From 67bb581bc655d31f37723a93542482667bc79f0e Mon Sep 17 00:00:00 2001
From: jirenugo <57419984+jirenugo@users.noreply.github.com>
Date: Tue, 14 Jul 2020 01:23:19 -0700
Subject: [PATCH 01/57] Update credential-guard-manage.md

---
 .../credential-guard/credential-guard-manage.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
index 7e98cba59b..a046602eea 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
@@ -155,7 +155,7 @@ DG_Readiness_Tool_v3.6.ps1 -Ready
 -   You should perform regular reviews of the PCs that have Windows Defender Credential Guard enabled. This can be done with security audit policies or WMI queries. Here's a list of WinInit event IDs to look for:
     -   **Event ID 13** Windows Defender Credential Guard (LsaIso.exe) was started and will protect LSA credentials.
     -   **Event ID 14** Windows Defender Credential Guard (LsaIso.exe) configuration: 0x1, 0
-        -   The first variable: 0x1 means Windows Defender Credential Guard is configured to run. 0x0 means it's not configured to run.
+        -   The first variable: 0x1 means Windows Defender Credential Guard is configured to run. 0x0 means it's not configured to run. 0x2 means Windows Defender Credential Guard is configured to run with UEFI lock
         -   The second variable: 0 means it's configured to run in protect mode. 1 means it's configured to run in test mode. This variable should always be 0.
     -   **Event ID 15** Windows Defender Credential Guard (LsaIso.exe) is configured but the secure kernel is not running; continuing without Windows Defender Credential Guard.
     -   **Event ID 16** Windows Defender Credential Guard (LsaIso.exe) failed to launch: \[error code\]

From 8d5aefa6bf00959945fe756b7498b6d5250ece13 Mon Sep 17 00:00:00 2001
From: Ben McGarry <9434920+BenMcGarry@users.noreply.github.com>
Date: Mon, 24 Aug 2020 15:06:41 +0100
Subject: [PATCH 02/57] Update WDAC hunting query

Existing query does not appear to work within WDATP Advanced hunting, this updates the query to return the expected result.
---
 ...ation-control-events-centrally-using-advanced-hunting.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md
index 3b0e313266..19bcd021e5 100644
--- a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md
+++ b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md
@@ -30,10 +30,10 @@ This capability is supported beginning with Windows version 1607.
 Here is a simple example query that shows all the WDAC events generated in the last seven days from machines being monitored by Microsoft Defender ATP:
 
 ```
-MiscEvents
-| where EventTime > ago(7d) and
+DeviceEvents
+| where Timestamp > ago(7d) and
 ActionType startswith "AppControl"
-| summarize Machines=dcount(ComputerName) by ActionType
+| summarize Machines=dcount(DeviceName) by ActionType
 | order by Machines desc
 ```
 

From 2b6ec3393ea3b7f2f3d0b7634a91cf02fcffb7cc Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Tue, 25 Aug 2020 21:02:02 +0500
Subject: [PATCH 03/57] Update advanced-security-audit-policy-settings.md

---
 .../auditing/advanced-security-audit-policy-settings.md          | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
index e36022563e..1ce7884399 100644
--- a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
+++ b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
@@ -64,7 +64,6 @@ Detailed Tracking security policy settings and audit events can be used to monit
 - [Audit Process Creation](audit-process-creation.md)
 - [Audit Process Termination](audit-process-termination.md)
 - [Audit RPC Events](audit-rpc-events.md)
-- [Audit Credential Validation](https://docs.microsoft.com/windows/security/threat-protection/auditing/audit-credential-validation)
 - [Audit Token Right Adjusted](https://docs.microsoft.com/windows/security/threat-protection/auditing/audit-token-right-adjusted)
 
 ## DS Access

From e546ca6030efa9b71ecec7af3ac70c3c1c379927 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sun, 30 Aug 2020 11:33:19 +0500
Subject: [PATCH 04/57] Update credential-guard-requirements.md

---
 .../credential-guard/credential-guard-requirements.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
index 25d125585e..8e3b5ae6a1 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
@@ -98,7 +98,7 @@ The following tables describe baseline protections, plus protections for improve
 | Hardware: **Trusted Platform Module (TPM)**  |  **Requirement**: TPM 1.2 or TPM 2.0, either discrete or firmware.<br>[TPM recommendations](https://technet.microsoft.com/itpro/windows/keep-secure/tpm-recommendations) | A TPM provides protection for VBS encryption keys that are stored in the firmware. This helps protect against attacks involving a physically present user with BIOS access. |
 | Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot** | **Requirements**: See the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](https://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot)| UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots.  |
 | Firmware: **Secure firmware update process**  | **Requirements**: UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](https://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot).| UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed. |
-| Software: Qualified **Windows operating system**  | **Requirement**: Windows 10 Enterprise, Windows 10 Education, Windows Server 2016, or Windows 10 IoT Enterprise<br><blockquote><p><b>Important:</b><br> Windows Server 2016 running as a domain controller does not support Windows Defender Credential Guard. </p></blockquote> |Support for VBS and for management features that simplify configuration of Windows Defender Credential Guard. |
+| Software: Qualified **Windows operating system**  | **Requirement**: Windows 10 or Windows Server 2016<br><blockquote><p><b>Important:</b><br> Windows Server 2016 running as a domain controller does not support Windows Defender Credential Guard. </p></blockquote> |Support for VBS and for management features that simplify configuration of Windows Defender Credential Guard. |
 
 > [!IMPORTANT]
 > The following tables list additional qualifications for improved security. We strongly recommend meeting the additional qualifications to significantly strengthen the level of security that Windows Defender Credential Guard can provide.

From 1f41afd14c95b11e9bb5bad0959d07ad544088c5 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Mon, 31 Aug 2020 14:32:30 +0500
Subject: [PATCH 05/57] Update
 windows/security/identity-protection/credential-guard/credential-guard-requirements.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../credential-guard/credential-guard-requirements.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
index 8e3b5ae6a1..cdf9c3ec9a 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
@@ -98,7 +98,7 @@ The following tables describe baseline protections, plus protections for improve
 | Hardware: **Trusted Platform Module (TPM)**  |  **Requirement**: TPM 1.2 or TPM 2.0, either discrete or firmware.<br>[TPM recommendations](https://technet.microsoft.com/itpro/windows/keep-secure/tpm-recommendations) | A TPM provides protection for VBS encryption keys that are stored in the firmware. This helps protect against attacks involving a physically present user with BIOS access. |
 | Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot** | **Requirements**: See the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](https://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot)| UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots.  |
 | Firmware: **Secure firmware update process**  | **Requirements**: UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](https://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot).| UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed. |
-| Software: Qualified **Windows operating system**  | **Requirement**: Windows 10 or Windows Server 2016<br><blockquote><p><b>Important:</b><br> Windows Server 2016 running as a domain controller does not support Windows Defender Credential Guard. </p></blockquote> |Support for VBS and for management features that simplify configuration of Windows Defender Credential Guard. |
+| Software: Qualified **Windows operating system**  | **Requirement**: Windows 10 or Windows Server 2016.<br><blockquote><p><b>Important:</b><br> Windows Server 2016 running as a domain controller does not support Windows Defender Credential Guard. </p></blockquote> |Support for VBS and for management features that simplify configuration of Windows Defender Credential Guard. |
 
 > [!IMPORTANT]
 > The following tables list additional qualifications for improved security. We strongly recommend meeting the additional qualifications to significantly strengthen the level of security that Windows Defender Credential Guard can provide.

From 032a7518c5047cdcacbab7c2202ae93ee1101351 Mon Sep 17 00:00:00 2001
From: Mark Wodrich <markwo@google.com>
Date: Thu, 3 Sep 2020 16:54:44 -0700
Subject: [PATCH 06/57] Update StackPivot compatibility considerations

---
 .../microsoft-defender-atp/exploit-protection-reference.md | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md
index d8f35500f4..388335525b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md
@@ -667,7 +667,7 @@ Compatibility issues are uncommon. Applications which depend on replacing Window
 
 ### Description
 
-The *validate stack integrity (StackPivot) mitigation helps protect against the Stack Pivot attack, a ROP attack where an attacker creates a fake stack in heap memory, and then tricks the application into returning into the fake stack which controls the flow of execution.
+The *validate stack integrity (StackPivot)* mitigation helps protect against the Stack Pivot attack, a ROP attack where an attacker creates a fake stack in heap memory, and then tricks the application into returning into the fake stack which controls the flow of execution.
 
 This mitigation intercepts a number of Windows APIs, and inspects the value of the stack pointer. If the address of the stack pointer does not fall between the bottom and the top of the stack, then an event is recorded and, if not in audit mode, the process will be terminated.
 
@@ -710,7 +710,10 @@ The APIs intercepted by this mitigation are:
 
 ### Compatibility considerations
 
-Compatibility issues are uncommon. Applications which are leveraging fake stacks will be impacted, and there is also a small risk of revealing subtle timing bugs in multi-threaded applications.
+Applications which are leveraging fake stacks will be impacted, and there is also a small risk of revealing subtle timing bugs in multi-threaded applications.
+Applications which perform API interception, particularly security software, can cause compatibility problems with this mitigation.
+
+This mitigation is incompatible with the Arbitrary Code Guard mitigation.
 
 ### Configuration options
 

From ae76541e4ff5c03ea8f69a10255ca577cc96713b Mon Sep 17 00:00:00 2001
From: Ben Watt <13239035+wattbt@users.noreply.github.com>
Date: Fri, 4 Sep 2020 14:09:05 +0100
Subject: [PATCH 07/57] Added missing final steps

The steps for deploying the custom configuration profile did not finish as the previous section did, by explaining how the configuration profile should be assigned.
I have added identical steps to the Systems Extension Policy before it.
---
 .../microsoft-defender-atp/mac-sysext-policies.md               | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md
index 3cd6ef23e7..a146b082c5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md
@@ -279,3 +279,5 @@ To deploy this custom configuration profile:
 
     ![System extension in Intune screenshot](images/mac-system-extension-intune.png)
 
+5. In the `Assignments` tab, assign this profile to **All Users & All devices**.
+6. Review and create this configuration profile.

From 5dc06cf3a417550fbb1029c45b1af4a9b9dbd2cc Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Fri, 4 Sep 2020 15:15:22 -0700
Subject: [PATCH 08/57] add partner table

---
 .../partner-applications.md                   | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
index ee58dab8f6..3827f0fead 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
@@ -31,6 +31,36 @@ The support for third-party solutions help to further streamline, integrate, and
 
 Microsoft Defender ATP seamlessly integrates with existing security solutions - providing out of the box integration with SIEM, ticketing and IT service management solutions, managed security service providers (MSSP), IoC indicators ingestions and matching, automated device investigation and remediation based on external alerts, and integration with Security orchestration and automation response (SOAR) systems. 
 
+## Supported partner applications
+
+Partner name   | Description |Category 
+:---|:---|:---
+|AzureSentinel | Stream alerts from Microsoft Defender Advanced Threat Protection into Azure Sentinel |Security information and analytics 
+|Elastic Security | Elastic Security is a free and open solution for preventing, detecting, and responding to threats.|Security information and analytics 
+|AttackIQ Platform | AttackIQ Platform validates MDATP is configured properly by launching continuous attacks safely on production assets|Security information and analytics 
+|Skybox� Vulnerability Control | Skybox� Vulnerability Control cuts through the noise of vulnerability management, correlating business, network threat context to uncover your riskiest vulnerabilities.|Security information and analytics
+| Splunk | The Microsoft Defender ATP Add-on allows Splunk users to ingest all of the alerts and supporting information to their Splunk |Security information and analytics 
+|IBM QRadar | Configure IBM QRadar to collect detections from Microsoft Defender ATP |Security information and analytics 
+|Cymulate | Correlate Defender ATP findings with simulated attacks to validate accurate detection and effective response actions |Security information and analytics 
+| HP ArcSight |Use HP ArcSight to pull Microsoft Defender ATP detections |Security information and analytics 
+|SafeBreach | Gain visibility into Microsoft Defender ATP security events that are automatically correlated with SafeBreach simulations|Security information and analytics 
+| RSA NetWitness| Steam Microsoft Defender ATP Alerts to RSA NetWitness leveraging Microsoft Graph Security API|Security information and analytics 
+| XM Cyber| Prioritize your response to an alert based on risk factors and high value assets.|Security information and analytics 
+ Demisto, a Palo Alto Networks Company|Demisto integrates with Microsoft Defender ATP to enable security teams to orchestrate and automate endpoint security monitoring, enrichment and response|Orchestration and automation
+ |||Orchestration and automation
+ |||Orchestration and automation
+ |||Orchestration and automation
+ |||Orchestration and automation
+ |||Orchestration and automation
+ |||Orchestration and automation
+Palo Alto Networks |Enrich your endpoint protection by extending Autofocus and other threat feeds to Microsoft Defender ATP using MineMeld|Threat intelligence  
+ThreatConnect | Alert and/or block on custom threat intelligence from ThreatConnect Playbooks using Microsoft Defender ATP connectors |Threat intelligence  
+MISP (Malware Information Sharing Platform) | Integrate threat indicators from the Open Source Threat Intelligence Sharing Platform into your Microsoft Defender ATP environment| Threat intelligence  
+ |||Network security
+ ||| Cross platform
+||| Additional integrations 
+ ||| Manages security service providers
+
 ## SIEM integration
 Microsoft Defender ATP supports SIEM integration through a variety of methods - specialized SIEM system interface with out of the box connectors, a generic alert API enabling custom implementations, and an action API enabling alert status management.  For more information, see [Enable SIEM integration](enable-siem-integration.md).
 

From 62c377cc7be3a952fae462aab379d368b83278b6 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Thu, 10 Sep 2020 15:59:38 -0700
Subject: [PATCH 09/57] char

---
 .../microsoft-defender-atp/partner-applications.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
index 3827f0fead..8d7ecfb297 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
@@ -38,7 +38,7 @@ Partner name   | Description |Category
 |AzureSentinel | Stream alerts from Microsoft Defender Advanced Threat Protection into Azure Sentinel |Security information and analytics 
 |Elastic Security | Elastic Security is a free and open solution for preventing, detecting, and responding to threats.|Security information and analytics 
 |AttackIQ Platform | AttackIQ Platform validates MDATP is configured properly by launching continuous attacks safely on production assets|Security information and analytics 
-|Skybox� Vulnerability Control | Skybox� Vulnerability Control cuts through the noise of vulnerability management, correlating business, network threat context to uncover your riskiest vulnerabilities.|Security information and analytics
+|Skybox Vulnerability Control | Skybox Vulnerability Control cuts through the noise of vulnerability management, correlating business, network threat context to uncover your riskiest vulnerabilities.|Security information and analytics
 | Splunk | The Microsoft Defender ATP Add-on allows Splunk users to ingest all of the alerts and supporting information to their Splunk |Security information and analytics 
 |IBM QRadar | Configure IBM QRadar to collect detections from Microsoft Defender ATP |Security information and analytics 
 |Cymulate | Correlate Defender ATP findings with simulated attacks to validate accurate detection and effective response actions |Security information and analytics 

From aaa5974d73545b5e369bee8dc0221448f65e4cd3 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Fri, 11 Sep 2020 15:37:46 -0700
Subject: [PATCH 10/57] update based on feeback

---
 .../microsoft-defender-atp/partner-applications.md            | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
index 8d7ecfb297..16bd018aee 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
@@ -31,7 +31,7 @@ The support for third-party solutions help to further streamline, integrate, and
 
 Microsoft Defender ATP seamlessly integrates with existing security solutions - providing out of the box integration with SIEM, ticketing and IT service management solutions, managed security service providers (MSSP), IoC indicators ingestions and matching, automated device investigation and remediation based on external alerts, and integration with Security orchestration and automation response (SOAR) systems. 
 
-## Supported partner applications
+## Supported applications
 
 Partner name   | Description |Category 
 :---|:---|:---
@@ -85,4 +85,4 @@ Microsoft Defender ATP allows you to integrate with such solutions and act on Io
 Microsoft Defender ATP currently supports IOC matching and remediation for file and network indicators. Blocking is supported for file indicators.  
 
 ## Support for non-Windows platforms
-Microsoft Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the portal and better protect your organization's network. This experience leverages on a third-party security products' sensor data giving you a unified experience.
+Microsoft Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the portal and better protect your organization's network. 

From b0e6671ccc3b523ce436b631830e781f70645ec5 Mon Sep 17 00:00:00 2001
From: Eddy Ng <57738387+WplusAzureAuto@users.noreply.github.com>
Date: Mon, 14 Sep 2020 11:00:14 +0800
Subject: [PATCH 11/57] Update waas-delivery-optimization-setup.md

Amended line 149 from Get-DeliveryOptimizationPerfSnap to Get-DeliveryOptimizationStatus, this command is validated from windows powershell to be the valid command that has -peerinfo switch
---
 windows/deployment/update/waas-delivery-optimization-setup.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/waas-delivery-optimization-setup.md b/windows/deployment/update/waas-delivery-optimization-setup.md
index a93a577f74..9cc82a5183 100644
--- a/windows/deployment/update/waas-delivery-optimization-setup.md
+++ b/windows/deployment/update/waas-delivery-optimization-setup.md
@@ -146,7 +146,7 @@ Using the `-Verbose` option returns additional information:
 - Bytes from CDN (the number of bytes received over HTTP)
 - Average number of peer connections per download 
 
-**Starting in Windows 10, version 2004**, `Get-DeliveryOptimizationPerfSnap` has a new option `-PeerInfo` which returns a real-time list of the connected peers.
+**Starting in Windows 10, version 2004**, `Get-DeliveryOptimizationStatus` has a new option `-PeerInfo` which returns a real-time list of the connected peers.
 
 Starting in Windows 10, version 1803, `Get-DeliveryOptimizationPerfSnapThisMonth` returns data similar to that from `Get-DeliveryOptimizationPerfSnap` but limited to the current calendar month.
 

From b5ed97ba1d15db48f6943b000866ab7ecfd1b706 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Mon, 14 Sep 2020 17:24:16 +0500
Subject: [PATCH 12/57] Update indicator-ip-domain.md

---
 .../microsoft-defender-atp/indicator-ip-domain.md            | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
index 90e188b28e..5f42abda95 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
@@ -46,6 +46,7 @@ It's important to understand the following prerequisites prior to creating indic
 > For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge leverages [Network Protection](network-protection.md) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios leverage Network Protection for inspection and enforcement: <br>
 > NOTE:
 >- IP is supported for all three protocols
+>- Only single IP addresses are supported (no CIDR blocks or IP ranges)
 >- Encrypted URLs (full path) can only be blocked on first party browsers
 >- Encrypted URLS (FQDN only) can be blocked outside of first party browsers
 >- Full URL path blocks can be applied on the domain level and all unencrypted URLs
@@ -59,7 +60,7 @@ It's important to understand the following prerequisites prior to creating indic
 
 2. Select the **IP addresses or URLs/Domains** tab.
 
-3. Select **Add indicator**.
+3. Select **Add item**.
 
 4. Specify the following details:
    - Indicator - Specify the entity details and define the expiration of the indicator.
@@ -72,4 +73,4 @@ It's important to understand the following prerequisites prior to creating indic
 - [Create indicators](manage-indicators.md)
 - [Create indicators for files](indicator-file.md)
 - [Create indicators based on certificates](indicator-certificates.md)
-- [Manage indicators](indicator-manage.md)
\ No newline at end of file
+- [Manage indicators](indicator-manage.md)

From 5323230175e3727a46039391198639abbcdd2a68 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 14 Sep 2020 10:30:51 -0700
Subject: [PATCH 13/57] Update indicator-ip-domain.md

---
 .../microsoft-defender-atp/indicator-ip-domain.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
index 5f42abda95..50c42b1fe9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
@@ -1,4 +1,4 @@
-﻿---
+---
 title:  Create indicators for IPs and URLs/domains 
 ms.reviewer: 
 description: Create indicators for IPs and URLs/domains that define the detection, prevention, and exclusion of entities.

From beb0000a9072aa270e0b36af50c0e41754bbe62d Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Mon, 14 Sep 2020 16:50:55 -0700
Subject: [PATCH 14/57] logos and partner descriptions

---
 .../images/arcsight-logo.png                  | Bin 0 -> 2800 bytes
 .../images/attackiq-logo.png                  | Bin 0 -> 1445 bytes
 .../images/cymulate-logo.png                  | Bin 0 -> 3519 bytes
 .../images/elastic-security-logo.png          | Bin 0 -> 3567 bytes
 .../images/ibm-qradar-logo.png                | Bin 0 -> 7354 bytes
 .../images/sentinel-logo.png                  | Bin 0 -> 4439 bytes
 .../partner-applications.md                   |  42 ++++++++++++++++++
 7 files changed, 42 insertions(+)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/arcsight-logo.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/attackiq-logo.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/cymulate-logo.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/elastic-security-logo.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/ibm-qradar-logo.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/sentinel-logo.png

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/arcsight-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/arcsight-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..5ec3542ebea6b2581b468a90d8f60b339cb9e72d
GIT binary patch
literal 2800
zcmc&$XIB%55)Cbc5K3rClqMYorMPsZB?MNCgd$B86{HD*bm;-5H$^}M1W`&9K|);!
z1cHHGx*$bDZ!QuNfozcG%bxcm_QTAanKLtA?%X*y)dqtW0G|Q_0003iOQbD32D0q|
z2*~yq-H|-(z!zxg91H+RDE@04R<;TZc9A#4>MDwNl}`|+DV@snVGn|{t&pbn5yiBU
zs6hKKQhi-s^nk&De6?~MpD<*}(=Ii2or6!ul=FIpy+FzY@0p6;Gn4tr@+mogO_zf|
zgA2hfh%2s8kQ`h=4ky@Op`?}LJ)ep+pPv~@-`XZ_Oc`4?D>$2&OXv;%9NZe5CvF@K
zw`~N+u}XuLgUKl=vQUY+rtSFEzj8Qv&|opim=T#QnM)7V56=ALLte`WjiD>ndvW~9
zM2&DiE3oO#{ePFLP2d}o{~{rsOS&lV#%Jn%j4I=IS+k)^T`Y5|X|(8NofYgunu)DL
z^^i^uIcV);%IMfw0)=AXRIB41V|17bqS0veGxryZS+&|3-Sl#V_n$+iK|7Lq_;(j(
zN|jsBa{4C=o{8J^m>?eO1oH6q=%d%OtdZzzq}HGoSp@~|wY9aFtQNUTQcFuq^)9tA
zb#r9@zyR9Er^b~}7lOcj{B;Ba_EHuP#RrzE>%zZ`Uld?6nf?9!q|M*_jO504IrY(g
z+m1Gd#ol_yzcn^DUrzSD?@ba7E+xIO`lxdLycrgI#v)5{rpgJ)ow+-3PX>B>sfTB}
z{&wOaXNGCjl>FigukK8X=z>m3{CMggUtI=^m>`R6MB<lsQ?gslvj-C+14}^(Hyp+u
zZi;ah5J9!o@L>uiJzsISytz4Sz;^jmvCe6LJH77^KoN$)c+)>|5@sMM?D^SbJi%-1
z^XKKS*BzRo+L7LVe&(K@Z)amLRp2T+Vh9icsV)*ujEmmkyR)4_a<dazlv&I!d0~ik
zal!eFS0-qN&2*mFQ#%71j6cSO1F62B%93ilsqHZJg;lblhOqnAk%If2!E~0?6Z)!;
z_jEJQWl?%>3d}Jc0r931`I`_3*$Q2=FdE0ksT5HcS65Ty955+3tG5?9Sg6URs;UYA
zy!?_@X!Xq9-xv2<r7(;&H+l{%A|jHLm&XkVG$?U8=+W95IsoA-y9WmN5r{bSGLaP@
zoQ0N&5mUxUqA?i3f3{{a6S#Qgbai2Auj9k-G3K+4DGjjvrLCE>#fDyegptb`sC0?$
zkr5$-l41GfKN$CcB1>EO;kO|IkB9qs^QR5R>O=inwA;v&+^#3O)e9fR*IT*w=YnMl
zG2KGnr^<JpJ7}P(38$Y)a{!F?Nn9X7K}tJ4z!ZbQv<%2V*(gX1l@Pic8nn0}r=O5W
zChr&OIedIZWY3-BcXoCLfk5Bhb5Bf7$<z0I2CYgHS64j>hwdGz#_;(1`jX(}<MFDy
z{a1CDCVzDGbVTmv6c<C1$q6xs|J-K2tGlx`9W=eaZejf@))-T2luDajK!=7300mBQ
zqp(J2>%NoPgSH09m*O_Hhbc-1QsSnezkcdMH#`n^KqVdLN{1b;mtG+0J9Ok>^r1@=
zt#QWC4P>!hRFLMHg@w(^$#Jj47xC<1jH2ROF;P+TlM{}{*yBgb#iGz$JU--*)-wLJ
z$uBh+Gh*D8q?VuH(d6P5N+1w?CaTBm?d_38m18on^KZ({lWij-+umjFG-zr4+#g*c
zC$nepc-!b`qqlG0=2rUHJ2_dFmzQ6RU<g0@xn^v4^QLrDV`J;)#@ZUTXQJkfk4snP
z%HzGgl{Sci8Jke`iDWoJKm#~_!Q5Q~F;?&I+VUEhenIV-GFL`|9(wH$rpA-`G!87*
z9Y$S&-vtRur*iQM$|~KH%U5$w8+xhRPSkB`ZpLW>(?2aAs2dqc(rEtP4<7uAn+0+K
zA@Ieo(mK(4duh^P?Q^u-2ndk6N*8)ip_?&3UtL@KJ>N4!bMfqnJa0Cif&*%IOrC+z
z2U18&vR4zASGa=rrM%S#6DMPbL(6(Y0tGmrjYYoHMY_<ZzADEX6nF=b_|bn>=S}4>
z`Ka-ty`v-RDO^+=8rCi~+d_}W;{y$f3k!<Uf>r`dZES4n3b#Ak<yBNb?U(lfFAT%V
z$nyz((s2+zK0c?82+hsSO&ctB>|Cevk3tg~RliYOtgN<!`%_oj=><$XKT1fs+iwsa
zlJ}f^;>OcISA!q#j+*e+i`C<&;a=RmCWbQg@DK|zkjj!Wob>zk-kBf_WBCofGL~U4
zZPix+{fvxsYK(wJ$HW{)-^kD`v{ph|Sls#ZsiKOSipj%=T3N635>iqu2TNXZqUy@<
zcyLi=<b95X$9>#k_Senc)lj~5b>QOnLLjauBAmBwKJFG8il6VpWi@EEFyVI@ahq0+
zYp*QkhOOgww+Fy-Q&lxJP&{5vP3^s-Bnn#}#R}*+Iasi<af<JI6(JdQ`2dv4nxB0j
z%3p%vCCp?@OxR2A@7djVZUT3;I5ANFC|g>02<?`}o@#4Tb~|QrmqPpXi-ckX=|N{0
znJ*y=tr1Sk%kE&lggaV2^pnHUdToN8b#}K0gi<C8`9(IH=xBnXYHI4GE^&rjK5%J!
zsE8>scr0X0&3t?1mWh*-9u9}2{yz4dnUa-7F-hlna6f{}%F0TmuA0&BzUd%N?mXh`
ziehjSpWT-*48PYi>G5f6CR_I6o=$Y^w;ZppG*$|rm7JQT?Zrr6xEvAd9tHWJc=nXk
z&xLryEe&8cjzFx4LQpg!)~(@BgwVSiyx85ZE>2;+W>~Rey&tzac8Bk=K~TGOB4=xB
zOM-LVg+QUXaLwg){vHj8ln#VWWJ#ZTS;YA2=a-w8mn0M(6Hg*R;f9YOO4fy-#G4DX
zm>bbXM@L6Dg2+8&%^f*qz7&(<3g01L4I<1!%?(T}fZ-Aof1Dh;VjUfm6M2Q?Hon(E
zVKNH~=CpE8<i^8zgR1=iR`^xI1&0s8aZ|RqU`$bE?)cvd4i0WtQa;4E$*^wg=}QW-
zscsV%*8J{$rB6Xd@NNC@#)5oX_T#nJ3m2U6^QAV=e*SFc@9z(z&0Z_7k{K~dZKGaV
z?|FX&^=!`<aYK}kGdp)~ZFf@OiLX^a3|8{ocHncmGyTr&_Oj?kz0|%~C!by5-OtwF
z)QQSyWXK74bUJCH)Rju-kIFXwz5Qm{aFn;_8cX9v#<9q=ze5;tJ2k@stUK&$UsqC2
zH0WaK8b>8~dV20}5k}kzGxb5^O1%`youmC9$5W*2eidT(XdI21LHpQ0#eqzE`cy>C
zsUE<lskTh%;}#wNq_JsZM8qWqL82c{&QrAuTpvVyV?Nq192$*0SlV$|_fi+u>ndaI
z?zT_PG2lDdMcn_2t^Z6$nREvozJ9fW&b~p5wLAdH?=Y^EC`zMln(=JJK^t<p6MMvc
Q*lHDEg~A{|n7QNr2NM1#761SM

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/attackiq-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/attackiq-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..e27d84fd769b3465f1361035bd269ed6429a0e82
GIT binary patch
literal 1445
zcmcgs|2xwO9RKJ!CW;+}bbYy$O_-ZY_!P5i%({#t-9yPrw>{*`s`*y)HD~7-$+>*V
zm#HbOHHDL;HQJQMXtHFRFGFUsX_KUKyXXFgp6C5~zh2Mlm-qX5UeEK&3&La9o7kEF
z0I(kCj|tZEIX%e6M*8h63G~;~TC#tb-n82F9}IB8J2iR}Lcs<2LMGRmSz7~*J0%+d
zzz~DOpbw{9eJc(0uT1`~d!gt+1=4TRfYFoEMD&c%m|}b<D)>^w{>jGhs>Q62kh4MJ
z2~F+fb`O3be1a1GCm%&CBeZyx*0F^@gR5D!IMZGG4mD*Zj=iFo<!eS5du)2O_wDaG
zM|!(xH2b-c=_0#?8d#C%&Hx9d&yI)M`oPR!8qyFa*<4nWrUOM6Ei}v4k%Cy2puoLc
zzI6eyS57oMaR_Y_0u^k?L4JL?j$5Y-WwY5l_0qM51_$Em^t8P_3|2(#sE^hxQ?Y%H
zyLV>~#}>vz)))XjXmr;6>B8{j)e7$#^Q87IN$oQ7mH;sTh}`!!j<?6%f8@Jj1aq<i
z9w(r5oBBR$Mp(Iu^TFqTGcz~0gBla4)cwR&-X%uRO#f-OfUeHYPR8eSE{eDh27}q3
zf^W#~R`A$ITcLTFiRvre3eV=kfr^Fc__#O*i)Ff`9;LmEq33=>hEJ-!?%tKRX4qQ3
z8~c!+A+7ds{RhE}ntzii4?334jSLM9ZGf0>h10qiLlQ~in+LLZHxN8OS>fpD*fUPH
z>1#__sGC)(LS!=8EjHV^LD4Zu_89ExIY?Piif`OvFwkwX_^weEv+YOH%g83}neH7j
z)GgQ*&dj6t&!!x66$4RElqHu(=3cz8@WW!q7g7jK!%#EYfLvZEm&*@3aab)a8^glF
z;4UuRa`{$iyt_ak2s(1)Z{2Gi0jeK>td@HnyH7T7b92LSE?m9*s5d?#Au1)shR^3W
z4#xtS4<3NmZ`@GK%i3`@wblA?oDhh*d-p7eO`ELp4J+z-s>PG3sh-Nk1B@UYDLL6X
zIy&0HL!~Iym3q3mt|@tzGdmk|2#>Gha#5g_8LhaoGG8i{o-((LB9S1+Io3=j^QlOL
z&B(|QuDt8-hk_tTa4om+_DfAo)fvET)}15}fZpETn;Z_7NF=`CcBN~#Wvn@k-G?td
zelVu$`blr<2WUu0$c$2Hpqa>Pym=E2dLxlpJRX{olvJ;CSrO1TKNSiwzP^UQ<EgW}
zsk6S_oQU>Z2IKp|p&`E|X9Pl!1{wlQ!v%A5u`<Q*+oa~^W`h1KolYmW9eeuxd49Qe
zNjgqzy|{v}78T8pqKJ#l3dyvZ0H)ajn)&h~iiq#uiL@&=*1tGL0Z+7qEBYK99C-R<
zj3AJ43TO%T@c^+{{7Nd_LtWL!{kufP7Yf&zn410)5^}N9J;By{;5auuVyO(cR9tM(
zIzlfl{#M#{4#Hxw;0S~faJ%J#CUE8qW&W9V85wwc8#VL~Cz4yH^=i_m&0nT8mTJ<Q
z#@Fw?@DU$v)x#DKOFDYQ7F%j$B+;O>ylGaXtob7Ol#=#gZU51U9DerPN7gGdZ-JIh
z&l&Pp!hHU^ia{->=KWf~y}-dZ%A~U_`-iVBb4O!5Q7bcvRS>36MexB6Wl8PeSlp5S
bJ89YcS{2*Vx5$pAuUG)*i^tsgiIDv-&#9+=

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/cymulate-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/cymulate-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..daa2aef8f818f1bb19535a1e2ca4a0c54f9c324f
GIT binary patch
literal 3519
zcmchac|4Te-^UfVEjvY$rNr2`NyA{Q*|)KW?EB78!b~G;wuG^Ci(*L2knC%bgcuBl
z24mlEVnnv_T=(<*`TYI+{c*1IdR^yy&-J~|`F!5z^-Z-f(`RMoXQrW{VKp?+g#&%)
zzm1U|cz&DPHwHSUPy>eu8k#G&{%scw;iA8QmkbC)Q$2<yCN^HN3m1@c3PAjQLtQQF
zhkyT5923ej{_=4rVTPctWGI%!#O`6@{>6s&VF-_hHAqidD~fen2Eogz-?JAP_fhg*
zV(l`{rXNO>?6J#}veT{Gzvz!v(?-8;a^lgIy>a7VhMG2}k0z&A?NP<ame6M>T5fI@
z%)u<hCeo&&wGzKh89XYcK$XTh;YO)lpL{zJfAO5@FzrK(N_!QMf84u|&5>1)K*t8%
zJ!LKJ%8#I0yPF~|3|1mziy*Y1{{Kz1yr`bZwHB7EnN>#jNZ{7+e|Tt!$-L@Ml>t+x
z)W_?*q6JAwIHm-M%`MPgm=T>SZpq?CcV#OZW&Yp^BdaVF`a`c%;uXZTG@yS0-y^{}
zIq`A@Han#^Fpmf(+sQafPmlGZsMI@uTdu$^_ki|>cNFA{Bctb^sBdLennNZg+$hK5
zCk8&#)GK9cXym0pbI+p=8N-fbTO%ga4CxECyXt>OsE40Tu0T(2W(nkRn0uc%roU!5
zmXY^80@dulH0Ov%>v^NnEcZ1##TE1}6n`?8D*ezcwi&gPnk3eA`Zv5Qjst`(fA=oU
zS~797<<A*1{)=!@SifR1GH1}c&r^{v3GK$0;-Zy_2v@i0?+nr3UFUz0uJR;8>QY2=
z364oxr>x=iV{(>2g5SPV`XU5@K-2`!sBX6(-uL(SfAjXO`)IkLv_oxzFSx&YzG@h5
z)ImKC@cvQog%r|hs!Td`6UjDsW*};|p)PLqQ2=#R5?QP7WY^+ctk~M<(Bga@u4>lU
z?a-S?*5}^K8tBMF#h!<RlV6qpPz}Ztq5WuD2G6*-b{=g5k%Teu2a>I&rHG@WBX;uu
z`JsfnH_X$@Du;#s$sRkZ$x$q)Poo{*5TxSyokQi}FW2VanXI}Hq3^4e=DU3vXL9R$
zsIH)y9Fq9crwY9;X<<V<nuL+tT3(RPaf?HAYXnIXHNjO}>-GW#57Q@rXCE%IZftDG
zo93*ncwdpW|I8p1t7&N1SAE0j%$h5e&e_=+k{QuoJ@Za;3Ry6As`9-%XpX90l9T+i
zCcgu%Tzc_CEC(Z6Op|ajJ8YaU>oryDm5agDdJppZ2Lz1#zRCUi?OREHetzG8fSddo
ziYRKVk&#h>q8D>dPY=ykcZK^8=l{BhrpY!)&`Z0LZ6f9u80guZ#2Pr$a#@5fBO}8J
zF{1b0xfNsc&NjQxlTXo;5tteufAL_4jGu0fkdTsE9D?rXGNN;zXThiiSsKSF$H$Lw
zZF~J~hpr@LDckq1l$AkIE+#+|W%^m(TazC}a|~ZbuU!2}A{kZ^+75mO1Wwf^N?28J
zuq7Lc<@_jAO7;a8wXRlKRl@Jx`?;#TbvwcP!KqCYm8f1DF%cBqxI{Xa!3LEeAT>db
zRLZ!WF#)_>=SL`ya5B(H+H6tGGwR#e@OQAc2X&tA4NP~aM64K?5|(}wUF6sWAi@Fu
z{+{xDxp!s|IV^M+n`_h%YZlF+^V(P0k|R!}2cA<_@%dAMw%d~*b?BdHMQ=B+u4vaU
zLc$NWrbbsOefomYq9Kff-k<i+41&+}^z`7wNIwS*m_>(;PhJywFy*uNYrea-t<8y9
zL{vDDqqd^ruJWBb0}TzzD#+7^enl1U-@nhTERHIY27#X4)X&Tv@dbxCE>Q@ZqIXqg
zhbf}k4cm8B3p-Hmna|BCQ-w6r-T2b^Z!?<?xBzET;TL|iobN$WmTTYV%3OSARvEq5
zC!P%tpNS;S9|}3(jInU(dvz&=N<Ou*N8w5ALPI#`)~02QBOf$MdH^G{ct8pfe=%6=
z-ore)&TaQB{7}p*cr*1yNJn8RxA?y?MMXtTt1n{=M7eZtaDq)eX4|3x3*%Q8*DFiB
zsi#MD7cY1Z7U@}8aeI7Ae^pf_ad>Fw64%p}c<E$1vmLJ;la_)J`r22S12=M#;M88~
z^3Jm1h==a9T<Rp_V|Lp00|KN-4MBh&;nvo=IyySrw89CldrN(42a_J@La>*Bf)Y4b
z_`xYa7MZ(?y-FV6SfmHs$sKVp$(lO|=gNi#j891%roZ24VHZNnz@|%#d_4l13dAUQ
ze4C>j0d}GcL9<56^gSG|ytAvOcU}0J8oS%W3&=W;^XA<-2wO?)=wUMcP?eq;^-R#`
zW>J#m1EvM>CI1RPINZrZ`NeWKJ8bFOwU8gAOUsshyc5KTp38PM;mbx7)h_t$nbr$U
zi<wZy<nCssc=C?V{@O_Mp(7@dBYr@(H67r|4eZxiX|U<$ZT0n_(d<EQhxSLe8)qL$
zeY9sGs6F3_ii(2U+9qwTxX?y9=i5uue=f_?`1wzV&MS_FpmX15SUC|_X2;$GX%yVs
z=W0KePH#!mghit<UJAj}5GSHn&(q6wb#;Fam*O@@M@B9PtUKJ94yC0D={OQg<CPQR
zV+kk69WL{;X%fK9%*<w>>NjuJ$~RUaY{0&6&aY)Zx?5(6YhK}J6IA<NbUR?O69wDp
zIFWs2@rE?ji!V*&pnIYvJ+J`q6<c3_yRp8muEzCCyaw?TyNI<bmEidv)qY)JZU3f{
zrPSl-->mlMQP3`*mEgX-=jofz!mc|>pgfn<v_-kxrklb9Afb<qWt$Uv(s*+WL~DXx
z0I0i>%~)SwA4?g$(}WwCl)}yJ6U=><`||>)o3i)z!s%J~hIe?n!KNkz&z;$J;6eac
zQr$^aHO5G<N6mh;==8x0KJOD9931piyb1vH&AWFx#K_s`)#B;o?a6v$BO?PWyzQKN
z0+5HLdoKQxtZ=cJQsjoUs;cTRn3dE}2z?+cBO?=siz#Wz{8h;3b9SYDCGh)X=`}`_
zFj4B$=(60$nbY-?j99`|+6y{Q+=6i$CB|Ljf9g&>oIpJ801SXH+g9Hn1jqvdfi#Jc
zs!%AvuiU)6uwQdp2^_gRyh?G$i0#gEWUPh|yT%{a#@RzF2^kqIpk8y>S*}}m5+`$_
zZ%`1nrKRXPG)lmaR^&}p)t6dn+Yk5jM7idBcwNfhzI~c;?M^r;s4;A9Sfn9vYBb1%
z7+IVwge(9YzIRH&e?qLoF|yA6?;So(wnZxi5OLU7uh2h#-fIXUo2dzk7n&%>9q((5
zJEKl_dxc;J?&Mi@>z9^!=O(5)e_|O2vgA!6{EfGsvjYEnl0PsxGIclEgHTvMRh&)<
z+loOtsueudWRx+N8v$p8LQFh7ZeqOLNXi-|S(?I{Ha3?Rzhx}u+1+>hn!?E_!l4aN
zJbLp(BP0EjHUPf%n7;&=8aF3Cc>J3C;uJY<Gd4CxQxmaj2Cw2NyPL7lbxBT_QA@Sh
z8(4+qnsPc5x0tKL6`f=@FCxyl94^6}_B2KJhEvQx^>y|2Ve8m@#qcEqK+(P-A-!P&
zLuwQg{%hB&-n=QrViN%YvpEx^*Ip&3^e$T4+A2oxd7dI+-O230MXOlIg2iG@iomHN
zI!W?TTlP`g)4*woTuHOEwfzR{^pBYb<l=!ylz|3Jo9a3@RYT3mq2gtV9bUY+b5<y`
zJJBXWc^@y23NFw_kHnY*v53e>5wxqYrZC5M)?Wb5u%3hpQ<DODG=NdXklD8BFo|1*
zCiKL}h_u1p*;R;Huq0}08ljp|;RoQf!mkNutXL=tBw%k}aIF_eum!jJsAaPSkZeK)
zC#0wa5fwE$KCTDi=>iW<7gdsX@QDv3ZdF+`_lEsCIcq-lQoIV_FLRNDkq#s+y`_Nd
zU#%n?pY57FKdZ_V>}{ou;)Oy<Z=|Z$e&0ivjb`c_^;wy#>&3)C0Y(gAnPF`s9!Cqi
zOC<4x@5>pz5alBk<VD13qexK&kke$43y5b!IZWk1OQqvS?BNRK2qY&5b3?hTH-3JP
z2=m0l3ZEI&2A@yR5Z1xf9mkS@pK|l_DPOtG<=wgxkj|9zOK0aA!!@AYzkEOCL}xKX
z<|xJAI+N_)Is6oN5(W4dtw~dYCwded>6ei|SZq-!a+Tu?_?%0};9_XN29u-sikEmA
zd8e|xoUW5h-s~TQah+|WTZU7tOR~hk_s@{r{|sf@B*44zxk^ZVj~@B-lA19LyBrF;
z9}#ARtmYUq4SuUp@{XaTo8035xKzx(UlS$b&8||qFc#X640ZRTzl`R%jJDVjmomHR
zFE;mID+B&t$+4PHX&q=!KI}b{L`Ju$f3TQWw`TnPZzXdCTQoWOy`;5V1QcI1hI(eY
JIBnPX{{b&4%ZdO1

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/elastic-security-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/elastic-security-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..30352fe3b7be6d63b6f261aa7c94ab88cbfc46f6
GIT binary patch
literal 3567
zcmb_fc_0)1`=2Ok=3Fdyt_YhPCB~$QX=~;Pm3t$(b40G3g`BzODn|?<e2}w4Ol~bU
zxjvalD9l8TefRz6_t)>w?;p?mdEU?SzW#VUujl<Fn%^)1of10*002NJQ=|o32e8GD
z=LCCHqhd|j>ZG5k9os3Q@L%CTS;%j&o!o&aj4}7(Nj}kYIwnqbA?*FBDC8BZkizw%
zP(O)@qDOD3vjLvv8Q03rpmOl2N$2bR+!_}RTzF{`OMGkhy=nM*t9zDJ_^a#CDNYzm
zes17b#Un2@XOzWR)nKQ@wzC&$5Z*o-tv~l2WV-R!nc3o|v_sc5j;Rx|HWw$$-bPtb
zW+}g!``ckAf40LuG^zp%P-y~2N{+#bUW$C{&!kl;AOGQGcADV0DwBE&(G;zz4tLQN
zD>35+&YkdHEzBLLXo_b3jjgO_9z?|ztIUBa?KiW<0mZ0-Q4`sW7xXcc!s;5$x_oPJ
zb|)MG&0Q@dj4UOWRR64;EIj9}jbXfU?_V0)Q$+;Rl>}SRiLVJ}acY*bUPK}1!7QHJ
z6-b(f!iOB?|3#>z=qMc(=V9csmK-(uon!dI=H6wpsRBhTsTARNshsj6GSzIE2CVrB
zii+0=yMW$OmMYIo^mx}VQ*Qa9x)L#`!I7cwaBMMCnTsSw>Z>B0x^TqsCuR<PlObEv
z0GY-Wemb}su`AfvEr0y2M+AuNEVm&Qn`(|qH&Z+U3=|>cYkmuVPz9=F8?yHF)g`h^
zmmi*2Y#tKS?^)%<#R=q{DLT3;`II-sEv(AODPJ+aVq7;uH(*d!DgQjP-1^xqH`Str
zdHyxI98?)Zv6Gs*8lU0>d7%VpkEZ@ETPW@*DHph`LQNxn(FhtWJx6?@QiRleUtlKi
zBl$c2XM1X<S&2ll)f78?{9h~ZOj1%({8ij|A)k8In%`AH5+B*dNWTA~)@90$d1m6P
z#dMG8mrAxiq6^7S8UR;K;s(l}%%RjM$IydDwl`Z+c)3wF*>dRBZQMP(7w!VgCP4*D
z!<b*=<vCR+ugq;;DDx;46;W>q=OCK$WQ-%a{(cEE?Gt1+ncK`9H(<35ZrkB4233RG
z?ZkMWwV+igNS-V06`A9!P=(8tC*usuKjU2?rsvLHNKk?rx9!{}U5XUP*&%-UjN{!b
z{<t0H_tk#4_BxZ)=zUip4NyWV7prjL0tz%+j<uIUZtkR}-|dDFA^|V!j^n0fhe11Z
z^gSYga=3SJH9`|{=qD{+))fK<4r`6aa%ceE=#mCzG7?7P5>E)Nr6LLGB@yt`&m1ZM
zBBJpdo?`rMaQOW6CtS}v5D(?!`603+*pPG{oD)7ZrC)=7NF)=p9s3d5S`;xQd=S-n
zPV6axj=iJ~q7RPDUA`hl1PJC9_*zeXUW7S$W6#wi!&cCWsm;VKx$GhOkcw)Bw!mWM
zU6?Q5HGh?<N`)k@OD7C~%7kMiqt|e-bEwh>Cq)LqeYsGkb_i?nBc0*Ao!GBE_BYA(
z|1!kINYAjyepX`ThkS;qOP*qav$?%J%HRJ2H@{S=4y3%a^x)};x19)kDk~yh-W;^E
z{C8w7;x}b>HnzGNT~k}p*}3-gvw`FaI-#XSpX=D(mr1MV*;)qt!si)n%MJ_QOd?}P
zmtVeCfA`}D<iSiZFes?`Rj2Q1l{$yMKi&K5qY>Rm+4m;g{KC+ag1jP|J9^Von?BPX
z1hIto9eQ8iu%cPA7u8K=i(hni=X9`^I;?E4#^{X@&1auBzI=7}@X5d7jnNL<X`u&q
zR8`gGj|JW!#|?mu&PqVP!B_|4s&{mrH#C%iPaNxHy??ADA(o$mfl8%OCT5eXm9laY
z{5xg=$g&Hi4ID|yvEar1P*;YC)ZT<|n_KVcJ3+nQ!@b9kLGStuycA98djjGWQc{wU
z;QQVpokHGQcl9)N*Ek5Ai1_Fd3-4Y+8PK90<>yyH60VRlZm3dR2C_6H$O+IYtEA$&
zNL5PtKUy(^-|_fBFlJ)op}xEj>hlUXv>TpT1<oO4m{sCV$9MedWV4;Lepkf7u4B|S
z<51;!*4zWYM##)=xPj`R3my*!@_-ky_;F5QsOG*66_oJUWaD9HNSBnB+J2`wMeFkl
z@2bO8e*&mp?vZgabZI~ZT3J(5ppAtaySu|M7|;-L;zMeYH!mMwLnuQ8E_Erx@8tUW
zzK0jdm35S6+qHz^3ktNbvg*fB>z$4c+6;pgI${htq}N#K{QMI5zNaUS_M}-kPOqN?
z>JBHv>fNVXBxSe)+*)6+HC_jVEKP|{H3sReSS4K!aJ$dIP#N2rFaf^Dw!wQAbD{2f
zdegxSrg%Mp9M(bW@`NSgGn1DbOyN@GWo9Yql>TfN-a^?SijMiaUq-6#8@}X-Rjg&~
zS3Z9!4_^4{Sy$L!%B}c@vs~$vtE=lP2L>2n$JCT^Je2Q|lWSvzTU#fR=@Rgeyy}5d
z>;m&P?7o`byr(POv!3xdNSstvB~L_asOunKlXzMO*)UHp{U95>K1UWWXjRwI`54RE
zQ<s*64}DeuCX$8Whcn4-r`N(AU=QXZftCY<yREE{bm@Z)6ZqDk$;$7v&86G7LpPTB
zg_U^B9c~UB^20xR)_X7Y=1wx+V)d_w+9^*=ScZO|z(^R(ykEN1`r7l41K{iY{HXM#
zx0B!9yq1<(_|C5I_V!Lm_4#_A@FM;FuP5V^HXrJTL>N@usQvKGZ)3lCv>|9Um@hmq
z9aAs|_q=}V#$Eg^kvD}<Xs4eDh)LmzkJ)7$1QPY%k!u=ra<hd}`UH|*yhU8YVx>VK
zCYU?<ht6l?)k5M>0d=6{s$?f~NAFG}UhsN%%cHLSuQ=;$Tdzkwk|w)L_N@W4%{Km&
z6zT;Hc%dgyZLrj30DSXs*D<8tTXc2Ocd>2Rv4TWOud9>V0&Z>YbuR8RNJ_9}Q=3cs
zJ6%{;SN*7+VLcwMW82%?LWyyoemwN~hQm<I!N;Rzvdx<AehdF~drwY+FNI}y$mP@e
zn5Z_Km78l}Y2W*bC@OF&p4Jj^uHJ`+M4@<E$-^IxGZY(X0ca9>b_{0~-<P1fG*T4n
zkuU#@oi|zu&i~$Tr?m&^@gugBa_!q8_0;RS*|JjDF`DhDW7IN?#ztY9!H(WSqI|Nb
z1NuDC&B-bKOT)zh^~QP$9Z9hU8bD62Y@5k+2kzw!A!R>(buX?YslPi24Nz85AyCA9
zFX#q?)5s~ZVA%{IGc%)uakWchW40!~Sm|*Z;P4P<QKe;)8i=!n7z&<}lq}lbVQR9W
zbv}E<p{9=hXE`HxS&oQy$ydx_Zu+JsBqX5ZGqZAy^B&+-{vdV*UJ?X-IwOx8JbxgY
ztk0&b?KiWwIlaQzy6+R90*H8W(?T^NE62Eh^bh_1<#CYY<EwH~SfMm&1p%dZTA<0=
zu<Z5UEjT;eHFaC$3z_HexBO}3VIZtl4hG|YPK~9k$gml3VNbN-C_81FX)@Iu1_LpJ
zW*86VO>kh|o`1VqX8&o8dN=tXSRD>Wch8Sz_5#hd<Gp|XT3oN4-q>f*nktLJj*hrh
z?c4JnM{cS_?yZs`QfFS)G$mUj+S301y){`s-w!+5r>@OM0dfbUdrH0qcZ>%e<{^Rg
z)MuVI&R1qN`BU5+9){{u?ZZyj);1}_RC?*m*CFG*!gh;v^WR;6=EBZ)ECo6`!rm{K
zLoFS5@zpYSER2i^morTBOm&bE5o!d2;3-ZHF|nU-{6<s{LJblgU%Ts5{613wm}k%x
z&4v&!C~a(Fwug`lb>3^de)2>zso>^Sc*e)oAPU@7w<J>lqbcTb?;g_Hy1gUpzlR(x
zrXu=QhwHM}19kHrjNh4oiXM(DvG4KeV6F}oPZ-GyRdm<o-1U0YFkW^iYIb7C%cG*Y
zF{a8on-|1SAJaP87H_4@Xce`4X#Z$W9bF~#P7D(DYvS1pb`K3IZd#jL+eHf;tL%CI
zk4H1R#t<zWl1i&d)kfCV3Jz(HTkON0AV16m_Gq(U&O~%Vv~5<VAAaV3uZm6G9pzW9
zpqP@?wR_X32s$skSo5~wOrt8Aa_p5W;&$`>iRT16p0ka<UPQ(Ay0qH}JD%t|arPr9
zE0A2AJ+%RVv2IXRX&u$VXb^exD@uwNFe_`3lEyecojw~QBKibH%U`#M-dDsn2OIs^
zCZ$zXg3qMx5PsBo8;69}(y6(JsnG;NK^(Kbv(Hy5qHx-$i>OlnX6@;~j?QLCA^+Du
zpJy~YXS9K5KXUP7xT+ui<k&k0MB}pj<AWqHmH|C^o70GqrNrgESH;f3tWPU|=ePC?
z@9kH8Mr?NXBql#}ua^r`+YE`x0p=4C^-N2Ku3)%Av3umyorZAb!Cd>yj?4F3UK5Hr
zM<(BFA=fGu|My?||F1{*h|<7@bJCU$7Mc#8hD}XsVT3k!-zb}VjlhI9kv?11!k<2Y
zlVW<l{rfKZkQ5wP+zP2kT#Z9%r#>t2=IS5za1Dr*i_@uUKW+4c#d)pb6NIzl3Xa{Z
O0Z_&_kab2*G5-OX|IkGM

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ibm-qradar-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/ibm-qradar-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..47a6790a6fc8938c59d9faf565bf5b9a5d7431bf
GIT binary patch
literal 7354
zcma)BS2$c<xE4eZ1ks7!M(@!@??e!y_cnSLqqi{8M{mLCM(-_pXY}5?=tLLJ{Li^O
zH|JvQ_3ZCv@Ad7se9wL(KdZ@OW0GMaAt7NaD#(06>~{YxbTq_Oi>5aPv0*qXd~-uW
zB4YS&y;A%_e~u`=aaUB8eY1msL(GBmjl`=M35nvHqKu@Lcjif!ue+g+-@b%z&b;5z
zAEjjbp_(1*Ou<Oi%s4OVclgE9=x{Y#Wo2cN9;5=^+JkbnA`}88>lQ1IVXmiFn&Etw
z%mh+W2?@mXG?CkaocJQuA6S#whra9Uw44nHS)bi+57!W``WCPXS;$-)DgzgV_mAgq
zkJq1{{T~}+L+A8rqh8KTk&o9KZ()uDEJT4m4^%0}KG*t-G1@a-&wjq~P9Ah$s|CyP
z>!qrcW-z;0G+0r~WMH`ezk<nJ%lY*{__x#KJO|7Q3C{7k8|p-%lvd+R=t1c&;Y0Z4
ze7`-%F;;cO5RHklOwwZwLr$xasBGcJM}r7+4FAU{Pvp6+wL|yG{k0Uvv~k~PZF*`v
zf%}8y<x-;x#hHM67YVyGl|E!N7#<jQBH2I15pdm!G-MF+p%_IPGdLN_Zgr8n3cQ<O
zfVnpcF6^yHsuGGm@5Lu#sU(wC^gx2Mj_8h0V@w9^D!UBYL{oRKZnJHga-=$M>T~-e
zmnOEVRtz8F9B^H*kdO<Zyr;O>BqJ=fWT1lPqdv_x!MIKMt^G#cIQmvOcRkk7QmUax
z13TKg4&lCv3iN*DL?zp?vL2yy={@`hfbP7-d`D^h+~e&@R%4Gyoc+^@FP#eD$7@y#
zLc>0-wVvzsHUjKdGRSDEk|;hznwIL^hUY2vo;?kcq84m|`H(p%rg)m!Hse>MWEx%l
zu=0P8H*?t<*9#7)Me9-nkn%{~CmtSK&}+<S2r__$mj#b##K?_*CNqg_f{b>Yly!>v
zPdgfaWXo-V;$NPKSpj;dW!zlW%{Y$lqAq;0Ln2;gd6aC@&a-<Yz&wH1^ZSwcfSQ8-
z^}o|LIB5p0{4ow+sm5!{ygMX%6iVBmm#=ZL(^o)}ZnH=Hkq;pOf>C;V<RouNo=z&A
z3RyR~_zd@I*CjmF`eeiw!Z&U!4M$Se=X<o)wk6g)GM_C|uVNT8n4T?|V0dMJt}lL$
zSa*2+?1<b-7$)w#@j&!G3Jq(9Ck<1izZ{vjfZCqC={J=0^@PaRUmGk~H0VnS#kKB@
z+&VWxJPG@y?A1a?>$ak9qN=&aoXt2iEZdq_-`TlcYy^KpG2!7fuTQwa-h<Es7PJJ0
zwvQSrZFrK(HR7AU_^}wlkha~~c1F8N{OaODK>w5_W9>*SQ4C;lg(&s*vBhjFIA)@4
z9RLGz3`zxl`n+q2LT#ehQ2&OU<$ZBkT^-uk)>2(FOmCI%I9Ll9JvBjAZI|As=TIiV
z3(RHIm_5JB2Nb#)X-Arp2eW=0u(ADBon7gZ_fdNq{1Ivb@52}+vnYt7RR5r=QNgY3
zpy|9@_{ZTgX>V~mn)6viSjyh^?YK`64)*@R2TnFUZA@xPf#&D7ySyWZAH|%j5}hL<
z&82wYy|^JSiRyNmyvvF$&eOB~-7bUKBT0Q%_eV<^JHc3##DW&&0x>H$co9eOQei^T
z{Zf99=(&>X<jLzMkmk>`mrc*~;G|qu2%&LXKwu7Kx}H1f7j#e0uyxTqRNg)4a0VS&
zYQJ>~Q&{n#1iFmjzS&&eY||QPBQc+Rbi>2BbM|4IgtAsZO>cZWNP73j!)ocX3Olz3
zHj^45@cV5zfxEzR=pW{kkKH=yT^1#ty`MT8ZcJ45job-ChVcCfJxYUq&>h-)mWo%_
zS$UVX(XW@b_R$DV!?n81*-iw?<4}^JMIIf_#o;YxdEZfvh*u7vJW$=QX)z3oUu5ao
z_Iv=SS!3f;ss>e~x)bz7HZ~+Fq2YGkH!|T`9WANODnqharh2qs&Z%pD&Kv7Aj!b<f
zUCf0AvSQ`DeW1~YA?|e76s>{NQ>BgDjUiCaB+)CrFcpq<62rf|*m&1{j}JbU%sTvL
zc<<6dkK4;Ok!&582}O5LeoWq$HuvJoiwkkicXMa<WxlaTz~=!v>8HQv?z2Z^RrE7k
z8`JY%xK;GVzV5}P0iJpUU&&bk8{Okv68HIUj~XuQ`DC;frwI(T>n{@u&dITaZTt#H
z-NNd*!JKPzhO<uTnje$CX_q--ue8;My}@C;D0ROZ_cLE8q}KeqA01(f&Y?@Z)muV)
z$P(`kVEN~WiX9pGJcJ+SdfhkA$MOi+M57(Zp2AX10wy;T$e^IXG~N!BQw?7vS+SiY
zRG52aNHHD;8_xm+pv8w=;IugHMNNJ>Zpr0et(Gpp9sJ%<P2TJdh^mlgREs6YYp_EE
z&Fc>?86FqH86KTWg}e3J2GKgwG9Luf%9;UI8No0I$*tV}-v4l*eN{zZ!=iC|jX~}k
zbfT+n`@k5bVo?glz&<vhlCvF)kC)QE(!nkyaA%;9YJhsReV*=>ML{F3e8*X;ViQ*^
z@!}#;iL+m-cB|XDbLMYN-r7nB=BPXdJWq=az!j11`1ELrjGJH?8RN0@3?tY40sl6r
zW81&#tE^lNeLx@%bop|Vpa<nq4Q21RU)I+kdp;jGn(DiUW6&&2;_VIOw3ujEN`=S}
z8pu}g1zez3VQJ4^l)oupwX{;+S5w&;Vd!vwLCR7U5NWmh%~uqr0&C&l0IGuI<klZu
zJv1)lj{mqG*kVkG7!@ym{NLW=T@QTpj4Q{3c&JFik;jkPtl5Ts|F#uN-1p|4guIQY
zvzI>ioiE=t6e)F@dF9T)q7fZ%TXAjB3bWNHy=l9lp8O@Lt{nK=+t^F{kfRtH&L14E
zwa&6e##jDeL^>SLey`ng-vC&gB1*;n%7K<$Da4ar3HS^pKzP{9%ANwT-}eDb2++G=
zj3#l+L6Xh<`Kn`zB7>PH4fY|eshC$q(1beh!aePI=!@zVQ(%l$M1|EG8W!%(`2n!@
zGNTLw#$NaMM@5yVeP0%{yd?p7&550WfO2kbjZ1=n@3$B@*gETb=(=d|e~TQWWI=23
zhdcq!`;+N!|HZ^`d4ZnVO05dp0#lKi9uq~Hoc%~>OlXfTBSm88u(r_HhKSdeRp(Fn
zk=n$K$`=KM=on9ZYI{SESci?S2W1wgv90I6=Ao1phVny8TS<%R`ma64_SMyr6bRe?
z90gU3mg>RnQWL{wXOB(D@@f>n?Z)p_byZaGM&>B#3|D;ZARue(;!=~A@q2h!GNU!Y
z5TGXm%Pog*#5x|ArvXhA_6nGCqWST_@ZXKCRwT?eiou@O`>N9C7iIIV+xPW-GS;=c
zN2&e6i~*1Fs#q#XWgVhN84hzfgwg8=dUrdJGq;qPZ5d<ziHf|aYqfD|BZ3w~e<C2u
zpdLT`IKokjCzuQcm;?sePcj)hj;_?njr#C@Z`sgfh7)R;%HzB26^arY%C<~+2Z-2(
z*4g1-=Q>er)lcrqVo_*bHtV<CjbeYGkkH<_sr)^xl|P`79K<Tn*K~E;kUt4}ikbI*
z(EUCMx7)~t8}*J?3}*hV3i$4rS@~pPGG|KId1l<2Eb&<HD0P!YZY-X*ZT_;aAU)s|
ziu?2VmbKKVOc6qWEd9gswMv0#qPVB9L|!~W$!=#{5-j`&-B2<JHG0;N75*ef%y5S=
z2S{5~xtGe2NMqkVEKK>(sa+q4f8CrhpU9#`i~|k>^p#gm5Y^vbo`_*bs3l_#5VZN3
zV@YEoj*&(#e7A8r7e0KTBzQHbM_hY9{OD_iGGwY>(<&l-)^VDQWZcnSl-u6$9a0e$
zNf_8-)_s-Yo1BjrS*#S`ckE7u5Zpk>74K*MUl7N;i4XwL`uU+WAs0B)B!8%s6@AmF
zNAUVjY6tN7fg$GSUW!K{vx(yKUorB#?F?Zd(R6G03n<LO(RPR)EGfUT`P<)wuF)tn
zHNW$VPwe{B9A5SxRrVG(Y|&>b&l;e#g;7QG)cK|pg_TW9?`lq4V9Xup#U;QvJ@$Du
zKKy|-)a0Q|N4x!NA~OvtevncB66boHEi?IOqY+zr4<l6@Gzq@8peVmmp%-BgoLc-E
zu;Eo{Z_Q`Oh*y!l0T85PCIT}=MlO3ca4o%ut#7?HAq##h!eT~?$8$ee036K8Z)c)m
zK{afwk6c~F3vSSu))GqIF(mF?tQ!m+n6`=5<tM%)ACKJzL~Cx>fqWCk<T(tbb6>5)
zC^h)|WEST~#O>LO7tW_6sk8O`)2vh2Wp)pWAobJfxiyLhz}55qLd(HYd3&{#Z=BnD
zw$Vjo66{~t0Yw$5RngOlw=18b+>H0kXi!t7W>z@9*`-}mhyB9;EAi2z!oS%v%p|Fp
zFxV|_wc<jX)Hp?>WecW^g=I@uV7UKzl!dGdKXR(cKSrxMXXpvffD>G#d_bCqiZ3m!
zD;JtPA+Xh@nkt80EgY2cGd$AuA4PuJei{o!&vh;H?$;N}u$<fjwFK68ya_(p-p=oj
z@>0x5P1i6btEZ}M^7x|cU4C>OG7YxAXZ8~YadJUJXzW9aM@eAXeFUYheQc%l+eYas
zE^*_9KpRZ^Pe0sVRH4R}Y*EZGKgO#F(oBDRI6Qw+!E`f~8$b6%=D2>r>irjzz)!%~
zgd9d4N^_O~NN|RXZ3@UIb9?B`!4Jc(^ua!bi#;l&NA0d)x`Ijit4eOJYr*VN(0#8!
zUY$HA4W95j09Mo*Ux}IVZp)m4>6WgGp475p=s2DBfjQq5vL$Eq5iyC9STrsgu$y>n
zyjy!_AXsKsi4IFeM*;uSpkqFh3vbM#OatGj_l+gyX~{R5SJruI$yihP9f2}7<akAi
zK_vr&$>A4Tk%`mlcwFy$kqw=`%=_1WPGL4qBFTIf$~H#glk~;b*K_KL6L`OfqGIt5
zzbf4pd`xd&DLbqb_yw3_-~&07qC&J<kx;#g<{3wT(J|NQlF4Eu|E^T#Wk!8*?dC|g
z|0y=M+>GPTQkKOt^Wr5sS+r&7!ptS53aN>xTVP4|k$c~|r23XsI<gp~jR5hWpO!}S
zh7{B`4HK)N_eW+a8tz30%HludYD;!kb>+~b^L7eSN2#7IuRUb*88wuAe_CbdV6b2=
z(YB(eV$>Aied*h_cU+X7IkaF|S6<)w@5Mj=Ed=<ICfv^pW`lkp&Wr2OvM}+4V;~{_
zGLuijqhNi^5*o*R!kgevq|SZ<Hh4++JpI>Fxrd+~@X0)bdnrHVSKYv8JI)M!r#^_J
z+!Q>4<)$|GJ_{B0H8jo!_Ib&&#W{0w^eR(9yt^>jt5%>T197)AOve||z?0yUoRHG3
zV_8#Ria_b_UdKw&nM{q6Ef+PXGlAFN<GSgMDd{Meep-eyHzh)qL+ow+I8A*&_}mgO
zCB!-(&q(mb`-OQs^OC=B+;|XDQ<IPtZ6XD*sTJPPhDs_QfROmar|;+YXDgFRAM+u?
z*7}U#pt%Q?e@<P-y)fQ<IqO+{+9qrotb}_b;cXq7xJ(r>MfEL4Ho9Kj8)D|&Da!WH
zJdwW7e{81;UI{cFn>rkSk(-9+*D2FBMQh&oFdG)~*M!9X^{<<Qj)Y`p{nBRHAtk5O
zb^a8b%eARXF@Rx`I+q}RRjW(SBsXX|Wdp;I&rm40l^-_Fo;FG>p8C0nBDvrwk0k4a
z85vZhL^9PSkmp?*2tc8y72yt5ojL5~>84N@AC$R48q0O~8A+^2_-KpiXh!RWt4>&L
zK_ZQIuJvjjzR5}~y%cC=ae(UOfBlwOJHSgzNs*ptKcUQVYna@z4+nLfuO=IG;D{rB
zOW$$k(zRT%<M;d8$p!gZBHo!pWBPBi|1R@Sz=u#i4ZShB?j+Ah;Um`Z3K7}f(_Y*n
zO_$fEzU(oJDqUH<aRO2#2rL%5BS|ifP=|Kn^4_D7featr?88k>(uoTBugvunY=6};
zie>E#MFjL}zFQC3=Q#1LV131JJ(KnccpZ(YsfA`3b?@^!iQP34SFR6a8~tfCS%`c;
z!|$^ur;zyogU<A1t)+m544`k&get;#NxfOC`&QKdVl+Rq@rq~e*50rf&Wg_;$zzFV
z!?_0rj4-?|j+eI+f+H&tCik8zV=!sJd9?5wvZ!|V6`1c$qs9#{^9g><GV>$pCv)<o
z9>=2FO58lh6{o8kaPvV8Fup&HUlJ&*>Bg%5ax5;|s6vynJ2N;WB$Gw-LFpc%EQ^c0
zjG<*j3y62^kklBK2ZWv7CqXQxb)DI#lyd8&?xS3rf6S3B<Cu{2XMV4nvw=-0g_txL
z6o4Scimd`CXzwrtt*|N$J^^LB#AJI9sV#J#DS~KFY<BY@V9U^|F%mK{5lM>LNOs^_
z1OXa~W-MK(V(*~|{Xe!Zx~V)rDh))niy=(*DvPP@#8R%$6(c^+LlGA%JWBUX)@dEC
zC7nUmIXk=70poY))D`*|L21dVBk3LnPd7(Rf0r`2VZ11sEPFneT~sdTVeLD$04U$#
z!P=-uz)26Y_CILueoNbBx8~DU+5ia^*)Ofqze9EQ_^=ZL_d|XI&(+rIETjUnpvT|0
zsyx$*DkFRS%i>Xx;GEURSge~5x%GZxId>~MrE{8z#Z~Pw20j!MDugk34f9h32Q-?(
zikc>L4wG3s!}-0)tEjN#=8zxMCjCRn;X_ICHW&_Xun)J8Ov^q<FVWY^Pw3Ia$z)xF
zcdc<So7t4g7K1S4S#!Pt_S{6zdz{=hnwch?aOpdYO}wjOtK(lW%Bi~^IXwYGaS7fE
zbzJ>^PDo^m$@cI{+phdzVX;A?8p&@X*2o5Dzv_I~F{b=THE_GfsF(Z?IiE?Li<@U~
za06rQrCL1~6ubF6uc-FZY!OHLU%Tit{6&T%Q3_qdD;lP#rTHr(^7s{B`e8S>u$c~S
z!!k)`q=2B6y{Fua)Pm7S13y*fMNT%diQkhQ<c0)JiNwN7N4fH)G1E>#UG;K??)Eds
z*QJS-ss5IVXe0{1T_2o(W>k8B?s$^<_WhpB-$y49uxz&fUvZ<AM@<lXd)D}PyX6-2
zLxF7^9&m{g{@@!FmEPujJ6pc)O<7W++4gtT{HKl!aSWATk~F7S$XT;s5cPcfqxA8D
zA7RIS&CA6b@6D2k3%{Ho^9Y5a!m2D@pRjEGy-DAfcqwr(E;18tHy1DfRx6;<g>afq
zZ68d>gc1-Z`{qfV{JLC)sM5?Ky?vvmQ{z{3#R;W20Cpk(I{`gQzSE9IlPvFm(fX7-
z673JXIO6R7jsNq;JL{t<z4#I6#R|TX_FQR(;|qH_KJasgIwQZTXf;~2RZro`amPdd
zFg0J7M<XaO1TGe-&ykx{Xu!6GHk`EhQM#8OQ9g3KN1EcAAZsuNk*?oA7=K|I7vmHV
zm{Dh2lM*B|@7cRr^t)CS>{1H!nJ1jT`U6%^9D$x25LX&xOGD<;zm#;&eMoU0c@vOQ
z=$&^;dLX=?&$g7;N}?tfBF7E+p04YR(twwN_X<2VSvGhLgEb;#;zBEadnjU}I8ChN
zZFTg+z@1wf-~I85v`x{Q*&6$`=KUUbr)Cq+$&RfDF$53Tll&D>diX93QdC%mHdAi5
zn@_*(GRvVo3|jLhz2auCX!3_=)|b^<zjZijA^CHbwY_ZU(?hxT9OI?)hZ_s4r}I{{
z<`D1@L-9*Xba`u(K@we(es1(p;>I?3^C0-yc-0~1=3qH>kP>=q4Y;?B$$G%hpI?#d
zRN{je(uX0OqDNC!jh?FOx+ZDZGO&J9S@*|zGCvSQZrr{9)~}FhfO)6JJ9{KV;>j1v
z*L*$&<ibL+B_X&ZMT=>dJ1gVl5%$isw<2pa=)P(b0!Gh8?ere7U0lq0B6l@&#z4@H
zJ~~=@SG^mj9p++>3KNxP`tEbG@%AUyO}wJ&*v$60e&d?%-s@HlCW1(gg#g_^W=*t1
z#Wt{c(P_^-$KoYdd(o+-@(7IAR{_kRy#3(wP~<Py;*A{L9VZ|*_R%!sZ2<Qb!jCKm
zPRru^ZPWDe@DX1+MM3T77Z#$0+k=1h;sH#XHt*>|{GJYCDigBRwjPc8P~Y^(Y_sz<
zHn<(1k65E=xFzSk*Y&*q&1?DXDnLR=y!&0p^+$xiS{-4aO3P%VV+^E|kP3>!4YI@I
z5|SHmh(yBQo}LT5ZaK7RiOQWZg4`fxJ0ZRsLxIK>r9sE6YnYv+trMfp7LAe-W`Q5H
z$|m+W576YIfn9I^h6y)wTYgb35X{*cQ$*Q8KF^-0$dIO{W}-)=F8-G;;k|iaVS8=H
zvj0`0Oa?wlxFSc!UWWY34wi=0XsPUkin`jbx^8dj2}U0~`>&?Rci98dUaMWbgVY^o
zlWUV>*#XxW_`o?+612qk`JglM7Z{_)CvAy}z4o`O)S;64?o1!5N8-DsfH^fOdk4LS
z6r{hw2&!62gj5dOoaEQXRt`hjv8KbszcZa~9`vpftO6i6EI{KOv$;MF<FBq@NWv*h
z#A+UY{fc?d4dG*Q>e-(FR3n~E4~C7?Ym3tKL`=AtbkI(b5qd?y;ZhxTPkCKIDtzj3
z80<!1B#^izb5`aC?a=3lPZth5^Cdxu_Qy3PYxq~%YQZjNg7vGtnOXxjJ1CavH05fv
zc|U2YKNg&GqlC73ip%d5wGhih!J6@H3BJp@HikN(#!}XPz|JbhL&Cf9XJgEeio5H#
zQBfahmu5soI)`tq|HUn)LeF@`gpAU}3KhjOHgj8_DR<!>Mj^TAV)~xW$Acp_FrR}8
zk*Z821jU?37${p`9tkcN(<ebN!n7HJ>?2xSg3E7+F~@>|%r&O!KxZjVU@RAg3L}!^
z<>WFv=+Th{X?N>@Us_d^S}meN-29meWUY_w5P!Lp;ykV7?kW4ED4B5c5FFM_+(vL|
zTB0>}Ti&?KC0K=tDV0PlGS1b?^I(zmVqA>M)MkUE50qRo<l^r>po1Z6=Ixj^>W;tc
z$vl26|4KJTT3P>1kzB;NU#ws3n)*8M4FaIhB1R#80WAzd4UOW8*0#mjxRdy9dW*)%
zRS=3pJXn$VO)3Xv(Q$!BOI~5JtC9}-Hk*$g#=(-BvuAvz<%k2*C;BBB@eDciu9+Q@
za8u`5)iZND*Uai%|I219KY1LJRH9txQ02<zv>whgrW{psJ%KO~4h=)rs(#Z+{!4hy
z>a8I{D26P*?9|xWFX#Fm;j{=iY%dN_bzZF~(XZDvZMOfG<VZBLsEU>1=!wj)G$CQ^
zat;M^v?o8CM<_Bdaj7Kk^rDZk1G(7AmoZHAZp!&}XGqxhwc4gAJ6N_K7KgJFI5?x3
z=~aWW)BZ6dwDB*M2w!W@O0_9(_1>IMNBE^5+G9){TpRSuMl(1DJL8ptI@4jmKip>0
zmk|uqZ;c%hdvo<z?`||W_Ts00A?W3;%n)7zF>?i_c6H1%6S<<({19MR@LrQ8xca6R
zjgt#eFK<q&Kl(@;MxB_Q_xl!iag<LFNWr9_FaMF<0hmTXMU#;&r4+I^=ZWudbZ{mn
z)2#JLA><|o8zC#4g5roE$nYPiOQ{nPv+2a@loR~_GPVB`!*R8`)d#GvHP(D6(?xoD
Zmsi{W&Z`cL2pN%(6lK+9Dx^$;{|9UBX0HGM

