Merge branch 'atp-phase2' of https://cpubwin.visualstudio.com/_git/it-client into atp-phase2

windows/security/threat-protection/TOC.md

@@ -2,58 +2,96 @@
 
 ## [Windows Defender Advanced Threat Protection](windows-defender-atp/windows-defender-advanced-threat-protection.md)
 
-### [Overview](overview.md)
+### [Overview](windows-defender-atp/overview.md)
+#### [Windows Defender Security Center](windows-defender-atp/use-windows-defender-advanced-threat-protection.md)
+##### [Portal overview](windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md)
 #### [Attack surface reduction](windows-defender-atp/overview-attack-surface-reduction.md)
+##### [Hardware-based isolation](windows-defender-application-guard/wd-app-guard-overview.md)
+##### [Application control](windows-defender-application-control/windows-defender-application-control.md)
+##### [Exploit protection](windows-defender-exploit-guard/exploit-protection-exploit-guard.md)
+##### [Network protection](windows-defender-exploit-guard/network-protection-exploit-guard.md)
+##### [Controlled folder access](windows-defender-exploit-guard/controlled-folders-exploit-guard.md)
+##### [Attack surface reduction](windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md)
+##### [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md)
 #### [Next generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
 #### [Endpoint detection and response](windows-defender-atp/overview-endpoint-detection-response.md)
+##### [Security operations dashboard](windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md)
 #### [Auto investigation](windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md)
-#### [Security posture]()
+#### [Secure score](windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md)
-#### [Advanced hunting]()
+##### [Threat analytics dashboard](windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
-#### [Management and APIs]()
+#### [Advanced hunting](windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md)
-#### [Microsoft threat protection]()
+#### [Microsoft threat protection - Heike or Raviv or Alon - need to make new page - put anchors inside for each integ](windows-defender-atp/threat-protection-integration.md)
-#### [Windows Defender Security Center](windows-defender-atp/use-windows-defender-advanced-threat-protection.md)
+#####  [Protect users, data, and devices with conditional access](windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md)
+##### [Access the Windows Defender Security Center Community Center](windows-defender-atp/community-windows-defender-advanced-threat-protection.md)
 
 
-### [Get started](get-started.md)
+### [Get started](windows-defender-atp/get-started.md)
 #### [Minimum requirements](windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md)
-#### [Validate licensing and complete setup](windows-defender-atp\licensing-windows-defender-advanced-threat-protection.md)
+#### [Validate licensing and complete setup](windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md)
-#### [Preview features](windows-defender-atp\preview-windows-defender-advanced-threat-protection.md)
+#### [Preview features](windows-defender-atp/preview-windows-defender-advanced-threat-protection.md)
-#### [Data storage and privacy](windows-defender-atp\data-storage-privacy-windows-defender-advanced-threat-protection.md)
+#### [Data storage and privacy](windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md)
-#### [Assign user access to the portal](windows-defender-atp\assign-portal-access-windows-defender-advanced-threat-protection.md)
+#### [Assign user access to the portal](windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md)
-
-#### [Evaluate Windows Defender ATP](evaluate-atp.md)
 
+#### [Evaluate Windows Defender ATP](windows-defender-atp/evaluate-atp.md)
 ##### [Hardware-based isolation](windows-defender-application-guard/test-scenarios-wd-app-guard.md)
 ##### [Application control](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
-##### [Exploit protection](windows-defender-exploit-guard\evaluate-exploit-protection.md)
+##### [Exploit protection](windows-defender-exploit-guard/evaluate-exploit-protection.md)
-##### [Network Protection](windows-defender-exploit-guard\evaluate-network-protection.md)
+##### [Network Protection](windows-defender-exploit-guard/evaluate-network-protection.md)
-##### [Controlled folder access](windows-defender-exploit-guard\evaluate-controlled-folder-access.md)
+##### [Controlled folder access](windows-defender-exploit-guard/evaluate-controlled-folder-access.md)
-##### [Attack surface reduction](windows-defender-exploit-guard\evaluate-attack-surface-reduction.md)
+##### [Attack surface reduction](windows-defender-exploit-guard/evaluate-attack-surface-reduction.md)
-##### [Network firewall](windows-firewall\evaluating-windows-firewall-with-advanced-security-design-examples.md)
+##### [Network firewall](windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
-##### [Next gen protection](windows-defender-antivirus\evaluate-windows-defender-antivirus.md)
+##### [Next generation protection](windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
 
 
-### [Onboard and configure machines to Windows Defender ATP](onboard.md)
+### [Onboard machines, configure, and manage capabilities](windows-defender-atp/onboard.md)
-#### [Onboard machines - need to revise this page](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md)
+#### [Onboard machines](windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md)
-##### [Onboard previous versions of Windows](windows-defender-atp\onboard-downlevel-windows-defender-advanced-threat-protection.md)
+##### [Onboard previous versions of Windows](windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md)
-##### [Onboard Windows 10 machines](windows-defender-atp\configure-endpoints-windows-defender-advanced-threat-protection.md)
+##### [Onboard Windows 10 machines](windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md)
-###### [Onboard machines using Group Policy](windows-defender-atp\configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
+###### [Onboard machines using Group Policy](windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
-###### [Onboard machines using System Center Configuration Manager](windows-defender-atp\configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
+###### [Onboard machines using System Center Configuration Manager](windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
-###### [Onboard machines using Mobile Device Management tools](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
+###### [Onboard machines using Mobile Device Management tools](windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
 ####### [Onboard machines using Microsoft Intune](windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#onboard-machines-using-microsoft-intune)
 ###### [Onboard machines using a local script](windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md)
 ###### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
-##### [Onboard servers](windows-defender-atp\configure-server-endpoints-windows-defender-advanced-threat-protection.md)
+##### [Onboard servers](windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md)
-##### [Onboard non-Windows machines](windows-defender-atp\configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
+##### [Onboard non-Windows machines](windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
-##### [Run a detection test on a newly onboarded machine](windows-defender-atp\run-detection-test-windows-defender-advanced-threat-protection.md)
+##### [Run a detection test on a newly onboarded machine](windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md)
-##### [Run simulated attacks on machines](windows-defender-atp\attack-simulations-windows-defender-advanced-threat-protection.md)
+##### [Run simulated attacks on machines](windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md)
-##### [Configure proxy and Internet connectivity settings](windows-defender-atp\configure-proxy-internet-windows-defender-advanced-threat-protection.md)
+##### [Configure proxy and Internet connectivity settings](windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md)
-##### [Troubleshoot onboarding issues](windows-defender-atp\troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
+##### [Troubleshoot onboarding issues](windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
-###### [Troubleshoot subscription and portal access issues](windows-defender-atp\troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
+###### [Troubleshoot subscription and portal access issues](windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
+
+#### [Configure Windows Defender Security Center settings](windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md)
+
+#####General
+###### [Update data retention settings](windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md)
+###### [Configure alert notifications](windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md)
+###### [Enable and create Power BI reports using Windows Defender Security center data](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md)
+###### [Enable Secure score security controls](windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md)
+###### [Configure advanced features](windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md)
+
+##### Permissions
+###### [Manage portal access using RBAC](windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md)
+###### [Create and manage machine groups](windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md)
+
+#####APIs
+###### [Enable Threat intel](windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md)
+###### [Enable SIEM integration](windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md)
+
+#####Rules
+###### [Manage suppression rules](windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md)
+###### [Manage automation allowed/blocked](windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
+###### [Manage automation file uploads](windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
+###### [Manage automation folder exclusions](windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
+
+#####Machine management
+###### [Onboarding machines](windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md)
+###### [Offboarding machines](windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md)
+
+##### [Configure Windows Defender Security Center time zone settings](windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md)
 
 
-
+#### [Configure attack surface reduction](windows-defender-atp/configure-attack-surface-reduction.md)
-####[Configure attack surface reduction](configure-attack-surface-reduction.md)
 ##### [Hardware-based isolation](windows-defender-application-guard/configure-wd-app-guard.md)
 ##### [Application control](windows-defender-application-control/windows-defender-application-control-deployment-guide.md)
 ##### [Exploit protection](windows-defender-exploit-guard/enable-exploit-protection.md)
@@ -64,294 +102,222 @@
 
 
 
