updates

2025-05-12 13:27:23 +00:00 · 2019-05-14 16:04:46 -07:00 · 2019-05-14 16:04:46 -07:00 · f1342918c5
commit f1342918c5
parent f9cf05f096
30 changed files with 59 additions and 612 deletions
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-custom-ti.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-custom-ti.md
@ -25,7 +25,7 @@ ms.topic: article
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 >[!TIP]
->This topic has been deprecated. See [Indicators](ti-indicator-windows-defender-advanced-threat-protection-new.md) for the updated content.
+>This topic has been deprecated. See [Indicators](ti-indicator.md) for the updated content.
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-enablecustomti-abovefoldlink) 
--- a/windows/security/threat-protection/microsoft-defender-atp/get-started.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-started.md
@ -31,6 +31,9 @@ Learn about the minimum requirements and initial steps you need to take to get s
 The following capabilities are available across multiple products that make up the Microsoft Defender ATP platform.
 **Threat & Vulnerability Management**<br>
 Effectively identifying, assessing, and remediating endpoint weaknesses is pivotal in running a healthy security program and reducing organizational risk. This infrastructure correlates endpoint detection and response (EDR) insights with endpoint vulnerabilities real-time, thus reducing organizational vulnerability exposure and increasing threat resilience. 
 **Attack surface reduction**<br>
 The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations. 
@ -46,6 +49,9 @@ In conjunction with being able to quickly respond to advanced attacks, Microsoft
 **Secure score**<br>
 Microsoft Defender ATP provides a security posture capability to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security state of your network.
 **Microsoft Threat Experts**<br>
 Microsoft Threat Experts is the new managed threat hunting service in Microsoft Defender ATP that provides proactive hunting, prioritization, and additional context and insights that further empower security operations centers (SOCs) to identify and respond to threats quickly and accurately. It provides additional layer of expertise and optics that Microsoft customers can utilize to augment security operation capabilities as part of Microsoft 365.
 **Advanced hunting**<br>
 Advanced hunting allows you to hunt for possible threats across your organization using a powerful search and query tool. You can also create custom detection rules based on the queries you created and surface alerts in Microsoft Defender Security Center. 
--- a/windows/security/threat-protection/microsoft-defender-atp/images/MTE_applicationconfirmation.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/MTE_applicationconfirmation.png
--- a/windows/security/threat-protection/microsoft-defender-atp/images/MTE_apply.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/MTE_apply.png
--- a/windows/security/threat-protection/microsoft-defender-atp/images/MTE_collaboratewithmte.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/MTE_collaboratewithmte.png
--- a/windows/security/threat-protection/microsoft-defender-atp/images/email-notification.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/email-notification.png
--- a/windows/security/threat-protection/microsoft-defender-atp/images/pending-actions.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/pending-actions.png
--- a/windows/security/threat-protection/microsoft-defender-atp/machineaction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machineaction.md
@ -14,7 +14,6 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
 ms.date: 12/08/2017
 ---
 # MachineAction resource type
@ -22,8 +21,6 @@ ms.date: 12/08/2017
 **Applies to:**
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 [!include[Prerelease information](prerelease.md)]
 Method|Return Type |Description
 :---|:---|:---
 [List MachineActions](get-machineactions-collection.md) | [Machine Action](machineaction.md) | List [Machine Action](machineaction.md) entities.
@ -36,8 +33,9 @@ Method|Return Type |Description
 [Remove app restriction](unrestrict-code-execution.md) | [Machine Action](machineaction.md) | Remove application execution restriction.
 [Run antivirus scan](run-av-scan.md) | [Machine Action](machineaction.md) | Run an AV scan using Windows Defender (when applicable).
 [Offboard machine](offboard-machine-api.md)|[Machine Action](machineaction.md) | Offboard [machine](machine.md) from Microsoft Defender ATP.
 <br>
-# Properties
+## Properties
 Property |	Type	|	Description
 :---|:---|:---
 id | Guid | Identity of the [Machine Action](machineaction.md) entity.
@ -49,4 +47,3 @@ machineId | String | Id of the machine on which the action was executed.
 creationDateTimeUtc | DateTimeOffset | The date and time when the action was created.
 lastUpdateTimeUtc | DateTimeOffset | The last date and time when the action status was updated.
 relatedFileInfo | Class | Contains two Properties. 1) string 'fileIdentifier' 2) Enum 'fileIdentifierType' with the possible values: "Sha1" ,"Sha256" and "Md5".
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md
@ -34,5 +34,5 @@ Reporting | Create and build Power BI reports using Microsoft Defender ATP data.
 Check service health and sensor state | Verify that the service is running and check the sensor state on machines.
