+You can use alert policies and the alert dashboard in the Microsoft 365 compliance center or the Microsoft 365 Defender portal to create alert policies and then view the alerts generated when users perform activities that match the conditions of an alert policy. There are several default alert policies that help you monitor activities such as assigning admin privileges in Exchange Online, malware attacks, phishing campaigns, and unusual levels of file deletions and external sharing.

+> [!TIP]

+> Go to the [Default alert policies](#default-alert-policies) section in this article for a list and description of the available alert policies.

+Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender portal</a> and under **Email & collaboration** select **Policies & rules** > **Alert policy**. Alternatively, you can go directly to <https://security.microsoft.com/alertpolicies>.

+ - To view file or email contents in the source view, you must have the **Data Classification Content Viewer** role, which is included in the **Content Explorer Content Viewer** role group, or **Information Protection** and **Information Protection Investigators** role groups (currently in preview). Without the required role, you don't see the preview pane when you select an item from the **Matched Items** tab. Global admins don't have this role by default.

+Auto-policies run continuously until they are deleted. For example, new and modified files will be included with the current policy settings.

+### Monitoring your auto-labeling policy

+After your auto-labeling policy is turned on, you can view the labeling progress for files in your chosen SharePoint and OneDrive locations. Emails are not included in the labeling progress because they are automatically labeled as they are sent.

+The labeling progress includes the files to be labeled by the policy, the files labeled in the last 7 days, and the total files labeled. Because of the maximum of labeling 25,000 files a day, this information provides you with visibility into the current labeling progress for your policy and how many files are still to be labeled.

+When you first turn on your policy, you will initially see a value of 0 for files to be labeled until the latest data is retrieved. This progress information updates every 48 hours, so you can expect to see the most current data about every other day. When you select an auto-labeling policy, you can see more details about the policy in a flyout pane, which includes the labeling progress by the top 10 sites. The information on this flyout pane might be more current than the aggregated policy information displayed on the **Auto-labeling** main page.

+- **Content Explorer List Viewer** role group lets you see a file's label but not the file's contents.

+- **Content Explorer Content Viewer** role group, and **Information Protection** and **Information Protection Investigators** role groups (currently in preview) let you see the file's contents.

+Below is the complete list of templates in Compliance Manager. Links in the template names below take you to related documentation where available about that standard, regulation, or law.

+You can also select individual templates in Compliance Manager to view more information about them, including a description of the regulation and properties of the template. Read the **About** section for a summary.

+## Permissions

+Members of your compliance team who will create DLP policies need permissions to the Compliance Center. By default, your tenant admin will have access can give compliance officers and other people access. Follow these steps:

+

+1. Create a group in Microsoft 365 and add compliance officers to it.

+

+2. Create a role group on the **Permissions** page of the Security &amp; Compliance Center.

+3. While creating the role group, use the **Choose Roles** section to add the following role to the role group: **DLP Compliance Management**.

+

+4. Use the **Choose Members** section to add the Microsoft 365 group you created before to the role group.

+Use the **View-Only DLP Compliance Management** role to create role group with view-only privileges to the DLP policies and DLP reports.

+For more information, see [Give users access to the Office 365 Compliance Center](../security/office-365-security/grant-access-to-the-security-and-compliance-center.md).

+

+These permissions are required to create and apply a DLP policy not to enforce policies.

+### Roles and Role Groups in preview

+There are roles and role groups in preview that you can test out to fine tune your access controls.

+Here's a list of Microsoft Information Protection (MIP) roles that are in preview. To learn more about them, see [Roles in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#roles-in-the-security--compliance-center)

+- Information Protection Admin

+- Information Protection Analyst

+- Information Protection Investigator

+- Information Protection Reader

+Here's a list of MIP role groups that are in preview. To learn more about the, see [Role groups in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#role-groups-in-the-security--compliance-center)

+- Information Protection

+- Information Protection Admins

+- Information Protection Analysts

+- Information Protection Investigators

+- Information Protection Readers

+### Roles and Role Groups in preview

+There are roles and role groups in preview that you can test out to fine tune your access controls.

+Here's a list of Microsoft Information Protection (MIP) roles that are in preview. To learn more about them, see [Roles in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#roles-in-the-security--compliance-center)

+- Information Protection Admin

+- Information Protection Analyst

+- Information Protection Investigator

+- Information Protection Reader

+Here's a list of MIP role groups that are in preview. To learn more about the, see [Role groups in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#role-groups-in-the-security--compliance-center)

+- Information Protection

+- Information Protection Admins

+- Information Protection Analysts

+- Information Protection Investigators

+- Information Protection Readers

+description: "Activity explorer lets you see and filter on the actions users are taking on your labeled content."

+An account must be explicitly assigned membership in any one of these role groups or explicitly granted the role.

+### Roles and Role Groups in preview

+There are roles and role groups in preview that you can test out to fine-tune your access controls.

+Here's a list of Microsoft Information Protection (MIP) roles that are in preview. To learn more about them, see [Roles in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#roles-in-the-security--compliance-center)

+- Information Protection Admin

+- Information Protection Analyst

+- Information Protection Investigator

+- Information Protection Reader

+Here's a list of MIP role groups that are in preview. To learn more about the, see [Role groups in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#role-groups-in-the-security--compliance-center)

+- Information Protection

+- Information Protection Admins

+- Information Protection Analysts

+- Information Protection Investigators

+- Information Protection Readers

+**Sensitivity label activities** and **Retention labeling activities** from Office native applications, Azure Information Protection add-in, SharePoint Online, Exchange Online (sensitivity labels only), and OneDrive. Some examples are:

+Understanding what actions are being taken with your sensitive labeled content helps you see if the controls that you have in place, such as [data loss prevention](dlp-learn-about-dlp.md) policies are effective or not. If not, or if you discover something unexpected, such as a large number of items that are labeled `highly confidential` and are downgraded `general`, you can manage your various policies and take new actions to restrict the undesired behavior.

+#### Roles and Role Groups in preview

+There are roles and role groups in preview that you can test out to fine tune your access controls.

+Here's a list of Microsoft Information Protection (MIP) roles that are in preview. To learn more about them, see [Roles in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#roles-in-the-security--compliance-center)

+- Information Protection Admin

+- Information Protection Analyst

+- Information Protection Investigator

+- Information Protection Reader

+Here's a list of MIP role groups that are in preview. To learn more about the, see [Role groups in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#role-groups-in-the-security--compliance-center)

+- Information Protection

+- Information Protection Admins

+- Information Protection Analysts

+- Information Protection Investigators

+- Information Protection Readers

+#### Roles and Role Groups in preview

+There are roles and role groups in preview that you can test out to fine tune your access controls.

+Here's a list of Microsoft Information Protection (MIP) roles that are in preview. To learn more about them, see [Roles in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#roles-in-the-security--compliance-center)

+- Information Protection Admin

+- Information Protection Analyst

+- Information Protection Investigator

+- Information Protection Reader

+Here's a list of MIP role groups that are in preview. To learn more about the, see [Role groups in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#role-groups-in-the-security--compliance-center)

+- Information Protection

+- Information Protection Admins

+- Information Protection Analysts

+- Information Protection Investigators

+- Information Protection Readers

+### Roles and Role Groups in preview

+There are roles and role groups in preview that you can test out to fine tune your access controls.

+Here's a list of Microsoft Information Protection (MIP) roles that are in preview. To learn more about them, see [Roles in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#roles-in-the-security--compliance-center)

+- Information Protection Admin

+- Information Protection Analyst

+- Information Protection Investigator

+- Information Protection Reader

+Here's a list of MIP role groups that are in preview. To learn more about the, see [Role groups in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#role-groups-in-the-security--compliance-center)

+- Information Protection

+- Information Protection Admins

+- Information Protection Analysts

+- Information Protection Investigators

+- Information Protection Readers

+#### Roles and Role Groups in preview

+There are roles and role groups in preview that you can test out to fine tune your access controls.

+Here's a list of Microsoft Information Protection (MIP) roles that are in preview. To learn more about them, see [Roles in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#roles-in-the-security--compliance-center)

+- Information Protection Admin

+- Information Protection Analyst

+- Information Protection Investigator

+- Information Protection Reader

+Here's a list of MIP role groups that are in preview. To learn more about the, see [Role groups in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#role-groups-in-the-security--compliance-center)

+- Information Protection

+- Information Protection Admins

+- Information Protection Analysts

+- Information Protection Investigators

+- Information Protection Readers

+#### Roles and Role Groups in preview

+There are roles and role groups in preview that you can test out to fine tune your access controls.

+Here's a list of Microsoft Information Protection (MIP) roles that are in preview. To learn more about them, see [Roles in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#roles-in-the-security--compliance-center)

+- Information Protection Admin

+- Information Protection Analyst

+- Information Protection Investigator

+- Information Protection Reader

+Here's a list of MIP role groups that are in preview. To learn more about the, see [Role groups in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#role-groups-in-the-security--compliance-center)

+- Information Protection

+- Information Protection Admins

+- Information Protection Analysts

+- Information Protection Investigators

+- Information Protection Readers

+> [!NOTE]

+> Now in preview, you can use the following role groups:

+> - **Information Protection**

+> - **Information Protection Admins**

+> - **Information Protection Analysts**

+> - **Information Protection Investigators**

+> - **Information Protection Readers**

+>

+> For an explanation of each one, and the new roles that they contain, select a role group in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft 365 compliance center</a> > **Permissions & roles** > **Compliance center** > **Roles**, and then review the description in the flyout pane. Or, see [Role groups in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#role-groups-in-the-security--compliance-center).