-#### [Configure next generation protection](windows-defender-antivirus\windows-defender-antivirus-in-windows-10.md)
+#### [Configure next generation protection](windows-defender-antivirus/configure-windows-defender-antivirus-features.md)
-##### [Next generation protection in Windows Server](windows-defender-antivirus\windows-defender-antivirus-on-windows-server-2016.md)
+##### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
-##### [Antivirus compatibility](windows-defender-antivirus\windows-defender-antivirus-compatibility.md)
+###### [Enable cloud-delivered protection](windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md)
-###### [Use limited periodic scanning](windows-defender-antivirus\limited-periodic-scanning-windows-defender-antivirus.md)
+###### [Specify the cloud-delivered protection level](windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md)
-##### [Deploy next generation protection](windows-defender-antivirus\deploy-manage-report-windows-defender-antivirus.md)
+###### [Configure and validate network connections](windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md)
-###### [Deploy and enable next generation protection](windows-defender-antivirus\deploy-windows-defender-antivirus.md)
+###### [Enable Block at first sight](windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md)
-###### [Deployment guide for VDI environments](windows-defender-antivirus\deployment-vdi-windows-defender-antivirus.md)
+###### [Configure the cloud block timeout period](windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md)
-##### [Report on next generation protection](windows-defender-antivirus\report-monitor-windows-defender-antivirus.md)
+##### [Configure behavioral, heuristic, and real-time protection](windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md)
-###### [Troubleshoot antivirus reporting in Update Compliance](windows-defender-antivirus\troubleshoot-reporting.md)
+###### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
-##### [Manage updates and apply baselines](windows-defender-antivirus\manage-updates-baselines-windows-defender-antivirus.md)
+###### [Enable and configure always-on protection and monitoring](windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md)
-###### [Manage protection and definition updates](windows-defender-antivirus\manage-protection-updates-windows-defender-antivirus.md)
+##### [Antivirus on Windows Server 2016](windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md)
-###### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus\manage-protection-update-schedule-windows-defender-antivirus.md)
+##### [Antivirus compatibility](windows-defender-antivirus/windows-defender-antivirus-compatibility.md)
-###### [Manage updates for endpoints that are out of date](windows-defender-antivirus\manage-outdated-endpoints-windows-defender-antivirus.md)
+###### [Use limited periodic antivirus scanning](windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md)
-###### [Manage event-based forced updates](windows-defender-antivirus\manage-event-based-updates-windows-defender-antivirus.md)
+
-###### [Manage updates for mobile devices and VMs](windows-defender-antivirus\manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
+##### [Deploy, manage updates, and report on antivirus](windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md)
-
+###### [Deploy and enable antivirus](windows-defender-antivirus/deploy-windows-defender-antivirus.md)
-##### [Manage scans and remediation](windows-defender-antivirus\customize-run-review-remediate-scans-windows-defender-antivirus.md)
+####### [Deployment guide for VDI environments](windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md)
-###### [Configure and validate exclusions in antivirus scans](windows-defender-antivirus\configure-exclusions-windows-defender-antivirus.md)
+###### [Report on antivirus protection](windows-defender-antivirus/report-monitor-windows-defender-antivirus.md)
-####### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus\configure-extension-file-exclusions-windows-defender-antivirus.md)
+####### [Troubleshoot antivirus reporting in Update Compliance](windows-defender-antivirus/troubleshoot-reporting.md)
-####### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus\configure-process-opened-file-exclusions-windows-defender-antivirus.md)
+###### [Manage updates and apply baselines](windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md)
-####### [Configure antivirus exclusions on Windows Server 2016](windows-defender-antivirus\configure-server-exclusions-windows-defender-antivirus.md)
+####### [Manage protection and definition updates](windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md)
-###### [Configure scanning options](windows-defender-antivirus\configure-advanced-scan-types-windows-defender-antivirus.md)
+####### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md)
-###### [Configure remediation for scans](windows-defender-antivirus\configure-remediation-windows-defender-antivirus.md)
+####### [Manage updates for endpoints that are out of date](windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md)
-###### [Configure scheduled scans](windows-defender-antivirus\scheduled-catch-up-scans-windows-defender-antivirus.md)
+####### [Manage event-based forced updates](windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md)
-###### [Configure and run scans](windows-defender-antivirus\run-scan-windows-defender-antivirus.md)
+####### [Manage updates for mobile devices and VMs](windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
-###### [Review scan results](windows-defender-antivirus\review-scan-results-windows-defender-antivirus.md)
+
-###### [Run and review the results of an offline scan](windows-defender-antivirus\windows-defender-offline.md)
+##### [Customize, initiate, and review the results of scans and remediation](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
-###### [Restore quarantined files](windows-defender-antivirus\restore-quarantined-files-windows-defender-antivirus.md)
+###### [Configure and validate exclusions in antivirus scans](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
-##### [Manage next generation protection in your business](windows-defender-antivirus\configuration-management-reference-windows-defender-antivirus.md)
+####### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
-###### [Use Microsoft Intune and System Center Configuration Manager to manage next generation protection](windows-defender-antivirus\use-intune-config-manager-windows-defender-antivirus.md)
+####### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
-###### [Use Group Policy settings to manage next generation protection](windows-defender-antivirus\use-group-policy-windows-defender-antivirus.md)
+####### [Configure antivirus exclusions Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
-###### [Use PowerShell cmdlets to manage next generation protection](windows-defender-antivirus\use-powershell-cmdlets-windows-defender-antivirus.md)
+###### [Configure scanning antivirus options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
-###### [Use Windows Management Instrumentation (WMI) to manage next generation protection](windows-defender-antivirus\use-wmi-windows-defender-antivirus.md)
+###### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
-###### [Use the mpcmdrun.exe command line tool to manage next generation protection](windows-defender-antivirus\command-line-arguments-windows-defender-antivirus.md)
+###### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
-
+###### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
-
+###### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
-
+###### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md)
-
+##### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
-
+##### [Manage antivirus in your business](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
-#### [Configure AutoIR - needs new content, u can configure through the portal settings + link to the settings page](configure3.md)
+###### [Use Group Policy settings to configure and manage antivirus](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
-
+###### [Use System Center Configuration Manager and Microsoft Intune to configure and manage antivirus](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
-
+###### [Use PowerShell cmdlets to configure and manage antivirus](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
-
+###### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
-#### [Windows Defender Security Center settings](windows-defender-atp\preferences-setup-windows-defender-advanced-threat-protection.md)
+###### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
-#####General
+
-###### [Update data retention settings](windows-defender-atp\data-retention-settings-windows-defender-advanced-threat-protection.md)
+##### [Manage scans and remediation](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
-###### [Configure alert notifications](windows-defender-atp\configure-email-notifications-windows-defender-advanced-threat-protection.md)
+###### [Configure and validate exclusions in antivirus scans](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
-###### [Enable and create Power BI reports using Windows Defender Security center data](windows-defender-atp\powerbi-reports-windows-defender-advanced-threat-protection.md)
+####### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
-###### [Enable Secure score security controls](windows-defender-atp\enable-secure-score-windows-defender-advanced-threat-protection.md)
+####### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
-###### [Configure advanced features](windows-defender-atp\advanced-features-windows-defender-advanced-threat-protection.md)
+####### [Configure antivirus exclusions on Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
-
+###### [Configure scanning options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
-
+###### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
-
+###### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
-
+###### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
-#####APIs
+###### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
-###### [Enable Threat intel](windows-defender-atp\enable-custom-ti-windows-defender-advanced-threat-protection.md)
+###### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md)
-###### [Enable SIEM integration](windows-defender-atp\enable-siem-integration-windows-defender-advanced-threat-protection.md)
+###### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
-
+##### [Manage next generation protection in your business](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
-#####Rules
+###### [Use Microsoft Intune and System Center Configuration Manager to manage next generation protection](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
-###### [Manage suppression rules](windows-defender-atp\manage-suppression-rules-windows-defender-advanced-threat-protection.md)
+###### [Use Group Policy settings to manage next generation protection](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
-###### [Manage automation allowed/blocked](windows-defender-atp\manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
+###### [Use PowerShell cmdlets to manage next generation protection](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
-###### [Manage automation file uploads](windows-defender-atp\manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
+###### [Use Windows Management Instrumentation (WMI) to manage next generation protection](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
-###### [Manage automation folder exclusions](windows-defender-atp\manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
+###### [Use the mpcmdrun.exe command line tool to manage next generation protection](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
-
+
-#####Machine management
+
-###### [Onboarding machines](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md)
+#### [Manage endpoint detection and response capabilities](windows-defender-atp/manage-edr.md)
-###### [Offboarding machines](windows-defender-atp\offboard-machines-windows-defender-advanced-threat-protection.md)
+#####Alerts queue
-
+###### [View and organize the Alerts queue](windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md)
-##### [Configure Windows Defender Security Center time zone settings](windows-defender-atp\time-settings-windows-defender-advanced-threat-protection.md)
+###### [Manage alerts](windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md)
-
+###### [Investigate alerts](windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md)
-
+###### [Investigate files](windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md)
-
+###### [Investigate machines](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md)
-
+###### [Investigate an IP address](windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md)
-### [Windows Defender Security Center](windows-defender-atp\use-windows-defender-advanced-threat-protection.md)
+###### [Investigate a domain](windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md)
-#### [Portal overview](windows-defender-atp\portal-overview-windows-defender-advanced-threat-protection.md)
+###### [Investigate a user account](windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md)
-#### [View the Security operations dashboard - consdier moving to the relevant pillar](windows-defender-atp\security-operations-dashboard-windows-defender-advanced-threat-protection.md)
+ 
-
+#####Machines list
-#### [Access the Windows Defender Security Center Community Center](windows-defender-atp\community-windows-defender-advanced-threat-protection.md)
+###### [View and organize the Machines list](windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md)
-
+###### [Manage machine group and tags](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags)
-
+###### [Alerts related to this machine](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine)
-
+###### [Machine timeline](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline)
-
+####### [Search for specific events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events)
-
+####### [Filter events from a specific date](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
-
+####### [Export machine timeline events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
-
+####### [Navigate between pages](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
-
+
-
+
-
+##### [Take response actions](windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md)
-#### [Configure next gen protection features](windows-defender-antivirus\configure-windows-defender-antivirus-features.md)
+###### [Take response actions on a machine](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md)
-##### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus\utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
+####### [Collect investigation package](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines)
-###### [Enable cloud-delivered protection](windows-defender-antivirus\enable-cloud-protection-windows-defender-antivirus.md)
+####### [Run antivirus scan](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines)
-###### [Specify the cloud-delivered protection level](windows-defender-antivirus\specify-cloud-protection-level-windows-defender-antivirus.md)
+####### [Restrict app execution](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution)
-###### [Configure and validate network connections](windows-defender-antivirus\configure-network-connections-windows-defender-antivirus.md)
+####### [Remove app restriction](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction)
-###### [Enable the Block at First Sight feature](windows-defender-antivirus\configure-block-at-first-sight-windows-defender-antivirus.md)
+####### [Isolate machines from the network](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
-###### [Configure the cloud block timeout period](windows-defender-antivirus\configure-cloud-block-timeout-period-windows-defender-antivirus.md)
+####### [Release machine from isolation](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation)
-##### [Configure behavioral, heuristic, and real-time protection](windows-defender-antivirus\configure-protection-features-windows-defender-antivirus.md)
+####### [Check activity details in Action center](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
-###### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus\detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
+ 
-###### [Enable and configure always-on protection and monitoring](windows-defender-antivirus\configure-real-time-protection-windows-defender-antivirus.md)
+###### [Take response actions on a file](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md)
-
+####### [Stop and quarantine files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
-
+####### [Remove file from quarantine](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
-
+####### [Block files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
-### [Endpoint detection and response](edr.md)
+####### [Remove file from blocked list](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list)
-####Alerts queue
+####### [Check activity details in Action center](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
-##### [View and organize the Alerts queue](windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md)
+####### [Deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
-##### [Manage alerts](windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md)
+####### [Submit files for analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
-##### [Investigate alerts](windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md)
+####### [View deep analysis reports](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
-##### [Investigate files](windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md)
+####### [Troubleshoot deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
-##### [Investigate machines](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md)
+ 
-##### [Investigate an IP address](windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md)
+##### [Query data using Advanced hunting](windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md)
-##### [Investigate a domain](windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md)
+###### [Advanced hunting reference](windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
-##### [Investigate a user account](windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md)
+###### [Advanced hunting query language best practices](windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
-
+
-####Machines list
+
-##### [View and organize the Machines list](windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md)
+#### [Manage automated investigations](windows-defender-atp/manage-auto-investigation-windows-defender-advanced-threat-protection.md)
-##### [Manage machine group and tags](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags)
+
-##### [Alerts related to this machine](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine)
+#### [Configure Security score dashboard security controls](windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md)
-##### [Machine timeline](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline)
+
-###### [Search for specific events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events)
+#### [Management and APIs](windows-defender-atp/management-apis.md)
-###### [Filter events from a specific date](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
+##### [Pull alerts to your SIEM tools](windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md)
-###### [Export machine timeline events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
+###### [Enable SIEM integration](windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md)
-###### [Navigate between pages](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
+###### [Configure Splunk to pull alerts](windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md)
-
+###### [Configure HP ArcSight to pull alerts](windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md)
-
+###### [Windows Defender ATP alert API fields](windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md)
-#### [Take response actions](windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md)
+###### [Pull alerts using REST API](windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
-##### [Take response actions on a machine](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md)
+###### [Troubleshoot SIEM tool integration issues](windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md)
-###### [Collect investigation package](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines)
+ 
-###### [Run antivirus scan](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines)
+##### [Use the Windows Defender ATP exposed APIs](windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md)
-###### [Restrict app execution](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution)
+###### [Supported Windows Defender ATP APIs](windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md)
-###### [Remove app restriction](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction)
+#######Actor
-###### [Isolate machines from the network](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
+######## [Get actor information](windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md)
-###### [Release machine from isolation](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation)
+######## [Get actor related alerts](windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md)
-###### [Check activity details in Action center](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
+#######Alerts
-
+######## [Get alerts](windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md)
-##### [Take response actions on a file](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md)
+######## [Get alert information by ID](windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md)
-###### [Stop and quarantine files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
+######## [Get alert related actor information](windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md)
-###### [Remove file from quarantine](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
+######## [Get alert related domain information](windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md)
-###### [Block files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
+######## [Get alert related file information](windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md)
-###### [Remove file from blocked list](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list)
+######## [Get alert related IP information](windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
-###### [Check activity details in Action center](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
+######## [Get alert related machine information](windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
-###### [Deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
+########Domain
-###### [Submit files for analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
+#########  [Get domain related alerts](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
-###### [View deep analysis reports](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
+######### [Get domain related machines](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md)
-###### [Troubleshoot deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
+######### [Get domain statistics](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md)
-
+######### [Is domain seen in organization](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
-
+ 
-
+#######File
-#### [Query data using Advanced hunting](windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md)
+######## [Block file API](windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md)
-##### [Advanced hunting reference](windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
+######## [Get file information](windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md)
-##### [Advanced hunting query language best practices](windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
+######## [Get file related alerts](windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md)
-
+######## [Get file related machines](windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md)
-
+######## [Get file statistics](windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md)
-### [Automatic investigation and remediation](windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md)
+######## [Get FileActions collection API](windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md)
-
+######## [Unblock file API](windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md)
-
+ 
-###Security posture
+#######IP
-#### [Secure posture - Evald](windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md)
+######## [Get IP related alerts](windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md)
-#### [View the Threat analytics dashboard and take recommended mitigation actions - Evald](windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
+######## [Get IP related machines](windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md)
-
+######## [Get IP statistics](windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md)
-
+######## [Is IP seen in organization](windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md)
-
+#######Machines
-### [Management and APIs](management-apis.md)
+######## [Collect investigation package API](windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md)
-#### [Pull alerts to your SIEM tools](windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md)
+######## [Find machine information by IP](windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md)
-##### [Enable SIEM integration](windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md)
+######## [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
-##### [Configure Splunk to pull alerts](windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md)
+######## [Get FileMachineAction object API](windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
-##### [Configure HP ArcSight to pull alerts](windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md)
+######## [Get FileMachineActions collection API](windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
-##### [Windows Defender ATP alert API fields](windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md)
+######## [Get machine by ID](windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md)
-##### [Pull alerts using REST API](windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
+######## [Get machine log on users](windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md)
-##### [Troubleshoot SIEM tool integration issues](windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md)
+######## [Get machine related alerts](windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md)
-
+######## [Get MachineAction object API](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md)
-#### [Use the Windows Defender ATP exposed APIs](windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md)
+######## [Get MachineActions collection API](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md)
-##### [Supported Windows Defender ATP APIs](windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md)
+######## [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
-######Actor
+######## [Get package SAS URI API](windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md)
-####### [Get actor information](windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md)
+######## [Isolate machine API](windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md)
-####### [Get actor related alerts](windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md)
+######## [Release machine from isolation API](windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md)
-######Alerts
+######## [Remove app restriction API](windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
-####### [Get alerts](windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md)
+######## [Request sample API](windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md)
-####### [Get alert information by ID](windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md)
+######## [Restrict app execution API](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md)
-####### [Get alert related actor information](windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md)
+######## [Run antivirus scan API](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md)
-####### [Get alert related domain information](windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md)
+######## [Stop and quarantine file API](windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md)
-####### [Get alert related file information](windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md)
+ 
-####### [Get alert related IP information](windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
+ 
-####### [Get alert related machine information](windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
+ 
-#######Domain
+#######User
-########  [Get domain related alerts](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
+######## [Get alert related user information](windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md)
-######## [Get domain related machines](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md)
+######## [Get user information](windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md)
-######## [Get domain statistics](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md)
+######## [Get user related alerts](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md)
-######## [Is domain seen in organization](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
+######## [Get user related machines](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md)
-
+ 
-######File
+ 
-####### [Block file API](windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md)
+ 
-####### [Get file information](windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md)
+ 
-####### [Get file related alerts](windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md)
+##### [Use the threat intelligence API to create custom alerts](windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md)
-####### [Get file related machines](windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md)
+###### [Understand threat intelligence concepts](windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-####### [Get file statistics](windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md)
+###### [Enable the custom threat intelligence application](windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md)
-####### [Get FileActions collection API](windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md)
+###### [Create custom threat intelligence alerts](windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md)
-####### [Unblock file API](windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md)
+###### [PowerShell code examples](windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md)
-
+###### [Python code examples](windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md)
-######IP
+###### [Experiment with custom threat intelligence alerts](windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md)
-####### [Get IP related alerts](windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md)
+###### [Troubleshoot custom threat intelligence issues](windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
-####### [Get IP related machines](windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md)
+ 
-####### [Get IP statistics](windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md)
+#####Reporting
-####### [Is IP seen in organization](windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md)
+###### [Create and build Power BI reports using Windows Defender ATP data](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md)
-######Machines
+
-####### [Collect investigation package API](windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md)
+
-####### [Find machine information by IP](windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md)
+### [Troubleshoot Windows Defender ATP](windows-defender-atp/troubleshoot-wdatp.md)
-####### [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
+#### [Review AV/NEXT GEN event logs and error codes to troubleshoot issues - Amitai, etc](windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md)
-####### [Get FileMachineAction object API](windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
+
-####### [Get FileMachineActions collection API](windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
+####Troubleshoot sensor state
-####### [Get machine by ID](windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md)
+##### [Check sensor state](windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md)
-####### [Get machine log on users](windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md)
+##### [Fix unhealthy sensors](windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
-####### [Get machine related alerts](windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md)
+##### [Inactive machines](windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
-####### [Get MachineAction object API](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md)
+##### [Misconfigured machines](windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
-####### [Get MachineActions collection API](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md)
+##### [Review events and errors on machines with Event Viewer](windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md)
-####### [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
+
-####### [Get package SAS URI API](windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md)
+#### [Troubleshoot Windows Defender ATP service issues](windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md)
-####### [Isolate machine API](windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md)
+##### [Check service health](windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md)
-####### [Release machine from isolation API](windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md)
-####### [Remove app restriction API](windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
-####### [Request sample API](windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md)
-####### [Restrict app execution API](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md)
-####### [Run antivirus scan API](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md)
-####### [Stop and quarantine file API](windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md)
-
-
-
-######User
-####### [Get alert related user information](windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md)
-####### [Get user information](windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md)
-####### [Get user related alerts](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md)
-####### [Get user related machines](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md)
-
-
-
-
-#### [Use the threat intelligence API to create custom alerts](windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md)
-##### [Understand threat intelligence concepts](windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-##### [Enable the custom threat intelligence application](windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md)
-##### [Create custom threat intelligence alerts](windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md)
-##### [PowerShell code examples](windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md)
-##### [Python code examples](windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md)
-##### [Experiment with custom threat intelligence alerts](windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md)
-##### [Troubleshoot custom threat intelligence issues](windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
-
-#### [Reporting](reporting.md)
-##### [Create and build Power BI reports using Windows Defender ATP data](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md)
-
-#### [Permissions](permissions.md)
-##### [Manage portal access using RBAC](windows-defender-atp\rbac-windows-defender-advanced-threat-protection.md)
-##### [Create and manage machine groups](windows-defender-atp\machine-groups-windows-defender-advanced-threat-protection.md)
-
-
-
-### [Microsoft threat protection - Heike or Raviv or Alon - need to make new page - put anchors inside for each integ](integration.md)
-####  [Protect users, data, and devices with conditional access](windows-defender-atp\conditional-access-windows-defender-advanced-threat-protection.md)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-###Troubleshoot Windows Defender ATP
-#### [Review AV/NEXT GEN event logs and error codes to troubleshoot issues - Amitai, etc](windows-defender-antivirus\troubleshoot-windows-defender-antivirus.md)
-
-####Troubleshoot sensor state - Ask Heike name of sensor
-##### [Check sensor state](windows-defender-atp\check-sensor-status-windows-defender-advanced-threat-protection.md)
-##### [Fix unhealthy sensors](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
-##### [Inactive machines](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
-##### [Misconfigured machines](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
-##### [Review events and errors on machines with Event Viewer](windows-defender-atp\event-error-codes-windows-defender-advanced-threat-protection.md)
-
-#### [Troubleshoot Windows Defender ATP service issues](windows-defender-atp\troubleshoot-windows-defender-advanced-threat-protection.md)
-##### [Check service health](windows-defender-atp\service-status-windows-defender-advanced-threat-protection.md)
 