 [Configure Microsoft Defender Security Center settings](preferences-setup.md) | Configure general settings, turn on the preview experience, notifications, and enable other features.
 [Access the Microsoft Defender ATP Community Center](community.md) | Access the Microsoft Defender ATP Community Center to learn, collaborate, and share experiences about the product.
-[Troubleshoot service issues](troubleshoot-mdatp.md) | This section addresses issues that might arise as you use the Windows Defender Advanced Threat service.
+[Troubleshoot service issues](troubleshoot-mdatp.md) | This section addresses issues that might arise as you use the Microsoft Defender Advanced Threat service.
--- a/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
@ -15,7 +15,6 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual
 ms.date: 04/24/2018
 ---
 # Offboard machines from the Microsoft Defender ATP service
@ -28,7 +27,6 @@ ms.date: 04/24/2018
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-offboardmachines-abovefoldlink)
 Follow the corresponding instructions depending on your preferred deployment method.
@ -44,4 +42,3 @@ Follow the corresponding instructions depending on your preferred deployment met
 ## Offboard non-Windows machines
  - [Offboard non-Windows machines](configure-endpoints-non-windows.md#offboard-non-windows-machines)
--- a/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md
@ -15,7 +15,6 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual
 ms.date: 09/03/2018
 ---
 # Overview of endpoint detection and response
--- a/windows/security/threat-protection/microsoft-defender-atp/overview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/overview.md
@ -1,7 +1,7 @@
 ---
 title: Overview of Microsoft Defender ATP 
-description: 
+description: Understand the concepts behind the capabilities in Microsoft Defender ATP so you take full advantage of the complete threat protection platform
-keywords: 
+keywords: atp, microsoft defender atp, defender, mdatp, threat protection, platform, threat, vulnerability, asr, attack, surface, reduction, next-gen, protection, edr, endpoint, detection, response, automated, air
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@ -15,7 +15,6 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual
 ms.date: 11/20/2018
 ---
 # Overview of Microsoft Defender ATP capabilities
@ -33,16 +32,14 @@ Understand the concepts behind the capabilities in Microsoft Defender ATP so you
 Topic | Description
 :---|:---
 [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) | Reduce organizational vulnerability exposure and increase threat resilience while seamlessly connecting workflows across security stakeholders—security administrators, security operations, and IT administrators in remediating threats.
 [Attack surface reduction](overview-attack-surface-reduction.md) | Leverage the attack surface reduction capabilities to protect the perimeter of your organization.
 [Next generation protection](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) | Learn about the antivirus capabilities in Microsoft Defender ATP so you can protect desktops, portable computers, and servers.
 [Endpoint detection and response](overview-endpoint-detection-response.md) | Understand how Microsoft Defender ATP continuously monitors your organization for possible attacks against systems, networks, or users in your organization and the features you can use to mitigate and remediate threats.
 [Automated investigation and remediation](automated-investigations.md) | In conjunction with being able to quickly respond to advanced attacks, Microsoft Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.
 [Secure score](overview-secure-score.md) | Quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to better protect your organization - all in one place.
 [Microsoft Threat Experts](microsoft-threat-experts.md) | Managed cybersecurity threat hunting service. Learn how you can get expert-driven insights and data through targeted attack notification and access to experts on demand.
 [Advanced hunting](overview-hunting.md) |  Use a powerful search and query language to create custom queries and detection rules.
 [Management and APIs](management-apis.md) | Microsoft Defender ATP supports a wide variety of tools to help you manage and interact with the platform so that you can integrate the service into your existing workflows.
 [Microsoft Threat Protection](threat-protection-integration.md) | Microsoft security products work better together. Learn about other security capabilities in the Microsoft threat protection stack. 
 [Portal overview](portal-overview.md) |Learn to navigate your way around Microsoft Defender Security Center.
--- a/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md
@ -15,15 +15,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
 ms.date: 04/24/2018
 ---
 # Turn on the preview experience in Microsoft Defender ATP
 **Applies to:**
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-previewsettings-abovefoldlink)
 Turn on the preview experience setting to be among the first to try upcoming features.
--- a/windows/security/threat-protection/microsoft-defender-atp/preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md
@ -22,8 +22,6 @@ ms.topic: conceptual
 **Applies to:**
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 The Microsoft Defender ATP service is constantly being updated to include new feature enhancements and capabilities.
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-preview-abovefoldlink) 
@ -43,6 +41,28 @@ Turn on the preview experience setting to be among the first to try upcoming fea
 2. Toggle the setting between **On** and **Off** and select **Save preferences**.
 ## Preview features
 The following features are included in the preview release:
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-preview-belowfoldlink)  
+- [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/next-gen-threat-and-vuln-mgt) <BR> A new built-in capability that uses a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.