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/sentinel-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/sentinel-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..f48e0a6b9cff09dfab26d701404c345d0ce01a7e
GIT binary patch
literal 4439
zcmV-d5vcBoP)<h;3K|Lk000e1NJLTq003|R003|Z1^@s6#^Cfz00009a7bBm000&x
z000&x0ZCFM@Bjb+2XskIMF->w4i^|S76?CY000p7Nkl<Zc%1EBd2AfldH=mRcJ|;N
zq(oApOiC0F9i}OZl1$f>RZEuI+L0Vvt}HnY+8S|-#Apj2KwBhEdL%%bI7Z>LNE{<5
zYS%!L#!8f=uq{`CFVQl6C{mhOibRPvb;UY)?ln8}`p4|-yqR5+d(7<aNc#hX(I=5_
zzBj*l-}}DreeVsSlv32-T5y$CpoY>=Bhclj5$JN%2y{7W1iBmoD-0bNtdt%#<ca>@
z8!*YjTt84l^&r;(tC>)jqeh_1Q6tdhs1fLL)ChDrY6Q9*Sz&}*aVe(a@c9&uTvU)y
zvKLq+o?yj%9;=&0)O$$<G;{{8CGbL2#j7Jpyn9y0yXR6kHKFAFyKNyJH?;`pZxOMj
z-Gli)_ZlMC5%|kbQg~`8iq}VzMYl0Jp<r}E!HY)|0DwPi_u%n<KUU6n-Q#c%f$<c@
zlS5H__m?r-+ul2p#NLr49`E<#(RF^?+jkPKAaKvI1peWzX<Uq{S^rn><q+@y0g)gq
z5!8D*@B|=)fKr;drYJBLS23QTm`+km$rNL8^IZAVP!vD>Fph6*3SvX6Sg!7sgsLWR
zTBi8&o74F3BXQHeiyY7r<j@x8Q72|QBou&NDWYF_0?hMqnCCNoZX!u>@`{3UQ^t#N
zdQ!z_emaha`+WG~Edl#GWizUlzyoJwJhE>RXC{q@%X2_?gMhXW2SNZ!b+V9=3%S;b
z1gn|_v_~k8UQ%$G8R6eP7{lOc8UOwVL9|Es3Os@QP<8Iti7N^o**A$DKN&ZX=NAcX
zZV}NM<Uj$aDr~#fc?i}n5U{FQfQRAg@c9&Oec=ke@lG_S`K|_3#R!~AQv7^4f!)7N
z;GHva*8jIhcy!kD+GqnnRef#)h>dcipF?<&2Zuh9F_AFl$8WtK#kby%;;t?U_b!ug
z`w~xCo=ZNc7=cGFrSRUl6ka`<oG~Qui3BU=@u>H5P}9#-yJ!#J30dTTbqhtDnN)Cc
zOhuAO3jFMN0zW&RKu99kwAh2Kof3MR1hmvu&X74m;IvFJk)Rk)XkOpwgo=}63P#2h
zoE%f|;l<RfzwZ|bmV|jU2M7ouP#JHsT-TN$kLCb}(FqkJW9B5mM1o?^u>|%U)8fcF
z55e{G1uTv5Xpivds^>A^&mrU?2ua$=b_%u<_;;^Q;gu7~qUH;Z0F8bQ3+p&Uyc_@u
z3X=9BD|01;U~!m3Q-H(i2?d`_t4QVO+EkKa=&X#Pv)SffM@K!62YY?^vm3kxKbzTL
z8-a(<r|`nB<8%KYgP@0?&ZEU|jeZ`4P!Oa?97vkN%3md(qO)E=M?J+<5*UxGn35?b
zlN3=ozrywtR}_40a2gM+^g^`JskM#3_s?a&eF2fcFB13!0-pd#0)dAo5II2LVEFU^
z%p*>dK&np;h!g=aZ4%S^Ps<vSu@oSy6e$%*sX$bwh^GvK<0*>YTukA{X8R1EZ7o?B
z0D7AQ1U+QNIfjBT-eCIbQrRZ}ev!-B&r5NNqs*M2Yo(+VIO4<vM9nnj%7|QR*9I?v
z#FGqhc5fwegg`wzLc!!DaqY??4<r=h+1Lrk;y_h%=0H^~TBg^sY<(^^!jS+)AAPDy
zEorN3Q)Y*q-2^&20@;j5ndOj|L&(cvBCcXQrk4Hwtju!e8UnR9k7itP!Yl*WDK~`#
zbT$fTYY-p_1Wm!2gRJwD3KA)b(aR|eUr6EnM9OjfK+MZs)aF^xxe>@DjA05HN|$?D
zBy=|!q~!~p+}3&l10BeadF*@&zdn<2Okb8V_jsX9S}N_2l`Qux6tTY3i?B^aNRmL%
z)g+>;NyPdN3HyiR_`kEVZTcFr0oRyNHRDRNX{qAm-bE5_?UZaIE*HW+4xhTgkM*4@
z-WpEeS7#Eo>2H26_Ui569GHFsN%7Z^mtaR<0L`KDt%!$x9Jb!z!@9*D{OI5`#^bc)
zez0cK?qy-eUTKxmOeTgFA$K(icxWJ4R`OUhhj=_R5JY#AP?Y|x%);(D(6KlWAW$hX
ze+rSeEcfBQz5u*A3YN+Vuc%poEz5lc>2H-?=fnV-7s|}%nGD5T@~3<KxbeE`DOmu3
z{&oqHNbu8NMGNkaHEK|8X3*g{F#UI`P3&{YcUK{KI&{7E9FFGQpIjlIi{`*|IKh~c
z+2m>*c~;zbod=)p^&_ADu(HXCal;&_LuDrP+2q^0yja~@-Q?+5-Ri+@U0PX0zWrn2
z4krfeL{6c<k-6mNAcu|J_ST6wjg8%2GzWR)(?9E+=bAVW(1UrBNvq|O@9eQ>Gf7;g
z7`c?fk>AO<992L-a3!Xo-p7N2qQTE&#R3uS^8{PG+dF%F_}<%-bM{XQ>J8Y;pR<`5
zQ%y+@d7#6K_IahLFcwp>?`RAMPbFclu>n8`E>CN<Iwz6B`=^osrRZz*VDoYxA|+&Y
z+UE(lWvLf~C*qm@%+_BWt{H(8MAMed$}@6(fXD46n9jINvG2Dr44zEpY=1WSgV7{D
zI3;6XsRx^v`HCKqw|9H-n{zU*Oe?eBpMl+Bgkw&Oo{^a8I<QnK`oWzWSMcoMB=(<3
z%z2;LuKQ0U@a*6u&W-24yO)JmB<O4P%y}OcuJA%BsNq6eUFx*lSESc@Zd}1L`zLW`
zT$#1~eC0FaDxTS2Jc$EKr8)1%lIV_14AnY8fQ-hhytd5)UlF5ECod*bJ>g+$zuC`W
z<6;r37l>#JaR`V6QJLc72^9x_C*$>xWt@+yS^C6e;5+*#@rCt4EDRTxd-aI~Yuh|{
zZ!|e$f7z6bOPm;{6FH`YHEmK+t$zQ5X+&k3)t;9p_<WxaJ6GgxcX61<hE@@etOI^{
zB!OoR#t>JiNxzs(@%;~`@z|zN!FsJ}lknbXa+WF3pv@H~)QE$Sb&dEqbQE!zz^g~&
zI6JOnwYRK+$8+0)Gm>Y;&J_}#+ZM#K20lx_v*QY0JzCiI008KiFJwI0nfk56B?KCo
z2<x?_KobQ3SE4HR9*JeOw=}}x=`BID6}aTo7UJ>rmLQf!^oMS=yZ1;8@jUlCuxJVM
zIr|Hk&88~|q|nny`h-q0a!a`I(f97h$(-#yF%UplD$bJ)O9W301hVu~De%T{qTu#g
z!hFvDS_!jyrKQ3)0)3X^BHjBkTxw13Xe^w-*N?}t+WTyeujF%GR?Zjj*&eS+KMG*z
zqaw^`qnNY56y_1=;q6`Hw2i<Bb9|Lbt(`EgiwZQMm!m48a&~*W@|^SL!mbrkmY$cQ
z6qlogE&MD>kHDP$W*BVnRVjh>UZbgOGh$o|4IhRtq_W!SYu0wp+JWW(hrVV$OV8m8
zv+p9d!YAhLuhopQ&&dwhNT8V*MP+h=Feda^feykuA0<q`PbtO9BFyk?SlK9;+6RCG
z9~Cwa>ix3zSFucj4b@6ulVu;cLXAaTwnk+4;b>kY#$<}uj>mEAf^7PIn&V#f=uS-f
z9>0*nYscex>$>}JG-rRU+X3ye96D@!l^gvW8oV4X$F;dbRw#JE$jIn#=G!9)92ha)
z?o38y4%v9Kwf*#Vf+Obk_4~beD2g8)isq%C4r_m9hQaHCoXJ<PMRz+J>tAHN4=HNo
z{frVjd*llRIv8`|LR7U?KUQWBMd({#|M_dS61av@Fr~7cGWH1AAs@X|T;h2q9KEF2
zsvj$-m^pCG0{b(Uwi39OQBYBl<rvs?9Xy@P`*eu85S1wgPbVGGQ=!x}2d-UM?IUoZ
zXgd8isjw^aK&D2dL|LH(KlrflY)LNs;KMi+YOj8}EHj3pIl!T}smezn0dOA^U?){=
ziqFgmuup#WP%N`FR4mR%RXlqr?udRAFdfsibA=Z+`(6MX$c6s#a-&SbYDOst^g_E*
z<%xufue>>3lCEEQa~cy#)e-#^)oea@t+Xd|WQFYnb~o@?#h8kOqOWNh`{nGC-xy8e
z(S1_|XZTeLJi2cRZ;U2w)rXanjB!}AKqz>{BwskP8u8~h8pq<win%t#>e!SjzkD)*
z?LQvF{!=rbQ^w-0Q!=*ycnq(c%+B!GC0otsUog+ZZaA_ce^-};r{0ZXWK79)#>1!g
z3h4EcnT;T&%SSFMc<AK`+|nZAj!p^vE#^0VbV9+<*%V$LPT=jcDNvj5Z<P~F@Yf#U
zac8G9<`Zy;K#l-^xyFabe=!9>^Tzb!#gKVp?Ux77$QVo?80+B)`~nb7nMVW6zvhTO
zZ1Dc*I=>^%iw?)i3U{vX;<}*LJcTwVP)lc>l#>d@mAH0bYdP+x%Si>$xm*(Fv3;3y
zqYrR+a|?UwyR1;C`qE0Kfcol^RS?LGNA;yLoO<slfp>LDSj`-*sGBl#+;sKGtf}sA
z5phR{^E<8_KkWHmHr8e40F~;wL1x7oxGH2>rI~Ps0Ql$I>g;}$IpH{g*UuO5K#vjJ
z%PN~*)8`O(%c^R2T>kV1FS;Abb2vj;j$8lx^#LqlYGGst6W!&$s+2-z$XgQT@uh+C
zeetC%1o{Mm|M*l0Qo16GQZ3C!DZrNExlvB3hSw?aT0gB7dQPHjA3W%8;PFozj5kxE
z+J=AjjixS>^|BEiU;F()*-WR7vVO7Rf$P1vmx+tmw-*_Qz#TG$x!z^RatZgZEdN&V
zvVU^q$xU_WX*4hVQfMwYd#p+|%M|8PiJnFQU*A|BuhWXM6X@Xyp5Ge6JfD%JQPK~C
zQh=oA7E+}$KuqM#^Kp27YsmJB>wHm>kNz|TI6S}2*v6G1k)(rTJ=0NzGF#^<@dW?1
zErceUO9cx-#qPYSNx*+@4MBf#ts{{=<*!;~g_*N?0(|$5pd)1xg`lF}58S-OgQvFy
zGqO%1(d#ss&61Ur^^wOqF;8y^VsjOIhOXitfV{g~!av?>gcqzi1%+{pafM_Mk~xK5
z#}{u2;O=f`R~hm}#R&v}&#m&|i2*Z-YQ~&W;~y&^tCo@X*iC*s+~?d1d!eWb0s-Lj
zt9|(D2E!GnFoI<5V#HzPk+nFFCGUxW03N%kx;|506`x?$@nEkO2!HuaZ6%*Vdx)Iw
z4Z<9kIVoEg@xQvEE~8&Hp=w5;jt6_a__r-Vuwj+C>df#CosrG=;|TE0P1Q*rP=y2n
zz&*<(yl_|8loVDo=1eOfGM=%0GHbR0EzWyxYY4k4kRr<$RY@QK+}bMQC-;U;rTUZ_
ze+bNRTB$P9?dk|i1iQC~v2k(bLxtH;wFClMj`5|P5iFZ$Wcc-wVvW;Ek@YrpED7^?
zWoN|JFKs%7swNNsTIx9b&yEN-Sw@0JB8-d)DNeRbf4F&(h?jRp&|0C-9TbYHClJsU
zgrDCQ!r$DS?ZUIAeWXCyioaUx$BXxb5%g3hF<lH?L7<MmUhBszJ0mmhGtd(#Ksuw6
zL(YW-0S<fa4dZWfydc#MR}lzk^WrZ)6Tyz<xl>u0xK1Bw7TJnFTI#`T57axd`LY~v
z9f5#mQvY>x5KnHZgLjVl6GC$TzrbmQx8J)n<SLVCg)0fvasNs$Ub-(b>yl2ck=GXD
z@!~yUe4&bRn#ID^1Oi&I)Jyk8OlADD;o&|X-u@H!noKKPPoNH+nEsaB#B|m3*t;u#
zqTPb4hCo0wjk~vp@y$(jrlY?;x5|hAy}usUmw38iHR9^)5rADQz1Z3*;pf8%^fim7
zOwQGYtCBzfsPmAD)M=I*SCt997EvS6<){(pa?}WPIcfyD99drI(1F29=utzFAatfQ
deGRU_{{yAPG3*#neTM)5002ovPDHLkV1m|rkAVOH

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
index 16bd018aee..64ef0b4db5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
@@ -33,6 +33,48 @@ Microsoft Defender ATP seamlessly integrates with existing security solutions -
 
 ## Supported applications
 
+
+### Security information and analytics
+
+Logo |Partner name   | Description 
+:---|:---|:---
+![Image of AttackIQ logo](images/attackiq-logo.png)| AttackIQ Platform | AttackIQ Platform validates MDATP is configured properly by launching continuous attacks safely on production assets
+![Image of Azure Sentinel logo](images/sentinel-logo.png)|AzureSentinel | Stream alerts from Microsoft Defender Advanced Threat Protection into Azure Sentinel 
+![Image of Cymulate logo](images/cymulate-logo.png) | Cymulate| Correlate Defender ATP findings with simulated attacks to validate accurate detection and effective response actions
+![Image of Elastic security logo](images/elastic-security-logo.png) | Elastic Security | Elastic Security is a free and open solution for preventing, detecting, and responding to threats
+![Image of IBM QRadar logo](images/ibm-qradar-logo.png) | IBM QRadar | Configure IBM QRadar to collect detections from Microsoft Defender ATP 
+![Image of Micro Focus ArcSight logo](images/arcsight-logo.png) | Micro Focus ArcSight | Use Micro Focus ArcSight to pull Microsoft Defender ATP detections
+![Image of logo](images/-logo.png) |
+![Image of logo](images/-logo.png) |
+![Image of logo](images/-logo.png) |
+
+
+
+
+
+
+
+
+
+![Image of logo](images/-logo.png) |
+
+![Image of logo](images/-logo.png) |
+
+![Image of logo](images/-logo.png) |
+
+
+![Image of logo](images/-logo.png) |
+
+
+![Image of logo](images/-logo.png) |
+
+
+
+
+
+
+
+
 Partner name   | Description |Category 
 :---|:---|:---
 |AzureSentinel | Stream alerts from Microsoft Defender Advanced Threat Protection into Azure Sentinel |Security information and analytics 

From 2d6054ff774e71afe6c7887359e21ffadd5a6d44 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Mon, 14 Sep 2020 17:10:20 -0700
Subject: [PATCH 15/57] orchestration and automation

---
 .../images/rsa-netwitness-logo.png            | Bin 0 -> 4706 bytes
 .../images/safebreach-logo.png                | Bin 0 -> 7898 bytes
 .../images/skybox-logo.png                    | Bin 0 -> 4121 bytes
 .../images/splunk-logo.png                    | Bin 0 -> 4576 bytes
 .../images/xmcyber-logo.png                   | Bin 0 -> 7188 bytes
 .../partner-applications.md                   |  24 +++++++++++++-----
 6 files changed, 18 insertions(+), 6 deletions(-)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/rsa-netwitness-logo.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/safebreach-logo.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/skybox-logo.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/splunk-logo.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/xmcyber-logo.png

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/rsa-netwitness-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/rsa-netwitness-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..b590724e540c28996c1a3be7caf5b3efb60153ee
GIT binary patch
literal 4706
zcmai2Wl$Sjv&N-pf#OmeinWAN3bdiP7k4O7ifco#VlP^X7m5W4S}4IaK(RuQV8Mzz
zBm{RU(#t#dyZ6_fxj**o%$_~Z?#!N@-Faekv{fh`Fh9V-!J$x7Rn)uJp8pC7(f!%G
za;kB!NIg|eK{z<{y#ETWnjX*Ly^+{kO-qS*gOrj%;-THE&?p=n8eBESHwJ#$d)fY;
zEYm@Kz{iwfII4I&o%k!bp+$-@Elj4#?+4=cOlrUN<j$#YXl9kJXYx5Y(C{DmNmsnW
zY9{cdNblFj=SaoSmgLL<64?0TWzMu>YQQ?R+T%YD$aqM?dfreI&jKHdzzI~3>Z>Pi
zZz3<w_vV`}_dgw61bc+QG9VC$f^x0h!Y)yNIfbcQ3^$p8mmMx|g0oF;rvAZVoKJsw
zXwWr~^G2J-(*`&5)YgVLC0gfy-GuXck_l6#YC~yM=ylfm@zh!GF;d29>yjKLTE_O0
zObNa@JH>3U|2OFW>HR+u?=MZ$#Jt;%Bwwr^aG2D_&E@eA>V+b$<y>l#@{Pn=?@*<&
zs0>IADE^YTXSycPRc!7i(A#L|%MM{iyy79)Cr^j(PC9&1w5)G>R?W!k;gg(TC2&;~
zgv<IusKeoMlwwfSqXJgAcG8DRPZhq3j&7qRhq~rru~1PndpM`pV%S__%^oB%@40!}
zV%iFd`ry^^XMuypkZa$MWo0;@HMQ5;{c!c+MC)lHgO$Dws<tF-WmP4sF7FU$7$ATp
zrbw8Uf&hLz*&!^rB!6=oWG7&JPEOTvt*vJ@J=j4T3<H4#+uIVdk;q3=t!D1(RN0BQ
z?bicdGy3chcBcGW1ViL$B*$%1P;UrV$VF~ZZMa8A<j#;2r`wN;;^Ta=Btrw9Ckzw>
zB;=<PCw)LY|6NAr6sK7?3QCHYIZ#gip8&}q?BG_p5l+4RN$rk>&<o4XudVwuQBVWA
z>8Y{PAwb-_76Q4Qs*qt3$P4~qF}9Pt8Q19Wxq};SCT6XVk@kS7<B!5kyXIczeIrow
z)0q{PDt+)xm5~L;OzoO;(%QEgtMQJ0e5p|~th>8FoU;kSl&GT0u<Y}=!SAGB2WD*7
z8NtuD<+n=6X&JmRVY0Iw;e8z|M#IW%<`cA|G)G2~l-XpR0kM=WodI2mCl3sO-MY7C
z0R_=Tr@7ry9DX_m_J{G)(`Q+OZ)osFq7YFUQOXOTdV9d8%4?CL#dOi}bB+$)4R-VN
z9hGq0fV)Ft&YTVqf7C}AqE^dEvg;+k@WY;-77I{wQCn#8fSR<`r5I<<o@bJirlc$q
zc+Dh^Vd7~E`9pgUcoZw~cb7>vU5u6)T+u?Ygtq_Q(h}i~7%TimZQ*m!CVv;#_it{n
z_7P_|R(UAUp8KKARxAO2gmRyw|Gsenu<EA&;be2O8ipCUH~IRA0Ml`8X^%b&%Qb#i
zjF~dV6?p9#x)x46@T1h?oa;3+IqG-;BriQ-_p81^Srubsl)UG;va?T=cXovlgnwB6
zQa<01WP~@O#FZVi=CwL%(*M2VhK4tqQY@g|%Y}kCH<;)ml4>guTU-<n#ljpB891dt
zr5mu(Pr-21_0O9z{Q9d)uT<%rB%^I_SN}_!k=J)p)CZAEjYbd7g95P-Oa5_Z62oop
z-J9P{DaQaUKA*r7h!pUmndO{0ejws3L8kd^0P1;&0Xp<?Cnj}(9Q2yc8LU>?szP#B
z<o*_bhn2a!+m34mMt^?t)q5Gf$jRJ3pBs|v__W$iW;(W>hI%bn={o2l_ShNf7xq;l
z+Su+~2rNy$>7!1$+`V)V1Z{cus;{z-o%VJNz)n@d{>fFhn_EhvUni(7sZ!d9-0h8x
z-ph*FA@q7*<f(x%!x9?(p$RNfloQJ2{CuR4>dW0$ehNPWIA5emJ7+lR--K@&I_ONx
z@6q<DMoMHoE*E{3oaPs!>D!dMM6MOx_5-lKF3u+()nssS>+NH=V)p&d4EfB>r;FXc
zb;%(xKz<}BM>@yAJ%4`4%$OgJ)XRUCDIk+dJrjiGy35UNcyUQoR2+(fAg27f=ShP7
zUJ}yce)6R;@9E}GDQKj7U1aRJf$(m=rI<&cn5H={1G9v_rDdFia2sKR#es&WwcKF^
z-c|*oV4ZByewLCr0J0Z#wq0&imcT|ku5fn7vP3pvB&RCrXa)@l)(u%V_$0&Mac&r3
z<)68NLKU<<m)I`2%5+flN6(q*&IPT8^}980u0|_qL>CL(ZSX5$S5x@Yz)Q|*Fz||e
zC5uEi|J$d4XI*i93Kv3Rb(=!(9+?)6S%)?*-$XGbMxz~|#aFWq176b4Qoq^cHl0aK
zE%FL)SFH!G;A%dfR|E%L4!$G7YNn8eFLr$#Gj+S~UxJ;6lj3xNHp~()X0##cH=g{j
zyylxpeYpiCqkyeyN3ti|CxuAK&m)lSZQC-KMm@QS>U|4IamaqLwIWGxYBrs`mgE4o
z7u>dyH!x%HslHUUCYx)$P?A$Hb+Wb6U4RE3{S&U)*Z=@v39SzoeNnUJzjE^$tCQH4
zgHw_3`#hn*#GPH!G1eDQ&6Jn|bKo27ssiI~LQ$^l*n;MmTN9~2+H!#Gf@KN1sC^%q
zpwjKr6)_QM^CC;_7|i6dYZ_3pr159+w=#iWZ`d0;p@kH4wM9URRY7pb__KJy1MbCV
z9ZR{JBl%>ej4RDLP>5ti<#|+^d6PT-&O1RC|0*Z9NaO<Je}?0DFjEcnU+>RHa-TKb
z=$UE+lr8y~&$d0fUu>?QMh^DqRJVT5k_RnGH~Oq6r-t5PssA1-11N&5I1ggy$*z!n
zLMWF8SQ%)D;V}*5gDjnW?;cSMslX4;Qv}&7t|OeglP|H;S@el@jAwpKXMRU-qxIOu
z1fRZtj;<bd<(Y4Mw)8b#QSa5^@ctxA)m!M^ddj0nlek%&%kK(5mtXaAWJNnd<ETkg
zemwo)Rl=Rv3VTq4-Xy^|Pd@S4GYxRy%DGRftKSuQ^F!cfC)2&%Yo4z~h2Q^=>x*>d
z@B(qI_qbWTc=hpqmt8?WmXYUL(OYa##i}XWF$ddzv&HHgT`ob~zdq2Mju4@<-hCH0
zcPkfA>~VIlCZ%!Kz*JeYxVX}KUV2;c4-DLs2U%EUneR12+}S10z1;fAWiD1g5Z9wh
z!206b8&NoosCew_l$uUWy;<ljg5CMJA<PSu3Rh)r_~L8!r(Z{4#@zj30+luq!4Z!3
zx&IM?ypvd7QCx;_d=~%yjBruN=?|@+$B|~i*Rvw7!=p6Ee*+TZ&0Up$B?}m{jOs6Y
zemSqSl5l=R`x=<oKHJr_<cP8GSR39OqWc@6U9o_=Hl^a>eJp3Byl`P<uLJs|^e~_z
z&21C0usXzmWSuj>=|uFBSumcAACMi}yanENi=LW^Z2o~i#SqcZSG+WTYuT);8nTl{
zGt@lGfe@)69Uzt3pu*1^kgE?}Hcazdd|P6$a_q-M5*hh(07b4zJXUH*$F!ELvEJ2#
zg6YEGFmchF5xiFydjj*QYZEaZ-j$V0o@L+|sa&5yL~cz_tvszp`3ar+^GJW?(>YB}
zF=N=9;tARWMX%AGirI^(@Cfdhids)8(aUvTgOnUJXc>Huk-~3|J=P|}>fgrXfHZt;
zDOoQN%hAoCK6>XkBBa*K-STRE3xiJLAW`YIqg)Im=A#ozL5k*sb>P?KrZ_y$78Tdw
z?|`qh@~uB@T~3fF9xBUEo5iS%ZYuYtLOs}wU3{O+M%Kyfd+nik<3AQRm$z2BZ11iP
zU~1F;$KGO1X_!@kOGi9|-(f`rfqqTj4kUO8E_>b9P`lkS**N5HHIKS!_Y5|71O^hQ
z3i0&;vc77pv#oSM+1V~2$87Go!jB??o1w}FK4}{h5^J01NL%j{H2f-#uu$Uk?Kleh
z=haxpRYv@$vI+?b|I1ciY5g=O*7IjiUnA0JOgq8FL#{<bt`@bL;5U@OI|JUThB&=t
zAYrJ8Ov*J(WI^9D?ksC`(jI9qEHRjJP(taDg7=ly^L4tJG^1Byov-<G|6WB@iE_o-
z$hJ78fl1~eqD}I<s{%5p`?hh?rR~^4q|smdz*|YrXe*E}FgPGOiYe!KVmvK?aq_;r
zXePlSfM^SLM_BwMr4<2kvL}*l>Bwfa44{HOUS-cHHqgs>7OhR1=AVXkE}geP{-tMT
zqEhm@3frwk+e|tvUiL`H)#5pWO?P23pXKwdyI>Wtg3b&r-0EV1+jPp4<X!53oHOdT
zNL8!OzX$glcQ!Z^A3vYkExod~!smsvVIZs*$X3wMkTYjFA1TfN+?8XBEy#lK7WH?Q
zPwBL|3DqT&xK-@=Rqe4~+JZ^}bgs3JY#QiSnOXRsViBgMoE9ew&143ymA|}2o(!z#
z{Cb79*Ed{X0f_H%(NVq^6C=!n6{hG`CGJ%2U}snj|7h;cH{zj|X2S)|6Pq6&%_cXF
zxDQ=jZ7{75#w@ktF08Y2)tDN9>PiitsI&R3!hzI9ZLR5Yj!}9VudfK{Z4{(fW5(x!
z{cs1oVj~Tu7(*!!k#Y^HQ(^`0>yoP#@4}TuswjI;f0}Ez9Q<y$EG-?jPGAV2>yG3-
zF&he%&zGw(uzj|LJ@V5X>8*y*YQ+wXj7^MdKc-vuV)Sf2@+)yX*nNns2YVNsYLQ~G
zSf_<oCpWn@j7rRpXzw0R{DWhdsg9nEp<0W7>*xR1S*Wtci_^o|Itka8>(w?hf+f2*
z3!-I{8}pO(h`IJ?$e(MBQS!Yg8@>WuhITm}>+1BrsEPw3$Pgs)tC&hp<!wbOxK7^i
z0pWh;Q?_9d*F`3(3|43p2XPWD#rx&jmspEPbtOc@4Jb%K>cQ|#j?b!}T7G82f(4&N
z;nv__hG*jHs7}FQFUS3uAsJ1De$DD(_!v|N>M@Av=f|M6aLBV;RnZH==aw>xZifi_
z%mjpEvmaCUKet;AX7XRi(IF>K0W>!HUbw|08=<45P^bw{Tm$^`S9w5!x>siZ%Hx&-
zE_I=`tEnA2nGSc*ik)NBZG#LGBa4H#9YLsk{N)u%8Nlh~nA`-!1JrQG)6HF|b{0{n
zYrtckmWD@W*?n}pv=rQEG?N+I>lq)ve*be~;i&0nA|D+lY9>7zad$n_3MCogbC<ZQ
zs;SjxHv>rQ%Pn>`jPtEp)>0ru$T*8;dQdXSMdD*KR$=L7Q0~9mtJV9l#tQO)pOY`L
z3ksVfu_mr#KIIYMhdTK>c}9W*0JL7+z`&-4)@f_+XM5rD;DqXm2-XtX$SLLXu+q8W
zYO~mko$aDxUmQe_l(x%5gcAK9i}!v}Dgq)jA>u+`@U*0^K9tA~uZ1VPdDgeo_KD>B
z##^F^I)jw|Tc%-IhKL|9+OuFPcD}>+orp}MTbFHrL31IbcOw2*O&ARe@%jGupYYF1
zF>1_zF<={Y6S5u22<KF<b%c=-a-)-4B)r>^L2=pH!C_Xn`Nr?$Dx;RdF;1BoVm515
zM-gupIiM#uKgD-no+nLTqR|2m3ZgcM?d<vD%$hGjFeAYq&0r49h^3t<7MH-hJ?4pn
zKN4i=PQ^=Tul`_Yi&$j~=!G{U#tPU(TbFsSlzJcj-tnL%)9!wvfLB>3iZ?PmY?G}W
z_^9Bche-Q`!x15ED<;b&8E*VmA`gDP9VYLQ7jVF?n_Agj3pW?8s>RbV7UR<hEEN`%
zI9ZKW_g4RA9Y3P-93pE`MnRN8$+yXZar)*kRQ$c=>+e|O9?TQ#pB+$72bF@|^F2C-
zM=KY^j?zJC?K;%RJ%Y9rlcqkme`Zx9D(m8Vh=}_a8d!!Sh`~`b#qN9iE#QZ!jN)Q%
zmtUc%QbX7IR^kiU*b!Z8Wv1AN`cFvTK{_c+P1QJmf8#|s*8c#e?|Mt49PIUMH3FwU
zjGi+W2u2`B0XFKZah0NiTwl4KcGUMo+2k5J3DrD<<QF{!9&veQP9%s)#UIQugik#n
z<WrE<UbaTn9aKsyD=*q97M8jisaG6PRXUVT?RH#H;}^Q417FKuT^X2>8M7q;pb&a)
zu{v3II&QH~wmb>{A4TyWw!^`+^&uHsnK(9l0iXB(eWZrvmH}<ICAP4M!+5X=D<&sS
fs(c#EUmTW8dAxH)b+>zd2uDpxTd`8!I_$pyP!&Sy

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/safebreach-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/safebreach-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..63a7f90e35afe24cd7f03e64d797091ddfbd76a6
GIT binary patch
literal 7898
zcmZ{pWmr^Q)b|Cs0VM^b!J$!VC}|L+M!Gu&3F#U-r5OYyq(cWBO1cK5hme*Q20^;J
zLwJwR*Y|looH^IE_slta)>?b5-}>)ZO?4%r$Fz?hJa|9^QI^*R?w-KqhK~z;^2}%`
z1Gh(R%0|E-CELFX3!=?>2n^!EAZiMDtB;7OL?24<w{<;uz~~2&m(}&n*~|5D)7$vH
zAyYK(Sw@@uN{)z>A=B1`;w?O$sDZy1bs<{4BI-S`f3weCD<P4Rd7IR7;Bq|T$f0gk
zltE3mLJj_-$e%&n8@j2cEGO5xv)$mSF)KsNOszB0)O_qu6J$$mE3_fD;d5{yy(T$Y
ziI23;Iz73U3IpLU-#fBgLl}?0hJe)`qBjq|Eqcq#z9Ma(qiSbHLaB2^y;BXjqd3of
z=3Kd=pr27sdq418!PPCEObDr2RdfEQ@cPKVbrF^H_ZJIoyr!AndwXg(HhwI5Eml(e
zKS#c8S`Tlk6S)Ut5U2I+7T(;#gaxBS+Z^r{g&OzWz6?k8(CO!2+#-JCB~)MhbRQU<
z9vh#IMeg9-G9G*4Y72PaH>Rl<qTJjBcI$i6qt&av?^1J&=uZ5cR}?}nyMO=DKVW@&
zi2a7+!&g{WhU-w?K$d?)pjPi#ir%D<&=><8q(Wx&Q2ROWPyy_g`VB`sQ_sQ9lqVTw
ztpo-1tatC*HH@pM)ZyI@{`eFFGp!!KDtS8hlS99LWeuj2+<Mh~)2@?59!r?JRwZE@
z?M~yqO;3>tr-XM_@3gmgI1_UcXO;^H!YrK_T{rn4Two#-Y>N}O@q6HQR_A&sFXib}
z%h7)H?k}H=>2uyWi7=QFbN31@0`%vIvk>=|TLtsukm+h(#+5y8KPRcGxT{CvRda>s
zswNGKVtnVu_hTZG{BM6`?yed04|of{lsrWXX_*QnbDA5z$VSFOGu}0;3n7!YFZhF1
z`88y~`F;DX43&MkA3M_v$|Qyk?%I+=0_!pb?Hsj)iPBk_`jgM3+3_>jsgdt1=(>R+
zZXHw647`Ip^x){chW{Io{du?UC!ZM?tNxpOP4AYRihVF+V;Hy5Vj>9t0d-WY%VzOL
z&v5^U^?K@~+nEEYq06xzgO(6hvZcw`x2f}BEJ(w30SG^AC9etaQ~Mnn^KJ3^KcxNg
z8H$hEhd&Gif?y}JE^C=~d*uQi*A8w->s^0o?(ffE@_vDc>p?uv-tBh%*V~nq;W{ta
zk~i0-nT16x0k(2j3@e<Ich<kCqIkW&QGfjB{J?$S)^iU$+w-|ROU|KZ=@si!?UkQP
zzA`i-KIScNcwoQ?P7qvx*Qi%WZ9Ci8@NS76u>b9DPhX~VQ}<Xc15ao|&NmdOkXz+4
zC~xqw-*a{#RD$!<*Bgj~Pd3(W{jQ>mk5DXc`MyffFD>4m61$cgD;a<zMt5Xunr4~c
z%)yn>mOdFi`mTQ#@9RET`k)NX0pEt0-95R#IkORZ*|>7ymt?b5BWDf=;a>(Zn$`?m
zI|p1%IjV@kYP!Zwoa1Jv7}iBXj7EB$Etm(%;M^%cD1+dON_JJ*GmA#(X(_zi#Xpi`
z83V`l*}eg1xXW2l2oza!A_DajmTTkq@^F7{G)8_Z!g;RYf;7aqA?>^Z^!(8WapWU7
z_mT(1X|5@MvE`1}tn=gEc|*_byAyS3Of|`Gu%>BExdmnotd=qvnmFKj#{Jjw;RbCM
zdGlyL+#&d8V+|I~j9Ojb88E9+<)mM04Dm}`S<`#;yP%>vveCfxkE$0>3D&b%M#W6a
zpmt<G((K0YW>y{J>>Nw8OI#he2N*isSL%(N)NvU;XUz~WPqv-A<d*7X(hmHV0bVxa
zYVZJMD)4m5>l>yydSA2K{l+<fq#Al7ZCZn48nE3&i+se`D5qo~GB_QqSTwv~uQJpc
zt?st0D%@Ow$zs|2%*nf*W&Eq@9)C%BQVWA@AeNr1BdAn@WC0oN&sp=;<%yI~U7eT%
zU2N~KrUQJh_+ivjHv99<=8=*C+BQ+&A$>X%tNr<qR7=h<6?G@`=4JGMNjjf|b#-UN
z91P4ByT^3&P8;w{0ngD(nJIXg6%=@X+SnE|G79HppJ7bjWu{1|@?6w1nZb~qSSt{H
zaTDF@v*I;Emel7CcoH>WHk)N_ym+*P)0}voR8i`Gn)2FgcKL2L)r3oHGUqSlV*%%c
zM|5ea>*-^@FN`R}4?A~H`i_VAC3B8HB^;X@v-z&Z%~(|O6@AVXqhqaASW+Ke>=2@d
znSN5pMg68(4Z%sOqeq*K*)wz9Kp09ch;Tf|ewU>#SuyKkwJBbWdW_${pFtJVv$9Ft
z!Xu>idg8P&k>Wv={oEaNmTY3j{Q{x^RI^_@T8u!1BX`p-XVr=9KG(RYJb$ndq0
zx%5O1uD$7calfOCh?#M8-I+*}3&*ova{r#PAVGu%NeRF5R?OOa314RRv82qZxQPAi
zZpI-ZLC`pON5U=05`QWbk{>AJq5wVY;QnVN&)pbiY%D(i<oNg!caIu8P197n@A0f~
zLY^ONJsWJZW}QMzJsUQLP+o*}2<r>pp|@_{?ELjUn3Qw`9WGXTdNn%wSMx$zPve4Q
z9z{FVROh@mkLrXxnSvq}m3C_WPO)>a`pXnoY9K8__Hvt{;3jL<tESn6xu<JH)~fDL
zk~!I1PCUhy-HF;q(L>`$4Hb=S>xJ$tG=hPgz}zsAAekObay~HiD8a|Q2Di|Cah@hL
zvu?pYiyaB|IG8t~&d6LUF6SPcHx_^Y<-exZIZP`x8l1!$%ip6gZzwSEFQ#7bW^OPV
zz0xvQ*N!4XgI|H0g0AD|Jtl|}Faf_^_OqluC2REnuC6>2svZHUC=#vhi|HKs<x145
z<(hWQ(}=wPNdN4GUc3%iH2XltzjE(24u%|kYxI>H6(kN<k<(jYZH}|eVo!SaA^VNu
z$?3A6wV2_psp@`*s(J8wuz;YpR>0Lmoheb8t&*18A**BDSraGIH~NY%G!{cRzOE>d
z$M%vjy8MSV=}T{vhO!%h?PtARB<~u#=~dC-S+1DX8H4324_&zdMo%*Qz;xBra(Zfo
zRA=0{WR&9M&5ZQ4J4AC(CFN0qvO=XS_bv;OmwrdF3iBd9xbSej-LI+Y^n-(=k{wlH
zo$`q42+9v*8E_=syjX2&dY<`*lyn276g@3-;`Yn_+6-iW)Sd-de94cRh`@Lsfe9h4
z6?Yt2px8c<2|8zDY_@AiQL><HpFt<)`Gum8Cyf^}Un;)PD7eqg>Bl*WmzE0nYEo+O
z<@F`DpMbDJ4j9^>Wyr)Cs;>R3m_;u}zu42l2fc<LVyVrH2{9y^ES+zO9LMEL5B|KR
zR~l9SfmaM<G?BD&o3ma9-MlgmTAd`ECt76H-nTfa+|NK}GfDDEb-FSliO<l38hq>L
zCN41R)%ut|;RVy9=dRo)Dr!M2duG3Z9l~mK_p-|`0EovK9+}UllN66VYJK;|0<K2F
zeU{V@-EQ7EEqH|*q<{Mp7v8r;=v}adTf@o(@49N`B1hM)8<>e4`cg!#u2s416Sm#|
z!anw>XhF0klW59WomahGgr-#(kKVBq0hmG-+oQQci?nA}VFpU`%!=(hSze#vyn)v~
zqfpJX+D`~_bzR+Br(wmHP8byvC6T3fsTmH=3UEZIiPoXtZ|g!_)Z5-+$+kmcMH0SU
z!GJ7diOase?5ow2-@22N<gxO6gau)s&nRn27m<hK*s3pRdUWFUt$T-O%t_B<Go*B<
zCy#nMS8_@vl~hbP+|^im4hld%pp`xfLHqd_^P33qFJD{3`3BV8c41G?hRfxx_$A?T
zF5Z-Hl_<5up@g#!$J_Y>n$ggKgft!RTSDQpc%0Wz(`41@P$5Oa{vue{yQrsgi=taP
z{CvI5*_m~(R~D=?--iA4p*vBpZu4MT5(z78GBzhzy3M(A?iAR-ye0W*Cv$pdn6eWS
z%wNfJ-P4k=Np&KQuo(JZ1`78cL>6e3jtJ+B+J9cU@OwVQked2nI-<lmw82|b&#ejM
z`CwH{LjMgr(Qvu$jPN)^0!T%`h{m2`ZR3wdN9~fw=^ItyifS7Tn*6}F=(j~&_6LLr
z2U;W)sNgO=3bOkkm!^`4n~h=C`xkxUkd;gOU#%nwxe+6vZoQwQ95UJz$|~=xS)c>)
z)AvED&N>8T(!U21f|QCYoI%K5AWUT`-1-H!O0eE265HGjY1^vhPL>s*B1GnVo{9Dz
zEE@O!ivtJyA}$KW&^Qm;P?t^48o+okc-*m}=mlk-v1B5a{qsk3fePESO9f|Db}~Zs
zhH}``SY=+p%87!;4vz_k!p0$0e~5p0t~0!g2A}~To6&6|jF^s|ib?=SDXmg+A%RIx
z6x7n{KM={lfaN&q$?akPO=j@Q6nZhGd8`dK<!^4$5XG06BR@mb;u0Bpa9nhXv>zW|
zfCPDR^$nJZdN;#E{O+D867wjpj-}hV(r^bo8{h&_;2K4h5t$|7=afWTvy1wZ<pusE
zdkIO+FJEhP<=zO7$Jjd`bh8a|@?ODP)hA#hIptq#ka?w9xNY~Ba(U*Gqeq?$aaZXV
z(#yd2ix5cSMg-`4PuX?F<FHT@_a%K(7|iQrBr86GMeD9lMT6hgmu&pUuGE7NU-E&n
zSMKj~h1_eL{_5y)N<21`1ru@R&hL<?kw2aKhn?Sy8=tC8R9>>QQ$xs(Zn!y4f|S&c
z%4X7l6cu=19l#)k8FTO+j$&vzZoDWdE<vw&vp@`}j<o|fCVIXZw|@fmx3VbC9roI%
z!)t9(9h)=xA||gI9CHy}eKeiQQeABXX}UJ%*U&-QH|sSH6R_Gz*G7FDtMLMj-UhAj
z+VF)@eQ<UGz-p3uM(BU^K4Is0g!&ZGb)(u*{v))bMwrgeXU{I-!2P`@wSHwSj@x(g
z1FbO2v-RUQhPA}admIs{)C=jkA<Q!;(R(qoM}C+%L}*{Rrj}XXLHf7VZkmAV%s;P&
z0A{tmAJegb%%|c@9bKFKhDzT$;o&9by9bk_Bf|SEchnu<?Kwweh1QS%ZYCgRjKncz
z1v(MSy(k8lSM(t&ApJs?;y+dhV)xR1;m$JrueUdEX@&D@EyE4I0s;cThuY8|)!zTG
zm%a*2KcU0<4&7kfxwp=pBf!Q%SN$b$B=-7IWO9DEmXrdtL6BGxpsQI@{-7pt;eMXe
zS`}zw<?=h=V>6PnkX2D#1@Wp%VyJV)?w#`iY#LSY@SL%3{f9MtD;c^d`)<c=vaY-!
zu4ZKoCw!?eSP8+Yy*NLRCWW{AkBlBFX^;~}R&MR?;*fL2T$sL&EAYb#y;j^Y6PRri
z!u~n=*z4SrJG4Ge)L=2^6l7^cwneP)D`dB>e8)M~$Vf*+H2Jn=55f8`vYp??{Z-7e
z4Vooh=3rooo&GC)vlQnQUtU+|EehYN3+IH(Blur9ZvPLG0lUgwO{Li&lk+hUieXH6
zVmr(3jy<ymj6T@YZ)Rn|+F%NHig<RZ_t7ByZsGWI^#D&)YyNm+xqzYtCZz*=9izF^
zmzJ?r@}9t6C?ytZ_*{K&H`%mfEi6=Ki|LRGjMYBspP+^v%om)<v2|t%l%6!3aqYde
zu6nlhkGJ%Jd2JBQq)$of-0a$EOg<mI$i}HQaaY$3xlFPN88aZ$p{LSU!7Yr9d+)#|
zR_gQ;VWEq0>mbLedeSP7k+n5z0gnu{+C`_>M`6%a>jaK~Abq|c@iXmL!7eY8-f@?-
z-DbIv9{Obpc}M)Sl~^qdyXj$Va+b5ai0Z90$%@ibi4mq({<QN#SVB^MVOi|m!aHrm
z;qV%~LjGVFKUV&XmO!y1lp0se=wXJi4dQ<uQU^+()!|q^@ujz!XeJ8-krGA%FTgpm
zQ}YTApM0RoSHIo>IR2vRG@FTM%KgMoP$d)Shb=jCQuRV4E0)esnZjPoXea%=s=rpJ
zmq9*Y=#ZO`*}>F2$dWA_D1Y-(cC;dCtZs9BaIic5P=-~j94pJ~NZM!`5p-d4#JN95
z0$rz6qZ<0)j8tdJoTyPM^05oG*ar@(-_Y;5&Sib^)Ln5J^L;<VOcAA7KL_+XJcRiP
z!=n!}(JKTS?2O<vve29L&YyBIy<}9ALgnWQS5=3+g9J=iIDe7?TsM;bYlKp>JD93$
z7GxqJs(Q}{2AA+O0OXwnW1JcO;yi1%Bj%H;kLjA1l`kk=5fdV-b;$d-Xqmf_a0;;x
zv-h+GQD{$%SI|7Rn2G<gDopksdn`3^Ku-_NGj)V~NoB4_9?nZ#P^!A+biWoMWY+rB
zlH+6^=<y_RApl4%35l<QFDI?$;n^Y!W`kc+?7&3iKn68~at#WpEoUVl?E#+4lyQ74
z6R_mon?SvMI%c6n`X?>B9C}n9@=8xw9s%l~?mYSQ)64Pu$V%kWYo5lWt*?+rT&>Va
zaPU!z-I3pXV2hs!L#K;r%?FjV3eoiKW+>5cSO-x-^wDhr!Q}#)fL=!8%gMI`DGw5s
zsMV8!<O?z1UBW#xSve?I<yDV@0}S24HfUXl)ch#&F|u*7tCnPO7*td?Q^wp;m(5-D
zO*p@U%4WJmX_ToJbgNUC_sO=yuC;7I2#azgnhA2MgblO=$F4H>SOstbqgp85lvg|q
z_Mg@Y?YIGa(vT&4af3-hF#D(g?st`mmm$c*A5v%@*%{5E_3}WxLn+(G{Zx1A>KkqI
zCn^mx_a;+{Rcp_|VUfc>X0<fiV5Pjbs^kgu(YY4J3C5i+j(js<9zLn`!7RtVggX6l
zkq=uZ#oMKGxcY&&VwejCWOGHVuVg~7v}`0d1TZd*hzF<7XkM4|giH6q_XZN3{0*T^
zLT?=)*PLA8JjKdSN3_r%d(<S|Y)7m(P~+;($ePe~>khIo36ej?yI2rp!V>!Zx#3IZ
z_8e~55<agHGZ#xP(2W#g<|}r-jC#@*e#Oan=UKE&CrbfUZaX_L3FVHZSR+Dkx@zW2
z7067l{vTxY|FKh{)5g?Gq1ua|kJJsO#^)ANB!8&{kGyiBHXDlI@9~}Qe@^BQU9nGU
z!6@EYeOxOf)M%C}DVoBMjzihsa*k`~>_wkPWt4hsUeXZf7FQ+XMYEt-GlxF>!@L#b
zQNfQ<nqNB`r*HnX_J=^p-jxUpTc1{!OX4i0?E|Y>LxAEKXcZTSD;P3OK{=YQVB73@
zPx~Ec(W`IKYEHk}($gAv!@hvWGQ47VW3d?<vtM<n==;C$w3{C)AaE%{{m2VZW3KbU
zHM-iOl>S{4eOy})C>s$4{6cC<6gU(;k&8P_j<0A_R1}XcgFG_@psHP?Dw~sqP4(gJ
zt@r#~GtMizHbhHqI9jP6*`9pqQ@9TlxI!UW2AKgK{HF|(<TvNjh+w#)t*OvpK%r4w
z@b%%b8<`#lBuvg&{ji(76V-_q7R5W_SrsX{Nh4KVost)u*m;I9CGBv;1Mhu_E&%9y
z5`v=3Vd7Z{+$#F@=)B4w;4#=k^v@$dsSotVKM)eGYu`zJ_jHu4)@aO?Kze4ygRj1`
z1)}V!elOv}xmVf|O3e`n6rkn+GRU;c97I7)>V7SN<m6DwGkLj(GQOmx*_zFj+hTAw
z%b!A_$sZDTGBVt$nIVOjIQDB?5dgM-$t3|jUD<u}EM&y>z9k1;^kR&NArWCJEf#sI
z(dVZ&BL+j{2u{`0^HnZ~{N1#Vl8`)dXSH>HP0${Arj`~`M}yOO9!-UVRf&mrp-yGs
z+eojxW9V61zVmAo7dY2uuBHz04-jrQsR>&@C&ngDzW#11z?(kQ6lEKHf1wA&1y#Oj
z#Helg09Uo`3UTn&Kz7bI@#wztU&QKZY-Q4_qGW5Wi6RAbxb1hd1PLA-V#dRFN4X@I
zmS}Hzt&R=%w$DlOPxAYQw@PWvgFOGcA<l;dCNeH(_4Z}^oaDP!eE!->P$|Lxq=iw$
zIak))tR^h+<-ztRi^KN?MVF)Pt)sC6w1JN(Kc4whuxhQMN4<}uzdjRnaJ;e4_TIOf
zY6j#PQ5UwOj38N3Kr7khl^95Vnm@k&dEvAN2>hdgY_4}s_B&qhX&RRifCgl+5SZV*
zJ{_??HceyQKj5`H7lH!_vxgK`S!q&7s9wCC#%lMQ^ajivna%_ZVCl3{Pa@Q(g?6jc
z$;^4wUls4YMuUbsD+K?iGt9ZR_o)!0!d5+9V(2HKf?Y$gorYjpR$9-%M81K9YA9xb
zz)LnD4uJxCh-HnzX|hI|OUIoOn?7~V%T*djNN!=Mc4eQMf*OO#dFt%ThUm0&b^US-
zZU)5j2N@2QEU95@Fx_zZd1>Xv=Phv)?{xQdC!PgX9)$eZ<2osiV?w+Hc7DQO%))C}
zbQkBF<AKlkVWCJmdOjHyukuzWTB*sGb%$$9DKUtQ$zm=D#jMXIg)ni7+SH`5`?uTO
z$QsRlIW22oUz=Re*Lk(_@F(U~FjK=>TbWycHM_ceZQ0J*dl?1QG}2Kr@FAP%%~2x#
zTq_}O<JDT=n+5FJNs-21yv7bxkUBD5dY;M};2B;HbS5#qlZ70`ALWx0DqOPWc8d}K
z`CyyY<Re>?#x`veYb?NzN>2k#Fyi(HyXx18W)up5Ip-7uSR%`dfMkEliaU1>!q?X`
z;)qlgR^y<LKevBh>L#Q(-?<TA>QGtw*PQ4#7(cq8p`zZv)7YD>)d1Tvj9aAvo_-F3
zTUC~h&dDa3B_s>>*L>hs2}%}yO@TB2Ql^q864%!5GiOC1hviSA@YK-653n03437Ai
zo0;IU8I%l@7bL6^oH!Kq{clj2=p)%7n{W;NH&HbOt%_!i0RDz<dNHAA?W5VJIE3zI
zc9ynL1s*LmtODQMs?ORlc+ZLE;c?La!jtHoT1fhVo`3p*((76VLUhN$*)R1vCzT=l
zl-}g!3-RD*EtF9ef>z3Hd*B1c$DVlnNK}k<8K7ppg%do7QOkh~LFq}akNJ~xuzKLL
zN8n-GFJ2~AY3kI2F-%uf-Y&`SOM7Wjg+ohHdc_7G;#iX?Zva|Vj68YVpEi1=Jy~pT
z1^^1-HMpV<I~V>LFPkEAc2#xp%KkXcvcQ>p6s}Y=MW^-YFpylvHap@idn|;O@bj{l
z!WH~>+pL&OAzt=B7Xq%+6p!&p-psvwlDI>$PP|%Sq@zqETDdJz0F!J~%m0vt6M)lc
z%vAIh*Vng`UciZxv#M3z%=d=SRy`9x?3HBR<^0bS`$DiQY2u=fQkRz2+h~%dqQxN6
z%9-%#K|XMWy|2_`8NYL;-uSxw*MF=4I~;chc>>(E<<*<yYl=s13+RaoK0{T%M;bDK
zMc$n?DP;;ela(Tk>cz;wbrSTQ2Pem^(FaQnTPftI@W`2!_5PcK)ue!R&>)$EWc89-
zyvf>g#^wNGjfD`q$`L_3joj{&L~aluj7U(p&zpDnC+e@z0>@Z?+FK7Z_RJp<lN52p
z({+vpAL2yWSJ^by%kH~#H3UaCSCH$h6c*w7E>%ai9A0*rOZa`oy}jMV(?IkJPdoim
zw*yC*R9~n&QR8X}s~dNWhGB|MPM%3GiEf^015vT@?0fn<)wTLYna>4+F$k1XQ(*=Y
z!iu!Qu0^V@ZtzKuth$ekZ;LL7<r|6Th2Hz!jnW;|ygh&#&q)C1UJ7YX6pp$|;PzSn
zPI?TPuUi?}6Bs&m;x>)|nK6M%%79shBhKRfg6c;<Z3kSVQPT{gtQ(&%(?s<I=ZS39
zbSo12c?&nIf<=W4{n*1u(v?!?@BV9RTh_iYZYkl8cFBAE@ESqG<GZ4NsiR8b17=T-
zj7?q(#aZ+|7D`>56~&2fO{8ph9nW^VbCL*%rUd{gE`cx4M?gR^w&~$8DK4%6PPXKI
zM303JS|&sDCsQ9xu*a|TaO}Um&9LfIoa+RuNzb8DE~FQRmQtS9dBev3K0S~u8<Ouh
zU=akw*Ce#>=Kd@|$Z3Tev3pC0{g3ZZFky*{XJ3GXV*r*HrL9L6pPZRvOY@ar$-E{2
z{zeET$-Hn1*31vmX*)3@aq;lod7o6Ec)B-l)AKmzc6-HB<fn&qhI7&gr_SoIvlW5j
ziB!pf;yyI;P)RiSnyh{HecIygBxEJSeTC@$ly&#5y1s6$-vw4ePVwjFwyi)oEOQsD
zgplur<v=&T>i6nyZ=-T)4b8Dpk-kseyCfQ@1k|^TAP>25jd4`6w1vqqZImo4{W>N+
zqcxuqk+f+;BGtx>1mSbS<!sh63-hxsQY2yMSME)uyknbO1Rzn1&nG6Dk3Q#@vEX+Z
gM48BvM%)vSa@|i^T)(CO&ZQqf6x8J_<SfJfA0ywIR{#J2

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/skybox-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/skybox-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..dcb39ef9bb5d4021b57eb97ad9b1e537fcbf66a3
GIT binary patch
literal 4121
zcmc(jS2P^j9>#SMB{GC)Ll|8$3<onrJK7K&A<>OG1ko81C3+`HqKhs{Bw7ff4Mu15
z(V~np3?f=YyUtqo^*-N+|NgDDU-n*m@AZA(f5-fzt3iL8{Wb{+2|Zj>_2~`W|E*h8
zH)HSek@gK}+%-+SNJv=t|1DDZQ_#<wNosGnjv6(dhJjU9#6L`+nuO#|6I@l<&@X2<
z*Wa7jC$B^CnMGhpix-yQ?b>yZjI>LbH*_ICy6_DHYz?+n(|nk>*BV$idWkM`^Zh{_
zBJRo7ZJB9&V5sB)@&V&L``#>g(u9YD@VYRK&23#&+35D1B7mvZ4&<1DGu=6KC~4lF
zIX>h1@uTrq+e4w)!u$f$?si{tsWz@GrFTU%hR|_M-P<Q8fLp(@EQ9TjVEP~lVKzAX
zq%?2HaJ71?C77jhH}WstwK>1$79pV=6;IEBj+(nPhRl5<!{`;wcI$+RCh2wi5}||N
zZ*BQ3$=7P-x9P{56e8yjUMR;8U@0m%b@Klo$Z3!6$N=#1YA97oNp8n~9O`Q<=tp24
z%qW;I2_Q>{9jr$HPf`f#KThP(^h~o%C+_2cY2Y~qEYUfC;)hPmIaxYP+Zg6cPgx$J
zxk|sUc)ibdEGUGrP4mvRN1!#NsI#`-T}EqWfFu{c0~w_Eis}!^WE>vZ3^)16ij81h
zyHK(EOds>dmMd3OcOHy1d?=QjWDqLO+8z2j%CG;StESX8?Q8lNzH&2lJJ--(<l93O
zrB}`&93qhL+@Q@MKDNVHzL)J(Lg6DWQD*f4OOg%NtiNXCi~J^oXO-8jNc)Y_AH5n=
zZXOFh%&3lG|I-&DEn3j@nzz)kLD7;A)+(H%RIFcxDU(qA>Ea2qOqy~cw4lV)g_wKo
zAPmA})I5V80YQp|LN}~pp?!5Zg@CdrU^$3A`7%6%kXo@Kb2fM3{8W(3<!Nh*pS*4(
zMq7$qjad!wQu>JipM**8+JOy(oqFz1JK^9gTHV$dFw}P-o1)w0C>8&+{8U1OZ1MZ2
zR-?9rJx4iYSSGRCd;{ic?>lG1e)%d7YN%)LFPbzwvbtoFR40pK+fQ#t<GxBB^^&D|
z=WS?uJ>n1u2wu*r6*G8dHrjR>_0i2qg;|ZF;PXP-Fw*v*>ug9kPdB?I%%bJg6H{>y
zzqw8qpa3+QJueG0d^Q7d+Y@{A{v972u(NNhW3y_7Z8MhYrEc+^z~XvZp*@^(9+A&c
z9HBgPIYr&~p3opSMzT6X{p;ZM$AN7H<(Wm8_T|a+%>(Mttz$r{V4}nEFMd$QFcEhR
z{q*T&l}STd=0seie4Q7o7Ovqn_!|@|*6I)3OVoX$PTr$tupIjuLA&TR`uKFAL3ewb
z*li_c(?E~-^hIv6r|cQ`3XMNpy0q4H;ZkhCva?@06LX5#NV0!9In_{iZOFCz*!ovW
zow1BPO(=8clvz|~zTk}X`xmxIdh@#G>O@5QZ#j`l=RS9sI6J*&3NQ?WU6|_~N%EC^
z6fAboG{oVyk1vJx$WCxw{#qsCf}>yV?-g6E`b~==Vlflw;O{3?Ay#jpJrj4;?wY(m
z`#mu_dvF!StOw?m8|)8mKL%bYk+cNTh4S#k@)m+t4=Mfj(H7C6ef8xL=0XqGSlfeQ
z;?hNKmhT%F>TrSRKYc!eX;I`8l?;Qg9pY}zpA#AsD<RyEU$^7CMMllQy{3o=;-Uy?
zs7#lX22-aNxE;-7;?L@Uu(?I!m(oKU;UTs~5HdAYkiH&>y`ZElVblp_%bc(kUNhtg
z!V>OG?42whMB!>b$Lo#A9Hh>dL0)#5yN(bGM~uQOIbl9hQq5c2C+^qZQ8k|ZHoRD&
zF_{EkUmvdvyh%zbAg0GgC{~4s5j3kfl_&3&C$sb_$;|Cr47GH%MvAu>qLvY*A?Mas
z$5e*y{L@f*cCqDQiEB=fo2jxo>}@G;GEeBtcj*5_JL^3PD?}_BF#kOMeTD-g^1lu1
zI2g&y|F|U458uo?qhab@=YzvY%!eOd?48d0+hShJpC<*69$p{aX+7G09@MaI->RVK
z0UgQSZ`IRZ0p<DOsf)`>NSB|W=)602tPLqjvkY)j>%fz#0Ie4elp5yLAGbu-zAmWA
z!+h>?2<n!4hNcEORGifphp?wdl`YBkZ@<7*30d}5bV1{FhB-Zl7l<x^Ptv{@D|{n4
zqRQ{j2gF2TLoLDjvL0laY=ru+%?D?Jt!=w6eRtt%@9j<J=S;+dr4|2N1>UC%<FY;M
zJ=RR=o^D(!YW|uSxBjlmq$X{cW1mV%i3bq#3%9B9@speC9(Y$MmaNk%dM;A^#+mrB
zj^U*nENzV|t^#^l;>C+5nQRNe`>;I!t4&UY6UrpT3m(P5ZMbjiwS-w?dmNZ?IfNcn
z_u|rY2zl5TbW+4CUJc4;HIft^gqwB&wdS<lsTW%<+QLH94qb$1`ywgVj19$;yTbYd
z{Jtg*4liCD*gd4y(vkPtq^o5~iV&Ut6SH>ck1rS|E*uLl0l5pu(xm_tKVR{+z6y}z
zvRD+$kfBv(ycHQrLH1p>NJ3R#wQK^rc517q!!<swv$J1ZQ=U1~*ghP~ALqZC%*{ji
zqkiYo*+rJKllvB9k|;SwpV_lklCZT^TsI#^5-cq%kr}_`4eKfpCs8j-KB||v5eQ__
z-ImA46>oO3AtFXEwvG-^^SW!Ade&>isNYMIw;5#iO6rTko!st$^X64tJ*CwMYA%-F
z-tbSvo}puqC+3b__o9Ciu_7wv0$2V7E4S)TZlJOGLA?(_DU*2ogHzfF^u=lfYk9e|
z)m$1`N@|MVc8o@boEKGWq5Ge~!`6#G*@jb-2WyzC$cxs62OrvZPTu9n`n)fRb5#~(
zKr-3Z+!shqmV5qa?TQ{{as2oW5Z3$ND0sBV!xpXsx8A=BV`kNP@R$9UzykM-%MaZA
zfCLE2S7H$e{_L_i(uv04S_!Ur<9MU5u4NU?i5lE<PgJ@ZIU<TA$!tAf+jGL-Csj}=
zpqw;#Z6iDGtmzjMgA6dAf4T6lvG|#(h-X@>ORG8y5aH}7lqRuiR~=qERzjE1YPz_4
zv9UhWH{uRy@nerA6S^JB!+48QSXk8IB%YuNi*b~S)SY~Ai!78!-0kEEU<hgHM|gI%
z{v&8`LQg?U-@4Q4^*u_H#3H81(oi*h(0w{jd^cPrS==)?*^HDF3M{Kyg%s*)Ae+N(
zwC8YD)a(rRIS5T;o6vkx54f$-Wc<9dToO^cck-;bRN(ONdRC=p-3b`<Q(^kEMTBk{
z+EJ=@H#hh9B`I*OHJMmd*{H{7Z&*0yi^$m3s604BANigOI}^LCJ-!6ZsoWkH7~^2D
zkp_Jc2<B?EUsP9X%zMZ>Cp&qsRGX1BB*Fw<1(Y+Uh4Dl0zSe>qCp;Pe8%^My3b5;i
zZCJG%CtH1CFzY^JdgHCt@1JiB<tWc(bP~psk!6nCb`{Rs<rU?8ir}c?tKGkO#<T-d
z;|K<VsoA-I{miryQuTTHn9Bmlo^38A-7q$bFKp{qvo(-J)@7bge=hQyV-|?#&{l5_
zi&SSV8_nHRc>zry0F!_5xXfLE1OuZI^YSZ7-&0F3q8FWwj@=?CVoRU&BI|zjWP)S*
zB?J;jG5IqHgK2mDkK!o^*Yb+04yU@6p+3%&{WhyK)>F$>grZ32PSTsgx4Evi$Mr5i
zGt<7b8c16-YwDx88LjWF&z1%VNN~5^SWFdr`oJOWuO{KOZHDosCAb3$73@q(34-$q
z$}tsnD#-#$8$RVqwd7J9PQg8sFxnQjOy6)O<OUY9oTbBy%34|g=}MpF1x=8amovwT
z`+a@lyh`_)2i}j9G(@6YcosuvVetL20=va<INF-xPhtNMo#2XQTGkxwCgebIMv5|O
z`X9@kc>oD-KcvU?JGQ>3di2h+J2P2XYkT>*tsw<jIIo0)!hD|@#tDa*)=C0Xgm%QY
z8V1$d-5xQQ<DNwQbS=qtbYli_QJzppv&{Ot*M@~o?wHZq)IM2XcY@?FJpD7%caxV4
zv}uPQzQo%hQ{F){9FET~4WG{>uXw-3a#xEANqsZ@QdT_9!H|-Y7B6(7vkpv3r!tcC
zhvLZjSUct?!f<xIR$CkrE1KaI+onga9-sL`x6U=5HqOLht$0{cZ(Qx~>3+8XcQTEK
ztWFS3mz)oy4=D*m`DYk6RJy^$%4R?y>u6gr75caLLJANsD-ai=lS;hU^%j(z_>|#2
zb87ljpP7LZrY^?vH<$p|)ly-kc=am4&~Vxc!WLQD^(NI}^d=f{o=9}tKvIg)o3uYW
zs~=aH)rH1Zu(K>kQCISZ_{ooC9`a94PTjm?q?0x2&F)Fe#VW1FyAQ}Gd~PnR`75xf
zU$ay)P|3<mTXg;16bZ9#mbeI6l<g#93t0;K`Mb8?<@|s*&(cIwH;Yow?S7-+t-_99
z2ey7bJrq}g9ttuJ0+x;PB+88LrDb>NBAVQ5TzF=qd+Y-g6q7aWG)0DXjsZma<lJ24
zW^`ipbzZI5#KvAeX1}bcGENjBdwTS{ysCl^kYHUy=gJxoblpM4-Qg&{>OSi+i?OPq
z8{s|k|F)%i_dCeq9%Yh%3_c>Km?=|oMA!N`WUv(GPw220@djjXZvH|G6Y#UuU~4%}
zOT9b0T)D;o0F_-P9Tgqb<G&i{XAKPc2ez_R9<tD;SYlR+5X+~O8J338mY*>xZ##&q
zyosE0a4oIzw{I2DnIlJq{l#TC?5TqZ$&HvtQg9Xuz0Jvpwgl4?q-c<mluQ_MvJLC$
z4Xn-NbjRnSo(XL?P6(4uMhTYfC@A>NKeF*ys}AH2t?KH5Y={!L^Pl^1{G@~TR4zhD
z6h3grO@$8Iu=&k)S~0pMaaZzN_w~v%-{uqbP*qj}!^t`Jt%Ty0!3F0|he;|RfEr_X
z2;oq)5PQGli<?p#jf^+_1q_nHR2?|(W7A+-JrEvU7(I;SVuaxX;wUTEw})bIE<ouL
zdk8)Ey{yl$M|AKRi+;zLb6EYgmI3s?P38Xqk~Se>&)B4{OmCsnY=HV~lxq6!jSYYp
zRrT-s?0lI0od=81BL{YML&4IP%DBDi5$o4)dJzoz%pORjjT8e51ADSk!gY(||7u##
ZxVPH(-aP=T{rd?(0$0;jtyZxL{SSY!^NRog