+For instructions to add users to the default role group, roles, or create your own role groups, see [Permissions in the Microsoft 365 compliance center](microsoft-365-compliance-center-permissions.md).

+3. Under **Last import**, click the **Download log** link to open (or save) the status log for the connector. This log contains information about each time the script runs and uploads the data from the JSON file to the Microsoft cloud.

+ 

+ The **RecordsSaved** field indicates the number of objects in the JSON file that uploaded. For example, if the JSON file contains four objects, then the value of the **RecordsSaved** fields is 4, if the script successfully uploaded all the objects in the JSON file.

+## Week of January 03, 2022

+| Published On |Topic title | Change |

+|||--|

+| 1/3/2022 | [Microsoft 365 compliance documentation # < 60 chars](/microsoft-365/compliance/index?view=o365-21vianet) | modified |

+| 1/3/2022 | [Licensing for SharePoint Syntex](/microsoft-365/contentunderstanding/syntex-licensing) | modified |

+| 1/3/2022 | [Microsoft 365 guest sharing settings reference](/microsoft-365/solutions/microsoft-365-guest-settings?view=o365-21vianet) | modified |

+| 1/3/2022 | [Limit sharing in Microsoft 365](/microsoft-365/solutions/microsoft-365-limit-sharing?view=o365-21vianet) | modified |

+| 1/4/2022 | [MRS service alerts](/microsoft-365/enterprise/microsoft-365-mrs-source-delays-service-alerts?view=o365-21vianet) | added |

+| 1/4/2022 | [View or edit policies in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-view-edit-create-policies?view=o365-21vianet) | renamed |

+| 1/4/2022 | [Train your security staff for Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-defender-train-security-staff?view=o365-21vianet) | added |

+| 1/4/2022 | [Learn about the default labels and policies for Microsoft Information Protection](/microsoft-365/compliance/mip-easy-trials?view=o365-21vianet) | modified |

+| 1/4/2022 | [Learn about sensitivity labels](/microsoft-365/compliance/sensitivity-labels?view=o365-21vianet) | modified |

+| 1/4/2022 | [How to configure Exchange Server on-premises to use Hybrid Modern Authentication](/microsoft-365/enterprise/configure-exchange-server-for-hybrid-modern-authentication?view=o365-21vianet) | modified |

+| 1/4/2022 | [Exchange Online monitoring for Microsoft 365](/microsoft-365/enterprise/microsoft-365-exchange-monitoring?view=o365-21vianet) | modified |

+| 1/4/2022 | [Microsoft 365 Lighthouse Users page overview](/microsoft-365/lighthouse/m365-lighthouse-users-page-overview?view=o365-21vianet) | modified |

+| 1/4/2022 | [Microsoft Defender for Business](/microsoft-365/security/defender-business/index?view=o365-21vianet) | modified |

+| 1/4/2022 | Create a new policy in Microsoft Defender for Business | removed |

+| 1/4/2022 | [Attack surface reduction frequently asked questions (FAQ)](/microsoft-365/security/defender-endpoint/attack-surface-reduction-faq?view=o365-21vianet) | modified |

+| 1/4/2022 | [ASR rules deployment phase 2 - test](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-phase-2?view=o365-21vianet) | modified |

+| 1/4/2022 | [ASR rules deployment phase 3 - implement](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-phase-3?view=o365-21vianet) | modified |

+| 1/4/2022 | [Use attack surface reduction rules to prevent malware infection](/microsoft-365/security/defender-endpoint/attack-surface-reduction?view=o365-21vianet) | modified |

+| 1/4/2022 | [Onboard Windows devices to Microsoft Defender for Endpoint via Group Policy](/microsoft-365/security/defender-endpoint/configure-endpoints-gp?view=o365-21vianet) | modified |

+| 1/4/2022 | [Onboarding tools and methods for Windows devices](/microsoft-365/security/defender-endpoint/configure-endpoints?view=o365-21vianet) | modified |

+| 1/4/2022 | [Configure device proxy and Internet connection settings](/microsoft-365/security/defender-endpoint/configure-proxy-internet?view=o365-21vianet) | modified |

+| 1/4/2022 | [Onboard Windows servers to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-21vianet) | modified |

+| 1/4/2022 | [Protect important folders from ransomware from encrypting your files with controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders?view=o365-21vianet) | modified |

+| 1/4/2022 | Customize attack surface reduction rules | removed |

+| 1/4/2022 | [Compare Microsoft Defender for Endpoint Plan 1 to Plan 2](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2?view=o365-21vianet) | modified |

+| 1/4/2022 | [Overview of Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1?view=o365-21vianet) | modified |

+| 1/4/2022 | Evaluate attack surface reduction rules | removed |

+| 1/4/2022 | [Apply mitigations to help prevent attacks through vulnerabilities](/microsoft-365/security/defender-endpoint/exploit-protection?view=o365-21vianet) | modified |

+| 1/4/2022 | [App-based deployment for Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-install?view=o365-21vianet) | modified |

+| 1/4/2022 | [What's new in Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-whatsnew?view=o365-21vianet) | modified |

+| 1/4/2022 | [Manage Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/mde-p1-maintenance-operations?view=o365-21vianet) | modified |

+| 1/4/2022 | [Set up and configure Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/mde-p1-setup-configuration?view=o365-21vianet) | modified |

+| 1/4/2022 | [Get started with Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/mde-plan1-getting-started?view=o365-21vianet) | modified |

+| 1/4/2022 | [Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-ios?view=o365-21vianet) | modified |

+| 1/4/2022 | [Microsoft Defender for Endpoint - Mobile Threat Defense](/microsoft-365/security/defender-endpoint/mtd?view=o365-21vianet) | modified |

+| 1/4/2022 | [Use network protection to help prevent connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection?view=o365-21vianet) | modified |

+| 1/4/2022 | [Troubleshoot problems with attack surface reduction rules](/microsoft-365/security/defender-endpoint/troubleshoot-asr?view=o365-21vianet) | modified |

+| 1/4/2022 | [Vulnerabilities in my organization - threat and vulnerability management](/microsoft-365/security/defender-endpoint/tvm-weaknesses?view=o365-21vianet) | modified |

+| 1/4/2022 | [Configure Microsoft Defender Antivirus with Group Policy](/microsoft-365/security/defender-endpoint/use-group-policy-microsoft-defender-antivirus?view=o365-21vianet) | modified |

+| 1/4/2022 | [What's new in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint?view=o365-21vianet) | modified |

+| 1/4/2022 | [Quarantine policies](/microsoft-365/security/office-365-security/quarantine-policies?view=o365-21vianet) | modified |

+| 1/4/2022 | [Microsoft recommendations for EOP and Defender for Office 365 security settings](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-21vianet) | modified |

+| 1/4/2022 | [Complete Safe Links overview for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/safe-links?view=o365-21vianet) | modified |

+| 1/4/2022 | [View email security reports](/microsoft-365/security/office-365-security/view-email-security-reports?view=o365-21vianet) | modified |

+| 1/4/2022 | [View mail flow reports in the Reports dashboard](/microsoft-365/security/office-365-security/view-mail-flow-reports?view=o365-21vianet) | modified |

+| 1/4/2022 | [Manage who can create Microsoft 365 Groups](/microsoft-365/solutions/manage-creation-of-groups?view=o365-21vianet) | modified |

+| 1/4/2022 | [Use Microsoft OneDrive Learning Tools Interoperability](/microsoft-365/lti/onedrive-lti?view=o365-21vianet) | modified |

+| 1/4/2022 | [DeviceInfo table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-deviceinfo-table?view=o365-21vianet) | modified |

+| 1/4/2022 | [View your bill or invoice](/microsoft-365/commerce/billing-and-payments/view-your-bill-or-invoice?view=o365-21vianet) | modified |

+| 1/4/2022 | [Device management roadmap for Microsoft 365](/microsoft-365/enterprise/device-management-roadmap-microsoft-365?view=o365-21vianet) | modified |

+| 1/4/2022 | [Windows security updates report](/microsoft-365/managed-desktop/working-with-managed-desktop/security-updates-report?view=o365-21vianet) | modified |

+| 1/4/2022 | [Step 4. Deploy endpoint management for your devices, PCs, and other endpoints](/microsoft-365/solutions/empower-people-to-work-remotely-manage-endpoints?view=o365-21vianet) | modified |

+| 1/5/2022 | [Capabilities of Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/capabilities?view=o365-21vianet) | modified |

+| 1/5/2022 | [Learn about Microsoft 365 Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-21vianet) | modified |

+| 1/5/2022 | [Get started with insider risk management](/microsoft-365/compliance/insider-risk-management-configure?view=o365-21vianet) | modified |

+| 1/5/2022 | [Insider risk management in Microsoft 365](/microsoft-365/compliance/insider-risk-management-solution-overview?view=o365-21vianet) | modified |

+| 1/5/2022 | [Microsoft 365 Lighthouse and Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-lighthouse-integration?view=o365-21vianet) | modified |

+| 1/5/2022 | [DeviceInfo table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-deviceinfo-table?view=o365-21vianet) | modified |

+| 1/5/2022 | [About the Microsoft Defender for Office 365 trial](/microsoft-365/security/office-365-security/about-defender-for-office-365-trial?view=o365-21vianet) | modified |

+| 1/5/2022 | [Simulation automations for Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-simulation-automations?view=o365-21vianet) | modified |

+| 1/5/2022 | [Simulate a phishing attack with Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/attack-simulation-training?view=o365-21vianet) | modified |