 ####Troubleshoot attack surface reduction
 ##### [Network protection](windows-defender-exploit-guard/troubleshoot-np.md)
@@ -360,40 +326,24 @@
 #### [Troubleshoot next generation protection](windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md)
 
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
 ## More Windows 10 security
 
 ### [The Windows Security app](windows-defender-security-center/windows-defender-security-center.md)
 #### [Customize the Windows Security app for your organization](windows-defender-security-center/wdsc-customize-contact-information.md)
 #### [Hide Windows Security app notifications](windows-defender-security-center/wdsc-hide-notifications.md)
-#### [Manage Windows Security app in Windows 10 in S mode](windows-defender-security-center\wdsc-windows-10-in-s-mode.md)
+#### [Manage Windows Security app in Windows 10 in S mode](windows-defender-security-center/wdsc-windows-10-in-s-mode.md)
 #### [Virus and threat protection](windows-defender-security-center/wdsc-virus-threat-protection.md)
-#### [Account protection](windows-defender-security-center\wdsc-account-protection.md)
+#### [Account protection](windows-defender-security-center/wdsc-account-protection.md)
-#### [Firewall and network protection](windows-defender-security-center\wdsc-firewall-network-protection.md)
+#### [Firewall and network protection](windows-defender-security-center/wdsc-firewall-network-protection.md)
-#### [App and browser control](windows-defender-security-center\wdsc-app-browser-control.md)
+#### [App and browser control](windows-defender-security-center/wdsc-app-browser-control.md)
-#### [Device security](windows-defender-security-center\wdsc-device-security.md)
+#### [Device security](windows-defender-security-center/wdsc-device-security.md)
-#### [Device performance and health](windows-defender-security-center\wdsc-device-performance-health.md)
+#### [Device performance and health](windows-defender-security-center/wdsc-device-performance-health.md)
-#### [Family options](windows-defender-security-center\wdsc-family-options.md)
+#### [Family options](windows-defender-security-center/wdsc-family-options.md)
 
 
-### [Windows Defender SmartScreen](windows-defender-smartscreen/windows-defender-smartscreen-overview.md)
+### [SmartScreen](windows-defender-smartscreen/windows-defender-smartscreen-overview.md)
-#### [Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md)
+#### [SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md)
-#### [Set up and use Windows Defender SmartScreen on individual devices](windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md)
+#### [Set up and use SmartScreen on individual devices](windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md)
 
 
 ### [Windows Defender Device Guard: virtualization-based security and WDAC](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)

windows/security/threat-protection/evaluate-atp.md

@@ -1,51 +0,0 @@
----
-title: Evaluate Windows Defender Advanced Threat Protection
-description: 
-keywords: 
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: high
-ms.date: 08/10/2018
----
-
-# Evaluate Windows Defender ATP capabilities
-Windows Defender Advanced Threat Protection (ATP) is a unified platform for preventative protection, post-breach detection, automated investigation, and response.
-
-You can evaluate Windows Defender Advanced Threat Protection in your organization by [Starting your free trial](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp)
-
-You can also evaluate the different security capabilities in Windows Defender ATP by using the following instructions. 
-
-## Evaluate attack surface reduction
-These capabilities help prevent attacks and exploitations from infecting your organization.
-- [Evaluate attack surface reduction](./windows-defender-exploit-guard/evaluate-attack-surface-reduction.md)
-- [Evaluate exploit protection](windows-defender-exploit-guard/evaluate-exploit-protection.md)
-- [Evaluate network protection](windows-defender-exploit-guard/evaluate-exploit-protection.md)
-- [Evaluate controlled folder access](evaluate-controlled-folder-access.md)
-- [Evaluate application guard](windows-defender-application-guard/test-scenarios-wd-app-guard.md)
-- [Evaluate network firewall](windows-firewall\evaluating-windows-firewall-with-advanced-security-design-examples.md)
-
-## Evaluate next generation protection
-Next gen protections help detect and block the latest threats.
-- [Evaluate antivirus](windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
-
-## Endpoint detection and response
-- [Learn about the alerts queue](windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md)
-- [Learn about the machines list](windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md)
-- [Learn how to take response actions](windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md)
-
-## Auto investigation
-- [Learn about automated investigation and remediation](windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md)
-
-## Security posture
-- [Learn about improving your security posture](windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md)
-
-## Advanced hunting
-- [Learn how to build your own advanced hunting queries](windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md)
-
-## See Also
-[Get started with Windows Defender Advanced Threat Protection](get-started.md)

windows/security/threat-protection/onboard.md

@@ -1,24 +0,0 @@
----
-title: Configure Windows Defender ATP 
-description: 
-keywords: 
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: high
-ms.date: 07/01/2018
----
-
-# Configure Windows Defender ATP 
-
-Configure all the Windows Defender ATP capabilities to get the best security protection for your organization. 
-
-
-## In this section 
-[Onboard machines to Windows Defender Security Center](windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection) | Onboard machines to the platform.
-[Configure attack surface reduction capabilities](configure-attack-surface-reduction.md)
-[Configure next generation protection]()

windows/security/threat-protection/windows-defender-atp/TOC.md

@@ -1,7 +1,9 @@
 # [Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md)
 
 
-## [Overview](overview-attack-surface-reduction.md)
+## [Overview](overview.md)
+### [Windows Defender Security Center](use-windows-defender-advanced-threat-protection.md)
+#### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
 ### [Attack surface reduction](overview-attack-surface-reduction.md)
 #### [Hardware-based isolation](../windows-defender-application-guard/wd-app-guard-overview.md)
 #### [Application control](../windows-defender-application-control/windows-defender-application-control.md)
@@ -12,158 +14,16 @@
 #### [Network firewall](../windows-firewall/windows-firewall-with-advanced-security.md)
 ### [Next generation protection](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
 ### [Endpoint detection and response](overview-endpoint-detection-response.md)
-### [Auto investigation](../windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md)
+#### [Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md)
-### [Security posture]()
+### [Auto investigation](automated-investigations-windows-defender-advanced-threat-protection.md)
-### [Advanced hunting]()
+### [Secure score](overview-secure-score-windows-defender-advanced-threat-protection.md)
-### [Management and APIs]()
+#### [Threat analytics](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
-### [Microsoft threat protection]()
+### [Advanced hunting](overview-hunting-windows-defender-advanced-threat-protection.md)
-### [Windows Defender Security Center](use-windows-defender-advanced-threat-protection.md)
+### [Microsoft threat protection - Heike or Raviv or Alon - need to make new page - put anchors inside for each integ](threat-protection-integration.md)
-#### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
+####  [Protect users, data, and devices with conditional access](conditional-access-windows-defender-advanced-threat-protection.md)
-#### [View the Security operations dashboard - consdier moving to the relevant pillar](security-operations-dashboard-windows-defender-advanced-threat-protection.md)
 #### [Access the Windows Defender Security Center Community Center](community-windows-defender-advanced-threat-protection.md)
 