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/splunk-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/splunk-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..925f90b44bde9debad57f48c58890f97c10a5f47
GIT binary patch
literal 4576
zcmc&&hf@>G(+)^Wq#LA3N1A{Li1beAO^Ng>UBF=IRhp3!B2h{t80iR7BO*lu2t>Mo
z8oG2udhhVd`%iq|%<VlhH&<r&p1s|@WD7HW1`rnr001x;8tC39BkVt+qapWQGkeBl
z0KyDx;Q+w(oBs)g;eFvP@*r)Hp{XA20+5kiMY#UDjV}Pe5^JcdWfg{9&kKivNqNr*
z8!L_aLj7r;5LRztO-f<-*bC#)E(e-i_k`rY5Fiy_YTlz)UqUNBNo1Cv-{Tg|T?=^8
z)?I>CL_G3KxJ}P7K@mvTM@cFCatPS8^dk*IyfO79HjTqLtCd;jo#Qza=mVLmj*W08
z9L8++Z$S)7M|@SM^_4TV^;L3AMAp)86y?WJjN98Y>t2BrvRFI`^;0J4@@E<e0$!E8
z7Ap4OWZpWCwy6vWiVIbyymBS5Nm)5#QJ%Go0|~joD0)40F+{%<&hw%`(*WcVLt_DD
z)607D*g~0vlI(R@5$~MfP8smhV=oH~isRD%e}JM1o>l|5T8{Pg^}PcK3l&AfgdRV0
zt8e}E#t#c<Qg61(-@kwPGYs5h48Yf~Gt+^E=-T~LSJPQXfBx*d9kWgN`I}b<%rF`0
zeD}{;7fD=N`s-A_KriU@kU-pwIb>~fVN%FN5_uzEm*QehK6M4_1JgPSu*y(<(|$gR
zWL0b4D+vh=Dv|)OUU7XTQU}3w4HV+4Fp;A{0O?uEaL_kMRjC;9yEm27%hnYXObc-9
zzjqij7rllnmk{egQkRN>&d<-qQsVnPxu?h1@PP;*m|2g7nVAZhFgwswOQqHKNx@Q{
zKZWvM-CbK}XTJLS`b2Gkr9O;~t?igsz?aa64ABECtE)mB^uuFghW7R<+hJ#N+2M%#
z*1>z%@zjI{X8ce*aUOzJkKA{*25yIG<T>Ug>bPp>%fthms@bz|p|CeZ!^0bk?u*B_
z@o$Hfpbo<(kIrLgXlYme{uSn+XI(+MC}6h3R6kDzoLx|wlx*vK4>F-F5PMfHkztVN
zBBLvd>6opVKRm6m^Di7QEFQ+J>IwpK`bBnjcLSC4gjs>{YHE9(^W+oA>(65NqNDFL
zH8lYdLb`>P^ys)K6oT9efY$;(Yez;z{6#`)C;S$cmfY&?5D03RqQ4354ky{zrQG<=
zsBeq0XmhsFp|Ng0rwB|#D8W<_EX;*`ByYrlq<IS8wZVHb<SO_V;qkBhC*CgiVU(?)
zt`}!XQLg=5={(gQq}3-ZAR101dbiq~?qFr|jk~Uo*Q@UR@Lda;P_%wX=1}2~fh=Yw
zFZ5t*)tO)r8;e~TDcxOva>>BP##T7+cOALae)V=u<Y53H%1OgqbziYJOS-tS61hGR
zGqBBs%E)@~!RcJaI7`y?aAPWJ>mssa{+w)tGzbv!t?jkAhu?Gy=HEX(($xJox%Q)<
zqE(2#sQan{twO86cUp&OYbMqK^xs+RSP`{3*aa?jK{}Bce7`_7r)|safm_urT}&}s
zSM2QG0CMCTZ&Z_v;qYtAx1)5SP&Tyi(6u$!%ZtOZ3Kd{$QkMu97gt$zb!oHci^0`L
z?_!_rGBAvp;PYoy$)x*W-;jmHVgp4x3dGPx#opfDGy9}J0C#2OrlWt>_mD~<FxX2b
z4b_3>&5bMkgNq)=3AbdWKHuw!(?OIeZK(s))Lea0Jj;JG?4;`(Tx2;7h0zW^r+iVc
zmo74izfPW5L7|R!^H~%7cJnQA*qzT9>>C1Z-T=wwi?zllU4`(dyi5x$@Mq$QM)rx>
z^vG{&8%^T7>%%S=I-flT`T0DaUvCH*86Hj?^7dRzs2HtV6i*Q~D=I8Zt=f=Y>U(SG
z<irb5GNZ+)7!@>E<i2^MBkAPOPdHm;7nc$*ZfMAkK0T<N&&&&Q2$&zO6*}7*1FPdu
z2wuD3%rwan*2;&sq_cAkifBvaye1zCqzEeHs-2E5K6RDFP*51k&IBp5=n9pim(GqM
z1+^T%e*KcfUi$kfaPKoPtc~xB^qcmJ8O5tb9@csf32ro1u;%us^QR3c=~?Q6^;nas
zR6;ivj+b$wH$ZdSVYZi<`&PHBc<WQ#<&**^QWXEd6R(&O3cof#e?Luab+TF5p?0OT
z69G$*+Id4MG)p%N;{f2tOgi^gJ~-66O-h^dP9NXfEe25TviHs7E?4+$t-gpwPOgo~
zB_|5CeA*2@IW5Gh2BXO;Km8M(dWVCa6fFvBFD>3|e-TS`Q{c9(J)^j|*u01v!+TNu
z7#fP33Rw2C#|eS|X_@uP-)&$<9(Yiti<vT0n?Qtgbad9Hno*a>E9Q-1wJfD_C<bnY
zE#wo`Z$Ec-EJ;B*YLa5%RH!dGa7S8iM%)stmr?q8y4)C?N$zSk3#`A@HAKK+nQHcp
zKBnKZZ>djHMgH~7k9;nt=>5AVC+bq?ncM6~Huxpi@+Bzpq<^9N)$trVNv82*qRD<a
zRz3PTeEFXo8$6Z7CRbcx_3&X$;C#sk)o1PP+Pt=>H$hjgQn1-(a&mDAVoVruXMuj`
zHcd%hug$N~XGcVhS(|lBtQq?%soJYIi@+<y)aqVi@$YRvx(@lF>PX~PslRJ^D8*14
zukRZtw`GjiSfnerS2H6s_dl(N!?=?}2RyYI)~4fwt(+ok2GG3#xO*3|vbrhCL0=nl
zuAGvRQWX&pM|id}Qi5t8mw7U+N?CjptNwuYyF8Yl2{*o4d^66kE2QG{aDXu-MM;)9
z&u%1v0GNOc=a);=VIh{Xk3PMW($a)dr}L@}tc-Yt9ZntAj6Jp4O+p<1Zur{Whmot|
zOt6%H@KyuGN-`-qzW!qrj@?y5d<Iu8!*(m8z^ZNFLkCYbsnQO$YliZU^&cLC_Ku_e
zbLZc`6{f>>O<8r$vFhRRd>31`cJ}t8XGf%*K$0V_Y|n&kQ4tPno|?~E?F)9p+p$nx
zDVMkgN_qh)d=Y=-Wk1HQm$5CKnWaCuFHx2v>lTih4X_f-G=uLf7^1s{>#(hh5-uBR
z@b_idn5jEC^w&iimu2oWpnbk3eT0}jARVhC+wAOwf`u2f91a90f45g;1)9duB*c+l
zyBrhGmg%UF_3_Td-t~_k<+mq4t?yAq9!+dUAsXSET3~%qezaw~chgCpT-|{cl;@&p
zfN&-PTYNLG7E4WG0aa(o27TwC7rZ9o9`Wu3?zOU-8aUSh9LQ56PKEx7)~V%S5D{52
z)qi+jo(7cw+SX0{(R!2heaz>s3Ll(u+Z_(!rNQcgcdh39%rn-63%31zhK|#S@M9(w
zm@<6(xP{{;@Ecw7iWS;j_D%pMSr=_3k@*GhD9x^<q*Rt>{ob0jaA**jT?>kb_1f1c
zV~Y&Yagm#qp2J1mXMU^jkDnBFmvW!XhBR-7?EtB&HgDEgMZ7Ss-Tk=#w)pERKiM)?
z(2_nmoX>R9sA<*Xx3P|LR$9#B;^MO_r42J7&BrUhE3wMq=(srb=?MbvE>m@vZ@rs5
zXCpeN!!26(x!kDv@Z_+z3|Qn<C0CA}deSgj)3e^$vP;dYNY^&YP=pvW+=tsug6cgK
zd#jj1{H<XWX|JLY8Ni)k@RCQxDZi}jh1c7$_}<|C9`kOXwEo}-hpL%QD1+4OgQ5kh
z<8*+>@ow3cRLM`dYt6?ZbS>I3UlF%sk6Fy})H@sT!A18$v#`XCjQ|mo92sB9mY@~c
zQnNhI?YYiJte7_m2=As*T?jwfU1j{o<p*#CnG$MGUMC;hcGy_<(M-bO`wt)Z?~#<|
z-ei0G`}4&FJ@)8%%4M5{k@WyMpN@-g-BzgeI?Q!w`q^`^u0dSx_4@Xl;gNc(P_eMj
zrke31b16P*)CgFq(?u2%_egf+EH&q!W2>(9%|_4799JLJDhUfqu(X4BQEhETK>_8)
z*Hd18cy@0cnulHT`c;Koh9Q1N>#r&N20_95HIIlDCV9%4zbdRfdZR-xW2Pfk{gqWz
zp7r$%oEvA&JZ-c9drSs)d&_%f6;c7>$V$gto@VFBxC$~=*~M9+$w75FiQQ>op?icb
z{tkC<r8ZOmV<JFD356bR9W9y4%l{l1kIF!)`?{R&YLtFfY)xV7t*f}3@LthN`Oh+}
zw^trvo?#-oH7Y9G>`jdaWwF8rg^6neys>HyP!}=qQZ^wfF55XKIVHs?>$dar-u1aY
z4E$_6A)#nQT+{tv&6aFvRuIClblAZ*xz<h!s}`ER8GEUr=xD9)>dKPu^77tvSi(1b
zMxkDyDz64g<7={qF&{wI@zH^f)X%*w$G2VHuXB{^u?0Xq-S#Olqm-s5{MiEGBA3Y=
z+v>usv^@(nBmH7QLJ&`?Ol-@`+qXa|1!862;J2VqBB{d3_VxED>(?j^cO6Ucuuu4r
z7pI=31(@1Uwk~Sy{>8srsM_FFg@Pew{q!44`Wh$Z!rhv|!FN6JnCUjN^p7n)V*?uZ
zXCzDe<g!73zL@mjbl!GeiUxC8vz3)g6wtM~yd*hACXt-~B)Q9?Ibu>1hP++d+LQdo
zKWFUhJdI%d<^BK$HMMk#VaI#+&n;Z$%{Biy=cSZ*?=GvNBy}sd>x9VbG2ev@Q+?}4
z9j%%U{Fa#mVWuJ{&i&5`QEAI3b06jJp-mWJdj<^psGk6u60_==i_^`*6}M|d6p4|j
z^=U`rQzmC2@$t%-5TrxKcVCYKqgpW*LAiB$?l-;%9r%UwT7Ilz;f~qZkd}7d;JAYV
zZ!MdM5Z7EE4#^r#;k)ri9HHv)Jo1H-JxLT7MTr|Es%)+aaIA^snF*!PkP9pij|WG?
z*%$F1y;*LunCJMOTT@xuuC4;+YWu>KQvPQL4TSuPTO%G^$cHJZqIJH%jCf=I3V=XY
z>qvXYEt1Y(>8nWyevlQkzjGEwPkc3a4fUieAhhQ4%i+q#Kkckn{Ldy9J*JxUZ9aNa
z&@%BB6%~P*#U&+O?)v}>_-6teZ4O#l9m2!+AQA7Yss_Fq$*>~64V2Sbv(iz?VA8Ct
zZ@15Wr+Bwh1>%hk;>mZRYo6-DD&h5Snz6BEsvdWE(igm#3h-F$VVjJ-j2;V=8JzR-
z852pPxvF%1kfAy<9r1%3SdquW1Ew{qyTvR-j@snRJhiQ@%@6lPA-B6f7>&c>9IdAD
zp-g{HrwQ<~CH{9iGyf3B-KbdIvDe}s8yc=5yDY4z3*9?rVKckoMEb2{-FO?xt{)bj
zC$9B&<So*T;^(#%)zq|3PUnk8WNErJ(}fU}1isW?+LG4`8yeUFhO+3~)ecX5hFNJc
zq>!G0A;YX!@dhKANkqw%(h;BbSs9&V0V=KkrmO}D8nV{fq=l)bOZL*mYnqvvdB#O0
zcErU|kc$=>j7iv+<8P@en5+nV-9lIk>frao6k{WGwX5|uA6{o=O>gOeZACB!{3(KQ
znlnuUcXIo~zDz&norfvbRX$b4nu(f~!uxh1g&AjOXXZ#Pv~ZOAABIddast^^WcaE}
zHMXKe@g&ksK3&>keo{WJya)DaKd>hn(Neq%?>7Z2MsS*B5OJ?pCmjODCqO)mv}6vw
z&?_t&@ewh7oA~SL>E(l-<-A;xnwAe~)f&6>`4)7xS>h5B<j@z3Pa!pe?wP(DTyFL~
zsf4foz*`^-ul`hQ()>RMA#G3YvWa7X=gRjWT~N<eX&}}8_u%Ml4xi)sFL#1Btf**c
z=DwZQ#|v}PKQjuoKHRE$*3_!P9cLwx+{RC?=jm30?2yD$gVL@5!7BJN*?nqMo*u;(
YjuuAKe;=45|IPpm^~`juv|Zx=2dR*`d;kCd

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/xmcyber-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/xmcyber-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..791edfa7ef38459d794657c6ad1f542997fb5d1d
GIT binary patch
literal 7188
zcmb`M<x?9>w8qgA+}(;3q(HF}tXOahR;<M#g+g(6cM0xJDMgAC9EueW6bs&>#of7m
z?}z&r+z-D!GiPS!?3~%z-DjU@Ee%C{92y)H6cl`AC3(od`1wBoFaC{#>ldp30`_Mm
zLst|O3by}1Rfe#h{7YiFDXS}B{lO;ums~Fwl0`wGZBUk%(e=tb%!7KF3}hV#>h0u8
zt?)K^EY|ZJ;|`06ED)HD*-(U%lBS38GQFi>hh-_h9#LoaWEa)Uw0i9-*fs{sQloec
z!?2K5!W-=MqVBP2!KeD%5!x|Y&tva&xw@mfLRj%DrLLpN>L4KhDR6pbf5s_K=UK<8
z^YWFRtbH}`r4!TS6+Rii5E)?1^*=HnrR}Pf*-2V!e4CFdf?z%Tcn;l+Oc*DqXr}Yl
z_gB@K5y7d0hHbrQ34~>)bVJs2;SB=niEvABVQLC=hOg)BcH*Zx#b>|L8EEsTM?s^?
zgXe@S^l+ji>U_*xOCshfkgq^1vCcc1{2Z#Vj1cnd9ZsUm{}=c*14b4jJ;<Wv4ms0C
zum#j&2KDglX?Y`c-rzK%u<EAfU_9<T-TP~h?!F;FKD$y+41$-VVq=3zD2#G4_1IDa
zt(aj)d7;$xt|_%mo8eo&3#T>fN|EerY*4wB*LZQvp+Fcq&wC;ZmptJyO%cC0w%ED}
zqvFrU0v@lt^R-%Jh7BSpC~BIuGF#zkSG?61bO6Ce`wUVlJwKnbG>dUkr1!@W-!K-Y
zxMCVax-ue(RUH<V>L9**GVwn0*smxASTZ?Y0}^!)L(o0`j&*xF6^2L(z#S-u_>xf>
z!Bb~XFZ|vllc`s&Sss%bYbSu(mIJ(=tNHn!zsF9LIMc0!^IP2bks#A=KFRREoTh0$
zQa)QzY>#4_9M>InP3bv_sHO|JF$^J&jCm_S5Yy~NXk;HY!P<fo--xIC(|Qd-PZwbR
z3>-a{$o(@gL_m6crVTN{mnGJuQ`i$S!hKsPOcl|y13QpN+TIY>MjW*%Zi*?I!OKFo
z*S@iOm!i)!erb$3RgKM5na+w?=SoxlOde!_lVq28y2@f4MF%L*?aI-2c(?SU_s|?q
zj_AU`B8Q1iR71jpth%$0fvLkr4V$J{=PzkT8&a%+umF7mi000vKAMtt;ow7P4rpYm
zOVXuPC}g6T8V<tjM3(_HVlZLmArlZM?ewi9zYX-EWs46ExH$&&1M1viWB~JjC0H86
z=Ooo~Ig?0Ie<npKTG+okU59DIi+AQYB|HJM*$K8E$__`GzQ~g>vDww4KQ5WcL&Ycq
ze~autn+t%y$9w3eD=}e$sux;1f<vpWT|2&>${l;0o&_FqEN#8S*X%+GJJB|gNJ(4~
z3h(wa!((GYpZ~RZOl(FI;;%^l+{moK?0=NxH9<s$?8+(W_NJ*24B@x(NCKAeKT6pw
zyYud>xs#VTbtO%UPRhTl|B#k|0#x#-Sh(EP=xa~ZD?2?Bs(qXfV6Ilio6+e8Xc?7|
zs}%^u_#TND0AaDM_oU=xm~1tO3od&(uld@g6q{dju8L{-q!{pIs_H}ub&C(AeX0Jx
zw2hd8&PFF~`!Xn){n-((Gan2Lv_aJ`4!Oc!Oi{Z7OpiUkpHG{XmiXr#u$rviY`xE3
zJp`+4NV?mk=n$l)=PX|?YLi8Fl=U@bM7G``EW(JstOmcrD4%lUSii5*IdGJeth!d)
z_(u9g2fCEO!_whlx%LCbq$N(%UY-lTr!Y&$sP8^a!>W896uzmFTignrqk$@=mMmN!
zpnAN54u3^l>kBn}G9-0W2_E~RP_2#gpb#?PInVF>vA_>W;kPm2GC21xpKIJCk?0*{
zX1V${G7ShPWmKWeBeKow8RmAHx*C41E0Mq-Cv`rlO~ocN=x5GU=E_cg-X0@nnRU~a
zXojKg#EKIPW>J>`?bkhu9?zWFh%2^uoDK#GCG9&C+1Ny*th&hbE1Yw;`k9xBzP>LK
zvO3A|OowP^XAufg#FL@%3e_IYNZciiE;2;gruFFR2p%TBQn-{S1`o~@2^&G{@W4D>
znaKsMc;<AzIekQGH?s<}CX&;F9wtuB2%1th<;&8=n^4|wfuCtBkAx7Z{_a&YCW_j^
zOWWI%iGxxJljkY8Xnvdf7JlW!NxP2=DIxDv&Py^(->(FE;Ac003uEN>yu7earH?N_
zV4u9ixk8heig?S}&UvQ8-x)qRsIhx%ts%wE)|~U0Wew!t&}4@0&6k=zOQr!?(;-2S
zY_0G_<1V4}`mew5#nk0avJ?hP-YiB!taA7A{YHbXTDOn$b?Bn;K6K~4nji>PnSQ+B
z>YJ2`)TkgvoW#kZF6q7dwH0^wFa%Jea))RuxR;IHER`*61vDb^Ti695rKyIpf;v<+
zRmm?*e9o2j`FO=EAA)#q_CGOwtYWP}Q(udM$<|ftolntz4%ynF9x!C$e>&2K2VAp)
zlI5u)=7DI95UO4j7U`y>82eWsYwxCcO^eOE85tkGpq($ohHYMqo!Wms4vzC|Wcz*;
zh|@vh76yD9LC1~dtjARGb_pk<l7+c#R5;l`)d@x>P`&Wm#ejc0bbHtrfW)g)7nD~V
zeI{ShPBrmBWjTTqnCIV#a3E6Eo^#rC$LXSnB~nC5e6ja+CetiKdG3D7^E_9MQp%o0
zkD~Fwha=~fSOi$sQi(KipPsB2R@`am1=Mb|uys!{4!eDFcdMMd24hma@~Wn5VkOHX
zk_$Sq8zkJ8>hY0gN1^B6x%@d5nO?g{+BH^vM|*L8Oe=RdJA*43EV|==Uj9-?k-9aj
zr+#k9_cp9t42`hs#l|0KECY#@E?UWCx7sy~dnzH8KQ2z(C=`-OZXI`*BM!{hDQI}W
z!0s!ijmO<ZHFmLT<a)ATsnXY^)MFYEb-d8gI~b2#wW>;n6p~APM-Mn7@XPeriv*i}
zT$2H%^C%2i7+!usE$Z<8dSGb)aXt^p-5N43>9|>Ur4#cD<2;qpbbEmyVl8=PAJ|+l
z_jsC%Y%`A-*m>131)ytj3S;SY-@y92aVaMjEB(oj69ax|+W2_Sr+l=4IVJkK5iCy7
zyQfomH@nI7iT~oMwuK0}96y!9(2|p?LXe5x=~49eb4b&(e~=ZAXoEK3W~oW)RnB_6
ztY*%YkqVJ!|Mh(T1|bycyp8QfZmOC=>b*fenVx~j$$5RAFAPs7{?J9~yP27rW9MVe
z*Ph`}qJ)KgD_iQ8J>iCxaC8~zql)|Q&Zt^Eg@`*<gR)(HBf<jjz6^w^1S5)_pvkAn
z(k+x-&!8XD7zNkV9Q@7Bq$`>=Cv-F5f~|_QzLR_4^Xw3?Ym-H6lu)$s`(x2%E0oe)
zStXvRxiPv;dx^QalvG26hYbblqZ;k5nr-LDm+jh48K3U=8;4ZxW8*&UhSJ+!K9PPw
z{D1AS&ecYniC1rwe&F2eSA6}q9xqk4J!XB2QpW=s-!@9fv3Pp?cW-h2-wups<NX<r
zQ_6p;$q$s44x<#^U#V1ii5KNoW_Vi#_5sa^wLIUprHGfSY9`ujp}#2HP;~06Nyr^2
zAeo>F<{~NkozczK3_b6`zi0%v<2-xAzC3JpW|D7-wK%U6=7`mM)QWbzRwZfdNmM@^
zrjfc@!5n+O!o1=3vny*DtQezu)4qz+a8;SkB)QXV!jYvXK4rG=Kifjszt)ZS={u9K
zvuv&aT7T91Lfi4BfIKASpa9qCmz&u8lgT&Iwzr2)3}(kEEuBr7z|LV%p-H&@=Ml<n
z{@ZNq+3{M7ZAr^%yVNS*3gG00;`z^pYKOr4KW#!o{kued$2cd*DcbDe@&lAn&t9jN
zEuN>+H!K)~Er-SSBM@DofU%AWQ-u-5T8_q({oF0Z>z0P|B6n6JX7v2G+<Ykl+i=kS
zaaPLX^Ecl?fq(#V6{zm9650C)eg?gVJx@hDsK%C`G-Cl;pr`V--17|t41BmSU6@L3
zxFNMzz;??vwtH?VfH^G09=WGsqyB6Fp}X2Zp0bd{UCZ@(O(hHWRhMp`9QR=>f5)e@
z>np9to<2}oEco*!Q1iDwaKnI%w5*mW=*+a@jtj(=x1_wRByEb<U6O<p8dg(!532+>
z+p2Xtc&$qj8E?yWeKw&Mw5w>qjvuUrE%ScAhqNv)`OM?1N86%Vs#;vE#yxtBDWc+P
zAkgr+Y{L(oQHT+?p$A8Ke{6%tOL@(4kUv~QC7A4Fu*%fIq@bPalKLdH%1j;`UC|ue
z(j7n)P>+r1r$c4XM`PjZ0$-o~TAiqmNH$gC9+I(FSd{c6$`$0cy<IV;Sv-%WboL?f
zpZ4tlgrSr#n@(niTPEJ$-_e3yHiqmaj5$cH=cx_ef$%4vD)S_LT_$0f#^};;(0T9S
zPR8(qzXKMJue9xHsKo+6?Py6IsTmkQgUA*(>iKIDgvg=P_8Bc+-eSaWxRx&9Kzt@E
z9rlPp;9%%}Fd2=j9TTg}t$MPMD5(gSunjq5W|FllC8Ap>`15_O1u>m<kMpofebQ!V
z)o1zGl{Cc=e%wjm#5iL3AV5WdrstWN@cdrZWytrXwZ8klS_<Uz1P@pD14?}>=Z;8r
zfe$PJA3uL7HD&czn}<-u<a$W0X<T<-AViFf#epIKDp8&{;y%K28h!!Z+~yU?4+MJZ
z;he0Dn(O2HdsjVzHxnpscJTXK8voU5&!}ZT+x*Mm9WfT+-1s{v=xg^Q^W1KB?v`gq
zGpxLfRtqW$JNfGlcOgS0sXgzP>5fZ!UvyEzw$q&-cLrbLPol2S+GZepf%>($=X2@H
z^sAPtufOV|I7+v(3o=TzV+C{y+n%EH3!yc!!_7(QyPxPCJ*kQ$5pGK|1Dk-t{aPtS
zv!ie^QDW(ZpZS4?U<W7F!4y5ap#k+bc0<;)?yxMk$+4Mq-vJK$Om79ugc2n-;hK^L
zZ@&1*nFj}Dajb0DYlMk3DnkcdVkhhRCbcLH1p8(K{BCvXFWw}*9JdcCnt9fZ?JSD}
zQnjA^WeDonSDX-6zT$_c_K4Xq;tL%Ke>@eVH`wtA_9a_O{d9;#Sw!^pgu<Q1a}vo6
zhvCCpdbSb=4^dXTM7vEd%zW_okuYVEf#4$g?vrZOq924+9{oj8JIne@e=inG3WtA+
z31x-v20oa8@@(##dDW!jL#5q7@iTM5$hqXKCd@utrr3~77R5gutA7)9eF-b)_#J;@
zvQm*W3=eYg^%?k_c^}Iw{V;)p5I;ykIu^Wj4l>ql%F1?L8nufnTMGL#)b3oEv*Cpx
zz#Me9r}u{1WwEl3=bJXmcW^x2*Dt^O45<4IyzihC6=;D|h3sB7iPYJCXMb99o#zA_
zaH(i;Ft)`azR9|S)ZJG8zAW<UC7+U}*8&#PuJy*V19&sBB3QeeNx@LShez+BTy%^=
z$ScM4E|t@`(=eL^+KcS>@*cv(tBbNbzK5w}RI0b%w8;{IsQC29bfvaVSeA}i(R5bD
z+BG&vxCkV{LYIF$8NZqp#;!cW3N@zsg(~ZgTK>UAg;S6cjMQ;3o>$RnkXz<gx>2)8
zm+7mI%6S1qS}b|R8ds<`caUxzUh7;ag_cgrVyba*@s!7<@_?FWS#0regXz1y=_)$W
z?H%Z^ykQM%Wgf>{yVnfNTbT<w97S-D-R+ayJC?81w}IWEdV&^({AFVB13iKV2Vu7J
za@VKp<3RwOJw~Nf_R88V@1YYTGlOuHB9Ggtl$8SJZ>NG@Z%>WQVOMde$x4t5{@|Jb
z`f2cHTBws}{n5rFSt74&f^yych`&6u6mu}jMvyv>6)88q)}v8aVnA{Bq9B^vQR3;H
z6QMIF*Dm&w8<t-fdO#m4qiM5xBf#;}aQTh)={?8N!YYoWg2=zwtahY)BvfTmN7*l=
zJ8%xnGkqe}3NLOs;XVxX(t)YN+3q*&>Tfe&EIIEPHYDg;k_KbWo26$Yy_r?I(-Pc6
zkK8r9rQ5n*lYF_H>hQ7b_SC&J!2@;_h3~Tf(~n6IriGe5QjC<UA9l`@eq)r|sd1!9
zr#D0Ld2ZGMi!MT@4;~*yu6S284)JyBM(@AriIy!ip8-~QmDx@8!j(9t0OhM9>1T<$
zFcG$KUZ}@`^7oAuz`ZZV^IhOaZD7W`A4QHTzy>F3Oc@wPN-CSO3cBBm^9q^;#FkP{
zsE}G$fGtpexO9ft;iK@)3WL{;X{HI<hg^Rj{arJvyKRng<wg1yl7MY7c!80O-Kne}
zY!D{p6;)HlO%x!lN4OlV4GDYu5*@Yi_td{<drWO7$(q;X?Ke{eWX$D{YX;PQSvuQK
z6(qofr&EPe>(}Q)gj!NgT;LwXPZIH_#=Yf{9*7$i?hHSF9CFwFH+PQWk@;&wrO3Yx
zu{Gr_AUm(hyyDl4=T22cw^{r~09kjLa$bgTAxuF?jA|bNy|kkZ(mXO<BO~afz9;r4
z&$g*f!ePeawec`~%tD(Fvf02YYC=-jI6P|BE{TtO)hjvKmqPz}O|34%OYL_Zl>k_Q
z+S+p^gf<${=_kxZ!SOIgvs}YJFmIw!xT;fS1Pp_k#Z$+-wuaYK=oi!Tb@F-FWzAK5
z0N?SJS`)ZoT+4mk<NO{Wx8Sa)Ya&9<vU~n<A(Wz|mOi$-FVULzopk_vfQ<;CH(2`c
zpD66$azt3~2#&wO&QNt^R9^%jt0;A?OkDFzmh0Kbe@Vr};HjymXxQ^{vDc5dzb$7-
z3#LxakNh?2dC1$%&l={?YL2$ResB~vv%F-Zg_lEa<Z{mZ4Q|xOJ(slb>+SVS6;S{q
z`Sr@QlfZGMJoO37qsYqWe3GMsEcf{InzSaoA@VD&bjZbhf^UR5ybL{c&_K^e?V!=i
zEy|vuD_1N~oV-6p*A$fS6W4xkd3vI#DZWrBQq-gFI8Fa27%S8FFJ~#+unptSE;qkw
zCI)xqGV*e^FV!Lfc)=57QTfBIXX~c-y`yCBD-5vihv{)5;@_4uhSh7XL}--n-W@V(
zC36;q<JMJZ9C)U^<qmK3C*y+?&}$-|7F;&Pucq2QN`g6+_Sh}~qZcs}SfP-7ZkE5Z
zM;t3ey0aOU8P*+SGK?@OL0n#pd;J5B>8xUN1=5<5%=<kM8WYRkI5I$rB*FdKZsA6}
z#(SSLfNH?%kJV1)i5x2(lRt+ai(Yr8M{z@d>Ri>%Sk%f(qqWTGv#f~hF!brhjDUjA
z>zmr|I|sA`zR?Dy@pJ{B)ThbMbwqvREP3b>Cw??>L6bmxkWz6nl%K3}nr`#sjlQDd
z$|~JYw@(^CO$7xz5_hJ7D?Bt=wts0$wnUT|FNw7_N6XbVK_r{PptzEg$q<Iqnkw&S
zP4$lU=DfN!#r8V8U+i13m^OEFU_e33Mz9cTGDAjzv|AFxOds!+^It{PEZ2O=o?2*T
ziXG(qP!X<-#S1}=tusH}Bo1X}Tn3Rp^iSRQs}!Ex)(yt9eRt;odoK!%VmQfRJGJxJ
zo6wiV)>dq7l(|*=;ETZ%zUI7QS!B4}XVX|nx@ZoUz|2I20SmHZkk6}1{q^Vo)P`fm
zMEZSSx9X1igVR`h0q~1xT6TJY@fvhsv#_{Cb8&1kOO+sB;`YfC#wme%#$iA2WCuoQ
zW3|wMgWAk*QM=igcSNspFbGXBVmSy`lJWc1%nlC6e~38teXH*MWY5uYhWYcTt7(m#
z+T!)c#y^8qP~$s^y*WS{V~(bo1@FjJgacyQxo9Jm8Us8=ue>$JMbLrh9lmvs%lROz
zm3yUhk#XO8vg%Bg{uUZFME-mQvk^H^KD(R4puFpV96Ik{8lLP;1G<Bo@ygXD=2G3r
zZa(#T9`VWD<8_^fj3UijeQB1{d_}edsG7y54x^`TtA?icg#I1Q_(n6AH?Y>cN1g9J
zqj{3dhd|OVPY;Kwyd7~di65ft)Q;VyP~DvJ;B>h?Zmj-e6X6IBU~O$r9sbwy470lg
ze~0+D-0|khVPsShg{=!_N4Z4hng|9DZ9B63aHBvOVnJJsEcg6)Yy3@Z#Hx*V1BbDR
zcm9Y$t&o6v?{D!!SE?2cY7sP+$!>YS8JmZhauOpq-m6<3CHgn=^MaGMwR=d`KHM>8
z487~M!7#?a*!5ZG&JQX0ri5r4EuCb2sp37@C`mXK-sh3Viw$t<UxBv0t5gXm2Y0=A
z%MKn$tXWU@rf_qBllR7!K>iZb+Ix{e5i{T4w=Z1nH`2gfR++`8{Aw6*`n>n3u~5j>
z9`c{Q0(S4f%&6R?PVqDpMW<{%qX<)2uvWny^umA;ogs^`m?%bvfj#QXtEs0Qk*gYs
zANP|YzuBevQ+&B4ut;+%kwg(=4*kEba}LEVOX<glar%)Mnzj}Zp>gmhtt^g1HgUV&
z50m5z<rx~z7r7(R&Zh8;YS!<cD1#RTf!ToqvVfSH+{i$%WaS`>o5Z86%@3LGu_c*l
zV;>I*?itQAo!3sFkvV=WM*p<kU=54N{)>aZ#T$wEZ?F}9HIl>;x_xdg{lwpvrCksM
zauXWdbI?GzaQ5CAv>P@TlZKfc00ea!HmjEjMa%4<>NCsRQ?o~ig`zhLmC)GGIkfQg
zP-N_@Y@Svh9tZo&WoUmg3&@HE%$9QTFbOJMD}Tt>WPVtE`qkH5d2_HL@A=66@9R@;
zi#|3f06Cf^h8m0z(n<i;aDZ>rz^ft!6XWU!j{~tnHLIcZa;zyLrjf#FmnE5Q{^LFW
zBoGsu2E=-1<z9|ky?&@@qmAOJqbP@=AThmh{qs_3aZMC=4WWQ*h=R_$O?dWpIji*D
zPN@8Yl#fF!L$~^ZEivJOiQwqAv1><R+)dBP3GGRE*2%{bQJiiG%AYRCBk|ZG<08mr
zZGp<PH6>~8eC>oLAf`53aiGG934Tr_i!&zBM8;<lB<YRTN7n&;ZvFU`^1ae$m%NtK
z6#=5uG0DWrXD`b5?lt+HBmM+*{mSv#szLsza%Ek0+RQB8(n1#>F+IVbmAQ}*{<}ad
zYaNx!JOlMvf!<@eTQx8xGFQ4LO3WZt&{v-*sD3)2+*Dh}GA9<AL)9D&rF|C=y#@R6
zNv3BulfuN)8e5xH%5@#-GGleKJupRw=}I+6EH@D?1Jz}X;SqbxV~ju_N#N8N>os8b
z!3C0eijT;b(?<IhFgCMb@kfoRS^`b8;_E})pC2y=3|R<!YB>9((pXqA!Uq53zmr&|
z`bbqt8J-#=p%~or|H9BZ2EoQd1lq*Q7aLntXqU<)PPlJkhYwVi8PV$z9dd!>;>}J9
zKN|{s40_&j9u}wWBeAmx|Ac@1U&HIj5HwyF1nc|H@ajG;h4>dsT%%2RlYN`|zr_tb
aV_~hmNAs4~5dG)qp(rb8$k)i4h5Qfajqid0

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
index 64ef0b4db5..efc63e9b1b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
@@ -44,9 +44,24 @@ Logo |Partner name   | Description
 ![Image of Elastic security logo](images/elastic-security-logo.png) | Elastic Security | Elastic Security is a free and open solution for preventing, detecting, and responding to threats
 ![Image of IBM QRadar logo](images/ibm-qradar-logo.png) | IBM QRadar | Configure IBM QRadar to collect detections from Microsoft Defender ATP 
 ![Image of Micro Focus ArcSight logo](images/arcsight-logo.png) | Micro Focus ArcSight | Use Micro Focus ArcSight to pull Microsoft Defender ATP detections
-![Image of logo](images/-logo.png) |
-![Image of logo](images/-logo.png) |
-![Image of logo](images/-logo.png) |
+![Image of RSA NetWitness logo](images/rsa-netwitness-logo.png) | RSA NetWitness | Stream Microsoft Defender ATP Alerts to RSA NetWitness leveraging Microsoft Graph Security API
+![Image of SafeBreach logo](images/safebreach-logo.png) |SafeBreach| Gain visibility into Microsoft Defender ATP security events that are automatically correlated with SafeBreach simulations
+![Image of Skybox Vulnerability Control logo](images/skybox-logo.png) | Skybox Vulnerability Control | Skybox Vulnerability Control cuts through the noise of vulnerability management, correlating business, network and threat context to uncover your riskiest vulnerabilities
+![Image of Splunk logo](images/splunk-logo.png) | Splunk | The Microsoft Defender ATP Add-on allows Splunk users to ingest all of the alerts and supporting information to their Splunk
+![Image of XM Cyber logo](images/xmcyber-logo.png) | XM Cyber | Prioritize your response to an alert based on risk factors and high value assets.
+
+### Orchestration and automation
+
+
+Logo |Partner name   | Description 
+:---|:---|:---
+![Image of CyberSponse CyOps logo](images/-logo.png) | CyberSponse CyOps | CyOps integrates with Microsoft Defender ATP to automate customers' high-speed incident response playbooks
+![Image of Delta Risk ActiveEye logo](images/-logo.png) | Delta Risk ActiveEye | Delta Risk, a leading provider of SOC-as-a-Service and security services, integrate Microsoft Defender ATP with its cloud-native SOAR platform. ActiveEye
+![Image of Demisto, a Palo Alto Networks Company logo](images/-logo.png) | Demisto, a Palo Alto Networks Company | Demisto integrates with Microsoft Defender ATP to enable security teams to orchestrate and automate endpoint security monitoring, enrichment and response
+![Image of Microsoft Flow & Azure Functions logo](images/-logo.png) | Microsoft Flow & Azure Functions | Use the Microsoft Defender ATP connectors for Azure Logic Apps & Microsoft Flow to automating security procedures
+![Image of Rapid7 InsightConnect logo](images/-logo.png) | Rapid7 InsightConnect | InsightConnect integrates with Microsoft Defender ATP to accelerate, streamline, and integrate your time-intensive security processes
+![Image of ServiceNow logo](images/-logo.png) | ServiceNow | Ingest alerts into ServiceNow Security Operations solution based on Microsoft Graph API integration
+![Image of Swimlane logo](images/-logo.png) | Swimlane | Maximize incident response capabilities utilizing Swimlane and Microsoft Defender ATP together
 
 
 
@@ -56,9 +71,6 @@ Logo |Partner name   | Description
 
 
 
-![Image of logo](images/-logo.png) |
-
-![Image of logo](images/-logo.png) |
 
 ![Image of logo](images/-logo.png) |
 

From 664365dd359f4e65b4f74adee7d3e1c98b57010f Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Mon, 14 Sep 2020 17:16:16 -0700
Subject: [PATCH 16/57] logos

---
 .../images/cybersponse-logo.png                  | Bin 0 -> 3653 bytes
 .../images/delta-risk-activeeye-logo.png         | Bin 0 -> 7490 bytes
 .../images/demisto-logo.png                      | Bin 0 -> 4462 bytes
 .../images/ms-flow-logo.png                      | Bin 0 -> 2655 bytes
 .../images/rapid7-logo.png                       | Bin 0 -> 3977 bytes
 .../images/servicenow-logo.png                   | Bin 0 -> 3799 bytes
 .../images/swimlane-logo.png                     | Bin 0 -> 3692 bytes
 .../partner-applications.md                      |  14 +++++++-------
 8 files changed, 7 insertions(+), 7 deletions(-)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/cybersponse-logo.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/delta-risk-activeeye-logo.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/demisto-logo.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/ms-flow-logo.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/rapid7-logo.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/servicenow-logo.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/swimlane-logo.png

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/cybersponse-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/cybersponse-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..dbe2849a0bcd0ccaaad439302dbb0e8c44bb1133
GIT binary patch
literal 3653
zcmd5<_dgq47dK**su)EHRl60lRtc@36|;}=RBF~%QW2wets)dft;9_2hdfQ%Ms1af
zM~zUF(xEYeC`HX0Z=N6Dzu<j;IQM)$=X}2R+;i{uo_i1aw#_X*9&sKP78X93xv3pf
zBmWg{PUc9N`(?>gXOQObP!<*u`G18KW+(TPY2*rnS(|Y!oZ)BTmG4M;Qo+P8z)X!D
zB1?ai1qQkJL?={ixGWiY<@85D2=giX(6#9hD?xLSyca!g=H@Ia9Ei3Cne+bb^$vF%
zR&!34bMDtT*4+PH*Eo|9G3fKUNrc-6zC+?waAy64L=)IY`fNN6HusH4ew5G$?vIAv
zp<&Z0zPzB7nCi`(t9~N~Bfn!e_TptNH@Gj?n0|MDr54SSAwk|>V5M%~h8--LaVOTg
zzHj$olkERKKOd(@N*;AU#eaJGfvkS^<LieWV)EgXEg?CxL0oGChb(X(%Gt0V2AW-(
zXb>`|I_pRD2{tnH36X4HMz2r3y^POdL@ytr)b6+{8d8s4IIH)AT!u5Rgc;pB^Xr;L
zCG`)sxNO1Y&}TO)o&yd+@}qR6#Q%k>75C}OBoZ>PhRd9XnI04atoUfgWh)(74FT1-
zB_eg$S(VqU=&34_b;>#3)kM^RGhEC1g@4SDvue5bC&Mt-f=ldoEJT9%r#gv60a}#;
zA2|9vb7QL#lnqk=*5m2@IDmC%LtO2A+rrj?ovlO2ia1+h1H)8CfJFoq71Y1<`LPCg
zwl-k$iq*KZRF<6+`01cpAwCX%=T?9CKXjgy-b;`vFV!M)zLfds<4T;2aZiV^tgQvA
z6>`wmyTz5~A;x)rQ;(vJIp=0y$$*{PvHnT%5ScCTr_qKldEWm#Ro=TJcX~~otQ(A{
z{iRZ{3?02*IN!Rb+0@KqFRFX6VgC}WFNFbGPGteYcEhJoq1Gw%ukANZomdBI-n0oO
zamLmVk_yhVx~*5p__Z!WrQavH+7k6IEcH+<+#+}6qisuj^NAop*{p8FW?AQ+3P-ee
z(36XhV_6Z@flt|~%am+M`leqFWau+AyUxuhg|i7!?{}%l4;3LY7&0A0x6!|giQJu>
zD#i?><`O%D)}8oo_@Xd%?y+b|tZqp4o{5n-sJB3{+H_ot6xKxVVc!$VN?|Q7FI&9$
zXv^M)KSx^CD4&H|@J{C5?vJm1lGru@8nI*-&Y|k0O6|Z_DNA~VYdV~hFo(adbeNVF
z(c%_=d31~=3%eFk-UF}4hNj@=LxKa(*VS$v?S2OFM>yo$0DwK-Uzgmoy_Xwv#`1VV
z?KMr!)qK#EVG^RF;l_^d=GMY;$#s68S_p;bLxfr&e<`9w)OKvQM-TNF*pGIOaM;1T
zKXktKuwalVCz6G7_EUUJlfl$pQsQ`k414zIcR0U+&X=TY>7Zq;W;YWh58Ro0SdCuP
z5;&QDvmW2nbLB4R2ZR26+yrvi{QF=xuKhAt<Y3aEyT)f&{G)cWk6Achp5@?3<9X%6
z1=eNE%@}*3@X5)9Ih^8Ph&o?#Bsk;Q76ot@zi`ws{4KUK)q00uYq&uT4xYPsjz9G0
z4-K3#AK%-(2)w7gN$FUtjG&$dT>7PlEC4KQxK%jl>_?2<spUzn%_uEbeWsWu=iv{T
zfRhU;0KtLGegy%x>>T=qlJO9EQ#So;gKtrgp#DWBm5q$9K1sXtz!Ds}G0z%*;@&MI
zeD(v$SGxr<-P7>>9z{Xn{mU-lH-v$KEy0d|rr+tcKYZZl6=U#dZz89dO5Z<mhYa-0
zNvC~_tH}4G{_zS?el%j_7In<mbxO6>xZ2WFyQ|}w%WXdJ^FV`>>fV#TZkM^>rD%g%
z-jRYPvM{%v7&or+t4zP|F&dTvjI_&3H;r23m-7BH^LolIG>(m<5^X1WBxjeTEZ?S3
zZwZLp%H}*-ElMuM!WX#OG1C)3E(^LpM*4yV%*?9#SyOu85lnNq`;nIQ*iL;$$pR=C
zR#_EToSF*A$Oij#DAZ?_RC}^gM1#s>uA6+G*dH{IXs}G-=12xu3-yNsF*l~ddTSGZ
zy!llI>1&URGbP_EKkZZd)OmdFzP;m{#oi7gsnGD@*8vJC{3ysjeS1FtmG10>gQGy!
z%@;vf0vblCtE)GEx9{(tzOf#Yf{@Vt`FEPz;z|+!=6x#m33bRroHG|$4-rWOvbl}}
z*<8qrL(5UwAcjw9jDfOUgWV@3-Y2QO%Xb3;9)k8Lft6LfY?!&ZS$fou$QQyMsy+j*
z)&)VX`8~j-8K;DgGwLKocsK6V1*9Q*9+r`v29!Tzmy{~!97cfTRN@6Rc4}akfO`0a
z+uwxM_N<9rI?$0V^)M!nChR4Zv%IW*5~hqWP-%23bglc58Vkv1^J3a*TGx18?lbY$
zG&Y4+sMKY{)xgGsS;dOVMjS1Jz5~gbSG3(6`m4M0^p|vVR+c|o{QgjAZ0w<ybGy#%
zl63o52$4(?NtNNFoeHCyngaBS_}x&=@vAAx#!`orDGM(GBK~;SAXXhINDa-k6XXF9
zB)Q01=v&XNd|z5>g8P@|EY-YLIosFYlp(&j4q{3l`6de3(+SSwrKLmjg)!Q^7Fe<B
zTce|@aiRh*nh8lujp{cKYB8K;;Tm0&e+(xrYUZ~T;#K61zN;vwr-gxMW$%Q&>A2Sg
zu#&{FmT3<Ff9rh21r)8mO;ibgm(0m)mc}tC4^pybt716e$w*(&Y{(d(`igRExQQad
zIxuQq!adoxK^ap^cpW1vE0iy+!rLE80Ht}$yd80FK~hQ0%WZStgX7CE-T`dIsc#>4
zA9FVc2Gf?)`db^Sx*$Rv(D4_LqFk#~oa2>?i8m6s)?2ZWTD?#s>W~Ww)V0NF8(rLH
zEbVbJa(E}>yHB@<$E?nATxXN}H}nCzmX24>1-svTtaP3hc&P^5?G(YmtRQcMtuFr^
zc}lyu0!v}J45)~$&V);8sb=*RNZG%HyY%;MLzqvLI2y?J7zy%gVEle9hAn+ZM2L^C
zF!WFF>){6%hR)VxW!#WKKPJ~iM_sV9fKZhum$n!v{1W}JJn6%Or^?WWaV`k;3KXsG
ztMRj|8?@h#p@}Oi0aoP7+FHz<&+Fc82#S~2Kik9%VxunXsfw*pzfL_`1HabR7UtnN
zOYR|pabrq_i05aFRf}Yc2CEqQOxL2MCwg-;r21KPV<Ss3rkoN2qM-q~$YSQykSX~R
zE1bm5hC&HWsKsidy|>>>y=;>!1#FjIfO-2voQf-MaT`mE$qDn^!_*87j`*PaX}Y8o
z=*pg4g0kkqDK?X)7Vkbt-+q#voo7?Gva)iig6ahqk(88tMIwEeogFMxaaI!M>DZ@b
z`nP4{1J=HFVoy%ujrQl*#qa#>%RsbjzE}SHMc|a`;o;%(+FJD<nSW({eJN|oT@7YY
zGfnW~dg}q4C0&dDrF7h%Bb3v(GBb*1M0K2={7#V-_}J{6#?S*Xe#i@=pEfpn?yOFF
zzl38j7`+f0V8A=?`9@c!*Q~IJXe)ia{aWZQc%@B0duLbkx^6#Z{lTBwTF8Cf?kXZK
z$wTQKqUCFJGFy$er)Sd1d_Ua9rK8L0Fz)ur7S^Wj)AXd-7;%3r=h0B40y&YLE0Xb}
zrImqie}g=Mbar;i<-^M3cHtDw3p!s=yungNR)K-aBn10Yb2+`xrLz)kZAegB1>_WB
z@NiuYJG?b6>Q<>=;7PbWS0;PQAMv1;KnS^v%$`?QSMM1e1vWGa=lTO!ORvQg7B2bX
za=CA1gQ}dsA3n^yXNF&1Rw9$hT3TAjrk0|QAOBQPP!N-nTI!t^`+-1!uAx%6E=DFK
z1ZWx<SQ3eOPGHLDoHRQ-`_bm}oD-WUq#@fN{3(@wd11R^R;}$HVvi>wU6ILyRA&B}
z4vy#P)C$F1^QUE4WtDrIddbPjDKY}l(b4`7?&DfpOAyX2%!6*IukX>aZfk3s9{qIY
zM)abEAR1s0u{JmNHu-4m<X9{<@gBxoL7^Cf=~WJ%u^O*tB83!fH8r$h*s;_A%+N43
zf52NwB-6pcLH(+Mr4F_RkI!bVSyQtYo5s%$M4S2t2g(Yc%}ZBgsc))h-hfm*pG10}
zCo^pijKbd67&TsA-lpK-Q$udR>gwuryC3xwPRWv~d8ck&9!WdnG9?c>w_Sjk-H-HO
zVGRolQ`gq+OWym&e?zmxd!yWtX#qEj)dmowwtb;hKq&X_#y4Atlp+(fKc8do>N-rL
z$;`F{D_+&PIo9^d`D1w5;bHXMyLX@3p+W<h<w-+dGl?FxupKosGb46Ea&c%B==kM}
zmX6Mc(b1lX31JC+1Gu9*^?ev-7^}N|)0V%%Ap<c>65x4UZ>10r5CG3BVDjpvAOBmA
zpBO^xx@$cxlYT#bqB}qK|KacdUoA-KUpyUuW}5Vgk|#S{#vW{W{x-ep;TA%qW%iNE
zYNTpK;R?686RQ}dM%R9}YDYM_T(^rBYwH>sCdOCYe&1sYvWrCnp<ri=Q&ID#K<}NB
SeF0_*$O1F7F~vhYlKul#qy_i@

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/delta-risk-activeeye-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/delta-risk-activeeye-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..eb5d7a2d36a61228ae1ec3b9ebecbdeae5787361
GIT binary patch
literal 7490
zcmXw;Wmpvd*T$)zw7`NONVjxJhaj~yNJ>d}$dUq!w4{X6jdXW6EUZh((hHIj(%taP
z|HboScCKr7cV@2doO7SgeNU8@h7utj6&@NI8X;I&UI*B_|8K*227JO+&sBjPuDh}k
z1PzUx<$oJGScmx-IEd{DR#(8@#3e!_;LD+XY(PV!UIWX^>iT9KWbZ<#cLP^smZbz+
zqe8K9lF-mGuy8=kZ;4j}AqGFa4HkZ|7?~NfaK;yMD7|LmO*+lIM=w(;+HYN-kLLct
zS;y$WQsoW*8@S3SOFc-4F{rRKhZYJs+&yIDr9vb6vV_hT8XE34)0y@!2MS$Yxw$yI
zA6J@sqdq;WyLRH6V3ST*>9W(VXm2kX>G7NiA;4;iV{OC=2_nz8u&Cf(dDi_*qa-<}
zS|f}YEzOoFEFuB~0@XW)xb({Gv_JmxxlzX!t`$B}#1N^Ku9ICAAAT0RNBs(`8sbdc
zI&N`$`+k<~_F07Qp9KYHH6d&P!9PZ9LlR1P#36Pr2lwj@E6Dk!{uJ&{0jGU0{`9y<
z5Xaaw4dILa5yKc}WxeU?dCb~tIm+J^r^z;rU4$((dkOl9Mg9>}4=6cQ)YIcAck(mT
zkFpdXp#p^rSz3H_PeWbBxQk|2a9j4CXpo2sOZOf4|JQ25!wk;2v(HepQKxaC$;KIU
zjG@%(6vT4OP&Bn7)yy>h?L~u&iv~_Y>pLF7F*oTMo1Y*2he!1h_|4_{#o6A9xs9cx
zqvDwvb+Qem-b|~3p`59eVEf~t{hEYqp5}$N(R-zL?_=@<c^gD9akcc~u!p|AY>KPu
zOpxuDko{=>M1O^+Iw|BLd)n*!<DcBNg^?Jc`q+`$xy>@^&ZRHAzs@`Lf%jiTK%y}Y
z9ibC7%RfteKC%qri_c0012??X3Zc`RS#=u8WNFF2p`2J;{DaGFGKbYJMf;B`)7~K{
zo)OWREsdGPyjCmG>eZ7_{iiz*@zS}{2_w^Z@%j|zqO13?Xt2%248{N#)ECFsv(5N+
z=FqEBnp7HNu$2_QhMLGK*<BSZTh()IxQo8_)9vd`c%uxeCYa?8&R&+1<fxIyS!=oM
zB2dsS4O)~}H)SeshHm$Jfmg2wng1hF-Til{p#7c2^j(Tg77qomf<q0n&1kBv9)_t{
zvr;bWhoS2VV}bax+GH6yP1;7LF{mzS;O|PSo10{RH63^8sN_;oivt@Hm~k1fuA=Ft
zW)~>waSh1#;(Px^C`PLyw8)Ti>48vLed~-2<JVB#@#)6E8wwMPN=}R_rb0<}o}!8t
zI+icNM(AWIlEqaIe!bOgI)(;Vv%=CvjqBjv_e^T6q!S(OrKQzFyB`0YFZRLO8QceL
zH?)md^!JqCHWAq}zGxrsT91@0D<j%z3XSuU%`0|T;tUuGUDp|9g=oQQ)5aQ`rAk^G
zv*2aBd9fq}mG~HUx7e>MDs2NiKt?C#n+qVWAPXI`@;$0jCug(DuN4t*H1mr0bam&Z
zCeH~P;En7Zn)H(tvIUkpJ3IRYt&Oqp-HZHir<~sSaUML{6w6nyu26dgdl<>^!JN(I
zFhee=Qvox0q+Sia;h{onz@@bRVjzQ63r800Al7uDsjU{hvRJZ5g=%)*nh3gneG^G!
zA&`C_|L{6G#LN17`M=N3%}u#zO~ts*NBafs-6WC7sC^MXagwz)YJ|jSx|PxmQnP2c
zxypFb>j{Ks_nw3<#Xw7^`?AS>3{<)&?sG_?t%v#opJ>y>2__CPl_0&|9N-L#jI0xR
z6CQeZMM7mMdtDY@&n4*iswC*6ds_>MXQdIw9#!V+nsWZe3C#{oijdk#t@?)NwRS!r
zH0{L10M8q#^%hr!Ij{Tl=X!cff=qEtV%Vt=e9n+Js;e8nI6f@q-nm@iG7z_GtXI<n
z-1phYy)zeb7WJf0MzY0&Xvrgro!q+OtMR#PNr%tAxikBR_Oj&Hx2Htfyb#USAd@+e
z*3*lMj$L0*Pu^EohyFE`_kBq*o@0&J5`Bli;z6VS9;~XqW@z@@7UG`uEO;=3X>!-|
z(;bwA+l2-y^Ok|YpBIX<9nX~xUJ&Zpaa{Q$6#tiwm5Yl^-PjP{%ao0oIZV|~BRTNn
zQ~jY;QSBB^WzeG9GSarwEO*5_x4e8%LFw!<yn&gGg~wL|xc183wee3Dwoqa&A<FV{
zSnw!;2K5+=XZHE1(R(cMES^Jha^x~HW?{YO5}Y*HeJ&(@vnr6%BF`~($qeC=Ni7{w
zo}SbH*-p$Jt@gO)taHUYaaZLN05VuvH2zWj8bg(nqYNnOgNs|5Pk{2wr@hpmov=gA
za=S?xU`YEOVc?=#^2`5m4lmIXmBerJ8p8K7>jkfG)SvaVc9q^4;Z{;&NYN6p6ulsL
z{(&NEfIMW4k@V*Qc&iIycYmwy_{)_iTViahwN(rhPV5{VyV;-q{$~+z6LAe)F^@qv
zA!|-oY2`s%+cZ@Kvjo9JDk^0z_Hr{qJ-~yQQJ(LPLr_fAS=|Zu4BxIkr~)TeoQoU!
zhT34@-KG~aN<SN)=`w>M%F|t4t=j8;JU(5qw9oBb8TP?4=-mS>Luw9}N=j;olHon!
zh{`z|H%AVNiR=&4z7nMCVqQYuTIcNpr0G8K|2C2Ik6w=I*vgjBp6Ts9a;5jAnOPgW
zEKP#{gDJ#Os8!-(#L)iu{pWZ1>Rv^R?b>_2=3%$L`|!d+MI~NGNpMoD$1Zi`bL)^V
z8#is#5=nw?GZh*r$~L1x-I@2+$+#?oAsudC@+*9Pn`gc=z^~BAb8!v{Nzzet5$@TR
zHl5?oRNLIPJ$v+f+UlN5td+_UWQ$L%mq^@DichEwyz7LpI^|e$2E<zPhY~AChltw@
z>+8bi2Y#`{y|S-#%p?J(im{fw6$HP$yn6=Am(ncv+xMUH<2jNV=f&!(v`@ZfJmuw|
z*f}9NTNTO3*d_mwX{7#7V!_ebrOZ*$+^eZ4M8)8iO`&`QuiyRKk9u$1=f(S%3qUX!
z+rwr1PJ28f=l+B;n_K!gutcEi!(qCFj4Yv}w5n2qy*O-oFocj4joC=<>Nc&~&7!lw
z)o247qe3ySdXG$or=+2Sf`Po+$s9*I_gBs`*rd%fr*(eb22KxFRLMVIET0qM53l+O
zvNMo5-K+5e%L$~rUz{VKDk^-HoDoSDZH8|!I{fciz0aOE*Ws$gq}>6{%XSJ8^Z#e)
zjzx-LY(ZH#WE0V$ZkA^e!dU1hsir$?$;m|&PYt!y!#OYGXu*%(rK3_zDN=ASSMdN1
zpF%=s1rSnvu^0Lb<Cm_REv;wF3Vl{h`~f96ULF@Zrv~A@kHNCPI4aVbCGNe`aT##x
z(!_F75htBXd2nGf{Q+OU0~3~`O#0UX?Q;lgJxr!66>`t`8Z7;+w=Kg1HPSsQN_HZk
zM^vC$%{R<+N}#&%VshgThx#Ri$L+N#t8=88&*pk&Z4~-uWaK9%g5vx?dT|6AWcAL*
zYtS0#TC_;qLkaO1wAAo`n(}ae>IN=*jLI~0qX=dUav8=)v!(>kee%BK|DYAEwL*J9
z^i2Qz+f>w8R|rVa#R}?_LyV!P2Zt|C3^kP8n;mnJj~_x|DjdfjTt=dwtdv<vyH9YR
zN#Eg3?EI=xHi&(jzbDkvtgU<dvSoO~r&b^7$;ikk8gz?glujv|?6&EOOZviV#5Or-
zQ3M|>XHRumEF2--6Sd`utqu#XwZzg;Q$L%jx+5SoddNBYPtiiv_A}K@+kz}o+8-jp
z)Dm-SsFaw(7r~6Urq+n)`TWJsR|p5xP01+-kX+6m=&u~z4L!Xlpbyw2xnh%*zHz-Q
z!6&QqQAsOzkvkOx2@us2WW;whk?xIQ+gJZU_P=0ocMb?yG3go~*?D>DR7Jmn!*G0~
z8^86}eQor0&%@7{@WQ6#x^)4`LaPx3yJ<2RrPtzkuUm~(&@9PY+?Dt|(ozSinTxpZ
zk~~Vt`#EWK97ZN4(Zryz@5}gX9NZM`b4pKkb7`fne2s2mZ?2NCFsNOYW0$zi__+zh
zgOT16SNN*#;wCX1glDZ%)Dse;@It@7<f^(Kze9$vVXTRm378x}ZA=UwkI7}3av~$S
zOR>t!6>aorX1wBd<jlV>Q}noSrt;?4`K*tx;;>=OqQYCn{Sz@RKBq7fV<;I@gyx#Q
zGYwW*$%A1=Rx;f`!nk2<toJQ<e5aD%HmMnzT!_kxZ%n_}Pd1I(B01OcjMTo*@qO+g
zTiHA}4$O%O|H+P{ZnJ~%ckT*^pWo<%+{qH->b{A~xP4YgC~$2``%KYma{8Q1<cQ*<
zKstqb9<exUL;3@yKO6yv-Deo9UF$xBT5$<8BN-2*d$7=ITw?QikBFOOXpqGty=G4=
zSaH3<eGIP4oV^F$ypAsP=&Z?ddZw5!X1us;Qqgk%SwWl$f-dNw^{XdQ(c-WQs!0=`
z&4k`NJr=OsnJ?w-DG#dJg#OTzb_(R*9!L`+fc?4COog+&w6aX8GavT`_3@{_3VVHQ
z0oNfDn3$X#w)V~_OEN=5^G+x=^U>UVXyLb@RU@|H-A9eWu8m{@D3sKVxJ4WXFZcoT
z-BP>xm+D<rs1)UIYKPx+==)z+V06$^5`O-(GaJPi#7lpZxGi@^?t+b>^}iycc*bj1
z`<lk7lHY=8Fre6gcDBP<GmIByPi0KVaO^W8hMc!n9|NgP^4gUlZFOc{k#-~h3|j4t
z5@L&z{e8a&Pq?lgzQX&(ht5`8R~Bymc!(b$ZJx*b&_pZ;s5hqpPc|Ee!1_#Rdwf-E
z$Vs%gP^yGIWQsElJp8i#<jcwMjO_3JFQ6R&oolL#3K909ok@!&<y00H`M@YaBo0Jw
z(Oel0?>z4Ex_e#mB5axsm6O5_Jp^^MsK~ep*n??ImnFHl-_4QtxEt|!nleFA`hR4C
zQfenB4dQW4`SfqGl>8~=kQ8dVcvQ@|%(YVNHk}1j7?t7ZOzs|z8U0G%91eWDH-$%3
z!;2{wQ~lXvMq?ZOhP!69Bf4AT=7i&|&5Ra$C*@WK$$+{X{!Km)t4C+5Eh~z<Q~0K3
zAbY2)ZgrGn4ZT)cVPU+VQFF+5Bnb4%g_kRaX=bNlwlk)I6EaF2tp$4jI-qyFs_-J)
z8`&w4<O%*#UM}wz%_wtq95SOoTM?IN9PSH)CF-Bf+)x4Iq)EbE@<_G`+m-3pm#QLe
z23tV*X={9bn_{F!FMJK0s;21-vVbPW9KNS)GaWfc3Wt?bMci=|JuzS<aalzZC^ch^
zhvB9@v$e5xzrEJ>RL^xNWeR!J)}#CMi9bswFzLKe>de~1`(o-YNP1XM98f4uMq~(`
zsZy!9Hufb5vPtiO7K%i_<J@0N?9F}JrAyAt4qrYb=nVBm2W+piGr>(HM9b{xBQI9;
z(CGM4kbFPeO4_H)s)Eb#h}zdqbeZ+r2I#!l=uBEk%sNRRFj&Pzo5@W7yNIn%B<o=E
zx!nqOo#XV_+m{R#^!H_<>zW@(Y2umT?4wx^?a>8Tq!niQ9l?JsLVLa92{GoxQiQO@
zvo!X-hqJoa__op#CKC+A740)%*PCSjGRfa0$y>`~F^~(sM|w+|@ml2P%PS~Y>X1p&
z^1k=(sDsa7$WX|AtTX)jhb$a!J)gHhnmm%ErmH(BnY)8H_LWpqm(XgWm?M8#Mn^)j
zCa>7})mGG$r?|Kz(I&if#Jyi`0IhJ!(Rw;!U{@Xohlt1uwI$l$AG^Vmn)&)psGVn?
z>;>4@a6T*5aq;luqHC^`0NIPC#>N;HlKJz>AAqSn_Kl4Y$#AvKQczH=WfO~H5{pz`
zY75<UkjORffKS%Gz%_HYU=Mq%O~#WY1qV=JsoQ+;?2z_3&B$igncdfzsN#;A+>ZZ-
z2ndb&)71pQeN!era=8;q9y*Lc$G=}N7BT{k9=;K+Lbf1(*@p>`2JH>upVaCc=pn_A
zk2FmT2#_3wpq>`1Wr0Xyvey^DJm3-$6}B~H*SIdTuzn_`n8;aQeN=n)EV9kmaI|68
zJ3`3?hhe^5EPnJ{=zk<T9_IT&A_r1a8&>9kP1hNe(>buf9vw0!Jbuw}<>2aI1)#Hu
z-;rdxwtuSJ&=k)8&cCgHRUM-H8cchtDJM4pzMW=_OpL7oC)7_jyiXXBh@sGRrN%}t
z0EXV3EDV?JiIW5BJ(xW>1k<|S;Ro!kyI6MC$OH=yD^-P8Sbt;@Fsex{p%(Y!-aVJT
zots<K>zPNUy}O^zVkV?Zin~b|u&QXX0j*S0^PCR3;uDn|%?_~?7w^ES3ma`)2q-7Y
z)nu~q0m<Bm$ZVb#K|HU{Pdc1h=Ia7qQTij5HPkk9gD#ArK^M>HzsAKW;K+KpU|z-0
z@{0<MetWtg+M#*5dAp2lSXKD5q$t5h6dM4ZCX~<3w)ta3S(!uk#n_ek@5>=eFqTSE
zEHgZ9%=S6${BU<yS**I+<l<x2_@UXa3P<(;!(WM6?_gVlpuxdGpv(CZN!If4JqZZa
zG?zoc{0zbQ+*2`0doIQzkjv>$Q%Idp;--y_O-Q7Svd22la~m7RFnSvwMuvQb#^xsE
z)GWI4PW$-kF&_~1Y}(p!@0+9&JpJTC?5k>8xjEvI$E4?ULjg(m1EM5Z@N1=So1G(L
ziE;Y}TeHH|%bl1>^4_yh>COP$nUYTrm!?!1Iodk<@D}OTSY~h<*?&g-mW3I`z@a{h
zIX6K`fnRsq8fU{RH)(^}68b4``E;(h$OTi!v$r(6uUvrE`)}ymb!N~t<p5LRw2<Uq
z<;%V{1GD?tvHLr^r>`_8C%o0c+PzcDsL1LV3O{Z^h|^*YnNE^VAv+#T_VWG2(*q>q
z!{U688}HL!nFki~21<pLPpu}6-jYfbA@e)x_U-YggZ%1~*VvauJyXydJ!KqpJ5AaR
z?4WCx{(%99qn&j(=&k0GAK&QwAl7W6_RsXyMlM9_GOc2OaFzyJW<i1I=S{wq$74J+
zaEJGChm*);czm%#X}RsaMpA-J6l}}x{xYV<KIo5vzM}Zb&1|Igem33X2Z9vkygKJZ
z=B;+la6>MbjGrc6_HtKj{31b5owX!;Zn-5*okf!Q{u(f`e-)RGh}b$K>Lq=+m<K}&
z*kO_^h_JA*QNNGH#Rt>E!lagU?xJ_}z`C00y>l6O-+fj^^ha)WbQveOIwt+oDCB_E
zE5Fcjk@Gp3QA*s6Vakbbm#3%q@5|1Zk+1GaAfFS1r;`;DN?IUXILwi@+I|VP^tJw8
z&-O-l?hS~vD~b+!OEaD=-Q76+1WGxG@)J7+SO<rYP<Hel6P=lvOu^RPH|*)MB}nt@
zP>6KH&i@d<WaVML2JN^qG{9S}aP6DyYOPn;zjj5&{sB=xE~1)Yi8-M_-)Tk9^Zw;5
zTc>kWj*mx4ZQ5}yU&e<I4z4arNi2*^{ZUczieJs%J<BJh0`*tZ;O;La_V%t4U&YXA
z&&|ur-3x=7hauOi=sa0sK(Kkvx!}=qNY3}yef7QG^L+&U8!<mh&4>Rm{;7~!qL*xp
z_RMXZOwKGj={Am6zV%@{l+$an86r025h2vf<rfwnZ|434WEFiDKE#wHeVfxlM0BYQ
zPQ%{)b}5%Nzl0m$N=7U;nvPmzK=yd-*X6uSjp%#0TSzCKNX|%)SL^4C6Syosr3kvj
zgx+-U?jF4Q=p2B7niq{5<Nlr^lMhUJx~Cn@*kxP3V%$Bon<hqtr>7Tk@i)BtywRpb
z6}OgGH^Z1=++yp3jIJkKQ@T^l*;7c4Vx(SveVisNGMwMV{B!P);Cu^O14({z+;Z6Q
zF%A-mOe3SLnL`ZJ<8|Ns2@l5=k{2fb@CC8kzj0B|!V`ZKv~4B*5E>NDg@8$oEu|DY
zu-A|JZ%-usX!{o2XF-*bQC3-2*jAJs1qajW>3ZA_Y6nQKj2^|cyq}7vQB%_dy0m}B
z*k?XDX)yl*5u?GC*_&$M>)I0O5Q(Xv&6mkN%5xn~4A95==@5kZP&p0tWniROf6{Dm
z*fb;k_<_d9e*V{4jv3I{@0bejFIJwI<mS?|1Y$S))<_~M^?^q?(Gfw6p^m&hKJ^D+
zB5MWemo4$%P-%vu^EoS{-Fs5IEe~+Y@lAl|)g^La`JJ`A=-m`jG%N56QTM0By%xIT
zn3a3l$YrpB50SREHYBG0;cn{YH(g-r`tS>rF2BshTUL&8N4T=8>1_N@)oF8wL-hHB
z=UF@=OohUZ|6cjdF3QULilSQFGT|EJ^ug7;ty!+r8f?!aNh6W)=|-B4fnc8Vw(t<t
zfrY1MR#X(YlBv*8NvRG+Qz}ge{>)I#MY+}AJIN=E5=}`UZXO&$$1u{Kr=|$yLa3n*
z8hyMs{NAOSf|KTHdwwJ<owfRIkx7s?3rh3LJ|JxsZ96nZM_3U804}q=@w%VuxsiCh
zERiWGZ;qc#(DG(xPH1$B)E?&LFKKHyyMz}iiKgTt*yy04=hIU2G|y>M^iC_A0v*Uk
zKf<Zl!64U`%vV=<_V&;S<lllI_q4h?T#yfo`?>r0QUDtm^lm`^@owee`{X1sv&Bwv
zCHp4b_?DJFYjgp<s=&kt)D7L!v0y(_e{4~!=3lK@Xg$&Xu(ghD!4eFU>Lt|{*hR{<
zCNk9M?i$|nKti63Ys7ES6n{MTv`0q?e64*$I-V=uH_M%A-WIv=wXN6zfU0moHV0=Y
z3~=)>U_|dv%>PdutPf30kzaA}2Q2xKD>7fbrePD0e+|BWr|fzs(ec?`lxEO*Q68|r
z`l$IO6bpv{Mgx5GG1gOqZla{3BlQ->dPpI~DCRJigtFy{daI{*;wv?ut&t<`RFq#v
zsgC5!90Ss^v)@0iM00WxgPY8>-zdJJLQw~>55nRV36L>=#{Pa~O;l*PW2+SHZDhpG
z0bN?A>ar`Zv>uDtYZ7&&d)rcJMl{-oMRE4e*3RIZ#1s{?%a|}TrF9;l&8KFNN_y&2
z2NNCh^<u7vGZhY0v^5l|s5ni%lh1mLjQwJMT)B}pnx!uGo0kua&*{WPnIf@M5pi6c
zn}4^CyWD~X<2wEW#QW^rC{r6*Q|=rUvypjZ&Md|KVsGaqPwJ}{ROs-Y0y1v;3Exih
zthGJ@NVyKB*%?J7V$Mo5xuV{J_4IxlnyY?RWVKj(e8cPF=m0<q`nNfWt9X&j(LtCq
zBVb>2yxHnlc*r}J`$8j&V#jp1J3C(zzsyOU-dqMUz~bh|*O&tX?DePXlJJpMjm7l0
z9~|+z0x=^PaudhXNpBjxyiZCilWJ?Vp4%S!7sVt`lu*5)a&b{K{@ZDy^FC>NYYyN6
z4kxO#w5&~KZ*m~#NK<2F1zu&;l;<~;q_zUF!gD%#q^HU+jwl==Cf+-Ge;sc@A?Kp%
zy7ZLG?bz5@dN}9=)m+aj6&IR*2P|g%wyBh4S=I2G=O=(>fJWD{2A(H-Rq48sF*bQa
z)cq3mrQP*5zLzL<V@q>_*T``NPyqZJc$s%Rz2^}sxh)5JLLIt^w%Kqu3C+)mTEb2}
z4(-wgL(HmfFU@!8ZK;Mhird<}FE1QSv@+~|mA1QnhoRS39@ht+pH8hDx(mFKiem;3
zI!9;3$bYer{+e#Cf*+f|tB8>%x$*aeE%(w3BXtY^2g~>WFeT5{YO*&B#<!eG((c{S
zMv^33N`3$8OrcOF8P*FsPp8FwcEBugz4oC1`M@OoNXd+HAc|aXUO<@gIuvWCoiG1q
zMuc%pw&&^Hv#tK$oowNJH)v&tV5)}Re<1vdOVE-O=!mzHDaZ55P!NDv2qhsJt5FgT
zE^bjt395!~{Fy!lOmQq9;$6s0Fe;BUXo;}Hgsv6|5q^0hYDOi}&fvLT0`EW3zzQ1j
J)p8$0{tss{mqGvl