 - [Machine health and compliance report](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/machine-reports-windows-defender-advanced-threat-protection)  The machine health and compliance report provides high-level information about the devices in your organization.
 - [Information protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview)<BR>
 Information protection is an integral part of Microsoft 365 Enterprise suite, providing intelligent protection to keep sensitive data secure while enabling productivity in the workplace.
 Windows Defender ATP is seamlessly integrated in Microsoft Threat Protection to provide a complete and comprehensive data loss prevention (DLP) solution for Windows devices.
    >[!NOTE]
    >Partially available from Windows 10, version 1809.
 - [Integration with Microsoft Cloud App Security](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration) <BR> Microsoft Cloud App Security leverages Windows Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Windows Defender ATP monitored machines.
    >[!NOTE]
    >Available from Windows 10, version 1809 or later.
 - [Onboard Windows Server 2019](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#windows-server-version-1803-and-windows-server-2019) <BR> Windows Defender ATP now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client machines. 
 - [Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) <br>
 Windows Defender ATP makes it easy to create a Power BI dashboard by providing an option straight from the portal. 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-preview-belowfoldlink)  
--- a/windows/security/threat-protection/microsoft-defender-atp/use-apis.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/use-apis.md
@ -1,5 +1,5 @@
 ---
-title: Microsoft Defender ATP Public API 
+title: Microsoft Defender ATP APIs
 description: Use the exposed data and actions using a set of progammatic APIs that are part of the Microsoft Intelligence Security Graph.
 keywords: apis, api, wdatp, open api, windows defender atp api, public api, alerts, machine, user, domain, ip, file
 search.product: eADQiWindows 10XVcnh
@ -14,10 +14,9 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual
 ms.date: 11/28/2018
 ---
-# Microsoft Defender ATP Public API
+# Microsoft Defender ATP APIs
 **Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
@ -26,6 +25,6 @@ ms.date: 11/28/2018
 ## In this section
 Topic | Description
 :---|:---
-[Microsoft Defender ATP API overview](apis-intro.md) | Learn how to access to Microsoft Defender ATP Public API and on which context. 
+[Microsoft Defender ATP API overview](apis-intro.md) | Learn how to access Microsoft Defender ATP APIs.
-[Supported Microsoft Defender ATP APIs](exposed-apis-list.md) | Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses. Examples include APIs for [alert resource type](alerts.md), [domain related alerts](get-domain-related-alerts.md), or even actions such as [isolate machine](isolate-machine.md).
+[Supported Microsoft Defender ATP APIs](exposed-apis-list.md) | Learn more about how you can run API calls to individual supported entities, and details such as HTTP request values, request headers and expected responses. Examples include APIs for [alert resource type](alerts.md), [domain related alerts](get-domain-related-alerts.md), or even actions such as [isolate machine](isolate-machine.md).
 How to use APIs - Samples | Learn how to use Advanced hunting APIs and multiple APIs such as PowerShell. Other examples include [schedule advanced hunting using Microsoft Flow](run-advanced-query-sample-ms-flow.md) or [OData queries](exposed-apis-odata-samples.md).
--- a/windows/security/threat-protection/microsoft-defender-atp/use-custom-ti.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/use-custom-ti.md
@ -18,12 +18,13 @@ ms.topic: article
 ms.date: 04/24/2018
 ---
-# Use the threat intelligence API to create custom alerts
+# Use the threat intelligence API to create custom alerts (Deprecated)
 **Applies to:**
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
+>[!TIP]
 >This topic has been deprecated. See [Indicators](ti-indicator.md) for the updated content.
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-customti-abovefoldlink) 
--- a/windows/security/threat-protection/microsoft-defender-atp/use.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/use.md
@ -15,7 +15,6 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual
 ms.date: 03/12/2018
 ---
 # Overview of Microsoft Defender Security Center
@ -34,7 +33,6 @@ Use the **Secure Score** dashboard to expand your visibility on the overall secu
 Use the **Threat analytics** dashboard to continually assess and control risk exposure to Spectre and Meltdown.
 ### In this section
 Topic | Description
@ -43,5 +41,3 @@ Topic | Description
 [View the Security operations dashboard](security-operations-dashboard.md) | The Microsoft Defender ATP  **Security operations dashboard** provides a snapshot of your network. You can view aggregates of alerts, the overall status of the service of the machines on your network, investigate machines, files, and URLs, and see snapshots of threats seen on machines.
 [View the Secure Score dashboard and improve your secure score](secure-score-dashboard.md) | The **Secure Score dashboard** expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place.
