Merge remote-tracking branch 'origin/master' into atp-adv-hunting

windows/security/threat-protection/TOC.md

@@ -189,9 +189,6 @@
 #### [Review events and errors on endpoints with Event Viewer](windows-defender-atp\event-error-codes-windows-defender-advanced-threat-protection.md)
 ### [Windows Defender Antivirus compatibility with Windows Defender ATP](windows-defender-atp\defender-compatibility-windows-defender-advanced-threat-protection.md)
 
-
-##	[Windows Defender Antivirus in Windows 10](windows-defender-antivirus\windows-defender-antivirus-in-windows-10.md)
-### [Windows Defender AV in the Windows Defender Security Center app](windows-defender-antivirus\windows-defender-security-center-antivirus.md)
 ##	[Windows Defender Antivirus in Windows 10](windows-defender-antivirus\windows-defender-antivirus-in-windows-10.md)
 ### [Windows Defender AV in the Windows Defender Security Center app](windows-defender-antivirus\windows-defender-security-center-antivirus.md)
 

windows/security/threat-protection/change-history-for-threat-protection.md

@@ -12,6 +12,12 @@ ms.date: 10/31/2017
 # Change history for threat protection
 This topic lists new and updated topics in the [Threat protection](index.md) documentation.
 
+## February 2018
+
+New or changed topic | Description
+---------------------|------------
+[Security Compliance Toolkit](security-compliance-toolkit-10.md) | Added Office 2016 Security Baseline.
+
 ## January 2018
 |New or changed topic |Description |
 |---------------------|------------|

windows/security/threat-protection/security-compliance-toolkit-10.md

@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.localizationpriority: high
 ms.author: sagaudre
 author: brianlic-msft
-ms.date: 10/16/2017
+ms.date: 02/16/2018
 ---
 
 # Microsoft Security Compliance Toolkit 1.0
@@ -32,6 +32,9 @@ The Security Compliance Toolkit consists of:
     -   Windows Server 2016
     -   Windows Server 2012 R2
 
+-   Microsoft Office Security Baselines
+    -   Office 2016 
+
 -   Tools
     -   Policy Analyzer tool
     -   Local Group Policy Object (LGPO) tool

windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md

@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: tedhardyMSFT
-ms.date: 10/27/2017
+ms.date: 02/16/2018
 ---
 
 # Use Windows Event Forwarding to help with intrusion detection
@@ -636,9 +636,9 @@ Here are the minimum steps for WEF to operate:
     <!-- Detect User-Mode drivers loaded - for potential BadUSB detection. -->
     <Select Path="Microsoft-Windows-DriverFrameworks-UserMode/Operational">*[System[(EventID=2004)]]</Select>
   </Query>
-<Query Id="14" Path=" Windows PowerShell">
+<Query Id="14" Path="Windows PowerShell">
     <!-- Legacy PowerShell pipeline execution details (800) -->
-    <Select Path=" Windows PowerShell">*[System[(EventID=800)]]</Select>
+    <Select Path="Windows PowerShell">*[System[(EventID=800)]]</Select>
   </Query>
 </QueryList> 
 ```

windows/security/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md

@@ -72,7 +72,7 @@ The numbers beside the green triangle icon on each recommended action represents
 >[!IMPORTANT]
 >Recommendations that do not display a green triangle icon are informational only and no action is required. 
 
-Clicking **View machines** in a specific recommendation opens up the **Machines list** with filters applied to show only the list of machines where the the recommendation is applicable. You can export the list in Excel to create a target collection and apply relevant policies using a management solution of your choice. 
+Clicking **View machines** in a specific recommendation opens up the **Machines list** with filters applied to show only the list of machines where the recommendation is applicable. You can export the list in Excel to create a target collection and apply relevant policies using a management solution of your choice. 
 
 The following image shows an example list of machines where the EDR sensor is not turned on.