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/demisto-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/demisto-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..205a91f2a45ffd7811cec6303a57de82143b6cf9
GIT binary patch
literal 4462
zcmc&&`8yQc`yQHXS%wB-LX2r*P^ggXWR1bdlI+W1LPp3wWf$2-#Mq*jw|Hk{WGzMp
zlf7(XjY+bvCE+{$_Wch&KRo9-*E!d9u5&-<ex7rmlWckW77v#w7XSd@F*ee-V*0?p
z#=*vHyXJOHnT|8i$UYbV5R&<8EXG#QP39mw*4W&DeUXz7z$1j>FyR9L_<4-=b!@^4
z*NQ>|A!AXo@8ugJB6#AzLv?T}7X%Q#U>Rzr@l^+shm~#p`HwQ<)NBt8yt2tx)q;2F
zg{tHQS?U9~8w4o%>I08UDN<^s31GBU8JCz*3Q*e!3}6jao#U#(^hu=Nn7164G?~di
z^7=)cS*QQpj|!MQo^jlKGpCwPL8zub#?U_z=}Yp4ARyGZV5?c<4i2ksFhIP+0q;F6
z|9oJ=Rg_Jxc@&haUmaa+T~aFcq=R4mhGNrP{EnJ(E#zhz`kXRzLNXRgJ3jyG22R!V
zC#NLgTJFi8!=j~K)~M*Et<#Sn&L!0UkyBe!lJ@Q(W47a2@t$#~I9NM!j^eZd=4Wgx
zu9#=vRmhO!_>{1q`b75vD@%h<<6ZF)l}wL(BUS9=_TtWIEJd5M+o!;`r`!%vx}shN
zEj#^K*;YdqZ}MGcx)s=)CslG9#Txe^hvW$6I_*z&-5+j7%NRpnqLa$(8Y}N=W_V8I
zVtIM9;QYLa-(IKIx!z;7;GrI*4n)O8u{YU|kD9=;+b?s2fcnVAtPsCngVPOl%RfSG
zW!D;86}Psuj<{VhR$XsN-b(h-n?<!jlzK6iUv*k1i004@Pe$+U=wH*dBa_1_e)f+n
zc7soZ-}jzTTwki}8{1~QKSG3r)B_?{4*9lr5>K*gP{LaW1Jl&r{!p9Y*5MJF-pL<j
z!gM|R2nl4sKSJV2)NR?Q6nnR_|E9$~oE@OJq18PbInQGFmD9tRNe^JV;G)@N10uBs
zRrF_JHYOkc4Q5gyV4>OiRN`b+D=f-|LkGkUm>#tMJlfS-{2Myv9DJ1&87=!wW{`yF
z>KaK)>ue0#sn_`V$CR6!_ky|5x0nXZ()Xc-$aTdH2L9&^Ahu?ubAi)s2#%9<quYK_
zvtH(|$U5$ND61EV1-H@{+Y_TZj$%R-tE+7*F6Cmy4{KkIH?D-kw!??>{lAC?l=nby
zwjQZmLj*>o8sAf!p}g8?E|$KPp}YqRjQt!|z#g+}y?_4uH@fo)7v_z8j){ywGScu?
zHcC*zSb)4Xr+Tf@^NPB90){?L?z`T$b1M3Hv;3tMTKk_xcRH`T`z6hj+}g~(+ks1%
zjT?&WI|6VH*0|U-$g^ZasmNb^>t8>#-#2MWM;EL{ZF#aK+$LfU`%|=$V19$-Z<U6&
zZ&vlQswF6mcjLZQCiFhk#&cHd1VY3kzFt~yb3fzPWQ(c@Ut0t)Bg$is=alVD8$}ok
zu-F^o8P)4QoKM#BS{}S+N1@*NQW!v#Af1@0pNaLt6*U*XYS;iqI8RaEY&3HkXW7-0
zvS|wTi3l2GW3BvEZE?RK4ei{*5h%=&<0*m!FURabGqko;%6oze#DoKTKKf-s`H>*w
zSIVne*yl5C(S(V%?4JRR%Ps32;hcyCRo+VUcHE7I?V*VEt{@2PftqI2?2$&DyD&B4
zx7W*_r89RMmVGq?mkwuD`FQc@(rV?rpIOjkGZ^LP@iH}X#n1V|IqXJ<ZfSR|cm$3x
zbJmEYQf{hwJ~0DQZV4xO?a8)ng*unjkh`WYe3+X9Isg7~y+@dfo41J7h4S0<VCeCz
zK3E?#w=(<aS=3?kP{?Dg<MIf*2Ct9`O%?fW+T%nxIMqidH{*Do{h*V&9whb*&@*&J
z{8wVYPU<ajne3h{6K@|o%b5N6;ze_QJ40lS$)Hq<n+%AEiRf3cZdO2oka~5seJ~Ez
z^o9Q-2F_?S`|-V~ods&oCf^C)-MW|w<&*(Q#_%#iAnfedEm^&{*Rjnr<WZrv!>8;V
zKo5WVkvZN|%6eS@g_NZ|@GUTezwGPQ0~-K!Bq3b<1c4_aL>~syvW>hmZ!V~c%0U<8
z>h=kF#_Ng>td4(7cWRcSDmuJ-mJze4hgh+*3h`Hy^+(^ABAjFV<@{B#7zr9F?AM))
zE0-_pQ->d_<H<XVBlP}9PaEPfZ~iffouB7lKU`51uo3j9c99@9sQCoH>m<gvKA!@0
zzu#43H})pf#qgf<s<$f?%tkaY6ivq&n>g>HD#R6n32~=kpb;r||4vw6S7_g)z<D}M
zlGYNl()Z`j{4KRduM?d$xBV0xh=sSJkAOG;v#Pu$znv@8tC$L*3-O-U?C2R|pCATb
zXEgI^gY*f<@7FYrXDzl`1EO>75b7H%ZJ<w%B^Y|{XvqC#2(H=$@x#`v)b1sj>@~{X
zxHfJ?`n1+CqibOy@qU6_v~fJ={BApi*6mS;#UkeS9Rud)N~H@;FV(bu^EIS){n}eN
zp~&5A9Vb7HwG`p)JX^lIyB|C^=vos!hFZc#1qkj4d{-@j%U+OAi?zF|O%UBO5A`b$
zsxI5iw}{H(n+bUl!OhEJPq?BFcc)()GI~P4-x|MkFD!XJlmGg54z%XD_22PFw5Kh<
zhL3|Cq(;aX@>HbsM&q$4)VTV`kBpzYL`FYfHbiWJam2nPANc!#_V~|%()*y2H#;+8
zvwbMBQD(6hv8ebERD9>`Sv9i}VD+h7r7UP!wd@ZMl}mHBKBboWNLFPpQ-8W4`1CdB
zhGc4SSjwzF{kB4}_eT;ltcSMxNR3y`d~<mj8eM}`{BA^!(Agk4S9!bqr^p;_nc3}-
zLb-Lo>`~r;aQD*AIy6zzw%>jxrmgPEj=;IsJ;UK&;4*T0dhaqfw08B_?n&sOpe9Z2
zZKtMz9{H7B2_opL=I-?UBLCR~di88@BkRxU!;7!quV#s${b?}Jv&O^pH>>0IVmjc)
z<(p$cJxyQIVATHbxXGgC{msPyg3btznIaZnR4-@e16XkFbFUd%VjlK}NHCT%_v+;M
z%)Z2ruAmY!tT$mVuN2M#p<WQ+Ih$(OAK5Xnty*i7ZB*86v~JL~ee*MQvfC?ob!rcS
z$4GLpCZLBu4}Rbo!@PcZso`CxPnLJ+T05!waXJ>(cT=LNoP@C#N<cRuUo416FcN4J
zkw-9IarKU(hJdOk^JI+sIoRl1?Jg36oAOUe8Vh;qfwbb9R`<Ub*~f`~d}Wezsy3BW
ztdqC#p;S$a+tKSW=l+30X}0eUUwS-+YcGgP$PkRSKkXL*p5s5xms9N~8ga~9ZYG@Z
zC}-#H<fCZiD@jJWAmc$$Az<F}xsM7Cy*#H4e;q_0ebKl+8Tvl66oIrpD+4Kra+`cO
zl~iX22baNwWJI6ZH01}vJ1=S-^AqTY0<;@=+jNv*{A9uNh>Paw(^ES2hEY!EhkRaE
z`^_*R4No9u!#8h1sa=@{RZ1@~4ltTJels~^nvxQV{p4VaLRD2I^Yg}g9YJHu;4Q%v
z!8B;r?*5)TT?i-XVt=j5rXWnJeL8fiH{`|4P1?i&uWQYQA@pldRu9s)=0|~Y(2SAQ
zAT==XnL%!wySs<dX`nXvw1cCgk8=ws#AHQOOv3vl?miT~Pj)YWt&C!a#@_*Aqu6;f
zA!4_X;F`NJXqoOHNTP13wh!sTOJ#fJ8Q?tglgheD=@kfvaT87Fxz9$0x}~vD<F|?q
zc2`Tth}6|i;H`AXE06C<xFk>d6FpHUxf`7Ey2_P@y@lUna@&rxyR$wu)&FZ}>3n_R
zoYQqUm<ysF2_AVX`*e^bFZB5fX}e4?nC-r`+EmoD_%p)Rj(3WvEkLXAMT`4=3$7Z@
zy#YY|AkvKx2oxD<+H2!<MmV7n*dGkBb6RaMy{ESEU>_$bX@0*&(DTt@&18&pj3G1s
z#`dmzPOj)~R+?2TH{F&5g_Xw?U)xwpkD5wsK$zO$<2@S}nzlcg9vn@4b}9LT*UNg@
z+gayMho|69Jx^F}Bk+GTd9vL0BKZA*4Z(<jU?s2Ndq|k)Q(E<fj9o^!ITCCP%Wi22
zkXRY5DQ|4#Wa1g<e6YCECiSnvEj1;)XZUt4kkt;4Y80ZAFGlc`W^Ek&-3?}zm|gF8
zhbiuG7&<mo!b>Wzyowlyg_){|RxmrqcbwfB21UF3gp!wemN@{Lx_Xjfd7=7MvlG8s
zVw0aB9?j2%W@=c%>>;b1EyCMPim3?FGBSb>JoBVX1O~L;=gF+Cy=`cyJNcj^kPH;7
zd50^t)=NuIA11y%6)2laxb4jWXW^!NAWbD)R#DM6H%~KC)qUWfw*N78D5S{$nyHi1
z`MtdmgukEkIUBX`?GQFL_GLTL6YOZzRw0csh||$61+A^6hKJ8ar^K^5z&krTfx@+p
zw9<8H|MC9_XD|M?w{*_H&^<`@W+NqSHM}UE;nC4Y_x7|l6n4kA#0y@CikPM&5qQ}*
zAa-twhrfTC*|o<tE6*#%GVSp_O(A~CPoxV)#hI$aY8fmoEe%dJK+uY+YHMqyMR}|p
z9aAxM1UkSwWK8z!7O)cSCdyV}m7JOBn%0xoJs-$nK9XeUj&OL(K~WJoC+ZgX9h~ov
z57W@`GnMljdkrhPeKzCbISGr>YT1Q_1!jH?4Ns;>a&#^P;o2pgoSfh(x|+qW+?TB!
z92@~j2IbfqyEs?TG*~t_56}GgHS&Us==ym5$(J!^S|#ag#8tz&d3iETDmc*hPu;w#
zp&Puj8Ux$LbC^|FF+q5Rg}qa{`T6tbZbqJSiqLR3<H2HZI2&66?C-S-U)=egkY0%f
za~W7wfmL}a6w2a*0~6tM+`jj(uc+pj7_hNV-(bpgUteDz48}Fg<B7{<qu^lWlrl+U
zf%cLVgeg<*b`%(@LOL#UtC%w%G+6^nNK|fD7n=~dz7)<?Uw`%QN%Cim3=wl=OeaMk
zkOIUlkO2}7J~K`>P{=z4QJO%IJ%g8JgstJ=f2yiV$z=SuZ?J2aDI?8dZx@%?xON?1
zKR^4?q4uqXzexUzJW$H{@Ci)`b|p|a&Pjw)eVS^{J~hnr%y%OuRabi`iQw8@81MWa
z;wC2@ROF2`2qkT8>2?T1qFtwo`Dd4B!yXKwR2c_{f}xN*q?#3IwlQ<-rKK!%a*tPC
zr`r{-c-E$xY@;-iOFL`FJczk^>c?)cx}>rs1dWMT#aueO=UI;j+Sj+^GM354gUFep
z%Nd6G&!2x#k!Ny_NF;6-K0JZJ;>!NfFXta#R;l#lPc>xHB3GnXmzY!r*Y9xcqEeZG
ziqy1#3h1Cv!^>FDKMwe4n8Kjy=B^nZsMkKZ%r3mdLaTq8OkDdR3H(4>Rb&4$*Pkm@
z7+(1vqHo6ce5RXL^=Z*e>yDbJJi9i7@KrZBt}E`9w=W}4x<<)bF5tJFIY{4Y1$Fx(
zpSA|&xaz=sgIrCMluW71Sg-6Yh&B&kKUN)F_{DlNUGab7`bB_kttWA_OP>lK=5o=L
z<cd#khDYQdKdn*<=HiC4Y&UZ9hDx-!#BZxbm{GI|+m~9Df)#eH?_JuwD=hG{@iGT4
qR%LC$DNr;{bLK;a?*GT}M{D({z_M3kipcyc0T>(H*00fZ!Tlejqm*m_

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ms-flow-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/ms-flow-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..c28a05a8ba9298f716619a11068403b831e64d4a
GIT binary patch
literal 2655
zcmbtW`#%#36xSNFmDkWjlJc5Yd6Tfb&Etw#+7^1480L{Xuj`I&$)j7OJ0Y*+6`DdK
zv_yGrd2Z&i<ubA)T+isbf5ZLZd%ov;KIfP7Igih|<LTif0a1jAh=@qIINN*eGvPmo
zi|yNP-kR$^feFrj(IO&8)c?Z)7caHt{U9jD#oYn)H&{wU@}TVIuI7H)o{RnYi^PJj
zg?$m2(W9No({IL&uJzQjRXqTtY%&6ATT}YvTvu6X#!$5n%K2+)h#5;i7>0eB52^Zb
zAkCqsy7Fa;e&5NA(jigN?;*evJ#dMH$M5%e(wZ7{W#;PR`i$tFnJ%MsbGns)wwj~M
znfbK2y*FnmuoNT;GApa0%MUAuVbZV8X8U$jj)stVF;X(BE{YS6AiBB8wuDXTNVO9U
zAu!k_1s_qL@V{2oqgsx!Y>N%xk#gVPqklbhzSu}1XJzXCuLj-y)?*FetkN`$b%!?W
zNU)R%QV#p5Ntf0|wr1&F9BAvg?8uvaBBs%|zQd}lJNFN3foa!<pf&0(vuG=w5niPV
zr2&NZE?EOA{&B{053_0`h+IGo+|3POpbA7CJSaXgL@63;Ldfh0rAak*Rsfh1kesK$
z1Ou!z#n%c>u%c5C|6kl}HB4x{aDvNpuGnxM%_v*U9nzP7Y6(9x5PM-3itg^1EdSve
zXCaztI^~%=V*QGBw`8=-g5;=rCvZoMzo*P_wpkMt>ol1yL+ef`0-a08BGOxu?YhFh
z94#VwK?FG7?1dXK7?&(1Xd(2HQLN3R)Hmth2$pzseT=$vv-AzQA)R1<SoU$JED7}#
z`O8M809O<9b`)_=Z}XiJQvGY2Jq}n+TGA(OhVyY7opV<d@{hcPYzZ|6ZmD<L%M4;(
znr((OuhdL@m>dD6QXJLBM6p_&MQ%c2)NV0rSpD2q!&`-WlE@gxfXk`3*CBsQ>196i
zp89cVa~R!Ak0$(h7S$enDpKE3X?Hm41ma@El^65Jmq^M=lsrh{>}BGnN8rxAl@Ems
zkSrq_l&jY41|x`?tFpA#V%|+H@?RgAO~z6Dt?S!jFMa|J=|<9ekmae-dt+S=n*p{L
zc>k0U=DmrZEg4HPvya1;$A2xsEMmOBP!R|1tQc8~VZgR!|JiBH+()(r>L$u>tQ)`O
zRx`LNI`zMaw3@wrXssZW@$jFYMD&13B35x)F`RFjLB&^pC&n?4BHeS`n!ulK_<a#>
z+*fui$ZN7$moL_IaspL{iyJ?`DI)edOz^@hb=DU4_vh~2x}RB`q8IJ;m=||07@aK6
zPIoUjYyF;=-YKtP!YWKv`6}Dq;;Q8vHb-Mh;<d)`4<zJ@F{Eh~&-I^9mQyj!sYU?Q
z)!t`Qm=K5+cA51jB?+BtESkF|L(3?pF}T+ld&zLcR+F%?!=O3n!=i1T(uZ!brnt<L
zh!+bj7R)~yPM5Ld-y%S_MP1+LiDSaI4-xv(&UglA3bt1{uf8_~7jZRX+fiu6P-FnM
zzg>x}GOa$@Br3Mr`??@E=NGw|{1S&t-T-gP)Uh9HSNPo42bjd0HmKSySYQS{2pBTf
z{B<XVAn;XJ;kFD(X_Bkb3*nrmD@T_W)^hbvdw`!Y_fW&-xa4$s;&g0arBl_@<w;fk
zci3SVE`TVqxA`V5bgW7?qpOdC1~|Y+$?2cenVpprChx5BRf{@t4x2rdQSp#UMD`26
z;H2#0yiRAl5oYy6oe`jK;j`vyqb>bvI7dx*%r{%y!yQt8tnbJQ)UrrBqzE^1T#RTz
zXY-xt@$x@EXwOhP#Wgb4yRj}?<e;1ZsU>LBVK!wfwIbkkCbkhqtLpThBIP~utTu(w
z>|?PjyOFn&fkk{OLJ|7<s+Lb!H+#wIBBc%(&ISB+$I5SWbf!t=+4#tV(B%;&DsBoB
zU~3tQu7Rr!PUcY}=L|#PZOOju5h*7oq8u2hgsU6RXXZPRu}WdyaUn?a<@<T470+s0
zdc$TY(m44$+owR9*0uZ{*UQ}Cg8$CAk;W|;^b!RwP3z;A8s9sX%@Behub!z3V|IIy
zJTl@rXPR=dDLOqkPkXHIco1mbPp>bDOD3fl`cYv{qjly)r~_($c0N)MV7Dl)dzrT7
zW0%~eNwtgoN7j~Wo7a)VxRIEb{edQtj>QIqZ|;odaQW?4!Rbm!lj+=u=qxh=uE|7y
zf}DG9bhYQ6#Q2PWH>@!rxcnYWYLqjT5VvVL)ZU7Qn|wqp*4{J`En`IZdp`|2;ej_8
zLA(umbUI7hNQa%MNLlK-Yl7CDsMiiRHiV4VHM<9*d_8PhRaAG<flyNWIlMA7Tilud
z`aIhJFI$q6!^kK@R%O@j>U~qUg;0Qw+rn$*>B|1Gh9iY(h><#)CcRL@!tB&B^8>hw
zTADGXHJq&cF4iI#`zQ96)*L_7@>Hy(j?9^O$!?9Wu7eo?VZxSIP_=}EN&krP7tO%c
zy&qlpiJxMO{i5u6n1)^Pjs$GnZW7u!-<MzY%}F>Bywh!!Pw8owx!@MKk%q0*t5}|h
z3_B|0a`+9WhpqL}D!-O(z^7iZ9A5pP%#cXkKW2=Yo?Nf{p6mp0UgrYjLGSfLaar>Q
z5Hl&I@Z(L)EV|d-%tOo$91U)Fu0p}(#TJv>4Cx>u*taCyP+XnU1xXTkYFi1&bOWwZ
z2zyL);3QwVW0?s0OSUrWH`dZZgTK3}Mqop3D*Yy(lS&ZkuEy%#m`U7*5QfFjTVee}
z4|BdSYo9EyYchsG4=SXz<Uv&JLGglw;pqDV+T*wEvO(UVBhiikr|wgdf53~}ILdbW
z?E(FwRbH(;!c>PUz1jDf$K~Rq8=eU1dyeo?{Lgrv-E1)XifPeyD@I=IQ16TsM6e_q
zAMM-gT%Xh<fSM;>juS>uhhajTg-^)3M)T{E$m`>vqQs9FziwKiNELk`Vb=uPDM13v
zc%Q-gsx^Rn9?KMlNm5)l4%~I;MBRy!?_z7Ag;WTtV-R)PJ?3UgCzuq8ALs3Dl@Mm`
zox#!>4Tc^W6Z1+P!TJ4HMN6;WT)bUpKM?hqjF92R>}`MRjlPZVox<O;PUm%zS3cR7
zr7f)9l?A*->iT|NucdT7nV{u?&DEqEvZ?s@CGz)Qje>3|Rsd5H1kYa$DhkJJ{DGv$
zvcPx`>3NIu#e)AQ!eHyw0FJ4?tab$I_%$ZO53d=?1>`7<ZE$vpMYm<|oz41aeLsxO
ztP4i-9uF|)>kDeS{8tal9ob9Tkx_WdQnZYS*LxlSJylX0lOAM!d4Dab$a1LKS+a|F
zX3JU{^(mlCOTz^2B-tTrc;q%q7|kiO5TxDt^26Roe&{7t5q3BFP`^WI+V#OWmb<9f
i57quI;(w+61j)LQqaKRseBOT!MO+*_?CWd;QvL-+(f7Ro

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/rapid7-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/rapid7-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..9683cf58e0dd76710c8b251f7b66b8acccf74c6e
GIT binary patch
literal 3977
zcmcgvS6GwF+6|!^S|~ygsZs(P0VOB_1f_?L6hWlJmaq*~=@97x(l!dx5i~$VVgRG`
zCMEQu6lqE?0gQks1UMg;|HXfK&c%H5JTvpmeDl8RU29FExv4%o<N^c)0<ohEbZ!H^
z?^$DE0=`|}_Kbk;oUegh00_h<dDiGqw<Uf6gUk<6Cc4Z^=Qu$e@D?40`ydb}9Hn#1
zDmZ_u0PD+ZUD&EQdqaurF4dw9&W&ZDXMwPkL{sW-%K5vbohQCZRYe}WDi6+&!&0`a
z|8y6cXE_op!>sRQVH3?a_zZ+@JBrC7+w2u}*kW1Y;cYj$S;Tm_SM=}W${Oa6ue|bL
z5p&t`o~;Tk!qcvd9nUpxo3$JqH&0kABtf-A{Vs2$&4S3M95Tbp22t|*kcY_I#eErI
zhg9A*|5rD&7m1iWpXs|qV;<cMjnh$RyWVc_i)#@~xwsUSZ6Zd{VWI+`n>4X`#FY!L
z6GADWj;40rUEUlA(;-YQ!TN#KClvN)Gs6Gy`gN$d;V{$KEGE?UQ(|LJ@#@+Bml*3W
z{y#_m_owPg3nJwD#4mEV<*r;#dxJL=g^DUE1<X9!s86lhoFt``z&&&I0t2r(5)QIf
zr%5L2!uk`Byx-3rY<(4t6%|h7N$!Md6~iHIHy<0fh=?(acs>hOFSOCK;0@OhnVOn{
zC;3~t$x$Yip{*tfdb(fCuhPT6o(|v)gRG47^_laoVM-br1a&R+?xo}54AHlQLzcM4
z-`eY=P-M(zvX1zJxyBqGX;abIRuTpRflSt-c>-4Y>pTQH6oXd_f+ib+6cTm7)+Qo4
zyt-mgmLK0@IIF#9RSk`d#(KAB>M~~=f_PH&WMpL*mb0Dy21eHE2Z8;O{!1(*jM~0z
zQgrv?%i`k4xw#i?2#zK;HhiFVguvm>4GDXWD3A7(gT*X+@?XVxc$<27jqs)2krq8F
zvrkxBmqd<n(h84ByMe@~t#@)p;XldJ;+mRH_k8Bcu{k+8CH3`p!%zOKwv)CjHfckg
zn!KHzooEkb6CSld3KWN)tM32yt=P8CfB6OG$DeRl^1qS`JsBOQf>jO;QiYL+=+*qu
z(c2?4Gjg%eg`dlP3ojFd>oEl(AtA2oqpw{Lwr9oBxmqmt63s~2!wq5H>>@bO<hZko
z@<rtda=h8t49&xNp16hHnuDaM`I9Ea!El*RYaa|?@qYH2i`!8+^yv6_ybJ86S9$Ni
zK<Dc2OE^S}<)MQ#cOo>c`wyjNsE15;`9+ypT3t;mC%k!+Jdk%iV7d2s?M@sNaqU{Q
z*B9C9ni~CQMiSiNM_V5T?-vc}J30#E@#3+fe92rXdRN$Dv=ca}Z=8;K8UnXUN=l-2
z#M{=#$_lDIJUn>$`RSpMxV80lzf?vr9XJY<RHBGL=%`%$+t)WehM5!iJ3Vo(RiAO%
z<>s8U^!GnSMuJZG)UL7MnH)vDM46xE9jG*Dj6(#ugg*WL=~ihppLtB%`C(F|>3AOf
z)ZY1O&Qh{Mv#+a8WTb{Y>4D2ie@<#^YAT0g*p~8LdwVXe;m@Ce(}cx_71`#(cTMg#
zpQwIeNn;jc$ntQRzQ)eZ9^3Jq3!H#;`>hwIE}W&{G}x6QNbc=zCt+08)IyH;C(vGA
zS}bi-HTRK0+ZWHDKcBCOos)TkzK|(x7Wj31c)0cbKNFyy{{B~0RjJa2!C)XjK0XRN
zEvFh`2iuauX#wk_k|ghAq1}}mJ^eXKRLy%vwA};Zv?aJniJ#lnBH`cX^zBj@b!!Br
z2Xu&~36g6}Y-i`M?5%UCzaG0ix|8n5%9hZ9P*!%a;{)mH>Q>qk+e4!1RtECA^+h5+
z<tW{UYB|H=15Q#dss%nRPz!R+mCD6Y@4SD1kFt$>{hD!_RQGV5TS!P~CgNZgy}UqG
zVdl69WRI>wuqphHf0mrxLVk^N8~E<syPn?OT?mshp^nn%s!fo)yZbxe?^?7-%|xB(
zh@)S~ZlK)%vZ?$=>=q8#aH#d<B4LR4hnQdB$OrRSGdH(OWB2=SvaXbvRJPJics+%~
zmH5Bq9m7gp0<j4~LX8@VtWU?-Z42(3??kBFNKK9LGr1HCttFBC_cy*+iCMqK;~`=U
z+S=MWr55eq6{XDzUo{<9)^s@f`4M@3B&=_5ue{E7TxgGD1sUgEOTnJ(6YLrS-)4qv
z)DKb@yY<~00AiwN=14b|ih9<H$ID7*rs#+xu3sOUoLqZ00OaW7N0`F|^5I%K4>-C_
zl$Bqep_o8W*!tez*XMS)w~lUcu(J9zW=4>L8A}SqyA03FJav(1ThtwpXW->E(Iv~b
z){n-`&d1DR&t(i_%X^If{k;JSJnh`PgpVF3WT>17ydYE84BYPBP|Ps!-CG-}{XH=;
z(fx+d3}{Cu3FAtH4GatbxkN5!UAEWr_O9BsV`&4}KqZg@1KHWxJ(&5J0c7<VjTY`0
zvV5L9k%1bVZ&_yQ0%Ix^{H3_n;2*cWy<HpFbTAi2nf@@8BMxllNBix!n*a6dT|6HD
z(SI3IP*5;<06^8aP+j2huU~=Eh;n>yG$U&dSpb=To{vv8EC?cIAi+IRb`=7b^}HaC
zPFHDUUJSl5$>*h*R_R2eFZ?M`47ZJNkl?^RHeidwgTeh0<DEOutVI8WyzNw@;;PNs
z+FBK`$=K2)(Jl2!o`v;u>o+#U$m392WXtYxwo@dTgqc=kqc<6|CAu>HGhTUX41qJw
z(em(+q^GB!Bn|x8T}|wCMc?>X^CsC7u@RoCBi?xYYr2#aHdXCG>+^}!_V$(sAmHxo
z3^M3!Nf3#AL7_Z&Fb$Nrk||-Zw-+Ga&`;{4B+TK_Q9<DrH5jg-(7m|-*h74QXq8rN
z{M08E=UM~}-pR>Jic12MQm6wKmFCx3=<o|{r4@5QtEXLF_rPvM*jc!srRWQegozMH
z0`=&)zeuwPh-P8Pia>8~Z@$|dg5&c3gj3K}gO>TB#<~DBGK8Bj)ZN+&ifoxjJ*ls+
zf1)F9{6dkgHBqgDYG%RP=%|p3LuUGe2opwVv`k;t<x+qh$mh@7W_8vDtOBcV%AO1q
z-pK3kHwMb_?c2A5kCv8}6oD{tH7rSGqBb@+3seMH7=ph=G5_$o08<Uba!&r*A6%pB
z(;`FurH)ybGxE?uyP#bYSREKu@TwJ^u!5l<vOGwmPUKFauL^}t6OXTUCv%Ti+QqoQ
z9!yoo?XC{dSEx`4gr=^NBAUe8MrbsrCN2H&F!cVuM25jTw{8xS&wT1-29n1JKLpvW
z{Su17V61FxR4c**0%`(ESpj8!=Ryylk<r)2A7F*$<z*mL^BKjPs!kF6&y|dsz;v>I
z-QK^D$RKT+?;GljLY>Q$GBNz8#lx;~f83rjRnv|18GVJC2|AVIZKX6k`4T4lfCpiQ
z*O!45j#jwK)9PwATpwW*LaHQ{*Y6NmYcbE*GzE6EN}g69K2+=C^~{wzgM_ay)WE}2
zSy@^AU?u>xx3~B1(WXs&eEgH{MV-=-T4B23uU~t2u%}_tCJCQ;B5-dppXXEbO2cW?
zZmT<YGBYx6AuhbGs34=#4Gj%#KX@1LbbISdaK9uHM`Q%qm}D*+y&c|*)2jXOL5<TC
zfML9g@BW5$$q0OFYb*S4z3jm>DdprOQdBuE^yH6fuc1+!aj{4+^O2X2EC-lHurn`l
zC#vY>a+ytOESLT%LDSixiKdN1PZz_3%lg~YFejYLJCCn00<?8<d{iJkzjL7E*2T8^
zJJU>q+_2Mp=9!L<kIzog=fCW~;#*&}+a>6u!n2m2e-Yq)eLX$BuXk}J@K1|=(sozb
zVt^dFj=%*31oHp!F*9<;nHGfhC7!%h3EG}{QY|Sdi4GWaF)dK-tQpcs#-U;Hx8S^n
ztRj&uMJa;Ue+CVmaHr{CnhIrGob0Z6<*xFb`&yFblb~Nit(hCvf15FPP3VgXn6W=^
zXX?`#P!OwG$u4he^mFJNcq*gF3mF+6{x(B#R(z4=ddJ$D7)*7QzxVMmX8NLv@8gaH
zPD^|HWX$yEiHRCO4nL=bs8>2PWbr$NkK_cau~UO#Fqrf4;XVR^09DM*PEDaqz2&j$
z;gfYE!f6Swjk38}7`hs7jv<htd+_g@RI@RJmzNjdS;Y8~iP+PVT1E<xhqAKQv+%Tp
zqn(zb`g+wfho=Z_r8M2#i@|mauQBR)dGd-Y=M>d2m`ycRwA*km<}p!x*Fp(3w|0xI
z2Swlc(+dRf%~NSZ=m}fty@LZwTiYj?>EI?uJ_Sc(3yX{Zbr@T<O9vC+DAw24+cx+8
ze|)=jHYdUDa`bD9A?6m~kt!-Hm*V&xeHX?DjB^o*Wrd+hQBiaN;WIKa0$7q*@CywK
zlL077kqyGi8UjF(+|vWw1!s~aB3?o>`}z{Q7kT;kZd+Q$;LvOJrs5gSz0YJogYPsi
zf&tkDv|;AagaZKI8bGtR>sAXtS36KHP_=j55<<<TZA#b_@b*%Mfnp~`1Z{R4&RjgF
zbwfSI<{`iDb;Cg6IrJ`>wr&|LJ%1$4UeEz2yWh^&_|hJ6Fwnj!h-5yO&;eADGmI&z
z#2iq-*mFFi)rc`fo$q%rAjhWS7B)6|S94yKmeTiCn_E8zU<eSSUUODm6mUo2UMQ(d
zAY4E(^>8q)HwTX-5;Tg^WGrz{4|~`3<oXsCI+M?gmIqHFgM)*^B}cI~PCIYFh9i+k
zhM2b6>muz>+~VX@!&&LRQNPQ`ABkBIjr;#9aF)EaTjI`S9`k20cULkK)r>seFOTfv
zh5zvrFe(newDZ4yS}n3P`k7rNJ8`&$P~k~hqlzCN5(S5f-dUzEo$`+%P>%DZ+cv>g
z)*cI=P!&Q_-bDMDrEXo(7b<?-U*R__xUPF=OZW+0P4xS}ug_i0@UcYYHg<^_;28}<
M>6+?PX*oy#2YuX^SO5S3

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/servicenow-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/servicenow-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..0c9f72b10a065bff94d6c873eede5b2bd665dd5a
GIT binary patch
literal 3799
zcmc&%_g9lm)21jY2&h!02oGqeQbeQ*QW63fYA^vrDMB7ZdY3AKbfifQ2uKSMsu+3+
zh@nM5gir+(2!tA{wD<O$@0{;Hc;6p(_nh6G-PxUMu9=B4gh7}YZ!pr(&@e-Fw2Xn#
z^>4e#0Q6se?&tx-C08A!2MrD9t-p;HYAn17OkVJWKGMGM>k=ys>-GK6d%QF>EZ$J9
zho-*SYt#Qar8wBMZ=Fr0t!??Lv?grDvc^`&#dT!Q>Eddj<IE}Gfg-^nGiagnMBPe{
zqfcQyCWUnfo9{dhAE^tKQx|;W3JM8*LrXUvk}w`oEmQBH!hdtYqrd-XFRZjS@?1?h
z=U!sYY+B+XdSUA*cL6;%OhuW(;fZew1E=WUol47o__?z`St7zXgkp!o`A2;}9vM9>
z8?lki7(&Ul)6;?f!3RuFz3Fxg6kbSPH-N*7ii$)k(_=_Z4E$H5`C}5(Q?$qw#RR*M
z;jj|RmnD#>9tUiLi#kml_%78umH+cAi?3nac~eI*1`O=kmqiq=8@d8_+NpOCLS84+
zo(Iu0!u|^j>!Ek=os=5GQ}+g86URZ@wY8#K{zI#t39k?d*;TY}g|5~IR)yicK&9#M
zUa8Z$N6m+a|F;IpH&SYHajR|OiXn7<+uU5>AGQ^AYTx;8YUR6*WOS#d!<V}kyw%nP
zRXKwV+t=0KnVm7$-C(xzq0P9%r8IrNN4w)R$b6!*K!ov@6)TcVZr{<WnGO|T8@iOe
zXIE|}t{N(!gk~ul)sX&fkUs!!><jO9%JgfVtmY1Fy`q_DEju!dK)~aaL0pg;v{u&3
zMQ_`M1-bhA;mNTCe2xy%O$PRM0b89AA2%{Q1M@{i9#fp6TlnjI?CB^sd4+lT1q3@H
zMr}HRYhzA39!@DLvUA|ty!O5zRA95qSA>!m5V5z1*^*_*ab2kjfMUSu3dzY(y+`N<
zqM@*ckAS+FzY<GR;Nl;35v{X!no?2GkBVs2r`f>rLql2!1fqCam=KuDhxZ|0i_SMR
zF(TYGz%G*E;xbu}cq^0#Kt1tp!#*t9Mo6V#ejc+58+<RvhtA;j32oaK;)jZg2>shP
zEG$Yh@4hXhE>Tah)B0Kk&CPyyU*sT^sLg5ECkxZ8-dEzlekVOr^BXJk?OO{e#LVth
zsgrc}CcfFiK3*laB(~Ptsb$JPs-uLOiSy+MMBny=IWK`=+3cR$@;1Tsn1XB!d$`EX
zMeR>6BjLOyuVYPN0dDW7FR=csnuO}={M5k18^dVDboG#*e6JE8911HUGiXFGx)5C2
zp5c8o{X>QxNL7Xej*rY<w3KA)<38uEy0JDfkncBoeDd_<TrHt%d7S$uh1Azt03jWR
z-K_GW-oDI0-(eW(Gjk@j!jt8@*3E_dJRfyb?^_bWg|+-$@p2M3Gej6ZPlY~mbEWM3
z8_hW7WJzUz#lkmV;S=2Vb5mNJOHu<4UkP{s$VY(-$}Ot1D=VKa^@mp~1fJ3r*xD*2
zt>HX82)YJ%YXh5}qnkfH6%Yv3w2yDj<qwIn@Tqk`j`pdYwZz2K#EzknVns4FZxj{T
zV-v77s(reP_EGRD<<A<`_)RgU3k*Eo!zXM$Y1E49!B?n<<hGs2?>>_JZkkeCg^Bjq
z-94sC1#A1dz8kYTW}*ue3`koARGNzK7TNOuI?(@%(yf<W=_0_+LLI4)TF`+N-EvJf
z8RNm-<DU0ci2xT^Ka<cPx~A{Bvg);P;Id(@twCYxB3<(<e&v=mkr9jbGm{N5_3<p~
zeVv#F)0Fq_!%GVVC%HDY=1~2ryjSgsyPD^ns7K@#vY^mF_YcV|WQ&~)i1-J%o|`*<
zb7pXQ=UiBG&2uKTz(Xk`Bfr(@my`#t?*J3aHdS3IAcR;|f=1__;W4SE{h8s)QWp$@
z_=#A*XuMak!q)FJ-m`f<dF&H>cmzW{T1m60ubXuY+ks9F%f}%4?e%Z7<+-M_svW+G
zD6$9abbMG#tO}UZP-<#Y^gKS7T39GNxz^kisLWL<U*j3Xe75st){wGQv$Sb_`up)l
z)oMGfy<ZEW+#Y~Llsr#a+MVBryQ|VS;wT3Pwk-T=9f^%5<>oc%(c7d0rOajil^%Op
zlgz{fe3H7b(nF6A$)`htccz?*WN+n;>T%YdQHhG)i<e^-;Z!)D!+CEnDKkmK;}uWq
zAOC1Z#)FmKd;bUtl|MN>*PZkF!e6|Rv8EI#^s@Fp6lM1m9bt{<$m@Pc5^t%p_F21t
zeR7og(|1od#^V{7RXYU4u3X$5S=nbx5Ji15UrbG-CRDb8J2(3Ko*)d{qqRRB@8=`{
zK&nPr-2)Bg6pjXm?TSA(HnTieQW8yv`sP?ycc{GS<7F+)JznL0EBItMW_g!E%pt9&
zq>(Xggiw)Vl{qmXb3HCLE}?dR*=R?JFK?3uT#&e~9#SSL`B8yaBwE88%%J9H&E%o0
zOM~NU8Yp}*b}{_I@+Af%UhtnU3^J>6-y8LiE22Fm_pdzWpm6d$2o{>FzWAg_di3}2
zzpu)gC6bxAaKpo|NvJNAw6vlkRMVF25J@^{YOF#?m=ZHI9d&zef_~0t-k9;-<*45v
z^}Wpv=yY%xG@Res9;T|<pzOF)$u}pKR#vy3w8mmE+@Ai~1n+FZUd9?jOMJ?&U$0mg
zhtV)jv&SC4zF*HYpB!)XxtYepQ;n$jZuU44odK2LY+HRGWNWLh53`Y57Txpzw#s~W
z(h>%uNgOiD9}>Ay5iywK+(_RdvPI@fn)v{d5@*As`7pHow@04bwBGB|lCWno`CJ?c
z1Cy6Go{Mn`3CV=}HFR@ts1(Br3T69Z+S<~1=B$bgMI<By)ReR0u@=p3FYd3Q(RMgX
z-|cO{3U1_;dl5ockMFw}r{@~LNt6vQoB2GtMq}ggMn5*DMKkw5$LCoBg0f>CWAlel
z=@#bEu(Denj=x7GElR}1HI3No%$bKuMR}p#*Vxz&cBn){_Hf)ah|#*$5B1^^nabwu
z?RlG(tjzI4a`ENM%trH~AL=pJ!X6U4>~^q6!sag#`t~-}KwzP9yA=;pZlMQ|$<54A
zZpP%_Ld#rLUKGJ4|KKgAWMnok`Zc&rP<6CBj|~(lE{4I(+^f&fc3!vaN<G+NGAh$7
zYkB4HLeBiMk}3uR=(^cREiEno8N9avl9lfT*jJoW^4B5rDk<>im11J9!!zG>;GY4X
z){GjXwwSAYZ}_$s4+ESn)T($1@?y+b`Eyd&Iq{P)db^@xYXf~dPp9m}EjN`zKZ(*(
zL6CUNGvAPpABAOyEm62Lt(BSMfcO2m#I9e$p@xxPzh2aP;V2?5*6P9JwP+0I0HgpS
zj_h9G#VU87@hfztE^-3AJ>&1gbGEn9wrFp_s+~iZZ}K@RHa;=s-B$p2y}G*Gx!G@&
zl_yYgn;$r$Oa&x|qKqm*Dx7(?ANH|pEqFnV0!`G=vu}<B-A4;i6X&^^!9W6L7>eYV
zGLW<Y8-->eR0i$jbTdZ?HRqYC(j{lhx;IW(va>U7h<SLYGheBO3?x9cjsCB=d2&B|
zY{vu9@ne(mVfSR)uNJg&X`455u~7I-tH8j^G2~}=MVICp4mdojn|;3bvy_;P9JjAK
z=^8+X1BVg*y?VO7jwD$LpC5W5<k{qEL@bb^{EIcMcb@3_^qvzdcc1#Be)e6)qK#+3
z>&nSVfVHdbf|!Yw7Cqg67*+<+LhLLHgg#r(fb58(+ch<^2PB^07+5igGv;bS&jw>D
zMr_MB8{zcFq(HVuZ^`wYx?M=)53<mZaBXV!vhe-RmNyWgaeaH;;ce+<Pt#OlUcKWT
z$m)uSq}Y5^IFn8tspO70{<qGYnG0)H&WyUf|BcUdEr@<j%B4%oyR&HWK1<1nV+N3}
zp_6;!uvv9Jo;Gqf($#$KRGyOT?KwCB3hV#AHc1)(ocpC-ett{Az98c;m81M=^=qxH
zIQF+;lvqz=3Us!i{2|iqYF3UFabSl3Z^&qlcKK2H4J9|e2DNjrOImULFhVW?kh$d2
zN{A0U!Ua?$$_IlO!g4Zub^q=^?$u4YcI|+a72FdXP?y{nH?~Y!2bYZ`rezRVbImoa
z%x+f%sgW|S<BZYV%wJr*-_L}M%so@^I#)~5e?JZNa+Yc3iCg}p)bB3@wdcWLY<}=m
zTf9tp-Y7bd{s5Adnlnh{`QcI6kO7ZLGqix8Z|}s2nccDK;^Jzx*`4nmmv~POlMD;R
zC_WdyB^>0yI&fkp#kBu+d6j9Vb`v7OS+HPs|0N%v78qP*F3G;wB)Y}kpM5V<oKbSj
z#kB=bw3CY#BEXCu(ymYOvTNs6SD<x-UyF}Mf$r}sKYgATN}FjhDZ0%LU?H=?%81?B
z)9dQRy*ZtFlV9Gpa<C1GMJUbMDN6+8pY%ue+cmYKk~=fIxF@Qrb#+f21Y~1LsLtdx
zy??C*{abRfR8>8vR&I-SfD<R<)&{R`Z+^WPSMf5|AlAg#P~F)~o~>F0$j+|mbIK+e
ze|zC2g3&lby$RjAi1Y?Q7hMLgF*8F@DCgU1ARZssVE^tKAKy+mzW<Iyr=!e>nnEN7
zgEKa^KgFIsJ-}NaVs{5Kir+GdsNUIUNICn)@xLosfU>B!#UyFk2P;<rgV_0|mpxuN
zLun?ps=?vKOR^_u=(i2!Q8N{O2X`Af?UTLh=L;eF=pYkh#gB|jbQ?T|e?~xU^#5OA
b;m+tQ{k^Pd<V&J}qLc=z4b#GEJbV2gSXW%Z

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/swimlane-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/swimlane-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..dfb025884ca17dd3564b4c2f771820fef89a45ed
GIT binary patch
literal 3692
zcmchaXE+;d7sr(%MoI0xYF5pfX=*D$Y%R5mqP3+FtJ>y4sS#3JN?WV(RBO}>irOQ{
z)1pd=5PKG}-#nk*FYo8~!@19O-S>5!`#R_P-@p5uBx_5PE6f7SG&D3<Af`sPR3GxM
z0T`%j&)gq#s$&W<bqc4U;gR~+E<tQ1x2c<qFbLF`k;KGK1Eg{Lj5eU5VPk<9>Dwa;
zH!zU_LKCsi+O-cziaCe7I>s{`3WJ~<&Y52Q+4Sa?F-CCC26#q~$#{t+Eu-xHx;SoQ
z>tZI<4^zz7kwpsJr!+Kh@Qe2p%E*ov0^#~XYyxMyWSWOT6c2MF&%FH2k}KqGOWC&D
zbbWsh;f`W&Zk^5E*cLPfh@%{N_8&&*g$0^E=P_Zf)3Pn@9#c9%`U`w3dyw0S%Q(w$
zVZDScn}@epzplm47}MW*Z)1tkN}FD25<f$`2#8-MRP&kVOw7Z5hl1KEoPK<WSREcE
zC%7R<wh26(+N(UgXJVwycwb0vl=$B}GH4ajxcov(^j=+~|34g!Jh|$}Y??1NC^Czv
za`G_y>fE}$0_^L|(tPungAdvn+&mXt;9*6HdIAYkcd4@_EH0;Z;D64Og_VKy1%=RH
z=D5tS1RF{(di$XgAA>4)bCOGzo}Jzq;Ixa0QXx8OI#>YluwUHm1=0#w)v0pucd60y
z2l28zlJ6V%6SixAt1Clgz?}I5_D0@Jxe}N3=nvxz-J*P~ts0ch0}O&ZE=D6H`a6G`
zMMW{@<|bE%Je9h3&Fc?4+dLfP_+)K-?-+>5B{|y3H&@v>xxLT>`mOa86&XUGXluB(
zkko|&LEYPZe1kj_M5R9Mt)EebNErNpxZmj1RtK-I@sP-n9G!(qs#-euFf~_&f=0Vt
zxIZ~SeRf_v3ag3DNhLcloq}ocA_+YJ|48QA59RlejmrM{`NjV%mGlL*dt9unXtf-Q
zkUqMKj!p3P0Hxim7}oA8`Od6@?$cp#)!~}#0W*E>aeLKMXRCtwl&Qhs>Zdaw!Dpl{
z61fx!FR6~tai2=+nxDI6b;jQwebT<NygHxwJ2vyUtM@1be<{X|9e***dBYtn`pjFk
z+a#KOcU-<@+b0SU(|ZQ++znQ0>zNV!vHizgCj}beuEy~EK<r{?u)%L_d45OuaBtbr
zIRrF5@rb!2qlf3|+3HsRZX{xJ>QgPuMu7%xrvh(n$T94-+$Bwjh;?lc%az*9RP#EO
zExuW3K|P6KT9gxVd*m6thEZ`SFl0DD`4TtW{%dBTWIG^{GP5lv@9OquKj(8_R_N^c
zhHESC&osuu5?Xsu@1y0)_7fB}S-S-^=N*2Jt$A(gT}TLYWlczw>%;qa!&1;6H&W7|
zA-F}>4NNPEyogd|P19)LSQqp@$=;`^-cB)*;ZL{BG?h+*%H-z0RMFsB+>g*HE_;`f
z!piH~@f6<HkZ9`73Ux^8<>c#>1gUh}2M7>wu<NadwG5UGPdHz79~H&!2h28RXA)2I
z-061^FOoj+85&-lMfhsQ<4GAg1*yOn9~@J5mL+$LI0~w6YUt?0?@FsXlup8g#m8wk
zG;Zb1%FFLXI?x6(`;u>6GUngjSDm~M>VM-Xs>IHw{Msz+!J`*C*G3|CUpbNcd&;o6
z36KaY-LWJ&vt$;^Y=fwb%(Mwr!g|rXhrhmLziHE7nz##G=bsB%kgE@BL;lc{NtL0U
z6b8{DuU-Dx>=e7kA(0W<j69o!VbmKGWTwgV;-hNZ#x~Xt^sW;xdl!UsesuaWriV>n
z8g>%dbxP&=Xtkz!=%IEt-_5O-GR8vh-=7}i%E~0t8oU+Hw=C>&M<J^o%RYN2ON|Jz
zvyLNawai}p)sBD(VzI^8)pc#|ado{M#r$47D;*1XS<Y*J8V^2ce*P-+gGH7qoimC7
z5%&57?0N1}T}%*~FF%WAEw}ad10}!P*4O%$ZjuOiFtSO8fvlg6jmiES8kv~CeS`~`
zuDRMWlc1}c_`N|<3Jf;zjS!_ddn=w`a)&CwF|{l`6U~fj+1st+44u@M;A2O^8xquq
z!k0KNO$G=!WR*&C$j!z?Xa?h23TBFgzAeBP@OW|I9(gi>&V;IM&&A~KUk(1k{QN;W
z6of7(8cj|#wdorg63esLJvltwS$Y0G_hHmYQ$=zo$v%Zz_~vNC%h8O>tDC*b7V8?*
z-1{r5wbtA(+4L*o(JGjUaP{nL-yO%cqJ}QI5^0&wET&u(Cejixuc^|(!N(?0y)xLf
z$K+)7sGsGNwUdoSBt$&o@78#z;15(zK{xTpL6QT~Ie+!|xT`Q|tutq3@!<QDx`@k6
zbx#Ph-v?K2Vp5EH8p-Ajc8;j%j!_wl=VdE@JGP;cYb4mz)UK{G&BJd^)p=eiw~PP^
z@U;<h*vmY_sBq|;)SBLO#V0%Sgx2kF^*WD?{+JpZXde0#dG%Q_t`3FW<<R*R{!BAs
z(^5C~5lGvXhKni`?MN)92)FHQ57h^}?B$Hv$oL4ZizU!^l8M;MWfq)wI+e$mn2^UP
z4EZ2|GJjpyN=deS;Mv3p^73w2lEdA%lQV?{_#>7u#KEUFvzeNsLT1=_7*&>6phEtS
zJQ3b0!LeS94p~w|m5T2xWxhS$!r?m-9xmZ4=jJyGDBBBXr{w5pt;ta%tKT&F*y@@f
zam5_;&Q6jx^3BFx&En>?|JM53Ta$R<$HDV$!)sdH%ehPkS)nB>T)sb%lYtsPLD8lq
zwt&kYUU$e82|wt6@u<*}5hX%ftJ(_Q%^Ien;e+n4p@OYV={$?!hoh+Mz}gi=YY+@-
zGBos-tv8-&uDkL2^TqnhZ6q--0`0HJXAnQF9;LLzDL0$$<4k6^!2xdx0$u)<_`N|o
z7V*Bp;Rn6QLskBQvf9dYJiGcH@zd|O=OH)KZ^J}OrQ(0JVbd;-Jw%a)T}BcM0q5fa
zSb6h`sv8{}u+L-yLuL|Jcl^<7o|8*UH%1iy(gQfEwI?&y2a(Rw5B8Rk&f`p-E-NkA
z2Lv)(|9Qfl7p>wJoKKHd743~XO!@iBiqE%0;o!#japH@qg9LwD5}rJkSU<|k98P6p
zKDEQpZeJFnR)R?X{q)Fdn#%t1sR|&;`=n}l1zE|}IQwZ2FPMB3YM861#gJTFHPpo(
zG*~`czMbj1P;xsF76n4T8}Z1Oma+U&z1P}0RC#@&>Q?Z3+&@-+ApoFkvcZ6I2x$GE
zANIg>ncQS3x+n+w#5fA-=<0OGDXGXXRbf(Hut1}V`mNsLL^YiR@JVB_As4M{AFeBT
z>IX{EA;Z}*oSbMF!^yUHqYCu-JH2eYq4y25;*Ww3gvP^7buQ8(%A(YoJ3ir>%<|@y
z>h^QK>4qR9jMHJ>!>CXk!t+XcOyo_a^VPtF1PNdI%(f1gYu5&h7zR?d;H1yZ%{7>?
zcOloc^4*hCp8l|B;i~B4Ca8-Q{YJJvI$x!29xOcNl)JAo@>rA{;1VzAx3%trZ^Iu^
z(0FY`1yjq+o!|?x=Bnx#h(goUN@Ph5?&Ux-hh<%zjk8@x@*>M6StW&%`m#)~;qp))
zEvII05fS`QKJ=L<Ux_V)0l<PFnWd@><?Q0}j=KG~>z5emMv0jp%H!eX5_*8NhQj&Z
zap$1sGS6HFcuVT1r;8#Zus@^YKRbjg*C;&;?6%8zsVr3+F4-G>3*GLm!-=Az9$mun
zmrP4pS-T{C_!{lwTQ*&cgMW*C!W}VY_H&iVjeDVKp)$0mYb@>h69hw91C(hAVl^qT
z!nuC#nEA3b*W_I^#J?={2DCeGVa~+DUCfHE{=JO`dPNS~InZnjzL=4z(EVp<Z0T-h
zlB9N%6L|ky*RNL3{q<98xBK6Yr|(f2^RNSFmVCPMBzq>vtN)#VKpGFaVB<X&=MAqI
z3lNAu2mb|Z{H0h^t12hIzc9G_Rn(`Txr*9E8IP&qM0l}f)_3n44X6Rqjm9;R{?_)W
zbRaO*GBYo)V`lB1-7+3?o8c>F?e6ETuUGH%_AoIRHoCHzy*eW;9glv22{sIN)GMs<
z3nT&k*oiyM{UO?N@(L1p7AneWsx2s917LdjMD;z=!UK1uS1GK7-@hZK@N8;cy9&gZ
z1QkJ9rS046V5H@k(1$2lu*GK?qw9H{3&S2yq1tJ>QQ-tpW&;0udEKOyQ&JrKWEt^#
zq)JDKP0)e6v^H4ZHbLJx8ikO67&~3{THs7cOGW1txIHYqRZb;12pRj06OzolOS8Np
zsI_%!004_<(nmJ2rlzQZKqEM;ZH&$q{RBZ^+55T%)Kgysi&X}S^el$iy4oabT(bcH
zuCU$Y6Dey{W_OqXFfcZHtl#^pOs~!@<$X5RlrNZW<6wvE4Tqnovw+k38<J{+@63Vi
z-x!ja0{W~HT-=v9C^8oqn4&u=PH>c>13G-~UPNcEIH=yMjnR~g;TMccOm*08FBKe6
zXZb^?`?Uwmm2DQOS@@VIH@%b2&vph%%%?XC)#T-m`~S=j|8rK!`P(+5szI*3eD5N@
z$;HLKxNODZ&U-aY;S=4B*Q5cU0qSKhzLLU{BMbM<m)=1LshCK)^h5PZbOFQ=Eqo;o
mVe_2hu^5`~-y8}r=>6wjTCQNC)~J&r4aC^esLH_O#eV>HV+`p4

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
index efc63e9b1b..eadee9a3b6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
@@ -55,13 +55,13 @@ Logo |Partner name   | Description
 
 Logo |Partner name   | Description 
 :---|:---|:---
-![Image of CyberSponse CyOps logo](images/-logo.png) | CyberSponse CyOps | CyOps integrates with Microsoft Defender ATP to automate customers' high-speed incident response playbooks
-![Image of Delta Risk ActiveEye logo](images/-logo.png) | Delta Risk ActiveEye | Delta Risk, a leading provider of SOC-as-a-Service and security services, integrate Microsoft Defender ATP with its cloud-native SOAR platform. ActiveEye
-![Image of Demisto, a Palo Alto Networks Company logo](images/-logo.png) | Demisto, a Palo Alto Networks Company | Demisto integrates with Microsoft Defender ATP to enable security teams to orchestrate and automate endpoint security monitoring, enrichment and response
-![Image of Microsoft Flow & Azure Functions logo](images/-logo.png) | Microsoft Flow & Azure Functions | Use the Microsoft Defender ATP connectors for Azure Logic Apps & Microsoft Flow to automating security procedures
-![Image of Rapid7 InsightConnect logo](images/-logo.png) | Rapid7 InsightConnect | InsightConnect integrates with Microsoft Defender ATP to accelerate, streamline, and integrate your time-intensive security processes
-![Image of ServiceNow logo](images/-logo.png) | ServiceNow | Ingest alerts into ServiceNow Security Operations solution based on Microsoft Graph API integration
-![Image of Swimlane logo](images/-logo.png) | Swimlane | Maximize incident response capabilities utilizing Swimlane and Microsoft Defender ATP together
+![Image of CyberSponse CyOps logo](images/cybersponse-logo.png) | CyberSponse CyOps | CyOps integrates with Microsoft Defender ATP to automate customers' high-speed incident response playbooks
+![Image of Delta Risk ActiveEye logo](images/delta-risk-activeeye-logo.png) | Delta Risk ActiveEye | Delta Risk, a leading provider of SOC-as-a-Service and security services, integrate Microsoft Defender ATP with its cloud-native SOAR platform. ActiveEye
+![Image of Demisto, a Palo Alto Networks Company logo](images/demisto-logo.png) | Demisto, a Palo Alto Networks Company | Demisto integrates with Microsoft Defender ATP to enable security teams to orchestrate and automate endpoint security monitoring, enrichment and response
+![Image of Microsoft Flow & Azure Functions logo](images/ms-flow-logo.png) | Microsoft Flow & Azure Functions | Use the Microsoft Defender ATP connectors for Azure Logic Apps & Microsoft Flow to automating security procedures
+![Image of Rapid7 InsightConnect logo](images/rapid7-logo.png) | Rapid7 InsightConnect | InsightConnect integrates with Microsoft Defender ATP to accelerate, streamline, and integrate your time-intensive security processes
+![Image of ServiceNow logo](images/servicenow-logo.png) | ServiceNow | Ingest alerts into ServiceNow Security Operations solution based on Microsoft Graph API integration
+![Image of Swimlane logo](images/swimlane-logo.png) | Swimlane | Maximize incident response capabilities utilizing Swimlane and Microsoft Defender ATP together
 
 
 

From 59463d206e29a5ee8fb326e07451b2a8b02ac6c7 Mon Sep 17 00:00:00 2001
From: Caroline Gitonga <v-cagito@microsoft.com>
Date: Tue, 15 Sep 2020 19:20:07 +0300
Subject: [PATCH 17/57] Update value for DODownloadMode(99)

---
 ...erating-system-components-to-microsoft-services-using-MDM.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
index ba4a8aff28..d53f7dc795 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
@@ -152,7 +152,7 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt
    1. [ApplicationManagement/AllowAppStoreAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowappstoreautoupdate). Specifies whether automatic update of apps from Microsoft Store are allowed. **Set to 0 (zero)**
 1. **Apps for websites** - [ApplicationDefaults/EnableAppUriHandlers](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationdefaults#applicationdefaults-enableappurihandlers). This policy setting determines whether Windows supports web-to-app linking with app URI handlers. **Set to 0 (zero)** 
 1. **Windows Update Delivery Optimization** - The following Delivery Optimization MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
-   1. [DeliveryOptimization/DODownloadMode](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodownloadmode). Let’s you choose where Delivery Optimization gets or sends updates and apps. **Set to 100 (one hundred)**
+   1. [DeliveryOptimization/DODownloadMode](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodownloadmode). Let’s you choose where Delivery Optimization gets or sends updates and apps. **Set to 99 (ninety-nine)**
 1. **Windows Update**
    1. [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate). Control automatic updates. **Set to 5 (five)**
    1. Windows Update Allow Update Service - [Update/AllowUpdateService](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowupdateservice). Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. **Set to 0 (zero)**

From a10e369790611bac3a62edf44e2b6440d7be4af3 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Tue, 15 Sep 2020 10:49:22 -0700
Subject: [PATCH 18/57] add logos and links

