diff --git a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md index 07afd4227c..024ddab8e2 100644 --- a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md @@ -45,7 +45,7 @@ See the [View and organize the Windows Defender Advanced Threat Protection Alert The **Latest ATP alerts** section includes the latest active alerts in your network. Each row includes an alert severity category and a short description of the alert. Click an alert to see its detailed view, or **Alerts queue** at the top of the list to go directly to the Alerts queue. See the [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) and [View and organize the Windows Defender Advanced Threat Protection Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md) topics for more information. ## Machines at risk -This tile shows you a list of machines with the highest number of active alerts. The total number of alerts for each machine is shown in a circle next to the machine name, and then further categorized by severity levels at the far end of the tile (hover over each severity bar to its label). +This tile shows you a list of machines with the highest number of active alerts. The total number of alerts for each machine is shown in a circle next to the machine name, and then further categorized by severity levels at the far end of the tile (hover over each severity bar to see its label). ![The Machines at risk tile shows a list of machines with the highest number of alerts, and a breakdown of the severity of the alerts](images/machines-at-risk.png) @@ -54,7 +54,7 @@ Click the name of the machine to see details about that machine. See the [Invest You can also click **Machines view** at the top of the tile to go directly to the **Machines view**, sorted by the number of active alerts. See the [Investigate machines in the Windows Defender Advanced Threat Protection Machines view](investigate-machines-windows-defender-advanced-threat-protection.md) topic for more information. ## Status -The **Status** tile informs you if the service is active and running and the specific number of machines (endpoints) reporting to Windows Defender ATP. +The **Status** tile informs you if the service is active and running and the unique number of machines (endpoints) reporting over the past 30 days. ![The Status tile shows an overall indicator of the service and the total number of machines reporting to the service](images/status-tile.png) @@ -66,7 +66,7 @@ The **Machines reporting** tile shows a bar graph that represents the number of ## Machines with active malware detections The **Machines with active malware detections** tile will only appear if your endpoints are using Windows Defender. -Active malware is defined as threats that are actively executing at the time of detection. +Active malware is defined as threats that were actively executing at the time of detection. Hover over each bar to see the number of active malware detections (as **Malware detections**) and the number of endpoints with at least one active detection (as **Machines**) over the past 30 days. diff --git a/windows/keep-secure/images/timeline.png b/windows/keep-secure/images/timeline.png index 83ac56f312..ac657b2a12 100644 Binary files a/windows/keep-secure/images/timeline.png and b/windows/keep-secure/images/timeline.png differ diff --git a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md index 4778e194e5..0a7f63c71b 100644 --- a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md @@ -106,7 +106,6 @@ Use the search bar to look for specific alerts or files associated with the mach You can also filter by: -- Signed or unsigned files - Detections mode: displays Windows ATP Alerts and detections - Behaviors mode: displays "detections" and selected events of interest - Verbose mode: displays "behaviors" (including "detections"), and all reported events