diff --git a/windows/security/threat-protection/windows-defender-atp/images/active-alerts-tile.png b/windows/security/threat-protection/windows-defender-atp/images/active-alerts-tile.png
new file mode 100644
index 0000000000..19428a4156
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/active-alerts-tile.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-active-investigations-tile.png b/windows/security/threat-protection/windows-defender-atp/images/atp-active-investigations-tile.png
index 6950882187..9d46d16055 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-active-investigations-tile.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-active-investigations-tile.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-tile.png b/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-tile.png
index 7a975960a1..40a8d079a4 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-tile.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-tile.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-automated-investigations-statistics.png b/windows/security/threat-protection/windows-defender-atp/images/atp-automated-investigations-statistics.png
index 82565d784f..deefc7b684 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-automated-investigations-statistics.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-automated-investigations-statistics.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-daily-machines-reporting.png b/windows/security/threat-protection/windows-defender-atp/images/atp-daily-machines-reporting.png
index e46f058e86..2d4b4fc334 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-daily-machines-reporting.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-daily-machines-reporting.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machines-at-risk.png b/windows/security/threat-protection/windows-defender-atp/images/atp-machines-at-risk.png
index 9347d09c04..2a637f7560 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-machines-at-risk.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-machines-at-risk.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-sec-ops-dashboard.png b/windows/security/threat-protection/windows-defender-atp/images/atp-sec-ops-dashboard.png
index 5a4816bf80..56a204ca39 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-sec-ops-dashboard.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-sec-ops-dashboard.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-suspicious-activities-tile.png b/windows/security/threat-protection/windows-defender-atp/images/atp-suspicious-activities-tile.png
index 0989362804..3be42e4c9d 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-suspicious-activities-tile.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-suspicious-activities-tile.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-tile-sensor-health.png b/windows/security/threat-protection/windows-defender-atp/images/atp-tile-sensor-health.png
index dce4ee3f5e..e39ee3c1ed 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-tile-sensor-health.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-tile-sensor-health.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-users-at-risk.png b/windows/security/threat-protection/windows-defender-atp/images/atp-users-at-risk.png
index c2b81ca99a..dc9414f4cf 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-users-at-risk.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-users-at-risk.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/machines-at-risk-tile.png b/windows/security/threat-protection/windows-defender-atp/images/machines-at-risk-tile.png
new file mode 100644
index 0000000000..04480e2b04
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/machines-at-risk-tile.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/sec-ops-dashboard.png b/windows/security/threat-protection/windows-defender-atp/images/sec-ops-dashboard.png
new file mode 100644
index 0000000000..f858a4664a
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/sec-ops-dashboard.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/status-tile.png b/windows/security/threat-protection/windows-defender-atp/images/status-tile.png
index 452918b63f..bdc4ec022d 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/status-tile.png and b/windows/security/threat-protection/windows-defender-atp/images/status-tile.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md
index 7fc386b942..428fd93504 100644
--- a/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
-ms.date: 04/24/2018
+ms.date: 09/04/2018
 ---
 
 # Windows Defender Security Center Security operations dashboard
@@ -26,16 +26,16 @@ The dashboard displays a snapshot of:
 
 - The latest active alerts on your network
 - Machines at risk
-- Machines with active malware alerts
+- Sensor health
+- Service health
 - Daily machines reporting
 - Active automated investigations
 - Automated investigations statistics
 - Users at risk
 - Suspicious activities
-- Sensor health
-- Service health
 
-![Image of Security operations dashboard](images/atp-sec-ops-1.png)
+
+![Image of Security operations dashboard](images/atp-sec-ops-dashboard.png)
 
 You can explore and investigate alerts and machines to quickly determine if, where, and when suspicious activities occurred in your network to help you understand the context they appeared in.
 
@@ -44,51 +44,45 @@ From the **Security operations dashboard** you will see aggregated events to fac
 It also has clickable tiles that give visual cues on the overall health state of your organization. Each tile opens a detailed view of the corresponding overview.
 
 ## Active alerts
-You can view the overall number of active ATP alerts from the last 30 days in your network from the **ATP alerts** tile. Alerts are grouped into **New** and **In progress**.
+You can view the overall number of active alerts from the last 30 days in your network from the tile. Alerts are grouped into **New** and **In progress**.
 
-![Click on each slice or severity to see a list of alerts from the past 30 days](images/atp-alerts-tile.png)
+![Click on each slice or severity to see a list of alerts from the past 30 days](images/active-alerts-tile.png)
 
 Each group is further sub-categorized into their corresponding alert severity levels. Click the number of alerts inside each alert ring to see a sorted view of that category's queue (**New** or **In progress**).
 
 For more information see, [Alerts overview](alerts-queue-windows-defender-advanced-threat-protection.md).
 
-The **Latest active alerts** section includes the latest active alerts in your network. Each row includes an alert severity category and a short description of the alert. Click an alert to see its detailed view, or **Alerts queue** at the top of the list to go directly to the Alerts queue. For more information see,  [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) and [Alerts overview](alerts-queue-windows-defender-advanced-threat-protection.md).
+Each row includes an alert severity category and a short description of the alert. You can click an alert to see its detailed view. For more information see,  [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) and [Alerts overview](alerts-queue-windows-defender-advanced-threat-protection.md).
 
 
 
 ## Machines at risk
 This tile shows you a list of machines with the highest number of active alerts. The total number of alerts for each machine is shown in a circle next to the machine name, and then further categorized by severity levels at the far end of the tile (hover over each severity bar to see its label).
 