-
+## [Get started](get-started.md)
-### [Endpoint detection and response - Tomer B.](../edr.md)
-####Alerts queue
-##### [View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
-##### [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-##### [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
-##### [Investigate files](investigate-files-windows-defender-advanced-threat-protection.md)
-##### [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md)
-##### [Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md)
-##### [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md)
-##### [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md)
-
-####Machines list
-##### [View and organize the Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
-##### [Manage machine group and tags](investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags)
-##### [Alerts related to this machine](investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine)
-##### [Machine timeline](investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline)
-###### [Search for specific events](investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events)
-###### [Filter events from a specific date](investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
-###### [Export machine timeline events](investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
-###### [Navigate between pages](investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
- 
-#### [Take response actions](response-actions-windows-defender-advanced-threat-protection.md)
-##### [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md)
-###### [Collect investigation package](respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines)
-###### [Run antivirus scan](respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines)
-###### [Restrict app execution](respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution)
-###### [Remove app restriction](respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction)
-###### [Isolate machines from the network](respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
-###### [Release machine from isolation](respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation)
-###### [Check activity details in Action center](respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
-
-##### [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md)
-###### [Stop and quarantine files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
-###### [Remove file from quarantine](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
-###### [Block files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
-###### [Remove file from blocked list](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list)
-###### [Check activity details in Action center](respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
-###### [Deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
-###### [Submit files for analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
-###### [View deep analysis reports](respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
-###### [Troubleshoot deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
-
-#### [Query data using Advanced hunting](advanced-hunting-windows-defender-advanced-threat-protection.md)
-##### [Advanced hunting reference](advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
-##### [Advanced hunting query language best practices](advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
-
-### [Automatic investigation and remediation - Benny](automated-investigations-windows-defender-advanced-threat-protection.md)
-
-###Security posture
-#### [Secure posture - Evald](secure-score-dashboard-windows-defender-advanced-threat-protection.md)
-#### [View the Threat analytics dashboard and take recommended mitigation actions - Evald](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
-
-### [Management and APIs](../management-apis.md)
-#### [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md)
-##### [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md)
-##### [Configure Splunk to pull alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
-##### [Configure HP ArcSight to pull alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
-##### [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
-##### [Pull alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
-##### [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)
-
-#### [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md)
-##### [Supported Windows Defender ATP APIs](supported-apis-windows-defender-advanced-threat-protection.md)
-######Actor
-####### [Get actor information](get-actor-information-windows-defender-advanced-threat-protection.md)
-####### [Get actor related alerts](get-actor-related-alerts-windows-defender-advanced-threat-protection.md)
-######Alerts
-####### [Get alerts](get-alerts-windows-defender-advanced-threat-protection.md)
-####### [Get alert information by ID](get-alert-info-by-id-windows-defender-advanced-threat-protection.md)
-####### [Get alert related actor information](get-alert-related-actor-info-windows-defender-advanced-threat-protection.md)
-####### [Get alert related domain information](get-alert-related-domain-info-windows-defender-advanced-threat-protection.md)
-####### [Get alert related file information](get-alert-related-files-info-windows-defender-advanced-threat-protection.md)
-####### [Get alert related IP information](get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
-####### [Get alert related machine information](get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
-#######Domain
-########  [Get domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
-######## [Get domain related machines](get-domain-related-machines-windows-defender-advanced-threat-protection.md)
-######## [Get domain statistics](get-domain-statistics-windows-defender-advanced-threat-protection.md)
-######## [Is domain seen in organization](is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
-
-######File
-####### [Block file API](block-file-windows-defender-advanced-threat-protection.md)
-####### [Get file information](get-file-information-windows-defender-advanced-threat-protection.md)
-####### [Get file related alerts](get-file-related-alerts-windows-defender-advanced-threat-protection.md)
-####### [Get file related machines](get-file-related-machines-windows-defender-advanced-threat-protection.md)
-####### [Get file statistics](get-file-statistics-windows-defender-advanced-threat-protection.md)
-####### [Get FileActions collection API](get-fileactions-collection-windows-defender-advanced-threat-protection.md)
-####### [Unblock file API](unblock-file-windows-defender-advanced-threat-protection.md)
-
-######IP
-####### [Get IP related alerts](get-ip-related-alerts-windows-defender-advanced-threat-protection.md)
-####### [Get IP related machines](get-ip-related-machines-windows-defender-advanced-threat-protection.md)
-####### [Get IP statistics](get-ip-statistics-windows-defender-advanced-threat-protection.md)
-####### [Is IP seen in organization](is-ip-seen-org-windows-defender-advanced-threat-protection.md)
-######Machines
-####### [Collect investigation package API](collect-investigation-package-windows-defender-advanced-threat-protection.md)
-####### [Find machine information by IP](find-machine-info-by-ip-windows-defender-advanced-threat-protection.md)
-####### [Get machines](get-machines-windows-defender-advanced-threat-protection.md)
-####### [Get FileMachineAction object API](get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
-####### [Get FileMachineActions collection API](get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
-####### [Get machine by ID](get-machine-by-id-windows-defender-advanced-threat-protection.md)
-####### [Get machine log on users](get-machine-log-on-users-windows-defender-advanced-threat-protection.md)
-####### [Get machine related alerts](get-machine-related-alerts-windows-defender-advanced-threat-protection.md)
-####### [Get MachineAction object API](get-machineaction-object-windows-defender-advanced-threat-protection.md)
-####### [Get MachineActions collection API](get-machineactions-collection-windows-defender-advanced-threat-protection.md)
-####### [Get machines](get-machines-windows-defender-advanced-threat-protection.md)
-####### [Get package SAS URI API](get-package-sas-uri-windows-defender-advanced-threat-protection.md)
-####### [Isolate machine API](isolate-machine-windows-defender-advanced-threat-protection.md)
-####### [Release machine from isolation API](unisolate-machine-windows-defender-advanced-threat-protection.md)
-####### [Remove app restriction API](unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
-####### [Request sample API](request-sample-windows-defender-advanced-threat-protection.md)
-####### [Restrict app execution API](restrict-code-execution-windows-defender-advanced-threat-protection.md)
-####### [Run antivirus scan API](run-av-scan-windows-defender-advanced-threat-protection.md)
-####### [Stop and quarantine file API](stop-quarantine-file-windows-defender-advanced-threat-protection.md)
-
-######User
-####### [Get alert related user information](get-alert-related-user-info-windows-defender-advanced-threat-protection.md)
-####### [Get user information](get-user-information-windows-defender-advanced-threat-protection.md)
-####### [Get user related alerts](get-user-related-alerts-windows-defender-advanced-threat-protection.md)
-####### [Get user related machines](get-user-related-machines-windows-defender-advanced-threat-protection.md)
-
-#### [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md)
-##### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-##### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
-##### [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md)
-##### [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md)
-##### [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md)
-##### [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
-##### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
-
-#### [Reporting](../reporting.md)
-##### [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
-
-#### [Permissions](../permissions.md)
-##### [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md)
-##### [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md)
-
-### [Microsoft threat protection - Heike or Raviv or Alon - need to make new page - put anchors inside for each integ](../integration.md)
-####  [Protect users, data, and devices with conditional access](conditional-access-windows-defender-advanced-threat-protection.md)
-
-## [Get started](../get-started.md)
 ### [Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md)
 ### [Validate licensing and complete setup](licensing-windows-defender-advanced-threat-protection.md)
 
@@ -171,19 +31,19 @@
 ### [Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md)
 ### [Assign user access to the portal](assign-portal-access-windows-defender-advanced-threat-protection.md)
 
-
+### [Evaluate Windows Defender ATP](evaluate-atp.md)
-### [Evaluate Windows Defender ATP](../evaluate-atp.md)
 #### [Hardware-based isolation](../windows-defender-application-guard/test-scenarios-wd-app-guard.md)
 #### [Application control](../windows-defender-application-control/audit-windows-defender-application-control-policies.md)
 #### [Exploit protection](../windows-defender-exploit-guard/evaluate-exploit-protection.md)
 #### [Network Protection](../windows-defender-exploit-guard/evaluate-network-protection.md)
 #### [Controlled folder access](../windows-defender-exploit-guard/evaluate-controlled-folder-access.md)
 #### [Attack surface reduction controls](../windows-defender-exploit-guard/evaluate-attack-surface-reduction.md)
-#### [Evaluate Windows Defender Antivirus protection](../windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
+#### [Next gen protection](../windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
 
  
-## [Onboard and configure machines to Windows Defender ATP](../onboard.md)
+
-### [Onboard machines - need to revise this page](onboard-configure-windows-defender-advanced-threat-protection.md)
+## [Onboard machines, configure, and manage capabilities](onboard.md)
+### [Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md)
 #### [Onboard previous versions of Windows](onboard-downlevel-windows-defender-advanced-threat-protection.md)
 #### [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
 ##### [Onboard machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
@@ -201,7 +61,40 @@
 ##### [Troubleshoot subscription and portal access issues](troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
 
 
-###[Configure attack surface reduction](../configure-attack-surface-reduction.md)
+### [Configure Windows Defender Security Center settings](preferences-setup-windows-defender-advanced-threat-protection.md)
+####General
+##### [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md)
+##### [Configure alert notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md)
+##### [Enable and create Power BI reports using Windows Defender Security center data](powerbi-reports-windows-defender-advanced-threat-protection.md)
+##### [Enable Secure score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md)
+##### [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md)
+ 
+ 
+####Permissions
+##### [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md)
+##### [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md)
+
+
+####APIs
+##### [Enable Threat intel](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+##### [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md)
+
+
+####Rules
+##### [Manage suppression rules](manage-suppression-rules-windows-defender-advanced-threat-protection.md)
+##### [Manage automation allowed/blocked](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
+##### [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
+##### [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
+
+
+####Machine management
+##### [Onboarding machines](onboard-configure-windows-defender-advanced-threat-protection.md)
+##### [Offboarding machines](offboard-machines-windows-defender-advanced-threat-protection.md)
+ 
+ 
+#### [Configure Windows Defender Security Center time zone settings](time-settings-windows-defender-advanced-threat-protection.md)
+
+### [Configure attack surface reduction](configure-attack-surface-reduction.md)
 #### [Hardware-based isolation](../windows-defender-application-guard/install-wd-app-guard.md)
 ##### [Group Policy settings](../windows-defender-application-guard/configure-wd-app-guard.md) 
 #### [Exploit protection](../windows-defender-exploit-guard/enable-exploit-protection.md)
@@ -264,44 +157,146 @@
 ##### [Use PowerShell cmdlets to configure and manage Windows Defender AV](../windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
 ##### [Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender AV](../windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
 ##### [Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender AV](../windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
-
+### [Manage endpoint detection and response capabilities](manage-edr.md)
-
+####Alerts queue
-### [Windows Defender Security Center settings](preferences-setup-windows-defender-advanced-threat-protection.md)
+##### [View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
-####General
+##### [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-##### [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md)
+##### [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
-##### [Configure alert notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md)
+##### [Investigate files](investigate-files-windows-defender-advanced-threat-protection.md)
-##### [Enable and create Power BI reports using Windows Defender Security center data](powerbi-reports-windows-defender-advanced-threat-protection.md)
+##### [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md)
-##### [Enable Secure score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md)
+##### [Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md)
-##### [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md)
+##### [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md)
+##### [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md)
  
+####Machines list
+##### [View and organize the Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
+##### [Manage machine group and tags](investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags)
+##### [Alerts related to this machine](investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine)
+##### [Machine timeline](investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline)
+###### [Search for specific events](investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events)
+###### [Filter events from a specific date](investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
+###### [Export machine timeline events](investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
+###### [Navigate between pages](investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
  
-####APIs
+#### [Take response actions](response-actions-windows-defender-advanced-threat-protection.md)
-##### [Enable Threat intel](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+##### [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md)
+###### [Collect investigation package](respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines)
+###### [Run antivirus scan](respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines)
+###### [Restrict app execution](respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution)
+###### [Remove app restriction](respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction)
+###### [Isolate machines from the network](respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
+###### [Release machine from isolation](respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation)
+###### [Check activity details in Action center](respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
+
+##### [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md)
+###### [Stop and quarantine files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
+###### [Remove file from quarantine](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
+###### [Block files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
+###### [Remove file from blocked list](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list)
+###### [Check activity details in Action center](respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
+###### [Deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
+###### [Submit files for analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
+###### [View deep analysis reports](respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
+###### [Troubleshoot deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
+
+#### [Query data using Advanced hunting](advanced-hunting-windows-defender-advanced-threat-protection.md)
+##### [Advanced hunting reference](advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
+##### [Advanced hunting query language best practices](advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
+
+### [Manage automatic investigation and remediation](manage-auto-investigation-windows-defender-advanced-threat-protection.md)
+
+### [Configure Security score dashboard security controls](secure-score-dashboard-windows-defender-advanced-threat-protection.md)
+
+### [Management and APIs](management-apis.md)
+#### [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md)
 ##### [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md)
+##### [Configure Splunk to pull alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
+##### [Configure HP ArcSight to pull alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
+##### [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
+##### [Pull alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
+##### [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)
+
+#### [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md)
+##### [Supported Windows Defender ATP APIs](supported-apis-windows-defender-advanced-threat-protection.md)
+######Actor
+####### [Get actor information](get-actor-information-windows-defender-advanced-threat-protection.md)
+####### [Get actor related alerts](get-actor-related-alerts-windows-defender-advanced-threat-protection.md)
+######Alerts
+####### [Get alerts](get-alerts-windows-defender-advanced-threat-protection.md)
+####### [Get alert information by ID](get-alert-info-by-id-windows-defender-advanced-threat-protection.md)
+####### [Get alert related actor information](get-alert-related-actor-info-windows-defender-advanced-threat-protection.md)
+####### [Get alert related domain information](get-alert-related-domain-info-windows-defender-advanced-threat-protection.md)
+####### [Get alert related file information](get-alert-related-files-info-windows-defender-advanced-threat-protection.md)
+####### [Get alert related IP information](get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
+####### [Get alert related machine information](get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
+#######Domain
+########  [Get domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
+######## [Get domain related machines](get-domain-related-machines-windows-defender-advanced-threat-protection.md)
+######## [Get domain statistics](get-domain-statistics-windows-defender-advanced-threat-protection.md)
+######## [Is domain seen in organization](is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
+
+######File
+####### [Block file API](block-file-windows-defender-advanced-threat-protection.md)
+####### [Get file information](get-file-information-windows-defender-advanced-threat-protection.md)
+####### [Get file related alerts](get-file-related-alerts-windows-defender-advanced-threat-protection.md)
+####### [Get file related machines](get-file-related-machines-windows-defender-advanced-threat-protection.md)
+####### [Get file statistics](get-file-statistics-windows-defender-advanced-threat-protection.md)
+####### [Get FileActions collection API](get-fileactions-collection-windows-defender-advanced-threat-protection.md)
+####### [Unblock file API](unblock-file-windows-defender-advanced-threat-protection.md)
+
+######IP
+####### [Get IP related alerts](get-ip-related-alerts-windows-defender-advanced-threat-protection.md)
+####### [Get IP related machines](get-ip-related-machines-windows-defender-advanced-threat-protection.md)
+####### [Get IP statistics](get-ip-statistics-windows-defender-advanced-threat-protection.md)
+####### [Is IP seen in organization](is-ip-seen-org-windows-defender-advanced-threat-protection.md)
+######Machines
+####### [Collect investigation package API](collect-investigation-package-windows-defender-advanced-threat-protection.md)
+####### [Find machine information by IP](find-machine-info-by-ip-windows-defender-advanced-threat-protection.md)
+####### [Get machines](get-machines-windows-defender-advanced-threat-protection.md)
+####### [Get FileMachineAction object API](get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
+####### [Get FileMachineActions collection API](get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
+####### [Get machine by ID](get-machine-by-id-windows-defender-advanced-threat-protection.md)
+####### [Get machine log on users](get-machine-log-on-users-windows-defender-advanced-threat-protection.md)
+####### [Get machine related alerts](get-machine-related-alerts-windows-defender-advanced-threat-protection.md)
+####### [Get MachineAction object API](get-machineaction-object-windows-defender-advanced-threat-protection.md)
+####### [Get MachineActions collection API](get-machineactions-collection-windows-defender-advanced-threat-protection.md)
+####### [Get machines](get-machines-windows-defender-advanced-threat-protection.md)
+####### [Get package SAS URI API](get-package-sas-uri-windows-defender-advanced-threat-protection.md)
+####### [Isolate machine API](isolate-machine-windows-defender-advanced-threat-protection.md)
+####### [Release machine from isolation API](unisolate-machine-windows-defender-advanced-threat-protection.md)
+####### [Remove app restriction API](unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
+####### [Request sample API](request-sample-windows-defender-advanced-threat-protection.md)
+####### [Restrict app execution API](restrict-code-execution-windows-defender-advanced-threat-protection.md)
+####### [Run antivirus scan API](run-av-scan-windows-defender-advanced-threat-protection.md)
+####### [Stop and quarantine file API](stop-quarantine-file-windows-defender-advanced-threat-protection.md)
 