 [View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics.md) | The **Threat analytics** dashboard helps you continually assess and control risk exposure to threats. Use the charts to quickly identify machines for the presence or absence of mitigations.
--- a/windows/security/threat-protection/microsoft-defender-atp/user.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/user.md
@ -14,14 +14,14 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
 ms.date: 12/08/2017
 ---
 # User resource type
 **Applies to:**
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 Method|Return Type |Description
 :---|:---|:---
 [List User related alerts](get-user-related-alerts.md) | [alert](alerts.md) collection |  List all the alerts that are associated with a [user](user.md).
 [List User related machines](get-user-related-machines.md) | [machine](machine.md) collection | List all the machines that were logged on by a [user](user.md).
--- a/windows/security/threat-protection/windows-defender-atp/get-started.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-started.md
@ -1,73 +0,0 @@
 ---
 title: Get started with Windows Defender Advanced Threat Protection
 description: Learn about the minimum requirements and initial steps you need to take to get started with Windows Defender ATP.
 keywords: get started, minimum requirements, setup, subscription, features, data storage, privacy, user access
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual
 ms.date: 11/20/2018
 ---
 # Get started with Windows Defender Advanced Threat Protection
 **Applies to:**
 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 >[!TIP]
 >- Learn about the latest enhancements in Windows Defender ATP: [What's new in Windows Defender ATP](https://cloudblogs.microsoft.com/microsoftsecure/2018/11/15/whats-new-in-windows-defender-atp/).
 >- Windows Defender ATP demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/).
 Learn about the minimum requirements and initial steps you need to take to get started with Windows Defender ATP.
 The following capabilities are available across multiple products that make up the Windows Defender ATP platform. 
 **Threat & Vulnerability Management**<br>
 Effectively identifying, assessing, and remediating endpoint weaknesses is pivotal in running a healthy security program and reducing organizational risk. This infrastructure correlates endpoint detection and response (EDR) insights with endpoint vulnerabilities real-time, thus reducing organizational vulnerability exposure and increasing threat resilience. 
 **Attack surface reduction**<br>
 The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations. 
 **Next generation protection**<br>
 To further reinforce the security perimeter of your network, Windows Defender ATP uses next generation protection designed to catch all types of emerging threats.
 **Endpoint detection and response**<br>
 Endpoint detection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars. 
 **Auto investigation and remediation**<br>
 In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. 
 **Secure score**<br>
 Windows Defender ATP provides a security posture capability to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security state of your network.
 **Microsoft Threat Experts**<br>
 Microsoft Threat Experts is the new managed threat hunting service in Windows Defender ATP that provides proactive hunting, prioritization, and additional context and insights that further empower security operations centers (SOCs) to identify and respond to threats quickly and accurately. It provides additional layer of expertise and optics that Microsoft customers can utilize to augment security operation capabilities as part of Microsoft 365.
 **Advanced hunting**<br>
 Advanced hunting allows you to hunt for possible threats across your organization using a powerful search and query tool. You can also create custom detection rules based on the queries you created and surface alerts in Windows Defender Security Center. 
 **Management and APIs**<br>
 Integrate Windows Defender Advanced Threat Protection into your existing workflows.
 **Microsoft threat protection**<br>
 Bring the power of Microsoft Threat Protection to your organization.
 ## In this section 
 Topic | Description 
 :---|:---
 [Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md) | Learn about the requirements for onboarding machines to the platform. 
 [Validate licensing and complete setup](licensing-windows-defender-advanced-threat-protection.md) | Get guidance on how to check that licenses have been provisioned to your organization and how to access the portal for the first time.
 [Preview features](preview-windows-defender-advanced-threat-protection.md) | Learn about new features in the Windows Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience.
 [Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md) | Explains the data storage and privacy details related to Windows Defender ATP.
 [Assign user access to the portal](assign-portal-access-windows-defender-advanced-threat-protection.md) | Set permissions to manage who can access the portal. You can set basic permissions or set granular permissions using role-based access control (RBAC).
 [Evaluate Windows Defender ATP](evaluate-atp.md) | Evaluate the various capabilities in Windows Defender ATP and test features out.
 [Access the Windows Defender Security Center Community Center](community-windows-defender-advanced-threat-protection.md) | The Windows Defender ATP Community Center is a place where community members can learn, collaborate, and share experiences about the product. 
--- a/windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md
@ -1,48 +0,0 @@
 ---
 title: machineAction resource type
 description: Retrieves top recent machineActions.
 keywords: apis, supported apis, get, machineaction, recent
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
 ---
 # MachineAction resource type
 **Applies to:**
 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 Method|Return Type |Description
 :---|:---|:---
 [List MachineActions](get-machineactions-collection-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | List [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entities.
