diff --git a/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md b/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md
index 09000d467d..3a4746998e 100644
--- a/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md
@@ -36,7 +36,7 @@ Highlighted area|Area name|Description
:---|:---|:---
(1)|**Alerts queue**| Select to show **New**, **In Progress**, or **Resolved alerts**
(2)|Alerts|Each alert shows:- The severity of an alert as a colored bar
- A short description of the alert, including the name of the threat actor (in cases where the attribution is possible)
- The last occurrence of the alert on any machine
- The number of days the alert has been in the queue
- The severity of the alert
- The general category or type of alert, or the alert's kill-chain stage
- The affected machine (if there are multiple machines, the number of affected machines will be shown)
- A **Manage Alert** menu icon  that allows you to update the alert's status and add comments
Clicking an alert expands to display more information about the threat and brings you to the date in the timeline when the alert was detected.
-(3)|Alerts sorting and filters | You can sort alerts by: - **Newest** (when the threat was last seen on your network)
- **Time in queue** (how long the threat has been in your queue)
- **Severity**
You can also filter the displayed alerts by:See [Windows Defender ATP alerts](use-windows-defender-advanced-threat-protection.md#windows-defender-atp-alerts) for more details.
+(3)|Alerts sorting and filters | You can sort alerts by: - **Newest** (when the threat was last seen on your network)
- **Time in queue** (how long the threat has been in your queue)
- **Severity**
You can also filter the displayed alerts by:See [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) for more details.
##Sort and filter the Alerts queue
You can filter and sort (or "pivot") the Alerts queue to identify specific alerts based on certain criteria.
diff --git a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md
index 8192f42f7f..112382f305 100644
--- a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md
@@ -51,7 +51,7 @@ This tile shows you a list of machines with the highest number of active alerts.
-Click the name of the machine to see details about that machine. For more information see, [Investigate Windows Defender ATP alerts](investigate-alerts-windows-defender-advanced-threat-protection.md#investigate-a-machine).
+Click the name of the machine to see details about that machine. For more information see, [Investigate machines in the Windows Defender Advanced Threat Protection Machines view](investigate-machines-windows-defender-advanced-threat-protection.md).
You can also click **Machines view** at the top of the tile to go directly to the **Machines view**, sorted by the number of active alerts. For more information see, [Investigate machines in the Windows Defender Advanced Threat Protection Machines view](investigate-machines-windows-defender-advanced-threat-protection.md).
diff --git a/windows/keep-secure/defender-compatibility-windows-defender-advanced-threat-protection.md b/windows/keep-secure/defender-compatibility-windows-defender-advanced-threat-protection.md
index e3df30dc93..91bec22e77 100644
--- a/windows/keep-secure/defender-compatibility-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/defender-compatibility-windows-defender-advanced-threat-protection.md
@@ -30,4 +30,4 @@ Windows Defender will continue to receive updates, and the *mspeng.exe* process
The Windows Defender interface will be disabled, and users on the endpoint will not be able to use Windows Defender to perform on-demand scans or configure most options.
-For more information, see the **Compatibility** section in the [Windows Defender in Windows 10 topic](windows-defender-in-windows-10.md# compatibility-with-windows-defender-advanced-threat-protection).
+For more information, see the **Compatibility** section in the [Windows Defender in Windows 10 topic](windows-defender-in-windows-10.md).
diff --git a/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md b/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md
index 300a029cff..2c68fb6704 100644
--- a/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md
@@ -151,7 +151,7 @@ The service could not contact the external processing servers at that URL.
17 |
Windows Defender Advanced Threat Protection service failed to change the Connected User Experiences and Telemetry service location. Failure code: ```variable```. |
An error occurred with the Windows telemetry service. |
-[Ensure the telemetry service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-the-telemetry-and-diagnostics-service-is-enabled).
+ | [Ensure the telemetry service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-telemetry-and-diagnostics-service-is-enabled).
Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md). |
@@ -202,7 +202,7 @@ Ensure real-time antimalware protection is running properly.
28 |
Windows Defender Advanced Threat Protection Connected User Experiences and Telemetry service registration failed. Failure code: ```variable```. |
An error occurred with the Windows telemetry service. |
-[Ensure the telemetry service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-the-telemetry-and-diagnostics-service-is-enabled).
+ | [Ensure the telemetry service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-telemetry-and-diagnostics-service-is-enabled).
Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md). |
@@ -218,7 +218,7 @@ Ensure real-time antimalware protection is running properly.
