improved ah table topics as per lomayor's review

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md

@@ -1,6 +1,6 @@
 ---
 title: AlertEvents
-description: Learn about Advanced hunting table AlertEvents, such as column names, data types, and description
+description: AlertEvents table in the advanced hunting schema
 keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, alertevent
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -26,7 +26,7 @@ ms.date: 07/24/2019
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
-AlertEvents is a table in the Advanced hunting schema. It contains information about alerts on Microsoft Defender Security Center. You can use the reference below to construct queries that return information from this table.
+The AlertEvents table in the Advanced hunting schema contains information about alerts on Microsoft Defender Security Center. Use this reference to construct queries that return information from this table.
 
 For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page.
 
@@ -48,6 +48,7 @@ For information on other tables in the Advanced hunting schema, see our [Advance
 
 ## Related topics
 
+- [Advanced hunting overview](overview-hunting.md)
 - [All Advanced hunting tables](advanced-hunting-reference.md)
 - [Advanced hunting query best practices](advanced-hunting-best-practices.md)
 - [Query data using Advanced hunting](advanced-hunting.md)

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md

@@ -1,6 +1,6 @@
 ---
 title: FileCreationEvents
-description: Learn about Advanced hunting table FileCreationEvents, such as column names, data types, and description
+description: FileCreationEvents table in the Advanced hunting schema
 keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, filecreationevents
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -26,7 +26,7 @@ ms.date: 07/24/2019
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
-FileCreationEvents is a table in the Advanced hunting schema. It contains information about file creation, modification, and other file system events. You can use the reference below to construct queries that return information from this table.
+The FileCreationEvents table in the Advanced hunting schema contains information about file creation, modification, and other file system events. Use this reference to construct queries that return information from this table.
 
 For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page.
 
@@ -63,11 +63,11 @@ For information on other tables in the Advanced hunting schema, see our [Advance
 | AppGuardContainerId | string | Identifier for the virtualized container used by Application Guard to isolate browser activity |
 | SensitivityLabel | string | Label applied to an email, file, or other content to classify it for information protection |
 | SensitivitySubLabel | string | Sublabel applied to an email, file, or other content to classify it for information protection; sensitivity sublabels are grouped under sensitivity labels but are treated independently |
-| IsWindowsInfoProtectionApplied | N/A | N/A |
 | IsAzureInfoProtectionApplied | boolean | Indicates whether the file is encrypted by Azure Information Protection |
 
 ## Related topics
 
+- [Advanced hunting overview](overview-hunting.md)
 - [All Advanced hunting tables](advanced-hunting-reference.md)
 - [Advanced hunting query best practices](advanced-hunting-best-practices.md)
 - [Query data using Advanced hunting](advanced-hunting.md)

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md

@@ -1,6 +1,6 @@
 ---
 title: ImageLoadEvents
-description: Learn about Advanced hunting table ImageLoadEvents, such as column names, data types, and description
+description: ImageLoadEvents table in the Advanced hunting schema
 keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, imageloadevents
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -26,7 +26,7 @@ ms.date: 07/24/2019
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
-ImageLoadEvents is a table in the Advanced hunting schema. It contains information about DLL loading events. You can use the reference below to construct queries that return information from this table.
+The ImageLoadEvents table in the Advanced hunting schema contains information about DLL loading events. Use this reference to construct queries that return information from this table.
 
 For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page.
 
@@ -60,6 +60,7 @@ For information on other tables in the Advanced hunting schema, see our [Advance
 
 ## Related topics
 
+- [Advanced hunting overview](overview-hunting.md)
 - [All Advanced hunting tables](advanced-hunting-reference.md)
 - [Advanced hunting query best practices](advanced-hunting-best-practices.md)
 - [Query data using Advanced hunting](advanced-hunting.md)

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md

@@ -1,6 +1,6 @@
 ---
 title: LogonEvents
-description: Learn about Advanced hunting table LogonEvents, such as column names, data types, and description
+description: LogonEvents table in the Advanced hunting schema
 keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, logonevents
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -26,7 +26,7 @@ ms.date: 07/24/2019
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
-LogonEvents is a table in the Advanced hunting schema. It contains information about user logons and other authentication events. You can use the reference below to construct queries that return information from this table.
+The LogonEvents table in the Advanced hunting schema contains information about user logons and other authentication events. Use this reference to construct queries that return information from this table.
 
 For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page.
 