 [Get MachineAction](get-machineaction-object-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Get a single [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entity.
 [Collect investigation package](collect-investigation-package-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Collect investigation package from a [machine](machine-windows-defender-advanced-threat-protection-new.md).
 [Get investigation package SAS URI](get-package-sas-uri-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Get URI for downloading the investigation package.
 [Isolate machine](isolate-machine-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Isolate [machine](machine-windows-defender-advanced-threat-protection-new.md) from network.
 [Release machine from isolation](unisolate-machine-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Release [machine](machine-windows-defender-advanced-threat-protection-new.md) from Isolation.
 [Restrict app execution](restrict-code-execution-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Restrict application execution.
 [Remove app restriction](unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Remove application execution restriction.
 [Run antivirus scan](run-av-scan-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Run an AV scan using Windows Defender (when applicable).
 [Offboard machine](offboard-machine-api-windows-defender-advanced-threat-protection-new.md)|[Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Offboard [machine](machine-windows-defender-advanced-threat-protection-new.md) from Windows Defender ATP.
 # Properties
 Property |	Type	|	Description
 :---|:---|:---
 id | Guid | Identity of the [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entity.
 type | Enum | Type of the action. Possible values are: "RunAntiVirusScan", "Offboard", "CollectInvestigationPackage", "Isolate", "Unisolate", "StopAndQuarantineFile", "RestrictCodeExecution" and "UnrestrictCodeExecution"
 requestor | String | Identity of the person that executed the action.
 requestorComment | String | Comment that was written when issuing the action.
 status | Enum | Current status of the command. Possible values are: "Pending", "InProgress", "Succeeded", "Failed", "TimeOut" and "Cancelled".
 machineId | String | Id of the machine on which the action was executed.
 creationDateTimeUtc | DateTimeOffset | The date and time when the action was created.
 lastUpdateTimeUtc | DateTimeOffset | The last date and time when the action status was updated.
 relatedFileInfo | Class | Contains two Properties. 1) string 'fileIdentifier' 2) Enum 'fileIdentifierType' with the possible values: "Sha1" ,"Sha256" and "Md5".
--- a/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md
@ -1,46 +0,0 @@
 ---
 title: Offboard machines from the Windows Defender ATP service
 description: Onboard Windows 10 machines, servers, non-Windows machines from the Windows Defender ATP service
 keywords: offboarding, windows defender advanced threat protection offboarding, windows atp offboarding
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual
 ---
 # Offboard machines from the Windows Defender ATP service
 **Applies to:**
 - macOS
 - Linux
 - Windows Server 2012 R2
 - Windows Server 2016
 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-offboardmachines-abovefoldlink)
 Follow the corresponding instructions depending on your preferred deployment method.
 ## Offboard Windows 10 machines
  - [Offboard machines using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md#offboard-machines-using-a-local-script)
  - [Offboard machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md#offboard-machines-using-group-policy)
  - [Offboard machines using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md#offboard-machines-using-system-center-configuration-manager)
  - [Offboard machines using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#offboard-and-monitor-machines-using-mobile-device-management-tools)
 ## Offboard Servers
  - [Offboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md#offboard-servers)
 ## Offboard non-Windows machines
  - [Offboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md#offboard-non-windows-machines)
--- a/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response.md
+++ b/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response.md
@ -1,42 +0,0 @@
 ---
 title: Overview of endpoint detection and response capabilities
 description: Learn about the endpoint detection and response capabilities in Windows Defender ATP
 keywords: 
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual
 ---
 # Overview of endpoint detection and response
 **Applies to:**
 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 Windows Defender ATP endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats.
 When a threat is detected, alerts are created in the system for an analyst to investigate. Alerts with the same attack techniques or attributed to the same attacker are aggregated into an entity called an _incident_. Aggregating alerts in this manner makes it easy for analysts to collectively investigate and respond to threats.
 Inspired by the "assume breach" mindset, Windows Defender ATP continuously collects behavioral cyber telemetry. This includes process information, network activities, deep optics into the kernel and memory manager, user login activities, registry and file system changes, and others. The information is stored for six months, enabling an analyst to travel back in time to the start of an attack. The analyst can then pivot in various views and approach an investigation through multiple vectors.
 The response capabilities give you the power to promptly remediate threats by acting on the affected entities.
 ## In this section
 Topic | Description
 :---|:---
 [Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md) | Explore a high level overview of detections, highlighting where response actions are needed.
 [Incidents queue](incidents-queue.md) | View and organize the incidents queue, and manage and investigate alerts.
 [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md) | View and organize the machine alerts queue, and manage and investigate alerts.