 
-####Rules
+######User
-##### [Manage suppression rules](manage-suppression-rules-windows-defender-advanced-threat-protection.md)
+####### [Get alert related user information](get-alert-related-user-info-windows-defender-advanced-threat-protection.md)
-##### [Manage automation allowed/blocked](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
+####### [Get user information](get-user-information-windows-defender-advanced-threat-protection.md)
-##### [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
+####### [Get user related alerts](get-user-related-alerts-windows-defender-advanced-threat-protection.md)
-##### [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
+####### [Get user related machines](get-user-related-machines-windows-defender-advanced-threat-protection.md)
 
 
-####Machine management
+#### [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md)
-##### [Onboarding machines](onboard-configure-windows-defender-advanced-threat-protection.md)
+##### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-##### [Offboarding machines](offboard-machines-windows-defender-advanced-threat-protection.md)
+##### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
- 
+##### [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md)
- 
+##### [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md)
-#### [Configure Windows Defender Security Center time zone settings](time-settings-windows-defender-advanced-threat-protection.md)
+##### [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md)
+##### [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
+##### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
 
+####Reporting
+##### [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
 
-##Troubleshoot Windows Defender ATP
+## [Troubleshoot Windows Defender ATP](troubleshoot-wdatp.md)
 
 ###Troubleshoot sensor state
-### [Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md)
+#### [Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md)
-### [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
+#### [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
-### [Inactive machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
+#### [Inactive machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
-### [Misconfigured machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
+#### [Misconfigured machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
 ### [Review events and errors on machines with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)
  
 ### [Troubleshoot Windows Defender ATP service issues](troubleshoot-windows-defender-advanced-threat-protection.md)
@@ -324,8 +319,3 @@
 
 
 
-
-
-
-
-

windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md

@@ -15,22 +15,8 @@ ms.date: 06/13/2018
 
 # Query data using Advanced hunting in Windows Defender ATP
 
-**Applies to:**
-
-
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
-
-
-
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
 
-Advanced hunting allows you to proactively hunt for possible threats across your organization using a powerful search and query tool. Take advantage of the following capabilities: 
-
-- **Powerful query language with IntelliSense** - Built on top of a query language that gives you the flexibility you need to take hunting to the next level.
-- **Query the stored telemetry** - The telemetry data is accessible in tables for you to query. For example, you can query process creation, network communication, and many other event types.
-- **Links to portal** - Certain query results, such as machine names and file names are actually direct links to the portal, consolidating the Advanced hunting query experience and the existing portal investigation experience.
-- **Query examples** - A welcome page provides examples designed to get you started and get you familiar with the tables and the query language.
 
 To get you started in querying your data, you can use the basic or Advanced query examples that have some preloaded queries for you to understand the basic query syntax.
 

windows/security/threat-protection/windows-defender-atp/alerts-queue-endpoint-detection-response.md

@@ -0,0 +1,32 @@
+---
+title: Alerts queue in Windows Defender Security Center
+description: View and manage the alerts surfaced in Windows Defender Security Center
+keywords: 
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/12/2018
+---
+
+# Alerts queue in Windows Defender Security Center
+Learn how you can view and manage the queue so that you can effectively investigate threats seen on entities such as machines, files, or user accounts.
+
+
+## In this section
+Topic | Description 
+:---|:---
+[View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md) | Shows a list of alerts that were flagged in your network.
+[Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md) | Learn about how you can manage alerts such as change its status, assign it to a security operations member, and see the history of an alert.
+[Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)| Investigate alerts that are affecting your network, understand what they mean, and how to resolve them.
+[Investigate files](investigate-files-windows-defender-advanced-threat-protection.md)| Investigate the details of a file associated with a specific alert, behaviour, or event. 
+[Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md)| Investigate the details of a machine associated with a specific alert, behaviour, or event. 
+[Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md) | Examine possible communication between machines in your network and external internet protocol (IP) addresses.
+[Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md) | Investigate a domain to see if machines and servers in your network have been communicating with a known malicious domain. 
+[Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md) | Identify user accounts with the most active alerts and investigate cases of potential compromised credentials.  
+
+

windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md

@@ -15,13 +15,6 @@ ms.date: 05/21/2018
 
 # Use Automated investigations to investigate and remediate threats
 
-**Applies to:**
-
-
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
-BENNY: look at this page and see if there are "settings/ configurations" if yes, point them to the settings page and remove it from here.
-
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automated-investigations-abovefoldlink)
 
 The Windows Defender ATP service has a wide breadth of visibility on multiple machines. With this kind of optics, the service generates a multitude of alerts. The volume of alerts generated can be challenging for a typical security operations team to individually address.
@@ -79,191 +72,10 @@ The default machine group is configured for semi-automatic remediation. This mea
 
 When a pending action is approved, the entity is then remediated and this new state is reflected in the **Entities** tab of the investigation.
 
-
-## Manage Automated investigations
-By default, the Automated investigations list displays investigations initiated in the last week. You can also choose to select other time ranges from the drop-down menu or specify a custom range. 
-
->[!NOTE]
->If your organization has implemented role-based access to manage portal access, only authorized users or user groups who have permission to view the machine or machine group will be able to view the entire investigation. 
-
-Use the **Customize columns** drop-down menu to select columns that you'd like to show or hide. 
-
-From this view, you can also download the entire list in CSV format using the **Export** button, specify the number of items to show per page, and navigate between pages. You also have the flexibility to filter the list based on your preferred criteria.
-
-![Image of Auto investigations page](images/atp-auto-investigations-list.png)
-
- 
-**Filters**</br>
-You can use the following operations to customize the list of Automated investigations displayed:
-
-
-**Triggering alert**</br>
-The alert the initiated the Automated investigation.
-
-**Status**</br>
-An Automated investigation can be in one of the following status:
-
-Status | Description
-:---|:---
-| No threats found                                          | No malicious entities found during the investigation.
-| Failed                                                    | A problem has interrupted the investigation, preventing it from completing.                                                         |
-| Partially remediated                                      | A problem prevented the remediation of some malicious entities.                                                                     |
-| Pending                                           | Remediation actions require review and approval.                                                                                    |
-| Waiting for machine                                       | Investigation paused. The investigation will resume as soon as the machine is available.                                            |
-| Queued                                                    | Investigation has been queued and will resume as soon as other remediation activities are completed.                                |
-| Running                                                   | Investigation ongoing. Malicious entities found will be remediated.                                                                 |
-| Remediated                                                | Malicious entities found were successfully remediated.                                                                              |
-| Terminated by system                                      | Investigation was stopped by the system.                                                                                          |
-| Terminated by user                                        | A user stopped the investigation before it could complete.  
-| Partially investigated                                    | Entities directly related to the alert have been investigated. However, a problem stopped the investigation of collateral entities. |
-
-
-
-**Detection source**</br>
-Source of the alert that initiated the Automated investigation. 
-
-**Threat**</br>
-The category of threat detected during the Automated investigation.
-
-
-**Tags**</br>
-Filter using manually added tags that capture the context of an Automated investigation.
-
-**Machines**</br>
-You can filter the Automated investigations list to zone in a specific machine to see other investigations related to the machine.
-
-**Machine groups**</br>
-Apply this filter to see specific machine groups that you might have created.
-
-**Comments**</br>
-Select between filtering the list between Automated investigations that have comments and those that don't.
-
-## Analyze Automated investigations 
-You can view the details of an Automated investigation to see information such as the investigation graph, alerts associated with the investigation, the machine that was investigated, and other information.
-
-In this view, you'll see the name of the investigation, when it started and ended. 
-
-![Image of investigation details window](images/atp-analyze-auto-ir.png)
-
-The progress ring shows two status indicators:
-- Orange ring - shows the pending portion of the investigation
-- Green ring - shows the running time portion of the investigation
-
-![Image of start, end, and pending time for an automated investigation](images/atp-auto-investigation-pending.png) 
-
-In the example image, the automated investigation started on 10:26:59 AM and ended on 10:56:26 AM. Therefore, the entire investigation was running for 29 minutes and 27 seconds. 
-
-The pending time of 16 minutes and 51 seconds reflects two possible pending states: pending for asset (for example, the device might have disconnected from the network) or pending for approval. 
-
-From this view, you can also view and add comments and tags about the investigation.
-
-### Investigation page
-The investigation page gives you a quick summary on the status, alert severity, category, and detection source.
-
-You'll also have access to the following sections that help you see details of the investigation with finer granularity:
-
-- Investigation graph
-- Alerts
-- Machines
-- Threats
-- Entities
-- Log
-- Pending actions
-
-  >[!NOTE]
-  >The Pending actions tab is only displayed if there are actual pending actions.
-
-- Pending actions history
-
-  >[!NOTE]
-  >The Pending actions history tab is only displayed when an investigation is complete.
-
-In any of the sections, you can customize columns to further expand to limit the details you see in a section.
-
-### Investigation graph
-The investigation graph provides a graphical representation of an Automated investigation. All investigation related information is simplified and arranged in specific sections. Clicking on any of the icons brings you the relevant section where you can view more information.
-
-### Alerts
-Shows details such as a short description of the alert that initiated the Automated investigation, severity, category, the machine associated with the alert, user, time in queue, status, investigation state, and who the investigation is assigned to. 
-
-Additional alerts seen on a machine can be added to an Automated investigation as long as the investigation is ongoing. 
-
-Selecting an alert using the check box brings up the alerts details pane where you have the option of opening the alert page, manage the alert by changing its status, see alert details, Automated investigation details, related machine, logged-on users, and comments and history. 
-
-Clicking on an alert title brings you the alert page.
-
-### Machines
-Shows details the machine name, IP address, group, users, operating system, remediation level, investigation count, and when it was last investigated.
-
-Machines that show the same threat can be added to an ongoing investigation and will be displayed in this tab. If 10 or more machines are found during this expansion process from the same entity, then that expansion action will require an approval and will be seen in the **Pending actions** view.
-
-Selecting a machine using the checkbox brings up the machine details pane where you can see more information such as machine details and logged-on users.
-
-Clicking on an machine name brings you the machine page.
-
-### Threats
-Shows details related to threats associated with this investigation. 
-
-### Entities
-Shows details about entities such as files, process, services, drives, and IP addresses. The table details such as the number of entities that were analyzed. You'll gain insight into details such as how many are remediated, suspicious, or determined to be clean.
-
-### Log
-Gives a chronological detailed view of all the investigation actions taken on the alert. You'll see the action type, action, status, machine name, description of the action, comments entered by analysts who may have worked on the investigation, execution start time, duration, pending duration.
-
-As with other sections, you can customize columns, select the number of items to show per page, and filter the log.
-
-Available filters include action type, action, status, machine name, and description.
-
-You can also click on an action to bring up the details pane where you'll see information such as the summary of the action and input data. 
-
-### Pending actions history
-This tab is only displayed when an investigation is complete and shows all pending actions taken during the investigation.
-
-
-## Pending actions
-If there are pending actions on an Automated investigation, you'll see a pop up similar to the following image. 
-
-![Image of pending actions](images\atp-pending-actions-notification.png)
-
-When you click on the pending actions link, you'll be taken to the pending actions page. You can also navigate to the page from the navigation page by going to **Automated investigation** > **Pending actions**.
-
- 
-The pending actions view aggregates all investigations that require an action for an investigation to proceed or be completed.
-
-![Image of pending actions page](images/atp-pending-actions-list.png)
-
-Use the Customize columns drop-down menu to select columns that you'd like to show or hide. 
-
-From this view, you can also download the entire list in CSV format using the **Export** feature, specify the number of items to show per page, and navigate between pages.
-
-Pending actions are grouped together in the following tabs:
--  Quarantine file
--  Remove persistence
--  Stop process
--  Expand pivot
--  Quarantine service
-
->[!NOTE]
->The tab will only appear if there are pending actions for that category.
-
-### Approve or reject an action
-You'll need to manually approve or reject pending actions on each of these categories for the automated actions to proceed.
-
-
-![Image of list of pending actions](images/atp-approve-reject-action.png)
-
-Selecting an investigation from any of the categories opens a panel where you can approve or reject the remediation. Other details such as file or service details, investigation details, and alert details are displayed.
-
-![Image of pending action selected](images/atp-pending-actions-file.png)
-
-From the panel, you can click on the Open investigation page link to see the investigation details.
-
-You also have the option of selecting multiple investigations to approve or reject actions on multiple investigations. 
-
-![Image of multiple investigations selected](images/atp-pending-actions-multiple.png)
-
 ## Related topic
-- [Investigate Windows Defender ATP alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
+- [Manage automated investigations](manage-auto-investigation-windows-defender-advanced-threat-protection.md)
+
+
 