+| 1/5/2022 | [Configure anti-malware policies](/microsoft-365/security/office-365-security/configure-anti-malware-policies?view=o365-21vianet) | modified |

+| 1/5/2022 | [Configure the default connection filter policy](/microsoft-365/security/office-365-security/configure-the-connection-filter-policy?view=o365-21vianet) | modified |

+| 1/5/2022 | [Configure outbound spam filtering](/microsoft-365/security/office-365-security/configure-the-outbound-spam-policy?view=o365-21vianet) | modified |

+| 1/5/2022 | [Configure spam filter policies](/microsoft-365/security/office-365-security/configure-your-spam-filter-policies?view=o365-21vianet) | modified |

+| 1/5/2022 | [Create blocked sender lists](/microsoft-365/security/office-365-security/create-block-sender-lists-in-office-365?view=o365-21vianet) | modified |

+| 1/5/2022 | [Email authentication in Microsoft 365](/microsoft-365/security/office-365-security/email-validation-and-authentication?view=o365-21vianet) | modified |

+| 1/5/2022 | [Common Zero Trust identity and device access policies - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/identity-access-policies?view=o365-21vianet) | modified |

+| 1/5/2022 | [New domains being forwarded email insight](/microsoft-365/security/office-365-security/mfi-new-domains-being-forwarded-email?view=o365-21vianet) | modified |

+| 1/5/2022 | [Step-by-step threat protection stack in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/protection-stack-microsoft-defender-for-office365?view=o365-21vianet) | modified |

+| 1/5/2022 | [Quarantined messages FAQ](/microsoft-365/security/office-365-security/quarantine-faq?view=o365-21vianet) | modified |

+| 1/5/2022 | [Microsoft recommendations for EOP and Defender for Office 365 security settings](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-21vianet) | modified |

+| 1/5/2022 | [Complete Safe Links overview for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/safe-links?view=o365-21vianet) | modified |

+| 1/5/2022 | [Secure email recommended policies - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/secure-email-recommended-policies?view=o365-21vianet) | modified |

+| 1/5/2022 | [Anti-phishing policies](/microsoft-365/security/office-365-security/set-up-anti-phishing-policies?view=o365-21vianet) | modified |

+| 1/5/2022 | [User reported message settings](/microsoft-365/security/office-365-security/user-submission?view=o365-21vianet) | modified |

+| 1/5/2022 | [View email security reports](/microsoft-365/security/office-365-security/view-email-security-reports?view=o365-21vianet) | modified |

+| 1/5/2022 | [Zero-hour auto purge in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/zero-hour-auto-purge?view=o365-21vianet) | modified |

+| 1/5/2022 | [Microsoft 365 Reports in the admin center - OneDrive for Business usage](/microsoft-365/admin/activity-reports/onedrive-for-business-usage-ww?view=o365-21vianet) | modified |

+| 1/5/2022 | [Set an individual user's password to never expire](/microsoft-365/admin/add-users/set-password-to-never-expire?view=o365-21vianet) | modified |

+| 1/5/2022 | [Manage add-ins in the admin center](/microsoft-365/admin/manage/manage-addins-in-the-admin-center?view=o365-21vianet) | modified |

+| 1/5/2022 | [Message center](/microsoft-365/admin/manage/message-center?view=o365-21vianet) | modified |

+| 1/5/2022 | [Add staff to Bookings](/microsoft-365/bookings/add-staff?view=o365-21vianet) | modified |

+| 1/5/2022 | [Flowchart to determine when an item will be retained or permanently deleted](/microsoft-365/compliance/retention-flowchart?view=o365-21vianet) | modified |

+| 1/5/2022 | [Learn about retention for Teams](/microsoft-365/compliance/retention-policies-teams?view=o365-21vianet) | modified |

+| 1/5/2022 | [Learn about retention for Yammer](/microsoft-365/compliance/retention-policies-yammer?view=o365-21vianet) | modified |

+| 1/5/2022 | [Search the audit log in the Microsoft 365 compliance center](/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-21vianet) | modified |

+| 1/5/2022 | [What's new in Microsoft 365 compliance](/microsoft-365/compliance/whats-new?view=o365-21vianet) | modified |

+| 1/5/2022 | [Cross-tenant mailbox migration](/microsoft-365/enterprise/cross-tenant-mailbox-migration?view=o365-21vianet) | modified |

+| 1/6/2022 | [Download documents from a review set](/microsoft-365/compliance/download-documents-from-review-set?view=o365-21vianet) | modified |

+| 1/6/2022 | [Use Advanced Audit to investigate compromised accounts](/microsoft-365/compliance/mailitemsaccessed-forensics-investigations?view=o365-21vianet) | modified |

+| 1/6/2022 | [Work with communications in Advanced eDiscovery](/microsoft-365/compliance/managing-custodian-communications?view=o365-21vianet) | modified |

+| 1/6/2022 | [Get help and support for Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-get-help?view=o365-21vianet) | modified |

+| 1/6/2022 | [Get started using Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-get-started?view=o365-21vianet) | modified |

+| 1/6/2022 | [Manage devices in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-manage-devices?view=o365-21vianet) | modified |

+| 1/6/2022 | [Overview of Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-overview?view=o365-21vianet) | modified |

+| 1/6/2022 | [Reports in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-reports?view=o365-21vianet) | modified |

+| 1/6/2022 | [Respond to and mitigate threats in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-respond-mitigate-threats?view=o365-21vianet) | modified |

+| 1/6/2022 | [Review remediation actions in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-review-remediation-actions?view=o365-21vianet) | modified |

+| 1/6/2022 | [Assign roles and permissions in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-roles-permissions?view=o365-21vianet) | modified |

+| 1/6/2022 | [Set up and configure Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-setup-configuration?view=o365-21vianet) | modified |

+| 1/6/2022 | [The simplified configuration process in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-simplified-configuration?view=o365-21vianet) | modified |

+| 1/6/2022 | [Tutorials and simulations in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-tutorials?view=o365-21vianet) | modified |

+| 1/6/2022 | [View or edit policies in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-view-edit-create-policies?view=o365-21vianet) | modified |

+| 1/6/2022 | [View and manage incidents in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-view-manage-incidents?view=o365-21vianet) | modified |

+| 1/6/2022 | [Onboard Windows devices to Microsoft Defender for Endpoint via Group Policy](/microsoft-365/security/defender-endpoint/configure-endpoints-gp?view=o365-21vianet) | modified |

+| 1/6/2022 | [Onboard Windows devices using a local script](/microsoft-365/security/defender-endpoint/configure-endpoints-script?view=o365-21vianet) | modified |

+| 1/6/2022 | [Onboard Windows servers to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-21vianet) | modified |

+| 1/6/2022 | [Enable SIEM integration in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/enable-siem-integration?view=o365-21vianet) | modified |

+| 1/6/2022 | [Create indicators for IPs and URLs/domains](/microsoft-365/security/defender-endpoint/indicator-ip-domain?view=o365-21vianet) | modified |

+| 1/6/2022 | [Manage indicators](/microsoft-365/security/defender-endpoint/indicator-manage?view=o365-21vianet) | modified |

+| 1/6/2022 | [Deploy Microsoft Defender for Endpoint on Linux with Ansible](/microsoft-365/security/defender-endpoint/linux-install-with-ansible?view=o365-21vianet) | modified |

+| 1/6/2022 | [Investigate entities on devices using live response in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/live-response?view=o365-21vianet) | modified |

+| 1/6/2022 | [Set up the Microsoft Defender for Endpoint on macOS policies in Jamf Pro](/microsoft-365/security/defender-endpoint/mac-jamfpro-policies?view=o365-21vianet) | modified |

+| 1/6/2022 | [Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux?view=o365-21vianet) | modified |

+| 1/6/2022 | [Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-mac?view=o365-21vianet) | modified |

+| 1/6/2022 | [Minimum requirements for Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/minimum-requirements?view=o365-21vianet) | modified |

+| 1/6/2022 | [Troubleshoot onboarding issues related to Security Management for Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/troubleshoot-security-config-mgt?view=o365-21vianet) | modified |

+| 1/6/2022 | [Microsoft 365 Defender prerequisites](/microsoft-365/security/defender/prerequisites?view=o365-21vianet) | modified |

+| 1/6/2022 | [Address compromised user accounts with automated investigation and response](/microsoft-365/security/office-365-security/address-compromised-users-quickly?view=o365-21vianet) | modified |

+| 1/6/2022 | [Admin review for reported messages](/microsoft-365/security/office-365-security/admin-review-reported-message?view=o365-21vianet) | modified |

+| 1/6/2022 | [Manage submissions](/microsoft-365/security/office-365-security/admin-submission?view=o365-21vianet) | modified |

+| 1/6/2022 | [How to report false positives or false negatives following automated investigation in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/air-report-false-positives-negatives?view=o365-21vianet) | modified |

+| 1/6/2022 | [Review and manage remediation actions in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/air-review-approve-pending-completed-actions?view=o365-21vianet) | modified |

+| 1/6/2022 | [Alerts in the Microsoft 365 Defender portal](/microsoft-365/security/office-365-security/alerts?view=o365-21vianet) | modified |

+| 1/6/2022 | [Get started using Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-get-started?view=o365-21vianet) | modified |

+| 1/6/2022 | [Insights and reports Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-insights?view=o365-21vianet) | modified |

+| 1/6/2022 | [Create custom payloads for Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-payloads?view=o365-21vianet) | modified |

