---
+title: Microsoft Threat Experts 
+description: Microsoft Threat Experts is the new managed threat hunting service in Windows Defender Advanced Threat Protection (Windows Defender ATP) that provides proactive hunting, prioritization, and additional context and insights that further empower security operations centers (SOCs) to identify and respond to threats quickly and accurately. It provides additional layer of expertise and optics that Microsoft customers can utilize to augment security operation capabilities as part of Microsoft 365. 
+keywords: managed threat hunting service, managed threat hunting, MTE, Microsoft Threat Experts
+search.product: Windows 10
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMV
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: conceptual
+ms.date: 02/28/2019
+---
+
+# Microsoft Threat Experts
+**Applies to:**
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
+
+[!include[Prerelease<73>information](prerelease.md)]
+
+Microsoft Threat Experts is a managed hunting service that provides Security Operation Centers (SOCs) with expert level monitoring and analysis to help them ensure that critical threats in their unique environments don’t get missed.
+  
+This new capability provides expert-driven insights and data through targeted attack notification and access to experts on demand. 
+ 
+## Targeted attack notification 
+Microsoft Threat Experts provides proactive hunting for the most important threats to your network, including human adversary intrusions, hands-on-keyboard attacks, or advanced attacks like cyberespionage. The managed hunting service includes:  
+- Threat monitoring and analysis, reducing dwell time and risk to the business 
+- Hunter-trained artificial intelligence to discover and prioritize both known and unknown attacks  
+- Identifying the most important risks, helping SOCs maximize time and energy 
+- Scope of compromise and as much context as can be quickly delivered to enable fast SOC response. 
+ 
+## Collaborate with experts, on demand  
+Customers can engage our security experts directly from within Windows Defender Security Center for timely and accurate response. Experts provide insights needed to better understand the complex threats affecting your organization, from alert inquiries, potentially compromised machines, root cause of a suspicious network connection, to additional threat intelligence regarding ongoing advanced persistent threat campaigns. With this capability, you can: 
+- Get additional clarification on alerts including root cause or scope of the incident 
+- Gain clarity into suspicious machine behavior and next steps if faced with an advanced attacker  
+- Determine risk and protection regarding threat actors, campaigns, or emerging attacker techniques 
+- Seamlessly transition to Microsoft Incident Response (IR) or other third-party Incident Response services when necessary 
+
+
+## Related topic
+- [Configure Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md)

windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md

@@ -34,6 +34,7 @@ The following capability are included in the February 2019 preview release.
 
 - [Reports](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection)<BR>The threat protection report provides high-level information about alerts generated in your organization. 
 
+- [Microsoft Threat Experts](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts)<BR> Microsoft Threat Experts is the new managed threat hunting service in Windows Defender ATP that provides proactive hunting, prioritization, and additional context and insights that further empower security operations centers (SOCs) to identify and respond to threats quickly and accurately. It provides additional layer of expertise and optics that Microsoft customers can utilize to augment security operation capabilities as part of Microsoft 365.  
 
 
 ## October 2018

windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md

@@ -1,7 +1,7 @@
 ---
 title: Windows Defender Advanced Threat Protection
 description: Windows Defender Advanced Threat Protection is an enterprise security platform that helps secops to prevent, detect, investigate, and respond to possible cybersecurity threats related to advanced persistent threats.
-keywords: introduction to Windows Defender Advanced Threat Protection, introduction to Windows Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence, attack surface reduction, next generation protection, automated investigation and remediation, secure score, advanced hunting, microsoft threat protection
+keywords: introduction to Windows Defender Advanced Threat Protection, introduction to Windows Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence, attack surface reduction, next generation protection, automated investigation and remediation, microsoft threat experts, secure score, advanced hunting, microsoft threat protection
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@@ -15,7 +15,6 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual
-ms.date: 11/07/2018
 ---
 
 # Windows Defender Advanced Threat Protection
@@ -54,15 +53,16 @@ Windows Defender ATP uses the following combination of technology built into Win
 <td><center><a href="#ngp"><img src="images/ngp_icon.png"><br> <b>Next generation protection</b></a></center></td>
 <td><center><a href="#edr"><img src="images/edr_icon.png"><br> <b>Endpoint detection and response</b></a></center></td>
 <td><center><a href="#ai"><img src="images/AR_icon.png"><br> <b>Automated investigation and remediation</b></a></center></td>
+<td><center><a href="#mte"><img src="images/MTE_icon.png"><br> <b>Microsoft Threat Experts</b></a></center></td>
 <td><center><a href="#ss"><img src="images/SS_icon.png"><br><b>Secure score</b></a></center></td>
 <td><center><img src="images/AH_icon.png"><a href="#ah"><br><b>Advanced hunting</b></a></center></td>
 </tr>
 <tr>
-<td colspan="6">
+<td colspan="7">
 <a href="#apis"><center><b>Management and APIs</a></b></center></td>
 </tr>
 <tr>
-<td colspan="6"><a href="#mtp"><center><b>Microsoft Threat Protection</a></center></b></td>
+<td colspan="7"><a href="#mtp"><center><b>Microsoft Threat Protection</a></center></b></td>
 </tr>
 </table>
 <br>
@@ -93,6 +93,10 @@ Endpoint detection and response capabilities are put in place to detect, investi
 **[Automated investigation and remediation](automated-investigations-windows-defender-advanced-threat-protection.md)**<br>
 In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. 
 
+<a name="mte"></a>
+
+**[Microsoft Threat Experts](microsoft-threat-experts.md)**<br>
+Windows Defender ATP's new managed threat hunting service provides proactive hunting, prioritization, and additional context and insights that further empower Security operation centers (SOCs) to identify and respond to threats quickly and accurately.
 
 <a name="ss"></a>