 
 

windows/security/threat-protection/windows-defender-atp/evaluate-atp.md

@@ -0,0 +1,51 @@
+---
+title: Evaluate Windows Defender Advanced Threat Protection
+description: 
+keywords: 
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 08/10/2018
+---
+
+# Evaluate Windows Defender ATP capabilities
+Windows Defender Advanced Threat Protection (Windows Defender ATP) is a unified platform for preventative protection, post-breach detection, automated investigation, and response.
+
+You can evaluate Windows Defender Advanced Threat Protection in your organization by [Starting your free trial](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp)
+
+You can also evaluate the different security capabilities in Windows Defender ATP by using the following instructions. 
+
+## Evaluate attack surface reduction
+These capabilities help prevent attacks and exploitations from infecting your organization.
+- [Evaluate attack surface reduction](../windows-defender-exploit-guard/evaluate-attack-surface-reduction.md)
+- [Evaluate exploit protection](../windows-defender-exploit-guard/evaluate-exploit-protection.md)
+- [Evaluate network protection](../windows-defender-exploit-guard/evaluate-exploit-protection.md)
+- [Evaluate controlled folder access](../windows-defender-exploit-guard/evaluate-controlled-folder-access.md)
+- [Evaluate application guard](../windows-defender-application-guard/test-scenarios-wd-app-guard.md)
+- [Evaluate network firewall](../windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
+
+## Evaluate next generation protection
+Next gen protections help detect and block the latest threats.
+- [Evaluate antivirus](../windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
+
+## Endpoint detection and response
+- [Learn about the alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
+- [Learn about the machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
+- [Learn how to take response actions](response-actions-windows-defender-advanced-threat-protection.md)
+
+## Auto investigation
+- [Learn about automated investigation and remediation](automated-investigations-windows-defender-advanced-threat-protection.md)
+
+## Security posture
+- [Learn about improving your security posture](secure-score-dashboard-windows-defender-advanced-threat-protection.md)
+
+## Advanced hunting
+- [Learn how to build your own advanced hunting queries](advanced-hunting-windows-defender-advanced-threat-protection.md)
+
+## See Also
+[Get started with Windows Defender Advanced Threat Protection](get-started.md)

windows/security/threat-protection/windows-defender-atp/get-started.md

@@ -34,22 +34,21 @@ In conjunction with being able to quickly respond to advanced attacks, Windows D
 Windows Defender ATP provides a security posture capability to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security state of your network.
 
 **Advanced hunting**<br>
-
+Advanced hunting allows you to hunt for possible threats across your organization using a powerful search and query tool. You can also create custom detection rules based on the queries you created and surface alerts in Windows Defender Security Center. 
 
 **Management and APIs**<br>
-
+Integrate Windows Defender Advanced Threat Protection into your existing workflows.
 
 **Microsoft threat protection**<br>
+Bring the power of Microsoft threat protection to your organization.
 
 ## In this section 
-
-
 Topic | Description 
 :---|:---
-[Minimum requirements](windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md) | Learn about the requirements for onboarding machines to the platform. 
+[Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md) | Learn about the requirements for onboarding machines to the platform. 
-[Validate licensing and complete setup](windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md) | Get guidance on how to check that licenses have been provisioned to your organization and how to access the portal for the first time.
+[Validate licensing and complete setup](licensing-windows-defender-advanced-threat-protection.md) | Get guidance on how to check that licenses have been provisioned to your organization and how to access the portal for the first time.
-[Troubleshoot subscription and portal access issues](windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md) | Address issues that might surface when setting up the Windows Defender ATP service and capabilities.
+[Troubleshoot subscription and portal access issues](troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md) | Address issues that might surface when setting up the Windows Defender ATP service and capabilities.
-[Preview features](windows-defender-atp/preview-windows-defender-advanced-threat-protection.md) | Learn about new features in the Windows Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience.
+[Preview features](preview-windows-defender-advanced-threat-protection.md) | Learn about new features in the Windows Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience.
-[Data storage and privacy](windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md) | Explains the data storage and privacy details related to Windows Defender ATP.
+[Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md) | Explains the data storage and privacy details related to Windows Defender ATP.
-[Assign user access to the portal](windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md) | Set permissions to manage who can access the portal. You can set basic permissions or set granular permissions using role-based access control (RBAC).
+[Assign user access to the portal](assign-portal-access-windows-defender-advanced-threat-protection.md) | Set permissions to manage who can access the portal. You can set basic permissions or set granular permissions using role-based access control (RBAC).
 [Evaluate Windows Defender ATP](evaluate-atp.md) | Evaluate the various capabilities in Windows Defender ATP and test features out.

windows/security/threat-protection/windows-defender-atp/machines-list-endpoint-detection-response.md

@@ -0,0 +1,19 @@
+---
+title: Machines list in Windows Defender Security Center
+description: View and manage the machines list in Windows Defender Security Center
+keywords: 
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 07/01/2018
+---
+
+# Machines list in Windows Defender Security Center
+Learn how you can view and manage the machines list, manage machine groups, and investigate machine related alerts. 
+
+## In this section 

windows/security/threat-protection/windows-defender-atp/manage-auto-investigation-windows-defender-advanced-threat-protection.md

@@ -0,0 +1,199 @@
+---
+title: Manage automated investigations to investigate and remediate threats in Windows Defender Security Center
+description: View the list of automated investigations, its status, detection source and other details.
+keywords: automated, investigation, detection, source, threat types, id, tags, machines, duration, filter export
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+ms.date: 05/21/2018
+---
+
+# Manage automated investigations in Windows Defender Security Center
+By default, the Automated investigations list displays investigations initiated in the last week. You can also choose to select other time ranges from the drop-down menu or specify a custom range. 
+
+>[!NOTE]
+>If your organization has implemented role-based access to manage portal access, only authorized users or user groups who have permission to view the machine or machine group will be able to view the entire investigation. 
+
+Use the **Customize columns** drop-down menu to select columns that you'd like to show or hide. 
+
+From this view, you can also download the entire list in CSV format using the **Export** button, specify the number of items to show per page, and navigate between pages. You also have the flexibility to filter the list based on your preferred criteria.
+
+![Image of Auto investigations page](images/atp-auto-investigations-list.png)
+
+ 
+**Filters**</br>
+You can use the following operations to customize the list of Automated investigations displayed:
+
+
+**Triggering alert**</br>
+The alert the initiated the Automated investigation.
+
+**Status**</br>
+An Automated investigation can be in one of the following status:
+
+Status | Description
+:---|:---
+| No threats found                                          | No malicious entities found during the investigation.
+| Failed                                                    | A problem has interrupted the investigation, preventing it from completing.                                                         |
+| Partially remediated                                      | A problem prevented the remediation of some malicious entities.                                                                     |
+| Pending                                           | Remediation actions require review and approval.                                                                                    |
+| Waiting for machine                                       | Investigation paused. The investigation will resume as soon as the machine is available.                                            |
+| Queued                                                    | Investigation has been queued and will resume as soon as other remediation activities are completed.                                |
+| Running                                                   | Investigation ongoing. Malicious entities found will be remediated.                                                                 |
+| Remediated                                                | Malicious entities found were successfully remediated.                                                                              |
+| Terminated by system                                      | Investigation was stopped by the system.                                                                                          |
+| Terminated by user                                        | A user stopped the investigation before it could complete.  
+| Partially investigated                                    | Entities directly related to the alert have been investigated. However, a problem stopped the investigation of collateral entities. |
+
+
+
+**Detection source**</br>
+Source of the alert that initiated the Automated investigation. 
+
+**Threat**</br>
+The category of threat detected during the Automated investigation.
+
+
+**Tags**</br>
+Filter using manually added tags that capture the context of an Automated investigation.
+
+**Machines**</br>
+You can filter the Automated investigations list to zone in a specific machine to see other investigations related to the machine.
+
+**Machine groups**</br>
+Apply this filter to see specific machine groups that you might have created.
+
+**Comments**</br>
+Select between filtering the list between Automated investigations that have comments and those that don't.
+
+## Analyze Automated investigations 
+You can view the details of an Automated investigation to see information such as the investigation graph, alerts associated with the investigation, the machine that was investigated, and other information.
+
+In this view, you'll see the name of the investigation, when it started and ended. 
+
+![Image of investigation details window](images/atp-analyze-auto-ir.png)
+
+The progress ring shows two status indicators:
+- Orange ring - shows the pending portion of the investigation
+- Green ring - shows the running time portion of the investigation
+
+![Image of start, end, and pending time for an automated investigation](images/atp-auto-investigation-pending.png) 
+
+In the example image, the automated investigation started on 10:26:59 AM and ended on 10:56:26 AM. Therefore, the entire investigation was running for 29 minutes and 27 seconds. 
+
+The pending time of 16 minutes and 51 seconds reflects two possible pending states: pending for asset (for example, the device might have disconnected from the network) or pending for approval. 
+
+From this view, you can also view and add comments and tags about the investigation.
+
+### Investigation page
+The investigation page gives you a quick summary on the status, alert severity, category, and detection source.
+
+You'll also have access to the following sections that help you see details of the investigation with finer granularity:
+
+- Investigation graph
+- Alerts
+- Machines
+- Threats
+- Entities
+- Log
+- Pending actions
+
+  >[!NOTE]
+  >The Pending actions tab is only displayed if there are actual pending actions.
+
+- Pending actions history
+
+  >[!NOTE]
+  >The Pending actions history tab is only displayed when an investigation is complete.
+
+In any of the sections, you can customize columns to further expand to limit the details you see in a section.
+
+### Investigation graph
+The investigation graph provides a graphical representation of an Automated investigation. All investigation related information is simplified and arranged in specific sections. Clicking on any of the icons brings you the relevant section where you can view more information.
+
+### Alerts
+Shows details such as a short description of the alert that initiated the Automated investigation, severity, category, the machine associated with the alert, user, time in queue, status, investigation state, and who the investigation is assigned to. 
+
+Additional alerts seen on a machine can be added to an Automated investigation as long as the investigation is ongoing. 
+
+Selecting an alert using the check box brings up the alerts details pane where you have the option of opening the alert page, manage the alert by changing its status, see alert details, Automated investigation details, related machine, logged-on users, and comments and history. 
+
+Clicking on an alert title brings you the alert page.
+
+### Machines
+Shows details the machine name, IP address, group, users, operating system, remediation level, investigation count, and when it was last investigated.
+
+Machines that show the same threat can be added to an ongoing investigation and will be displayed in this tab. If 10 or more machines are found during this expansion process from the same entity, then that expansion action will require an approval and will be seen in the **Pending actions** view.
+
+Selecting a machine using the checkbox brings up the machine details pane where you can see more information such as machine details and logged-on users.
+
+Clicking on an machine name brings you the machine page.
+
+### Threats
+Shows details related to threats associated with this investigation. 
+
+### Entities
+Shows details about entities such as files, process, services, drives, and IP addresses. The table details such as the number of entities that were analyzed. You'll gain insight into details such as how many are remediated, suspicious, or determined to be clean.
+
+### Log
+Gives a chronological detailed view of all the investigation actions taken on the alert. You'll see the action type, action, status, machine name, description of the action, comments entered by analysts who may have worked on the investigation, execution start time, duration, pending duration.
+
+As with other sections, you can customize columns, select the number of items to show per page, and filter the log.
+
+Available filters include action type, action, status, machine name, and description.
+
+You can also click on an action to bring up the details pane where you'll see information such as the summary of the action and input data. 
+
+### Pending actions history
+This tab is only displayed when an investigation is complete and shows all pending actions taken during the investigation.
+
+
+## Pending actions
+If there are pending actions on an Automated investigation, you'll see a pop up similar to the following image. 
+
+![Image of pending actions](images\atp-pending-actions-notification.png)
+
+When you click on the pending actions link, you'll be taken to the pending actions page. You can also navigate to the page from the navigation page by going to **Automated investigation** > **Pending actions**.
+
+ 
+The pending actions view aggregates all investigations that require an action for an investigation to proceed or be completed.
+
+![Image of pending actions page](images/atp-pending-actions-list.png)
+
+Use the Customize columns drop-down menu to select columns that you'd like to show or hide. 
+
+From this view, you can also download the entire list in CSV format using the **Export** feature, specify the number of items to show per page, and navigate between pages.
+
+Pending actions are grouped together in the following tabs:
+-  Quarantine file
+-  Remove persistence
+-  Stop process
+-  Expand pivot
+-  Quarantine service
+
+>[!NOTE]
+>The tab will only appear if there are pending actions for that category.
+
+### Approve or reject an action
+You'll need to manually approve or reject pending actions on each of these categories for the automated actions to proceed.
+
+
+![Image of list of pending actions](images/atp-approve-reject-action.png)
+
+Selecting an investigation from any of the categories opens a panel where you can approve or reject the remediation. Other details such as file or service details, investigation details, and alert details are displayed.
+
+![Image of pending action selected](images/atp-pending-actions-file.png)
+
+From the panel, you can click on the Open investigation page link to see the investigation details.
+
+You also have the option of selecting multiple investigations to approve or reject actions on multiple investigations. 
+
+![Image of multiple investigations selected](images/atp-pending-actions-multiple.png)
+
+## Related topic
+- [Investigate Windows Defender ATP alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)

