updated based on UI

windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md

@@ -27,69 +27,73 @@ ms.topic: article
 
 The **Machines list** shows a list of the machines in your network where alerts were generated. By default, the queue displays machines with alerts seen in the last 30 days.  
 
-At a glance you'll see information such as domain, risk level, OS platform, and other details.
+At a glance you'll see information such as domain, risk level, OS platform, and other details for easy identification of machines most at risk.
 
+There are several options you can choose from to customize the machines list view. On the top navigation you can:
 
-There are several options you can choose from to customize the machines list view. 
+- Add or remove columns
-On the top navigation you can:
-- Customize columns to add or remove columns 
 - Export the entire list in CSV format
-- Select the items to show per page
+- Select the number of items to show per page
-- Navigate between pages
 - Apply filters
 
+During the onboarding process, the **Machines list** is gradually populated with machines as they begin to report sensor data. Use this view to track your onboarded endpoints as they come online, or download the complete endpoint list as a CSV file for offline analysis.
 
-Use the machine list in these main scenarios:
+>[!NOTE]
+> If you export the machine list, it will contain every machine in your organization. It might take a significant amount of time to download, depending on how large your organization is. Exporting the list in CSV format displays the data in an unfiltered manner. The CSV file will include all machines in the organization, regardless of any filtering applied in the view itself.
 
-- **During onboarding**<br>
+![Image of machines list with list of machines](images/machine-list.png)
-  During the onboarding process, the **Machines list** is gradually populated with machines as they begin to report sensor data. Use this view to track your onboarded endpoints as they come online. Sort and filter by time of last report, **Active malware category**, or **Sensor health state**, or download the complete endpoint list as a CSV file for offline analysis.
-    
-    >[NOTE]
-    > Exporting the list depends on the number of machines in your organization. It might take a significant amount of time to download, depending on how large your organization is.
-Exporting the list in CSV format displays the data in an unfiltered manner. The CSV file will include all machines in the organization, regardless of any filtering applied in the view itself.
-
-- **Day-to-day work** <br>
-  The list enables easy identification of machines most at risk in a glance. High-risk machines have the greatest number and highest-severity alerts. Sorting machines by **Active alerts**, helps identify the most vulnerable machines and take action on them.
-
-
-![Image of machines list with list of machines](images/machines-list.png)
 
 ## Sort and filter the machine list
-You can apply the following filters to limit the list of alerts and get a more focused view. 
 
+You can apply the following filters to limit the list of alerts and get a more focused view.
 
 ### Risk level
-Machine risk levels are indicators of the active threats that machines could be exposed to. A machine's risk level is determined using the number of active alerts and their severity levels. You can influence a machine's risk level by resolving associated alerts manually or automatically and also by suppressing an alert.
+
+The risk level reflects the overall risk assessment of the machine based on a combination of factors, including the types and severity of active alerts on the machine. Resolving active alerts, approving remediation activities, and suppressing subsequent alerts can lower the risk level.
+
+### Exposure level
+
+The exposure level reflects the current exposure of the machine based on the cumulative impact of its pending security recommendations.
 
 ### OS Platform
-Limit the alerts queue view by selecting the OS platform that you're interested in investigating.
+
+Select only the OS platforms you're interested in investigating.
 
 ### Health state
-Filter the list to view specific machines grouped together by the following machine health states:
+
+Filter by the following machine health states:
 
 - **Active** – Machines that are actively reporting sensor data to the service.
+- **Inactive** – Machines that have completely stopped sending signals for more than 7 days.
 - **Misconfigured** – Machines that have impaired communications with service or are unable to send sensor data. Misconfigured machines can further be classified to:
   - No sensor data
   - Impaired communications
 
-  For more information on how to address issues on misconfigured machines see,  [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md).
+ For more information on how to address issues on misconfigured machines see,  [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md).
--	**Inactive** – Machines that have completely stopped sending signals for more than 7 days.
-
 
 ### Security state
-Filter the list to view specific machines that are well configured or require attention based on the Windows Defender security controls that are enabled in your organization. 
 
+Filter by machines that are well configured or require attention based on the Windows Defender security controls that are enabled in your organization. Applies to active Windows 10 machines only.
 
-- **Well configured** - Machines have the Windows Defender security controls well configured. 
+- **Well configured** - Machines have the Windows Defender security controls well configured.
 - **Requires attention** - Machines where improvements can be made to increase the overall security posture of your organization.
 
 For more information, see [View the Secure Score dashboard](secure-score-dashboard-windows-defender-advanced-threat-protection.md).
 
-### Tags
+### Threat mitigation status
-You can filter the list based on the grouping and tagging that you've added to individual machines. 
 
+To view machines that may be affected by a certain threat, select the threat from the dropdown menu, and then select what vulnerability aspect needs to be mitigated.
+
+To learn more about certain threats, see [Threat analytics](threat-analytics.md). For mitigation information, see [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md).
+
+### Windows 10 version
+
+Select only the Windows 10 versions you're interested in investigating.
+
+### Tags & Groups
+
+Filter the list based on the grouping and tagging that you've added to individual machines. See [Create and manage machine tags](machine-tags-windows-defender-advanced-threat-protection.md) and [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md).
 
 ## Related topics
+
 - [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
-
-