+| 1/6/2022 | [Simulate a phishing attack with Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/attack-simulation-training?view=o365-21vianet) | modified |

+| 1/6/2022 | [Campaign Views in Microsoft Defender for Office 365 Plan](/microsoft-365/security/office-365-security/campaigns?view=o365-21vianet) | modified |

+| 1/6/2022 | [Configuration analyzer for security policies](/microsoft-365/security/office-365-security/configuration-analyzer-for-security-policies?view=o365-21vianet) | modified |

+| 1/6/2022 | [Configure the delivery of third-party phishing simulations to users and unfiltered messages to SecOps mailboxes](/microsoft-365/security/office-365-security/configure-advanced-delivery?view=o365-21vianet) | modified |

+| 1/6/2022 | [Configure anti-malware policies](/microsoft-365/security/office-365-security/configure-anti-malware-policies?view=o365-21vianet) | modified |

+| 1/6/2022 | [Configure anti-phishing policies in EOP](/microsoft-365/security/office-365-security/configure-anti-phishing-policies-eop?view=o365-21vianet) | modified |

+| 1/6/2022 | [Configure global settings for Safe Links settings in Defender for Office 365](/microsoft-365/security/office-365-security/configure-global-settings-for-safe-links?view=o365-21vianet) | modified |

+| 1/6/2022 | [Configure anti-phishing policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/configure-mdo-anti-phishing-policies?view=o365-21vianet) | modified |

+| 1/6/2022 | [Configure the default connection filter policy](/microsoft-365/security/office-365-security/configure-the-connection-filter-policy?view=o365-21vianet) | modified |

+| 1/6/2022 | [Configure outbound spam filtering](/microsoft-365/security/office-365-security/configure-the-outbound-spam-policy?view=o365-21vianet) | modified |

+| 1/6/2022 | [Configure spam filter policies](/microsoft-365/security/office-365-security/configure-your-spam-filter-policies?view=o365-21vianet) | modified |

+| 1/6/2022 | [Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/defender-for-office-365?view=o365-21vianet) | modified |

+| 1/6/2022 | [Detect and Remediate Illicit Consent Grants](/microsoft-365/security/office-365-security/detect-and-remediate-illicit-consent-grants?view=o365-21vianet) | modified |

+| 1/6/2022 | [Email security with Threat Explorer in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/email-security-in-microsoft-defender?view=o365-21vianet) | modified |

+| 1/6/2022 | [Find and release quarantined messages as a user](/microsoft-365/security/office-365-security/find-and-release-quarantined-messages-as-a-user?view=o365-21vianet) | modified |

+| 1/6/2022 | [Impersonation insight](/microsoft-365/security/office-365-security/impersonation-insight?view=o365-21vianet) | modified |

+| 1/6/2022 | [Use Microsoft Defender for Office 365 together with Microsoft Defender for Endpoint](/microsoft-365/security/office-365-security/integrate-office-365-ti-with-mde?view=o365-21vianet) | modified |

+| 1/6/2022 | [Investigate malicious email that was delivered in Microsoft 365, Find and investigate malicious email](/microsoft-365/security/office-365-security/investigate-malicious-email-that-was-delivered?view=o365-21vianet) | modified |

+| 1/6/2022 | [Spoof intelligence insight](/microsoft-365/security/office-365-security/learn-about-spoof-intelligence?view=o365-21vianet) | modified |

+| 1/6/2022 | [Mail flow intelligence](/microsoft-365/security/office-365-security/mail-flow-intelligence-in-office-365?view=o365-21vianet) | modified |

+| 1/6/2022 | [Manage quarantined messages and files as an admin](/microsoft-365/security/office-365-security/manage-quarantined-messages-and-files?view=o365-21vianet) | modified |

+| 1/6/2022 | [The Microsoft Defender for Office 365 email entity page](/microsoft-365/security/office-365-security/mdo-email-entity-page?view=o365-21vianet) | modified |

+| 1/6/2022 | [Message trace in the Microsoft 365 Defender portal](/microsoft-365/security/office-365-security/message-trace-scc?view=o365-21vianet) | modified |

+| 1/6/2022 | [Queues insight in the Mail flow dashboard](/microsoft-365/security/office-365-security/mfi-queue-alerts-and-queues?view=o365-21vianet) | modified |

+| 1/6/2022 | [Fix slow mail flow rules insight](/microsoft-365/security/office-365-security/mfi-slow-mail-flow-rules-insight?view=o365-21vianet) | modified |

+| 1/6/2022 | [Automated investigation and response in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-air?view=o365-21vianet) | modified |

+| 1/6/2022 | [Evaluate Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-evaluation?view=o365-21vianet) | modified |

+| 1/6/2022 | [Threat investigation & response capabilities - Microsoft Defender for Office 365 Plan 2](/microsoft-365/security/office-365-security/office-365-ti?view=o365-21vianet) | modified |

+| 1/6/2022 | [Permissions - Security & Compliance Center](/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center?view=o365-21vianet) | modified |

+| 1/6/2022 | [Permissions in the Microsoft 365 Defender portal](/microsoft-365/security/office-365-security/permissions-microsoft-365-security-center?view=o365-21vianet) | modified |

+| 1/6/2022 | [Preset security policies](/microsoft-365/security/office-365-security/preset-security-policies?view=o365-21vianet) | modified |

+| 1/6/2022 | [Threat Explorer and Real-time detections basics in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/real-time-detections?view=o365-21vianet) | modified |

+| 1/6/2022 | [Remove blocked users from the Restricted users portal](/microsoft-365/security/office-365-security/removing-user-from-restricted-users-portal-after-spam?view=o365-21vianet) | modified |

+| 1/6/2022 | [Responding to a Compromised Email Account](/microsoft-365/security/office-365-security/responding-to-a-compromised-email-account?view=o365-21vianet) | modified |

+| 1/6/2022 | [Safe Documents in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/safe-docs?view=o365-21vianet) | modified |

+| 1/6/2022 | [Security recommendations for priority accounts in Microsoft 365, priority accounts, priority accounts in Office 365, priority accounts in Microsoft 365](/microsoft-365/security/office-365-security/security-recommendations-for-priority-accounts?view=o365-21vianet) | modified |

+| 1/6/2022 | [Set up Safe Attachments policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/set-up-safe-attachments-policies?view=o365-21vianet) | modified |

+| 1/6/2022 | [Set up Safe Links policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/set-up-safe-links-policies?view=o365-21vianet) | modified |

+| 1/6/2022 | [Manage your allows and blocks in the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list?view=o365-21vianet) | modified |

+| 1/6/2022 | [Threat Explorer and Real-time detections](/microsoft-365/security/office-365-security/threat-explorer?view=o365-21vianet) | modified |

+| 1/6/2022 | [Threat hunting in Threat Explorer for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/threat-hunting-in-threat-explorer?view=o365-21vianet) | modified |

+| 1/6/2022 | [Threat Trackers - New and Noteworthy](/microsoft-365/security/office-365-security/threat-trackers?view=o365-21vianet) | modified |

+| 1/6/2022 | [Microsoft Defender for Office 365 trial playbook](/microsoft-365/security/office-365-security/trial-playbook-defender-for-office-365?view=o365-21vianet) | modified |

+| 1/6/2022 | [Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](/microsoft-365/security/office-365-security/turn-on-mdo-for-spo-odb-and-teams?view=o365-21vianet) | modified |

+| 1/6/2022 | [How to use DKIM for email in your custom domain](/microsoft-365/security/office-365-security/use-dkim-to-validate-outbound-email?view=o365-21vianet) | modified |

+| 1/6/2022 | [Use Azure Privileged Identity Management (PIM) in Microsoft Defender for Office 365 to limit admin access to cyber security tools.](/microsoft-365/security/office-365-security/use-privileged-identity-management-in-defender-for-office-365?view=o365-21vianet) | modified |

+| 1/6/2022 | [User reported message settings](/microsoft-365/security/office-365-security/user-submission?view=o365-21vianet) | modified |

+| 1/6/2022 | [User tags in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/user-tags?view=o365-21vianet) | modified |

+| 1/6/2022 | [View email security reports](/microsoft-365/security/office-365-security/view-email-security-reports?view=o365-21vianet) | modified |

+| 1/6/2022 | [View mail flow reports in the Reports dashboard](/microsoft-365/security/office-365-security/view-mail-flow-reports?view=o365-21vianet) | modified |

+| 1/6/2022 | [View Defender for Office 365 reports](/microsoft-365/security/office-365-security/view-reports-for-mdo?view=o365-21vianet) | modified |

+| 1/6/2022 | [Manage spoofed senders using the spoof intelligence policy and spoof intelligence insight](/microsoft-365/security/office-365-security/walkthrough-spoof-intelligence-insight?view=o365-21vianet) | modified |

+| 1/6/2022 | [Overview of importing your organization's PST files](/microsoft-365/compliance/importing-pst-files-to-office-365?view=o365-21vianet) | modified |

+| 1/6/2022 | [Learn about retention for Yammer](/microsoft-365/compliance/retention-policies-yammer?view=o365-21vianet) | modified |

+| 1/6/2022 | [Explanation types in Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/explanation-types-overview) | modified |

+| 1/6/2022 | Batch apply model | removed |

+| 1/6/2022 | BatchDelete | removed |

+| 1/6/2022 | Create file classification request | removed |

+| 1/6/2022 | Create folder classification request | removed |

+| 1/6/2022 | Create model | removed |

+| 1/6/2022 | GetByTitle | removed |

+| 1/6/2022 | GetByUniqueId | removed |

+| 1/6/2022 | Get model and library info | removed |

+| 1/6/2022 | UpdateModelSettings | removed |

+| 1/6/2022 | SharePoint Syntex document understanding model REST API | removed |