windows/security/threat-protection/windows-defender-atp/manage-edr.md

@@ -0,0 +1,27 @@
+---
+title: Manage endpoint detection and response capabilities
+description: 
+keywords: 
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 07/01/2018
+---
+
+# Manage endpoint detection and response capabilities
+
+Manage the alerts queue, investigate machines in the machines list, take response actions, and hunt for possible threats in your organization using advanced hunting.
+
+
+## In this section
+Topic | Description 
+:---|:---
+[Alerts queue](alerts-queue-endpoint-detection-response.md)| View the alerts surfaced in Windows Defender Security Center.
+[Machines list](machines-list-endpoint-detection-response.md) | Learn how you can view and manage the machines list, manage machine groups, and investigate machine related alerts. 
+[Take response actions](response-actions-windows-defender-advanced-threat-protection.md)| Take response actions on machines and files to quickly respond to detected attacks and contain threats.
+[Query data using advanced hunting](advanced-hunting-windows-defender-advanced-threat-protection.md)| Pr actively hunt for possible threats across your organization using a powerful search and query tool.

windows/security/threat-protection/windows-defender-atp/onboard.md

@@ -0,0 +1,33 @@
+---
+title: Configure and manage Windows Defender ATP capabilities
+description: 
+keywords: 
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 07/01/2018
+---
+
+# Onboard, configure, and manage Windows Defender ATP capabilities
+
+Configure and manage all the Windows Defender ATP capabilities to get the best security protection for your organization. 
+
+
+## In this section 
+Topic | Description 
+:---|:---
+[Onboard machines to Windows Defender Security Center](onboard-configure-windows-defender-advanced-threat-protection.md) | Onboard machines to the platform.
+[Configure Windows Defender Security Center settings](preferences-setup-windows-defender-advanced-threat-protection.md) |  Configure portal related settings such as general settings, advanced features, enable the preview experience and others.
+[Configure attack surface reduction capabilities](configure-attack-surface-reduction.md) |  By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations. 
+[Configure next generation protection](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md) | Configure next generation protection to catch all types of emerging threats.
+[Manage endpoint detection and response capabilities](manage-edr.md)| Manage the alerts queue, investigate machines in the machines list, take response actions, and hunt for possible threats in your organization using advanced hunting.
+[Manage auto investigation and remediation](manage-auto-investigation-windows-defender-advanced-threat-protection.md) |  Learn how you can manage and view the details of an automated investigation.
+[Configure the security controls in Secure score](secure-score-dashboard-windows-defender-advanced-threat-protection.md) | Configure the security controls in Secure score to increase the security posture of your organization.
+
+
+

windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response.md

@@ -1,16 +1,29 @@
 ---
-title: Overview of endpoint detection and response
+title: Overview of endpoint detection and response capabilities
-description: Learn about the endpoint detection and responsecapability in Windows Defender ATP
+description: Learn about the endpoint detection and response capability in Windows Defender ATP
 keywords: 
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.author: v-anbic
+ms.author: macapara
-author: andreabichsel
+author: mjcaparas
 ms.localizationpriority: high
 ms.date: 09/12/2018
 ---
 
-# Overview of attack surface reduction
+# Overview of endpoint detection and response 
+
+
+The endpoint detection and response capabilities in Windows Defender ATP continuously monitors your organization for possible attacks against systems, networks, or users in your organization. It helps detect, investigate, and quickly respond to threats.
+
+The detection capability finds the attacks that made it past all other defenses and surfaces them through alerts. 
+
+The platform provides various ways for you to investigate an incident and allows you to pivot in various views to help you approach an investigation through multiple possible vectors. 
+
+The response capabilities gives you the power to promptly remediate threats by taking action on the affected entities. 
+
+
+
+

windows/security/threat-protection/windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md

@@ -0,0 +1,25 @@
+---
+title: Overview of advanced hunting capabilities
+description: Learn about the advanced hunting capability in Windows Defender ATP
+keywords: 
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/12/2018
+---
+
+# Overview of advanced hunting 
+
+Advanced hunting allows you to hunt for possible threats across your organization using a powerful search and query tool. You can also create custom detection rules based on the queries you created and surface alerts in Windows Defender Security Center. 
+
+With advanced hunting, you can take advantage of the following capabilities:
+
+- **Powerful query language with IntelliSense** - Built on top of a query language that gives you the flexibility you need to take hunting to the next level.
+- **Query the stored telemetry** - The telemetry data is accessible in tables for you to query. For example, you can query process creation, network communication, and many other event types.
+- **Links to portal** - Certain query results, such as machine names and file names are actually direct links to the portal, consolidating the Advanced hunting query experience and the existing portal investigation experience.
+- **Query examples** - A welcome page provides examples designed to get you started and get you familiar with the tables and the query language.

windows/security/threat-protection/windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md

@@ -0,0 +1,75 @@
+---
+title: Overview of Secure score in Windows Defender Security Center
+description: 
+keywords:
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+ms.date: 03/12/2018
+---
+
+# Overview of Secure score in Windows Defender Security Center
+The Secure score dashboard expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place. From there you can take action based on the recommended configuration baselines.
+
+>[!IMPORTANT]
+> This feature is available for machines on Windows 10, version  1703 or later. 
+
+
+The **Secure score dashboard** displays a snapshot of:
+- Microsoft Secure score
+- Windows Defender security controls
+- Improvement opportunities
+- Security score over time
+
+![Secure score dashboard](images/ss1.png)
+
+## Microsoft secure score
+The Microsoft secure score tile is reflective of the sum of all the Windows Defender security controls that are configured according to the recommended baseline and Office 365 controls. It allows you to drill down into each portal for further analysis. You can also improve this score by taking the steps in configuring each of the security controls in the optimal settings.
+
+![Image of Microsoft secure score tile](images/mss.png)
+
+Each Windows Defender security control contributes 100 points to the score. The total number is reflective of the score potential and calculated by multiplying the number of supported security controls (Windows Defender security controls pillars) by the maximum points that each pillar contributes (maximum of 100 points for each pillar). 
+
+The Office 365 Secure Score looks at your settings and activities and compares them to a baseline established by Microsoft. For more information, see [Introducing the Office 365 Secure Score](https://support.office.com/en-us/article/introducing-the-office-365-secure-score-c9e7160f-2c34-4bd0-a548-5ddcc862eaef#howtoaccess).
+
+In the example image, the total points for the Windows security controls and Office 365 add up to 718 points. 
+
+You can set the baselines for calculating the score of Windows Defender security controls on the Secure score dashboard through the **Settings**. For more information, see [Enable Secure score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md).
+
+## Windows Defender security controls
+The security controls tile shows a bar graph where each bar represents a Windows Defender security control. Each bar reflects the number of machines that are well configured and those that require **any kind of attention** for each security control. Hovering on top of the individual bars will show exact numbers for each category. Machines that are green are well configured, while machines that are orange require some level of attention. 
+
+
+![Windows Defender security controls](images/wdsc.png)
+
+## Improvement opportunities 
+Improve your score by taking the recommended improvement actions listed on this tile. The goal is to reduce the gap between the perfect score and the current score for each control.
+
+Click on each control to see the recommended optimizations.
+
+![Improvement opportunities](images/io.png)
+
+The numbers beside the green triangle icon on each recommended action represents the number of points you can gain by taking the action.  When added together, the total number makes up the numerator in the fraction for each segment in the Improvement opportunities tile.
+
+>[!IMPORTANT]
+>Recommendations that do not display a green triangle icon are informational only and no action is required. 
+
+Clicking **View machines** in a specific recommendation opens up the **Machines list** with filters applied to show only the list of machines where the recommendation is applicable. You can export the list in Excel to create a target collection and apply relevant policies using a management solution of your choice. 
+
+The following image shows an example list of machines where the EDR sensor is not turned on.
+
+![Image of view machines list with a filter applied](images/atp-security-analytics-view-machines2.png)
+
+## Security score over time
+You can track the progression of your organizational security posture over time using this tile. It displays the overall and individual control scores in a historical trend line enabling you to see how taking the recommended actions increase your overall security posture.
+
+![Image of the security score over time tile](images/ssot.png)
+
+You can click on specific date points to see the total score for that security control is on a particular date.
+
+## Related topic

windows/security/threat-protection/windows-defender-atp/overview.md

@@ -0,0 +1,33 @@
+---
+title: Overview of Windows Defender ATP 
+description: 
+keywords: 
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 07/01/2018
+---
+
+# Overview of Windows Defender ATP capabilities
+
+Understand the concepts behind the capabilities in Windows Defender ATP so you take full advantage of the complete threat protection platform. 
+
+## In this section 
+
+Topic | Description 
+:---|:---
+[Windows Defender Security Center](../windows-defender-atp/use-windows-defender-advanced-threat-protection.md) | Learn about the portal and the various dashboards you can leverage to enrich your security investigations.
+[Attack surface reduction](overview-attack-surface-reduction.md) | Leverage the attack surface reduction capabilities to protect the perimeter of your organization. 
+[Next generation protection](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) | Learn about the antivirus capabilities in Windows Defender ATP so you can protect desktops, portable computers, and servers.
+[Endpoint detection and response](overview-endpoint-detection-response.md) | Understand how Windows Defender ATP continuously monitors your organization for possible attacks against systems, networks, or users in your organization and the features you can use to mitigate and remediate threats.
+[Auto investigation](automated-investigations-windows-defender-advanced-threat-protection.md) | In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.
+[Secure score](overview-secure-score-windows-defender-advanced-threat-protection.md) | Quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to better protect your organization - all in one place.
+[Advanced hunting](overview-hunting-windows-defender-advanced-threat-protection.md) |  Use a powerful search and query language to create custom queries and detection rules.
+
+
+

windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md

@@ -14,13 +14,6 @@ ms.date: 04/24/2018
 ---
 # Configure Windows Defender Security Center settings
 
-**Applies to:**
-
-
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
-
-
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-prefsettings-abovefoldlink)
 
 Use the **Settings** menu to modify general settings, advanced features, enable the preview experience, email notifications, and the custom threat intelligence feature.

windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md

@@ -1,6 +1,6 @@
 ---
-title: View the Secure Score dashboard in Windows Defender ATP
+title: Configure the security controls in Secure score
-description: Use the Secure Score dashboard to assess and improve the security state of your organization by analyzing various security control tiles. 
+description: Configure the security controls in Secure score
 keywords: secure score, dashboard, security recommendations, security control state, security score, score improvement, microsoft secure score, security controls, security control, improvement opportunities, edr, antivirus, av, os security updates
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -12,77 +12,7 @@ ms.localizationpriority: medium
 ms.date: 04/24/2018
 ---
 
-# View the Windows Defender Advanced Threat Protection Secure score dashboard
+# Configure the security controls in Secure score
-
-**Applies to:**
-
-
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
-
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-sadashboard-abovefoldlink) 
-
-
-The Secure score dashboard expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place. From there you can take action based on the recommended configuration baselines.
-
->[!IMPORTANT]
-> This feature is available for machines on Windows 10, version  1703 or later. 
-
-
-The **Secure score dashboard** displays a snapshot of:
-- Microsoft Secure score
-- Windows Defender security controls
-- Improvement opportunities
-- Security score over time
-
-![Secure score dashboard](images/ss1.png)
-
-## Microsoft secure score
-The Microsoft secure score tile is reflective of the sum of all the Windows Defender security controls that are configured according to the recommended baseline and Office 365 controls. It allows you to drill down into each portal for further analysis. You can also improve this score by taking the steps in configuring each of the security controls in the optimal settings.
-
-![Image of Microsoft secure score tile](images/mss.png)
-
-Each Windows Defender security control contributes 100 points to the score. The total number is reflective of the score potential and calculated by multiplying the number of supported security controls (Windows Defender security controls pillars) by the maximum points that each pillar contributes (maximum of 100 points for each pillar). 
-
-The Office 365 Secure Score looks at your settings and activities and compares them to a baseline established by Microsoft. For more information, see [Introducing the Office 365 Secure Score](https://support.office.com/en-us/article/introducing-the-office-365-secure-score-c9e7160f-2c34-4bd0-a548-5ddcc862eaef#howtoaccess).
-
-In the example image, the total points for the Windows security controls and Office 365 add up to 718 points. 
-
-You can set the baselines for calculating the score of Windows Defender security controls on the Secure score dashboard through the **Settings**. For more information, see [Enable Secure score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md).
-
-## Windows Defender security controls
-The security controls tile shows a bar graph where each bar represents a Windows Defender security control. Each bar reflects the number of machines that are well configured and those that require **any kind of attention** for each security control. Hovering on top of the individual bars will show exact numbers for each category. Machines that are green are well configured, while machines that are orange require some level of attention. 
-
-
-![Windows Defender security controls](images/wdsc.png)
-
-## Improvement opportunities 
-Improve your score by taking the recommended improvement actions listed on this tile. The goal is to reduce the gap between the perfect score and the current score for each control.
-
-Click on each control to see the recommended optimizations.
-
-![Improvement opportunities](images/io.png)
-
-The numbers beside the green triangle icon on each recommended action represents the number of points you can gain by taking the action.  When added together, the total number makes up the numerator in the fraction for each segment in the Improvement opportunities tile.
-
->[!IMPORTANT]
->Recommendations that do not display a green triangle icon are informational only and no action is required. 
-
-Clicking **View machines** in a specific recommendation opens up the **Machines list** with filters applied to show only the list of machines where the recommendation is applicable. You can export the list in Excel to create a target collection and apply relevant policies using a management solution of your choice. 
-
-The following image shows an example list of machines where the EDR sensor is not turned on.
-
-![Image of view machines list with a filter applied](images/atp-security-analytics-view-machines2.png)
-
-## Security score over time
-You can track the progression of your organizational security posture over time using this tile. It displays the overall and individual control scores in a historical trend line enabling you to see how taking the recommended actions increase your overall security posture.
-
-![Image of the security score over time tile](images/ssot.png)
-
-You can click on specific date points to see the total score for that security control is on a particular date.
-
-## Improve your secure score by applying improvement recommendations
 Each security control lists recommendations that you can take to increase the security posture of your organization.
 
