add auto-resolve advanced setting content

windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md

@@ -28,7 +28,13 @@ Turn on the following advanced features to get better protected from potentially
 When you enable this feature, you'll be able to take advantage of the automated investigation and remediation features of the service. For more information, see [Automated investigations](automated-investigations-windows-defender-advanced-threat-protection.md).
 
 ## Auto-resolve remediated alerts
-When you enable this feature, alerts where no threats or malicious artifacts have successfully been remediated by the automated investigation will be resolved. 
+The Automated investigations capability is configured by default to resolve alerts where the automated analysis result status is <20>No threats found<6E> or <20>Remediated<EFBFBD>. 
+
+>[!NOTE]
+> - The result of the auto-resolve action may influence the Machine risk level calculation which is based on the active alerts found on a machine.  
+>- If a security operations analyst manually sets the status of an alert to <20>In progress<73> or <20>Resolved<65> the auto-resolve capability will not overrite it.
+
+If you don<6F>t want to have alerts auto-resolved, you<6F>ll need to manually turn off the feature.
 
 ## Block file
 This feature is only available if your organization uses Windows Defender Antivirus as the active antimalware solution and that the cloud-based protection feature is enabled.

windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md

@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 08/08/2018
+ms.date: 09/03/2018
 ---
 
 # Onboard servers to the Windows Defender ATP service
@@ -19,25 +19,28 @@ ms.date: 08/08/2018
 - Windows Server 2012 R2
 - Windows Server 2016
 - Windows Server, version 1803
+- Windows Server, 2019
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
+[!include[Prerelease information](prerelease.md)]
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configserver-abovefoldlink)
 
+
 Windows Defender ATP extends support to also include the Windows Server operating system, providing advanced attack detection and investigation capabilities, seamlessly through the Windows Defender Security Center console.
 
 The service supports the onboarding of the following servers:
 - Windows Server 2012 R2
 - Windows Server 2016
 - Windows Server, version 1803
+- Windows Server 2019
 
 ## Onboard Windows Server 2012 R2 and Windows Server 2016
 
 To onboard your servers to Windows Defender ATP, you’ll need to:
 
 - For Windows Server 2012 R2: Configure and update System Center Endpoint Protection clients.
-- Turn on server monitoring from the Windows Defender Security Center portal.
+- Turn on server monitoring from Windows Defender Security Center.
 - If you're already leveraging System Center Operations Manager (SCOM) or Operations Management Suite (OMS), simply attach the Microsoft Monitoring Agent (MMA) to report to your Windows Defender ATP workspace through [Multi Homing support](https://blogs.technet.microsoft.com/msoms/2016/05/26/oms-log-analytics-agent-multi-homing-support/). Otherwise, install and configure MMA to report sensor data to Windows Defender ATP as instructed below.
 
 >[!TIP]

windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md

@@ -109,7 +109,7 @@ When accessing [Windows Defender Security Center](https://SecurityCenter.Windows
 
 	![Image of final preference set up](images\atp-final-preference-setup.png)
 
-9. A dedicated cloud instance of Windows Defender Security Center portal is being created at this time. This step will take an average of 5 minutes to complete.
+9. A dedicated cloud instance of Windows Defender Security Center is being created at this time. This step will take an average of 5 minutes to complete.
 
 	![Image of Windows Defender ATP cloud instance](images\atp-windows-cloud-instance-creation.png)
 

windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md

@@ -14,7 +14,10 @@ ms.date: 09/03/2018
 ---
 
 # Microsoft Cloud App Security integration overview
+**Applies to:**
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
+[!include[Prerelease<73>information](prerelease.md)]
 
 [Cloud App Security](https://docs.microsoft.com/cloud-app-security/what-is-cloud-app-security) gives you visibility into your cloud apps and services by allowing you to control and limit access to cloud apps, while enforcing compliance requirements on data stored in the cloud.
 

windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md

@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
-ms.date: 06/18/2018
+ms.date: 09/03/2018
 ---
 
 # Onboard previous versions of Windows
@@ -30,12 +30,17 @@ ms.date: 06/18/2018
 Windows Defender ATP extends support to include down-level operating systems, providing advanced attack detection and investigation capabilities on supported Windows versions.
 
 To onboard down-level Windows client endpoints to Windows Defender ATP, you'll need to:
-- Configure and update System Center Endpoint Protection clients.
+- If your organization uses System Center Endpoint Protection (SCEP), you'll need to configure and update  clients
+- Turn on client machine reporting and get the Workspace ID and Workspace key from the portal
+- Verify and apply the minimum requirements
+- 
+- Create a deployment in  
 - Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Windows Defender ATP as instructed below.
 
 >[!TIP]
 > After onboarding the machine, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
 
+
 ## Configure and update System Center Endpoint Protection clients
 >[!IMPORTANT]
 >This step is required only if your organization uses System Center Endpoint Protection (SCEP).
@@ -46,33 +51,49 @@ The following steps are required to enable this integration:
 - Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/en-us/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie) 
 - Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting
 
-## Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Windows Defender ATP
 
-### Before you begin
+
+## Turn on client machine monitoring from Windows Defender Security Center
+Turn on the client machine monitoring and obtain the Workspace ID and Workspace key.
+
+1. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
+
+2. Select **Windows 7 SP1 and 8.1**  as the operating system.
+ 
+3. Click **Turn on client monitoring** and confirm that you'd like to proceed with the environment set up. When the set up completes, the **Workspace ID** and **Workspace key** fields are populated with unique values. You'll need to use these values to configure the MMA agent.
+
+## Verify and apply the minimum requirements
 Review the following details to verify minimum system requirements:
 - Install the [February monthly update rollout](https://support.microsoft.com/help/4074598/windows-7-update-kb4074598)
   
   >[!NOTE]
   >Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro. 
 
+> [!TIP]
+> This can be deployed through System Center Configuration Manager
+> CHECK WITH HESHAM!!!
+
 - Install the [Update for customer experience and diagnostic telemetry](https://support.microsoft.com/help/3080149/update-for-customer-experience-and-diagnostic-telemetry)
   
   >[!NOTE]
   >Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro.
 
+
+> [!TIP]
+> This can be deployed through System Center Configuration Manager
+> CHECK WITH HESHAM!!!
+
 - Meet the Azure Log Analytics agent minimum system requirements. For more information, see [Collect data from computers in your environment with Log Analytics](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-concept-hybrid#prerequisites)
 
+## Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Windows Defender ATP
+
 1. Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603) or [Windows 32-bit agent](https://go.microsoft.com/fwlink/?LinkId=828604).
 
-2. Obtain the workspace ID:
+2. Using the Workspace ID and Workspace key choose any of the following installation methods to install the agent:
-   - In the Windows Defender ATP navigation pane, select **Settings > Machine management > Onboarding**
-   - Select **Windows 7 SP1 and 8.1** as the operating system
-   - Copy the workspace ID and workspace key
-
-3. Using the Workspace ID and Workspace key choose any of the following installation methods to install the agent:
     - Manually install the agent using setup<br>
       On the **Agent Setup Options** page, select **Connect the agent to Azure Log Analytics (OMS)**
     - [Install the agent using command line](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-agent-windows#install-the-agent-using-the-command-line) and [configure the agent using a script](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-agent-windows#add-a-workspace-using-a-script)
+    - Create a deployment in 
 
 4. If you're using a proxy to connect to the Internet see the Configure proxy settings section.