@@ -68,6 +68,7 @@ For information on other tables in the Advanced hunting schema, see our [Advance
 
 ## Related topics
 
+- [Advanced hunting overview](overview-hunting.md)
 - [All Advanced hunting tables](advanced-hunting-reference.md)
 - [Advanced hunting query best practices](advanced-hunting-best-practices.md)
 - [Query data using Advanced hunting](advanced-hunting.md)

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md

@@ -1,6 +1,6 @@
 ---
 title: MachineInfo
-description: Learn about Advanced hunting table MachineInfo, such as column names, data types, and description
+description: MachineInfo table in the Advanced hunting schema
 keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, machineinfo
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -26,7 +26,7 @@ ms.date: 07/24/2019
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
-MachineInfo is a table in the Advanced hunting schema. It contains information about machines in the organization, including OS information. You can use the reference below to construct queries that return information from this table.
+The MachineInfo table in the Advanced hunting schema contains information about machines in the organization, including OS version, active users, and computer name. Use this reference to construct queries that return information from this table.
 
 For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page.
 
@@ -49,6 +49,7 @@ For information on other tables in the Advanced hunting schema, see our [Advance
 
 ## Related topics
 
+- [Advanced hunting overview](overview-hunting.md)
 - [All Advanced hunting tables](advanced-hunting-reference.md)
 - [Advanced hunting query best practices](advanced-hunting-best-practices.md)
 - [Query data using Advanced hunting](advanced-hunting.md)

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md

@@ -1,6 +1,6 @@
 ---
 title: MachineNetworkInfo
-description: Learn about Advanced hunting table MachineNetworkInfo, such as column names, data types, and description
+description: MachineNetworkInfo table in the Advanced hunting schema
 keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, machinenetworkinfo
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -26,7 +26,7 @@ ms.date: 07/24/2019
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
-MachineNetworkInfo is a table in the Advanced hunting schema. It contains information about network properties of machines, including adapters, IP and MAC addresses, as well as connected networks and domains. You can use the reference below to construct queries that return information from this table.
+The MachineNetworkInfo table in the Advanced hunting schema contains information about networking configuration of machines, including network adapters, IP and MAC addresses, and connected networks or domains. Use this reference to construct queries that return information from this table.
 
 For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page.
 
@@ -50,6 +50,7 @@ For information on other tables in the Advanced hunting schema, see our [Advance
 
 ## Related topics
 
+- [Advanced hunting overview](overview-hunting.md)
 - [All Advanced hunting tables](advanced-hunting-reference.md)
 - [Advanced hunting query best practices](advanced-hunting-best-practices.md)
 - [Query data using Advanced hunting](advanced-hunting.md)

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md

@@ -1,6 +1,6 @@
 ---
 title: MiscEvents
-description: Learn about Advanced hunting table MiscEvents, such as column names, data types, and description
+description: MiscEvents table in the advanced hunting schema
 keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, miscEvents
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -26,7 +26,7 @@ ms.date: 07/24/2019
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
-MiscEvents is a table in the Advanced hunting schema. It contains information about multiple event types, including events triggered by security controls, such as Windows Defender Antivirus and exploit protection. You can use the reference below to construct queries that return information from this table.
+The MiscEvents table in the Advanced hunting schema contains information about multiple event types, including events triggered by security controls, such as Windows Defender Antivirus and exploit protection. Use this reference to construct queries that return information from this table.
 
 For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page.
 
@@ -81,6 +81,7 @@ For information on other tables in the Advanced hunting schema, see our [Advance
 
 ## Related topics
 
+- [Advanced hunting overview](overview-hunting.md)
 - [All Advanced hunting tables](advanced-hunting-reference.md)
 - [Advanced hunting query best practices](advanced-hunting-best-practices.md)
 - [Query data using Advanced hunting](advanced-hunting.md)

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md

@@ -1,6 +1,6 @@
 ---
 title: NetworkCommunicationEvents
-description: Learn about Advanced hunting table NetworkCommunicationEvents, such as column names, data types, and description
+description: NetworkCommunicationEvents table in the Advanced hunting schema
 keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, networkcommunicationevents
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -26,7 +26,7 @@ ms.date: 07/24/2019
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
-NetworkCommunicationEvents is a table in the Advanced hunting schema. It contains information about network connections and related events. You can use the reference below to construct queries that return information from this table.
+The NetworkCommunicationEvents table in the Advanced hunting schema contains information about network connections and related events. Use this reference to construct queries that return information from this table.
 
 For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page.
 