---
 .../images/aruba-logo.png                     | Bin 0 -> 5836 bytes
 .../images/bettermobile-logo.png              | Bin 0 -> 3610 bytes
 .../images/bitdefender-logo.png               | Bin 0 -> 2512 bytes
 .../images/bluehexagon-logo.png               | Bin 0 -> 3927 bytes
 .../images/corrata-logo.png                   | Bin 0 -> 5920 bytes
 .../images/cybermdx-logo.png                  | Bin 0 -> 5352 bytes
 .../images/cyren-logo.png                     | Bin 0 -> 2568 bytes
 .../images/lookout-logo.png                   | Bin 0 -> 6649 bytes
 .../images/misp-logo.png                      | Bin 0 -> 6911 bytes
 .../images/morphisec-logo.png                 | Bin 0 -> 4846 bytes
 .../images/nextron-thor-logo.png              | Bin 0 -> 1390 bytes
 .../images/paloalto-logo.png                  | Bin 0 -> 1900 bytes
 .../images/symantec-logo.png                  | Bin 0 -> 2629 bytes
 .../images/threatconnect-logo.png             | Bin 0 -> 1986 bytes
 .../images/vectra-logo.png                    | Bin 0 -> 4844 bytes
 .../images/zimperium-logo.png                 | Bin 0 -> 1888 bytes
 .../partner-applications.md                   | 121 ++++++++----------
 17 files changed, 55 insertions(+), 66 deletions(-)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/aruba-logo.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/bettermobile-logo.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/bitdefender-logo.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/bluehexagon-logo.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/corrata-logo.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/cybermdx-logo.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/cyren-logo.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/lookout-logo.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/misp-logo.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/morphisec-logo.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/nextron-thor-logo.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/paloalto-logo.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/symantec-logo.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/threatconnect-logo.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/vectra-logo.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/zimperium-logo.png

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/aruba-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/aruba-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..037ca3b833579383b59af0f32e406823ecf8623d
GIT binary patch
literal 5836
zcmcJTWmwd~x5oh$mSySgZV43x=~$)21*DNsVs~lj29*Zs?gphhmrm)DUQ#-xVOQ?{
z?{nYW_xHY--#pLEGryU0&i8!IJQJqzPKgjm2gJg{B2-ZZYhilF|1<zD=G(t^p@!-3
z9hD87v9PE(|I@Hlv^Y*NgLp0~>aX#(@QFzYfWStNFPJ$S6|lUvN5)a6w<G18?|>}y
z`WVr&8<xd_e}RLIV_;@mMbM8+zoZg*)a%)F%zsp;vNBeX+5lf{QC}$<S6SjXs+-=c
zgQvl#=FbSYU#5uRf>M&@qiL!*I414|SXbtbU!lz_D=G^3_kfR%8}3slBkSC+4^L3-
zJE*Y}lp800VM2FbHH^6)TacMZPcCE=xa;@<n=y(%r{|1A!sG8v^^#r4u+)Ob36~iz
z_9n#fc2x=W*jcfp=kpU6@rnSV0m_N>CL9Td|GoDAXcEV|D)E%QBVr%%cnVcAno3;}
z5Kz;da#=}&S|4X$8k0~3>&anJC=-azyxFZ^mAm?YDj`%&d)UGG$-Bxwqs+Y>L@j5)
zoTz!e(L+!|!IQdnpoqFnHJaSsq7R^ycl!+?PF7`;Jm?G`u_q9N4XfKb^si2+1L3*2
zM%69*9}5^M85DM9z=kqxP+CKIN*aRgxguKdl~{fYy$1VA$)IcCdPv=CSj5jsr{pga
z4$D@YnmtEg<Ud^9O;)WeX$f>jwO@h=t5o>@Po*o-yf@yRKvu09651fl5>ndNIh+m=
z;gPv5bQ-?QITh~tWh88z<guEeJo?|0>Rph&t<SIvgXrMgZ9CDib~_rmq>@`aa#(=C
zSR4YUQ~P`N3rpg!_L2THN251`<PGEnVf)R>u<MijyEKj1>fIg9z^H~BA}zlwJRVL`
zfG~<>n-rX&K-56?Z?cl*UPkU_ifqi<61Ph5h|}pJ-4Q`x8Jr@b7#O8IBxh8EeWK_e
zu59{P;jIn#BAq^I8SxeAt5fQdY8h<~7&G&A@&swSOI@DinG6aVdeL2g*N=K4qNsma
zNh)(CFf$<<6IR?&(@jFhin>dlD9!3@I&tT6p8=91(F`<x7d7`WE3$o3mnS7_EQ5~^
zqJ>#~7z;US&RAmeSG#MEsV8i*-gx-biVG9*gSXa9S-piu>EdQJB-fcAbZ4T#J7A5u
zZ~D~k<cDQ_^M5I&O5MPCa3961G`d%J?)sOK`QMy^uSQ6I<J|+U+M=uXhCOs;@tIaL
zjMK6Mrh3b~Q%|#GgO$xTnn<qRlHApass$-M6KV?u60Q3lo?z^1bw~=Ey(6+d<=bw4
zsF`E4<R*(>d`%)&Z&wDWsSG=9m+hKf4Rt?YUab8rc)m3L(YMO~@5sAe50S8i+}9m}
zzDGAXiA9Kz<x6iEfzyPlpH*BapHJo~vht&`m(5>8dK*Xtl3yaFAczjeiu%p`HO}Ms
z1_Y~B6A{9;)RT_wSxsTfVtjW&$*jo#Ap!{cG}|6{=nzf^b)RWz!#nTHHkbOF9N+UT
z&MasX@kD{e<x#8wh&D)g%5vN-_Ze#eW7^2IUqJgIE5^~=pyHaNkp%D2FC;mh6Hfe-
zrA$f%Pr)YAVXkm7KC)0Q4q&%=pourtDzrVKVatB$jV0;AgKOEaH&-t?PVQc4(4XDe
z>^C>HF-IpKjhBOfL=cPiSS-vL<@ie!j6S?54I3h$p=EE|vAO!h)Vdf_e8(GEKF+H3
z+&tv_chlaMrijz_9Zh!Q-VF3V`dv}TxP3zG*LELCB%a?Yl?K4O82~af@gRNX3VwqF
zM&9CGaMEvQ1n~(c_;B%y)Ez#L#A^?4N3DmYRvpu7JBALn?>sv&`5u;!qnHBi2x)W_
zfH7GNc$P&tytAkUfDN(x6~{LX&Z@)Y+pcJ58g@b%ZU{zNlDj|)N8jDZk>{d5<0!FD
zNnqhUQ0IP=S#nx`Pc(^#byj~X`k=w%?4$g3P9;jb9qI?@@4YKfV8`HQ^bow#`Tks_
zopDvcB60p5xdcq&lRQy>zfiz&rd#TMnbMQH_}#t)5@~V;mNtS@nKQ_4V)Ww2XBGaK
zgg(jl4}zkF`bNEiT;aq{C4>pxWvgMpsNTh%)AjoW<_&|}&lA$qOWrpJ7!@4$8dh-p
zyng<()=l?)Je7utq+JMM3Qgv<|EvkDIH&@)YoH&zb1W1P8f5}sIOqb|#3a>%%%>f`
za9et5kr6`i<0&~ca}S2xEbT>zv%YskHNezew$<xjKZ<4^zZ++tq8^aZOUhi!wW!OU
zjNy@@p>GdJGJdJ%Efb0NuTzG5A3{mn)8gjk_CEe7{_tl+x-Xq!-%CltY`c|77b(m1
zBT~GEd?kq(b6<`${4CLIg{On>eiw*SY`hWsjZcEqmU8#?yK2Y(lB7wqlKduGg<!#N
z49N#_e|w{Los(#v<!i$t5-3Di?z7bEn+Qgh(JGq-q)Z1@iB%6(vEY$*ywb6DGWr~v
z@n`7BzX-I(@yPt^pa9u8%>N~9TJcgugt5BHHja~TB06nKmi3U6g%)h3`GH19cwj1~
zEdV*=A(_v{A%7zg&dcgtBw_*~F(F$&gSfTDkuap8=?YoI2RVLxrvT?+lQXFwhk<Q{
zqu399Sde;V*RmNFp~RrKOy8ZZa#QO949EU9{jmFJ{3_0)hcP-%pOJdwd3E|X<L>a`
zH|4^*_ujQuDSSSRvvcBm40fMgyQdO?AQpP!5qJoYh^>{Li=krAP35UCDI2GB1&mbQ
z?L&(91Ft~YHv33%OjcWfn%E*Gah18Vl0fW>2U<06a@zdhC1Hp^)IN77Y*0{f*pSR!
zC`{*pj!z`x28T12`B2Gic0iQvwCvVp<9m$=KJ%T8h5z};yT)$)la4P8wwy&d$9?+s
zJ%aa%4(T)uQ*2Iml5W8g@j@dc+o>muHpmYO1F>xZn|(`X20Q{I=Bxd-^Y8&5{!h^i
z@Wm&46^06xG7)r5&xO9l$<z2rxudN!&M9kJznqquf(b>I(p}+SDdmHdss)d@+73$H
zcnJ<grAi-{qp&B)n&ebkA2;ko#~?6iws@p6d<=C2oTCT=iP59ISX4N^dx+5GKUZrd
ze!m2}qZ`E>gHCP67l+n7ynoq4p5O}8o3J|_E}b(SsyJ-Dwr1*2TIIaBOU_HA2?Byh
zkZ3#@CeNXL10=UPB)dIrZNv*s45Ev}gtBg_grna~ni-Eq{8?K4>B_gkRcX<rsDC>X
z!zW5cZB&$WZ(cHXTT2qGKl{Y_YV=$2-829Kd{NOn)oU#kcxWvrv=piP4~vbHe!&&{
zU_;Po{w6%(xW{=%D8T;2`;wEMG{Q!se85gKL7^d=`=VPYFL5~ndaJlLF7GO4X0mK~
z&EAgSNY&$2uk@iYNAHAXpypI8nHSuW9G4cvq04vvuUV-q%x%4+CTu$JzrdXGo?<HF
zi1TWQ^D4wAw<tH+zN>b9j;lfJMV`i7tFVn}@S@(QfudaRXD|I}5kAAcEzp}Y-wg+R
z#NUI#sB5l8`lBvu5605<fftQp#M{?$dgo@gw~XG=362+B%DX{C$S3FChw&f<MIi+7
z>gGd$@~HYTJkUNz0D*TB<*?{IpK7)0@dQQ|cE^QD)yPrP{`s3exDj!zL8QY#<3!Cc
z`GxG{w$i*`=D>@7PcNN-foS(7=bJ1PciqP2B-H7>J<sD^TsB|QezYm;pB=wIlRBi}
zH_pvn3%f~|iyDC&nR{cY#Aq%*8JhC7&^oEe`;M<CL;g|6Lq&_E<xG|WUH4%fJ@=g_
z3-$Ud${LhYM+0V@>8H|{4m8(N=}is_id))i_qWNy$M<$%!+(cI0xJP0@eiMpx!<4L
zvhFy}p|bIS-U%4G<|Nv7TgybYIZ=pu%nH`SnZVXWULOhXehqvo<T`o(5IlRz_j~p|
zz=2QU#l&CTJgpk8v@6SzB?gyAcAp860}rH#KQzDpNSFNMFB#+k5O;Twlvnjv{I#G^
z_qW0Wm}7e_pkWawowZlAOP&fjdeUD!;nY9T(lan2)ieM*Wwj%(*RAeFoVr=Th{1QV
zy(cv3?SYumS9ZNx*QlG1;IU+t;tee;ypk|#c(SgJ2hXFds2_I1Kg_i7&U?so!Cb9x
z(Ua%9?Cb@!{8rq4qH+u4Q~gS290B3O8bRyX=eK%V4f?DJmTZAl(0+z@RoQ2$_ym6f
zG6R*TWgzDqrj99RepLEJXsa*Vsm=ZLzDD*xAsd&sG01Q-!c=DoYt&`f=e8fr{e&-;
zHdMl9$KzYyq#H<8*<}s1h+LyxPIpx<j7MJOJY;w1?)v=Coxk~&&02_sR5Y2w+dCQB
zf&>6-oQyxpPwUsb?{<sH8*(8#rt2osR{OwcA6!*lIP8Yk*m&jHz%de$Y$hzebHK04
zyT89rOG}%2WxzwhMi!Qn5Z)j<sV_{k5kzgeQJ8FMIgUgJD!icB%Kw1y`tA%}O~1_e
z;cIQ*uArvI-+0GdfYilSpU$hTjmSbG=Rq2(lfQqDO-yLK?IftL2eXlOualIQ>+PK|
zv(SJ(rCD8g(C~7ao0~^QMw+E@<;M8ho0>A`YJ@gk9d6F-y@-s8`n$>8A#Y>DzwRh*
z9TFB72a&mb-1j=@&<9PZur54TQU6RzDpCtLT(f(4SWsD+U0wYwI3y%i>$$LaC_K%@
z)pdGh<(s7eh>&o4c6M}PLKyS+q$FLh`#V6;_8IOnp_7p!OqizN$B)#aBC7^_M0R&~
zAC_|A?%rPC$u)Z+2Mvg=@ITh)d5u~lU-^BFiz~eGk$F39Ve1m<dSKn8VT2a|H(-#y
zB6@Or%kau8GK6Wle|MLMSB5z@bZB>;=9{7-1qB6IKr@h?^lMj+G>ZbOpm7_Rg=8yH
z&;9QYh)mbsG*tgXQwoJCFeenu*4BI=@Jm&Vho3+H$B(emxkY^=XS`%tSntlc7Q%|K
z)%_&5tu3LY1@{=?zA13MXP5p(l^5ez!0BC^i;K(KGWX8JB&z)b`jXO8ZiXmfVPRz`
zlsZ>~rehT%?<b>IQFnSg^d1Bvnwp+g)3vg4skE7#T^PMQ$j8_vAt5<5Jepqxd$zX+
z-`e?8U6zNF?XaP~b9F^@b-Xe#TRP`)SRMV*1EI`$=7kV>DLOelJ#2h%QqbZhYEqee
zPHjCjG-NgVGx0GFc3@F;=Sgung3)+xp=}R}Mbj+P-QsGq(6laik>2c{@nwlCCm{}v
zN2IB(t?X&AxAnY&WZ8Gli^<bMl32Da^Ws9J&4gGcJ6fkyw+fwWM?p!+S_tOr!|BL=
z0Ue9Y&UWC&SBQyC?fR+1@3|FwRAzvnQzwrnOBlir%Biah<j$J!+KiSBp4-W9Xo#BC
z(RunIC2a2WITgUn;5pTP1d!mB>pln*r7Xm~ejALGlJXBgjvPmQ`qYaM#~l0VaJaF1
zX|o-xHlS-UO;X%@n*nQ>KY1XkxUgvB+%x}O@bWUl^A|5X9hV+4$o>-~ptjO{|6X0*
zkBRb+WkF$at^X>vlT!`c##AnRd|>~l4ukCHub3bkHP~{Aic)5eLmRV`Uh>k<xPBjr
zjGTW~`B6h#e{j9WfxYn4M>neMo16T@mDcEs3l|{pFRzf0`Eb%G!z-r*$+_}Bh;!-*
z*Gv>jYHHdwki^2m!f{-h-s4P3X!HDbzG?l~=wvQki$Fc@jKgw2G6hcmY*wUD`;d;8
zv!wze0Y#mIkKU^96l%lLQe2K^1m5NyB-E6;o?T}yCWC$3QkPMNus8tg#O2<Bf)6+J
z&ToHw^N7RQj*YuNLd<W>_Bvhs<vDb7fc)}I_p{Ms5%m`@`9#&#=DWc8(gyu=3_U5O
zDgXSVjRehDNY-RKu6;X+G>wjzMlf;8&t9}K5oahWEltncV5{S0btpRJ3k>B1Vn{SI
zJ6DU&#VaNZys4t|f6GT%S{B(@3SX?#kcb!9%vRx@+%SnuqYH)-42XR*5?s6Cy4Ul&
zrN-!Rx8<F;Hy#>|<|)*#x27C`WNh_@xqIF@XS0gBVnfF=%=^Ms!^44a45%OuLc_^A
z6LWJAcL;H*o?dKfth~87IU4;)Tc^CBu7F~=M%;J%Dec~#wyt1tadGnbj!;#R7vbxm
z2=jN$3=9Pg6<L)0d_&5RotYog9#XjUVn}t2oxc)w@9ytQN=kAtERnSSIT@IP;SnZp
zk_7m<#l(`MqKE`Pl$hWCwM<A%oSK|ef$C9XHo>rg1cW;@JZx!e8(CeA<>}chX570}
z^PPr~@sEO?w5#hS27^wAnVT1vm(%kzZ_Ulw)xsl&Mn*bMuFrpG`C?AFv(;J*!2QM`
zc}0X-4vPM;GqKK2K~4GjwDV(daPTXSQ(?@we$v*|A2kM9zc@3NP`Duo1adrG`>0!P
z*wytd<WsGynOTf+>lH?W%BH5W_gBo|X_2p8EDr6>=@k`B@3LPh>grNewzb4#1c~&!
z=V8pu#88-fYkRxKc?Yt4e9TG~rlF}hwxkqA26(*C@xZdK5&8&^XmWOCv|`196!3Vy
z)j{@4Cu&t(EqJL0_wGGPTRUO>-0SQfT~Jt5ZNFl;xVX4`bYSkPL+RJSJS_rmo>JhU
zVIu*M0fTs-KE=c)Fly{wl1{>Vt(pW3#4+w35*jSd%gb0_Cl$%n)Txi7HuXuR<kvN$
zVKS^V;cSu>AM)&BXJ1CF3;z10T3xV(z80$SLuX>5wt73}Zcv>USE!b(VbGk>a7Co5
zrUtXMef-4ccbU~f4N!8+-F<r5Cn&co7sjZkr4ci}ST7nGwb-G01UYlwo3czxH}dcq
zFdqZuVgXJ)5j4RcE1#rgj=<8Wj39NpGCw~VJTYoSM%Qup`Kw+qNNTu%ZQ`Y+5oIRt
zgP82heF*93=&S~!AdZLgk`&a`TDpea4R%J={ic;zQ(DxH8(X~3r=|hH-56~{AjCzM
zv6=DT2R7x&4Mi5xsx*0D+o<tpW@gTaiD)3KL^Csuef|zHqPDnO1I}djU@g9*zSnmD
zUA1FFm|HAUfBZw8kITwlnl06rQV1D%y|*_rpsKIGoWWeOOy}eb4e8);H%~R*pmou~
zp)uUYYDpBa$;ks}o7^#4TH4wGfRhu|a}g<pqaca>eR};yjI1fBAI1EK!9+N0R)Oey
z;@J53QH+Z$pit+HEftrQo{hc;5{0$%LNglNlXmYk3@vpl%C-h$%|S$<zq{;9N5Ckq
z!O<aB3Sew{x|%pc_sRA2@856ij2{&ia%$^UvhwrCUyo%MH#MacswI(xfd_|&IVp(Z
z6BA$m?tUsEDbak5^gi{lM}9~xh*s?kbC2SZ@afS{qP&mO8oT%6EwqLseiAW=7qG<+
zX6zt=6(8W5A;iq7diReWeY0L|fAp)SEZthIO{S4E&^pZT!HfyOs^3z8*(^L>;#yY&
zqq4ZT+t-C<Wp9~$91jGlp&8MrFBQWfJ^!DtrV<&n{$d+jXXcI5M9K6V>)EuQKNCGX
ZlCCZD<fmwM!@NXesl0v%u23-h`d|2sX(s>x

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/bettermobile-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/bettermobile-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..03c731e2d6f6019fb29ca1e40b05ae0d0e4393eb
GIT binary patch
literal 3610
zcmb7Hc{mjO7A7-{U5zzlk1uPDEm_7|c3;SnDP+kuVK8GGOMHqbB4w;0*=6k6YLe`U
zXb>}&u{6UN3=;0#|L^nMd;d7UbDr~__rLT0p7TDov$@XAah`*TiHY0%hRIDv4*qw5
zSQ+nU!mcGFu?OF9K`=21%KbZ-&2P$58BMk@b8Az!Wp>`P0zzF>#S{j=-Q2{`0hLcF
zhz{eQj*aiZ=SGynYUgdOl2A8DU;dF!6c6-=YS)qxfm{(cFlR#i-?y<hRq{qykdx?Q
zV6gxGr0_KRRh8^AK&$ZL)Y+>VEjX<34qA*|Mv5g$#;+V^UL8A3ktl_geGdQ{k>z%d
zKX@QXqg@b*{r&fh;x$O>Yo-vmSTtK0M}fzWj+Ag_i%qzTW{Bx)zo2|=XWl%TVR^{O
zMJWbjl5}2PFp|42q;RzZIxr5j$WXBh4NJ%>WiVjH%WG%;H)vEMskdrWa`soJLpbXL
zq`g^zlvDYD&2>9!b)Jg;eOdzFpQ@>$d+UPTIRP>s-p*~3(m9Ydy~efr=o4@GbacX*
zVx}s0q_I|tYpkx8ej$F~#q8W5W;FwhdfV5(8Kqh=d#u0;1n3q9d3(Icd0H2~GgJ*z
zM*&ZriKKZG2q(5?*e26ySzPKXm`}`qowT5e{I+J#41CC(O1^k&Sx)WpJgB!dG-$3U
zkXW$6Gum`?b%lobwjzV`bjKf{d@4S9XblLsmJ2v<afed#o<3KRNO6rRjyD`vIcbuG
zSZ+059`W0Bf_rvma@&Kiekb|P=BU`T$Ec$mr<~dh+g=rTdPHR<vwc(Ya!J1z>ndZ$
zkx&>vh*^PebQx~Ef5@2Q2ioy-aTLcVe#E^B`D6Yj92$~og~)qFQb$ycjBTCo6l<GG
z@2?M~x@sL^I`Ak%Nr0Ctw^yIYK;wBA$F*K~YHh-M{xe7iB-O)Op7r4rj*As21^pW;
zkoc_z)qQOMZA?^^rPc3H0z1}9YU;pWGkEQ$Mat?RkE%GX)S8`yX2tT4kx7qh<7{w}
zNrcMnZ7a(wDFzQe7XDVzbc~_`;AEJiEtEQu8bO~#mJCc}K$HiD?U$C?PXrO<E>1;L
zUV!zB*9tY4ZUCAZI(jNG%DFoC$+z(Kv*zXUy=g$6i}+H5+O$F@1D$Czm@kvvmnRS^
zg`Iua{3&P3(0(`B1hjW6f67|Ml$R?!e!hNZ)|%A<8$^Ct@VT)Q1>m^bbaZ%PE+nLv
z@HQiQ985TphfRjFo>fp9O7ra}t20JpLt$^(J}-{3-;m<_ryFH!+pu%9goU~7*l;Sh
zl~>e8kNJb5?`-hVLlB|dh|ShkShnZ!k8HL^5Z4|woLcRi7qrCagAQK*9Q#e9OYydM
zcNTQiF@db___YL4H|~AE&<HYlt~KYaG}5xYr=)o1$24K3Y)FfMj^5}b2T-K}F?vHf
zWu5bT{RCk%o&>4z@!cd1`vNalE)YR}b%u3rb)iZZB+1yS5r@@=eh1^LYOLHAQhZUN
z&mO@G_rtoyOE@+<90vX0{|;2Fro66GjJE?W3_K0BsaWmB7(W+^Rk<|sF4Ip#I*DMQ
zirmH1;W_fUf2od$=!em3<C3@~SjzZ7(>Uj*q>BWBAar-|5wrIAVrh#pW=l^)|K!D#
z!L2V+4XZPi#!rl7BGvl^=i{z7PjMR5tWWY(a9l`l+~2FzVimWLvQyjT_mm|2upq9~
zysaXbq-mbl8(%bb1oHYYwD6QXdENEYSt_~LjwZ5h`e%tt5%iWq#nykQPPS!^Q~xNx
zT@rOKL|-8V+NAd8r{Cj~!sTTXNEIKbggUnB1}a%;Olf@0TU2ZspP97v&LkCsCq|c4
z5sWZJi%o6J`-me)`uFI=*jS<dy!RnTj{K&El5Z)^(iBzn0yM-`403Z3r7&a`@rS?*
zSDc9<UeNy5a82-rRIpE!n87twJ1!1N_lYG-z%`b@y8Ekfbzw$h_MFTLsfkq_6k<Ic
zXat%=e~@p6#kkJ){qlAF%LYsHJ&d?;o{(XcY$^JI!_khf@8RM*hDw3vf<a7g{e{qX
zGBkm~M~-(4mKJ+@$i==IzzA$YJ6@9`U+|6gNQ~=3U%lebl8T-f#Os2^N$m^`B%-Dg
z!%5NCe?X%}KF=kiWCDE4=<CEHtw<aZ;nNZRWGn_%#<#YXN%MmVNjOA1U;h4hwu1KY
z6js^-iGQu&<(gjea>EPW!hOBoZk1jgSidV773CS?FNVMd4O7;G1cLNioT3hjXN-fc
zKl9z!P=ov&oLS@-^I<94wbCP*h4k!3NG3z$BipxU`W*PtVNI{bFr7@=N@llgElKa{
zWx1S3Jv4VkOm(Db&IuDAXGH$$47NSDmH%MLK&9ibrX)@7^!9bbtmKFy4kI;Hq!;+~
zoix3XCaGKKD}QZ1$qsm3v{|0rK3^~*+l%`WuY2mm6FzC(^WuR_%W9&|ddjbOPt{ZY
zvay~UH&Znd@ao5)bX8lXJ|;aglk82KuxAQ_UheZFb){ej%!PFxB}Kbu@83k6vziH6
zN+%YIR%r=lS`hw(Y!8pTlZvOkfTIxuV8?a<mf2B2)}-B^QX%i!wn3MPZ@;QZdYU#u
zWzS*<p!T}M-pKmn4s)NXZx3-A8$_}-9RrD>#@qG2u)ym3oVn3^-Mg3os<N3*0#90k
zvK-zj!j;d6*nDrKGiG_FVdbCbJOaIvQJ=?*Hc0~*=#QIO>9}*Vxe6_}wLlC`tsGvD
zh5v`+I%z;pBfFKSGifo3N9+K#QmbEh(v|_s*`yNgR|9C!n+acKLJTz_6U~3G9FpLI
zx!<YuSGVT6yZ0@P_pivXU4|D8&icB#xZT1rU?$Sa%#RKzPo(5K=vwAMFwdBf9P^CA
zPVGdk(r=1mgi|~2h`XsS44H#5?dcl4U2z-dS)^*QSew#VmdSR`dO2k=djF#R6_rAb
z6pX@y^*5ivge_i;ck4}QTk{x`=vF%X;cP|Y`@xYn6SZ!80K2bcLT^63+YDHrE4V@x
zyZqwsPm<3|Wm0%84khBqRbkl8H4WX9!ek}AxJwGh`m-Y(0o{3@!C>*$>UJ%wFJt24
zEYUlkOxWa*at(W(X)s5)e^gXnDoAm-8H18u_&}>Pm$l$mVOz`qgPz^L+z=YYp;%Et
zJu%hVx*NE9-&hC&2~x_-{_@(Kw%7KdO$JE!8JF!Bms2{|zLdf^G$Q`fq0xT$IL26H
zY~&Q^O;jD`S5;Waae85&&)R?I?(j#X45vWD_FbCGp_X^1s5(iB=omr89kV>R(-oww
z1RMGXy;4X#FzDr#nS~soyN?&KO8NOr>FG6dTPxTy06n+t+rBcpY7r%9x!#Qxt?Mhs
z35l7^hm)Ew8L%Z1)I^*$@dFThaVX~l@@_+|)B2<~ctO#^$D=TvRO;kHc)a>a7j>_K
zE%oyb5;(mdq#u<7%suM4*r4v&LliE*b{QD>2PMu4NpNTL)v7NEi`8G%93Iz<^Hp}b
z(^he}GI_Od{3P^`(A?gRTSkxl;2w}`!CizYoqT6oH@9eZph~19$QK26?yB8K>Zxa&
zHuc+1$YY%8s~B?wYHJdF?8xm7y~W5cw7#(xK97K%{)nl`G<D+cJb?;|PH-P=z&b<9
zay0al!zY?!>+S|ij4&j*>?N8UsrlOVkw-Iayi}yj47(-y1P#)-Xs7<`!a-BwP$`-!
z+I#<EtRZ`OLArYK%1h@g{^jYjzx@1FQ1~J*Pxknkk5m3RzG+ubYCq4sZ15`IekjdZ
zQLUG~U;V{sLmPrkWLDAmxro^4TjS*F&^{RONX`A(zx=ns0XN?+Vx^}A>utpR{F~9;
zOT%N>uWr-kkq3^PLTu*&W28Pmk7ngwx#8hF;j?9-R=UDmcJsn6PjfB5>)YU!hR@@|
z?MnHL6rHceT~;)f@YOZLWA^#by1zGFH#Z8{*w`y&ym8<9VrhhppldEUvpst25DR>#
z_f=D3?z6;6opUb!p&`XOP@)OgAqwyFXvw$o5+?pnon!@T)uhkbbFJ2buHhD}p2QQg
zsSyilf%_RGK<6DnGFhMkE?Jg=<^jy?_l#tf-^NohD>Fi+vPxMA2=@hg)9I!oX>-s!
z#?@=x<ibD*wzwnR8w}QVp_Ho0C%fI1hcjU^{kW(y>#$2*xi+w|1m+m0yhvg&_{Cwn
z)l(9{^9tLU#|V;LRApisuAcsWMOFosCE(PGJ#On+(Cq(tt1vhcf15(m%YFP{?q|SZ
z=fo$#pO{-B+wTLKnR$e*`F%_-j3lk7h{{b#R!HN1DK85yLk+AYDCJ76$kFz6Va@~6
z;F*>`_99Nwt@wN;D_+|3C0KUF?91;*Kv`psp&hP3{n;-G7bW<5o#N7`M}N0zjoEng
zq{g&W>)?NBgdz>vTQhDyV;Qk33^AzI)HBaKn_+k=_C=ETAjyOTRq)>LZ$GA6x>02n
zHBVkDA6cTx$HazAJkVm`ycpfAqPcoE{}9$K3?`D|uBV9G>GeXZedlRnibWLTyxj2)
z^5p}^2=^j4cD@QI(u4<aL9FQ0=lY9gNai*cA&uh_K3eI5#q<Big#35w0$Cm;GrqqJ
y$7^BmXNFEbzrG}}KiX_P2=_dv$7V5l%7Xpn_2Q-!F^u8sn9NOWOzMo>6aNL8E#jd7

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/bitdefender-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/bitdefender-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..a04e552d0ee72fc2b17bf2dc1d9dc36d5d3fa139
GIT binary patch
literal 2512
zcmcgu`#Teg8y~_rWNJw<bW)L9vLl5;CJW0j*O(=wrVMi@cQsL_L(HwTNs4T&Ts9(6
zVX~MR=2AHw*WAtI>^$dh_<nzQFVA~<p7(ig&*!cq;)1;FL0JF*AP={-b`r^ue+eih
z;_t^->_kE)#MUDW08l#eFNwjOG#5oi>2SCMO!}*gg5th28wQa}qOe<VYfG1?qPe1$
z%r6M_PCj2+rPlWNKE=Iy2)(Oe15@oOv#Rdb>Kodus%>TUc1?u(2G%we-w9Df);{R@
z{diQ{+_vP0wyCiDX_~QRWYT#Z($`sRQN^2u?%b=imif452y;2PHQ?mAvjywjac7NA
z&nsNiPP2CZ711YUyOsfV40)QE9Cl|rs%3LtWA1@{D}U!FE2-}M)JfZb6wF?G{m03N
zCBdrNW#hJDk{4vPOq?v<=7`H?|Cjhbc4gR@&qg$ne-NIup19W^hy+`5@Xwx~sW(J|
zG5-E({4M4={AK{{t_JV{McebG5|&pooDGMw!P!&3v9T%uUyniNupJw0YHC{c(2BGA
zLH6^xO;*beEb~QmwG-gH0UH|B!dLIAnGslc=Te!>-kH*LP586t&%uBJXqIag%Cl-<
z4ciHwJ5I0?>x*G97X)$q3Wm=u4Tin?MQzAw2}q}<YG>5OBIf2GIf&p>lYyv6G09d;
z$5dY?YBp?TD5yVis!Rl(jIfyV|1LgGL$ION$hzqm3Jir(PB#p%FHASd#tBw}v<N40
z1+`}%;8QWmz+`|WNQ3Y@vl)g=)gl09W!2ITO`7x`_-3*@S>w?piju*7#rYPi)Q5)@
zQXKqux(=8SX0aF94|nth?-3P7bbaHPs)4_|;;`QX-9+`&G8jGEeZ9TA8%O68OS7K<
zMIGsb20y*6eWM(BBkZy_H&P`(f54;Cg`$!;H8>Q*K#28Sum8v<YCg`Mas<>lRXSeO
zo?G7%DT~b*WhV!=lrVs<#=(cNTu|gZfBB8pgqBM(hZ>q2tDX7lK}5~wQEG%4Yl@lU
zoeC<{lyM-Y4qpGGWbAr<XtaEL8Jrkm+IHe;I_B%&)L@cp)qt4#&^4&kFkUr-lRKxw
zqerXp*X{7i6xKWOJnwo>z4hdmt~#7(Zm)k*$I?=$zJbcFf$MmS5UCmHC+f3>tva6?
zXBbj6xjOy=TN562>^Px~hY`!61cl@Af6_hmO74T&f^}s}_YF{WOYY0G4g2D2GiAC2
zFPtj-T&rMSFO?QDCb#xW)bNjMs3ghp*QEmv=%DZQJ(`$Jb3f*9dcS`MM(?;oB-3{5
zduh9?V3faqq$aiXXNq5)@l*Wc#wB)LzvZWofzsB-Xv5;weWcB)A!l$Q+4JRh@f?$E
zOyN;8RthEP8uVbUYnn-R1HU`Z8MRNesD6Ga6}96}IWrgxCaHq9#7)$;E2NlRint{+
zD}ei+3hfazyg(mIE#qRB1O*0>s>i0wvApz|#=ll$PRF899g~w+DuZ<uUd^bi(;`R0
zK;<)M?Ag{e9MYM#ZYgtEhIjai$K#Lhu0Y&0Ns*7@Jxq_1bz8OU?AYN?5(=W)&!)yh
z$nrDIxT_c9e;zSs>Ga(2Q2J}0SlUF0?WGzEwiAN5L9X(HpSc5KLl7-)g72ma3P#i<
z&mpMlB@gdPj*N}j(70bYLZKPj)t;^DmEh+m5mdNTfbmcQ_~LMiJpp@1Z|>L8(Ya<!
zY6ztVpGSi0c)?JTgEcZ0>Ja@4S>EhZvusSAyM@KJ;)>wtVxHKnKKTVRqA4paEp5bp
z5D%&Mln*MrBI?j<6`11iobhE&@$=Ezdtt<><VRSLlhV7Dt@wm5595t>g$6vE4Q6Ro
ziZ}MR+<GIPF&XNHUh_nwr=#6Hjm5jA4&0-b!(hm$@s8v&tjpzQ_i>j&xALJdkP)^~
zC0)$Q_U1MR4_S>de_cJ(n5_Za!1^EdK%uOWyI9L_oKML~(1TMz#AVEE31qYbC)a)=
z)Tor}v7%iv{T8R{<I2I$w;aGyl;#3{$aUf@fD?Gb*mAAO?YCoD#h#Lut-K?ti)6-&
znzc6d+u0V){J3K~fopO`_UfDFjv+^fZBj9J6x7d-^IqRFNf4SKicFGp+^U6pBnAfu
z0RT?5H|dSNVIKyZ-`pbZCmAPL(VpkG+~?GwrzSfxHw3FX%(%^^PjVY8KlbkQFtPV|
zLrMyaSVqY!w8mP`8?6kG)oVKay$zhJ&;%#;X#hima$9>(R~(W%-&j}Y;>kHd)YPum
zlWQOO$<eKy)>`SxIs7JM!s>?+T`>UZUj8|8I@&DxD(wT*0b~^#Ys{m6z6J$#8a9sV
z>wcQ_SILqB9&-2b=?x|>j5cM2P4|BLy{jp5Ve;oxr*Lf9Ec^^aIbDo{7o7u^X9L<L
zd|<&@Eeb}0e*$wMZ}%yH1M+aPH0Ld9T@2&wk_Mf>u-qQ-iMpY72jc16XzF}0OKPXM
zI4R!%O}SKJHnBd<DrF5UH0sAMj$7*MHJ$1n+hVeUwdts;fl#B+eg=2pDmsIUQNEIp
zP{QATNsS6th~;9#Ri#D4!h46GDZY!im91t@aI5i|7<}m!wftQ^FE4L{rbSqs<<g22
zB&AqKGPk~*?1#ddM%8YxbWi3aBEjEw35A=>UCmrFG5Dr@`?$)Q=;waU7l_K5T%2eh
z8X0*vJbcjA&25ur8aZ$8()sjNt1Sxk_zAaGeC!QQ;=Y=B8`&-&0Pyni+W57-)hF!E
zc!x6^zc5shkE~GWkXTYbmoPrZd+i98Ja(yM*Q>1yPMz71_K}ehi)a*T^TUNTT8|d+
z(1-%z{ZN*$zkg4)4}&1un5pkQqz30WtFA=lESnT*`PozLP={ZyANqr=94lRX3y-2>
zZvPVAr3JDk1*<b==t9aP66q79n#OoM(-`8tKNS>JlK<OfYG*QcYjz7{m9U+(ypxMV
zER}6;{Pdfz+Cl#re>>+KFj=EDbH73A61;^}ptSg<(mCpvaMO}x$nIXjtQ8mq?jBAp
z2&70py!Zb`4F91M#C(g3=&&LkBW%}zJEhz`hB<c6{sl18EqCeC%UP|yz9KXRfWr{h
J)mFaA{{ZEf!!7^-

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/bluehexagon-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/bluehexagon-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..73c502b488e92625654fbaaff618f72671050363
GIT binary patch
literal 3927
zcmc&%^;;8M8%A<;r+{=LC?&1H6vhV9F;XN(r_=zI2B}ewMqc2hMZm#Ej}VY9QM#qe
z7e;>bulRnr&wX9zhx0t=+|P5L>xqA<_kx;&gMxs7fLcde%Mj1re*qxHuYJpBx_Bb@
z*0%5?AYc*vi+ehT0!R2wGJhQikZhftmY#x}{7rrv0Rhc_I$F<+gYx$C-Mp=)!#X3j
z4xkgYrj`SiIyOTH3Fwy%)~^*ro9u)%9>Pq*5M<WtoHDTP$-Nl8$MBtOy>j?Af1}{Q
z7+4uXsYe9PJCPNfl22t@yNDKqhJ(Jmo||!73Ow9B!-B-?-Z;AdLul60fxIbNXxJ+7
z3qQ|0Ro^<`Bo{61>H6C2++lCQk~}&3Py@gO6uq_<7?Y;bJA=m+-;b+eP=w2;PIT|T
znQTGdM=95hSm!-OOv?WJrF;~mQV8PZ+I+6yKa!^w-B{fnDyaGI&;}nH#foo>+IY7j
zT(-<HGe}ff&$0{`&-87jPh_hXx$U0JKeqXV(BuC^dIOL66%t@MX9e4WY1&0@N;$Rn
z=%`3xUT)>>?d>9M_8e3+R1Ar|6tUA8Lk;C9GJ$HFHuSm+HCFn`Tp;3Sj^(Fu5e)!%
za{WiW!!|nkrItYmOh<*A)@`=d+P}a2JG97idv5{53YmP_Al70<6W_Dp>r-?|AZ}W1
zclF;sAkAwEtc0a4yy4XkKi8?Osv6p=*xj3JAQKhj;^GoaQoF&Sn|57XTtonSs^hxy
z=|CT5T8S*!3hl-3ogH7|EV~U_vYnm1Po<?KK!a4n$B!O8^YW6C>bQQ44^h<C#sxGO
zlT9KzeDHL#QL%wZWBL3l&5)%hn@4n~%M+EW?1>?o6pQFf`XrKga#j&cnV~IftqIa`
zc6J_jhN3)sS&w`!&tR5Nr~wlRFR@yom*=BdKZvM-Nz?XAHK2iutLNp9;GdZ!<gdV3
z38iOVIa+*OM`P0U=I+m8ABqaP>ILYTyygul%3woxy@n%<%JqsxD6$;s^?O>RgWd`1
zW{pix%hhq4(O{(sC~zDxUB#NQ+GU7~RyF)9+SIY8^hYioN_`+mObVuC(kR+hVq|3G
zR16{JC62N8zBsZ6W7k*eR6kT!8k?FfzHHBOv~K8%rUR-<XM&D@tfh=EF6wD&5_MJb
zblIg2R)Ti;0(xFOYPC7+uibLa45n<9pu|d>vp`LmJQl-d7dTadQq63`GQWP6=f0RA
zn&r|0kESERP9ydcvWc-Cld|N|8Y(w!<>ay0)0!*~^VCO<ml;b{_c8751^d5Hr~6)E
zxeJ)UbWmxnvO4M)#LZ0{tBKXFYV9-@1DcqajE_k~b)t79hL?z0+zpRH+8kqBkB@y;
zkArmd(KFs<A{0Z}Qo;psjQV}LY8`Og<2m;%7g@`bIjdZv#7vTknljkg`T6ARtXZ5q
zGmtlT_+$p^<#Rf$uy%e$`P;<A@u-_8?Wgv$y|WxCP8vo4v5WacXO<*1=!(^=A^6lu
zqnNG?h5!o%-z3fcwwl(#r(~eGImpUG2cV;gWmWlj*@#3vP3hM(`JBLN1Am7{@fao1
zI|4`&#Q)8klkGxv5D*CD4HICn-x|p$CcNhl>6eAbT4Q&QPnIKTzl7g}z||huE*?7;
z1aGnzTqFu_<HIQBmqip6)<97w7Y-@-tP%$4<F$gqw@!_T#ZGXRLNNs?rn5D+{mEp3
z66oI6=F26TZS=@7ZORv?VM`SSy7~&&aLWB1+zY_Fp^fg{KdYxWibGw|(=Kv`F0g>&
z4GLc(9HjW`uTKE@Szn|YGI)HLVDpgJ8J`^t<UswhKH<U`jEuggDh}_sL*IV^@X^$z
z=vW#($=Ya?a1(_`@Sa#pNNCgX3z{o@7U$b&vL)E8-Zlal@Qor6Zr1-jmv{A_?3S)m
ze=jE)?_{oEe0WE@xj;m%>kGFdd}jxd_%LKL{|yZrSIDq)Gy<eRMgN(luF{IjV5ox@
z`@!VGu;j7}uQc7Fe0OoTL$FmOrw27}C1L3_8ym!@H3BhO=hnT8yi%K{PP8rLTKm@W
z=%1)RHT3e0Gpnb~BC~S=*wyuydDyMK76!B5o)z{Ep^^d5B6QFWH;mO5rjd2u|2U(D
z`W+Wl$E3lFhxY~3#_1e=hg^l!gSR*>B=0ghWhH6y*&QO5m}&CF!uJm`-CZ&cA{x95
zXUBU7Y9XY;pc8NvsrqGM`UgS3i?-6xYBcP4zM$dy>R0&yyI)~v;Q;&fLhah#<un0W
zG~U_2ARPB3<#su{byCJ~0#n=5pz>eIjS6lpGLJKvk*axaR;D}fZl5TGOgM4EHD<ss
zbmXKkbfoBhX`BBW4BTq7gOT5!51D)Ar|av(XT-+P<{7=T$eHW6Z4lMD&!C09cd(ay
za;~mEqJI6`i~ek@<i$eckEV`7@96A5LvB785N2S^Jf^K*ik|%PiEnrwR4KdY`;J~k
z^$7oHYk&TNL3;>Pe43dXtot~}s&CmPC&;v4TC(-vni}zaN9E7zBMvu0_~~LMK9X1%
zH-kkIQTcORxmhS~=Ek}@c_Z+hfOOiRkL!~z<u?BLMXufe6ZU@u+4VQ2w-kw`I-TVI
zMGxflrZPYZaS>n*z)qFA(lWiqkuvmE9=Fa>o3$$3x!<zYGn#*^kDU#2dXz8zFZCs;
zJ$n*jgR@IjZ!Jm60X>jvn;q?&0c74HE6YqG%WahURCjZK9JjDkiaYZipi>J+HeFZQ
zsYj<GSMuzSC#0?_C~>$xRW1qgQ3+cOW^N8QvA7tb>-|x+^@=*L;)m<lF9Oq<HgD!9
zx@&KUrp(B;ZR8tzg^`veBYqUtA9+aQVS@+^CjqZ^g_7T1oOL>=BUim06S;CsHM*~g
z4SL*9R{p#tP?K>uE#b?Oj+6i5#UHwJ5BJTla@0LC9IBCwz<t@Q@5fc?W)};&4#1Pz
zGITfeV~NS|GV2SelPgpc%Rp{lDL_7OYULd590TWl8CBHKlB0|%xjw(WCuG!1TQ4{H
zs-2W|8Afc3TM#hGU!+V2I0>Mw-j7EOYPmYa$$=A5DM_i{Tyc#?1CqM<;&1kHkXft}
z`ctM&67gTJ-tA?1tbttmbiMR0l;3ga(~i*Sq4Lm-$)Bhycr$a?zT2n0pX!}IvpB97
z;Q_*iiaD-C7q#eQn2w%RT#2ht0wTqmnb*9dHLL!0GI*p&P4@hoy~XF^rmS>LAJ2W)
zr}TDuz=1&j7k^bt4;(!fwl$B3(rY7W{WtITj9|zpcmbwC6-Q_`-SuY9Q5GAsRWU}L
zq|$)Q=oYaW4)|RYqZQ{U!Zd&ZmZW9LpD8yMknS6}j^2=)BE3<;U}%j%Rv=tck)uxd
z?JW=O!eUIQ*l^hWT=r(f=6CHcsd_RJ-3=iH_Lh4%@2JB4!>yJ!=eeecx5f2TJl{6K
zaPC>TZ1%yaq&(B4Pq+mH14?)07NUy;!}io<^YrUd3oUD_GPj&=Ra4>1X|#7(U@?j=
z_1pGTEMfF{z~t(xRt#oF{)@n#l!^zPQCDKWNr?Wwnyi-Qk5Pq=&j{zGJqJg>xXqud
zKujf4<*H9dzH$1~Zx-k03_PdLW+40YHfrAQG9lAJ^AyZBtl2`-pX?X*4V&FOGW<t)
zYB*YbTtsXYNL(x7Ju)FU(N`2$gjI4CzQyJfp5_mRUNTUx5YW0?_eESEvRm$m!;+2d
zBs$a6NiHB@wN!eIm#kvcVsP%#*IiskXqRN;jI;N?oGLPX2UtxN|4?OxCZP7~fLmN9
z<Ms3d4-I5MLu<Ip#}^0Cfy^jN7fv93wR`R6G%ab%lQesaFy;VW^-8Bt>@w8bhQ!wO
zNS?KAoKIQ*xp!%-xitxP4XL;V=3REVd!i4oz^vP!%2wr6&4nAuD4!Rsi2wTO>9S_`
zkVPPlo^R=;DN?&vT6Zb;py@&Hx2Qq=CDndb1xZJvP-5QYv`{m93&dT>mOF30lX>eK
z?>HzX>vJ%W3xC{iD~>Wh*hiD$X?ORk4SW-|24C>Sh{i|3=O>z?9(06-jJSoWQp7mg
z>kSXvVnRtGPFEj2gg6bAEzSDH;~i~`oBEz#tPtvr+~@k5<owXl#|4AdX3AEHBy*IK
z!mym~#|~og1VWQaS0T^w{vr)lY<iwy&VpCx7n);?Dm^0jR3P`~?!`44X`4H39Q@Zj
zu9yF$Yq^OvHz+4~TJFsUW_4UgQupi(9>#h?xi*yVLf(eT%T5^D_G+R~$E%@RxPG$`
zbFQl53Zb`j@5OyG1NE)=n2tU>Sqx7}i~T@<DJa?M3%*$<$=MZyRo3t<`<>3D+3QgY
z|Cr)lsrqF}iFw$t8z$Fr-om0s1$mtH-F^V~r#qO^nCV%g&|AmMrR*~_^H={VX1<}f
zqr*43uc%U-*>pFh!N|LZ1PHMXvf<B9A{2oF+YbGbl7hjtc!|Y-S++>$tnO*Q&-3*0
zd!f3YRIE5;!FtlrQj)w<PgSoiSdRv^hX<0?akX~hbVX?jxqu*m8SW_9${o7Unb2ov
zz@0LWN(fWUW`k66s;YO5ndc0pTexb5A8aQZZWIO^%V8GH_=#2EvlPBD(fz6&w!6bu
zJ_x}TUzJ1{2>)}4H1KKZf>vSqJ0RM@sd?$Fsc-8aR^Jn7+)L3dmfv2Rc%6k#ebC{2
zKw*>MtW!lw2rvsFH@h4>u<ianqWxUXrLsmuZ0jf}#t7>pL0&`sEK90FtZ;zIV%TmO
z6my!5sJ1bMRM*Ph?1f}INFYnf216IHE{f`uCn{qr>BV`4z2}+(OVXV0<ooGe{QeJA
zUftPyp&r9Rw9%T8$LN3*`t2Vw&NbS>Hb%`gB%!u~(k`MSMD=6mCc^;btl^t~XU1cu
s7EvW((x;Y%w>o<?ekA|{fulPDCQ@i5=e6V>ekdl;0qSYhYS_L1AI6%AwEzGB

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/corrata-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/corrata-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..be75af835c065c65d9ccc09e899d9ba774bd70c8
GIT binary patch
literal 5920
zcmcJT=QkYC*2eYTdvrmRV05Al!ziPV5~D^iN_5d%lnfzJ#)wWx)QFzwU35kXB3jfT
zYLL;n?w5DH|G@pQ&t7MrFK3^%*Ym9Ndt+pvMM=g=hJ%AcsiUm{z0cnN4HBaJwg302
z?tLQl)`t1v;4tz3H*j^Jd`I_1;+H!5VB!r@YFZ|)OroQJ`?F3R4K>rC-2J@ZFzcD{
z?M}?H;^%LZV!E@>Vek2^mgPiNDZP81lkv#7f^08^NKt&J>1RFbC)wXt+o^*aTvs<`
z`gHI;)Imt35mU_WE8LjB2#??uKC3#W7j|0N;akh0%UrxeNZy>(?yk&>2$hc)+keKJ
zG5LqenCo%LZz)g+U7zT%KwcC9S5j=3yjITM?~e9X;6WH)=EKM4vp5+v^0%=B1uFed
zYc%LtF?<C5Pe`MD3_#Cv(`Z=!hg<981)Vt&MAC8)`}z;u%EpyMBLG8`CreP6S_=`v
zWrr1~@aSSQorFiFo5C(1ouume9NR#%e8IIn5cn`IEWT&nf~gulv5v{8K3oraA%`JW
zI*;aQyQR?`Ar~4$J7Ok@^m_S5()Bbe=%3c5wT(*G*$4>^3p_rP;xW2h(xCFx1U5bR
z_=RwX6Qn8KV|7cZJL8L2ND^u&^Y`i_hD7tU7R|W%NlJXrVc@T3z+B#d=S&Sux-z?;
z*{$My3*iPuvWFqbs$HX|CL~x_)Fba6j3zxA?eHWK`tVA1U{5|VA`DnnvD@V2#8~|!
zKkq2GSK2tX%l@lxM`TdX3R60xcTH6~ZgO(PR2Zbh$-X}9`g^cG84CI^H0k5qEyKsp
zRP#&G6q%DL`l%ntj8ut;NIk9?$6wEk0>%WUU5n9Nth!oqda*R0ise)2G+RNWF4-Wz
zKp=3%JdvuhLS!rHkMP!*2=~1G)z8bZ7rGx%+IGzS<pmB6`(1k;M3E!}AEJ%aD(DIm
zwp(e{uno~@^^m%>?@}l80d1}#PkK=-h&MAuv@=ZUNXN-RNWdET&X2~kRVswb_MY=@
zp;Tp-RS!N}MY*u(xrOINHml~~k@#gtr>5*Jm4tONw>)&6C6v_6R=(sFMeu~-EHZs-
zW0uiR;FCc7EPPtr-rDe~gmPj+w4TC}Eh5JL6G0<@C4GnT14;M5KlGus3EpddQvcgX
zu!66uu^8QeHa%Gx^QYn8;;G@)>kY6htL$WOvk_kc9pmcXxJS|jPSbwgzbbR(=b|JG
zP$eW4@Qvxkc{Dc0pMvVD>QdRx1kYF+Re9m^LQV}z3t}XpWH3vLPfTEdoW92Eq2Os{
zGybGjw**1%gQ|<l$y)5EWW0G^=>+~P6B+EMe`^%j;oP(N6fI=$1f~uBV|hMO&^|nE
zbvC6e{?hEl`d5A$RYAcj$p*H3&7aVZV;dHt43mN2q#r%0Tc!veIyEzb0DTT!h%p1G
z#oz^+o90Wn?nr5U$T9_M%cU#Z>D#=V=k+xaK2L7cZI_j22j{EQBASAk4Lgpg#`12S
z>aTqjpuve+%YNMwLSHs)vF~85uaQ0pHzO2JE#yup`dwp*Q&T~fr6Ws0s;oX)GO<}x
z*HDQQDL%SDjHZzot$iF(*piU_gul(dA=N=tSzGAA5y5$5Bh}w_=SJU_=93ETHcdi2
z(1$I%IH)&0h|uX1wh(LwN@YecvS@b_n~|`8E9-K7AXJ%c5)EJ|L^BioZW(@lP+7ia
zY6Z};YUvmI3OA6jgSDopJEQCOC$dP>aC>iQ_QTa<`#G)zn*#{(1eqFUl6ggBjf&R0
zCOZI@^kb>4F5Kasu{i#GmP2S?iP9j}um8Rf_{S8DntIw;8{DN7Fs~>k04sT;hOhN*
z_xwg!j)~64TD4rbj`RjW#+qa+*B^Jw1;<;39eQ6_aet7nrzMoLj@K9f7k>oAlCE->
zpkn>;!6cGMb`8C>Mygo{V}i$z6Jb)FZ#f3gK26Q!q@#n7%>}j!p;6zzi`ZUv&jZ#(
zNHJ=oME-msbk=X=7{V^QJJa0x8TqG_!ejG}eTV$x*jA=CIEh1@gkqYHWhyHxqkC>v
z)Uk{0xBDE<=g*K}$907yS^uNO1>!d>kJ2x)uEz=%`=YZhu1{v$-4%a{7aHc~WsIkt
zEsb+k!?cmp0sjv6D~hj$KssVLpYb1dq|UQwmP{9=mQ66k_C~pCgAfKf=1he1V)<dK
zHgHDAlL-!)m((HWk$?`ZYJo0FvtlLRGfRS_^OJ?(tMey4Ew~y3(TxC6OlP={XyR~U
z)#dfJGl)AOL3=pLh<=-{Jf7C)6|RM;29kW5a$0KoJkjdu8uqozKF3D)f;n=n;iNO-
zf=FN4^Wbg~+EMSrL3}^$-G|Go=NGmwr7TZ;P1wUQi7(EF-{}tO>1&!*N8q2)lA_*f
z4o(J=;t@Plh~a4#r@tmG+z{#Ymg5<q+}?Cya5GLBXBdsLFL7=a9M{FjdCeZ@0jdh+
z0cisHkvWy7#8#b=faaa@>*ou&5p7P?F}K`MPyjN|D=gwcWXK6wiF2vLWJB_P01%~W
z0>LX37eM<TO@(UB``5h@Yor$9e;`D~G?v-_Wp2!ACOYd=DPN&rfoaBLqp1;btvFf*
zhlg5MeJSNB?)67~_<_%6OgsGNSRb}@r`CHY{rv(+S!<~Of|WkIIU;0jA+D{6X2ZPq
zzVn!=v=vWeD5calQ^C$$J!X>Mpgf9MabGWAIqXHzO`|fAlfv2yDH-eg;nyK&q;UO_
zjcVDdO<g&$o3dkN83K~ACy(CNGLq6T5!xH}ujv&HJ|A#x)U--WegEmc^_YL6*Oz0K
z$bECpcFd#qqhgN~l?ly^jTkrSZPE+sR86wkU${8j*eS;dFm$6Ne?2D~eECag$e_2P
z;w44!y=u_RQu<0kEmTU+-8O)-eA-KK+M>iy6?&xN=T{ID_$jEQZ!dYXONw0A6Vx>#
zEu_;K{oplizM7{szfHbs!6A6XD0UUU{6BG#(Wnn3YA^!@v{FOrpWxz1ZwDxZ2oZkT
ztc==l3jg$=fDZIQEC|QH8-JY&B2KC21?)*B%9v;2iEVN(kZpmoByCIkV^<*o$eh$m
zTBqA%J)I8=7|g*yL=@^-W7+lJI<ko4ql{XZOdlU1cPzJ*Xx3;0pV(8?0*Z$%A*tC{
zg(hT(9wqE&5BCrc>U2VwQpBN0fl5>f>iYCMM*~GjZ5i2II@3|T)<L(VC-!zqPYjKs
zTN0O`z>gHy6D(S<f%*ItDXWMsu~rdGfznC5O}%y7fPnOV0l+Ugo~*WQyTvGo)gXB<
zB#LzeE7vIz#<BOl*z0CI$>0RyhG#!Q2$3TE?`;ULCCVQ1vX`4(Lem6nGDCVHq5sA{
zo2BFpfaVbmnM0$cPJpFxY$lX}tzOlOdoV5M?EdADV?Dfq)!^11pClC0h_7dym(u-L
zTjCkIVU_gtr2d-{VMhh`#f~;4@j+AmFw!;6R!fcoTi~`;efJOeWO_1Lj6Xo12gsXF
z>}fTWF$Z9qC!?ioItbo_B}oSs=FsJoNGkKDhk9D}wKvW_YlOvb6UCwPF~pq_X*ZM}
z6hu85dT;RLMTE%{{Vry?W@-xID%e!UL>n!(^HuUg-^yn4Kyiw$A*{;n-kX&*_TU;b
zv(@s>#X)`DVOr2{>em-b3tz8y56_HOp1cyM<khDyB!PM`RTbC_rmb`&7A=luMt{sC
zJW!nMGZK7TB8YM<sr7XI&gj1dg|raI&7Tg7MO^>lj7CJ6P1np<zBQ1iB<Q^!!K$}?
zyOWN*dq=tWHKg03@Lfr*)0_|I?S;AJ6`}@a%D{7k@NZFC3Jafpyx3HU+?f|cgyAwR
zpHVl2UY8|wRk#N6D%gnH<VLzOk35E0Si<ydUdRRB96I|D^IC`sn}2>iIj`F*J|F%q
z&*bh}_@76+(seOgElhM&c+@^bjp^`5W0L;IEa=*#KOS#PsJ?N0CUeQph|?ZL_g^j4
zhJp+>9d+-PGy0e%g8q5qhjLxgF5DjARzOaGHA)UlK_99J!6c?&?{KG8Mzkaa#nt)F
zi_oCs^gI%trjDZcxP!KQGje!gxp40?PLAy1+I*wi4)*e5e7btA2G-QxLZ<&tWyUr#
zB{C>j;7ho=ygSqF0EY|%ywo`KQpqY=_BW}fwtgMHHzu&4B>ZP`5s7E6NzYR+%buu9
zCRwgB0nvFKry*(86vxK808a^W2>JQ&rBf3$uPgy1&H&%NDh)bqmUDS<baYu*Z;H<9
zZsD&V8qr&CwQGs0uC(nkvBDm4wHk^)9{6szXxv+uP?W03G@2Q}^UBH?rnhv#+0hh&
z`xrCMJ>;s6bNeilOXW^B=iAH_hWzi5q3zn&&buw*0AmSqrCA1>J1E2JDOZ@aj!_XC
zQS~8kOv-9y0OdW>BguL5Cxq!eb5b#;!RmZ@PQ@@`dN|p3K^<LF5E<f141TgBlEop4
zlB3Qo2^=J+<7^M*SovwB?}m)2UJ?n0%CQ_1YS&t&LhCTr0wjYFpW`Wql`c2qi>Y_I
z!Pas|gdq97$q;j7#*kEU7-Oqh&P3hMFHEvkHnC#-cQ-q8Wgafhx*i-dC(h5my6BDg
zre^PPFQn6rb&i2xYE+5C0$j3REael;$VZGBoj^e6M$7w4%1!)G9@HiNGjBULyt75M
zmBDEHP0yi9^PRFM_pb}*V*Y{4TGCUB5cwZJ4GQE`ec-}@Rk@04whU3<i+on@Z2=}u
z4<@0?-~CiP@J?b%Z~wDm@&a2|g;1rPt&SVgfzJ!?GnjWFJ=%x?M9TptiKPj<dhf(*
z=yw{J1LozGA$9u1z{uZ{sR(O)R_nsx)S8)^hY;ge@7SKbdaPzLllmYh@$O+wnQ)*v
zy0=K^)$gvI_tXY}S@O`{%R#3uc-|$!z0ORF+O+v?h>&!z9fQmPg6mM3`Sdl%@1uCw
zT$dt`u92#B%E~gqPuz-m@t)kp8jNdo9PO^dwMxvJj(zO&4@z{n8F(0yo@LURK&}f(
zsB&Z!mZ$xrR|kKPJ)?Wr5(Q*<RK#|#d#DdEQ_Yc2?Q=I#u6^!3GE+aaxmofru{hJH
z1}vptMLTs)g*dNV%v#&1ZayIP*;o&(E#yNIRt<2qYq`UD3Qft2_?snRW7p^H*(c7z
zf}Q*&)Aj9_0yfXB<i$jc97{jjTXB~7Sp}0}(go7e1RzV#KBad<VV)eeU`@l18J`o_
zVMO314-%&fmw!Hwpsnx93KpZ1_2=e4wQlg>W_pN-0<iRp^9#woGmT59&R!Tt>#@Dy
zyh4OI7=~AZ<<cKgX}xsYwYnI<tgN+9e~Hzn&zOz^n|yQtCL-vPx|+ZXkL?H9ey8VY
zUCh5%X7}3dh0kc$SxrhanljEvDpb>39XK$_cgiQP>?^-^&Cc~Wbh<V_u}FbFEM|v2
zr{fJD+XMpoUQ6}MMM8&vdIB_KXqTQH4n5)w`vV^TM=3Fu4$=qHvOOJh-a2)M<_3&^
z`*##+x7f|5#pa;<k}fQY2Do(1X?TOV3c|Bb@U>pFQO;mv9(xEFdEE;y>?lrb<-C)*
zWy#sjBozA+uW5!53ck~0vyF^*ELGkb{hSazLzibyvP*PpL@<rY*zdiJ3p>{&8hjw6
zL*F0G#m^D0u7q9O{SinFeV@^Nb~h3t`(t#VsKP;Q?889v4cX=GUw5Fz0AS?_=&+{1
zifMG?E-W0M@q4pFFYl{}#z4sWZsx}caDC#Sj^A^Lj^CYl^`W9nad=X82{P{wpW^o@
zVA1q1IgRA2Dg9bk$TDzAPxlOm&H}2E=RWtNXvN}BISQ%f_3Gwbo=ZZ{-nEFVDSDtn
zpWQ%PNa8Ka6x-R!^JSGq)y9QH8t=P(85FZVig*&oO}I~FB7N`of*e4LF<O<cC)sZ4
zdvnrqt@a^4fRCV_yskXUB$^;ex}kR0f_IBwau0hRw5!cKrtImS4f)rWwE@={u;kh#
zg7u=B!f~TpqNd@6(tz-(?vol|&=9e~gIzjq28sCX$RI-~<QH)qX)Le22y63$a*Ib<
z6s|k0ERUxx4kY1GAd=hDt=+Qh{CD;cs@&a;*1Njbyze~j?ch<kub$9f!XnxX6cXv0
zWeu!GF|?*5#v^Qj7U<?A6^h=>qbJG0!S`o|zLn+pCJ-hjjHDC*|1);dYn4`G;8g-m
ztbd+ZW5!X_wjt!r!Y;;JUC~+LQY%?90=`&OF8_r!yJ%t)JGF_WnG{$yIaQ(r3li`W
zg?j=n!MMigF7eJKA3g;&bgZs5QYc;9_I;wjL1&)V?FQqxKV?lbmcrko{dy?-^^eg4
z9e9GDdkwn;1tLssJom6$oZ`T?G1D>b-PaRHv&UbNd%wZVv<uW$kl9&vqM}8Zvnzg+
zBj)|vQn|e5M|Q9(WRlR}qj59SvCM!%qc{6IZ;MMRDnJ32lFdQ}3UT4N?)y%2wVJ{S
ze#VTi?ITkHsR}md<*-tgizPw=4NBP+$ee7AmTApuxvp_~eblCNYFhr=v7*#<$al|r
zBeTrjq;<^p1MJ`9s*jGP{KhHivd1X|=QH2%_o{$gHhgh9T+xYHNL4V2+ZK95>uhEG
ztRON6F^+2xNOiP*vY-<lEWi(QZ9?w7dL~cvDSSe=T29p;OgjQ+mh7xd8AgU3v|lJ7
zZg{ZyuItPT)U{`(Qi;x6Y3_~FKa{(={WyZ6?T3#gn+{J#n(gi9W8c+En#V{Wv(`4M
z()}(rlX~yL$MNry447OeL+Myg);C*&um2=V1v93uMQooKY4JU$Nzi*s_ZhxnETNp!
zE#+~2mGqIl(u-d}^bPC+rW7>iCY(^}bN`_XnEQIPTn>-;J5HOeK%6PZOKl@3zc?{|
zflJNy8FReYs^vorqIl=N)5&h)nI>(viQs2M>7%zA7pUw0Y2$ku;&^duG|H)BYPi4}
zIq40K#Dq`8;D%^TuHfe~X7>N0B_*NkN>^}EMMIf&>}BwcHa;|ZrYJS*y@tM%gq>|;
zJR4I++WWoSlsNXMlA9M<_mF2_GOZm%0%vyQDdxM7%z067Go;ku!(nfOxtB|d3%s_r
zLuuJW$UPiFi)M|r7g%YAYXO~GE{C*z-tOab6o)M9b^KcIM<L%Y^MthHUWThpA=$Ti
zyU{(zAkLPP5RvTRofG9;_ub9D3r==f@~m>5>x;3GixWlj$;I^~&)fu_Ka9S}0Qk!C
zlEe*Q7U4RD!FnHC3yj&|Q&5DG?r56kPmec@n!@!)iuizuC>;d*vTDlZd$A;$fQd<9
zti876bgn7GrevqP0?c(N4e>)@+<!t!{H>6_`KV}~v<HsOT=3ZuEXBw+SJ&RN-$^T9
zy#psSS<bhvoZd@Z4_=XWQA{Wz0^s}ZT3YWFe>v-k<S>VCIH&m=o3fMb-czOS!b_&h
zxbUBqOmOBcZyPhA2jx1d4KS~rKh7&dk60D1#3^*t%!NmU6Us%h5a4Nfi@DJnK>W0)
z)Az+G;2<Ul$OZYmne|Kct~XL_xhbfh9~;Vfh!H**?SPUN5C)5TChe#fA7`EWj(pYo
zpQG3R$9VmQsx$T%TCdhewW1$8P62`*#dFc=yZj&fz2o9ISL?3Ad*OCZw{dj91{zhM
HXVL!wUjt6Z