-![The Machines at risk tile shows a list of machines with the highest number of alerts, and a breakdown of the severity of the alerts](images/atp-machines-at-risk.png)
+![The Machines at risk tile shows a list of machines with the highest number of alerts, and a breakdown of the severity of the alerts](images/machines-at-risk-tile.png)
 
 Click the name of the machine to see details about that machine. For more information see, [Investigate machines in the Windows Defender Advanced Threat Protection Machines list](investigate-machines-windows-defender-advanced-threat-protection.md).
 
 You can also click **Machines list** at the top of the tile to go directly to the **Machines list**, sorted by the number of active alerts. For more information see, [Investigate machines in the Windows Defender Advanced Threat Protection Machines list](investigate-machines-windows-defender-advanced-threat-protection.md).
 
-## Machines with active malware detections
-The **Machines with active malware detections** tile will only appear if your machines are using Windows Defender Antivirus.
+## Sensor health
+The **Sensor health** tile provides information on the individual machine’s ability to provide sensor data to the Windows Defender ATP service. It reports how many machines require attention and helps you identify problematic machines.
 
-Active malware is defined as threats that were actively executing at the time of detection.
+![Sensor health tile](images/atp-tile-sensor-health.png)
 
-Hover over each bar to see the number of active malware detections (as **Malware detections**) and the number of machines with at least one active detection (as **Machines**) over the past 30 days.
+There are two status indicators that provide information on the number of machines that are not reporting properly to the service:
+-	**Misconfigured** – These machines might partially be reporting sensor data to the Windows Defender ATP service and might have configuration errors that need to be corrected.
+- **Inactive** - Machines that have stopped reporting to the Windows Defender ATP service for more than seven days in the past month.
 
-![The Machines with active malware detections tile shows the number of threats and machines for each threat category](images/atp-machines-active-threats-tile.png)
 
-The chart is sorted into five categories:
+When you click any of the groups, you’ll be directed to machines list, filtered according to your choice. For more information, see [Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md) and [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md).
 
-- **Ransomware** - threats that prevent user access to a machine or its files and demand payment to restore access.
-- **Credential theft** - threats that attempt to steal credentials.
-- **Exploit** - threats that use software vulnerabilities to infect machines.
-- **Backdoor** - threats that gives a malicious hacker access to and control of machines.
-- **General** - threats that perform unwanted actions, including actions that can disrupt, cause direct damage, and facilitate intrusion and data theft.
-- **PUA** - applications that install and perform undesirable activity without adequate user consent.
+## Service health
+The **Service health** tile informs you if the service is active or if there are issues.
 
-Threats are considered "active" if there is a very high probability that the malware was executing on your network, as opposed to statically located on-disk.
+![The Service health tile shows an overall indicator of the service](images/status-tile.png)
 
-Clicking on any of these categories will navigate to the [Machines list](investigate-machines-windows-defender-advanced-threat-protection.md), filtered by the appropriate category. This lets you see a detailed breakdown of which machines have active malware detections, and how many threats were detected per machine.
-
-> [!NOTE]
-> The **Machines with active malware detections** tile will only appear if your machines are using [Windows Defender Antivirus](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product.
+For more information on the service health, see [Check the Windows Defender ATP service health](service-status-windows-defender-advanced-threat-protection.md).
 
 
 ## Daily machines reporting
@@ -99,13 +93,13 @@ The **Daily machines reporting** tile shows a bar graph that represents the numb
 
 
 ## Active automated investigations
-You can view the overall number of automated investigations from the last 30 days in your network from the **Active automated investigations** tile. Investigations are grouped into **Waiting for machine**, **Running**, and **Pending approval**.
+You can view the overall number of automated investigations from the last 30 days in your network from the **Active automated investigations** tile. Investigations are grouped into **Pending action**, **Waiting for machine**, and **Running**.
 
 ![Inmage of active automated investigations](images/atp-active-investigations-tile.png)
 
 
 ## Automated investigations statistics
-This tile shows statistics related to automated investigations in the last 30 days. It shows the number of investigations completed, the number of successfully remediated investigations, the average pending time it takes for an investigaiton to be initiated, the average time it takes to remediate an alert, the number of alerts investigated, and the number of hours of automation saved from a typical manual investigation. 
+This tile shows statistics related to automated investigations in the last 30 days. It shows the number of investigations completed, the number of successfully remediated investigations, the average pending time it takes for an investigation to be initiated, the average time it takes to remediate an alert, the number of alerts investigated, and the number of hours of automation saved from a typical manual investigation. 
 
 ![Image of automated investigations statistics](images/atp-automated-investigations-statistics.png)
 
@@ -124,26 +118,6 @@ This tile shows audit events based on detections from various security component
 ![Suspicous activities tile](images/atp-suspicious-activities-tile.png)
 
 
-## Sensor health
-The **Sensor health** tile provides information on the individual machine’s ability to provide sensor data to the Windows Defender ATP service. It reports how many machines require attention and helps you identify problematic machines.
-
-![Sensor health tile](images/atp-tile-sensor-health.png)
-
-There are two status indicators that provide information on the number of machines that are not reporting properly to the service:
-- **Inactive** - Machines that have stopped reporting to the Windows Defender ATP service for more than seven days in the past month.
--	**Misconfigured** – These machines might partially be reporting sensor data to the Windows Defender ATP service and might have configuration errors that need to be corrected.
-
-When you click any of the groups, you’ll be directed to machines list, filtered according to your choice. For more information, see [Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md) and [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md).
-
-## Service health
-The **Service health** tile informs you if the service is active or if there are issues.
-
-![The Service health tile shows an overall indicator of the service](images/status-tile.png)
-
-For more information on the service health, see [Check the Windows Defender ATP service health](service-status-windows-defender-advanced-threat-protection.md).
-
-
-
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-secopsdashboard-belowfoldlink)