diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md
index 0f87bc0afe..5f7b73081b 100644
--- a/windows/keep-secure/TOC.md
+++ b/windows/keep-secure/TOC.md
@@ -410,6 +410,7 @@
 ##### [Additional configuration settings](additional-configuration-windows-defender-advanced-threat-protection.md)
 ##### [Monitor onboarding](monitor-onboarding-windows-defender-advanced-threat-protection.md)
 ##### [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
+##### [Troubleshoot onboarding issues2](troubleshoot-onboarding2-windows-defender-advanced-threat-protection.md)
 #### [Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md)
 #### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
 #### [Use the Windows Defender ATP portal](use-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md
index d9071e74d9..27de7a82cd 100644
--- a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md
@@ -12,6 +12,12 @@ author: mjcaparas
 
 # Configure proxy and Internet connectivity settings
 
+**Applies to:**
+
+- Windows 10 Insider Preview
+
+<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
+
 The embedded Windows Defender ATP sensor runs in system context using the LocalSystem account. The sensor uses Microsoft Windows HTTP Services (WinHTTP) to enable communication with the Windows Defender ATP cloud service. This is considered as the appropriate method of communication this type of usage scenario.
 
 The WinHTTP configuration setting is independent of the Windows Internet (WinINet) internet browsing proxy settings and can only discover a proxy server by using the following discovery methods:
diff --git a/windows/keep-secure/images/windefatp-sc-qc-diagtrack.png b/windows/keep-secure/images/windefatp-sc-qc-diagtrack.png
new file mode 100644
index 0000000000..f1401c96df
Binary files /dev/null and b/windows/keep-secure/images/windefatp-sc-qc-diagtrack.png differ
diff --git a/windows/keep-secure/images/windefatp-sc-query-diagtrack.png b/windows/keep-secure/images/windefatp-sc-query-diagtrack.png
new file mode 100644
index 0000000000..96dacdc763
Binary files /dev/null and b/windows/keep-secure/images/windefatp-sc-query-diagtrack.png differ
diff --git a/windows/keep-secure/troubleshoot-onboarding2-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-onboarding2-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..1219c5e37e
--- /dev/null
+++ b/windows/keep-secure/troubleshoot-onboarding2-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,131 @@
+---
+title: Troubleshoot Windows Defender ATP onboarding issues
+description: Troubleshoot issues that might arise during the onboarding of endpoints or to the Windows Defender ATP service.
+keywords: troubleshoot onboarding, onboarding issues, event viewer, azure management portal, data collection and preview builds
+search.product: eADQiWindows 10XVcnh
+ms.prod: W10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+author: iaanw
+---
+
+# Troubleshoot Windows Defender Advanced Threat Protection onboarding issues2
+
+**Applies to:**
+
+- Windows 10 Insider Preview
+
+<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
+
+You might need to troubleshoot the onboarding process if you encounter issues.
+
+## Endpoints not reporting correctly
+
+If you have completed the endpoint onboarding process and don't see endpoints in the [Machines view](investigate-machines-windows-defender-advanced-threat-protection.md), then this might indicate endpoint onboarding or a connectivity issue that you need to address.
+
+To address this issue:
+
+- Ensure that the endpoint is onboarded successfully
+- Ensure that the Windows Defender ATP service is enabled
+- Ensure that the telemetry and diagnostics service is enabled
+- Ensure that the Windows Defender ATP endpoint has internet connection
+
+### Ensure that the endpoint is onboarded successfully
+
+
+### Ensure that the Windows Defender ATP service is enabled
+
+
+### Ensure that the telemetry and diagnostics service is enabled
+
+If the endpoints aren't reporting correctly, you might need to check that the Windows 10 telemetry and diagnostics service is enabled on the endpoint. The service may have been disabled by other programs or user configuration changes.
+
+You will need to check the startup type and verify that the service is running. 
+
+There are two ways to check the startup type for the service: from the command line or in the services console.
+
+**Check the startup type from the command line:**
+
+1.  Open an elevated command-line prompt on the endpoint:
+
+    a.  Click **Start** and type **cmd**.
+
+    b.  Right-click **Command prompt** and select **Run as administrator**.
+ 
+2.  Enter the following command and press **Enter**.
+
+    ```
+    sc qc query diagtrack
+    ```
+
+3.  If the service is enabled, it will be set to automatically start. The result should look like the following:
+
+    ![Result of the sc query command for diagtrack](images/windefatp-sc-qc-diagtrack.png)
+
+    ```
+    SERVICE_NAME: diagtrack
+        TYPE               : 10  WIN32_OWN_PROCESS
+        START_TYPE         : 2   AUTO_START
+        ERROR_CONTROL      : 1   NORMAL
+        BINARY_PATH_NAME   : C:\WINDOWS\System32\svchost.exe -k utcsvc
+        LOAD_ORDER_GROUP   :
+        TAG                : 0
+        DISPLAY_NAME       : Connected User Experiences and Telemetry
+        DEPENDENCIES       : RpcSs
+        SERVICE_START_NAME : LocalSystem
+    ```
+
+4. If the **START_TYPE** is not set to **AUTO_START**, then you'll need to enter the following command and press **Enter**:
+
+    ```
+    sc config diagtrack start=auto
+    ```
+5. A success message is displayed. Verify the change by entering the following command and press **Enter**:
+
+    ```
+    sc qc diagtrack
+    ```
+
+**Check the startup type in the services console:**
+
+1.  Open the services console:
+
+    a. Click **Start** and type **services**. Press **Enter** to open the console.
+
+2.  Scroll through the list of services until you find **Connected User Experiences and Telemetry**. 
+
+3.  Check the **Startup type** column - the service should be set as **Automatic**.
+
+ASK ALON HOW SET TO AUTOMATIC IF IT'S NOT SET FROM THE CONSOLE.
+
+**Check that the service is running from the command line**
+
+1.  Open an elevated command-line prompt on the endpoint:
+
+    a.  Click **Start** and type **cmd**.
+
+    b.  Right-click **Command prompt** and select **Run as administrator**.
+
+2.  Enter the following command and press **Enter**.
+
+    ```
+    sc query diagtrack
+    ```
+3. If the service is running, the result should look like the following:
+
+    ![Result of the sc query command for sc query diagtrack](images/windefatp-sc-query-diagtrack.png)
+    
+4. If the service STATE is not set to RUNNING, then you'll need to enter the following command and press **Enter**:
+
+    ```
+    sc start diagtrack
+    ```
+
+5. A success message is displayed. Verify the change by entering the following command and press **Enter**:
+
+    ```
+    sc query diagtrack
+    ```
+
+### Ensure that the Windows Defender ATP endpoint has internet connection
+