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/cybermdx-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/cybermdx-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..90d32e25085e619caea7a8260b6983f80e0c554f
GIT binary patch
literal 5352
zcmcI|_g52L)HNVV6{!KF2~wi;D!qgnx<ZgHEkOk7gc6D(h=8;pH6-*<rFSAokzQ25
z0MZeVBE?8=Z=SWjwZ4DgeSf%f*UXx^_sqFx@3YT|H8s|~O?{V|goNZaSWoK-arXXi
zP~IY5`<DJ05GN{cJu5#F5`e&egB1LPf1mh}!XIp;P4SEB4g-~BY#c#|goHT;tfgTd
zl=BDe=5M<e+#eB`1*v~td-TN`M+ug*cN(Udrq9VV{rrl`G?I%^JRkg%9+}#ZJKK;O
zVr+r}yp!zy>X1sVM>R&;zckJJDuHwlStIH-E8xBe%S9}Pv*8A$k-GQU6*uM<70&Xk
zFs**qdw+4`=gNC}Aj;Po-}xeDSREu3Xh~B!H9zy~CLHF`N16ho=+9WgRBo-_14{{}
zQh||TY5+6!+;M|2J5j-@UP!g<2_plD{)bHY`rP}e7oRSI3`u2;dOYOJWL?D^fG5|a
zyyS<C{oev!POeJcBu|F2YqJyF-iVWe6X900LV{p6_f}8J%wKF|f(mb6ffIQhkk0@6
zw`PKQSdO&WXSY(T>^FD+`usL!6&1bj;yP1mkJL1-3hRdZ+wC88#p^MKLLUR(+|V$_
z>=c#`fWP^>g781)lt(trE`KZDBQJ(}>JQHWhkAvpqUdF0Z%@q0fFw%u-4x-dSk#75
z&zhXcw7q=M#8(M*_if5HK?xh?@^zQwG$<+=4W^o&Ut8TQG1*@}|0B;SxC2jnPwO5@
z);+eEyD?qsd9}*gT(>a~SP0)HyS@;gqM|w3-GyO-&&Z!yebB~h^Rxy(xY*%gHMQQt
z)QB1}UHCj@QnFVy3Te9uNgEt$GBe*X)Kjm1G(sbL$a&TfKeOg$+afVg4$;0?^4eJO
z&su4cen6^rl83%?^}Ww7kkxNH&UQpF4f*6LsL34Sw7RYzer3W#7)qR&#Qa{X2xPAF
z2=?s83k@@V5isVqwCOu=R^gmp1P5k_^OBMp3T8FP&^)t)sB64Vol{miJ$*nmgXB-<
zk7W`5JN-|Kr889UJHxJ>8Aux%G6!b_NO1m8n2=D1C!!ngjOEE_ELXw$3?B)54Q~{)
znmjRGT3XhH84qDZ41$y$Uzq&+{#D`?cC+-w%0vgh_S>^2z@0e$$MzVx2MAdGNUNXb
zPDn+{n6daHNKq=r^V1baHQ%xcE7=oH!Lzdq8Cg08>g}kW$iX(Lz<D!}&fByCK8lHW
zAw1CEZplB>(iT0+70A4F7_ESSOE@Axl>Ah-p3=KAG)U#vEvR-18z=St(a(e&RoTyf
z0+|hi&cK%HsbJV<ovoo@G%Kdsb-2Fq0xzEU7*X)(aVklR9qfWM!P`=ILNIUu1T2!4
zpwDXzh+0meFMr5H`<p+c;ju*N>fzgOGF|)L?|O3Kk`nZKBbl%A^XaFi6g(De!8&cx
zZL{`oV>Fqhq{|e%cjsus|4k|{oGkj`uI)L*O0w2cGwVrQ*we*E^J~6JZr%XEM*OAy
zU=Jyd0t>bye_E{j4adzz?dT)5+}s|<16(J5u9g(eYr?Pz`CXw;%tV=*goGJegW*yo
zGpDm#eAy^n`QW;wDlu_m*9*S}=Izpt%gelX#dBQ8=7N3LTc_8GKTc_CbiAqDiEZt|
z^O4j3qcDZAml!~$Vnj|t9hEWkb^Q4>-tD8AhOy&T_FinAYMh&0d{X3!IoPQ6E^o_?
zi&hPyvye|%(Olft);gIA!m_Y8^dM8j3Y#=+tlP75Mc!!e!L1o9cwN0<hyS~1ehurh
zUK@WA4>=ap%PqPWH9sLcM`g7o<x=&q61yukp-0g<bFqj99iZr-B)OsQ|061)W%kyJ
zVFMsPBb~sPLw43MqIq?GJC+~yCkggmnMX$qE><ucWh6aW1*B_JMu@o?m!6VBZ^s%o
z?LpldoO*uMqp5Kh^_HEJatUq&6!A~a26Qq#;w8O7nvg{2?~Qd#PEU7?)Ib;T2?-R7
z0Yt}OvkkG)ulrUe2g4J&|6q@T#Oug7<RDL;Fmk22z2ID7y$<HAfUpPF=F`;7FcY2c
z;xY{s@s)75cnFmi1Td)};IDdO+T1)i3kpZy%zGA;PHSjG72{bqdOcj6^W7qEoGYCy
zUCNDN*bAD+b#>k*Ae~qVtS)ss={YUkFMMdGzwJ8qA5C1WeUh8~sbVQYjU*56)UnQv
zh7S7$om9J;L0BU0$pQ9uJl7Kz(S;oytksVU!^5dDDbwF#ySnb>a^l{NR@n#oh()R6
zZ!RZ)M#HcLeCRC!1(8mHN3d14OMCfKE1q#xzsN$}wr?`8%ZC^cj_4f^rQ<o9?#nwL
zzBJMuh4k!%w5L4VlQ(i7ri8^u7U=yuJS(f-hVCr@xZQHUwDrSMSJ)z4`8-K`vh(sC
zUyad;Z*Ha!F9T6V+7smM*VBf&?HNK5%1Pzr?}J7YosO#nG3QWGyLnX+K-vdps(5V;
z?)&S&VMdDz#?9AEmV4XTOZ)j^iJZGDsc+D8h-Xw49TqaX2r^PMap^b_=lTRV*R5M*
zJJaFR<9hFmBFv)wa!}l~TRXE;dZRxSiRhBID~$2iPLV*l>{z4)9Sy9)ov3NJE|&Jz
zpV)5o?s0_u$}iAsv4y>GN6fSpCpO8M;9%l}U8PZvu&TrbRW&)3{`)tlSX!&}ni+GV
zl_sjK1Jc)Fkx!d)VJ`16Vql4gE*UwG%Fk<3+FzcF0&XTxH&&!PjqtnGsiwT{%A@ps
z)C(>nA;TO;O|8YJ%y_I~+NYT`(z}Vf>R5{MG=o4Cw>#|;C!m6yiF7h0MVazGxR~sZ
z0k%8;`d%KJAhL;8rDM2xU<B3;HiIX>vd=?q;7rZNtC~63_mWqp7Bj~Rw_*3AqOb|O
z+<^G^i`55b6}O30DY<?g6QjBF6A$tuNWk0gvX~zSfhuvLxw_nF_Tx~+{PyB<sR|1g
zAN>3mJ-x@Q_rNJXJ_VWxkH0J{ZpKI0p>&hrgl@v2EiMR*D^qf?pj?>^mdJwobJ-&f
zX?bvq0D&<9X6+Rshx;CX68PQ57C>G^pMv>)5H)l4*X^pIL}2TZ>kqe>EnD1+A|x|I
z;I|bIx$tUV5F(PvbN7fjt<inhvIQ9LU>YA{pDw_h+KUOa3Hmc7ebUEnta@IV^iuZF
zAATZ{#n<!Iya32Z>68e-7nC!ix$K*~)MR%7Ddj^RbLL%fX{RS)){_btKs?AbCWH7D
zr_v9<`SCRV{gCbt>8;ZjS}f7giQ5si6?)HcL!<R(;bsr>O?Nm72N>h{2r+2ZpiAPW
zxNm$-GIz}C8xx&%5y>vt&@mcv8GZeE5gSbWFjOb0=e`7rWlV;)&g+@*YjyusoE8y%
z2`FJp9Dj_1>Bg*f>1fsWS*h+HqK!EU(%z>Bb2w%!Yx{mkqh0|E!vPj*J=4&NRPYnr
zy%6yK3F1XNnDXEWW{}vFW%}x!=MH-d>5oMlJJmiLh+}>YEPI+mxF?2lXqS`6B5!7S
zgcl(HqQ0}SQzf)54A9G;sbpZTdr%t(L4Di`BysU}9@FL;_TfVte2Gnk*)GInTK92X
zdiLjiWAudE3I<_d*`b`Fe$UV=DHnIaEEiTC$0AH%oGroS$2g%zr7$V<;@4ZuyXG{_
z3)%fk4#^o!VSTyBjb!{ERvvM;iBXcv5P!w8K|a1<(>Pspd~LdxJCgLz-v#t2c7@>f
z-`U?rlK*+hEtbQ>ucG2UH(p+@@7mL+-=u6~5D`HF`Q)UVE?^E>UwTa^g|(V#DMJ#K
zgx|W${%Y>n#=x>zsC`0K{hWw(4%+*E$8t%w&BvjQ9x&H$?=2S|ug)nwc@gZ~Dz4$P
z1+&H>(!&#zLG}4%GpqOS2{B@v-Hf@vBDw%asFG07`7a&2Wq9TBgMYUz?Wc&9ufrT9
zlm6V+NA_+_X%jPAX>bR((S$BlK9Dg#&w<E4-zO@S+dSpuDnQ`a?Y6ErL9NSV)C@C}
zDiNN^8%>i^@@!fYSbOEpXN9F-yX=lX(C^2z1~16mqPXE7cn%adabA0Q%Bl9F=c_3_
zIWbfWpio7k&LqmI1nX3^lJvX9iUi?%B#d+I*r={965>ItBYR7E)+KCQLRAy+_9~jN
z^aKR{gW=}!6$oGl(t2CDzV4`_12U8Ic-xawRNSGemY+BF*M<=E&!*n8xg+P4rtajI
zgAfs>t8+6NM0K#d9z4Nzms%>&^Om%0F)|g^y)`vaYt0hUc1cS|E_NNzgjoG+&%4r~
z+~g_u?3tYwP$tBQCAZ&^g5r(Gb#Cg;b&a!r$GHF&M`7<v=VBF?{bAI(0cOPXJUekv
zrZ(BqDhri+?S8m6Fm!P<3m6wwpyfGTk_$gr=&%5YjkwI8`KB)-hr5y#Tf-ov+S<lZ
zucj7(-RKwC&hexI9k?uc<a=6<#O+?*>OPFq%E4Z`U+qNC!KzB(UzaG77|r6w(Vlcy
zlO<mi(_eXK$zrlCMR_#LP;m3FY4E2(D}2|o#ADl?Ul*qup-)G3@%NSb$29T$*WsZx
zsSW<ZH*S!ss!qoa@)MTNx#q5>K%RCfy2LQQNmKuO`*^}T<kgocg~~H)$L__`7h>=;
zw!5@^Uo6L|88*u{#_!Yy7>KHc`f?K;XM84IVyVs*uf6=5Vpu+`E%y_`S~9Buv66<T
z@#o?WcLBsv8yWRbN*<kUTW8;m3BGKs&m56rTsn?X2(OIE;Z%afcdJK`luV2ariS6#
z+p`XnGU|^|(lypB@Qz>%x>Ic&6PWGOUcJ*vMZyaNdV3R@*GEVjt;EWJT^{+IxtBsx
z0a+tLAC3!+<589M>du<RORZ@>m#;K?oHZ7g7VO`EkcT%2t(z8YlZjRmmNcb<_fgQD
z@RHblHr~qG=k6SiHbyG&_BeiB94Ou@|KsQz{?~^Dj<W5@z`#efEsCgeg-u#o@{{Kg
zLXC}|Ch^DG(Y;ac<OM4_B~_}n+1M!ey9oi4_(Qv=-rzVxf%D@)WHuZbkhIv_@V-|Y
z$7}o^&m^d}*u}J%t7(<Ru_v37X>jg){1M$1C}-|aUlG;+ZtHza`A`wo+PlQsyIqu+
zSw$??2&c#T&CQm~M7N#%R_}d1eeFmQ5b&v}DAT)jq-8#RI6^FgJ!5!eWoxJ93FT#n
zgsjcBLQUt5dV!-qI5~$rAY)fv-`L_aB4DvC=wiz`Q*r;R3&Ze}N#(eB^hqcKLo|I<
zq@p`F5ZcohH*6zlc52X(GL-u*sSK9YiNp7GC5ic-n6ie2U6t}L8sLfL*#<W5-}cy-
zY%HOVV`KUd&V-a{`=(x$Z(lBe1EhilD>rdRKc#nqO9UQb?~0p=Ik?!j`$|qt&0Jij
z5{Qy<i4aW{bMwC)SFzM{X34pX;;?#<%{Ha@<mBV0KhICO7aA#LjB0|wa;-l6GvOzW
z6xCNpv~5+oq6yuOufG&{FJ3}JFUK~6bP6>6EGj^O%}E*d7w<J=+8EF5&31YzvCvt)
zcEJa(n{}KrVcgeOUb?`CzIC2q!RBW{%3bS&e1nXx9Ji8H@A%opSM@Z|a#ZYz+|^tX
zo}4<W`*Ru+g1C5G%>tsQb0^Yjf1gp>$qmOd#AT>|9#e%;>sCO@JzX1AjB9SyTFJFT
zL4lLgg9m00^RQIkzl%r;8+x@0utKcZ%9ciBjeAVMu@~0QU4X5UYKjlQ_k?{7t1aKX
zGiyA`mwNc{d%s;$Q!|1{tQfzITeX%|^AJ{I9k#W_DfhCf7yY6yA#2a0C3e@7r^NVh
z)jwOuh~1*1yDar`Qu%4WNqEz%i;I)y4_JT7+vGAt5pReBDAl?Se$SD_t3n{`(;vUJ
zPnsEd9Pq{J99N4vkA@Ym>coYHC;XS@RlX;DVMH6Q9lJBLD9qH9`I@_(7_n?BA6zPo
z<fPqQo75;0;#Qb58vPM+cD^cZg_0tDqk+DNWG=6$XL<;HkiF~j4e7zGeFl0vVPHG^
zsU-lan)ESO#q*ywWza!%$Q7<y6jn62L6e&H(v@)hunZ@tWRfnBE;hW3x-<HDQ>uS1
z5($kxK59JJ<|;V|TB%^lVI=M0<+7V-C5$<B)B%-vIpX*Zeizn1c;Lf8yG4b79`I?o
z^qR87_W#Hr6!MJTch8{~wqxCy3&yD7g1L?2;nrlNx0`>Cw0ULJuQXjq{;9Nv3^;GQ
zrXmY;Vu8YpWL;yA#tH5C@x&~b09mT>*BQQiM4jidG2OCvCH1570owc&;+XO#_rhOQ
z+*4`r^&KTjcZO>3hYidtaWR~9o29u=*%l9<PFU5+Y_t{XtVTQ9&xB{^=YK7Yy3fm}
zGQK87I0+PPIp1CJ`BNlsSZSwp1ClaxRblq;=&aVdy2zNC^u`ShYa3-B2v8`fSs;f_
z8VdDX7awu@G876B8OSk({k1eVhwc9|BUpwTa7QfQK@xe+cb&I4pOn>O<9*O{`7|DI
zCU$m<y1JJmVkXWDqZ64B3?R@=J)|w#OGOSf-;O$|?6{L_qWPOF)e5%UZMci8$b>u-
z$5kCur=0FyQ49@?*477l2@?s~A0AYj$wFOHQsd$#CTy|3>TMg5m1Y`UMIRZDRwWh(
zzt)TAY7T7;hACCOG9y8{BbfO`p1h+V6BkxT&M5j!Luz=tew?O&^aS_QF{lVpuND;c
zXcD_G*?_X!gTn^-H3M0u`dUPM5_9qW9$secK4Nam`^<2EfW93RsIOmn+f&(@>iLHZ
zf&asP*8lI6@!KNE`ULt!#3usK-a!|dCbv7}`8p8{cH(Si>e`PfZ@!sC%gbT^-g+hi
zqLi`IP1nWq5Z{i^X`t8XHJw`;)<i<hAzV{sPSnqnmD!99k%S1IZ7#8wQzH7rE+q+A
L+gPg#<PiBkWw=8w

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/cyren-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/cyren-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..155137e4fd98294926587a9069ddd69fe78318a3
GIT binary patch
literal 2568
zcmY*bc{J2}8z0k*nbBbEGcm@#8)RR`(pWDtgd%GiTijgxlI%=K5-CdzDxof-MhSCm
z7g-94vK4O(W6M?y@2_|H<Non{zvo%bb3V^<p7XguI%~nnaf$;30&!YdnmPb~$S;Aj
z18>jVwl(k}LM&avKp;WsU&3bPAhiJ)Vc}M`X0QbWHxHH_cRwi}2zzX0YT_7O!Yqvo
z;oo8FZI6qJi)wLu;1vwc_Dj{_d@AA=GyXysqo|J7ShjgM@<g;5k(20v>V8s`Rp6|U
zhV)NT{bF)5|1O4$ask&-S|IV>xSC>MP6*1V-TGTPs-<_v=b-mCRwZsBqK~yJlu&m6
ztyKFoi>ZAuIeWDGrbI4N0zFnCfla)Pu@PHTP0Fua_6S*B;^Earv%DDF`VVKx;Mcc0
zNP^SC=ufE*Tzr<gKwK5`#OpBfY3(sxbO1W0buUb*4*Gu|kfRgwPvvacP#03BwY!Mv
z!gbF-D=R$Jqwke5F_@sq%d#^{{98Xk5?g8UQKku&t*B)j@g4nMEjAUg%J$3)0vK|0
z-bvbcsra`is35tGh<ZJo-r$48`P;LJWue;3=m0>Y{L#%G0+qDv&80(jd3NqKsN&tN
z_0o|t^|&QpmdMXCB`K^VRHnWRU3Lv~h@F+h5|a@kpcd<i<k4lTUQh>w3qH6nuc~xJ
zSVn{Hb+Fx0_fy+`9$e+4nsh(+b-1#|A|J)q3#^`~F8Eh{w7@&0OZ%zY!C!=ir4tPN
z=!-%`g0Iq;PmjsYP5Tsw_Q)xl1^iE}p6B&g5@SWB)4^+dj0e8HmNGY!wci~U(EILe
zF~WU3Wn{3VaPu%!)HUg2%N<H9Ya)Avq0;%A*XJ-n`h>GY=-lv|9L3gSnbf^mQ~v|k
z1-u*LI)i{2)Q{R!=o)%pdT1ncy5?~^ve-~{yD-AvlQbzC<0-wn**?<dFLUOi`pST#
zw9JCxUDi>^1voO;GiAugAg8NY1?Fbav_qiGlgxE#trgjiaPYB{*{yAyr8fs+MJ&FT
zE~}1B(d`b!b=-5V?Y~s&tL2RSq56;*fxEX6JJPb&C(Nad_vB_~<A|D#8ZM;s+-m&B
z+bJpV-`&$bW>^62pzpt}B~2UX=~H2t8fbdtQ;RQCLXDvjE>MmSECQ3I<d(xT)qg;@
zdkv#9uXH5DDQu=}+LSwct*#<cBcB!)gh9LIrgrTA91VLVg1)}FLZ#ews%D<3e7ero
zP+e!RK6xHdB@Sx_`y3xVu6s+mlJTOk$oNz!Ns*+pd$-QU-PuG8;ZiLi7unR;uVEuL
zT|LlqCnq-|y`bY`uX2^-Wo#fcuxDCaG0R=Y42WD3@IOkbQ;KA)>^(9Igl_RIf;$gh
z7)M9pk~9{|oy*rO!aD47+XbKdOtK*Fb5mTCK;>o6b%K8s^ob<fauUuK({`cB!Vl8g
zkLUnY&1!-Whtx%CNQkxsENUPfs{M)QcpbWNZY}*$kii&P0QCtkxx0+%GGf8!Ctivl
z^#y<uW5<G3$Hx8ikIIdkjX|o0FQE-5AES=lt}7B3ZZavY4R0p&l8c$7TWtcbT(+Cd
zYqY7L4$Ky5qyH0TVzi|}v_ZWWCT<@|^$-J9x5b>yj4T!1_`X_G{G0bRhJe3<40mWF
zRdxj|2|Ln|+Nl}nsige~Tf$v{;M>>t9xYu7v~N9@Xo?y-mFGsZ{czB+(WXo)_zdn;
zDHG27d2?VwGHU)R4{Hu<Iy039EU{&iyLkoEy88E1P+J%1*h^<)!cVR0-fXAU%F+0=
zzt7r)oFj}$%Pg&7i%Qvta$!%K*<G&;=8pX-McGM862h5mrxuT`W^i^vGUriX6~oNb
zJ&7mqPH;sWb#r(~te#<?$5WlL@0}X500P(M?|cCjiQ!S8zg{0xMzqKVjW)uWC^)Ee
zrA%TgT97GcE(U^lM57x<do6p*Im{6JDQx?m)n;E9$CegUb~6MdabFfEQQw#ojtnG~
z7=utp4Y<-;oFq1dgI^wHX&A#lMQtq{kmu~?fFuqzTZ_|nb91Qv{K_cMA?J4<{iwWf
zWOqe$(xq~2(zkEK?E^~-dnw1ye0=%|97pLtM)HfTEbK)b;Sdm=nK~DlmqXRzZ%2@~
zk^eoI|2T>$eXa#%=Z!lG^ow<r7c?>2o<w9@ful&E_<L|zp{7JaGvAyJeC^HLRu-wg
z4;pdfhN(!6_!h!BzJQZ?vQAzZ-&(1Lss3EzFmy5RYeYe<wGAbXfMOX|Tig5^nc4{6
zwo+aj0GSKlFUM$$lP^SREc%A@fG2g9`&(Mi`1jZvZ>L^7H51`;`f9_O?E^}XNh6-*
zNhZ=J#Si?xdT>W)3H+!nrA3w@DrRA}Ef}aU_g6-?1b>hLlKw`hC{$hVL3R40_ef$X
zcHS4(^dS(Amrb^fT)<z+e{?gBFemF&;S<9NInM~7wZ_7LY=8U-WAO6*HOLhZ>rQTV
z#5akU&;5+~n0zyXCt!xd=?MbJ33!2~h_g>o<+UZ7p7YRU;_lwPoL6_!v7iXmPVY^t
zRK`=T<H8HZ;oAD;#lgg?nA&h@0DcJ5kPp~3^onQaIK~WUL~5kgr7o&g!2G6QZ4)n=
zu{v^o(gDJ#4VqJSZeqPv8XsH~IO9o9dDiHv@NJ93zP>N5q{X^Q03X>VKxG#O>RD)S
zvT)VicG6mcUxQ1n#CuI7w*Y|j!=1R<5~Uimp3OQvlmT^6h{5O>w=N2?Z{qiecsJdq
z=W2^v=k|U)`OTI>E0zBWzy*q*_qFKfkffE!<AS-ELHX%yxz5?NiO~ZiBgkcUFWMwq
ze1Yu?((9ufTItAVLmu6*LXhRL{Km7iDDvsTt<kdK^v9pPGvf%2*3NDo;%d6_;w!}@
z`eG_+*>rPe7!}lLtuL3Zr++v+oG}+F@p(0o`a+aGxIC-Dqd%LugwWpdoRVyYPX`Hu
zIlsr1y!19X!CUx-vKl4kXQ7B}-T`*7TtPGG<%M@G|2i)>^X+!O=A!RXZP3P`y7g0!
z0F*A*w&yw#=!O4!jmeih7<S-Fl_3A*y77=5&TjIWxgG7CRt(n8QPOXX7cHn^ISR6B
zxnV6D(Ap)<eJN&Qk94&RKHn$=tUy~#UqSlunmaHeNbxF))t0~2^>85?@VI$+_kRtk
zn3X*!?(&e6&8*lTPxi661yGPNp(VHbZ^@eZ)FG~j8;B$Ji_YI_HOxhY$mD6393!*!
zgKOy_O+u$hr9Ll*2+ib`qm{g;LMpGytzFi-GhxIpoBPh_o^ii7SUv+$B_fj>3Mk8?
ze|Wu82P4THuK!^@|6?oxQI~SCte^30Y0j4?PGG|6TGU@;X6TqLZp)UcQXnq_usD#F
M*;&(PXS|aC4H2%by8r+H

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/lookout-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/lookout-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..7d3c2f51e469bb1c98c7b1091303d72af8e0cdc6
GIT binary patch
literal 6649
zcmaKRRa9I}&@B)`aA(j#2X`MV5Zpo_xCe(I!CiyPAOi#s!Gi>c4=1=ofZ#d|Ft`T~
z+{s$^;Xd5|f9TU|opZXos(RP1>aJK#4JABmDr^)K6g(AW`S-})^<TrpKt2aIuhfto
zmaDR%2MP*+`Cmg-c@H{6zI^4W@>b#1HWmR9ISMY>crOYHWu}V!8y(-=<2*l4les*E
z^rv!D=5*B(s5N)9jWHBLj%#*~hC8U{N|HMXDmG+!E6W<Ri;FHUNaHOI6u?TwQYo7)
zYnRK<^@L`rP|1c;I5nd*hXbh-Z2paZusm+!tyyosR8pxQgZda&6drmc7JD3+&b51W
zpRPX`pL8-~F`yd?0Q}lGlXpgku`^-TFUMW$(QLs7tvp8$u2VYmOk*~+?tij9aKJ|N
zYW@PtJ@s<-QK@8neIx(R--f7yxmBT*8hSr*Svf!ae?MQArV2!Ew{eBZFj|0O4)`to
zNhf|OW4;LEHzG8IYJ$jgMJ#l=49GYuszOmf$;rte2XX01<`gZoM4oRXn79_-D6s<F
z=*k#7X@IXaQcpp7FrLSAlsDYU@=1lU=xqf_ozaXVnKpueIoZSm`l(#Caw`noR*%dK
z(P+kY@(eM8)G9_b0phX&btMZy#h)!itb_!==zzuCzu)}bBs##L79%@mCL}1t36FQ!
zi1?+lN7U;dQLxB&T%d6fMYS{{F+2>O5F=f}Hq4aHcf26igs}}+ancWM|1319etOj@
zKcgqZfZoP;HuSggl>}I5@h7auKRf&f?oePq#8>rhWRC^|qpO9^e07R{11or=nIvOi
zz{&0<&Sed3`E#TWcyw4;Ld$w*^b;7XI6bsTt~l(?yOxX>L9hI}14LP0aHBU8W*5A5
z2-=EL{8XH@u1rUFvvA?AhMzu}wW?E}XtQ2|6fR||_C=Xh%v)+yB}CJ@y>$1dwI1WV
z(`oACKEgpyeLR$jUla*={1nt%@Gzq|r%0zvHxgq`5qOh-vUS#eCPSI-&uLn6(JjyD
zfLpl*m-VCD7i+Mu@n2^NRW7ws$kd^6D*P7EiA-xU-S>PWETo2SzJPG$zTp5Tekne&
z#2mUIrL!DgB#I$&yfUHa{U+fVXATTW@oD#Ns5`QC;V|sORpPf@k}Q#OTMpQi@l3vH
zzo{*P1C7vr^egT*<1~davV(Ob?f~SGdITkj#Hz>4zRr;?Tz=rUVvD*Gwo9H-!dbcc
z@F+zv5zDuil!<qHkgI9RlTyLoZ_OL?k^5C3Phq-;s18NP5YK~YJWZX4Ad<?i>&hPi
z$koG#jQITUJW)$cf9e~XBj%ccxC2o{xgq(G1oi5r5hsK?pq0FKI0&!gn%I3pgDdW(
zuAXMGnlKM~8zBf6l1bD@M=(Qquyyu<$t(O%E^gyy(yQsn;K{FKf|fLwz%t(DXx<Yz
z=iH5nC6FiIfxK2!Tn0=;%esyP&sN}A8X~Q}?g%hXR#W)fEP=5SWS7V3)xk`vBCEw^
zK#J2^YNC2Pz{P8#+WTuC+pD3{j`x#ymz;4eiIw%D^urglH_AA(<on&9+f2k~c{W?K
z&C+cy##_fHa{BUhoor(R82olu*|W?+?05E=WRZrgg5|DX8oYLG@$qPE16DK=@7^Kh
zWudSvxtz??4|gE{Rh5}i@;kYTgR|<o+FI=n1JH_q3+*tfxw^F0@YI9g0*LyqTZ}IN
zuHCZ_QlC6K`l8F8<YhtcN3+N-)8?I*Uyf@5zeBNN5;|?66HYl^)C&ME+4Qo`IGLHD
zR8Xv>8V_gu7Ykiynmq|+S!wQXDtaSYKy9NMhbhGt?mL6Y;EyjUKI3Ex%|=H^ZsnKG
z|KiGVGrlZq<e7c)4RCr1M;GG5v=8=7`RPfdE9sGOYcKPY5aWK>JS>b*rB6;)@ryMn
z``yiW=%0bfnl@#^Uuaes6Kr~OvM|y%!ek6Iz)HuWj`65t6dy$lejz1R6*-K|K1xv&
zho6+rl3rZir#K^Q7)9>fqBj=PjVaM(kF7q=Pz0vw+%nFC?M#dG4^o4*?Hp62<7ZmW
zDy;Ip3GqY;*I^p0Fkr7IGo3+nzegg8IDp@qSy#q%uMvGEcAr1DG&jvrHm1%@gp_)>
zr8{f6NBjVTYA+s-aHdxtLV?BPW~OA4LaJjpz+vo~c|>Z2V`x$vI&k8cnJPhz<f)gG
zDzwsL@+4YD;m3P+k#{r|dBhJPe5fAk_>%KzNDmaToTlvk#{3JZht>zLGIilLBwBnf
z6(3fP#F~=6y7KZ%MKSa<+kiX^iVns3r3PJBmF&Jp_sRX~VC(Kh`rl!k%Ll8ai8OHB
z5ZXKx#1KKBi8(`K-^Z80-?zw>b7p`uDCMf3<3Oefg$8T;X|Q|GCBC~%GNq2g6C?x{
z|K@-3GVA--zyovVpzt**x~+xJ?32&wEzw0D`3$&>{%Isn0F8U2ThlS``HU*qbyg0$
zPnxB$p$aDCX%D5Vg?FH`u3Ti)LzTCiIAf&oMke&2!w)<$Ns9V6JHOhMpdn9iA97va
z@YmEke_1WWlW<L0T?6e*5)&&*h;C)Y=c26ZMHQ#nMCk<{snMEeqy{Yh)%#HiUDi22
zkD8BpER5XfxjFhOVa&+MZVc|((l9UGo*A-V{5U#&h?&%!awzjdJBMNvDA%z~#8IXe
z7Y<_+6QhN>?AgmQRXdJYkjqd3OB7T=3XEdEujMt)-N(GIZ$f%GP6h6ZUPKTV)VU))
zqpmG0LlnW$IC-ang9@z3d#{8w^vD_mg5q~F;I5x8g%eu#lYx`;+0f&vG(Sw1^%`nG
zD&q{rc3QZ2+;t=X0|{L0dr=yzF(m2{lyUg8#7^+xGp*&%dANho(-3)ghu<x)<QW-=
z8!?vmFug-TCEM)WaaqJlMEI#zqp58U4Br&$G>@~#!n(q((9l2${VnxHQg2g8$K$YS
znvzQ*<6BFvY;DCxU9*8qibIi90+ief(^&nVkr?%@gcAe`xMp@OqGZ#)i}Q@4M|&f?
z2WP|;`-m@GU2%>Y%TCXYuEQMZ*XnV;h)ofLm$&ek!5k~;L3?RBw<>7`RKo$l>c~tK
zso2>Q;#9ll6uRaHdLQqulwRH1ZxWt*9dGTOxjh<fc66GjkYYQ(93RW^p!8~SpOKXT
zWm@nSj%%qlbf?F>t_$@Z7-YObJIVB;##y}_5tK+Nu~u~u;A7_)NMsaQ5vd(*&yDI)
z3|?r<Yb#)qzZ#Cn!bo-cH$L`<@2DVAG7Flja?7}%&dwz4LkPE)l*marZ@u5$Os=$@
z>G{VC?&?a?Z4K3Lqu4I-@zinpnyJ!BH*MEvha|kS<cD@#ETYI{;Twk!zMm~Z_xn_2
z*7b*LHYis^m8*5hg5f@MyAv#BfWZA>oSSr6QX5*3%uJ~(0&DVH5^>~AGI>A&h<TZQ
zXJjW`=|r-&xU*sE6_IOyL5=5RZ&mRiQ;{rOr;)%Jt;m)`88h!`kudw$d;fd|e!&&7
z_!$S+O(hj-R0gqpC$4VFBxd2lPZZ+FaE%Q5cB2`TRK1%z#Tg4mJ_+sr4Q<(KFHK|?
z@8`tMSmH~j-ucbxASQ}Lm*1%;F`K7>jO31g<IibZ^Y#YoU2mx?hOhBUX~^IZs>)+J
zG6<!}r0XCN=bZ{H8;MmAF?W?y6Cx_`{`PfV#(4A)uq3OyZt~GYH}!gnH@cBTGli^K
z&uJ^BCN@zMv3U4~yPr<nrw$y#Kqh8mrM9Bv5!S|s$=pkGlefKAeFGNKl!j_x7f}xm
zua|5;tmsO(G{h^MIJT4=Dems*S?V8Kx%|wkoBpaSed-+~BZE_d9*TYZ(&@)ypw@m_
zrOGlE8$%s^cXs5RFcLg52h(+qczr|PfmMBuH=D^oObbGl{ylu3%itS2zivBGV1dh)
zzhskAUY({sIR+}XvJB1))xiflM0=W;s)2cZR8HK&`vbO~3M15*eSUm``DwmDAqB}w
zOPd16*O#Wcvt3r~+%JVVZAH@mvStUe+T%AvCZx2aM%5;2>XA{O3?HX+I@r6hd!pTx
z?ibl>AZKTq;v6nySB4sy2Cg434se%<*0(+aI`jynU}k1c!Q49xQ06SkYfF*zH7KAx
zeMUp3cpGiq&(EWEuru^TnHMJSd*p6ho2qZr+%VIgup!i~-uFwZu*hSFESb-9Sq}Kv
zO~UJDf5vD2eRZ&F{RJ|292~`DsI341+7N=g|G6&*&=nVjGHqw)IdOHy-WM<ly)qi~
zFW~Vsa|p;gKK@h)LC<H!!zxrvdxwFqExoGT`->m!>^BNkkL}FFD-neWNi?9D#Zc*!
zjY+AAk-b)+CsLoZf=0MdP}swn>>1h1ILa4wIPp_ol(9$CXyaEDCliYIq}=glViLWT
zXH96wMn9LAq&#^o2WtOl)rt@Yv{cN>N-BGxzO9dSZfJflx+nub)ACG6d0gv<l#Q~e
z9x0d{8je@=9%jMVSf<jVRrnd0EHJ}t?QezXObfJ+j@PDo!i@ZTJK1qODO-oKe6&E3
zhGK$ut5rX=yL@i~i<?5BAT6gG_jhyTcRjF>ZJlDDUUyl{++7+ZG%Y=rFjQ$23~Ua?
z0%C{sWNc2Hs(CxURBMVN^OK3g<4?rDWf8c_0aY$1KkgaLjA6w=T_f~A82L#URERmT
zYv6-h)U}n@SYs{RJY8OY;ek!NX10jQ{?bJraKDQ3qAqoMYs0P4M24U3ei4#dNG8jX
zBn268G&pH}s^Hye(U~!mQ8p^cuj$BBxVz*ZgGck`d}LZk3uk1{$el@HrldqNCBEK(
zIFF$t^eq=hOVpHpFhEyJaYlb%P7yPP3s&cU+nej0wlhw_`rfW32XPqOs}kZkn!-pf
zC%XXN|Fjd5ggb3_ZDI&T2F{CtQD@&D`@)`yP$DGReXq|}-_=`H{3_<N`ezWv@>B;a
zYs6SdJrw2*B}D5}u9p6*0>=@$(@5Y<b#!+h8ecKkHVc*PLEG@8mvZ#NuZl~b(s8m@
zTf(S{6Sip-jOgikGU_sauxjgFBflcRE0`ra*m{V54wDP_Vt=9yRj8|PJpweRZHU8a
z^LVV&LQ!lDce)PRm-yg{G!@)7R`CqzUf~c)zfHq~=tRN=c<$dnF`umy8iH>zlR~bz
z@Z^++N@9;HAjWo8h^~VGXzR#T_VxQ=Flq{jt0MBD;?(x-^nuQpr?uaBtPIXOpzoK3
z<@FDIB4Cze!p}W>^firLle2U|8M`uLU^k~Yh_FH>bZexvZVtY$YV;6>=yRSxJY@%@
zfPA|Tllrfe<6<}HfZLHw-J9=%=q~f^HhLaAI1ZwdE-WuOf8)<5_3LX#)(!v5!FM_5
zeBjNyWlgR{)>Wa%nBGKou>p7_<G@B{-O;x8>@G%ZM7F2pFK7;Giu$$G^}pwQr$rv4
zz|vajIxbmtU%R_@U*~?DZ1ED?R~^L0WO9_}ZVj}8nZuj>{v|(wc0b^xn8;Hk$<uD#
z!h4gK))(U%uO$veo-8L3b!=Z6V?E4pDY-Y<0I8AfyFp<~t%7$7v!Cqo8^1m$(?Tx`
zI4X5^$G5&#@Yc84-^Da#iEZ_i$;)72#amjuo#x<hAN8xd(_KGYR^TJr9mnIetm^n_
z;qH2w;1w7=f2;!@D-Ck!-?=C!bR})DEEVtp5b!*TQ>%U2EmI1foQ9RwL5eWL3`Mk#
zE4GjZ{61OPYg=y{QRmL{S{F^WUet&TM-3Zr@i#qWs3)wiWBr;1nc!q*7?0R-h`5{f
z5Ia>w?t?S!>hFGIf#bMF7T<c$lh$nePZ0;YNw>1F>it=DC{^Fq=G@FO(B%Zop)pEL
zb#@Uy$zftLjbTfhE~92qsE$Ep|L>iF;Eu;P3JE^1k1WN4vnu%_FEC1LUwQlZG#rK#
z?Af2Td{4Nuo?cxYp9D%!P*G*q2T(<Yl{$cgxLb`?)wj0b4VeO{1i@EC8&C89EjHMR
zp8G!bKJ%$`{GB(Jy!sg~Br0m&at5N0_}1B(*B$Z{{do3jiUd27=kcBX&oqJp@_YC4
z*st>*U&s@T#ofG@Jb=u8*FlO?ZzMK4r$lLzf@)F;Bjgwks1NvYUj%Lc#9&|%57`~f
zdXLJx9goEj6VWFmB&2B^KoRj_q)9Ea`va=T%6`+=BFN6ootW<#Jp_WcSS6xYZ8UN;
zs>=1H;k~S#aBlUXkcbFzydpa%@6h3&!b5T3@$u2he@S6asJ4^Y0~cgt=f09wr(_UC
z2l4p`rlB_q3NKl-1yE??2ln>%=xOk^wX}NnW>C7PriSQ(654;hH8iAr`7$-+i~TbA
zqL&ZseMB+!y!q;AsVT>Rs}(+MEl_t5MeTcaKJ>jxvXkk1bMu$ezz0M8g?XqlNCwkM
zggSq%8S+W;k?`*Bj^y=uTXn-F1Sokw%*18Xk%<VoV)|S_|9st$e_6xZA@lQ832I}l
zQdrfI`-;v#hTFLLTeeP{c>C>cA3?+RGPC6UExcvT1qI{&;cj3083*#`kL3B)?DjV3
z9hanu@z_Gwy{_$4R^JPP*FT+&|I_eqFNqA5#mqJ~x`ka%%`W~LUb|WCTc%!MQWI!@
zeH)q)@?iXQU0&vQkX2TmD;Q0}s&UqDl|+P#em5vbP!~Ah&X|H((|OPF$!SAF5&$pn
z4#LRc_Tp?VbvRn;%z6H^>Y=mn`z-G?h&*R)u>0xiW$;r&e%)2u;cai8&(<G+`}VNb
z(`ilc0Ft<vNDXb_yKmWne!cW9Y2s2ky83Q6oi|&5{L9PBTREIF0BD17w{^cm=R`W`
z9`oRx*C&h3kd6*X6acSb!kP<0wEIc8{q>?k!NS<P;75Y1n?IMsMM?Frc|0)9Ncdo7
zMI}FOc%FoJ?eUcK(8bP}_K8Q!HQ!XwO@J@9RNzf3f{mNIq@XKI)GQ?L;O_G7`uP!m
zU|>KQ+TW`XpQ$gL#7Y;Ct8eZXxx=Z^y%6zg@7=eu1>=4@mv+eNYUPa=mIG{f$dW%%
zNMwtfYkRpw%}qSds;pmv2LEZRx_#J9yu7BesIv(Y)#k6Ns%p?>DTW_yRps>N4Qhz@
z!*M1zU_IyocqO=+KAEWT)%S>>Q~@?p_SMpR$0>p^7wnb`D_}V3xYR(79i&>e7U2K1
zE-B)&EbrkV*!OzFCaAgcFXS8Ylwv^<(QA?0+G_A)-fh9-(%o(GSl&u2Dhgw|5loxJ
zI#5eFaO`a*lCyt!DDk(D(CPWFV=g#2cdk-jTQ|r*#2iHPMh(PP^PR%SJar^u;gFda
zpCn$MLRfZSu||-vtQ-6K>fMa$lg@1zLQacx^(0W^&($XNHN@j8CntxJmX>AXxU{&D
zv~o>DO%127udf^@057~qDTx>>T3a6N_QHI92$=ssv-003#7>5p?5q$-g>mC}&{Cwq
z=QJ8lB~F8XIl`KsjBtkykGz30>*z8AAbC$+n5af3Of=XGV*+|Pc)G$CO$J!eeYpqw
zt^RmJLYNc~`Ll<=w?SQXbP8GqP5#2?1_=vhL6Ob#&DJ2Mly411;rWk$lVS%fs|@O(
zl!CUk4wo#S!%(_|&J~dIf1tpKmH%8?%3}67(T%iCs~3E5_JI<F)i5wFM<Cr_Z!>nA
z5pr*5w$TM-K-bm1WUFCAN*_EH_V*!n2u=|dHifWScsTX=@EnXpqk7j0WbUKQ?s!(N
zq#v}cO?>MdT;Lj0G?X~=`?oxD!^w8Ywh;(zZEZPyJJ#;|0bU1Z7s`eT)*N<WOZ3m?
zPg@yBfmW~T-S3zDHhVtRy6<p&B$&I{oy-#gI$FXCBQa6Enwo@!h0jacPb_yv(-)mY
zp2jk|$InaQ9amdwzvt!}Tw$_kVJLJ!u#CAmUC8A|x5~hHT(QUGzT1?sPJcL3DeWZb
zo}2C)8vOR~ro)BvxrgVtvaf;A=X22w>!ndLU!2Z=(l5(JvvKkw)O^+=XZQOp>&}*(
zea?<Hf^tr!9)L()KU+{BmqT@Z0Qzi>dm$;+aiInQPm<pC;q6v84xlz~eGZ<lHkH_S
zu8_PO7o1Y}ENCdotG_tE?A@7}n^REpz(MWKR|d&~Nm*#HkpZIB;@GI7qN3&G{?K(1
z_&fLlD`d4H8fio>0M7HDuvaaYYCi8ZHAA_^kXq|))KW!!c<u^1y5D?}NGqkPr8OO6
z<If3DyTD9_za4ULaIhG&Yu3~;N#Nv7+8N8J^Eox6qNXxv^yOEp=}si8)SJ=NAL=5w
zaYt_5<7+yk^zgc&{0}Fqt!#0hD=J9I$pwq5(&X}KEH}D>kU>pb&uns`>&Xl0dNCCh
z!}aO~|0S0!a1U5E5o1SwFE6*4KUzwi|5|jfyhS5;gq--_Wxh&#L8(K(C4WEV<;ot!
zS%kX6-=FUc@8Rq&2$Nyhrxi&KDK>s425JjlQPI)o4}aO>WW(A~+WTJHrppTW6UPs@
zf@!R72xSQ&^2&SSwhfdGVyzEsv`MoI3rdo-LoioOq(utZ;JD1D3s~rAxCD4iBg8xz
zI0$9nl(i?0F=L9%mz}!d32VNJsWiL-mel=1=}^v%NX`wfbpdFa5St_|0c{c@cc)74
z5Im*_1vy=xuQYK3aBOUB$gA=T*;-6^Osa7fw6sV`cMkHla{zkwU&j8Y(!>8!nLxZ{
uJ^okbm_wF1+$SSkzKqjLMA(9#>8|%B=KwAGmdLUVii(1Ue6{R{&;JJ)fXo{J

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/misp-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/misp-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..39c75e6b09675ddb1b064711a86ffb5b16a7677f
GIT binary patch
literal 6911
zcmZ`;XEa=0xJF0_qL*k9M)??>(d%a-qZ7i2&O{%giy#D1q6aZrLJT9K8zpKa+C&?@
zmoY?i6TRK}*1A9MJ?reV*E;9j=bXLw`@GNd?j3Jzs6%^~<1Psa2`%KYwkfgp`L9sk
zCSH4%|LPGdDxb$tKN1pFf&U6A#1ybkym`kTVgSCgMn%U!aXUZiK7fRTqX43<X%?Kf
zlRxEWJ=IX!!K9RD7)LAHl13Rt`pX0W)^$t=>Y)L1Sj)+L&Q~@8rS7}q<E@4hS9jJO
zcs3l$RoZ#x{7QSW1ZI$A0vTxGcuhxgO%fVPn!aX2Kf&j<AR`slGZuOA#j%EDJL7n7
zyKTzWW2cT{4(*k|3_Q%gwnyB~G9N#NXfsm)`qSVhq;dwuZC_b9>B(127N4aFRC{r1
z(pxsdZ`EQNnqH$}4s)O{R+D@XY;k)pUr?7Ujd&2+$spxb(6$!XMBC)OBlWBA)z;$L
zCcmzLizUD;nCf3n5#NYkQ)`uEtRaX0+_hY0rU3dRkg+O&NvZRSUQ-yFbdr?{+ebcO
zuI~Il9uINjB4c7<-AB=nysd?tRL;%lq0D8p1G3poFA`J4W6#Yf6+TFx9Ze_{F6l~_
zK!2|nvl%l}=&CYG{CIWgrANiGsFTreyia!ABX_N{1t_#JO2>-vxLj-4nU)6WI`Nhe
zhB+}Px)z>uIclrUm3Lhd%B!!&Gc@Wv=hOEsDe5ENI~+i~(<fj&;q~R@RhK?{WgnA1
zc;BwOJRe|=h2a<;R0WfeEwfTc#}1;pWHZXoMyjAAWcNyFAJyHi)Nz%ar!FF4Dvvp)
zJanhF(jeKaQt_x<rg&wF4>db6-zO7~p`At(BGfRd|ENrmSsm+(DA_BkOT@app`awQ
zoU|E$f<Pcj`)QDo)}*JV5&v#1eAY}v`r^;43K4>j42n>i`wv{ue+~L5#eG&byJf~=
zulUi6Q8lD*h5BG{j|Rfru+bA8&2s$X)u|0%>1}Kt$3Uu7g+T9$O!xgE8W`!cbxC!}
zK;rvSwPO_XNUfJjZ6BRQY_LlJRS8f0XSm6F=IQ27D(qM$+!7?!@k{-y1WqIWK_O7G
zpdnTJblHjwgJz&09ju+<IzF^Rzpwj*O$2`5E&Cp!tU6$Eb>DN&tu1JEwQN8_SqS0=
zVu*-(P$h<IK#~-wl%1LdekymXD;gi{x~-m>5DnBq>8!<kNI^2n&(?o2kn=*Di*8pP
zG5IF;6=`G|t<G>fAX+&r@DK`8&Sn@)jGaldg{z6pdvqmiA)VHa#^d_ApPx&ia{S+Y
z;re4J`F@gcSYcH1ns+%<vtSBnT@<Is*clk^eTxUGk!L}jF1*HiMETln?$nz4S>kJ%
zp2dc<m0#4bQ3l&Ia4c5IDd+OtM`Ck0<fET8u5Zu`F6}kD4~|HvgbXq;?CX-1-j?Co
z(%VSRH#IP%Mc&6CnrloM$&(lLUxWj4MT7V&$3Vy;1n6W-XGCnnPAyoZR|E1o8h()b
z<;A(F5(D_Tb%VlU;d9-F)Ka@=Q0Asg$<xBGOnIC`rhizQb7U2yQXk2CectqiLzd@#
zvTniy-_d6B%%}I^UnKeQL&-IRE50tHnCZC+og+*)+P>U|_e)voC*}#uJSMZwG2Se|
zrh-WqYHPNe@#J}^pYs3S7k}r>-Q819+S?bBr_w+cHTE6ISsNQ8tl+e8`G=LfG*Q+|
z5{VIe&Xqt$iC*>(L*wgPg*uZ?%%~|1e@d8-k{Rk*53n<kr&_km7q6jY9j_6>|BLCn
zRvMfx;U|E@GWeH|6u^_m<O_T~Ovm7Vs3}{bt&yGGvLSb^I$etIdRGB88M!;wGhVyT
z1_L5pio*v=pHRzftu*vS6+AM#aK6U%NV~t0z6lIT5XEtXXUFL<vVN7s+#alzdZ3lq
z;MwakYyD^C!Bp0vE^f!QJ9tuC=E2bCj*k@NIzJ+;pY<So>9}zmg$s{;0~M5o%=k&}
zj|r}^&RDIK%nEI^ZBf0{E>g=e$MYO(hcz$t$|XL7a4*y|fFJISUPiIe=Rr<)%Tl~1
z?&dRz5a(Bs)By8bx6aaTb0vR5U_0To><|)S6noel4IVxVw}?tC7Lnv`>)SFfWF&QI
zQbPI4>}t;&VB(7`L>SdA@2@Ij$hPBzr_maASg3m1u%~un&U<R1aD`OqCP@VT#D?n8
z2Ka=~|3tvv4r?#$lq%<`mCzSimeSS`ZVRWO_fgDWpMWG4+8~w(KF3;wKL+K|7T<s4
z@q~j9*p!T0#0-}dh>(Wjl;oLidx)r9F8pD%Eju!i_YTwQ6O+yZofb(Lj0i;T`)vOU
z@ri1z3qUld^CbqeQPJNBsK}A^$Wag0pK1D~KB%Cq;V%MOiLYj#T_^BzGjYf>DGBgw
zj^eXsQ^&=gW;LUZ@uhzXIY_~z_a-k;2mSBGYwA5BY)Be~4<jUc6(_U#N}h$t90+K3
zic&X$9Sldb<h`)5Kff4|UZYFi52%Q#hq{x~G-+E6sGgWj3MICV)7!&x-a3V;VP9U;
zAZjZ5QC&3LIFTq-ri^+wal*c1TZ+6zbQ$fM_sq-_{$)EYr#`S#ne5)i)l13lnrqpc
zy+h_VZcJcS;e)u#D}?EQ%9+jSnT6PL_i9eu_jM5oQN4xBPs&|WZ=m8SU+R;}RoDn(
zVNn;$C`KQ5k)h=g-dG38I;)YLKn7Gi{r;WZ;5;{kC6elUzKQ@S9k4KUXW6Ex)5Aa$
z6w~(Kdp5g(Z~o!m5FKPY0op6&uM?c??4M2M(S71XLYivR^Ob|<4=fGF6oRhFiuw8d
z)TX@<f?dXOM_ZGowzl^)f`a6;XO&Z3%(EQW&7MB34ZnIxMtT!Puxo!6lbmdLetyBu
z{(;qJc4sB<8!CRn*xVcp<baLECIz?p^$wuXdU>j$$3t_#X<i5;Pt_f;2|Yz5i|Es8
z_lW_4t*>goSJf*doV>pt8%s;=LOZqj`X#~-^!#mfm|ZL?4FRTaiiADqn;g1cpuNT>
z1LGsE&Ta}=_m683NbL0VW8(iG9{PIDA&(q6)h}j-4_>x4`_6dA(sF`~EiBY^I{W(}
zhJ|X~X~jCtzIcvw03YU%i-BlgOptD=G<m|bf<^CCJZp?K7qu`kWhDFf<x3)+`Z@U=
znx4%KCPURKlRG~Rs;{qbB&-{FT6RR@F}drl9|&pS$Oe{^=k^N{C%})qcZCz8JQiK{
zyyh_D<AA-68&WwrIWzN^4K8_U>F;U$Iys2EAA2XmC~Iie{!3NAAt8*k+RsFbX4MoX
zFlklq8wHG6US8f>af;eX->7<;t^n2Ty?JoU0?FNj;3%Ve57xg_wXcSHw{|tQAMuH2
zQ)gphmiD^QJKyd~<?im<wzRY;2JMnng`FsSF0?2%<_;9EMTSA5mOp=5`m=>Qjc59`
zn9wh4FqE%sq~jt4Z@eft{z#vfAr9SL{h4@qMi}mQ#`;-p{R*J%w%m^ohh`nTR2hqq
z2}$)To`<u+8*?iw#nn!igZ>^J-Td5mNq@LX^B#8J++5Lbokq2-t$B%#E@dBY(K{NT
zTE!WsZ(#5O)t0Z#mptcYt0-&GjXN;5HA&{x;LFi4H?P=SaHZ+Czc}7exw-VCPR>t(
zK|jmfXN)KBcV;v<--r{ZB;!eWySO!_7`_U~(HHa{4z61JI!GPWnZ((saM)Wcd%f1{
zis*T86CAy`xY+8wB%`9Dzjwsx*E5zQ<&Nt~Qu*c~q*nNSWJI#KxY+;XFLrF~U%`w|
zZZp!ydvkhjn+qEeXfNE!#SA)t8qdP=AyzZUNJ1Vy-zhstv2dMj7yeUb*t67arnXgW
z%XG~^!-RQMHi^I{?z6fEsa`RPxF-BN(;}2Vl&UYt_Ra$B^~9V7i9*F2L*l+ZYb2AD
zl<Yjf3H{#Ogc0>B(RXYQIgl_0n%f~e4O6b3o+Qh&4dRP8%eQ9dl&haZaZ$XIDk{Hz
z{2*s8e@!Buo#?MLc(HeL@8=eH>ga84NESe^$$2VjSD&8Tus{WDVIiNHnK?euLunC%
ziq}3J3bOrK3sgB#V7(=|fFBx}Z_V?XLu2QNu4u*uZMO+45-!?0gA#(&*UU9E>8rhR
zySg+z=X&rhY=wnBOJ8NJ?+dafN+~EbePoo$p;1*;^$!R*n6MD61u`W~REOXmJ*~1e
z0J8EkqT1!(=+d*k%gE7Z9jj;MQkUUTbLX+_%&Bp?{!nd}1C40&_K@VdR~LYJuB5CC
z5zGiyDX@-7DEja%xff?0>gp4>w50H3v^e59et>0rrY?79u5qE^JB6mk6Z1;zW-X<R
z9$EdKp5FhwDo6kMP@QEKI3R!p27{d(ah)wklGl6n{sdsev76&$E6)cgqhwOX{I4SQ
zPws1**pICz(a@&s|EzJ+H#Bg7PDUw;C}{Q7z5`;|kzHq#PvJ*L599figLX9NS>=BS
zm;eeM`~2=s@d=%0Z_(siv8<O_IQm7%LH5@T?-q$zA9W4~cBrJj&Vn&el3O-AQrIjk
z=o=ai<*v<rK!Sm+C2mlDy9hsyv0uX{-2=LqVBFE3sRbwg^6V*mvE}E;i1AR<i{^#L
zMR8+b<=(iWxG9{2v-A5Dbwz!H`q-YH9%b9^Y9O)pmH5O<NnKzx6~MvqXQsh}O>Jpa
zbL}m})@nJHcFPqGUvJ!Nd+Wg7{8rW=!(OuQIxLhblU(t|p;@K$VPr4Pp?4_XbEY<D
zOCIjqOpp!>yLy+DGCDP7#Fy3=fU2uP3EL`3*sWko0y#K2_kz{QfRf*zTjjx^#K8><
zQ}u4W=8#K!Y+JAy9<nSoB5QCNuC5%Y@^7e)GMfaNbgieg!DDj&(l1mYXyyB@rEO0j
zW_^1`#(L|I<5kNM&~EX^AM-CH?A+YA?=jRgH1~XQJ+v*~zKsSrB^zhK(jEgydJUS`
z(O$*ne|BuU(Jw+&-bZT@Pi=R;*8NL@=WP8!&5l2UP1I~E;FX&Co#VZYmwU9U@d^ke
z!@ajNjouOo!*BC9Jby1P+J>K8sQa89vKU7A#b(KgRk*^D<t+*2J|Aw~IW8_2c@Tce
zFjcjrVcwwlwf}zNp7kaX<VP=|4ekQO!x9-IoIoB$S|rE7m&TDL2V!hWq&qfAWg~R~
zt$DdY2a{dUg#OaP)q~*a_ApV8sY=qm!~^N>>1p-{5xyUGcX^n>4z9r;t|Lj+ZZ6sJ
zc)Tn~mOc^OUk+7LQZh03>YB#;_A7e-a+Jt+gGOsTT)gZ$fj0YYR*&NNst6ij6NS@N
z(#oaQNV|iB*`SWx;W2)U^pht~S}%4(^Aui?LDK2TAF_Eic;(jANX5Q=TVn`Sr1nS7
z)0CHEvDohjIkC=sJ8{zWrmX_)L!O(m^78ea2iMAG<~G=+U^_~~RK6Vjw0>uwW}7l7
ziwU#eSoVygcq|P1yT!2Vb2J+r&*%1bct2*nZX=j|KKr!{)8Sm?U`&P&gwYKSZ{Ioy
zIzOw#137Kv<9-%h4t7Mm{axtp>b>Xe<C97x(G3UWv$<E#qcZ^U2n5IRZdhaz=aj_h
zg{R9KDem-_?&NtngkJ@MzhfgSw=CDOh1}9E=2-n8q}$LLFcePnqMgosDu9L%2#XaJ
zJ?lDY?@e|&-~7G(v5s&ThjV&IlfszNOVs<7;vGvmHeO;$7>=2i0MV_<${bvb33E(B
zLV_Y00ts<*`$v2#BOl~H9JFy1Jl*Vf2kD0A!y(;PPtGXccI$ENG<5{-%qr?=*i50y
zX_)TD_~IRF*h2&NdhqQ#IummFE$1zYOfX26n`>F=r%wgmZGRaX;YTkvO_dwr3;rr<
zV@t>HVL6XKBWSm##>U6%f44Q%S3K&6ktp=bqG83STn>fK<e_P5T7%Cwx0`;n(B`h!
zlMCGwoFBdNm(PQbAnJPD1>;@YJqBtkC_L`2hiYD1NzuH~W0M%E4OAsk?{$v`Bwf-V
zBUe7u&m<6%UJaz~mQ2--$JUwxF-4`N*_J?EFE24kv2oSttmi`^>aK`KBAMTJ0&#@1
zT?Le3i75>&U4~%^2`O=?%*|QCI||d%7+$`7i7G4mSX1**!l4?C2KDszx<Tt=ePH-o
zh2B!T-`*Gj82|IMcSi4=psems!RY{Nakhk_YLBUV0O)$D`jtidNzYd6(bJvoraeU(
z8k+rnp+f9<{W~JKBt-1_(w6(uiu2CTJ%AXkz-FIs)~%O^nC;-_%3faCr*`TWio-iI
zgGS+pxYqfp8NZF@mq#KjnVCk(uZdhvB&4+d=j=Q@>tjah{2WP#^M1oCzKS?gyBm^(
zRU&;=+I1L;WEQoyM*Vp#hlWY1sToRVY8||c?`5Kl(il60{YDIZeHI2_q+$j?<Va$q
zxm^v+NJ}$$^ypE3mbhMYw*%kAgmWEqc2@j=C`0b^+!r)6)dI2#nA)fcDPbqZx*w!)
z32;@e%}I2;D+=D+X-f`L(lJYS7P2#YO@y|;O=*37^kYC20HUw2FDa|?4q;B3o1V^C
zG%8F~Kb|1W{yt?9fbTBZL2%x{faKQH*J2QBu?SaBEim@2&f}6N<Zm<ug#>H75)rQN
zjU_1+2xHgRq|!MwE9H`i@*+2-fPjX?M=!7WNLj!Rdy5;SLR2UFE5np;MMLnJ*?zF|
zJLffCxkSy=9Iz#rpIuc=9KP%I{2*Zo2^_(xS0Vfo(9j@7>@KQIc;l=5(&vVT%#2b)
zMYt%$(Lj&7s{Pzcg-4>)Fl=z9Zi8Ms(o7l*hEaI89SL@6r0VT(zaH%D<lSq(5PydD
zT$!+FSM626nq~Sc8FcQIR#d#lVoj~AtbAFV=0M_5WJgCKo%&_mm#In<6O$qJ%d4fD
zS7*NB=!OG)cJHVht%0A4@&(<t%kb_34J|DJV|SIHFQ^9wD;D!R5xqjMzM)}s%rD<Z
z;hj4D^2pl<*xA_ugq#OEJG;HBYh2jH@nO$a6@LO>Z*o|d&|7sdGZ<81XJq6}cMzN&
zah83f>jr^@ljjZUw{&qS_YqfVgrs>=dP7!XHW<j$hK3A@@pih+MSiAYfY_-n`_~KK
zf*4Sh>#ILO|1reK^mOO-)dewhE$^>%pT4?V)p4yPYEcQGrzB<|7M0fc=^BZ+N5!p#
z<GBjUQT@<R<%x-j?b(Kmp4eClRBVmw`@vj!zukFgOUpM@W%9`U{4c`r4zjWmK5N2D
zlzbt9Q{n>{%o#3?zaEXQ@tlz+GPlDyHCw-PI=@cJ;X&_%I(NK?_NZIHn>YUgJv^Pa
zvc!mA`h|L8CnF6?C@+@`n?F4zN4nK|FWKJXK97^=P#KE6x_}@}xvu}p05NNs7VSw$
z_dJD=bWhM0dqmLkCw*TahDzqEbxl;ZtxB9;R`bZLE?=59a~}RFPfD&qF6iKoXw^qI
zj{NKh<*+)?RoJbv@`O2@LvV0(1wzx@yfPplLl*#Xk)cfQJ3UoM2ab-6yax1}#fnbX
zg`O0>Xto6Qq%2-PoG>@H{uY=-j41cGm7?8#w-Sa@QUO%mlCJLVj!W%rMB-o19dlvl
z<`l^2Uk+^Ee8B#(s_H@GT$0z^yA-2T!%|~r30`BS_<gM29aL4-oxFMO4gR>sj6#j&
zX4TN?Y6sPg;YOlIBp}`1B`2rrmbenRx4lh*H-S&cD1UW*FgNJyR%?mbubX@fo=-Nv
zMLce7$twpf2E_F21a6#P=TOzdl)Vv4d&NY_ose*s2+=mxsk4cjGkG&}{Dg&_08inn
zugeB7B{jzDnQQqYP_B(xXRu1L*Iet_`UwO5>3(s_*^zg6_wtC3IHgL)UjPK_4;;x^
zB!-vpi^Ypqgh4l3mEhM%Jmx+Z2Om!%S>A#c5c7SHAl7%w>UT)(esG>juA-Z8dL4i_
zQ&&n+F`k#QY-T&%q5RIh--xVux#3*z8Bmtn0{pz$cW9Wn`iyuAA8f+li$JXW%p#ia
z0eo@{^WyRgv5~zykFsoB%VT?S$cl<+Gigmw?x4Wd`Bk{qCwh7B`PIJBV$Ye@co-&Y
z5cTnkjm@jGpV`{QChqQhfBzmk&VVvmSc2PZ^~Zk5id8^&wfxTS``ZlvB-hi`OG7>p
zHW+JePm&4B4<U8&A?sMLU>htT)WK$&36ta6aoT+IP2q3;eXI6emR1lM)5=K)_*ism
z*@zUFf{{!|X+WX>e6gtF;|kQ@z+$B*D{Kv5Fo7sudQ_$3!~n~C1LbdE6X)(&T77*(
z?Ci_5rS=n^BHkk5yAnJq8nREjcU6adS1u{;J-B}Fqwq^cx!@D%X`&nAhojW--cs++
zM7IA_K0Mn)vs@eM_K$5<HZ?K7I{)jYZQ^)={<=Nie5-0oPm<pLsN8&fT$`Spv~XC*
z&rfC|jglz6JQrJYwE4PFRUODr?FHxOR^=k1#MSeZ-tI%BAah}mA?q_6FYcB~CYsv}
zu=v?otMq<=T4CLzYBWe!F#kI-A2l)Q>Uwj>waq7zsJ2A99mq)4QD%s5FYF3Foc(SY
zB4%Ua*&c?Eo`NzS7Cfe>B;P-K<%}E~y9!rVD@<{ghJbPf=qZ2sIw*Q?6Kyy3Z=2BX
zpIt>qX*xp%^M@p*q>=&s<Yd=*{12J$;(euY2dDl%(1+|aVsV|Nrf#Mv=iO<0VQpb{
zZTjfVQ2iod9<oT@7C3#1k)lnQaI^zE5lbK4MKbaD-?2oWD5<ER(WL)?Kxi?8wLTeF
z4hagCj>u*b32GiLe-KP&K4|>(X)+NnJSiE2&xt}ngBd(4Zo`*rk_JmVh^JZ%-Mi(!
z<$gANvsrj>k#7zqs7lcR?9(nC*l%~7;;VlD`O|}YAtNOPA<nvY>wyxH;4p3P=+<;a
z5BF06@o(<XRl^soXcjv0z9vte{3~naH}#@gc$q1RmvVe+!o;r8KQ#mdJ_-N-wnP5E
z-I5@d>JJ0gYf^R@%CQ+h3|~e+@8HsLbDz^sN%#h97dJUGvg40WN!?YA*rG(O!leK0
zrC%VbM5Nj4j6&bWXe?g}ohGv%N<4_U`muvC*Kz`LNZw_HVMo32tx=wF;^q|z1Z=2X
IsbwGaKdxPc>Hq)$