 [Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md) | Investigate machines with generated alerts and search for specific events over time.
 [Take response actions](response-actions-windows-defender-advanced-threat-protection.md) | Learn about the available response actions and apply them to machines and files.
--- a/windows/security/threat-protection/windows-defender-atp/overview.md
+++ b/windows/security/threat-protection/windows-defender-atp/overview.md
@ -1,49 +0,0 @@
 ---
 title: Overview of Windows Defender ATP 
 description: Understand the concepts behind the capabilities in Windows Defender ATP so you take full advantage of the complete threat protection platform
 keywords: atp, microsoft defender atp, defender, mdatp, threat protection, platform, threat, vulnerability, asr, attack, surface, reduction, next-gen, protection, edr, endpoint, detection, response, automated, air
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual
 ---
 # Overview of Windows Defender ATP capabilities
 **Applies to:**
 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 Understand the concepts behind the capabilities in Windows Defender ATP so you take full advantage of the complete threat protection platform. 
 >[!TIP]
 >- Learn about the latest enhancements in Windows Defender ATP: [What's new in Windows Defender ATP](https://cloudblogs.microsoft.com/microsoftsecure/2018/11/15/whats-new-in-windows-defender-atp/).
 >- Windows Defender ATP demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/).
 ## In this section 
 Topic | Description 
 :---|:---
 [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) | Reduce organizational vulnerability exposure and increase threat resilience while seamlessly connecting workflows across security stakeholders—security administrators, security operations, and IT administrators in remediating threats.
 [Attack surface reduction](overview-attack-surface-reduction.md) | Leverage the attack surface reduction capabilities to protect the perimeter of your organization. 
 [Next generation protection](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) | Learn about the antivirus capabilities in Windows Defender ATP so you can protect desktops, portable computers, and servers.
 [Endpoint detection and response](overview-endpoint-detection-response.md) | Understand how Windows Defender ATP continuously monitors your organization for possible attacks against systems, networks, or users in your organization and the features you can use to mitigate and remediate threats.
 [Automated investigation and remediation](automated-investigations-windows-defender-advanced-threat-protection.md) | In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.
 [Secure score](overview-secure-score-windows-defender-advanced-threat-protection.md) | Quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to better protect your organization - all in one place.
 [Microsoft Threat Experts](microsoft-threat-experts.md) | Managed cybersecurity threat hunting service. Learn how you can get expert-driven insights and data through targeted attack notification and access to experts on demand.
 [Advanced hunting](overview-hunting-windows-defender-advanced-threat-protection.md) |  Use a powerful search and query language to create custom queries and detection rules.
 [Management and APIs](management-apis.md) | Windows Defender ATP supports a wide variety of tools to help you manage and interact with the platform so that you can integrate the service into your existing workflows.
 [Microsoft Threat Protection](threat-protection-integration.md) | Microsoft security products work better together. Learn about other security capabilities in the Microsoft threat protection stack.
 [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md) |Learn to navigate your way around Windows Defender Security Center. 
--- a/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md
@ -1,43 +0,0 @@
 ---
 title: Turn on the preview experience in Windows Defender ATP
 description: Turn on the preview experience in Windows Defender Advanced Threat Protection to try upcoming features.
 keywords: advanced features, settings, block file
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
 ---
 # Turn on the preview experience in Windows Defender ATP
 **Applies to:**
 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-previewsettings-abovefoldlink)
 Turn on the preview experience setting to be among the first to try upcoming features.
 1. In the navigation pane, select **Settings** > **Advanced features**.
    ![Image of settings and preview experience](images/atp-preview-features.png)
 2. Toggle the setting between **On** and **Off** and select **Save preferences**.
 ## Related topics
 - [Update general settings in Windows Defender ATP](data-retention-settings-windows-defender-advanced-threat-protection.md)
 - [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md)
 - [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
 - [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
 - [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
 - [Create and build Power BI reports](powerbi-reports-windows-defender-advanced-threat-protection.md)
--- a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
@ -1,74 +0,0 @@
 ---
 title: Windows Defender ATP preview features
 description: Learn how to access Windows Defender Advanced Threat Protection preview features.
 keywords: preview, preview experience, Windows Defender Advanced Threat Protection, features, updates
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual
 ---
 # Windows Defender ATP preview features
 **Applies to:**
 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 The Windows Defender ATP service is constantly being updated to include new feature enhancements and capabilities.
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-preview-abovefoldlink) 
 Learn about new features in the Windows Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience. 
 For more information on capabilities that are generally available, see [What's new in Windows Defender](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp).
 ## Turn on preview features
 You'll have access to upcoming features which you can provide feedback on to help improve the overall experience before features are generally available.