 ### Endpoint detection and response (EDR) optimization
@@ -339,10 +269,7 @@ For more information, see [Manage Windows Defender Credential Guard](https://doc
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-sadashboard-belowfoldlink) 
 
 ## Related topics
-- [Understand the Windows Defender Advanced Threat Protection portal](use-windows-defender-advanced-threat-protection.md)
+- [Overview of Secure score](overview-secure-score-windows-defender-advanced-threat-protection.md)
-- [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
-- [View the Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md)
-- [View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
 
 
 

windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md

@@ -1,6 +1,6 @@
 ---
-title: Windows Defender Advanced Threat Protection Security operations dashboard
+title: Windows Defender Security Center Security operations dashboard
-description: Use the Dashboard to identify machines at risk, keep track of the status of the service, and see statistics and information about machines and alerts.
+description: Use the dashboard to identify machines at risk, keep track of the status of the service, and see statistics and information about machines and alerts.
 keywords: dashboard, alerts, new, in progress, resolved, risk, machines at risk, infections, reporting, statistics, charts, graphs, health, active malware detections, threat category, categories, password stealer, ransomware, exploit, threat, low severity, active malware
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -13,18 +13,14 @@ ms.localizationpriority: medium
 ms.date: 04/24/2018
 ---
 
-# View the Windows Defender Advanced Threat Protection Security operations dashboard
+# Windows Defender Security Center Security operations dashboard
-
-**Applies to:**
-
-
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
 
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-secopsdashboard-abovefoldlink) 
 
-The **Security operations dashboard** displays a snapshot of:
+The **Security operations dashboard** is where the endpoint detection and response capabilities are surfaced. It provides a high level overview of where detections were seen and highlights where response actions are needed. 
+
+The dashboard displays a snapshot of:
 
 - The latest active alerts on your network
 - Machines at risk

windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md

@@ -14,13 +14,7 @@ ms.date: 03/06/2018
 ---
 
 # Threat analytics for Spectre and Meltdown
-
+The **Threat analytics** dashboard provides insight on how emerging threats affect your organization. It provides information that's specific for your organization.
-**Applies to:**
-
-
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
-
 
 [Spectre and Meltdown](https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/) is a new class of exploits that take advantage of critical vulnerabilities in the CPU processors, allowing attackers running user-level, non-admin code to steal data from kernel memory. These exploits can potentially allow arbitrary non-admin code running on a host machine to harvest sensitive data belonging to other apps or system processes, including apps on guest VMs.
 

windows/security/threat-protection/windows-defender-atp/troubleshoot-wdatp.md

@@ -0,0 +1,27 @@
+---
+title: Troubleshoot Windows Defender Advanced Threat Protection capabilities
+description:
+keywords: 
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 09/12/2018
+---
+
+#  Troubleshoot Windows Defender Advanced Threat Protection 
+
+Troubleshoot issues that might arise as you use Windows Defender ATP capabilities.
+
+## In this section
+Topic | Description 
+:---|:---
+Troubleshoot sensor state | Find solutions for issues related to the Windows Defender ATP sensor
+Review events and errors on machines | Use Event viewer to view events and errors on machines
+Troubleshoot attack surface reduction | Fix issues related to network protection and attack surface reduction rules
+Troubleshoot next generation protection | If you encounter a problem with antivirus, you can search the tables in this topic to find a matching issue and potential solution
+

windows/security/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md

@@ -1,5 +1,5 @@
 ---
-title: Troubleshoot Windows Defender Advanced Threat Protection service issues
+title:  Troubleshoot Windows Defender Advanced Threat Protection service issues
 description: Find solutions and work arounds to known issues such as server errors when trying to access the service.
 keywords: troubleshoot Windows Defender Advanced Threat Protection, troubleshoot Windows ATP, server error, access denied, invalid credentials, no data, dashboard portal, whitelist, event viewer
 search.product: eADQiWindows 10XVcnh
@@ -15,11 +15,6 @@ ms.date: 07/30/2018
 
 # Troubleshoot service issues
 
-**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
-
-
 This section addresses issues that might arise as you use the Windows Defender Advanced Threat service.
 
 ## Server error - Access is denied due to invalid credentials
@@ -72,14 +67,6 @@ When you use Azure Security Center to monitor servers, a Windows Defender ATP te
 
 
 
-
-
-
-
-
-
-
-
 ## Related topics
 - [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
 - [Review events and errors using Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)

windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md

@@ -1,5 +1,5 @@
 ---
-title: Use the Windows Defender Advanced Threat Protection portal
+title: Overview of Windoww Defender Security Center
 description: Learn about the features on Windows Defender Security Center, including how alerts work, and suggestions on how to investigate possible breaches and attacks.
 keywords: dashboard, alerts queue, manage alerts, investigation, investigate alerts, investigate machines, submit files, deep analysis, high, medium, low, severity, ioc, ioa
 search.product: eADQiWindows 10XVcnh
@@ -13,18 +13,11 @@ ms.localizationpriority: medium
 ms.date: 03/12/2018
 ---
 
-# Use the Windows Defender Advanced Threat Protection portal
+# Overview of Windows Defender Security Center
-
-**Applies to:**
-
-
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
-
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-usewdatp-abovefoldlink) 
 
-You can use Windows Defender Security Center to carry out an end-to-end security breach investigation through the dashboards.
+Windows Defender Security Center is the portal where you can access Windows Defender Advanced Threat Protection capabilities. 
 
 Use the **Security operations** dashboard to gain insight on the various alerts on machines and users in your network.
 

windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md

@@ -29,17 +29,10 @@ The Windows Defender ATP platform is where all the capabilities that are availab
 
 Topic | Description
 :---|:---
-[Get started](../get-started.md) | Learn about the requirements of the platform and the intial steps you need to take to get started with Windows Defender ATP.
+[Overview](overview.md) | Understand the concepts behind the capabilities in Windows Defender ATP so you take full advantage of the complete threat protection platform. 
-[Onboard and configure machines to Windows Defender ATP](../onboard.md)| Onboard to the sensor, configure the indivual capabilities in Windows Defender ATP. 
+[Get started](get-started.md) | Learn about the requirements of the platform and the initial steps you need to take to get started with Windows Defender ATP.
-[Windows Defender Security Center](use-windows-defender-advanced-threat-protection.md)| Understand how to use the Windows Defender Security Center portal and the capabilities you can leverage to better protect your organization.
+[Onboard machines, configure, and manage Windows Defender ATP capabilities](onboard.md)| Onboard to the sensor, configure the individual capabilities in Windows Defender ATP. 
-[Attack surface reduction](../windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md) | Leverage the intrusion prevention capabilities such as application control, exploit protection, and others to manage and reduce the attack surface of your organization.
+[Troubleshoot Windows Defender ATP](troubleshoot-wdatp.md) | Learn how to address issues that you might encounter while using the platform.
-[Next generation protection](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) | Learn about the antivirus, machine learning, and other capabilities to further reinforce the security perimeter of your organization. 
-[Endpoint detection and response](../edr.md)| Detect, investigate, and respond to advanced threats that may have made it past the first two security pillars using the endpoint detection and response capabilities.
-[Auto investigation](automated-investigations-windows-defender-advanced-threat-protection.md)| Reduce the volume of alerts that need to be investigated individually by leveraging the auto investigation capability.
-[Security posture](../securityposture.md)| Assess the security posture of your organization, see where attention is required, and apply the recommended action to contain attacks, increase your organizational resilience, and prevent specific threats.
-[Management and APIs]() | Learn about the tools you can use to manage, integrate with, such as APIs, SIEM connectors, reporting, and others. 
-[Microsoft threat protection](../integration.md)| The platform is designed to integrate well with other Microsoft products. Learn about how you can maximize other Microsoft security offerings to further expand your security coverage.
-Troubleshoot Windows Defender ATP | Learn how to address issues that you might encounter while using the platform.
 
 ## Related topic
 [Windows Defender ATP helps detect sophisticated threats](https://www.microsoft.com/itshowcase/Article/Content/854/Windows-Defender-ATP-helps-detect-sophisticated-threats)

windows/security/threat-protection/windows-defender-atp/windows-defender-security-center-permissions.md

@@ -1,5 +1,5 @@
 ---
-title: Overview of Windows Defender ATP 
+title: Windows Defender Security Center access permission
 description: 
 keywords: 
 search.product: eADQiWindows 10XVcnh
@@ -10,10 +10,9 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 07/01/2018
+ms.date: 05/21/2018
 ---
 
-# Overview of Windows Defender ATP
+#  Windows Defender Security Center access permission
-
-Understand the concepts behind the capabilities in Windows Defender ATP.
 
+ Manage portal access using RBAC as well as machine groups.

windows/security/wdatp/index.md

@@ -1,48 +0,0 @@
----
-title: Windows Defender Advanced Threat Protection
-description: Windows Defender Advanced Threat Protection is an enterprise security service that helps detect and respond to possible cybersecurity threats related to advanced persistent threats.
-keywords: introduction to Windows Defender Advanced Threat Protection, introduction to Windows Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.date: 06/04/2018
----
-
-# Windows Defender Advanced Threat Protection
-
-Windows Defender Advanced Threat Protection (Windows Defender ATP)is a unified platform for preventative protection, post-breach detection, automated investigation and response, employing intelligent protection to protect endpoints from cyber threats.
-
-
-![Windows Defender ATP components](images/wdatp-pillars2.png)
-
-**Attack surface reduction**<br>
-The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations. 
-
-**Next generation protection**<br>
-To further reinforce the security perimeter of your network, Windows Defender ATP uses next generation protection designed to catch all types of emerging threats.
-
-**Endpoint detection and response**<br>
-Endpoint detection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars. 
-
-**Auto investigation and remediation**<br>
-In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. 
-
-**Security posture**<br>
-Windows Defender ATP also provides a security posture capability to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security state of your network.
-
-**Management and APIs**<br>
-Windows Defender ATP provides integrated configuration management in the cloud. The service also supports third-party mobile device management (MDM) tools, cross-platform support, and APIs that allow customers to create custom threat intelligence and  automate workflows.
-
-Understand how capabilities align within the Windows Defender ATP suite offering:
-
-
- Attack surface reduction | Next generation protection | Endpoint detection and response | Auto investigation and remediation | Security posture 
-:---|:---|:---|:---|:---
- [Hardware based isolation](https://docs.microsoft.com/en-us/windows/security/hardware-protection/)<br><br> [Application control](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)<br><br> [Exploit protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard)<br><br> [Network protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard)<br><br> [Controlled folder access](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard) | [Machine learning](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus) <br><br>  [Antivirus](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) <br><br> [Threat intelligence](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection)<br><br>  [Sandbox service](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection#deep-analysis) |  [Response containment](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection) <br><br> [Realtime and historical threat hunting](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection) <br><br> [Threat intelligence and custom detections](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection) | [Forensic collection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection#collect-investigation-package-from-machines) <br><br> [Response orchestration](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection) <br><br> [Historical endpoint data](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection#machine-timeline) <br><br> [Artificial intelligence response playbooks](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection) | [Asset inventory](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection) <br> [Operating system baseline compliance](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection) <br><br> [Recommended improvement actions](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection#improvement-opportunities)<br> <br> [Secure score](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection) <br><br> [Threat analytics](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection) <br><br> [Reporting and trends](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection)
-
-These capabilities are available across multiple products that make up the Windows Defender ATP platform. For more information on how to leverage all the Windows Defender ATP capabilities, see [Threat protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/index).
-
-