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/morphisec-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/morphisec-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..a0a63ce9d6f6c863d4ff7309134efb601f7be3ee
GIT binary patch
literal 4846
zcmZXYbyQSQx4<t$H^>M`49zgoh=fQ;NI2rq-J*cx&^?6G4Kk#(pdcVIC=C+QC=JSh
zbax|fT<crkdh5ME_SyH|v+q5z_x|m>P832@m6D8!3;+O1bv0#eoOb;uBt*Ej8+-Hw
zr$}AZjNAc$p68$7scUoZ;T{rus6SO9ULvKYWnqn7^&J6#TXE{jk92*qw{rp!%&R#)
zt&RM@j~CM$77>YNO4e=+u_-KPOiN>;@O=U#UHlPJg0<mG#>o&i<H^GeriYV5b9FY-
z8N3;q0OpImu(hICI;?nbx>`N964oJ{_<%-Q#fx1631-)1IRZ(jHTnmapNtAcGK3VQ
z&jr2k8j)-C%bnlxem8%3Dce}im%HlA$ITCBbs+~&ym1I>?>Y?JuTtUwc?Eq;4KQcN
zUa^92#hkOk-SXArIW3b5NzhB-toU?<Co{fPoi1UX9%0@IVX#u5LNa7X=wCZiCH<SX
zJ13kjvDr(L#_7yyFW2q7e!;n_^Vjnnji0DK3DSZMas^^}E*`Fl7d>&|G>O+|EQYGy
zh}x*z!3pn<L)n-CNeOoT_q%=MWF|D=Ndku)j+qxw0ynzE>jvQ^h-`{hMb>2i_$&at
zwVYBE+h;0F0&{Dx{Y@YO({hrT_@=AiRV&FiBZF-oz3n7@mLc43E<<f9Bh3H)cs8_y
zNM%qW<j0zg!>n;+8A^A;jD(_zY=ojT_E_O7k)<x`^xj@gi(#fBmbVg>)da$xa>$Hl
zsZ}Wx`rplQ0x5KLbr(lgkW)hB-FG3bDF)&D@j2x5C1DzqpfU%5#b;NF1|3)C%h|Nc
zYdHV3s<1g<F_XjD;I2Sgov4sR^f&!BY+yodpm0QViA%`!p*;bMELOgmV&@+8Oa_d7
ziPB{)6`<tvd{CMSoRw{g-ZvoX31z;anLCU4Y^`z1kk4o60%|_aM@KWA@}>680DAjD
zrO~G;V$Mi#Nd7$%Q(x+>9)mWER?@#zs4t#*5+z|@_{qmEz=*qSKD*HUdk|n3Lc9qf
z_CF48KOaQg)QXjC_n5W0j$Aw}3W8FX&7Z%_N3GH}90^^eU(hrhaDWQ`V0i=D1n~Ey
zEq62tuLt2HSw4sl!tKv0AKs3l-x}nc3vy@Lc-LM3D;(^K2PPa3Ys~j^^)8M5Bl7YR
z|B69~bL58OD)<UCw;HrpPSmTdRF_8N?!tt2IeS#r0?4}`^508nuEWR7$38=)uz=o#
zl_Xv4L5k#>pt|%VSj|b;Kn}Aq_Q3P3(Iv!N2cXE4+{o`E)-~Z9nGQl+y~pnQOgIv)
z`U057#Z!dR0U0Az8rk}MAO%ih!ETZ+R`re4?y|ca*ap0tJmxC_d`o`x)1cCNQOkNn
zp5zb^!i>5Ziq87eL~Xf3NtL&lZvKrY4n4fJNet*cKszNU)Lpw2&Tu!|<BPSNGK#f8
zX^($qp=GBdrfY&jZ#JN4*;S$j0f1M8h#n3h9H)m2bldOUn?#8uP`cd<j?0h)Y1Mh&
z|MyMmRTe=0kkIgQSLE_S2k^-AcswE<O!&eCrmX>q+tAZobyVy=WmClo)HdjnZ$;Cr
z&Gbg(>O^$lSQEdAKCfQs_$dS~ho6>2s1gk9oP?o$W&bYXk^WJHA?!EXFF<*^8Q6SK
z@J~XoEv|v<g{N~t>m-TEgnrF<M{hwzTXSKlIgN!5k2I_x+GK}`Jg`G*DcAR#340b_
zqrb$^p#%My@^*-|8%pb&>2E13knG&20lZ%_VHx)XD07Fv$v(%A5pdpySDFN$;;na1
z-?t5m<%vHSktQmwzvj{9kx9C6a@X~D(5NPbb@6@<x-@_;T#r^3=m(3d(cqo$?W7T(
zO&g)!g{~B1O>Hfyf@WpV{w~1Q@<*&(OUQJK*4+8B2^L?x^r^#0H%n=~i;~8Am>R!7
zNnUFUHH147MVqIg(zl~gv_&=OvsdFSayn#mHf*7Y4WlKH`-*pSzKK3xmH`+?vc%dP
zCzR^0Aw`+q>=lcfTn-1Mj6`<@S?%=_I4d@^w7V|@(6ZM;D?^kVmaXw^szPV;?u#dt
z{=kLr$X5!Hb7{3{H(_mWdDK|MF0n40CBfR0TbXHJZ>}VN%%MnLE9wZUD4TYPB&&h?
zi+Zm-Baw1u7daBW!Y@Rh59<Jgh)jyo`V|Gw8(Fp4LqNMfrqJ1-Ry|VOI*L;3wRx)$
zT=VRXbE_NuU-IC`*bT}vVT-U}S1{&gQ~Wd4uF`}~FdN;he*a`W@h9+uRpws54YudD
zcs-2HvIn}RFAeoI990jbPTSH7`dUrS5(#b^j*m&Y{<8hUGaraoIvVv~TK}J0?p#!q
z{52YZ(`2+sJ|Nz|S8j?peOEdBKY0KDFZ99T$~b!sPBz*oXx<NeF3x=d-AEFZHf~i~
zk?&F4H;)M{wtEA8@sBP{zrV31lFL=Xc2u@LXzX~TgSKB+>~2AhTu@d!$$+fyvNv1Z
zQ_w<h`Vp<)9L*;S_DAHpzYjVXzeE3K;93Q}j_zV8j+>gA%&g+<o_H+=%fn>0$5EoP
zkX^OwYWepf62H8|m5#{XU)j+Zb*rdzMzsF*L%{OWW`?08tEk5WyVxn-)qntQpDMA}
zQTq<GFj0oYAC5R=a=6+sv?mz|LY)s(KhCSJq<|Yt%;6>v7M+Gbi??2v=*v^@wVAHw
zTdG?>YaN++(i@Ph?Z<Af`;oZW7TU16%F`@TonM!pxX+#AI>hPhQl?h%_s&jJ1G#%^
zAW?tL?OfaTb1}RMJZu>jv>*%(NMHRXrY>!yYR3w0Q}6G3449WQB#UM6;1$gcx4ArH
zNuZU)TlXXy>9%&Ayg-TH=W`&{0pSs}jD_9=Fk$UbHh=`*E%Jp5&Bd<`1ONeFezv2M
zolJkk$)E7o>CqG@=%NPUlk7=HJh$8^_3OrWq--ymqvR-f1>9~Yn!h7|aN6#ZnRxUq
zP)NLP#h2Ukd7|<+GX=k9+FC2sra?91MIm;eNOs>H!CVhekVlge+<eYsqyl&1iBpTP
z@MYpNQsqr!Eg+Ua^vWaAhkTg~eSG;W?Vl0Sq2$yfse4A+np*9<(HtMv7@rGYky1{8
zZ<lk$@203nrvK7nMkZ;Wh))>=1634lqgeb{8Ydz<1Pfu6c-sh8nu%ltct%bOdqQqq
zUCTW~@i><Pcmo3cK&ln!k!&t@Xyr+f*hiK^Ms@CL^BEWWm>VYi<V&OhfdKbmq373^
zuDIzxxYhCcZaL&XA*e+FN9wbD^Z6wwwN?0Bwx=|r9W6N9W5pISDf@IHW>AHE!);1+
z#DzI@Qt%3E6Xn}eaH+m&Tt4J_Y42eqa(kt}@4_i8PeE{sS5{~r{d>EG{c;Dx|M#)}
zFv^K<DxS$Ut$68SLpI&n*qy&S8d6zJ&TJP>O0H9?9TS*a`U2RhK!W46h+aP<TbQwV
ziu`-+)3u*_eu_}{slc}ZUeZw4r8f694CT<rX|ga;X4Qln8lDw|VsLF)S~eeyDTitB
zEs^fzju}!O*NeMO)yu#`O_@6iDPDeO=!6*9=*Ut@OorJSiSJy}0*N+9UjwBYZhFYK
zFyeK|yPlpNg~w>m5W$5RCznm-eo_7}iN(j`_s8<4e=yePo|n(OKFQt+>%Vi6fyt$l
z$nep|O@D)*Iw@@U`*`7w0ww%(8IR^$nsa)==!^U*)9`Fl*|JTwPWR9CDn*xHvgxD@
zFaK0sRuH{1fmT=I`nyZ~mX<d1amGy_#0$R8%s#NPcjj4KUfQtD?YdWY@UGBI2QuYe
zK<!C+A3)uMUef>CwbS93PD<FVY)i6<8(A9zP@m#|O8wYl0kFLxt0T7l8IJhC&yxV;
zvc~E5##(p#il33p!pY_?D|fS}VB})PPCwW7nB-X7a<(Cs3Gd5k(jro`?Z+IMLW7iv
z`3>p*LvsxEMEww9PaXK<Mu_$Bx?e?>_#7P=F~_^?-F}Tk9*gY*d0)MRA@de^3Q`RV
zSf45uV|CUi3z?F<zQ2AlR#7IYJor>uB-^vBRST)<Sk6X0eow{!Tie6aBW0L4>qbk$
z(avKd@*BSXH2%j|ryaP#BLWG8RtYZri5EOC6H`8_8l~Nd@6S)+^t9q>^y>Xa2dfm|
z;gpeMOk+*$l#9OTQ*xDts+lo4(SLZwPd}z(;Y$L+BoGjWRvcWjoY0Qx$+7N>PTn6&
zjH&IiR*C6~zI8|?E;0Fi>o#m;JE<b(PtjO?vKe_8M$O2KdM;PBJM*Mo6KT2Jj^fB9
zNt$7&{pXw$j5&or$I&d25^atIx$0~Xqn0uT%(KF}_PH6}^m@uXaGB#MyGo@vZoF!P
zy`*J<6i^i5BIApX&@O_yDkRIPCB?rh*+w!reifz`WW9MbQMV}`^Hp&3J45e};6K3~
z@qt|{oD_}2$z6U2uZyX4oS#_93G`4G&YzbEXw*V>O{*$v<E&1N7MY6cPfvwnbGdBC
zL2n7UgsWeoclu3^9Ma?6-mXYY*W)7KvnaAf=0~|sVR>KdSNx8yQTGmd31h-=b55br
z?#+{=+>+5Utw{u(SCa)**%KG(7inK~McYWdlZ3lJ6e4iRQgV6F>x0oP@?J9J!uer;
zJx<-jGy8GyE_>exjRmA;-(12nLj*&GQg4lB=Vk^Kb45@Z4ijT~kkC#!kdBpH-$xBm
zM>d`wbMr5*Yl$lZoD(U+ZI%O%aVcjUCT&@FPK?8Y(np;X@|sp}l5MDk;plz^EUxrb
zDaV3eL!P2?p-$m-1;c0n)`(*24Hl`H*DSc?g$uW;tHr%!S=EM(ckHy5MGGg!qif;s
z-gr!@K5s6WG6j3B84f%F*u5~AYa;XE+HyId^tVOzVob`S@A>vp%<5&;p$R#iPUWns
z;#FuzfSrefc1c?J&mVT8+3eT#kB&~sZ1Nw!fBeYGd}?hB2fCi^lySkjN97iCF4ZSR
z+n~g8$yQC=1`*jv47H4_^74#j3Z&}2y_GeTO~Wff(e0SJbvL;VCVS#KfO!^+H5*dL
zZ3{Yd)w-<hRj%AvG@-5<#R_@pT$~!xTFA0?g_n-fO`B^%8T`#K(|9xhF8AcO3v>7@
zN9(S`xWzMCm>~UT=&r$}zA}#%L#Nle)ZDmRCcM+$(?NGq2x5o}xc232?lL|2!m8Us
zwo?#ozT153erw=yYWY@iVdb7MYvAkhU@?gy|B|MdiE8~KCzY6(=G{XE|9OjA*5TB2
zmy2{8(K>t4m32BJYH=K~c_UV#+1pMzBWs_rp3gch$2$L<<Xig7!C#+0FJYzWSfh`*
zZJfgd!8}v5OkjJ1^EM7&xOL-}nW~p2l$C0dX{@enYG#6$FdLCe7x>(|;k>Ozgt125
z#Co>idNJ@}lIym;heN8t+k$xsk_yeIj$<2Rd>?Q1nFxfc(rhB7p@?}z*gfb40)d7u
z#huU^#<RWY*(T5BZ{Jz5iCdGl>Z}S(RW9T|wxeAQAu7z}uAQjY{Kv4F2~r$6n9S(y
z4LvX&^8wk?R!Y8lFq~&f261(0sU9AqqUO-};H#Ci5ceT}hJ^=itVx8@oE?q{$!01`
z1pi{(*A~|IVPFZgu_5)eBe)tqV3j_gG+DNAW(meoWs1+71ef&B3uY|GQry|iA7*-X
zba59U6lW0DLW)Ld(y2|eZ+iEh+dG(5Luknj%^Dd5>G{7Ge{*a9bJAWVEe;uE6E+=E
z$CV`>(9p{%InK-Y7rzdo%G=RT{hDi?_G|j3qYj8_1|aF~w}e)?Ga_P_;!*bg=6jmT
zXWO}0u3H7^cSRWl8*=VDvUTBbz7XHk6&>2qWO+{Vg`G3Q%J>)#_cwXJrCF>0zI%_D
zOTkrN-J^26?zUaEp_Rx+dWFtLa<fj0t;!aLvIDmUh(s`Q%5qG&VZlLUBg!OwqK3tc
z^_LW~Jn5+3)y~r)6&>?@=NZ_x<=5g?Tyfd$H-poBd;=Ea13x|xl)IEZIt+PftD{!Z
z5%7=as)F!#{(fC_LgCX2yFjP&(<a?X{X~3Z+*1MO@jJ28cI#CgZoa8=zmq3141>hE
zUB9ww@<%_Y8{r%fG)wbPM=sR>ccP>ID?joqAm(LX#KjvXD}nO6Y2$ZxSZdjJ!QFd(
zdnd0v9mLsu=m}>Jzn{WiD^ibr(jngU{<H@RwJpewjM4{R{1`Pjd)D1OX`0XrwfWOj
zcPy#(QJATG<zWSk%#8Ha_kPnMQrvtyH}~5UvslwuDw`|l%oC_{VHR*`tAV2UP6_vb
zJO&6o8<qRMumcXrL98gIu>7yTq7EWahGF5qsdb9h)!6tZMeY2#q-S1Wy#E@V%OeE2
W+v<gFl5l5LfVzsN@+U>h(EkC!^gcHL

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/nextron-thor-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/nextron-thor-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..e0b5860da67b1a1ae56e51014bb89455f713ece1
GIT binary patch
literal 1390
zcmeAS@N?(olHy`uVBq!ia0vp^1t8491|*L?_~H$uI14-?iy0WiR6&^0Gf3qFP>{XE
z)7O>#2`9gxwB{or=|v0-th}Bsjv*Cu-rhZ%tz0T|{G<Qu+5@q{YnI+Ve5G0E))}o1
zC-vPCB5OWAS=bZT<ntzSR`pBy312i+a`TtIeQ<Ve97{B3Q)}v31&!(qw+nJpEIYb0
zHoacAd)woMXJ(j8ZeNypEC0tHzuA?4a_`Mtu9L!UbN;hK67RgP3@=jjLiTIi+glv=
zc!Al`{JoK%e>tsYees9G`alJjXdh#1vctny>l)pCeSE$o$&|RL2pxR)F7Ncy3Kp*8
z4TlUD6!2)sFw>Z+Td)3XM_sjksQKHQ^Xm>=-CNDj@JW07t7q|lf66KK%a>JaENp9Q
z6X-sgaJ$U^TluYBavv^suYYv%L&VuF`|r&-cDh@hnL#eDo_DJBR>Af4zdX0MUkuO@
zYtEci`<dA-mfzyXkM|c|*59d-KVSdbHTrgd2y54(mUG22>|Ki#q<Y)VZO@gSwQOO~
z$^{`>td~PW*GBqX-m<GS_B!vk`x*BaFJ8=heDC({?I%y3yin<W{IYH=|BVxWx7#~h
z(cHFm&AQh!X3yrHn=Zk2>19a<!-EgY4<0*yeB#-(L<zQ>+imM!M?^$4BuX4CT9$cj
z?d<c<85g|VH~FN>vSrI&J^Q)**@m}F?ec40{Vn%C&y<uP@csTT0f*}SA7s9Xf4e^?
zEWaf+lA+=0)6_L<*Cv*giM1tyocK_BuG8h0C6~>uXZj?irn0VHz53vmjT;T$ym`a2
z{x5%@|7DXUmtQVRei!ndiD|{19i8cQe?K0%ZRorCr67ll+n4)0YV7K@maqT3U^ye>
zgZbI|b1I}~`Yd~BdSUr0t!2xXC*C#-S}DTS>J;y0^R<EbxBo*|J+}4ydhwPY%}Qh4
zb;Q8l4GBGZ>=@gon>sqD4?TLMG;P{617l-h9r3cYx9;4@$^PHz!qn-qX!F7Hn=9F6
zYJRcY`^U(q7n@ftdwNrVhRCaB=|++})^&R=z4VF0XKBzuL34Y1e&5Riy>1UJ{0_gK
zT`w-RE&u+vZ)GpOeEnL=&@QiVyfEvTWnZ(8+U1fxbFKacuXvuA^1S%ZzjyAr>mTjP
z`;Zp)xp~UzrwOx`WtQ?kO<aEJRce&&k@mN@w{P8gwdC%G-07#E&N3_y_Fva{_<n6G
z`>HngQ{K6{>ocWFV)>o4x|(A2!pqgeb;K6FwtDoj;)U^?|LNCDn=h<;%~rnh?}GIE
zt$j7cyWgg+?mw`&eD={t|IbhQSRpelRdM?1R=15h+B4qCOZL8tTl(r|?2D=KUKQ_t
zumAY`^?R9Y+uPd~uF~?k+_Ff+l(GA$643Cof)Tdo=Rebbp1*#6iS2_8e^U=vDqC-F
z{9FHeS+%%6V`zNZ?seTUdg6P+LQQvMZp{51aoxDS`mflz>t7o#20dPXTB%>|LDa*|
z$@!b*=ilGe`d^Or85LX>T>q5rrZmw*|Cpm}mSjPB`F8Qg3-~^YXu*q#Qgg$jyUWid
w$y`~;c>eRP-~BQ#VjgLRSg?seikpATIa7Lf_SPD&0G5>up00i_>zopr02b_!-2eap

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/paloalto-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/paloalto-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..fbd16e8c9c665a3316ee8b171c0849f074f2ff25
GIT binary patch
literal 1900
zcmcJQYd8~%AICShVIrACZgnuXu$B#TjmR~3)`dl^!;stNHn+cuEQN}4$>o1gJjlv@
zjL=_foN|VQno!R+m+i2*|Ml*?I4{q6@%??D=kxnL&+py$o8#{0a70o`5&!@kalB~f
zdFZi+iV_z)ob!GMKTYD+Mf4#&uK80yM^BBlLkNm<biDxjCLtp$jNkzCqz?($(ay#@
zp_EfHcIl)8<Xtbs+5Q^NIq$}c)@;ZN*%~HQwALr`c5)@(tV3?aHHQ8mx!)psm8u5#
zTm>n#mDYw;9rJv6W>EJDDOjT3e&uV|NA$^=hU;7Tll=VgPhI3F>=KGMSAsU52zztc
z-ENKM<7X`)E$?--G7^fM@9AJCX$!|J*LFea@$zK9>x)U_;Vmyp<g@PSh#wy5)~I{C
z*whtgy2C^(gCx%nLjJ*p-B_U8^DlxCQD561BWra{LHmQd@L0x6?d8Q4P~hMM?eG4r
z_0s<gIU}U8l>YTQhOeR~wCGcT2ER6o*ogUH9nWGlC);Pr!687cKyozp)Kk&9gCtm{
z7MVIF)J#;XTlx>VBvoRdW`=X;w6%%o1h~)Q9kj1wTEL#ZEiwhn*`mIT4bdP|C%9YN
zOp*w6=^}R*aXz0n({7L@CS`16&i(M*MB7d2CWM1cH)!~%g8CJ8BF|~F{9|?q;C0e`
za3eoyMLo+4KOSgZN=bp8)Ko7O*({ne{h_coa_P*Bn{;ggj*;H03IwqrMtl97IGNv+
zoB7>s*PusSx|<Qeif$pc<qDC4uBLIF2qlG0inc%uSN=g%>X-FRFRi<G>}3V*CvM^>
zpMP_V2PYuG%9DZ)^ujVX>|m!~r=mv~ay;XM8f1;J+RbQ)PG=j!WT$(^T8424C(PFi
z@cg2iZJmQ$q(TD4;~Q?4=u&d~0!Ez5fpUbBr;|fxTKJ`W;OnQw3vkKYlu(nwzGLb|
zD7eflDaxduy}Bf{miV~ri^`kXDdNSi(hO5@Sv0*o2{=WZ2*9r@V(ptuR7b{9kNh$&
zIh*^@gb9cYfz+6BICYb<xl^i4X6Abnimn<?@isDPw-(6e$5p2gSzfqUeL4R-MAIOp
z$;*cAu;u|CJuAZBYE&QL&Csqv4rhm?*Rhyx&O<Kj4apC2l-tpT0M;UjT%P{MN}Dbi
zMkMgko9suqx>)+G4AmpQ`qMy8GpgU=Dl#l|SUu}BseVWvDRXH|gOcNE7^FDFbRW>t
z`=wT@)5eH+6eFgF8*PY$)c{F~_w%HFA06FxNF@xJ>Mp?d9I(qSJo>jAPv*h7)Sbl6
zAqsYn^{XBGHA_Amm!U#Qyo+dC-Ed3U9pBPlP}x3G2bAy~-P5dSS-JOY!KEQG`q3o8
zU+dYcDxp%J;d#NN-gSvu+?M-5=XtnxI$i<)at84VH$<0`bI?1<LF`O(+IH9J?eE1_
zjTH&n{n%vIF+gAE^!Ib9PwfwXKPO6o1*1|mL{mz{m{z<lLhXM88%i#RzAcl$+lRaz
z>VS=F`Z7MDXc+qg4zyuxlh}DMpv+N~=U6-s;3gDfuhcw26R^y0jc)O|h;F>=OmCWG
z3O|3@$+VTgm7g&x2(lQd-=BPIDemi1$nZn3|A&J_;6zNeT}^wv+on2l5)DFhS&YZN
zysMTPO9_-7TNzoJzwC%!`LxkMY}W(-T7kZiS)W-^j4#PE@0~!O<BRZ@fzsM>>^zMv
z{a`+(?9|XsLs)s07Fk){L9?Peu2s2GMxhY!)NPxICl!W*2=rnb!9?x);$wsLhH9J+
zR+Jk|Mzhjp!{3gPUv6QLTU|#>i|4E(@$oKa&poRFTSg4u@@S&&Lq&=JJ`7wzaJDPF
zT*~3|wTG6dvm0f+kX)y9I2kS6N{(wPgWo!U_{DoOG2anzevy#tJh8BN`ODeLQ)UrJ
zRKH`YrR5FMpHGZe;q{4)gzArxrbuVic%%fAtbZlo`c^3C^RRm}jEn}S;zdg}1X@oQ
z*L&NP6I+`CDvETPnn&*|Y6aduE%zc#TG7z8z>hXFpue8m^~z&`2nyd!q_m2ItPenS
z3XhFZBY@DBvM3X2M#d}9C@IQ9WIv!<5Yc63%UJN9hbc-yXOWg328l|8o5noFj{Q}5
z)4j13rEy0ulK&m&f~1T|K)^h4Ds{KpN#XMQ^|VT*3yn4pWOV#PXmhy}#&hQ$X7M?9
z`N_-J*x4)eEG76aT^(a!|C+kLrur__+A4tEQx%iCoBM-D*m(a(Wu))F8~2CJkzH=p
yI-9bybe2^qLUphIBkWqd<|B+dQtxNi90=ic(ne~B>!F8D32?mNX4iNgllgyyQh{**

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/symantec-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/symantec-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..856c312fcda74b4f7cc6cadbaba91ef3315fd69d
GIT binary patch
literal 2629
zcmcgu`9IX_7atk>zPpx@(pa*kX<TIA*JMnlvSkSkL(%A>XpoC>jf8A5X@;1wOUPE_
z4lxSJeyw3Lb{a0epML%R0r&Mf=Q-y*&v~8KdCvPhujeE?J6Q|x%J70fAOTw&3l~6!
z{bFuTVEy>djy)iF!fdXGgFuq!eleS^i_!+L$rWMiXvwv}BP1erarAZIAmFxOYhmj8
zpkS@=YOokhJ}LH1CIL-bdI=Z8zO%7x_W4?`H8K{gwwnkxa3Pg<1?&@-<M@QAQI3^=
zMNlhq2${?%8}O?VePj)v<tjT?&&iNyRz+24tsClUR^JabeC4tM-7q=7kzj8=_u#;L
zy$fyNW?)Mb_@sRO#`?ggfgg?AMPoJoH&saDr!X~``y60dbMA$L<}dP@ual`|NyVJ+
zR&~d)xgB4?IJy)`-XXzxK;)F3HTQy?A|X7%<UcdUTpsIf=?*4N+`P`g9MgH6qv`Qp
zp+_rtWTi+(?bzwlNj{ONs2+2m+I;y8F7%nQ=0<5%`(J~N*;m`=wVxHHT{+mfA}=dy
zBem|c=;cO;-Ut}%iOk490cTrrQRoewTiqVjW9{sWJr7WvtS-hoDoRF3!KkZ*ygqx7
zb^hCS!?a^iSKX&(@E3K{y{}psBe94_!LyRrBr$9!$6~cBDijUR;n+p%w=7!7tM$oF
zjAiHAgnm?X;=BIh+mD-Azo{SXCKacKBT2EpM@slAJjCxCMF|>U)t-;scP}iUG`+<2
z4l8Nv8po3uT&8th^)t;=9B8z1^c98v)BE0{FoX1513mYAn(4R|!47&iI505$jwZ-C
z-X!lF>xG*VeSFUJh%dBbyuQWfV7r~S<fPC(@UWJ{kL~w`ik^(n*r5J!VYA{O86{iX
z#9C#IDjkaC`!uZ|!kZ62jQm_I=XLSuM=Srp@i83aUDYB2Ys44D#>!@gwy~qpT<Z5l
z?JI(0IJvko?4XYRJ3Bkx%hbkl>YP~5+t~sqWxwmwPxW1QPg_ZSCydakx9@DmkS~KC
zP^*OU$ZVh`h~DNry8x@U7Cg42hZt|0_I&l!RwV`Z;svCvJOyft8=iDW_`ZPA{6rr!
zF<tYU8WrY9!?4BU=PRv>^u>F`iV8k+b92J05r{;3H^Ghs0y&k69T^{TU}0_PlksTQ
z7SqGxXuypP)LiKcKnI-q&d-y#g?%7s<4|ec<!dfTA@`>Cs9RJG2ufxG1ey(#-bC?x
zruPg#pPjw+MqV(9_@=RB;8EOKNou%%9m>omSKIa}!A5CtDa^aE&tHG(UK60248iL4
z<fP@KP1JI`jt86o;~QhwZ1g_AkdSYr;#y6oX|^#WwWi*Rm282N7mA4VjSW!dR(!Dd
zw@9|8Xfg;iE+<%^UcbGtp$%wou=uF&ujpC?DFtpYDmS{-bEpYTY!*H!8c7X#INkRq
z9b%Z0gEJL26JBO=DuRKe>+0%2Tdnk&ku3V?_*IwNMrrDO&f**i!Ve4~a<Xy>l??U5
znRV+-rJ7C7zrEuAF#9J$f6PxAl73d0`*bF)*!F2LLw_$4I|t-oFP3caEit8Meh?;5
zUT%g&Ld$<n=8-!Yo8B*lr`f6xe!DdtSXy3A$jb+i7vTmIzTOAWH+iaLaYh7-kR4Ua
za;S}IuB>X;9TKgC8f#8jN`3V5t|G<03((J|`IUX|mU{gGQ(7o5Kg`&4PMUI(#~P#+
z8n@rp8*5RhK0+W6^}aJk+4NhDLrf+n&#6?E^lWc$&js+jQt-Q}Dk;LxFG2qYR)1qD
z|Cvkg79Njxwo`45Vd+fhUb=*=!AIyjUd-jMFyDX7PS(NiCke^>tl;&b%20<OypAeq
zXM<=?zV~GXcK_Sja05E$HB<g@ujaCqK?QM`{=_ZwoUPAAOUI#a@|1El9C0v@h1cc>
zVH#zD_W8M+dvSvm1KPT^Ofmr_2q)l7K^=j_eQ9Fv`hI@zBw{(J-*Ud@^Pycpa;^H=
zOxkIgw7IOa)+iwrfqAB3^tYeW?$2G%@y$n{v$D3{UaLa^or{8<Q96+euJ8QQA#3#-
zAJWl>q5*-k5mW2@dyXC%yCVI?q)r>}Nn}QEw7Yrz`^Xre2oLMx7TM;?vv*lKIHEA{
z-e8XGieQ>6uj5m2Lu+f^s+(V!H|TSqIH*{K7k;>o=H%jpH+A*8j<Baj+cS?9)W|%N
zQ9RDlVs@ICO^d%>M#1P*DYRmr4x=?{RuCR_Q%SV*vZ8-$m81(z>E&mYJS84CW#tQS
zqk*V(s|z2y`J^<xnM{u%`;gFp)?7cG{CjQX;PI3kS}nM*(J6<-^TaH;SZnQJ#9hJj
z`$q1DK^d1FhpI;z-RpCAB_APxn2BRAL{141KOSR|RPw3>P5k}Bc7H#?ziE#Dtqi_d
zqE8z`3550b;(L7l?C~Mbmz0!HS~G0?rZS(Go0U-;*t0*v;k)$XZCEf>-rqhDz-JIf
z4gM{7Max)QqjQ9&RkvnwhRtL2^XRA>*3<GTDt-#13zSM0k<vrBakphEn0)6lhSDf^
zTI)O{eO`H1`~9r8XtKpIa%XuyLSKYGQ5c|P3vENgwASen+3Q!u@oDL2Gi>7gbb#)!
zNYO!RkuIsM&u#9;|2X=x8(-!&ok(5SEJi{4Mb$lw|C}souY36Bs~|#%Kk389;nA;a
zv}jB7XFK8m41uD?7!?K0nrQ4;`7T=B!Q4LNUwHq_LsLDv&@h}c!v>rn{4>TV;qdVD
z=mg)`3asJ71Fs-2ZE>8DK_3)Zt8Sj{@7{tH_@L}mz4vwsvm<BN+spcA&JuWs+4ME+
z*~uCD8y-bu5{i$s)LxYD;7DPO8uaPTz%^d8vBFTw?FF$NT9nYGrGV;t>*kcnmO#&c
zr<rCSbRVH_a8V`AxIGyR^D`M8uMwq2;ZF`>h}BYZdgf~T0cT+L^N)3t@wV#73m@t+
zkwj0uHqAdm1i2=zi7)16xh3Zr4~97Z<xA>LUCa-Szx}<U*EeLdc$TqVWe)-UjA@H0
z+ddQ#-EyEX&P%`#*-$qP2#!U4NwiBwg^dkZ@%N1JbpDaBr5|Ggi?Mmv_jB@q-)1$k
zE$_tj*5ZXYiNP!m6eTULn-|r{COHAUhICHuXWbx%$bve24&Rf-mCGQT{Wt!zLFE6Z
zpVB!x-hm8#5n%{sy!z3@1ji_vseI>tT!7%}s2#}?rWBo=nz5_CsND$f21Y=Tt)-Ji
IrI|PGf45WFVE_OC

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/threatconnect-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/threatconnect-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..f06fcc75896ea85084af68618bcbc31456b5f89f
GIT binary patch
literal 1986
zcmc&#hgZ{C8jX&Sk-C6{A}dN01*s7tQbeN?`T!zo#G#`@`LWahiGs)^OE8;>0YeQU
z1|}mzS)!q3=t3yNFj5RXumK5)2$2%X{@nc|=A3)qcg{WUymQ|7-TNNF+w;1joVFYU
z0#QV{Abr3JeC4;Y;MzUA;RcqYfXl6T2n1&Mm4{G12A@C?nt<}S3SBs=tRiy?f&aw|
zRDw`QXTOx9)#4!h@%vhjN`=$a$+tw4ABiavcjS)#G6@i7HL24o=s!uu$h$RtBIUM~
z7x=pQ((>2ik9qXWw?zQpT!U7VA)o7Oi@x->pzN80jk=26wn`iF&FRp}=$8J`sTe-V
zVnk%bHj1uo{p46<u|8ls(@Ya!Ik8C^Mr2RMh_ecJoUe2VgYcsR|3?X8ye4jWo{ztx
zm7(FZxeYX3pKVj>JJ5j2yEDA!Dlh%TP%s3<Ua@>m@Ej+Vc=3+tH(W9cy?c{1#|e&0
z3t1)0R4IfTXB=!#c`ZfFyo`^|DNYX59gmGzJ#RP00;N#FZlAuqk5<3;;U1?Q0&wy3
zpVnBZFc85F+-qr4^m5n($Y-t$Z(_@!wB3(CAkB&ltrGDBbL<Z@wSx`kk`7YxrsN|!
zSZn&`7PN~kzuqe!ru&_h{QY2|m$I;qfx%$-9=<*<OPS%%4APX%4$6ua43#o`s%9}K
z)>3r1b??IKNgIvj^HRrwa0*f{LxA}=Z?#O+<$YLx$msd*2hx{@)w`Jd;x`XR>y13a
zy)5H|D-I#<9v);D0|=l4h45I1fV&!FiEG%0&w*>fVPQ|AY~0N9zoB~@&mxpq(IJ|$
ztzzFQzxKVJtL4KdONZh`lNTTb1OF*kOZivJM=@J6x|#L?+WU=#f_^ihnn%R}oZ(1s
zv-~xzE{|0kU6}4T)Zeera9fdES7VwJT#FZAkmcXiO_;8w6g_BgWus+Jo*+>M!f)MK
zadf%x^s!jlKQzQg3_6xM>kLO8Tk?<io0k<$!Nj_BNG+%9lfClHCXGf5!r@B5vw}3?
zg#$G&G+?mQ?!Hi~fIRhXHG?=SngOLZtKQc_O{N#?bYf`?&!fJ9q<mhq{mS+)&Y!a@
z{LX^?TumyxTn0&4%yTuo{Tc>gGMR6y-Ha$@Q!(|8jdGWm@AY6gme$rCJ3Dq%SHu4A
zJ1oF)M8(7$wy?E*BW}!S4z7Lo;e&Q<05QO{8{E_tY)LFfn}Izm_B`D@*Y?M()NwfS
znM9I^9_xzJ866#UF;F#7J?ek+=9;~7Pn_{FIn8WmJ@RZH)dbQRYza{%9P#z_y)siz
zmPy)g=vw9Mv74;-k0kGJkA3%}ri)EsSX^A~X{jj}9Fz=?)j>4N=SIcG@-Zh$1YiOQ
zNIi6GIxP~e?QfY-Kgo)AA2~vwirH*w<s(9^v|t(<9f-`IW!poXC9=LaQ&<QFLt9*2
ztck7gIi;QJ!+c-){s9EMpHGz^zAM=D+&MCL5s~=u*l;AAcs`$-3#XFopG>niRsiW}
zp_}ySYV*1s<=(!i@=CS=1@)+e?euOiO*&=5o{FIi2|CW0S57}Z!q4M|<>iUGrz7F*
zA-XIjC^c1#*_(eND$sRb``yEH1YYIOMCy?<#=bp^3Am;@9yi$D6l;a)3}ys|34cGm
zJh}5|@Cy_otUf4mF=+4HO}?gO^9wNubkl<d?UIp5I2eMhR?_`~KOda8ACi|I&vs^`
zyWt*DJR?f)S0~z&Lak6>vTnbwYi`!@M_W9RQO7v#+#p8t{Fpa%dfMO~+PShhIXMA&
zSF8M9cpGP3_9{ZCxSAZ33$>zI(8N7kH0y}LNnVYF#95zYY(}IDes&XR%+Tv6u*Uew
zlu`oU#NBNF8NnP!sbx3~PE+L}!uPi0Qm(G%LH|0kWZC@HM3j|-gU4Cw;YQkOqgh^<
zrGrDRSc+~*rLx%<&|`~B!{tGFPyuK_&~{W;aGD*K^gAkTp!qx3?URy|Q58Nfea_6U
zAtb5A{>(0s$c&ACIx#T;2vb`IB`agJ;^M`vHU69=6Op-P%AN1dJ+9-Jjv$(E>GX!G
zj=(z*3<g8W(!KDHtOUE<`vuQmp;`ia-~$<6bm$&Z370m}U6JE3bG&x*vDRCO7<ee$
zA`xE3OQlh}*>^a0iOI7h>_3;3%{LS;V*sTct?g4rpC>d@7Y-3QTk1w7r5s)jcD+r{
z?^<x>c|ce(l2CN7y-c8)w!HBhPHlbWRs0_IOH8UeZm#oxFDCGifD-KZ-}T}|sHHEY
zaj;ADXLG{`P`T?ee<c{=rax@V?(W{}DYHN6AeO%oTIO2`?920W=|A?MnDgNO3qf7=
KL{?w^KJ&lE&B&Sn

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/vectra-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/vectra-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..a7b6dbc9a96b4f92ff7db64d9a821f90680be29a
GIT binary patch
literal 4844
zcmbVQ<y#a=yauIV>2Ap-4$`FvD4h~ZC`iXjN-T(^NGvTOT}w)rfGl;$MM|U=7FfC$
zkZ$gtKj412_ruIQlh4d=-k4{gul3XcB+Mi@I5+@J4HZLd>G@wGBEaSY%ct7dg4k2T
z+#3gnp7+0mt7*t{gl#1B(bQEXTqmZWA|_N5b?n5!p^nv5Q8xC^!Q_54Gv4YLRNTrj
z&#;jY7UbllqoeekEjF>Upaw*1)2dGLf&(VAQ7AsK9o@WA-R$O;3vmAV`HrpE%|f%x
zM6r80v^92s*PsaZtEwc-mX;3B-f3(^ZtFfQAz`FkmOE2(d~oY_<uEAos^cUV4evT6
z$|?nK;|Z@aU_ul87#EnNbYB_Jo-Utq;3+F5^WZ6a*2C%QI;!K>=o}d12Ht(p+ak9h
zEpM`6GOIF4=V^H)&k7mglMn#+2J|cDKJ&iyXCjX(%3iDv#ewnINM;^X8p-=50<{h>
z9s5xUi4*u_o<6vbSuMM9)EPv(|G(A2wNk#2R|a&g4*K?q6OzWduPD1Ymw;_BL0Mz`
z6#M<=!$0W1F1QY=n_eyoybMC$!QWMB+bczlb^C3}Y;`Q;zfXkcoM&ymY0g_vFPF;@
zd;AAVx);^YxL$qJ@fl6xUs4@rb$DmBBqX3jsdVO*-U|D!@fop7)o7NQxsgoIGQ)s(
zd2mx}_bpC`<9S%V?hS4@*J?+=_)_;%{3;ih<+I!n>yLj4Ih~_FM~C`>viFlTw`sKX
zei_HXT<UoZR#%EYJWmx(#^ht{UiFjDuS0^*whaxh$&Zg>?!&Agw&%Hbsa@>mu{<#u
zyfkVPp~|TTS5$bol@mQh;ryacKBS^9SXt8$pHG?ava1;J9<vDfodj>VcPVnL`aP2N
zZLWLRr;-Gau|v2oXropOJT!P>Bb}ZEY!?#|>F6+zt`~nm8b3?s{BUF;=EU;!vM=f;
z0!?f-JEP>V2p%CovsM{M(KXuJ?iNJ(iv|}@))W?&lT?(-yA6GXj_74anv2_}lI64+
zj{dA<2wEMy>p8@0lCyua4$1f3Vyk$m;+gM0VLCgHup+Ou4LK{*%MR@>4ztV1kfhIk
zRk}E#TxNR$<+vd2qWPU(o)u#tDXwr;8OM>dlWa2mdUV|HA8b(c(jg*p;$P*y8;P-u
z$hybqg=}d5Q}7Dp-%b5%b;OnIPki3ibb_M^8){_Zn^2&IWnY=p#+alsWrnP$Fb%c3
zP2-K<>A&e_-8I`1N83rzIJTsfWD{efv0rxCL{fxC?>@!&ZlEk-o}Ttxa{`IhQs%Eg
zB`ubRR90_r=|H@~z*OGMxePLyF}WE(3kTmFllgUW9?hOY!F>hqjMZ4WvFD#TMIC<o
z4*(Dai%VCkts%340{F&Kbego8V)k4`1jX>;AfI!inN;_FAQKg39pgx<#q+Vqn3w55
zomf4`{ZO6#_ZLR>_kHOm-IOV5{k@I#j3auVf<AFyIiTt)AzSUOz-U>?2nv0U)$I~3
zr+3(+CCO&l+!0(f-zZ=sJ|#Ko;5uW}X2OEU&T%bTv}Q4W$zZ}}eKOQx*(f2SJ8Dj*
z92ig-r<(@1fO#&2l0}~Bb~;%FJno`-P0bqzTgl_E1?lo4oo)UenVZGamvz)sf0Zgh
zCDDCq5i12o1GBVNzQ1CH`}Fi5U`P;m1BdM_w3*#a>%^9OAqvGp0g?@dd=k5*+moTy
z`51@sO#P(iI&p8~>B)nGQ%CtPF7Ix)MlW+i`Gz!1e(|XFm0Eiv6t3TbCW*u|hK6%g
zqjv^^1miKL=2o3-*|rz06;DVWWtG;SObw=5zSsdV1<-WSP;wTbUpGX)_*2AQPzo+D
zUoY0Pv3K1CJY&w*KUh)n731o0E8DJeB;_z=sK-p*heBU=(f;Pt8etWOeys=lEN!?(
zM@DLje@)NS^?zMHximHRGI$Om&(<)Q7QGie3-d+|-5F1T7C+$zP<7E#TC3;?N<`_j
zR|2PgdzO=U8<vT4Nsscn*=@L!=RU=4tt9rU9O_w;h??`=RZ>zZM3VraToO^w15FLe
z!OUtC2-wKr$8PG)CK=S5p{FRdsD+QS9hxg|q~JS!?0QqVe=Ep3!q6l{qVgiSJ3}-{
zAo$>OW@bqLzY8{#ZK~)Sx(L=6R*?gXs%YQOx+V}1oApKJt9S95pB{J7zox}&FyfOC
zl#VB-@J`Mma14j4W}2(Kxsk=Vc@bhk15QDG4UqjtgJVED7idcXI@@X&=m{FE#m8fO
z#u@%Soc*OqTT28prx0YbSl3QPr$T%F`WQnyor*iJ@DF)5FAaZf&W1%wCl{JK%dL8<
zX-fX#Dan825EYdE@s{>|R%E}mqk*He!M_x;m|O_U)dtGB`3D#AMQ5$rv~dRsM!+Fm
zzrNG9EY>aX){|Y2IkBp>IileeAHOe2ubrXA{+?j7k+IRlTJxa^p7K$^vo$QH@Kh$t
z-P^k(N{97QfYDfS=|LbR=QnDASSn#d-7_K#^N4u?U$u6dGpT_zTOV;<Kf=cfhb;+g
z^;iI_-+Q(pKpUPEf`tA;`QJF%ToOWORB8*<LD<~^Yrf-+!na9jZ}pT?oR?n?J1o@-
z7dQV{0w2cofXNay3rA=4q6IP{n9NTBP@hc$;|Ng6+j0+&)44pukikQ|FEzv%{imt*
zca4b_`&dyC|FFzxuTF?Xh}YyfW*OPP)~%?18kSGuoEm50`h6{YEyBXRW3?&vGoorr
z;JKuyWTR1;Phw~C=v4EJU235B`YZVPc>Z5)Tva@sWT?IftDWgIZhDjE<H4g}#ZH=-
zXULL}))oIJyy=2efu58DJ5iklDDR%p!oDwR+{CLtfD8R4*)S}9|Dzs{-~`ynI3kS~
ze@b%pTKJl^BK*tI{V8dDyZ7c($}XC^5NBF$yU8}akr=)gFZ@y|^g~vYw`LGX|3H~R
zkzA$ImDbT3S&bMCPQKz={db4KD}Ildc^=acCOnZ7#|5Ne{ZX17-M^6?P%KmAEO?kk
z>v^!NIzn(5y!EokC2$VhLS+MRnlFfou8aJ1mUY2`<?Hglmn-d;Kgyyh4io#G9Zjc|
zNh--(b7$sXccySll>jR~S0Ow6?P;gOfH7ve^m*(G`TK<_cfouEPxZI8V0|*`qjrI}
zL`(9g>{w50Jlv-$<=6Mj^u<M<&%Ky;#q?c3|L!VaJqEo@q&Db~lr0uc3@vI;*j`fd
zytoO|HD!@|xY{BcM)+LFbZC|Js=+%RQxZwx`|TA=`Ze2{vT1zY_KmWlRnbYNik%4D
z8tKq62NOe~nqML#ej@M0A9?U0toabjSC0XtBs;1ew-jBjk9`l=|Mv$=J2S#1OU=ba
zD4EBm-pn0NQd1%5=H@omE}ad?9*wL3hK802sDnWDZ>r6Nzqx}Ua5nRA^~2)W=aG1(
zXr@jyZ2Ppfx*7lvoOG978F=4O`kvEgg9e|fayn+n6;@OfJ~lR1W7*sCO>>fxm$-3G
z=XKJSkN}-(VMz&o(S(MlXWgX8uy_O3^j5QpiE8m&!QhoNj{Bt2O5NL8k6_)v_N_gp
zi$m1lp5ncjzQUawz3|9J$Wma+hDTR8kLDP~0$Y51e0$xgYUj;@w_Y|3Xq;+V=e9?$
zrLFy4-Zut;01{BJ>uetBG<bV$PnJ<gXUCg{Tyn6=``5X|F8i)XV&?ry_a4Yq|9xM7
z)T6DP`OJg8>w4p<IXnQcva+&B-ddie<?qiSE-vA}vyl#skM-WW*!-;9-tHsNs~)%9
z0TTMkL##WAG=AM31y@}6>w56u8M+C2_Kuj5nz{%1Va<PyUvUG$AEiLz+=4Q{KSxQ*
zNJ&WSebC{f0h|G3S;^@)Hl9T1akq4I<etW{T(mbyw$ufj37WJw=9HFJk};=_#AQl=
z-@k{!+CN)HM5M9{ZG2L^d?6-w$Mh|4Ec6mr1NH?7m6Vb3UO%GZ;^rP=&4ZSLowFi^
zhfm`Z)Igx!_j`<#9OG3v=1A8XLKi&cf_p6mLJHR9QHSCG4n=%8ImoLY6r@mTTHWU=
zZDjCH?|%Nrx`>5_x;i02_}92NG7+n`b%Wcy<+M;3Q2f&vYqRUT4t7l7nG4PKY^_yG
zAa=Qe*76KqtB~aFZRdT+vx<s8wILySR@bX+X!SPw!WdYch+;na;oL7S#Pj+1^Bdvb
zNI<Wvbdey5w7H|VGA_ed{-CS0op|QQ>r4;0F=pCn+|a^U$ID9`9diG%%yLqa$Dp{e
zkp^U>d96i_4%`)J0ku?A+}_oOtW`S<XGjOhQ|RaIC*Q9eEE=1do_IXmE8O4DcGVwu
zgoqwO`RmMtM>6DkujZ~E)$%uTb8#WYGW$dBR~cv-=$^5)Csb5a`8&zMfDP+I{9z(b
z3Mwhp))vuPW`>46$1Uj1uL4H?7=Fb<55?K(W6s!!h>sr;4RLb|Qn>EoKShW$b@+@y
zs+4#wht-y`vYN?6<mBgOqW~s(yp$mo^{73_L#1i$aU$Izb$${e1${{%ZNB-`qqG0|
zHjrM}0$Fst1bA`9Y(M^sPeCF4R>}oj?q@0Y;QSCA6B~oDY>F=5b}qA|#A78Vj0XTD
zr6vC${nx<d9tA&2e!RUonS-YE4fG$MN{su^jGJ>B@Bo1byC^LXoIb+C&)<j=ZytsE
z>HilNYxUo3DX9+!3v!SHq~=T8M__PG)O!fS0j#YpYheN3tlGrO%Zms=>Tp&uEz8>3
zC5hl4)}*5PI`V61rKRf%P*PGdCa4MmEm{5*!TA__V$nIO{Ec%AWO{;Z+F7hfnQ1m*
z&$}g3yt!ggQB{@0fXei!*xAQS33#u1+!DXwMb$Y>I&O|<?qzZQo-U%}Tn!`YJj0Yh
zq4B<aElo{F2QhSg{5(g<kxZOE0He}UGVkriXbZB=UE#!=;d06}znX9?E4Me&ch4+6
ze;i>@L_|uuR&;kGAn)}B|0ikNk9cx;cwL<+{rV<kuMdfV*xK4AdF&{iLj6N4Dg>FC
znTbi^A)i35(k#7yCNr-tb<*|X{<SVx4vz=M^pI*>*<afw{xpWdA@pA7`%LdXo`JR~
zd#y#2($Yq=K$Qq9__v=Yn_NtREo6I*rZLgc)-(Ha?N?ih-mr$`3A@2MEZhpf%s)vP
zY+6eWT2L4j6}6>i8gG{y37_rP(wz^upCBQK?y}Aep;`D7l*1~`D%{r=Pnnb3Tei0A
zoS9!QXL*82X8tDO9I|BDnS(^iIy(MbipfuvOls%VHaj0w{Cgh>7|B*dJ9S?B@Hrl|
z|HR&X{oim3WSaviuX>`mq93l<hkExDtHVD30Qc%Q>ItlxI<92H_ow{QbhOrc`##`d
zTGf@F2-1BNJUud!pjJenb!q75l^7$LPNsYWF%7?AU43Yy)0q6pA+kPvvP?gvMRwd_
znVd74D{(YK+1N*NZ)WqR>7Uc@p%f}AqMycG&kyE?pQ11EVLW1rGA(cQDcj_!a&vR1
zW@pjoKMnmN&d(t@TwL5&vs-yZ9$mq=+i9j(e-q!?Sq8t@8qY6V-!?F5KOsj4Z9Z$i
zT{WDkdb4pJ{znp^YLJu5<X2v?E0)Mf6nMvCrEWlr?S%HOC^Zk=qS5zy*u5k=Il+TQ
zi;H=V>9-7wjr$_c_72avJGft<X(X`3M>c#UjUs1X?@xbsEZa%}AT6mc49lsiLb+RY
z%_9*PR{nX1SUJM68;oDO2)TWHRXJPdFia1jqo<~&{X&36ak9K{JjZCZ`oPf&<3f`Z
z3}{<#wh;WiK)ZeK6{S8`nUj5zf>8D%9MZVGu$5C;Q(Dvf4ZGyiFHvxhY<y+w-P0Xc
zvzELbwr80NP6_&vv=<Jh^AoGKyYF3?E|$aHNqL6F)njA9E-r98U#?;CS4M^!dXNsO
z-|j6&R#y6MZvXiH_;I?2&TmDU37hP>Z2{lDeJgi7WW!a&HH6rI*Ev7`Cc)Il@;)o;
zn;N?FAWBF|N-C$OqQ|y=*;BR-g^6R5h~$)c{E$8Dwd&97Yr3n!{ygK$moKPqcaG07
zS~oq-bQKl5jdRg?ULA;oftVJx#oWLq6x?0WhXIrK8uY_uvy9NYFu0}qD3+SSJp@u$
z7QCn}wLRRhw-<(+AYvU_M9R3l{fI!eE%g6b9i;mR0@a}u9&BUu4p+h9X>V}>1l(Ag
zK5nqPm=?%|t4w+VV^D01?lMx~tjJYQyuMn$yGG9FN6Gfv&H01Xq4HtjOVEjlE3T^$
Z-VCibosS?l*q<sKO;tUWnwQp}{|7&TXiWeB

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/zimperium-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/zimperium-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..5f5451d743b6179fda2278e204fdec3ad10b1410
GIT binary patch
literal 1888
zcmcgt`8(SQ8vmw>vPfA)Lud&#I~GyI9VST3Adbpt9EpV14s~>0Ra=o!w$apGG(zdD
z3L0%6WiUcrA+d-n?kjGqT4!rEZ2AZ6uk$|7dpz$C@B2RQ^?BswiB^<{$O8bN=!S9j
zk?5GOd_hJcdlwIWkSMtr%+0?8fSUeS2D$mbK1!Ujac&+ivMX|6<v**HzWS{Q0A$YG
zoSkkYmF~<%xceq*a6b{~l{oyR!U{vP9f&#;A^-{M!j$8o#yFJ4MKt{;=IA?jbB^E_
zu5++a$+MnN-|Nj9{lCO(=(`_L4~XWp*jtaGl}R&ZpUf^l{U=2=#ALww=x(yK33e|<
z1!XNR-$#C24WzjV6ciN|({e4g?(71Z+De$&jSgv#B4Z9+OoaCh1hegw<Tb1)Z2{-N
zrVbBPxS&TON_VW|velJXtsE;QjFv3yiPRt9W^sPR!?JD47VD4D8wYkhB2VzCct~`d
z(pe10l-OJz%`+hJLhaQC8P|1f`P80EAG=Fr0^7ydN%&t8AO4cvKK=Q!L$J9?8H=P#
z(;c|AA5ne{Cl-q_7|aD**F4xjITE>chpY8^O_-%Dl0IoZJvVZ@>dHMHENp7N?S2>A
z_r{HM9`AdA(zVo4W`F;6^a3YG6lAPk<-w5gRuxQ6Y8<45gj`jSL3KAnl`^;Xf7)ia
z8-y9>_pcmx>1D@SX&D+Bb-y8Vp9{DB)(c>AFFl#bVo<#~f!o~sEpL4~mJEOJU;l6}
z{o(OF6PaLz_rEVom)$2kU$CXTe_yn_Ham5wx=?QQr;3#y+IQrr&uy^x?pcqFj$XY$
zHLGf9P_?(Ww~ASG98N0YOEdm0(=-FU+e*E%xVOsh8yHA8q+N7@hd-W*%;;LW(99X#
zbbj!Fv)8<vvPUkl%j{ZmM5ATp<>kF_xQvyR(Dv9oScs^X&PyO)itjkeg#H?PtZi8z
z@MwzFU(7ry+naq@74dnkmF%?b{;V1`vf?(psRF<CTBne0qq>@^w780mTvTV~=S#KD
zDYeeATfnklZD%YNtfb>mXOu6JRyhwc$d?0#M@Fc3W*S4zPQ@`cOkQ!vmw)ubL5mZw
z0;+3jI@v+3%criw@$rz+Dv#>wYDYXCLizC%%uUiaU*9UyeoLVfAJroTV1>R(EoCH^
z36;9jIBPYNq<H9o{oKLPk*=++=H})m58*+ditNqRLk|munKYWbewiTLIUs<smGp(|
z;h`94T(q^nw3d%-Y-&PXJU_07z(+M{S~3*5**ck$aV;yN0}=4IPbU~xMIcAEwPx+z
zr{sCr-ORbcqn#PS>}*}BO;`WW5IQVO|K#MvD=3IwP@pQIbUUb&Nw$x->d#O9Q(CIk
zK7@ki=D{jhEIEK^4)LphBgiq4ljM<-lFEU}MK#%mBT4W&3UYjmWqdYlC965HrhA<n
z(tW3(uyAQZ@FE1u<dk||i?r0NsjaOT|H(TbAgiTiQT(y(!8u2gWV5rf^r8p`G+lED
zec>(CHi6jt__BAjo>x>9`)xGfMIh)LH-^T_+NEwH8XD#m@SLeewZ`~}%IOT4o8dR#
zJWAS9fT3qw;=g@r98?1tK0XLH)gZpZ=N1;OA`C_>yd<H|J9*7<{i&YCrcP6?K0YeA
z`e6GyUo+Fkl+;Esy{;}y1EQ7QbY@*<zy1DMVL1`E6&IKvwX`JiwA)Ien&57cd9cHo
z^}IZlxWq)!a0N;k%S=m&b{+dXpWe;iNf1fSt=J+0*GFNoSO8^tnH1QTe94BX^b%X1
zVMudA7)WfO^MkNI|5}A`JLHXj<uv!#)WV~9L9$W6p7Mvp1QF*YIB4Fx+946NaJtb6
z_Ivla?a<P4wFK2W({>*Lfj|HtpfNJd^@aDTOETTcCuMys+`L9uS#te0X?>6hj1iD{
zBelt$gobzToa%*LL{p;p<Pf;1YC5*<NC0cwQE;{NlRm8pi<ohmg1ZJ%iA@+3-Ha}O
zo00~H>L*0>9S)Y+XQij7zeZ?N&bFI#wIVDTUGr%&Yyuun>+bH(A@lfrN$tba(=|qX
zJ|E@knz4|wr>qg>P&+Q4&HcG2OFdHz34PYl&K!%|Bn_k@D!-gSZ!rJXk<X4Y8Y%|=
zp5X_7HB_lSdD|cTJW}wRHD>GyS4X(p(Ly^5?_-$jf<VNm>9_$8hJz1-?7e&j{$oD%
z{{aUUXDVp)Us=(~NdHpmyh(we^QG5U6nOy(*L_0Ttvdtxp}wEkkeNnH&=GKR@pNW?
HN2LA_iX(Ay

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
index eadee9a3b6..0cced2f956 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
@@ -38,82 +38,71 @@ Microsoft Defender ATP seamlessly integrates with existing security solutions -
 
 Logo |Partner name   | Description 
 :---|:---|:---
-![Image of AttackIQ logo](images/attackiq-logo.png)| AttackIQ Platform | AttackIQ Platform validates MDATP is configured properly by launching continuous attacks safely on production assets
-![Image of Azure Sentinel logo](images/sentinel-logo.png)|AzureSentinel | Stream alerts from Microsoft Defender Advanced Threat Protection into Azure Sentinel 
-![Image of Cymulate logo](images/cymulate-logo.png) | Cymulate| Correlate Defender ATP findings with simulated attacks to validate accurate detection and effective response actions
-![Image of Elastic security logo](images/elastic-security-logo.png) | Elastic Security | Elastic Security is a free and open solution for preventing, detecting, and responding to threats
-![Image of IBM QRadar logo](images/ibm-qradar-logo.png) | IBM QRadar | Configure IBM QRadar to collect detections from Microsoft Defender ATP 
-![Image of Micro Focus ArcSight logo](images/arcsight-logo.png) | Micro Focus ArcSight | Use Micro Focus ArcSight to pull Microsoft Defender ATP detections
-![Image of RSA NetWitness logo](images/rsa-netwitness-logo.png) | RSA NetWitness | Stream Microsoft Defender ATP Alerts to RSA NetWitness leveraging Microsoft Graph Security API
-![Image of SafeBreach logo](images/safebreach-logo.png) |SafeBreach| Gain visibility into Microsoft Defender ATP security events that are automatically correlated with SafeBreach simulations
-![Image of Skybox Vulnerability Control logo](images/skybox-logo.png) | Skybox Vulnerability Control | Skybox Vulnerability Control cuts through the noise of vulnerability management, correlating business, network and threat context to uncover your riskiest vulnerabilities
-![Image of Splunk logo](images/splunk-logo.png) | Splunk | The Microsoft Defender ATP Add-on allows Splunk users to ingest all of the alerts and supporting information to their Splunk
-![Image of XM Cyber logo](images/xmcyber-logo.png) | XM Cyber | Prioritize your response to an alert based on risk factors and high value assets.
+![Image of AttackIQ logo](images/attackiq-logo.png)| [AttackIQ Platform](https://go.microsoft.com/fwlink/?linkid=2103502) | AttackIQ Platform validates MDATP is configured properly by launching continuous attacks safely on production assets
+![Image of Azure Sentinel logo](images/sentinel-logo.png)| [AzureSentinel](https://go.microsoft.com/fwlink/?linkid=2135705) | Stream alerts from Microsoft Defender Advanced Threat Protection into Azure Sentinel 
+![Image of Cymulate logo](images/cymulate-logo.png) | [Cymulate](https://go.microsoft.com/fwlink/?linkid=2135574)| Correlate Defender ATP findings with simulated attacks to validate accurate detection and effective response actions
+![Image of Elastic security logo](images/elastic-security-logo.png) | [Elastic Security](https://go.microsoft.com/fwlink/?linkid=2139303) | Elastic Security is a free and open solution for preventing, detecting, and responding to threats
+![Image of IBM QRadar logo](images/ibm-qradar-logo.png) | [IBM QRadar](https://go.microsoft.com/fwlink/?linkid=2113903) | Configure IBM QRadar to collect detections from Microsoft Defender ATP 
+![Image of Micro Focus ArcSight logo](images/arcsight-logo.png) | [Micro Focus ArcSight](https://go.microsoft.com/fwlink/?linkid=2113548) | Use Micro Focus ArcSight to pull Microsoft Defender ATP detections
+![Image of RSA NetWitness logo](images/rsa-netwitness-logo.png) | [RSA NetWitness](https://go.microsoft.com/fwlink/?linkid=2118566) | Stream Microsoft Defender ATP Alerts to RSA NetWitness leveraging Microsoft Graph Security API
+![Image of SafeBreach logo](images/safebreach-logo.png) | [SafeBreach](https://go.microsoft.com/fwlink/?linkid=2114114)| Gain visibility into Microsoft Defender ATP security events that are automatically correlated with SafeBreach simulations
+![Image of Skybox Vulnerability Control logo](images/skybox-logo.png) | [Skybox Vulnerability Control](https://go.microsoft.com/fwlink/?linkid=2127467) | Skybox Vulnerability Control cuts through the noise of vulnerability management, correlating business, network and threat context to uncover your riskiest vulnerabilities
+![Image of Splunk logo](images/splunk-logo.png) | [Splunk](https://go.microsoft.com/fwlink/?linkid=2129805) | The Microsoft Defender ATP Add-on allows Splunk users to ingest all of the alerts and supporting information to their Splunk
+![Image of XM Cyber logo](images/xmcyber-logo.png) | [XM Cyber](https://go.microsoft.com/fwlink/?linkid=2136700) | Prioritize your response to an alert based on risk factors and high value assets.
 
 ### Orchestration and automation
 
 
 Logo |Partner name   | Description 
 :---|:---|:---
-![Image of CyberSponse CyOps logo](images/cybersponse-logo.png) | CyberSponse CyOps | CyOps integrates with Microsoft Defender ATP to automate customers' high-speed incident response playbooks
-![Image of Delta Risk ActiveEye logo](images/delta-risk-activeeye-logo.png) | Delta Risk ActiveEye | Delta Risk, a leading provider of SOC-as-a-Service and security services, integrate Microsoft Defender ATP with its cloud-native SOAR platform. ActiveEye
-![Image of Demisto, a Palo Alto Networks Company logo](images/demisto-logo.png) | Demisto, a Palo Alto Networks Company | Demisto integrates with Microsoft Defender ATP to enable security teams to orchestrate and automate endpoint security monitoring, enrichment and response
-![Image of Microsoft Flow & Azure Functions logo](images/ms-flow-logo.png) | Microsoft Flow & Azure Functions | Use the Microsoft Defender ATP connectors for Azure Logic Apps & Microsoft Flow to automating security procedures
-![Image of Rapid7 InsightConnect logo](images/rapid7-logo.png) | Rapid7 InsightConnect | InsightConnect integrates with Microsoft Defender ATP to accelerate, streamline, and integrate your time-intensive security processes
-![Image of ServiceNow logo](images/servicenow-logo.png) | ServiceNow | Ingest alerts into ServiceNow Security Operations solution based on Microsoft Graph API integration
-![Image of Swimlane logo](images/swimlane-logo.png) | Swimlane | Maximize incident response capabilities utilizing Swimlane and Microsoft Defender ATP together
+![Image of CyberSponse CyOps logo](images/cybersponse-logo.png) | [CyberSponse CyOps](https://go.microsoft.com/fwlink/?linkid=2115943) | CyOps integrates with Microsoft Defender ATP to automate customers' high-speed incident response playbooks
+![Image of Delta Risk ActiveEye logo](images/delta-risk-activeeye-logo.png) | [Delta Risk ActiveEye](https://go.microsoft.com/fwlink/?linkid=2127468) | Delta Risk, a leading provider of SOC-as-a-Service and security services, integrate Microsoft Defender ATP with its cloud-native SOAR platform, ActiveEye.
+![Image of Demisto, a Palo Alto Networks Company logo](images/demisto-logo.png) | [Demisto, a Palo Alto Networks Company](https://go.microsoft.com/fwlink/?linkid=2108414) | Demisto integrates with Microsoft Defender ATP to enable security teams to orchestrate and automate endpoint security monitoring, enrichment and response
+![Image of Microsoft Flow & Azure Functions logo](images/ms-flow-logo.png) | [Microsoft Flow & Azure Functions](https://go.microsoft.com/fwlink/?linkid=2114300) | Use the Microsoft Defender ATP connectors for Azure Logic Apps & Microsoft Flow to automating security procedures
+![Image of Rapid7 InsightConnect logo](images/rapid7-logo.png) | [Rapid7 InsightConnect](https://go.microsoft.com/fwlink/?linkid=2116040) | InsightConnect integrates with Microsoft Defender ATP to accelerate, streamline, and integrate your time-intensive security processes
+![Image of ServiceNow logo](images/servicenow-logo.png) | [ServiceNow](https://go.microsoft.com/fwlink/?linkid=2135621) | Ingest alerts into ServiceNow Security Operations solution based on Microsoft Graph API integration
+![Image of Swimlane logo](images/swimlane-logo.png) | [Swimlane](https://go.microsoft.com/fwlink/?linkid=2113902) | Maximize incident response capabilities utilizing Swimlane and Microsoft Defender ATP together
 
 
+### Threat intelligence
 
-
-
-
-
-
-
-
-![Image of logo](images/-logo.png) |
-
-
-![Image of logo](images/-logo.png) |
-
-
-![Image of logo](images/-logo.png) |
-
-
-
-
-
-
-
-
-Partner name   | Description |Category 
+Logo |Partner name   | Description 
 :---|:---|:---
-|AzureSentinel | Stream alerts from Microsoft Defender Advanced Threat Protection into Azure Sentinel |Security information and analytics 
-|Elastic Security | Elastic Security is a free and open solution for preventing, detecting, and responding to threats.|Security information and analytics 
-|AttackIQ Platform | AttackIQ Platform validates MDATP is configured properly by launching continuous attacks safely on production assets|Security information and analytics 
-|Skybox Vulnerability Control | Skybox Vulnerability Control cuts through the noise of vulnerability management, correlating business, network threat context to uncover your riskiest vulnerabilities.|Security information and analytics
-| Splunk | The Microsoft Defender ATP Add-on allows Splunk users to ingest all of the alerts and supporting information to their Splunk |Security information and analytics 
-|IBM QRadar | Configure IBM QRadar to collect detections from Microsoft Defender ATP |Security information and analytics 
-|Cymulate | Correlate Defender ATP findings with simulated attacks to validate accurate detection and effective response actions |Security information and analytics 
-| HP ArcSight |Use HP ArcSight to pull Microsoft Defender ATP detections |Security information and analytics 
-|SafeBreach | Gain visibility into Microsoft Defender ATP security events that are automatically correlated with SafeBreach simulations|Security information and analytics 
-| RSA NetWitness| Steam Microsoft Defender ATP Alerts to RSA NetWitness leveraging Microsoft Graph Security API|Security information and analytics 
-| XM Cyber| Prioritize your response to an alert based on risk factors and high value assets.|Security information and analytics 
- Demisto, a Palo Alto Networks Company|Demisto integrates with Microsoft Defender ATP to enable security teams to orchestrate and automate endpoint security monitoring, enrichment and response|Orchestration and automation
- |||Orchestration and automation
- |||Orchestration and automation
- |||Orchestration and automation
- |||Orchestration and automation
- |||Orchestration and automation
- |||Orchestration and automation
-Palo Alto Networks |Enrich your endpoint protection by extending Autofocus and other threat feeds to Microsoft Defender ATP using MineMeld|Threat intelligence  
-ThreatConnect | Alert and/or block on custom threat intelligence from ThreatConnect Playbooks using Microsoft Defender ATP connectors |Threat intelligence  
-MISP (Malware Information Sharing Platform) | Integrate threat indicators from the Open Source Threat Intelligence Sharing Platform into your Microsoft Defender ATP environment| Threat intelligence  
- |||Network security
- ||| Cross platform
-||| Additional integrations 
- ||| Manages security service providers
+![Image of MISP Malware Information Sharing Platform)logo](images/misp-logo.png) | [MISP (Malware Information Sharing Platform)](https://go.microsoft.com/fwlink/?linkid=2127543) | Integrate threat indicators from the Open Source Threat Intelligence Sharing Platform into your Microsoft Defender ATP environment
+![Image of Palo Alto Networks logo](images/paloalto-logo.png) | [Palo Alto Networks](https://go.microsoft.com/fwlink/?linkid=2099582) | Enrich your endpoint protection by extending Autofocus and other threat feeds to Microsoft Defender ATP using MineMeld
+![Image of ThreatConnect logo](images/threatconnect-logo.png) | [ThreatConnect](https://go.microsoft.com/fwlink/?linkid=2114115) | Alert and/or block on custom threat intelligence from ThreatConnect Playbooks using Microsoft Defender ATP indicators
+
+
+
+### Network security
+Logo |Partner name   | Description 
+:---|:---|:---
+![Image of Aruba ClearPass Policy Manager logo](images/aruba-logo.png) | [Aruba ClearPass Policy Manager](https://go.microsoft.com/fwlink/?linkid=2127544) | Ensure Microsoft Defender ATP is installed and updated on each endpoint before allowing access to the network
+![Image of Blue Hexagon for Network logo](images/bluehexagon-logo.png) | [Blue Hexagon for Network](https://go.microsoft.com/fwlink/?linkid=2104613) | Blue Hexagon has built the industry's first real-time deep learning platform for network threat protection
+![Image of CyberMDX logo](images/cybermdx-logo.png) | [CyberMDX](https://go.microsoft.com/fwlink/?linkid=2135620) | Cyber MDX integrates comprehensive healthcare assets visibility, threat prevention and repose into your Microsoft Defender ATP environment
+![Image of Vectra Network Detection and Response (NDR) logo](images/vectra-logo.png) |[Vectra Network Detection and Response (NDR)](https://go.microsoft.com/fwlink/?linkid=866934)| Vectra applies AI & security research to detect and respond to cyber-attacks in real time
+
+
+### Cross platform
+Logo |Partner name   | Description 
+:---|:---|:---
+![Image of Bitdefender logo](images/bitdefender-logo.png)| [Bitdefender](https://go.microsoft.com/fwlink/?linkid=860032)| Bitdefender GravityZone is a layered next generation endpoint protection platform offering comprehensive protection against the full spectrum of sophisticated cyber threats
+![Image of Better Mobile logo](images/bettermobile-logo.png) | [Better Mobile](https://go.microsoft.com/fwlink/?linkid=2086214)| AI based MTD solution to stop mobile threats & phishing. Private internet browsing to protect user privacy 
+![Image of Corrata logo](images/corrata-logo.png)| [Corrata](https://go.microsoft.com/fwlink/?linkid=2081148) | Mobile solution - Protect your mobile devices with granular visibility and control from Corrata 
+![Image of Lookout logo](images/lookout-logo.png)| [Lookout](https://go.microsoft.com/fwlink/?linkid=866935)| Get Lookout Mobile Threat Protection telemetry for Android and iOS mobile devices
+![Image of Symantec Endpoint Protection Mobile logo](images/symantec-logo.png) | [Symantec Endpoint Protection Mobile](https://go.microsoft.com/fwlink/?linkid=2090992)| SEP Mobile helps businesses predict, detect and prevent security threats and vulnerabilities on mobile devices 
+![Image of Zimperium logo](images/zimperium-logo.png)| [Zimperium](https://go.microsoft.com/fwlink/?linkid=2118044)|Extend your Microsoft Defender ATP to iOS and Android with Machine Learning-based Mobile Threat Defense
+
+
+## Additional integrations
+Logo |Partner name   | Description 
+:---|:---|:---
+![Image of Cyren Web Filter logo](images/cyren-logo.png)| [Cyren Web Filter](https://go.microsoft.com/fwlink/?linkid=2108221)| Enhance your Microsoft Defender ATP with advanced Web Filtering
+![Image of Morphisec logo](images/morphisec-logo.png)| [Morphisec](https://go.microsoft.com/fwlink/?linkid=2086215)| Provides Moving Target Defense-powered advanced threat prevention and integrates forensics data directly into WD Security Center dashboards to help prioritize alerts, determine device at-risk score and visualize full attack timeline including internal memory information
+![Image of THOR Cloud logo](images/nextron-thor-logo.png)| [THOR Cloud](https://go.microsoft.com/fwlink/?linkid=862988)| Provides on-demand live forensics scans using a signature base with focus on persistent threats
+
+
+
 
 ## SIEM integration
 Microsoft Defender ATP supports SIEM integration through a variety of methods - specialized SIEM system interface with out of the box connectors, a generic alert API enabling custom implementations, and an action API enabling alert status management.  For more information, see [Enable SIEM integration](enable-siem-integration.md).

From 269eb52fe6447b34c5eeaf9637b2e7c0560b8a57 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Tue, 15 Sep 2020 10:50:48 -0700
Subject: [PATCH 19/57] add mobile devices

---
 .../microsoft-defender-atp/partner-applications.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
index 0cced2f956..a7afe9429d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
@@ -128,4 +128,4 @@ Microsoft Defender ATP allows you to integrate with such solutions and act on Io
 Microsoft Defender ATP currently supports IOC matching and remediation for file and network indicators. Blocking is supported for file indicators.  
 
 ## Support for non-Windows platforms
-Microsoft Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the portal and better protect your organization's network. 
+Microsoft Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms, including mobile devices. You'll be able to see alerts from various supported operating systems (OS) in the portal and better protect your organization's network. 