+| 1/6/2022 | [Data move general FAQ](/microsoft-365/enterprise/data-move-faq?view=o365-21vianet) | modified |

+| 1/6/2022 | [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-21vianet) | modified |

+| 1/6/2022 | [Microsoft Defender Antivirus compatibility with other security products](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-21vianet) | modified |

+| 1/7/2022 | [Microsoft 365 alert policies](/microsoft-365/compliance/alert-policies?view=o365-21vianet) | modified |

+| 1/7/2022 | [How to retrain a classifier in content explorer](/microsoft-365/compliance/classifier-how-to-retrain-content-explorer?view=o365-21vianet) | modified |

+| 1/7/2022 | [Learn about trainable classifiers](/microsoft-365/compliance/classifier-learn-about?view=o365-21vianet) | modified |

+| 1/7/2022 | [DLP policy conditions, exceptions, and actions](/microsoft-365/compliance/dlp-conditions-and-exceptions?view=o365-21vianet) | modified |

+| 1/7/2022 | [Insider risk management settings](/microsoft-365/compliance/insider-risk-management-settings?view=o365-21vianet) | modified |

+| 1/7/2022 | [Onboard Windows servers to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-21vianet) | modified |

+| 1/7/2022 | [Become a Microsoft Defender for Endpoint partner](/microsoft-365/security/defender-endpoint/get-started-partner-integration?view=o365-21vianet) | modified |

+| 1/7/2022 | Get user information API | removed |

+| 1/7/2022 | [Microsoft Defender Antivirus on Windows Server](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-on-windows-server?view=o365-21vianet) | modified |

+| 1/7/2022 | [Minimum requirements for Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/minimum-requirements?view=o365-21vianet) | modified |

+| 1/7/2022 | [Server migration scenarios for the new version of Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/server-migration?view=o365-21vianet) | modified |

+| 1/7/2022 | [Switch to Microsoft Defender for Endpoint - Setup](/microsoft-365/security/defender-endpoint/switch-to-mde-phase-2?view=o365-21vianet) | modified |

+| 1/7/2022 | [Microsoft Defender Antivirus event IDs and error codes](/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus?view=o365-21vianet) | modified |

+| 1/7/2022 | [Track your Microsoft Secure Score history and meet goals](/microsoft-365/security/defender/microsoft-secure-score-history-metrics-trends?view=o365-21vianet) | modified |

+| 1/7/2022 | [Microsoft 365 productivity illustrations](/microsoft-365/solutions/productivity-illustrations?view=o365-21vianet) | modified |

+| 1/7/2022 | [Determine if Centralized Deployment of add-ins works for your organization](/microsoft-365/admin/manage/centralized-deployment-of-add-ins?view=o365-21vianet) | modified |

+| 1/7/2022 | [Advanced Audit in Microsoft 365](/microsoft-365/compliance/advanced-audit?view=o365-21vianet) | modified |

+| 1/7/2022 | [Set up historical versions in Advanced eDiscovery](/microsoft-365/compliance/advanced-ediscovery-historical-versions?view=o365-21vianet) | modified |

+| 1/7/2022 | [Assign eDiscovery permissions in the Microsoft 365 compliance center](/microsoft-365/compliance/assign-ediscovery-permissions?view=o365-21vianet) | modified |

+| 1/7/2022 | [Set up attorney-client privilege detection in Advanced eDiscovery](/microsoft-365/compliance/attorney-privilege-detection?view=o365-21vianet) | modified |

+| 1/7/2022 | [Review conversations in Advanced eDiscovery](/microsoft-365/compliance/conversation-review-sets?view=o365-21vianet) | modified |

+| 1/7/2022 | [Create a Litigation hold](/microsoft-365/compliance/create-a-litigation-hold?view=o365-21vianet) | modified |

+| 1/7/2022 | [De-duplication in eDiscovery search results](/microsoft-365/compliance/de-duplication-in-ediscovery-search-results?view=o365-21vianet) | modified |

+| 1/7/2022 | [Detailed properties in the audit log](/microsoft-365/compliance/detailed-properties-in-the-office-365-audit-log?view=o365-21vianet) | modified |

+| 1/7/2022 | [Differences between estimated and actual eDiscovery search results](/microsoft-365/compliance/differences-between-estimated-and-actual-ediscovery-search-results?view=o365-21vianet) | modified |

+| 1/7/2022 | [Document metadata fields in Advanced eDiscovery](/microsoft-365/compliance/document-metadata-fields-in-advanced-ediscovery?view=o365-21vianet) | modified |

+| 1/7/2022 | [CJK/Double Byte support for Advanced eDiscovery](/microsoft-365/compliance/ediscovery-cjk-support?view=o365-21vianet) | modified |

+| 1/7/2022 | [Decryption in eDiscovery](/microsoft-365/compliance/ediscovery-decryption?view=o365-21vianet) | modified |

+| 1/7/2022 | [Collect eDiscovery diagnostic information](/microsoft-365/compliance/ediscovery-diagnostic-info?view=o365-21vianet) | modified |

+| 1/7/2022 | [Investigating partially indexed items in eDiscovery](/microsoft-365/compliance/investigating-partially-indexed-items-in-ediscovery?view=o365-21vianet) | modified |

+| 1/7/2022 | [Limits in core eDiscovery case](/microsoft-365/compliance/limits-core-ediscovery?view=o365-21vianet) | modified |

+| 1/7/2022 | [Limits for Content search and Core eDiscovery in the compliance center](/microsoft-365/compliance/limits-for-content-search?view=o365-21vianet) | modified |

+| 1/7/2022 | [Manage jobs in Advanced eDiscovery](/microsoft-365/compliance/managing-jobs-ediscovery20?view=o365-21vianet) | modified |

+| 1/7/2022 | [Partially indexed items in Content Search and other eDiscovery tools](/microsoft-365/compliance/partially-indexed-items-in-content-search?view=o365-21vianet) | modified |

+| 1/7/2022 | [Configure permissions filtering for eDiscovery](/microsoft-365/compliance/permissions-filtering-for-content-search?view=o365-21vianet) | modified |

+| 1/7/2022 | [Preserve Bcc and expanded distribution group recipients for eDiscovery](/microsoft-365/compliance/preserve-bcc-and-expanded-distribution-group-recipients-for-ediscovery?view=o365-21vianet) | modified |

+| 1/7/2022 | [Search for Teams chat data for on-premises users](/microsoft-365/compliance/search-cloud-based-mailboxes-for-on-premises-users?view=o365-21vianet) | modified |

+| 1/7/2022 | [Search for content](/microsoft-365/compliance/search-for-content?view=o365-21vianet) | modified |

+| 1/7/2022 | [Search for eDiscovery activities in the audit log](/microsoft-365/compliance/search-for-ediscovery-activities-in-the-audit-log?view=o365-21vianet) | modified |

+| 1/7/2022 | [Search statistics in Advance eDiscovery](/microsoft-365/compliance/search-statistics-in-advanced-ediscovery?view=o365-21vianet) | modified |

+| 1/7/2022 | [Supported file types in Advanced eDiscovery](/microsoft-365/compliance/supported-filetypes-ediscovery20?view=o365-21vianet) | modified |

+| 1/7/2022 | [View documents in a review set in Advanced eDiscovery](/microsoft-365/compliance/view-documents-in-review-set?view=o365-21vianet) | modified |

+| 1/7/2022 | [View statistics for eDiscovery search results](/microsoft-365/compliance/view-keyword-statistics-for-content-search?view=o365-21vianet) | modified |

+| 1/7/2022 | [Access the Admin portal](/microsoft-365/managed-desktop/get-started/access-admin-portal?view=o365-21vianet) | modified |

+| 1/7/2022 | [Microsoft 365 Zero Trust deployment plan](/microsoft-365/security/microsoft-365-zero-trust?view=o365-21vianet) | modified |

+| 1/7/2022 | [Email security with Threat Explorer in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/email-security-in-microsoft-defender?view=o365-21vianet) | modified |

+| 1/7/2022 | [The Microsoft Defender for Office 365 email entity page](/microsoft-365/security/office-365-security/mdo-email-entity-page?view=o365-21vianet) | modified |

+| 1/7/2022 | [Threat Explorer and Real-time detections basics in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/real-time-detections?view=o365-21vianet) | modified |

+| 1/7/2022 | [Threat hunting in Threat Explorer for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/threat-hunting-in-threat-explorer?view=o365-21vianet) | modified |

+| 1/7/2022 | [Step 1. Implement App Protection Policies](/microsoft-365/solutions/manage-devices-with-intune-app-protection?view=o365-21vianet) | modified |

+| 1/7/2022 | [Step 3. Set up compliance policies for devices with Intune](/microsoft-365/solutions/manage-devices-with-intune-compliance-policies?view=o365-21vianet) | modified |

+| 1/7/2022 | [Step 5. Deploy device profiles in Microsoft Intune](/microsoft-365/solutions/manage-devices-with-intune-configuration-profiles?view=o365-21vianet) | modified |

+| 1/7/2022 | [Step 7. Implement data loss prevention (DLP) with information protection capabilities](/microsoft-365/solutions/manage-devices-with-intune-dlp-mip?view=o365-21vianet) | modified |

+| 1/7/2022 | [Step 2. Enroll devices into management with Intune](/microsoft-365/solutions/manage-devices-with-intune-enroll?view=o365-21vianet) | modified |

+| 1/7/2022 | [Step 6. Monitor device risk and compliance to security baselines](/microsoft-365/solutions/manage-devices-with-intune-monitor-risk?view=o365-21vianet) | modified |

+| 1/7/2022 | [Manage devices with Intune](/microsoft-365/solutions/manage-devices-with-intune-overview?view=o365-21vianet) | modified |

+| 1/7/2022 | [Step 4. Require healthy and compliant devices with Intune](/microsoft-365/solutions/manage-devices-with-intune-require-compliance?view=o365-21vianet) | modified |

+- deploy zero trust

+- zero trust strategy

+For more information, see [Deploy a Microsoft Information Protection solution](../compliance/information-protection-solution.md).