 Turn on the preview experience setting to be among the first to try upcoming features.
 1. In the navigation pane, select **Settings** > **Advanced features** > **Preview features**.
 2. Toggle the setting between **On** and **Off** and select **Save preferences**.
 ## Preview features
 The following features are included in the preview release:
 - [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/next-gen-threat-and-vuln-mgt) <BR> A new built-in capability that uses a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations. 
 - [Machine health and compliance report](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/machine-reports-windows-defender-advanced-threat-protection)  The machine health and compliance report provides high-level information about the devices in your organization. 
 - [Information protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview)<BR>
 Information protection is an integral part of Microsoft 365 Enterprise suite, providing intelligent protection to keep sensitive data secure while enabling productivity in the workplace.
 Windows Defender ATP is seamlessly integrated in Microsoft Threat Protection to provide a complete and comprehensive data loss prevention (DLP) solution for Windows devices.
    >[!NOTE]
    >Partially available from Windows 10, version 1809.
 - [Integration with Microsoft Cloud App Security](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration) <BR> Microsoft Cloud App Security leverages Windows Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Windows Defender ATP monitored machines.
    >[!NOTE]
    >Available from Windows 10, version 1809 or later.
 - [Onboard Windows Server 2019](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#windows-server-version-1803-and-windows-server-2019) <BR> Windows Defender ATP now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client machines. 
 - [Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) <br>
 Windows Defender ATP makes it easy to create a Power BI dashboard by providing an option straight from the portal. 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-preview-belowfoldlink)  
--- a/windows/security/threat-protection/windows-defender-atp/use-apis.md
+++ b/windows/security/threat-protection/windows-defender-atp/use-apis.md
@ -1,31 +0,0 @@
 ---
 title: Windows Defender ATP APIs 
 description: Use the exposed data and actions using a set of progammatic APIs that are part of the Microsoft Intelligence Security Graph.
 keywords: apis, api, wdatp, open api, windows defender atp api, public api, alerts, machine, user, domain, ip, file
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual
 ---
 # Windows Defender ATP APIs
 **Applies to:** 
 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 > Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## In this section
 Topic | Description
 :---|:---
 [Windows Defender ATP API overview](apis-intro.md) | Learn how to access to Windows Defender ATP Public API and on which context. 
 [Supported Windows Defender ATP APIs](exposed-apis-list.md) | Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses. Examples include APIs for [alert resource type](alerts-windows-defender-advanced-threat-protection-new.md), [domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md), or even actions such as [isolate machine](isolate-machine-windows-defender-advanced-threat-protection-new.md).
 How to use APIs - Samples | Learn how to use Advanced hunting APIs and multiple APIs such as PowerShell. Other examples include [schedule advanced hunting using Microsoft Flow](run-advanced-query-sample-ms-flow.md) or [OData queries](exposed-apis-odata-samples.md).
--- a/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md
@ -1,44 +0,0 @@
 ---
 title: Use the custom threat intelligence API to create custom alerts
 description: Use the threat intelligence API in Windows Defender Advanced Threat Protection to create custom alerts
 keywords: threat intelligence, alert definitions, indicators of compromise
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
 ---
 # Use the threat intelligence API to create custom alerts (Deprecated)
 **Applies to:**
 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 >[!TIP]
 >This topic has been deprecated. See [Indicators](ti-indicator-windows-defender-advanced-threat-protection-new.md) for the updated content.
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-customti-abovefoldlink) 
 Understand threat intelligence concepts, then enable the custom threat intelligence application so that you can proceed to create custom threat intelligence alerts that are specific to your organization.
 You can use the code examples to guide you in creating calls to the custom threat intelligence API.
 ## In this section
 Topic | Description
 :---|:---
 [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) |  Understand the concepts around threat intelligence so that you can effectively create custom intelligence for your organization.
 [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md) | Set up the custom threat intelligence application through Windows Defender Security Center so that you can create custom threat intelligence (TI) using REST API.
 [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md) | Create custom threat intelligence alerts so that you can generate specific alerts that are applicable to your organization.
 [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md) | Use the PowerShell code examples to guide you in using the custom threat intelligence API.
 [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md) | Use the Python code examples to guide you in using the custom threat intelligence API.
 [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md) | This article demonstrates an end-to-end usage of the threat intelligence API to get you started in using the threat intelligence API.
 [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) | Learn how to address possible issues you might encounter while using the threat intelligence API.
