diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md
index 029173c6e9..f441fe1064 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md
@@ -54,7 +54,7 @@ Because your protection is a cloud service, computers must have access to the in
 | :--: | :-- | :-- |
 | Microsoft Defender Antivirus cloud-delivered protection service, also referred to as Microsoft Active Protection Service (MAPS)|Used by Microsoft Defender Antivirus to provide cloud-delivered protection|`*.wdcp.microsoft.com` <br/> `*.wdcpalt.microsoft.com` <br/> `*.wd.microsoft.com`|
 | Microsoft Update Service (MU) <br/> Windows Update Service (WU)|	Security intelligence and product updates	|`*.update.microsoft.com` <br/> `*.delivery.mp.microsoft.com`<br/> `*.windowsupdate.com` <br/> for details see [Connection endpoints for Windows Update](https://docs.microsoft.com/windows/privacy/manage-windows-1709-endpoints#windows-update)|
-|Security intelligence updates Alternate Download Location (ADL)|	Alternate location for Microsoft Defender Antivirus Security intelligence updates if the installed Security intelligence is out of date (7 or more days behind)|	`*.download.microsoft.com`|
+|Security intelligence updates Alternate Download Location (ADL)|	Alternate location for Microsoft Defender Antivirus Security intelligence updates if the installed Security intelligence is out of date (7 or more days behind)|	`*.download.microsoft.com`  </br> `*.download.windowsupdate.com`</br> `https://fe3cr.delivery.mp.microsoft.com/ClientWebService/client.asmx`|
 | Malware submission storage|Upload location for files submitted to Microsoft via the Submission form or automatic sample submission	| `ussus1eastprod.blob.core.windows.net` <br/>    `ussus1westprod.blob.core.windows.net` <br/>    `usseu1northprod.blob.core.windows.net` <br/>    `usseu1westprod.blob.core.windows.net` <br/>    `ussuk1southprod.blob.core.windows.net` <br/>    `ussuk1westprod.blob.core.windows.net` <br/>    `ussas1eastprod.blob.core.windows.net` <br/>    `ussas1southeastprod.blob.core.windows.net` <br/>    `ussau1eastprod.blob.core.windows.net` <br/>    `ussau1southeastprod.blob.core.windows.net` |
 | Certificate Revocation List (CRL)|Used by Windows when creating the SSL connection to MAPS for updating the CRL	| `https://www.microsoft.com/pkiops/crl/` <br/> `https://www.microsoft.com/pkiops/certs` <br/>   `https://crl.microsoft.com/pki/crl/products` <br/> `https://www.microsoft.com/pki/certs` |
 | Symbol Store|Used by Microsoft Defender Antivirus to restore certain critical files during remediation flows	| `https://msdl.microsoft.com/download/symbols` |
@@ -121,6 +121,6 @@ You will also see a detection under **Quarantined threats** in the **Scan histor
 
 - [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md)
 
-- [Run an Microsoft Defender Antivirus scan from the command line](command-line-arguments-microsoft-defender-antivirus.md) and [Command line arguments](command-line-arguments-microsoft-defender-antivirus.md)
+- [Command line arguments](command-line-arguments-microsoft-defender-antivirus.md)
 
 - [Important changes to Microsoft Active Protection Services endpoint](https://techcommunity.microsoft.com/t5/Configuration-Manager-Archive/Important-changes-to-Microsoft-Active-Protection-Service-MAPS/ba-p/274006) 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-dates.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-dates.png
index e2998ed7aa..aa5fa7c554 100644
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-dates.png and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-dates.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-drilldown.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-drilldown.png
index d0ad1e7017..669e392d04 100644
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-drilldown.png and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-drilldown.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-exposure-score.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-exposure-score.png
index 91950ddc48..6892f9bcb0 100644
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-exposure-score.png and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-exposure-score.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-exposure-score400.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-exposure-score400.png
index 84cf422fdc..dd5df1eee4 100644
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-exposure-score400.png and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-exposure-score400.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-flyout.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-flyout.png
new file mode 100644
index 0000000000..f056931ef0
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-flyout.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-flyout500.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-flyout500.png
index 972824d9d2..3a7c5c709b 100644
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-flyout500.png and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-flyout500.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-overview-mixed-type.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-overview-mixed-type.png
index d2de753251..5ce64f30d1 100644
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-overview-mixed-type.png and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-overview-mixed-type.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-software-pages.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-software-pages.png
index 26b7c166bb..d129da0294 100644
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-software-pages.png and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-software-pages.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-top-events-card.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-top-events-card.png
index 437d371dc8..b4b6c0cb44 100644
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-top-events-card.png and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-top-events-card.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md
index 7830afd8a5..3c49e66665 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md
@@ -132,4 +132,4 @@ A full page will appear with all the details of a specific software, including a
 - [APIs](next-gen-threat-and-vuln-mgt.md#apis)
 - [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
 - [Advanced hunting overview](overview-hunting.md)
-- [All advanced hunting tables](advanced-hunting-reference.md)
\ No newline at end of file
+- [All advanced hunting tables](advanced-hunting-reference.md)