+The `DeviceAlertEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about alerts in Microsoft 365 Defender. Use this reference to construct queries that return information from the table.

+Table and column names are also listed within the Microsoft 365 Defender portal, in the schema representation on the advanced hunting screen.

+|**[DeviceAlertEvents](advanced-hunting-devicealertevents-table.md)**|Alerts on Microsoft 365 Defender |

+3. Upon successful onboarding, the device will start showing up on the Devices list in the Microsoft 365 Defender portal.

+- Server investigation - Microsoft Defender for Cloud customers can access the Microsoft 365 Defender portal to perform detailed investigation to uncover the scope of a potential breach.

+1. As a global administrator or security administrator, go to the Microsoft 365 Defender portal (<https://security.microsoft.com>) and sign in.

+1. In the Microsoft 365 Defender portal (<https://security.microsoft.com>), on the **Settings** page, under **Permissions**, select **Device groups**.

+If you're already a Defender for Endpoint customer, you can apply through the Microsoft 365 Defender portal.

+You can partner with Microsoft Threat Experts who can be engaged directly from within the Microsoft 365 Defender portal for timely and accurate response. Experts provide insights to better understand complex threats, targeted attack notifications that you get, or if you need more information about the alerts, a potentially compromised device, or a threat intelligence context that you see on your portal dashboard.

+1. In Microsoft 365 Defender, go to **Settings > Device Management > Onboarding**.

+For additional configuration settings, see [Configure sample collection settings](configure-endpoints-gp.md#configure-sample-collection-settings) and [Other recommended configuration settings](configure-endpoints-gp.md#other-recommended-configuration-settings).

+1. In Microsoft 365 Defender, go to **Settings > Device Management > Onboarding**.

+<br/><br/>

+|Capability|Description|Deploy through Intune|Deploy through Group Policy|

+|||||

+|Removable Media Group Creation|Allows you to create reusable removable media group|Step 1 and step 3 in the section, [Deploying policy via OMA-URI](#deploying-policy-via-oma-uri) | Step 1 in the section, [Deploying policy via Group Policy](#deploying-policy-via-group-policy)|

+|Policy Creation|Allows you to create policy to enforce each removable media group|Steps 2 and 3 in the section, [Deploying policy via OMA-URI](#deploying-policy-via-oma-uri) | Step 2 in the section, [Deploying policy via Group Policy](#deploying-policy-via-group-policy) |

+|Default Enforcement|Allows you to set default access (Deny or Allow) to removable media if there is no policy|Step 4 in the section, [Deploying policy via OMA-URI](#deploying-policy-via-oma-uri) | Step 3 in the section, [Deploying policy via Group Policy](#deploying-policy-via-group-policy) |

+|Enable or Disable Removable Storage Access Control|If you set Disable, it will disable the Removable Storage Access Control policy on this machine| Step 5 in the section, [Deploying policy via OMA-URI](#deploying-policy-via-oma-uri) | Step 4 in the section, [Deploying policy via Group Policy](#deploying-policy-via-group-policy) |

+- **4.18.2111 or later**: Add 'Enable or Disable Removable Storage Access Control', 'Default Enforcement', client machine policy update time through PowerShell.

+|**DescriptorIdList**|List the device properties you want to use to cover in the group. For each device property, see [Device Properties](device-control-removable-storage-protection.md) for more detail. All properties are case sensitive. |**PrimaryId**: `RemovableMediaDevices`, `CdRomDevices`, `WpdDevices`<p>**BusId**: For example, USB, SCSI<p>**DeviceId**<p>**HardwareId**<p>**InstancePathId**: InstancePathId is a string that uniquely identifies the device in the system, for example, `USBSTOR\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\8735B611&0`. The number at the end (for example &0) represents the available slot and may change from device to device. For best results, use a wildcard at the end. For example, `USBSTOR\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\8735B611*`.<p>**FriendlyNameId**<p>**SerialNumberId**<p>**VID**<p>**PID**<p>**VID_PID**<p>0751_55E0: match this exact VID/PID pair<p>55E0: match any media with PID=55E0 <p>0751: match any media with VID=0751|

+|**MatchType**|When there are multiple device properties being used in the `DescriptorIDList`, MatchType defines the relationship.|**MatchAll**: Any attributes under the `DescriptorIdList` will be **And** relationship; for example, if administrator puts `DeviceID` and `InstancePathID`, for every connected USB, system will check to see whether the USB meets both values. <p> **MatchAny**: The attributes under the DescriptorIdList will be **Or** relationship; for example, if administrator puts `DeviceID` and `InstancePathID`, for every connected USB, system will do the enforcement as long as the USB has either an identical **DeviceID** or **InstanceID** value. |

+

+

+

+

+4. Default enforcement: allows you to set default access (Deny or Allow) to removable media if there is no policy. For example, you only have policy (either Deny or Allow) for RemovableMediaDevices, but do not have any policy for CdRomDevices or WpdDevices, and you set default Deny through this policy, Read/Write/Execute access to CdRomDevices or WpdDevices will be blocked.

+ - Once you deploy this setting, you will see **Default Allow** or **Default Deny**.

+ :::image type="content" source="images/148609579-a7df650b-7792-4085-b552-500b28a35885.png" alt-text="Default Allow or Default Deny PowerShell code":::

+5. Enable or Disable Removable Storage Access Control: you can set this value to temporarily disable Removable Storage Access Control.

+

+ :::image type="content" source="images/148608318-5cda043d-b996-4146-9642-14fccabcb017.png" alt-text="Device Control settings":::

+

+ - Once you deploy this setting, you will see ΓÇÿEnabledΓÇÖ or ΓÇÿDisabledΓÇÖ - Disabled means this machine does not have Removable Storage Access Control policy running.

+ :::image type="content" source="images/148609685-4c05f002-5cbe-4aab-9245-83e730c5449e.png" alt-text="Enabled or Disabled device control in PowerShell code":::

+

+

+3. Default enforcement: allows you to set default access (Deny or Allow) to removable media if there is no policy. For example, you only have policy (either Deny or Allow) for RemovableMediaDevices, but do not have any policy for CdRomDevices or WpdDevices, and you set default Deny through this policy, Read/Write/Execute access to CdRomDevices or WpdDevices will be blocked.

+ - OMA-URI: `./Vendor/MSFT/Defender/Configuration/DefaultEnforcement`

+ - Data Type: Int

+ `DefaultEnforcementAllow = 1

+ `DefaultEnforcementDeny = 2

+ - Once you deploy this setting, you will see **Default Allow** or **Default Deny**

+ :::image type="content" source="images/148609590-c67cfab8-8e2c-49f8-be2b-96444e9dfc2c.png" alt-text="Default Enforcement Allow PowerShell code":::

+

+4. Enable or Disable Removable Storage Access Control: you can set this value to temporarily disable Removable Storage Access Control.

+ - OMA-URI: `./Vendor/MSFT/Defender/Configuration/DeviceControlEnabled`

+ - Data Type: Int

+ `Disable: 0`

+ `Enable: 1`

+ - Once you deploy this setting, you will see **Enabled** or **Disabled**

+ **Disabled** means this machine does not have Removable Storage Access Control policy running

+ :::image type="content" source="images/148609770-3e555883-f26f-45ab-9181-3fb1ff7a38ac.png" alt-text="Removeable Storage Access Control in PowerShell code":::

+

+

+

+### How can I know whether the latest policy has been deployed to the target machine?

+You can run ΓÇÿGet-MpComputerStatusΓÇÖ on PowerShell as an Administrator. The following value will show whether the latest policy has been applied to the target machine.

+

+

+2. Select the **Virus & threat protection** tile (or the shield icon on the left menu bar), and then, under **Virus & threat protection settings**, select **Manage settings**.

+3. Confirm that **Cloud-based Protection** and **Automatic sample submission** are both switched to **On**.

+Devices can be categorized as misconfigured or inactive are flagged for varying causes. This section provides some explanations as to what might have caused a device to be categorized as inactive or misconfigured.

+An inactive device is not necessarily flagged because of an issue. The following actions taken on a device can cause a device to be categorized as inactive:

+Any device that is not in use for more than seven days will retain 'Inactive' status in the portal.

+A new device entity is generated in Microsoft 365 Defender for reinstalled or renamed devices. The previous device entity remains, with an 'Inactive' status in the portal. If you reinstalled a device and deployed the Defender for Endpoint package, search for the new device name to verify that the device is reporting normally.

+If the device is not sending any signals to any Microsoft Defender for Endpoint channels for more than seven days for any reason, a device can be considered inactive; this includes conditions that fall under misconfigured devices classification.

+This status indicates that there is limited communication between the device and the service.

+If the devices aren't reporting correctly, you should verify that the Windows diagnostic data service is set to automatically start. Also verify that the Windows diagnostic data service is running on the endpoint.