--- a/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
@ -1,46 +0,0 @@
 ---
 title: Overview of Windows Defender Security Center
 description: Learn about the features on Windows Defender Security Center, including how alerts work, and suggestions on how to investigate possible breaches and attacks.
 keywords: dashboard, alerts queue, manage alerts, investigation, investigate alerts, investigate machines, submit files, deep analysis, high, medium, low, severity, ioc, ioa
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual
 ---
 # Overview of Windows Defender Security Center
 **Applies to:**
 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-usewdatp-abovefoldlink) 
 Windows Defender Security Center is the portal where you can access Windows Defender Advanced Threat Protection capabilities. 
 Use the **Security operations** dashboard to gain insight on the various alerts on machines and users in your network.
 Use the **Secure Score** dashboard to expand your visibility on the overall security posture of your organization. You'll see machines that require attention and recommendations that can help you reduce the attack surface in your organization.
 Use the **Threat analytics** dashboard to continually assess and control risk exposure to Spectre and Meltdown. 
 ### In this section
 Topic | Description
 :---|:---
 [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md) | Understand the portal layout and area descriptions.
 [View the Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md) | The Windows Defender ATP  **Security operations dashboard** provides a snapshot of your network. You can view aggregates of alerts, the overall status of the service of the machines on your network, investigate machines, files, and URLs, and see snapshots of threats seen on machines.
 [View the Secure Score dashboard and improve your secure score](secure-score-dashboard-windows-defender-advanced-threat-protection.md) | The **Secure Score dashboard** expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place.
 [View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md) | The **Threat analytics** dashboard helps you continually assess and control risk exposure to Spectre and Meltdown. Use the charts to quickly identify machines for the presence or absence of mitigations.
--- a/windows/security/threat-protection/windows-defender-atp/user-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/user-windows-defender-advanced-threat-protection-new.md
@ -1,28 +0,0 @@
 ---
 title: File resource type
 description: Retrieves top recent alerts.
 keywords: apis, graph api, supported apis, get, alerts, recent
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
 ---
 # User resource type
 **Applies to:**
 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 Method|Return Type |Description
 :---|:---|:---
 [List User related alerts](get-user-related-alerts-windows-defender-advanced-threat-protection-new.md) | [alert](alerts-windows-defender-advanced-threat-protection-new.md) collection |  List all the alerts that are associated with a [user](user-windows-defender-advanced-threat-protection-new.md).
 [List User related machines](get-user-related-machines-windows-defender-advanced-threat-protection-new.md) | [machine](machine-windows-defender-advanced-threat-protection-new.md) collection | List all the machines that were logged on by a [user](user-windows-defender-advanced-threat-protection-new.md).
--- a/windows/security/threat-protection/windows-defender-atp/windows-defender-security-center-atp.md
+++ b/windows/security/threat-protection/windows-defender-atp/windows-defender-security-center-atp.md
@ -1,38 +0,0 @@
 ---
 title: Windows Defender Security Center
 description: Windows Defender Security Center is the portal where you can access Windows Defender Advanced Threat Protection.
 keywords: windows, defender, security, center, defender, advanced, threat, protection
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual
 ---
 # Windows Defender Security Center
 Windows Defender Security Center is the portal where you can access Windows Defender Advanced Threat Protection capabilities. It gives enterprise security operations teams a single pane of glass experience to help secure networks.
 ## In this section
 Topic | Description
 :---|:---
 Get started  |  Learn about the minimum requirements, validate licensing and complete setup, know about preview features, understand data storage and privacy, and how to assign user access to the portal.
 [Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md) | Learn about onboarding client, server, and non-Windows machines. Learn how to run a detection test, configure proxy and Internet connectivity settings, and how to troubleshoot potential onboarding issues.
 [Understand the portal](use-windows-defender-advanced-threat-protection.md) | Understand the Security operations, Secure Score, and Threat analytics dashboards as well as how to navigate the portal.
 Investigate and remediate threats | Investigate alerts, machines, and take response actions to remediate threats.
 API and SIEM support | Use the supported APIs to pull and create custom alerts, or automate workflows. Use the supported SIEM tools to pull alerts from Windows Defender Security Center.
 Reporting | Create and build Power BI reports using Windows Defender ATP data.
 Check service health and sensor state | Verify that the service is running and check the sensor state on machines.
 [Configure Windows Defender Security Center settings](preferences-setup-windows-defender-advanced-threat-protection.md) | Configure general settings, turn on the preview experience, notifications, and enable other features.
 [Access the Windows Defender ATP Community Center](community-windows-defender-advanced-threat-protection.md) | Access the Windows Defender ATP Community Center to learn, collaborate, and share experiences about the product.
 [Troubleshoot service issues](troubleshoot-windows-defender-advanced-threat-protection.md) | This section addresses issues that might arise as you use the Windows Defender Advanced Threat service.