31 |
Windows Defender Advanced Threat Protection Connected User Experiences and Telemetry service unregistration failed. Failure code: ```variable```. |
An error occurred with the Windows telemetry service during onboarding. The offboarding process continues. |
-[Check for errors with the Windows telemetry service](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-the-telemetry-and-diagnostics-service-is-enabled). |
+[Check for errors with the Windows telemetry service](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-telemetry-and-diagnostics-service-is-enabled). |
| 32 |
@@ -237,7 +237,7 @@ If the identifier does not persist, the same machine might appear twice in the p
34 |
Windows Defender Advanced Threat Protection service failed to add itself as a dependency on the Connected User Experiences and Telemetry service, causing onboarding process to fail. Failure code: ```variable```. |
An error occurred with the Windows telemetry service. |
-[Ensure the telemetry service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-the-telemetry-and-diagnostics-service-is-enabled).
+ | [Ensure the telemetry service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-telemetry-and-diagnostics-service-is-enabled).
Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md). |
diff --git a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md
index 59834fcd44..eec0ada5a4 100644
--- a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md
@@ -69,7 +69,7 @@ The threat category filter lets you filter the view by the following categories:
- Threat
- Low severity
-For more information on the description of each category see, [Investigate machines with active alerts](dashboard-windows-defender-advanced-threat-protection.md#investigate-machines-with-active-malware-detections).
+For more information on the description of each category see, [Investigate machines with active alerts](dashboard-windows-defender-advanced-threat-protection.md#machines-with-active-malware-detections).
You can also download a full list of all the machines in your organization, in CSV format. Click the **Manage Alert** menu icon  to download the entire list as a CSV file.
@@ -104,7 +104,7 @@ You'll see an aggregated view of alerts, a short description of the alert, detai
This feature also enables you to selectively drill down into a behavior or event that occurred within a given time period. You can view the temporal sequence of events that occurred on a machine over a specified time period.
-You can also use the [Alerts spotlight](investigate-alerts-windows-defender-advanced-threat-protection.md#alerts-spotlight) feature to see the correlation between alerts and events on a specific machine.
+You can also use the [Alerts spotlight](investigate-alerts-windows-defender-advanced-threat-protection.md#alert-spotlight) feature to see the correlation between alerts and events on a specific machine.
diff --git a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md
index 8fa747d356..0fd2edc0d3 100644
--- a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md
@@ -108,7 +108,7 @@ If the **START_TYPE** is not set to **AUTO_START**, then you'll need to set the
## Windows Defender signature updates are configured
The Windows Defender ATP agent depends on Windows Defender’s ability to scan files and provide information about them. If Windows Defender is not the active antimalware in your organization, you may need to configure the signature updates. For more information see [Configure Windows Defender in Windows 10](windows-defender-in-windows-10.md).
-When Windows Defender is not the active antimalware in your organization and you use the Windows Defender ATP service, Windows Defender goes on passive mode. For more information, see the **Compatibility** section in the [Windows Defender in Windows 10 topic](windows-defender-in-windows-10.md# compatibility-with-windows-defender-advanced-threat-protection).
+When Windows Defender is not the active antimalware in your organization and you use the Windows Defender ATP service, Windows Defender goes on passive mode. For more information, see the **Compatibility** section in the [Windows Defender in Windows 10 topic](windows-defender-in-windows-10.md).
## Windows Defender Early Launch Antimalware (ELAM) driver is enabled
If you're running Windows Defender as the primary antimalware product on your endpoints, the Windows Defender ATP agent will successfully onboard.
diff --git a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
index 9f73d970e0..e3c1d51f68 100644
--- a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
@@ -149,7 +149,7 @@ If the deployment tools used does not indicate an error in the onboarding proces
Event ID | Message | Resolution steps
:---|:---|:---
5 | Windows Defender Advanced Threat Protection service failed to connect to the server at _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection).
-6 | Windows Defender Advanced Threat Protection service is not onboarded and no onboarding parameters were found. Failure code: _variable_ | [Run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md#manual).
+6 | Windows Defender Advanced Threat Protection service is not onboarded and no onboarding parameters were found. Failure code: _variable_ | [Run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md).
7 | Windows Defender Advanced Threat Protection service failed to read the onboarding parameters. Failure code: _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection), then run the entire onboarding process again.
15 | Windows Defender Advanced Threat Protection cannot start command channel with URL: _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection).
25 | Windows Defender Advanced Threat Protection service failed to reset health status in the registry. Failure code: _variable_ | Contact support.