CAT Auto Pulish for Windows Release Messages - 20200221140728 (#2111)

* Updating autopilot mail to be accurate

HoloLens AutoPilot Preview <hlappreview@microsoft.com>; != hlappreview@service.microsoft.com
@scooley

* Update manage-auto-investigation.md

* add bullet

* CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_20200221123051 (#2109)

Co-authored-by: Direesh Kumar Kandakatla <direek@microsoft.com>

Co-authored-by: Evan Miller <v-evmill@microsoft.com>
Co-authored-by: Denise Vangel-MSFT <deniseb@microsoft.com>
Co-authored-by: Gary Moore <v-gmoor@microsoft.com>
Co-authored-by: jcaparas <macapara@microsoft.com>
Co-authored-by: Direesh Kumar Kandakatla <direek@microsoft.com>

windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md

@@ -19,10 +19,10 @@ ms.topic: conceptual
 
 # Review and approve actions following an automated investigation
 
-When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *Clean*. Depending on the type of threat and resulting verdict, remediation actions occur automatically or upon approval by your organization’s security operations team. For example, some actions, such as removing malware, are taken automatically. Other actions require review and approval to proceed.  
-
 ## Remediation actions
 
+When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *Clean*. Depending on the type of threat and resulting verdict, remediation actions occur automatically or upon approval by your organization’s security operations team. For example, some actions, such as removing malware, are taken automatically. Other actions require review and approval to proceed.  
+
 When a verdict of *Malicious* is reached for a piece of evidence, Microsoft Defender Advanced Threat Protection takes one of the following remediation actions automatically:
 - Quarantine file
 - Remove registry key
@@ -32,11 +32,11 @@ When a verdict of *Malicious* is reached for a piece of evidence, Microsoft Defe
 - Disable driver
 - Remove scheduled task
 
-Evidence determined as *Suspicious* results in pending actions that require approval. As a best practice, make sure to approve (or reject) pending actions as soon as possible. This helps your automated investigations complete in a timely manner. 
+Evidence determined as *Suspicious* results in pending actions that require approval. As a best practice, make sure to [approve (or reject) pending actions](#review-pending-actions) as soon as possible. This helps your automated investigations complete in a timely manner. 
 
 No actions are taken when evidence is determined to be *Clean*. 
 
-In Microsoft Defender Advanced Threat Protection, all verdicts are tracked and viewable in the Microsoft Defender Security Center.
+In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and viewable in the Microsoft Defender Security Center](#review-completed-actions).
 
 ## Review pending actions
 

windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md

@@ -125,7 +125,8 @@ It's important to understand the following prerequisites prior to creating indic
 > For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge leverages Network Protection (link) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS): <br>
 > NOTE:
 >- IP is supported for all three protocols
->- Encrypted URLs can only be blocked on first party browsers
+>- Encrypted URLs (full path) can only be blocked on first party browsers
+>- Encrypted URLS (FQDN only) can be blocked outside of first party browsers
 >- Full URL path blocks can be applied on the domain level and all unencrypted URLs
  
 >[!NOTE]