+If your devices are running a third-party antimalware client, Defender for Endpoint agent requires that the Microsoft Defender Antivirus Early Launch Antimalware (ELAM) driver is enabled.

+ To enable RBAC in the customer Microsoft 365 Defender portal, access **Settings > Permissions > Roles** and "Turn on roles", from a user account with Global Administrator or Security Administrator rights.

+ At this point, analyst access has been provisioned, and each analyst should be able to access the customer's Microsoft 365 Defender portal: `https://security.microsoft.com/?tid=<CustomerTenantId>`

+|edr_machine_id|Device identifier used in Microsoft 365 Defender.|

+keywords: Microsoft 365 Defender, product brief, brief, capabilities, licensing

+- Ensure that **Custom network indicators** is enabled in **Microsoft 365 DefenderΓÇ»> Settings > Advanced features**. For more information, see [Advanced features](advanced-features.md).

+- **Block**: Users or apps will be blocked from connecting to dangerous domains. You will be able to see this activity in Microsoft 365 Defender.

+- **Audit**: Users or apps will not be blocked from connecting to dangerous domains. However, you will still see this activity in Microsoft 365 Defender.

+If you turn off network protection, users or apps will not be blocked from connecting to dangerous domains. You will not see any network activity in Microsoft 365 Defender.

+Transfer the Linux Server Onboarding zip file that can be downloaded from the Microsoft 365 Defender portal to this new files folder.

+## 101.53.02 (30.121112.15302.0)

+- Performance improvements & bug fixes

+As part of the Endpoint Detection and Response capabilities, Microsoft Defender for Endpoint on macOS inspects socket traffic and reports this information to the Microsoft 365 Defender portal. The following policy allows the network extension to perform this functionality.

+There might be scenarios where you need to suppress alerts from appearing in Microsoft 365 Defender. Defender for Endpoint lets you create suppression rules for specific alerts that are known to be innocuous such as known tools or processes in your organization.

+[Alerts queue](alerts-queue-endpoint-detection-response.md)| View the alerts surfaced in Microsoft 365 Defender portal.

+When you enable security information and event management (SIEM) integration, it allows you to pull detections from Microsoft 365 Defender using your SIEM solution or by connecting directly to the detections REST API. This activates the SIEM connector access details section with pre-populated values and an application is created under your Azure Active Directory (Azure AD) tenant. For more information, see [SIEM integration](enable-siem-integration.md).

+- Allow people to install specific devices but prevent other devices.

+- Works out of the box, no configuration required - Forwarding cloud traffic logs to Defender for Cloud Apps requires firewall and proxy server configuration. With the Defender for Endpoint and Defender for Cloud Apps integration, there's no configuration required. Just switch it on in Microsoft 365 Defender settings and you're good to go.

+**Microsoft Defender for Endpoint on iOS** offers protection against phishing and unsafe network connections from websites, emails, and apps. All alerts will be available through a single pane of glass in the Microsoft 365 Defender portal. The portal gives security teams a centralized view of threats on iOS devices along with other platforms.

+- Access to the Microsoft 365 Defender portal.

+The Windows Security app is a client interface on Windows 10, version 1703 and later. It is not the Microsoft 365 Defender web portal that is used to review and manage [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint).

+Customers can engage our security experts directly from within Microsoft 365 Defender for timely and accurate response. Experts provide insights needed to better understand the complex threats affecting your organization, from alert inquiries, potentially compromised devices, root cause of a suspicious network connection, to additional threat intelligence regarding ongoing advanced persistent threat campaigns. With this capability, you can:

+- Get access to MSSP customer's Microsoft 365 Defender portal

+With Microsoft Defender for Endpoint, customers benefit from a unified view of all threats and alerts in the Microsoft 365 Defender portal, across Windows and non-Windows platforms, enabling them to get a full picture of what's happening in their environment, which empowers them to more quickly assess and respond to threats.

+1. In the Microsoft 365 Defender navigation pane, select **Settings** > **Device management** > **Onboarding**.

+##### Download the WindowsDefenderATPOnboardingPackage.zip file from the Windows 365 Defender portal

+- When you manage tamper protection in the Microsoft 365 Defender portal, the setting is applied tenant wide, affecting all of your devices that are running Windows 10, Windows 10 Enterprise multi-session, Windows 11, Windows 11 Enterprise multi-session, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 or Windows Server 2022. To fine-tune tamper protection (such as having tamper protection on for some devices but off for others), use either [Intune](#manage-tamper-protection-for-your-organization-using-intune) or [Configuration Manager with tenant attach](#manage-tamper-protection-for-your-organization-with-configuration-manager-version-2006).

+> Microsoft 365 Defender merges similar alert detections into a single alert. This API pulls alert detections in its raw form based on the query parameters you set, enabling you to apply your own grouping and filtering.

+CloudCreatedMachineTags|string|Device tags that were created in Microsoft 365 Defender.

+You can consult a Microsoft threat expert for more insights regarding a potentially compromised device or already compromised ones. Microsoft Threat Experts can be engaged directly from within the Microsoft 365 Defender for timely and accurate response. Experts provide insights not just regarding a potentially compromised device, but also to better understand complex threats, targeted attack notifications that you get, or if you need more information about the alerts, or a threat intelligence context that you see on your portal dashboard.

+ 5. Apply the onboarding script **for use with Group Policy** downloaded from [Microsoft 365 Defender](https://security.microsoft.com).

+6. Apply the onboarding script **for use with Group Policy** downloaded from [Microsoft 365 Defender](https://security.microsoft.com).

+- PowerShell Version: PowerShell Version 5.1, PowerShell ISE

+- [Manage tamper protection using the Microsoft 365 Defender portal](prevent-changes-to-security-settings-with-tamper-protection.md#manage-tamper-protection-for-your-organization-using-the-microsoft-365-defender-portal) <br> You can manage tamper protection settings on Windows 10, Windows Server 2016, Windows Server 2019, and Windows Server 2022 by using a method called *tenant attach*.

+>Microsoft security researchers also provide advanced hunting queries that you can use to locate activities and indicators associated with emerging threats. These queries are provided as part of the [threat analytics](/windows/security/threat-protection/microsoft-defender-atp/threat-analytics) reports in Microsoft 365 Defender.

+- Check RBAC settings for Microsoft Defender for Endpoint in [Microsoft 365 Defender](https://security.microsoft.com/) under **Settings** > **Permissions** > **Roles**. Select the corresponding role to assign the **manage security settings** permission.

+- **Consult a threat expert** (available in both Actions on devices and files) - You can consult a Microsoft threat expert for more insights regarding potentially compromised devices or devices that are already compromised. Microsoft threat experts can be engaged directly from within Microsoft 365 Defender for a timely and accurate response.

+- Any investigation page in the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com))

+1. Go to the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) and sign in.

+#### Search across entities (Preview)

+>[!IMPORTANT]

+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

+The search bar is located at the top of the page. As you type, suggestions are provided so that it's easier to find entities. The enhanced search results page centralizes the results from all entities.

+You can search across the following entities in Defender for Endpoint and Defender for Identity:

+- **Devices** - supported for both Defender for Endpoint and Defender for Identity. Supports use of search operators.

+- **Users** - supported for Defender for Endpoint, Defender for Identity, and Defender for Cloud Apps.

+- **Files, IPs, and URLs** - same capabilities as in Defender for Endpoint.

+ >[!NOTE]

+ >IP and URL searches are exact match and donΓÇÖt appear in the search results page ΓÇô they lead directly to the entity page.

+- **TVM** - same capabilities as in Defender for Endpoint (vulnerabilities, software, and recommendations).

+

+|Search | The search bar is located at the top of the page. Suggestions are provided as you type. You can search across the following entities in Defender for Endpoint and Defender for Identity: <br><br> - **Devices** - supported for both Defender for Endpoint and Defender for Identity. You can even use search operators, for example, you can use "contains" to search for part of a host name. <br><br> - **Users** - supported for both Defender for Endpoint and Defender for Identity. <br><br> - **Files, IPs, and URLs** - same capabilities as in Defender for Endpoint. <br> NOTE: *IP and URL searches are exact match and donΓÇÖt appear in the search results page ΓÇô they lead directly to the entity page. <br><br> - **TVM** - same capabilities as in Defender for Endpoint (vulnerabilities, software, and recommendations). <br><br> The enhanced search results page centralizes the results from all entities. |

+- Sweden

+To enforce the App protection policies you applied in Intune, you must create a Conditional Access policy to require approved client apps and the conditions set in the APP protection policies.

+Enforcing App protection policies requires a set of policies described in [Require app protection policy for cloud app access with Conditional Access](/azure/active-directory/conditional-access/app-protection-based-conditional-access). These policies are each included in this recommended set of identity and access configuration policies.

+To create the Conditional Access policy that requires approved apps and APP protection, follow the steps in [Conditional Access: Require approved client apps or app protection policy](/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection), which only allows accounts within apps protected by App protection policies to access Microsoft 365 endpoints.

+ > This policy ensures mobile users can access all Microsoft 365 endpoints using the applicable apps.

+This policy also blocks Exchange ActiveSync clients from connecting to Exchange Online. However, you can create a separate policy for handling Exchange ActiveSync. For more information, see [Block ActiveSync clients](secure-email-recommended-policies.md#block-activesync-clients), which prevents Exchange ActiveSync clients leveraging basic authentication from connecting to Exchange Online. This policy is not pictured in the illustration at the top of this article. It is described and pictured in [Policy recommendations for securing email](secure-email-recommended-policies.md).

