Merged PR 14489: reports public preview

reports public preview

windows/security/threat-protection/TOC.md

@@ -400,6 +400,7 @@
 
 ##### Reporting
 ###### [Create and build Power BI reports using Windows Defender ATP data](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md)
+###### [Threat protection reports](windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md)
 
 ##### Role-based access control
 ###### [Manage portal access using RBAC](windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md)

windows/security/threat-protection/windows-defender-atp/TOC.md

@@ -403,6 +403,7 @@
 
 #### Reporting
 ##### [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
+##### [Threat protection reports](threat-protection-reports-windows-defender-advanced-threat-protection.md)
 
 #### Role-based access control
 ##### [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md)

windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md

@@ -0,0 +1,78 @@
+---
+title: Threat protection report in Windows Defender ATP
+description: Track alert detections, categories, and severity using the threat protection report
+keywords: alert detection, source, alert by category, alert severity, alert classification, determination
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# Threat protection report in Windows Defender ATP
+
+**Applies to:**
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
+
+[!include[Prerelease information](prerelease.md)]
+
+The threat protection report provides high-level information about alerts generated in your organization. The report includes trending information showing the detection sources, categories, severities, statuses, classifications, and determinations of alerts across time.
+
+The dashboard is structured into two columns:
+
+![Image of the threat protection report](images/atp-threat-protection-reports.png)
+
+Section | Description 
+:---|:---
+1 | Alerts trends
+2 | Alert summary
+
+
+By default, the alert trends display alert information from the 30-day period ending in the latest full day. To gain better perspective on trends occurring in your organization, you can fine-tune the reporting period by adjusting the time period shown. To adjust the time period, select a time range from the drop-down options:
+
+- 30 days
+- 3 months
+- 6 months
+- Custom
+
+While the alerts trends shows trending information alerts, the alert summary shows alert information scoped to 6 months.
+
+ The alert summary allows you to drill down to a particular alert queue with the corresponding filter applied to it. For example, clicking on the EDR bar in the Detection sources card will bring you the alerts queue with results showing only alerts generated from EDR detections. 
+
+
+
+## Alert attributes
+The report is made up of cards that display the following alert attributes:
+
+- **Detection sources**: shows information about the sensors and detection technologies that provide the data used by Windows Defender ATP to trigger alerts.
+
+- **Threat categories**: shows the types of threat or attack activity that triggered alerts, indicating possible focus areas for your security operations.
+
+- **Severity**: shows the severity level of alerts, indicating the collective potential impact of threats to your organization and the level of response needed to address them.
+
+- **Status**: shows the resolution status of alerts, indicating the efficiency of your manual alert responses and of automated remediation (if enabled). 
+
+- **Classification & determination**: shows how you have classified alerts upon resolution, whether you have classified them as actual threats (true alerts) or as incorrect detections (false alerts). These cards also show the determination of resolved alerts, providing additional insight like the types of actual threats found or the legitimate activities that were incorrectly detected.
+
+
+ 
+
+## Filter data
+
+Use the provided filters to include or exclude alerts with certain attributes.
+
+>[!NOTE]
+>These filters apply to **all** the cards in the report.
+
+For example, to show data about high-severity alerts only:
+
+1. Under **Filters > Severity**, select **High**
+2. Ensure that all other options under **Severity** are deselected.
+3. Select **Apply**. 

windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md

@@ -29,6 +29,12 @@ The following capabilities are generally available (GA).
 
 - [Onboard previous versions of Windows](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection)<BR> Onboard supported versions of Windows machines so that they can send sensor data to the Windows Defender ATP sensor.
 
+### In preview
+The following capability are included in the February 2019 preview release. 
+
+- [Reports](https://docs.microsoft.com/windows/security/threat-protection-reports-windows-defender-advanced-threat-protection)<BR>The threat protection report provides high-level information about alerts generated in your organization. 
+
+
 
 ## October 2018
 The following capabilities are generally available (GA).