@@ -64,6 +64,7 @@ For information on other tables in the Advanced hunting schema, see our [Advance
 
 ## Related topics
 
+- [Advanced hunting overview](overview-hunting.md)
 - [All Advanced hunting tables](advanced-hunting-reference.md)
 - [Advanced hunting query best practices](advanced-hunting-best-practices.md)
 - [Query data using Advanced hunting](advanced-hunting.md)

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md

@@ -1,6 +1,6 @@
 ---
 title: ProcessCreationEvents
-description: Learn about Advanced hunting table ProcessCreationEvents, such as column names, data types, and description
+description: ProcessCreationEvents table in the Advanced hunting schema
 keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, processcreationevents
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -26,7 +26,7 @@ ms.date: 07/24/2019
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
-ProcessCreationEvents is a table in the Advanced hunting schema. It contains information about process creation and related events. You can use the reference below to construct queries that return information from this table.
+The ProcessCreationEvents table in the Advanced hunting schema contains information about process creation and related events. Use this reference to construct queries that return information from this table.
 
 For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page.
 
@@ -72,6 +72,7 @@ For information on other tables in the Advanced hunting schema, see our [Advance
 
 ## Related topics
 
+- [Advanced hunting overview](overview-hunting.md)
 - [All Advanced hunting tables](advanced-hunting-reference.md)
 - [Advanced hunting query best practices](advanced-hunting-best-practices.md)
 - [Query data using Advanced hunting](advanced-hunting.md)

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md

@@ -1,6 +1,6 @@
 ---
-title: Advanced hunting reference in Microsoft Defender ATP
+title: Advanced hunting schema reference
-description: Learn about Advanced hunting table reference such as column name, data type, and description
+description: Learn about the tables in the advanced hunting schema
 keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -28,7 +28,7 @@ ms.date: 07/24/2019
 
 ## Advanced hunting table reference
 
-The Advanced hunting schema is made up of multiple tables, which provide either event information or information about certain entities. Table and column names are used for calling information about specific events or entities in queries.
+The Advanced hunting schema is made up of multiple tables that provide either event information, or information about certain entities. To effectively build queries that span multiple tables, you need to understand the tables and the columns in the Advanced hunting schema.
 
 The following reference lists all the tables in the Advanced hunting schema. Each table name links to a page describing the column names for that table.
 

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md

@@ -1,6 +1,6 @@
 ---
 title: RegistryEvents
-description: Learn about Advanced hunting table RegistryEvents, such as column names, data types, and description
+description: RegistryEvents table in the Advanced hunting schema
 keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, registryevents
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -26,7 +26,7 @@ ms.date: 07/24/2019
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
-RegistryEvents is a table in the Advanced hunting schema. It contains information about the creation and modification of registry entries. You can use the reference below to construct queries that return information from this table.
+The RegistryEvents table in the Advanced hunting schema contains information about the creation and modification of registry entries. Use this reference to construct queries that return information from this table.
 
 For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page.
 
@@ -62,6 +62,7 @@ For information on other tables in the Advanced hunting schema, see our [Advance
 
 ## Related topics
 
+- [Advanced hunting overview](overview-hunting.md)
 - [All Advanced hunting tables](advanced-hunting-reference.md)
 - [Advanced hunting query best practices](advanced-hunting-best-practices.md)
 - [Query data using Advanced hunting](advanced-hunting.md)

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-softwarevulnerabilityinfo-table.md

@@ -1,6 +1,6 @@
 ---
 title: SoftwareVulnerabilityInfo
-description: Learn about Advanced hunting table SoftwareVulnerabilityInfo, such as column names, data types, and description
+description: SoftwareVulnerabilityInfo table in the Advanced hunting schema
 keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, softwarevulnerabilityinfo
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -26,7 +26,7 @@ ms.date: 07/24/2019
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
-SoftwareVulnerabilityInfo is a table in the Advanced hunting schema. It contains information about software in use, including version number, as well as any known vulnerabilities. You can use the reference below to construct queries that return information from this table.
+The SoftwareVulnerabilityInfo table in the Advanced hunting schema contains information about software in use, including version number, as well as any known vulnerabilities. Use this reference to construct queries that return information from this table.
 
 For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page.
 
@@ -47,6 +47,7 @@ For information on other tables in the Advanced hunting schema, see our [Advance
 
 ## Related topics
 
+- [Advanced hunting overview](overview-hunting.md)
 - [All Advanced hunting tables](advanced-hunting-reference.md)
 - [Advanced hunting query best practices](advanced-hunting-best-practices.md)
 - [Query data using Advanced hunting](advanced-hunting.md)