From 9212521ecaa7f7eb147f1c2054d5fdbc7028c58b Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Tue, 15 Sep 2020 11:20:41 -0700
Subject: [PATCH 20/57] branding

---
 .../microsoft-defender-atp/partner-applications.md          | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
index a7afe9429d..dbf3e9b53b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
@@ -38,9 +38,9 @@ Microsoft Defender ATP seamlessly integrates with existing security solutions -
 
 Logo |Partner name   | Description 
 :---|:---|:---
-![Image of AttackIQ logo](images/attackiq-logo.png)| [AttackIQ Platform](https://go.microsoft.com/fwlink/?linkid=2103502) | AttackIQ Platform validates MDATP is configured properly by launching continuous attacks safely on production assets
+![Image of AttackIQ logo](images/attackiq-logo.png)| [AttackIQ Platform](https://go.microsoft.com/fwlink/?linkid=2103502) | AttackIQ Platform validates Microsoft Defender ATP is configured properly by launching continuous attacks safely on production assets
 ![Image of Azure Sentinel logo](images/sentinel-logo.png)| [AzureSentinel](https://go.microsoft.com/fwlink/?linkid=2135705) | Stream alerts from Microsoft Defender Advanced Threat Protection into Azure Sentinel 
-![Image of Cymulate logo](images/cymulate-logo.png) | [Cymulate](https://go.microsoft.com/fwlink/?linkid=2135574)| Correlate Defender ATP findings with simulated attacks to validate accurate detection and effective response actions
+![Image of Cymulate logo](images/cymulate-logo.png) | [Cymulate](https://go.microsoft.com/fwlink/?linkid=2135574)| Correlate Microsoft Defender ATP findings with simulated attacks to validate accurate detection and effective response actions
 ![Image of Elastic security logo](images/elastic-security-logo.png) | [Elastic Security](https://go.microsoft.com/fwlink/?linkid=2139303) | Elastic Security is a free and open solution for preventing, detecting, and responding to threats
 ![Image of IBM QRadar logo](images/ibm-qradar-logo.png) | [IBM QRadar](https://go.microsoft.com/fwlink/?linkid=2113903) | Configure IBM QRadar to collect detections from Microsoft Defender ATP 
 ![Image of Micro Focus ArcSight logo](images/arcsight-logo.png) | [Micro Focus ArcSight](https://go.microsoft.com/fwlink/?linkid=2113548) | Use Micro Focus ArcSight to pull Microsoft Defender ATP detections
@@ -48,7 +48,7 @@ Logo |Partner name   | Description
 ![Image of SafeBreach logo](images/safebreach-logo.png) | [SafeBreach](https://go.microsoft.com/fwlink/?linkid=2114114)| Gain visibility into Microsoft Defender ATP security events that are automatically correlated with SafeBreach simulations
 ![Image of Skybox Vulnerability Control logo](images/skybox-logo.png) | [Skybox Vulnerability Control](https://go.microsoft.com/fwlink/?linkid=2127467) | Skybox Vulnerability Control cuts through the noise of vulnerability management, correlating business, network and threat context to uncover your riskiest vulnerabilities
 ![Image of Splunk logo](images/splunk-logo.png) | [Splunk](https://go.microsoft.com/fwlink/?linkid=2129805) | The Microsoft Defender ATP Add-on allows Splunk users to ingest all of the alerts and supporting information to their Splunk
-![Image of XM Cyber logo](images/xmcyber-logo.png) | [XM Cyber](https://go.microsoft.com/fwlink/?linkid=2136700) | Prioritize your response to an alert based on risk factors and high value assets.
+![Image of XM Cyber logo](images/xmcyber-logo.png) | [XM Cyber](https://go.microsoft.com/fwlink/?linkid=2136700) | Prioritize your response to an alert based on risk factors and high value assets
 
 ### Orchestration and automation
 

From cf489095e060eb3808badc97ddb803072e2e2c51 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Sep 2020 12:06:40 -0700
Subject: [PATCH 21/57] Update automated-investigations.md

---
 .../microsoft-defender-atp/automated-investigations.md      | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
index 807094bae7..23a09e73f8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
@@ -75,15 +75,15 @@ You can configure the following levels of automation:
 
 |Automation level | Description|
 |---|---|
-|**Full - remediate threats automatically** | All remediation actions are performed automatically.<br/><br/>***This option is recommended** and is selected by default for Microsoft Defender ATP tenants created on or after August 16, 2020, and have no device groups defined. <br/>If you do have a device group defined, you will also have a device group called **Ungrouped devices (default)**, which will be set to **Full - remediate threats automatically**.*|
+|**Full - remediate threats automatically** | All remediation actions are performed automatically.<br/><br/>***This option is recommended** and is selected by default for Microsoft Defender ATP tenants that were created on or after August 16, 2020, and that have no device groups defined. <br/>If you do have a device group defined, you will also have a device group called **Ungrouped devices (default)**, which will be set to **Full - remediate threats automatically**.*|
 |**Semi - require approval for core folders remediation** | An approval is required on files or executables that are in the operating system directories such as Windows folder and Program files folder. <br/><br/> Files or executables in all other folders are automatically remediated, if needed.|
 |**Semi - require approval for non-temp folders remediation** | An approval is required on files or executables that are not in temporary folders. <br/><br/> Files or executables in temporary folders, such as the user's download folder or the user's temp folder, are automatically be remediated (if needed).|
-|**Semi - require approval for any remediation** | An approval is needed for any remediation action. <br/><br/>*This option is selected by default for Microsoft Defender ATP tenants created before August 16, 2020, and have no device groups defined. <br/>If you do have a device group defined, you will also have a device group called **Ungrouped devices (default)**, which will be set to **Semi - require approval for any remediation**.*|
+|**Semi - require approval for any remediation** | An approval is needed for any remediation action. <br/><br/>*This option is selected by default for Microsoft Defender ATP tenants that were created before August 16, 2020, and that have no device groups defined. <br/>If you do have a device group defined, you will also have a device group called **Ungrouped devices (default)**, which will be set to **Semi - require approval for any remediation**.*|
 |**No automated response** | Devices do not get any automated investigations run on them. <br/><br/>***This option is not recommended**, because it fully disables automated investigation and remediation capabilities, and reduces the security posture of your organization's devices.* |
 
 
 > [!IMPORTANT]
-> A few points of clarification regarding automation levels and default settings:
+> Regarding automation levels and default settings:
 > - If your tenant already has device groups defined, the automation level settings are not changed for those device groups.
 > - If your tenant was onboarded to Microsoft Defender ATP *before* August 16, 2020, and you have not defined a device group, your organization's default setting is **Semi - require approval for any remediation**.
 > - If your tenant was onboarded to Microsoft Defender ATP *before* August 16, 2020, and you do have a device group defined, you also have an **Ungrouped devices (default)** device group that is set to **Semi - require approval for any remediation**. 

From 008840d52d4b72e1ba018671bcb7a732aa8db600 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Sep 2020 12:09:36 -0700
Subject: [PATCH 22/57] Update manage-auto-investigation.md

---
 .../microsoft-defender-atp/manage-auto-investigation.md      | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index 913a4d215c..9fc6c51bfa 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -15,13 +15,16 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual
+ms.date: 09/15/2020
 ---
 
 # Review and approve actions following an automated investigation
 
 ## Remediation actions
 
-When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on the type of threat and resulting verdict, remediation actions occur automatically or upon approval by your organization’s security operations team. For example, some actions, such as removing malware, are taken automatically. Other actions require review and approval to proceed.  
+When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on the type of threat, the resulting verdict, and how your organization's device groups are configured, remediation actions occur automatically or upon approval by your organization’s security operations team. 
+
+For example, some actions, such as removing malware, are taken automatically. Other actions require review and approval to proceed.  
 
 When a verdict of *Malicious* is reached for a piece of evidence, Microsoft Defender Advanced Threat Protection takes one of the following remediation actions automatically:
 - Quarantine a file

From bf4c470e1062e42c924cd7fb2591298897793e42 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Sep 2020 12:46:29 -0700
Subject: [PATCH 23/57] Update manage-auto-investigation.md

---
 .../manage-auto-investigation.md              | 30 +++++++++++--------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index 9fc6c51bfa..c18c7cb3ae 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -22,11 +22,13 @@ ms.date: 09/15/2020
 
 ## Remediation actions
 
-When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on the type of threat, the resulting verdict, and how your organization's device groups are configured, remediation actions occur automatically or upon approval by your organization’s security operations team. 
+When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on the type of threat, the resulting verdict, and how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, remediation actions can occur automatically or only upon approval by your organization’s security operations team. 
 
-For example, some actions, such as removing malware, are taken automatically. Other actions require review and approval to proceed.  
+For example, suppose that your organization's devices are included in a device group that is set for **Semi - require approval for any remediation**. In this case, your security operations team must review and approve all remediation actions. 
 
-When a verdict of *Malicious* is reached for a piece of evidence, Microsoft Defender Advanced Threat Protection takes one of the following remediation actions automatically:
+Now suppose that you've changed your organization's device groups so that they are set to **Full - remediate threats automatically** (this is the recommended setting). In this case, remediation actions are taken automatically for artifacts that are considered to be malicious. 
+
+When an automated investigation determines an artifact is malicious, the following remediation actions are taken or recommended:
 - Quarantine a file
 - Remove a registry key
 - Kill a process
@@ -35,7 +37,7 @@ When a verdict of *Malicious* is reached for a piece of evidence, Microsoft Defe
 - Disable a driver
 - Remove a scheduled task
 
-Evidence determined as *Suspicious* results in pending actions that require approval. As a best practice, make sure to [approve (or reject) pending actions](#review-pending-actions) as soon as possible so that you automated investigations complete in a timely manner. 
+Artifacts that are determined to be *Suspicious* result in pending actions that require approval. As a best practice, make sure to [approve (or reject) pending actions](#review-pending-actions) as soon as possible so that you automated investigations complete in a timely manner. 
 
 No actions are taken when a verdict of *No threats found* is reached for a piece of evidence. 
 
@@ -43,22 +45,22 @@ In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and
 
 ## Review pending actions
 
-1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. You'll see the Security dashboard.
+1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. You'll see the [Security operations dashboard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard).
 
-2. On the Security dashboard, in the navigation pane on the left, choose **Automated investigations** > **Action center**.
+2. On the Security operations dashboard, in the navigation pane on the left, choose **Automated investigations** > **Action center**.
 
 3. Review any items on the **Pending** tab. 
 
-    Select an investigation from any of the categories to open a panel where you can approve or reject remediation actions. Other details such as file or service details, investigation details, and alert details are displayed. From the panel, you can click on the **Open investigation page** link to see the investigation details.
-
-    You can also select multiple investigations to approve or reject actions on multiple investigations. 
-
+   - Select an investigation from any of the categories to open a panel where you can approve or reject remediation actions. 
+   - Other details such as file or service details, investigation details, and alert details are displayed. 
+   - From the panel, you can click on the **Open investigation page** link to see the investigation details.
+   - You can also select multiple investigations to approve or reject actions on multiple investigations. 
 
 ## Review completed actions
 
-1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. You'll see the Security dashboard.
+1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. You'll see the [Security operations dashboard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard).
 
-2. On the Security dashboard, in the navigation pane on the left, choose **Automated investigations** > **Action center**.
+2. On the Security operations dashboard, in the navigation pane on the left, choose **Automated investigations** > **Action center**.
 
 3. Select the **History** tab. (If need be, expand the time period to display more data.)
 
@@ -74,6 +76,8 @@ In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and
 
 ## Related articles
 
+- [How threats are remediated in automated investigation & remediation (Microsoft Defender Advanced Threat Protection)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations#how-threats-are-remediated)
+
 - [Automated investigation and response in Office 365 Advanced Threat Protection](https://docs.microsoft.com/microsoft-365/security/office-365-security/office-365-air)
 
-- [Automated investigation and response in Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/mtp-autoir)
\ No newline at end of file
+- [Self-healing in Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/mtp-autoir)
\ No newline at end of file

From 54f227e7bac9d89ab1a4ef65b2f636043c830f3a Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Tue, 15 Sep 2020 13:06:02 -0700
Subject: [PATCH 24/57] add limit

---
 .../microsoft-defender-atp/run-advanced-query-api.md             | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
index 2625952949..a33a2c88fd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
@@ -28,6 +28,7 @@ ms.topic: article
 2. The results will include a maximum of 100,000 rows.
 3. The number of executions is limited per tenant: up to 15 calls per minute, 15 minutes of running time every hour and 4 hours of running time a day.
 4. The maximal execution time of a single request is 10 minutes.
+5. 429 response will represent reaching quota limit either by number of requests or by CPU. The 429 response body will also indicate the time until the quota is renewed. 
 
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)

From 656e1c23d93229e30f3645f5e2d6f897935f271c Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Tue, 15 Sep 2020 13:09:41 -0700
Subject: [PATCH 25/57] 10 min

---
 .../microsoft-defender-atp/run-advanced-query-api.md            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
index a33a2c88fd..f0f6228bbe 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
@@ -26,7 +26,7 @@ ms.topic: article
 ## Limitations
 1. You can only run a query on data from the last 30 days.
 2. The results will include a maximum of 100,000 rows.
-3. The number of executions is limited per tenant: up to 15 calls per minute, 15 minutes of running time every hour and 4 hours of running time a day.
+3. The number of executions is limited per tenant: up to 10 calls per minute, 10 minutes of running time every hour and 4 hours of running time a day.
 4. The maximal execution time of a single request is 10 minutes.
 5. 429 response will represent reaching quota limit either by number of requests or by CPU. The 429 response body will also indicate the time until the quota is renewed. 
 

From 4e6dc0647bf81760e1d845aba855ae2e5ab2cb24 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Sep 2020 13:30:39 -0700
Subject: [PATCH 26/57] Update manage-auto-investigation.md

---
 .../manage-auto-investigation.md              | 30 +++++++++++--------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index c18c7cb3ae..ee6dc39e0d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -24,25 +24,31 @@ ms.date: 09/15/2020
 
 When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on the type of threat, the resulting verdict, and how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, remediation actions can occur automatically or only upon approval by your organization’s security operations team. 
 
-For example, suppose that your organization's devices are included in a device group that is set for **Semi - require approval for any remediation**. In this case, your security operations team must review and approve all remediation actions. 
+For example, suppose that your organization's devices are included in a device group that is set for **Semi - require approval for any remediation**. In this case, your security operations team must review and approve all remediation actions. (See [Review pending actions](#review-pending-actions).)
 
-Now suppose that you've changed your organization's device groups so that they are set to **Full - remediate threats automatically** (this is the recommended setting). In this case, remediation actions are taken automatically for artifacts that are considered to be malicious. 
+Now suppose that you've changed your organization's device groups so that they are set to **Full - remediate threats automatically** (this is the recommended setting). In this case, remediation actions are taken automatically for artifacts that are considered to be malicious. (See [Review completed actions](#review-completed-actions).)
 
-When an automated investigation determines an artifact is malicious, the following remediation actions are taken or recommended:
-- Quarantine a file
-- Remove a registry key
-- Kill a process
-- Stop a service
-- Remove a registry key
-- Disable a driver
-- Remove a scheduled task
+### Automated investigation results and remediation actions
 
-Artifacts that are determined to be *Suspicious* result in pending actions that require approval. As a best practice, make sure to [approve (or reject) pending actions](#review-pending-actions) as soon as possible so that you automated investigations complete in a timely manner. 
+The following table summarizes remediation actions following an automated investigation with several examples.
 
-No actions are taken when a verdict of *No threats found* is reached for a piece of evidence. 
+|Device group setting | Automated investigation results | What to do |
+|:---|:---|:---|
+|**Full - remediate threats automatically** (this is the recommended setting) |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>Depending on the artifact, one of the following remediation actions are taken automatically: <br/>- Quarantine a file <br/>- Remove a registry key <br/>- Kill a process <br/>- Stop a service <br/>- Remove a registry key <br/>- Disable a driver <br/>- Remove a scheduled task |[Review completed actions](#review-completed-actions). |
+|**Full - remediate threats automatically** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval to proceed. | [Approve (or reject) pending actions](#review-pending-actions). |
+|**Semi - require approval for any remediation**  |A verdict of either *Malicious* or *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval to proceed.  |[Approve (or reject) pending actions](#review-pending-actions). |
+|**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval. <br/><br/>If the artifact is not in an operating system directory, remediation actions are taken automatically. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). <br/><br/>[Approve (or reject) pending actions](#review-pending-actions).|
+|**Semi - require approval for core folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval.  |[Approve (or reject) pending actions](#review-pending-actions).|
+|**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval. <br/><br/>If the artifact is a file or executable and is in a temporary folder, remediation actions are taken automatically.  |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).<br/><br/>[Approve (or reject) pending actions](#review-pending-actions). |
+|**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).<br/><br/>[Approve (or reject) pending actions](#review-pending-actions). | 
+|Any of the following: <br/>- **Full - remediate threats automatically** <br/>- **Semi - require approval for any remediation** <br/>- **Semi - require approval for core folders remediation** <br/>- **Semi - require approval for non-temp folders remediation** |A verdict of *No threats found* is reached for a piece of evidence. <br/><br/>No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). |
 
 In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and viewable in the Microsoft Defender Security Center](#review-completed-actions).
 
+> [!TIP]
+> To learn more about remediation actions following an automated investigation, see [How threats are remediated](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations#how-threats-are-remediated). 
+
+
 ## Review pending actions
 
 1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. You'll see the [Security operations dashboard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard).

From c5162f723441a7d4a70efebd0f25f24e7d0b8654 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Sep 2020 13:32:18 -0700
Subject: [PATCH 27/57] Update manage-auto-investigation.md

---
 .../microsoft-defender-atp/manage-auto-investigation.md    | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index ee6dc39e0d..487483bc1b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -80,10 +80,3 @@ In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and
 
 - [Get an overview of live response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/live-response)
 
-## Related articles
-
-- [How threats are remediated in automated investigation & remediation (Microsoft Defender Advanced Threat Protection)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations#how-threats-are-remediated)
-
-- [Automated investigation and response in Office 365 Advanced Threat Protection](https://docs.microsoft.com/microsoft-365/security/office-365-security/office-365-air)
-
-- [Self-healing in Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/mtp-autoir)
\ No newline at end of file

From 2400ac320cc19fa81fd54e511f469603a5a4bff0 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Sep 2020 13:35:37 -0700
Subject: [PATCH 28/57] Update manage-auto-investigation.md

---
 .../microsoft-defender-atp/manage-auto-investigation.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index 487483bc1b..2cf7d4c157 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -41,7 +41,7 @@ The following table summarizes remediation actions following an automated invest
 |**Semi - require approval for core folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval.  |[Approve (or reject) pending actions](#review-pending-actions).|
 |**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval. <br/><br/>If the artifact is a file or executable and is in a temporary folder, remediation actions are taken automatically.  |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).<br/><br/>[Approve (or reject) pending actions](#review-pending-actions). |
 |**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).<br/><br/>[Approve (or reject) pending actions](#review-pending-actions). | 
-|Any of the following: <br/>- **Full - remediate threats automatically** <br/>- **Semi - require approval for any remediation** <br/>- **Semi - require approval for core folders remediation** <br/>- **Semi - require approval for non-temp folders remediation** |A verdict of *No threats found* is reached for a piece of evidence. <br/><br/>No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). |
+|Full or semi automation |A verdict of *No threats found* is reached for a piece of evidence. <br/><br/>No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). |
 
 In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and viewable in the Microsoft Defender Security Center](#review-completed-actions).
 

From bbc4577e68064278462151d173d2c5cec9bb50e6 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Sep 2020 13:39:26 -0700
Subject: [PATCH 29/57] Update manage-auto-investigation.md

---
 .../microsoft-defender-atp/manage-auto-investigation.md   | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index 2cf7d4c157..9c1f7a4a15 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -22,15 +22,15 @@ ms.date: 09/15/2020
 
 ## Remediation actions
 
-When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on the type of threat, the resulting verdict, and how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, remediation actions can occur automatically or only upon approval by your organization’s security operations team. 
+When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on the type of threat, the resulting verdict, and how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, remediation actions can occur automatically or only upon approval by your organization’s security operations team. Here are two examples:
 
-For example, suppose that your organization's devices are included in a device group that is set for **Semi - require approval for any remediation**. In this case, your security operations team must review and approve all remediation actions. (See [Review pending actions](#review-pending-actions).)
+- Example 1: Contoso's devices are included in a device group that is set for **Semi - require approval for any remediation**. In this case, Contoso's security operations team must review and approve all remediation actions. (See [Review pending actions](#review-pending-actions).)
 
-Now suppose that you've changed your organization's device groups so that they are set to **Full - remediate threats automatically** (this is the recommended setting). In this case, remediation actions are taken automatically for artifacts that are considered to be malicious. (See [Review completed actions](#review-completed-actions).)
+- Example 2: Fabrikam's device groups are set to **Full - remediate threats automatically** (this is the recommended setting). In this case, remediation actions are taken automatically for artifacts that are considered to be malicious. (See [Review completed actions](#review-completed-actions).)
 
 ### Automated investigation results and remediation actions
 
-The following table summarizes remediation actions following an automated investigation with several examples.
+The following table summarizes remediation actions following an automated investigation, and how device group settings affect whether actions are taken automatically or upon approval. 
 
 |Device group setting | Automated investigation results | What to do |
 |:---|:---|:---|

From 32e68562c541701899b2ebd314e6a9a5e9d026ac Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Sep 2020 13:49:57 -0700
Subject: [PATCH 30/57] Update manage-auto-investigation.md

---
 .../microsoft-defender-atp/manage-auto-investigation.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index 9c1f7a4a15..dd00d1c8bd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -41,7 +41,7 @@ The following table summarizes remediation actions following an automated invest
 |**Semi - require approval for core folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval.  |[Approve (or reject) pending actions](#review-pending-actions).|
 |**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval. <br/><br/>If the artifact is a file or executable and is in a temporary folder, remediation actions are taken automatically.  |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).<br/><br/>[Approve (or reject) pending actions](#review-pending-actions). |
 |**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).<br/><br/>[Approve (or reject) pending actions](#review-pending-actions). | 
-|Full or semi automation |A verdict of *No threats found* is reached for a piece of evidence. <br/><br/>No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). |
+|Any of the Full or Semi automation levels |A verdict of *No threats found* is reached for a piece of evidence. <br/><br/>No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). |
 
 In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and viewable in the Microsoft Defender Security Center](#review-completed-actions).
 

From 4e9c1ff56237743fc5e4b571f1cd1d37e922db6f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Sep 2020 13:51:42 -0700
Subject: [PATCH 31/57] Update manage-auto-investigation.md

---
 .../microsoft-defender-atp/manage-auto-investigation.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index dd00d1c8bd..ca76752f2b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -37,7 +37,7 @@ The following table summarizes remediation actions following an automated invest
 |**Full - remediate threats automatically** (this is the recommended setting) |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>Depending on the artifact, one of the following remediation actions are taken automatically: <br/>- Quarantine a file <br/>- Remove a registry key <br/>- Kill a process <br/>- Stop a service <br/>- Remove a registry key <br/>- Disable a driver <br/>- Remove a scheduled task |[Review completed actions](#review-completed-actions). |
 |**Full - remediate threats automatically** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval to proceed. | [Approve (or reject) pending actions](#review-pending-actions). |
 |**Semi - require approval for any remediation**  |A verdict of either *Malicious* or *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval to proceed.  |[Approve (or reject) pending actions](#review-pending-actions). |
-|**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval. <br/><br/>If the artifact is not in an operating system directory, remediation actions are taken automatically. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). <br/><br/>[Approve (or reject) pending actions](#review-pending-actions).|
+|**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval. <br/><br/>If the artifact is not in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). |
 |**Semi - require approval for core folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval.  |[Approve (or reject) pending actions](#review-pending-actions).|
 |**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval. <br/><br/>If the artifact is a file or executable and is in a temporary folder, remediation actions are taken automatically.  |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).<br/><br/>[Approve (or reject) pending actions](#review-pending-actions). |
 |**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).<br/><br/>[Approve (or reject) pending actions](#review-pending-actions). | 

From fc24c73b42a041c80148886e6ffed1c2e6ce62ef Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Sep 2020 13:55:42 -0700
Subject: [PATCH 32/57] Update manage-auto-investigation.md

---
 .../microsoft-defender-atp/manage-auto-investigation.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index ca76752f2b..4c638eb8a0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -37,7 +37,7 @@ The following table summarizes remediation actions following an automated invest
 |**Full - remediate threats automatically** (this is the recommended setting) |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>Depending on the artifact, one of the following remediation actions are taken automatically: <br/>- Quarantine a file <br/>- Remove a registry key <br/>- Kill a process <br/>- Stop a service <br/>- Remove a registry key <br/>- Disable a driver <br/>- Remove a scheduled task |[Review completed actions](#review-completed-actions). |
 |**Full - remediate threats automatically** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval to proceed. | [Approve (or reject) pending actions](#review-pending-actions). |
 |**Semi - require approval for any remediation**  |A verdict of either *Malicious* or *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval to proceed.  |[Approve (or reject) pending actions](#review-pending-actions). |
-|**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval. <br/><br/>If the artifact is not in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). |
+|**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval. <br/><br/>If the artifact is **not** in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). |
 |**Semi - require approval for core folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval.  |[Approve (or reject) pending actions](#review-pending-actions).|
 |**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval. <br/><br/>If the artifact is a file or executable and is in a temporary folder, remediation actions are taken automatically.  |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).<br/><br/>[Approve (or reject) pending actions](#review-pending-actions). |
 |**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).<br/><br/>[Approve (or reject) pending actions](#review-pending-actions). | 

From e9a3f4d701277de3c1b249fc8311c8556e9b6899 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Sep 2020 13:56:39 -0700
Subject: [PATCH 33/57] Update manage-auto-investigation.md

---
 .../microsoft-defender-atp/manage-auto-investigation.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index 4c638eb8a0..ade960182c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -39,7 +39,7 @@ The following table summarizes remediation actions following an automated invest
 |**Semi - require approval for any remediation**  |A verdict of either *Malicious* or *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval to proceed.  |[Approve (or reject) pending actions](#review-pending-actions). |
 |**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval. <br/><br/>If the artifact is **not** in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). |
 |**Semi - require approval for core folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval.  |[Approve (or reject) pending actions](#review-pending-actions).|
-|**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval. <br/><br/>If the artifact is a file or executable and is in a temporary folder, remediation actions are taken automatically.  |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).<br/><br/>[Approve (or reject) pending actions](#review-pending-actions). |
+|**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval. <br/><br/>If the artifact is a file or executable and is in a temporary folder, remediation actions are taken automatically.  |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).  |
 |**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).<br/><br/>[Approve (or reject) pending actions](#review-pending-actions). | 
 |Any of the Full or Semi automation levels |A verdict of *No threats found* is reached for a piece of evidence. <br/><br/>No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). |
 

From 932eddb092500716984bea894205bf95d10ab24c Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Sep 2020 13:57:17 -0700
Subject: [PATCH 34/57] Update manage-auto-investigation.md

---
 .../microsoft-defender-atp/manage-auto-investigation.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index ade960182c..85f5deb547 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -40,7 +40,7 @@ The following table summarizes remediation actions following an automated invest
 |**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval. <br/><br/>If the artifact is **not** in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). |
 |**Semi - require approval for core folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval.  |[Approve (or reject) pending actions](#review-pending-actions).|
 |**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval. <br/><br/>If the artifact is a file or executable and is in a temporary folder, remediation actions are taken automatically.  |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).  |
-|**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).<br/><br/>[Approve (or reject) pending actions](#review-pending-actions). | 
+|**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval. |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).  | 
 |Any of the Full or Semi automation levels |A verdict of *No threats found* is reached for a piece of evidence. <br/><br/>No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). |
 
 In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and viewable in the Microsoft Defender Security Center](#review-completed-actions).

From e083cf68d8004659195e813523ca5d3f195b37d0 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Sep 2020 13:58:20 -0700
Subject: [PATCH 35/57] Update manage-auto-investigation.md

---
 .../microsoft-defender-atp/manage-auto-investigation.md       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index 85f5deb547..30b904712a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -39,9 +39,9 @@ The following table summarizes remediation actions following an automated invest
 |**Semi - require approval for any remediation**  |A verdict of either *Malicious* or *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval to proceed.  |[Approve (or reject) pending actions](#review-pending-actions). |
 |**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval. <br/><br/>If the artifact is **not** in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). |
 |**Semi - require approval for core folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval.  |[Approve (or reject) pending actions](#review-pending-actions).|
-|**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval. <br/><br/>If the artifact is a file or executable and is in a temporary folder, remediation actions are taken automatically.  |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).  |
+|**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval. <br/><br/>If the artifact is a file or executable and **is** in a temporary folder, remediation actions are taken automatically.  |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).  |
 |**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval. |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).  | 
-|Any of the Full or Semi automation levels |A verdict of *No threats found* is reached for a piece of evidence. <br/><br/>No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). |
+|Any of the **Full** or **Semi** automation levels |A verdict of *No threats found* is reached for a piece of evidence. <br/><br/>No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). |
 
 In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and viewable in the Microsoft Defender Security Center](#review-completed-actions).
 

From 558839c67d4e40c9fd5717262841f7388ed2a9eb Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Sep 2020 14:00:51 -0700
Subject: [PATCH 36/57] Update manage-auto-investigation.md

---
 .../microsoft-defender-atp/manage-auto-investigation.md       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index 30b904712a..c9b7b643f7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -37,9 +37,9 @@ The following table summarizes remediation actions following an automated invest
 |**Full - remediate threats automatically** (this is the recommended setting) |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>Depending on the artifact, one of the following remediation actions are taken automatically: <br/>- Quarantine a file <br/>- Remove a registry key <br/>- Kill a process <br/>- Stop a service <br/>- Remove a registry key <br/>- Disable a driver <br/>- Remove a scheduled task |[Review completed actions](#review-completed-actions). |
 |**Full - remediate threats automatically** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval to proceed. | [Approve (or reject) pending actions](#review-pending-actions). |
 |**Semi - require approval for any remediation**  |A verdict of either *Malicious* or *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval to proceed.  |[Approve (or reject) pending actions](#review-pending-actions). |
-|**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval. <br/><br/>If the artifact is **not** in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). |
+|**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable and is in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval. <br/><br/>If the artifact is **not** in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). |
 |**Semi - require approval for core folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval.  |[Approve (or reject) pending actions](#review-pending-actions).|
-|**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval. <br/><br/>If the artifact is a file or executable and **is** in a temporary folder, remediation actions are taken automatically.  |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).  |
+|**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval. <br/><br/>If the artifact is a file or executable that **is** in a temporary folder, remediation actions are taken automatically.  |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).  |
 |**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval. |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).  | 
 |Any of the **Full** or **Semi** automation levels |A verdict of *No threats found* is reached for a piece of evidence. <br/><br/>No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). |
 

From 874f9948b6f28a02aad092b13fb3eb684ff9d999 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Sep 2020 14:01:56 -0700
Subject: [PATCH 37/57] Update manage-auto-investigation.md

---
 .../microsoft-defender-atp/manage-auto-investigation.md    | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index c9b7b643f7..1346b2eed7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -57,10 +57,9 @@ In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and
 
 3. Review any items on the **Pending** tab. 
 
-   - Select an investigation from any of the categories to open a panel where you can approve or reject remediation actions. 
-   - Other details such as file or service details, investigation details, and alert details are displayed. 
-   - From the panel, you can click on the **Open investigation page** link to see the investigation details.
-   - You can also select multiple investigations to approve or reject actions on multiple investigations. 
+4. Select an investigation from any of the categories to open a panel where you can approve or reject remediation actions. 
+
+   Other details such as file or service details, investigation details, and alert details are displayed. From the panel, you can click on the **Open investigation page** link to see the investigation details. You can also select multiple investigations to approve or reject actions on multiple investigations. 
 
 ## Review completed actions
 

From f3e39080044f891a7531e2f906a808c14a2996ee Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Sep 2020 14:04:18 -0700
Subject: [PATCH 38/57] Update manage-auto-investigation.md

---
 .../microsoft-defender-atp/manage-auto-investigation.md     | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index 1346b2eed7..9954bce34d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -37,10 +37,10 @@ The following table summarizes remediation actions following an automated invest
 |**Full - remediate threats automatically** (this is the recommended setting) |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>Depending on the artifact, one of the following remediation actions are taken automatically: <br/>- Quarantine a file <br/>- Remove a registry key <br/>- Kill a process <br/>- Stop a service <br/>- Remove a registry key <br/>- Disable a driver <br/>- Remove a scheduled task |[Review completed actions](#review-completed-actions). |
 |**Full - remediate threats automatically** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval to proceed. | [Approve (or reject) pending actions](#review-pending-actions). |
 |**Semi - require approval for any remediation**  |A verdict of either *Malicious* or *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval to proceed.  |[Approve (or reject) pending actions](#review-pending-actions). |
-|**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable and is in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval. <br/><br/>If the artifact is **not** in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). |
+|**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable and is in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval. <br/><br/>If the artifact is **not** in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [Review completed actions](#review-completed-actions). |
 |**Semi - require approval for core folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval.  |[Approve (or reject) pending actions](#review-pending-actions).|
-|**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval. <br/><br/>If the artifact is a file or executable that **is** in a temporary folder, remediation actions are taken automatically.  |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).  |
-|**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval. |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center).  | 
+|**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval. <br/><br/>If the artifact is a file or executable that **is** in a temporary folder, remediation actions are taken automatically.  |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [Review completed actions](#review-completed-actions).  |
+|**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval. |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [Review completed actions](#review-completed-actions).  | 
 |Any of the **Full** or **Semi** automation levels |A verdict of *No threats found* is reached for a piece of evidence. <br/><br/>No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). |
 
 In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and viewable in the Microsoft Defender Security Center](#review-completed-actions).

From adffeaaf1f32a9513a6795bd5c04e88a07da02fe Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Sep 2020 14:06:27 -0700
Subject: [PATCH 39/57] Update manage-auto-investigation.md

---
 .../manage-auto-investigation.md                      | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index 9954bce34d..5304516d5f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -28,13 +28,22 @@ When an automated investigation runs, a verdict is generated for each piece of e
 
 - Example 2: Fabrikam's device groups are set to **Full - remediate threats automatically** (this is the recommended setting). In this case, remediation actions are taken automatically for artifacts that are considered to be malicious. (See [Review completed actions](#review-completed-actions).)
 
+Whether taken automatically or upon approval, remediation actions include the following:
+- Quarantine a file
+- Remove a registry key 
+- Kill a process 
+- Stop a service 
+- Remove a registry key 
+- Disable a driver 
+- Remove a scheduled task
+
 ### Automated investigation results and remediation actions
 
 The following table summarizes remediation actions following an automated investigation, and how device group settings affect whether actions are taken automatically or upon approval. 
 
 |Device group setting | Automated investigation results | What to do |
 |:---|:---|:---|
-|**Full - remediate threats automatically** (this is the recommended setting) |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>Depending on the artifact, one of the following remediation actions are taken automatically: <br/>- Quarantine a file <br/>- Remove a registry key <br/>- Kill a process <br/>- Stop a service <br/>- Remove a registry key <br/>- Disable a driver <br/>- Remove a scheduled task |[Review completed actions](#review-completed-actions). |
+|**Full - remediate threats automatically** (this is the recommended setting) |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>Appropriate remediation actions are taken automatically. |[Review completed actions](#review-completed-actions). |
 |**Full - remediate threats automatically** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval to proceed. | [Approve (or reject) pending actions](#review-pending-actions). |
 |**Semi - require approval for any remediation**  |A verdict of either *Malicious* or *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval to proceed.  |[Approve (or reject) pending actions](#review-pending-actions). |
 |**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable and is in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval. <br/><br/>If the artifact is **not** in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [Review completed actions](#review-completed-actions). |

From b93b78e88f273d9654f478b9db7009ecf9558031 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Tue, 15 Sep 2020 14:08:51 -0700
Subject: [PATCH 40/57] Replaced some hyphens with em dashes

---
 .../microsoft-defender-atp/partner-applications.md        | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
index dbf3e9b53b..374a74cd95 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
@@ -29,7 +29,7 @@ Microsoft Defender ATP supports third-party applications to help enhance the det
 
 The support for third-party solutions help to further streamline, integrate, and orchestrate defenses from other vendors with Microsoft Defender ATP; enabling security teams to effectively respond better to modern threats.
 
-Microsoft Defender ATP seamlessly integrates with existing security solutions - providing out of the box integration with SIEM, ticketing and IT service management solutions, managed security service providers (MSSP), IoC indicators ingestions and matching, automated device investigation and remediation based on external alerts, and integration with Security orchestration and automation response (SOAR) systems. 
+Microsoft Defender ATP seamlessly integrates with existing security solutions — providing out of the box integration with SIEM, ticketing and IT service management solutions, managed security service providers (MSSP), IoC indicators ingestions and matching, automated device investigation and remediation based on external alerts, and integration with Security orchestration and automation response (SOAR) systems. 
 
 ## Supported applications
 
@@ -88,7 +88,7 @@ Logo |Partner name   | Description
 :---|:---|:---
 ![Image of Bitdefender logo](images/bitdefender-logo.png)| [Bitdefender](https://go.microsoft.com/fwlink/?linkid=860032)| Bitdefender GravityZone is a layered next generation endpoint protection platform offering comprehensive protection against the full spectrum of sophisticated cyber threats
 ![Image of Better Mobile logo](images/bettermobile-logo.png) | [Better Mobile](https://go.microsoft.com/fwlink/?linkid=2086214)| AI based MTD solution to stop mobile threats & phishing. Private internet browsing to protect user privacy 
-![Image of Corrata logo](images/corrata-logo.png)| [Corrata](https://go.microsoft.com/fwlink/?linkid=2081148) | Mobile solution - Protect your mobile devices with granular visibility and control from Corrata 
+![Image of Corrata logo](images/corrata-logo.png)| [Corrata](https://go.microsoft.com/fwlink/?linkid=2081148) | Mobile solution — Protect your mobile devices with granular visibility and control from Corrata 
 ![Image of Lookout logo](images/lookout-logo.png)| [Lookout](https://go.microsoft.com/fwlink/?linkid=866935)| Get Lookout Mobile Threat Protection telemetry for Android and iOS mobile devices
 ![Image of Symantec Endpoint Protection Mobile logo](images/symantec-logo.png) | [Symantec Endpoint Protection Mobile](https://go.microsoft.com/fwlink/?linkid=2090992)| SEP Mobile helps businesses predict, detect and prevent security threats and vulnerabilities on mobile devices 
 ![Image of Zimperium logo](images/zimperium-logo.png)| [Zimperium](https://go.microsoft.com/fwlink/?linkid=2118044)|Extend your Microsoft Defender ATP to iOS and Android with Machine Learning-based Mobile Threat Defense
@@ -105,7 +105,7 @@ Logo |Partner name   | Description
 
 
 ## SIEM integration
-Microsoft Defender ATP supports SIEM integration through a variety of methods - specialized SIEM system interface with out of the box connectors, a generic alert API enabling custom implementations, and an action API enabling alert status management.  For more information, see [Enable SIEM integration](enable-siem-integration.md).
+Microsoft Defender ATP supports SIEM integration through a variety of methods — specialized SIEM system interface with out of the box connectors, a generic alert API enabling custom implementations, and an action API enabling alert status management.  For more information, see [Enable SIEM integration](enable-siem-integration.md).
 
 ## Ticketing and IT service management 
 Ticketing solution integration helps to implement manual and automatic response processes. Microsoft Defender ATP can help to create tickets automatically when an alert is generated and resolve the alerts when tickets are closed using the alerts API. 
@@ -118,7 +118,7 @@ Microsoft Defender ATP offers unique automated investigation and remediation cap
   
 Integrating the automated investigation and response capability with other solutions such as IDS and firewalls help to address alerts and minimize the complexities surrounding network and device signal correlation, effectively streamlining the investigation and threat remediation actions on devices.  
 
-External alerts can be pushed into Microsoft Defender ATP and is presented side-by-side with additional device-based alerts from Microsoft Defender ATP. This view provides a full context of the alert - with the real process and the full story of attack.  
+External alerts can be pushed into Microsoft Defender ATP and is presented side-by-side with additional device-based alerts from Microsoft Defender ATP. This view provides a full context of the alert — with the real process and the full story of attack.  
 
 ## Indicators matching
 You can use threat-intelligence from providers and aggregators to maintain and use indicators of compromise (IOCs).

From 4da3f1440c4a423058c7567cf616a7605d6204e4 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Sep 2020 14:13:51 -0700
Subject: [PATCH 41/57] Update manage-auto-investigation.md

---
 .../microsoft-defender-atp/manage-auto-investigation.md   | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index 5304516d5f..a6d412497f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -22,11 +22,13 @@ ms.date: 09/15/2020
 
 ## Remediation actions
 
-When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on the type of threat, the resulting verdict, and how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, remediation actions can occur automatically or only upon approval by your organization’s security operations team. Here are two examples:
+When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on the type of threat, the resulting verdict, and how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, remediation actions can occur automatically or only upon approval by your organization’s security operations team. Here are a few examples:
 
-- Example 1: Contoso's devices are included in a device group that is set for **Semi - require approval for any remediation**. In this case, Contoso's security operations team must review and approve all remediation actions. (See [Review pending actions](#review-pending-actions).)
+- Example 1: Fabrikam's device groups are set to **Full - remediate threats automatically** (this is the recommended setting). In this case, remediation actions are taken automatically for artifacts that are considered to be malicious. (See [Review completed actions](#review-completed-actions).)
 
-- Example 2: Fabrikam's device groups are set to **Full - remediate threats automatically** (this is the recommended setting). In this case, remediation actions are taken automatically for artifacts that are considered to be malicious. (See [Review completed actions](#review-completed-actions).)
+- Example 2: Contoso's devices are included in a device group that is set for **Semi - require approval for any remediation**. In this case, Contoso's security operations team must review and approve all remediation actions. (See [Review pending actions](#review-pending-actions).)
+
+- Example 3: Tailspin Toys has their device groups set to **No automated response** (this is not recommended). In this case, automated investigations do not occur. As a result, no remediation actions are taken or pending, and no actions are logged in the [Action center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center#the-action-center) for their devices.
 
 Whether taken automatically or upon approval, remediation actions include the following:
 - Quarantine a file

From 9f2753e4b6aecee95be389980854f74d4173f6dd Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Sep 2020 14:16:04 -0700
Subject: [PATCH 42/57] Update manage-auto-investigation.md

---
 .../microsoft-defender-atp/manage-auto-investigation.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index a6d412497f..e0b0e8a7e3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -51,7 +51,7 @@ The following table summarizes remediation actions following an automated invest
 |**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable and is in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval. <br/><br/>If the artifact is **not** in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [Review completed actions](#review-completed-actions). |
 |**Semi - require approval for core folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval.  |[Approve (or reject) pending actions](#review-pending-actions).|
 |**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval. <br/><br/>If the artifact is a file or executable that **is** in a temporary folder, remediation actions are taken automatically.  |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [Review completed actions](#review-completed-actions).  |
-|**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval. |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [Review completed actions](#review-completed-actions).  | 
+|**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval. |[Approve (or reject) pending actions](#review-pending-actions).  | 
 |Any of the **Full** or **Semi** automation levels |A verdict of *No threats found* is reached for a piece of evidence. <br/><br/>No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). |
 
 In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and viewable in the Microsoft Defender Security Center](#review-completed-actions).

From 86ac068c96411bcd3ad8935df3529efbfc73abc6 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Sep 2020 14:17:28 -0700
Subject: [PATCH 43/57] Update manage-auto-investigation.md

---
 .../microsoft-defender-atp/manage-auto-investigation.md       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index e0b0e8a7e3..3b1d959206 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -48,9 +48,9 @@ The following table summarizes remediation actions following an automated invest
 |**Full - remediate threats automatically** (this is the recommended setting) |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>Appropriate remediation actions are taken automatically. |[Review completed actions](#review-completed-actions). |
 |**Full - remediate threats automatically** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval to proceed. | [Approve (or reject) pending actions](#review-pending-actions). |
 |**Semi - require approval for any remediation**  |A verdict of either *Malicious* or *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval to proceed.  |[Approve (or reject) pending actions](#review-pending-actions). |
-|**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable and is in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval. <br/><br/>If the artifact is **not** in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [Review completed actions](#review-completed-actions). |
+|**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable and is in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval. <br/><br/>If the artifact is *not* in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [Review completed actions](#review-completed-actions). |
 |**Semi - require approval for core folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval.  |[Approve (or reject) pending actions](#review-pending-actions).|
-|**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval. <br/><br/>If the artifact is a file or executable that **is** in a temporary folder, remediation actions are taken automatically.  |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [Review completed actions](#review-completed-actions).  |
+|**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval. <br/><br/>If the artifact is a file or executable that *is* in a temporary folder, remediation actions are taken automatically.  |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [Review completed actions](#review-completed-actions).  |
 |**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval. |[Approve (or reject) pending actions](#review-pending-actions).  | 
 |Any of the **Full** or **Semi** automation levels |A verdict of *No threats found* is reached for a piece of evidence. <br/><br/>No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). |
 

From 3ac3ca726b0d4d6e2fd154e8218c3ab09ab44f95 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Sep 2020 14:19:50 -0700
Subject: [PATCH 44/57] fixes

---
 .../microsoft-defender-atp/automated-investigations.md          | 2 +-
 .../microsoft-defender-atp/manage-auto-investigation.md         | 2 --
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
index 23a09e73f8..d1f5cbfd59 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
@@ -106,7 +106,7 @@ You can configure the following levels of automation:
 
 - [See the interactive guide: Investigate and remediate threats with Microsoft Defender ATP](https://aka.ms/MDATP-IR-Interactive-Guide)
 
-## Related articles
+## See also
 
 - [Automated investigation and response in Office 365 Advanced Threat Protection](https://docs.microsoft.com/microsoft-365/security/office-365-security/office-365-air)
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index 3b1d959206..6147a7bacc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -88,5 +88,3 @@ In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and
 
 - [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center)
 
-- [Get an overview of live response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/live-response)
-

From 7fde4edef7f73701aa2826764359323583031b23 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Sep 2020 14:20:55 -0700
Subject: [PATCH 45/57] Update manage-auto-investigation.md

---
 .../microsoft-defender-atp/manage-auto-investigation.md       | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index 6147a7bacc..24e354ee68 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -22,7 +22,9 @@ ms.date: 09/15/2020
 
 ## Remediation actions
 
-When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on the type of threat, the resulting verdict, and how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, remediation actions can occur automatically or only upon approval by your organization’s security operations team. Here are a few examples:
+When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on the type of threat, the resulting verdict, and how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, remediation actions can occur automatically or only upon approval by your organization’s security operations team. 
+
+### Examples showing how device groups affect remediation actions
 
 - Example 1: Fabrikam's device groups are set to **Full - remediate threats automatically** (this is the recommended setting). In this case, remediation actions are taken automatically for artifacts that are considered to be malicious. (See [Review completed actions](#review-completed-actions).)
 

From 052d817f030c3a8e6d9ade4ff420988b5981c398 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Sep 2020 14:22:09 -0700
Subject: [PATCH 46/57] Update manage-auto-investigation.md

---
 .../microsoft-defender-atp/manage-auto-investigation.md     | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index 24e354ee68..6153ebe0fb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -22,7 +22,11 @@ ms.date: 09/15/2020
 
 ## Remediation actions
 
-When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on the type of threat, the resulting verdict, and how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, remediation actions can occur automatically or only upon approval by your organization’s security operations team. 
+When an [automated investigation](automated-investigations.md) runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. 
+
+Depending on the type of threat, the resulting verdict, and how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, remediation actions can occur automatically or only upon approval by your organization’s security operations team. 
+
+Read this article to learn more about remediation actions and what to do when an automated investigation has completed.
 
 ### Examples showing how device groups affect remediation actions
 

From b1a31b6e86301adaf28dfd74506bda8b1bb18d0f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Sep 2020 14:23:15 -0700
Subject: [PATCH 47/57] Update manage-auto-investigation.md

---
 .../microsoft-defender-atp/manage-auto-investigation.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index 6153ebe0fb..b7e6725f75 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -47,7 +47,7 @@ Whether taken automatically or upon approval, remediation actions include the fo
 
 ### Automated investigation results and remediation actions
 
-The following table summarizes remediation actions following an automated investigation, and how device group settings affect whether actions are taken automatically or upon approval. 
+The following table summarizes remediation actions following an automated investigation, how device group settings affect whether actions are taken automatically or upon approval, and what to do in each case. 
 
 |Device group setting | Automated investigation results | What to do |
 |:---|:---|:---|

From 01a125d39195313c607ac5d24fe119d9eaf8e9d6 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Sep 2020 14:26:06 -0700
Subject: [PATCH 48/57] Update manage-auto-investigation.md

---
 .../microsoft-defender-atp/manage-auto-investigation.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index b7e6725f75..bfb0da0089 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -34,7 +34,7 @@ Read this article to learn more about remediation actions and what to do when an
 
 - Example 2: Contoso's devices are included in a device group that is set for **Semi - require approval for any remediation**. In this case, Contoso's security operations team must review and approve all remediation actions. (See [Review pending actions](#review-pending-actions).)
 
-- Example 3: Tailspin Toys has their device groups set to **No automated response** (this is not recommended). In this case, automated investigations do not occur. As a result, no remediation actions are taken or pending, and no actions are logged in the [Action center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center#the-action-center) for their devices.
+- Example 3: Tailspin Toys has their device groups set to **No automated response** (this is not recommended). In this case, automated investigations do not occur. As a result, no remediation actions are taken or pending, and no actions are logged in the [Action center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center#the-action-center) for their devices. (See [Manage device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups#manage-device-groups))
 
 Whether taken automatically or upon approval, remediation actions include the following:
 - Quarantine a file

From e72abf32ff17b0ca89b6c05bcc7f9de7c4f1befa Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Sep 2020 14:27:35 -0700
Subject: [PATCH 49/57] Update manage-auto-investigation.md

---
 .../microsoft-defender-atp/manage-auto-investigation.md     | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index bfb0da0089..93be6e31f7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -24,11 +24,7 @@ ms.date: 09/15/2020
 
 When an [automated investigation](automated-investigations.md) runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. 
 
-Depending on the type of threat, the resulting verdict, and how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, remediation actions can occur automatically or only upon approval by your organization’s security operations team. 
-
-Read this article to learn more about remediation actions and what to do when an automated investigation has completed.
-
-### Examples showing how device groups affect remediation actions
+Depending on the type of threat, the resulting verdict, and how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, remediation actions can occur automatically or only upon approval by your organization’s security operations team. Here are a few examples:
 
 - Example 1: Fabrikam's device groups are set to **Full - remediate threats automatically** (this is the recommended setting). In this case, remediation actions are taken automatically for artifacts that are considered to be malicious. (See [Review completed actions](#review-completed-actions).)
 

From 75f7218e49b363f9848de99b770aeb51f5afbfe6 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Sep 2020 15:02:19 -0700
Subject: [PATCH 50/57] Update mcafee-to-microsoft-defender-setup.md

---
 .../mcafee-to-microsoft-defender-setup.md     | 23 ++++++++++++++-----
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
index 9d3017e042..bea43bc071 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -18,7 +18,7 @@ ms.collection:
 - m365solution-mcafeemigrate 
 ms.topic: article
 ms.custom: migrationguides
-ms.date: 09/03/2020
+ms.date: 09/15/2020
 ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
 ---
 
@@ -31,11 +31,12 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
 
 **Welcome to the Setup phase of [migrating from McAfee Endpoint Security (McAfee) to Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](mcafee-to-microsoft-defender-migration.md#the-migration-process)**. This phase includes the following steps:
 1. [Enable Microsoft Defender Antivirus and confirm it's in passive mode](#enable-microsoft-defender-antivirus-and-confirm-its-in-passive-mode).
-2. [Add Microsoft Defender ATP to the exclusion list for McAfee](#add-microsoft-defender-atp-to-the-exclusion-list-for-mcafee).
-3. [Add McAfee to the exclusion list for Microsoft Defender Antivirus](#add-mcafee-to-the-exclusion-list-for-microsoft-defender-antivirus).
-4. [Add McAfee to the exclusion list for Microsoft Defender ATP](#add-mcafee-to-the-exclusion-list-for-microsoft-defender-atp).
-5. [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units).
-6. [Configure antimalware policies and real-time protection](#configure-antimalware-policies-and-real-time-protection).
+2. [Get updates for Microsoft Defender Antivirus](#get-updates-for-microsoft-defender-antivirus).
+3. [Add Microsoft Defender ATP to the exclusion list for McAfee](#add-microsoft-defender-atp-to-the-exclusion-list-for-mcafee).
+4. [Add McAfee to the exclusion list for Microsoft Defender Antivirus](#add-mcafee-to-the-exclusion-list-for-microsoft-defender-antivirus).
+5. [Add McAfee to the exclusion list for Microsoft Defender ATP](#add-mcafee-to-the-exclusion-list-for-microsoft-defender-atp).
+6. [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units).
+7. [Configure antimalware policies and real-time protection](#configure-antimalware-policies-and-real-time-protection).
 
 ## Enable Microsoft Defender Antivirus and confirm it's in passive mode
 
@@ -135,6 +136,16 @@ Microsoft Defender Antivirus can run alongside McAfee if you set Microsoft Defen
 > [!NOTE]
 > You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.
 
+## Get updates for Microsoft Defender Antivirus
+
+Keeping Microsoft Defender Antivirus up to date is critical to assure your devices have the latest technology and features needed to protect against new malware and attack techniques, even if Microsoft Defender Antivirus is running in [passive mode](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility).
+
+There are two types of updates related to keeping Microsoft Defender Antivirus up to date:
+- Security intelligence updates
+- Product updates
+
+To get your updates, follow the guidance in [Manage Microsoft Defender Antivirus updates and apply baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus).
+
 ## Add Microsoft Defender ATP to the exclusion list for McAfee
 
 This step of the setup process involves adding Microsoft Defender ATP to the exclusion list for McAfee and any other security products your organization is using. 

From a9f2d72cd6905cb2124707447695fbdda810204f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Sep 2020 15:07:43 -0700
Subject: [PATCH 51/57] Update mcafee-to-microsoft-defender-setup.md

---
 .../mcafee-to-microsoft-defender-setup.md                       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
index bea43bc071..e49e6193d3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -138,7 +138,7 @@ Microsoft Defender Antivirus can run alongside McAfee if you set Microsoft Defen
 
 ## Get updates for Microsoft Defender Antivirus
 
-Keeping Microsoft Defender Antivirus up to date is critical to assure your devices have the latest technology and features needed to protect against new malware and attack techniques, even if Microsoft Defender Antivirus is running in [passive mode](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility).
+Keeping Microsoft Defender Antivirus up to date is critical to assure your devices have the latest technology and features needed to protect against new malware and attack techniques, even if Microsoft Defender Antivirus is running in [passive mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility).
 
 There are two types of updates related to keeping Microsoft Defender Antivirus up to date:
 - Security intelligence updates

From 0038b9f7be7930a0864c42cf77fc2fac4e040220 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 16 Sep 2020 09:36:05 -0700
Subject: [PATCH 52/57] Update manage-auto-investigation.md

---
 .../manage-auto-investigation.md              | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index 93be6e31f7..9c0685559d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -1,5 +1,5 @@
 ---
-title: Review and approve actions following automated investigations in the Microsoft Defender Security Center
+title: Review and approve remediation actions following automated investigations in the Microsoft Defender Security Center
 description: Review and approve (or reject) remediation actions following an automated investigation.
 keywords: autoir, automated, investigation, detection, dashboard, source, threat types, id, tags, devices, duration, filter export
 search.product: eADQiWindows 10XVcnh
@@ -18,21 +18,25 @@ ms.topic: conceptual
 ms.date: 09/15/2020
 ---
 
-# Review and approve actions following an automated investigation
+# Review and approve remediation actions following an automated investigation
 
 ## Remediation actions
 
-When an [automated investigation](automated-investigations.md) runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. 
+When an [automated investigation](automated-investigations.md) runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on
+- the type of threat, 
+- the resulting verdict, and 
+- how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, 
+remediation actions can occur automatically or only upon approval by your organization’s security operations team. 
 
-Depending on the type of threat, the resulting verdict, and how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, remediation actions can occur automatically or only upon approval by your organization’s security operations team. Here are a few examples:
+Here are a few examples:
 
-- Example 1: Fabrikam's device groups are set to **Full - remediate threats automatically** (this is the recommended setting). In this case, remediation actions are taken automatically for artifacts that are considered to be malicious. (See [Review completed actions](#review-completed-actions).)
+- Example 1: Fabrikam's device groups are set to **Full - remediate threats automatically** (this is the recommended setting). In this case, remediation actions are taken automatically for artifacts that are considered to be malicious following an automated investigation. (See [Review completed actions](#review-completed-actions).)
 
-- Example 2: Contoso's devices are included in a device group that is set for **Semi - require approval for any remediation**. In this case, Contoso's security operations team must review and approve all remediation actions. (See [Review pending actions](#review-pending-actions).)
+- Example 2: Contoso's devices are included in a device group that is set for **Semi - require approval for any remediation**. In this case, Contoso's security operations team must review and approve all remediation actions following an automated investigation. (See [Review pending actions](#review-pending-actions).)
 
 - Example 3: Tailspin Toys has their device groups set to **No automated response** (this is not recommended). In this case, automated investigations do not occur. As a result, no remediation actions are taken or pending, and no actions are logged in the [Action center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center#the-action-center) for their devices. (See [Manage device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups#manage-device-groups))
 
-Whether taken automatically or upon approval, remediation actions include the following:
+Whether taken automatically or upon approval, remediation actions following an automated investigation include the following:
 - Quarantine a file
 - Remove a registry key 
 - Kill a process 
@@ -55,6 +59,7 @@ The following table summarizes remediation actions following an automated invest
 |**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval. <br/><br/>If the artifact is a file or executable that *is* in a temporary folder, remediation actions are taken automatically.  |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [Review completed actions](#review-completed-actions).  |
 |**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval. |[Approve (or reject) pending actions](#review-pending-actions).  | 
 |Any of the **Full** or **Semi** automation levels |A verdict of *No threats found* is reached for a piece of evidence. <br/><br/>No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). |
+|**No automated response** (this is not recommended)|No automated investigations run, so no verdicts are reached, and no remediation actions are taken or awaiting approval. |[Consider setting up or changing your device groups to use **Full** or **Semi** automation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) |
 
 In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and viewable in the Microsoft Defender Security Center](#review-completed-actions).
 

From f122567282487301f2c4a4a151981c348160f9f5 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 16 Sep 2020 09:36:43 -0700
Subject: [PATCH 53/57] Update manage-auto-investigation.md

---
 .../microsoft-defender-atp/manage-auto-investigation.md     | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index 9c0685559d..e7b2094044 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -22,10 +22,14 @@ ms.date: 09/15/2020
 
 ## Remediation actions
 
-When an [automated investigation](automated-investigations.md) runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on
+When an [automated investigation](automated-investigations.md) runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. 
+
+Depending on
+
 - the type of threat, 
 - the resulting verdict, and 
 - how your organization's [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) are configured, 
+
 remediation actions can occur automatically or only upon approval by your organization’s security operations team. 
 
 Here are a few examples:

From fe87a002e0d8bf9b947c931e08202fb3571919ad Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 16 Sep 2020 09:38:07 -0700
Subject: [PATCH 54/57] Update manage-auto-investigation.md

---
 .../manage-auto-investigation.md                   | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index e7b2094044..2b613f1c5c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -55,14 +55,14 @@ The following table summarizes remediation actions following an automated invest
 
 |Device group setting | Automated investigation results | What to do |
 |:---|:---|:---|
-|**Full - remediate threats automatically** (this is the recommended setting) |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>Appropriate remediation actions are taken automatically. |[Review completed actions](#review-completed-actions). |
-|**Full - remediate threats automatically** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval to proceed. | [Approve (or reject) pending actions](#review-pending-actions). |
-|**Semi - require approval for any remediation**  |A verdict of either *Malicious* or *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval to proceed.  |[Approve (or reject) pending actions](#review-pending-actions). |
-|**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable and is in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval. <br/><br/>If the artifact is *not* in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [Review completed actions](#review-completed-actions). |
+|**Full - remediate threats automatically** (this is the recommended setting) |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>Appropriate remediation actions are taken automatically. |[Review completed actions](#review-completed-actions) |
+|**Full - remediate threats automatically** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval to proceed. | [Approve (or reject) pending actions](#review-pending-actions) |
+|**Semi - require approval for any remediation**  |A verdict of either *Malicious* or *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval to proceed.  |[Approve (or reject) pending actions](#review-pending-actions) |
+|**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable and is in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval. <br/><br/>If the artifact is *not* in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions)<br/><br/>2. [Review completed actions](#review-completed-actions) |
 |**Semi - require approval for core folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval.  |[Approve (or reject) pending actions](#review-pending-actions).|
-|**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval. <br/><br/>If the artifact is a file or executable that *is* in a temporary folder, remediation actions are taken automatically.  |1. [Approve (or reject) pending actions](#review-pending-actions).<br/><br/>2. [Review completed actions](#review-completed-actions).  |
-|**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval. |[Approve (or reject) pending actions](#review-pending-actions).  | 
-|Any of the **Full** or **Semi** automation levels |A verdict of *No threats found* is reached for a piece of evidence. <br/><br/>No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center). |
+|**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence. <br/><br/>If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval. <br/><br/>If the artifact is a file or executable that *is* in a temporary folder, remediation actions are taken automatically.  |1. [Approve (or reject) pending actions](#review-pending-actions)<br/><br/>2. [Review completed actions](#review-completed-actions)  |
+|**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence. <br/><br/>Remediation actions are pending approval. |[Approve (or reject) pending actions](#review-pending-actions)  | 
+|Any of the **Full** or **Semi** automation levels |A verdict of *No threats found* is reached for a piece of evidence. <br/><br/>No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center) |
 |**No automated response** (this is not recommended)|No automated investigations run, so no verdicts are reached, and no remediation actions are taken or awaiting approval. |[Consider setting up or changing your device groups to use **Full** or **Semi** automation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) |
 
 In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and viewable in the Microsoft Defender Security Center](#review-completed-actions).

From e2f4801e853925e4a68e7bf6ffe635fff8af932b Mon Sep 17 00:00:00 2001
From: mapalko <mapalko@microsoft.com>
Date: Wed, 16 Sep 2020 11:29:49 -0700
Subject: [PATCH 55/57] Updated Key-Trust RDP in FAQ and TOC

---
 .../identity-protection/hello-for-business/hello-faq.md         | 2 +-
 windows/security/identity-protection/hello-for-business/toc.md  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.md b/windows/security/identity-protection/hello-for-business/hello-faq.md
index 390355cb33..e6d36e6967 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.md
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.md
@@ -28,7 +28,7 @@ Windows Hello for Business is the modern, two-factor credential for Windows 10.
 Microsoft is committed to its vision of a <u>world without passwords.</u> We recognize the *convenience* provided by convenience PIN, but it stills uses a password for authentication.  Microsoft recommends customers using Windows 10 and convenience PINs should move to Windows Hello for Business.  New Windows 10 deployments should deploy Windows Hello for Business and not convenience PINs.  Microsoft will be deprecating convenience PINs in the future and will publish the date early to ensure customers have adequate lead time to deploy Windows Hello for Business. 
 
 ## Can I use Windows Hello for Business key trust and RDP?
-RDP currently does not support key based authentication and does not support self signed certificates. RDP with Windows Hello for Business is currently only supported with certificate based deployments.
+RDP currently does not support using key based authentication and self signed certificates as supplied credentials. RDP with supplied credentials Windows Hello for Business is currently only supported with certificate based deployments. Windows Hello for Business key trust can be used with [Windows Defender Remote Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/remote-credential-guard).
 
 ## Can I deploy Windows Hello for Business using Microsoft Endpoint Configuration Manager?
 Windows Hello for Business deployments using Configuration Manager should use the hybrid deployment model that uses Active Directory Federation Services. Starting in Configuration Manager version 1910, certificate-based authentication with Windows Hello for Business settings isn't supported. Key-based authentication is still valid with Configuration Manager. For more information, see [Windows Hello for Business settings in Configuration Manager](https://docs.microsoft.com/configmgr/protect/deploy-use/windows-hello-for-business-settings).
diff --git a/windows/security/identity-protection/hello-for-business/toc.md b/windows/security/identity-protection/hello-for-business/toc.md
index 3fe33458fc..8ec19c126f 100644
--- a/windows/security/identity-protection/hello-for-business/toc.md
+++ b/windows/security/identity-protection/hello-for-business/toc.md
@@ -16,10 +16,10 @@
 
 ## [How Windows Hello for Business works](hello-how-it-works.md)
 ### [Technical Deep Dive](hello-how-it-works.md#technical-deep-dive)
-#### [Technology and Terminology](hello-how-it-works-technology.md)
 #### [Device Registration](hello-how-it-works-device-registration.md)
 #### [Provisioning](hello-how-it-works-provisioning.md)
 #### [Authentication](hello-how-it-works-authentication.md)
+#### [Technology and Terminology](hello-how-it-works-technology.md)
 
 ## [Planning a Windows Hello for Business Deployment](hello-planning-guide.md)
 

From f083c2e6b9a46a806ce845b5f1b1c63fc2ad73d4 Mon Sep 17 00:00:00 2001
From: mapalko <mapalko@microsoft.com>
Date: Wed, 16 Sep 2020 12:13:06 -0700
Subject: [PATCH 56/57] Add Passwordless Wizard to Planning Documentation

---
 .../hello-for-business/hello-planning-guide.md                | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
index 3fff407e34..9b11a04076 100644
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@@ -13,7 +13,7 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: conceptual
-ms.date: 08/19/2018
+ms.date: 09/16/2020
 ms.reviewer: 
 ---
 # Planning a Windows Hello for Business Deployment
@@ -25,6 +25,8 @@ Congratulations! You are taking the first step forward in helping move your orga
 
 This guide explains the role of each component within Windows Hello for Business and how certain deployment decisions affect other aspects of the infrastructure. Armed with your planning worksheet, you'll use that information to select the correct deployment guide for your needs.
 
+If you have an Azure tenant, you can use our online, interactive Passwordless Wizard which walks through the same choices instead of using our manual guide below. The Passwordless Wizard is available in the [Microsoft 365 admin center](https://admin.microsoft.com/AdminPortal/Home#/modernonboarding/passwordlesssetup).
+
 ## Using this guide
 
 There are many options from which you can choose when deploying Windows Hello for Business. Providing multiple options ensures nearly every organization can deploy Windows Hello for Business. Providing many options makes the deployment appear complex, however, most organization will realize they've already implemented most of the infrastructure on which the Windows Hello for Business deployment depends. It is important to understand that Windows Hello for Business is a distributed system and does take proper planning across multiple teams within an organization.

From 08bebdcdd5b4ad1eaae5d3e125b741bc7f6eb4db Mon Sep 17 00:00:00 2001
From: mapalko <mapalko@microsoft.com>
Date: Wed, 16 Sep 2020 13:00:40 -0700
Subject: [PATCH 57/57] Fix additional references for Key trust RDP

---
 .../hello-for-business/hello-deployment-guide.md            | 2 +-
 .../hello-for-business/hello-feature-remote-desktop.md      | 6 +++---
 .../hello-for-business/hello-overview.md                    | 3 +--
 .../hello-for-business/hello-planning-guide.md              | 2 +-
 4 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
index 13c1e99b51..f3f064b1d1 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
@@ -52,7 +52,7 @@ The trust model determines how you want users to authenticate to the on-premises
 * The certificate trust model also supports enterprises which are not ready to deploy Windows Server 2016 Domain Controllers.
 
 > [!NOTE]
-> Remote Desktop Protocol (RDP) does not support authentication with Windows Hello for Business key trust deployments. RDP is only supported with certificate trust deployments at this time. See [Remote Desktop](hello-feature-remote-desktop.md) to learn more.
+> RDP does not support authentication with Windows Hello for Business key trust deployments as a supplied credential. RDP is only supported with certificate trust deployments as a supplied credential at this time. Windows Hello for Business key trust can be used with [Windows Defender Remote Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/remote-credential-guard).
 
 Following are the various deployment guides and models included in this topic:
 - [Hybrid Azure AD Joined Key Trust Deployment](hello-hybrid-key-trust.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
index e1cf05225a..0ebcd33ec5 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
@@ -13,7 +13,7 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
-ms.date: 09/09/2019
+ms.date: 09/16/2020
 ms.reviewer: 
 ---
 
@@ -27,9 +27,9 @@ ms.reviewer:
 - Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices
 - Certificate trust deployments
 
-Windows Hello for Business supports using a certificate deployed to a WHFB container to a remote desktop to a server or another device. This functionality is not supported for key trust deployments. This feature takes advantage of the redirected smart card capabilities of the remote desktop protocol.
+Windows Hello for Business supports using a certificate deployed to a Windows Hello for Business container as a supplied credential to establish a remote desktop connection to a server or another device. This functionality is not supported for key trust deployments. This feature takes advantage of the redirected smart card capabilities of the remote desktop protocol. Windows Hello for Business key trust can be used with [Windows Defender Remote Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/remote-credential-guard).
 
-Microsoft continues to investigate supporting this feature for key trust deployments in a future release.
+Microsoft continues to investigate supporting using keys trust for supplied credentials in a future release.
 
 ## Remote Desktop with Biometrics
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md
index 5d10205e13..80d8f81611 100644
--- a/windows/security/identity-protection/hello-for-business/hello-overview.md
+++ b/windows/security/identity-protection/hello-for-business/hello-overview.md
@@ -94,8 +94,7 @@ For details, see [How Windows Hello for Business works](hello-how-it-works.md).
 
 Windows Hello for Business can use either keys (hardware or software) or certificates in hardware or software. Enterprises that have a public key infrastructure (PKI) for issuing and managing end user certificates can continue to use PKI in combination with Windows Hello. Enterprises that do not use PKI or want to reduce the effort associated with managing user certificates can rely on key-based credentials for Windows Hello but still use certificates on their domain controllers as a root of trust.
 
-Windows Hello for Business with a key does not support RDP. RDP does not support authentication with a key or a self signed certificate. RDP with Windows Hello for Business is supported with certificate based deployments.
-
+Windows Hello for Business with a key does not support supplied credentials for RDP. RDP does not support authentication with a key or a self signed certificate. RDP with Windows Hello for Business is supported with certificate based deployments as a supplied credential. Windows Hello for Business key trust can be used with [Windows Defender Remote Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/remote-credential-guard).
 
 ## Learn more
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
index 9b11a04076..1f28723cc9 100644
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@@ -93,7 +93,7 @@ The key trust type does not require issuing authentication certificates to end u
 The certificate trust type issues authentication certificates to end users.  Users authenticate using a certificate requested using a hardware-bound key created during the built-in provisioning experience.  Unlike key trust, certificate trust does not require Windows Server 2016 domain controllers (but still requires [Windows Server 2016 or later Active Directory schema](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs#directories)).  Users can use their certificate to authenticate to any Windows Server 2008 R2, or later, domain controller.
 
 > [!NOTE]
-> RDP does not support authentication with Windows Hello for Business key trust deployments. RDP is only supported with certificate trust deployments at this time.
+> RDP does not support authentication with Windows Hello for Business key trust deployments as a supplied credential. RDP is only supported with certificate trust deployments as a supplied credential at this time. Windows Hello for Business key trust can be used with [Windows Defender Remote Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/remote-credential-guard).
 
 #### Device registration