+> - Microsoft 365 Defender (<https://security.microsoft.com>)

+|**Compliance Administrator**¹|Members can manage settings for device management, data loss prevention, reports, and preservation.|Case Management <p> Communication Compliance Admin <p> Communication Compliance Case Management <p> Compliance Administrator <p> Compliance Search <p> Data Classification Feedback Provider <p> Data Classification Feedback Reviewer <p> Data Investigation Management <p> Device Management <p> Disposition Management <p> DLP Compliance Management <p> Hold <p> IB Compliance Management <p> Information Protection Admin <p> Information Protection Analyst <p> Information Protection Investigator <p> Information Protection Reader <p> Insider Risk Management Admin <p> Manage Alerts <p> Organization Configuration <p> RecordManagement <p> Retention Management <p> View-Only Audit Logs <p> View-Only Case <p> View-Only Device Management <p> View-Only DLP Compliance Management <p> View-Only IB Compliance Management <p> View-Only Manage Alerts <p> View-Only Recipients <p> View-Only Record Management <p> View-Only Retention Management|

+|**Compliance Data Administrator**|Members can manage settings for device management, data protection, data loss prevention, reports, and preservation.|Compliance Administrator <p> Compliance Search <p> Device Management <p> Disposition Management <p> DLP Compliance Management <p> IB Compliance Management <p> Information Protection Admin <p> Information Protection Analyst <p> Information Protection Investigator <p> Information Protection Reader <p> Manage Alerts <p> Organization Configuration <p> RecordManagement <p> Retention Management <p> Sensitivity Label Administrator <p> View-Only Audit Logs <p> View-Only Device Management <p> View-Only DLP Compliance Management <p> View-Only IB Compliance Management <p> View-Only Manage Alerts <p> View-Only Recipients <p> View-Only Record Management <p> View-Only Retention Management|

+|**Information Protection**|Full control over all information protection features, including sensitivity labels and their policies, DLP, all classifier types, activity and content explorers, and all related reports.|Data Classification Content Viewer <p> Information Protection Admin <p> Information Protection Analyst <p> Information Protection Investigator <p> Information Protection Reader|

+|**Information Protection Admins**|Create, edit, and delete DLP policies, sensitivity labels and their policies, and all classifier types. Manage endpoint DLP settings and simulation mode for auto-labeling policies.|Information Protection Admin|

+|**Information Protection Analysts**|Access and manage DLP alerts and activity explorer. View-only access to DLP policies, sensitivity labels and their policies, and all classifier types.|Data Classification List Viewer <p> Information Protection Analyst|

+|**Information Protection Investigators**|Access and manage DLP alerts, activity explorer, and content explorer. View-only access to DLP policies, sensitivity labels and their policies, and all classifier types.|Data Classification Content Viewer <p> Information Protection Analyst <p> Information Protection Investigator|

+|**Information Protection Readers**|View-only access to reports for DLP polcies and sensitivity labels and their policies.|Information Protection Reader|

+- Information Protection Admin

+- Information Protection Analyst

+- Information Protection Investigator

+- Information Protection Reader

+|**Data Classification Content Viewer**|View in-place rendering of files in Content explorer.|Content Explorer Content Viewer <p> Information Protection <p> Information Protection Investigators <p> Privacy Management <p> Privacy Management Investigators|

+|**Data Classification List Viewer**|View the list of files in content explorer.|Content Explorer List Viewer <p> Information Protection Analysts <p> Privacy Management <p> Privacy Management Analysts <p> Privacy Management Investigators <p> Privacy Management Viewers|

+|**Information Protection Admin**| Create, edit, and delete DLP policies, sensitivity labels and their policies, and all classifier types. Manage endpoint DLP settings and simulation mode for auto-labeling policies.|Compliance Administrator <p> Compliance Data Administrator <p> Information Protection <p> Information Protection Admins|

+|**Information Protection Analyst**|Access and manage DLP alerts and activity explorer. View-only access to DLP policies, sensitivity labels and their policies, and all classifier types.|Compliance Administrator <p> Compliance Data Administrator <p> Information Protection <p> Information Protection Analysts <p> Information Protection Investigators|

+|**Information Protection Investigator**|Access and manage DLP alerts, activity explorer, and content explorer. View-only access to DLP policies, sensitivity labels and their policies, and all classifier types.|Compliance Administrator <p> Compliance Data Administrator <p> Information Protection <p> Information Protection Investigators|

+|**Information Protection Reader**|View-only access to reports for DLP policies and sensitivity labels and their policies.|Compliance Administrator <p> Compliance Data Administrator <p> Information Protection <p> Information Protection Readers|

+You can now preview an email header and download the email body in Threat Explorer. Admins can analyze downloaded headers/email messages for threats. Because downloading email messages can risk exposure of information, this process is controlled by role-based access control (RBAC). A new role, *Preview*, is required to grant the ability to download mails in all-email messages view. However, viewing the email header does not require any additional role (other than what is required to view messages in Threat Explorer). To create a new role group with the Preview role:

+1. Select a built-in role group that only has the Preview role, such as Data Investigator or eDiscovery Manager.

+2. Select **Copy role group**.

+3. Choose a name and description for your new role group and select **Next**.

+4. Modify the roles by adding and removing roles as necessary but leaving the Preview role.

+5. Add members and then select **Create role group**.

+ Rotate-DkimSigningConfig -KeySize 2048 -Identity <DkimSigningConfigIdParameter>

+> If you are one of our GCC High customers, we calculate _customDomainIdentifier_ differently! Instead of looking up the MX record for your _initialDomain_ to calculate _customDomainIdentifier_, instead we calculate it directly from the customized domain. For example, if your customized domain is "contoso.com" your _customDomainIdentifier_ becomes "contoso-com", any periods are replaced with a dash. So, regardless of what MX record your _initialDomain_ points to, you'll always use the above method to calculate the _customDomainIdentifier_ to use in your CNAME records.

+Points to address or value: selector1-<customDomainIdentifier>._domainkey.<initialDomain>

+Points to address or value: selector2-<customDomainIdentifier>._domainkey.<initialDomain>

+- _customDomainIdentifier_ is the same as the _customDomainIdentifier_ in the customized MX record for your custom domain that appears before mail.protection.outlook.com. For example, in the following MX record for the domain contoso.com, the _customDomainIdentifier_ is contoso-com:

+Co-management combines your existing on-premises Configuration Manager investment with the cloud using Intune and other Microsoft 365 cloud services. You choose whether Configuration Manager or Intune is the management authority for different workloads.

+## Endpoint Analytics

+Endpoint Analytics is a cloud-based service that integrates with Configuration Manager and provides you with insight and intelligence so you can make informed decisions about your Windows clients. It combines data from your organization with data aggregated from millions of other devices connected to Microsoft cloud services.

+With Endpoint Analytics, you can:

+For more information, see this [overview of Endpoint Analytics](/mem/configmgr/desktop-analytics/overview)

+## Deploy Windows 365 to provide remote access for remote workers using personal devices

+To support remote workers who can only use their personal and unmanaged devices, use Windows 365 to create and allocate virtual desktops for your users to use from home. With an on-premises network connection (OPNC), Windows 365 Cloud PCs can act just like PCs connected to your organization's network.

+For more information, see this [overview of Windows 365](/windows-365/overview).

+> Windows 365 is not included with a Microsoft 365 subscription. You must pay for usage with a separate subscription.

+| Remote workers are using their personal devices from home | You have configured Windows 365. |

+You can also use Conditional Access policies for more advanced capabilities, such as requiring that the sign-in is done from a compliant device, such as your laptop running Windows 11 or 10.

+- Protection of Windows 11 or 10 devices from malware and other types of cyberattacks

+ - Malware protection for cloud service data, email, and Windows 11 or 10 devices

+- Windows 11 or 10 Enterprise security features.

+ Sign-ins are secured with multi-factor authentication (MFA) and built-in security features of Microsoft 365 and Windows 11 or 10 protect against malware, malicious attacks, and data loss.

+For a seamless sign-in experience, your on-premises Active Directory Domain Services (AD DS) user accounts should be synchronized with Azure Active Directory (Azure AD). To protect your Windows 11 or 10 devices, they should be enrolled in Intune. Here is a high-level view of the infrastructure.

+|Windows 365|Support remote workers who can only use their personal and unmanaged devices with Windows 365 Cloud PCs.|Requires separate paid Azure subscription|

+|Endpoint Analytics|Determine the update readiness of your Windows clients.|Requires separate Configuration Manager licenses|

+|Windows Autopilot|Set up and pre-configure new Windows 11 or 10 devices for productive use.|Microsoft 365 E3 or E5|

+- A modern device, such as a Surface laptop and Windows 11 or 10, which has the features, security, and performance to access Microsoft 365 cloud apps and services directly over the web.

+- Any device including older laptops or desktops used from home, which can access Microsoft 365 cloud apps and services indirectly through a [Windows 365 Cloud PC](empower-people-to-work-remotely-remote-access.md#deploy-windows-365-to-provide-remote-access-for-remote-workers-using-personal-devices). This option provides high performance, strong security, and simplified IT management.

+- Intune App Protection policies

+- APP

+- mobile application management

+- MAM

+- set up mobile ap protection

+- Create compliance policies

+- Intune device compliance policy

+- configuration profiles

+- Windows security baselines for Intune

+- customize configuration profiles

+- Endpoint dlp

+- data loss prevention

+- dlp policies

+- enroll devices into management

+- enroll devices with Intune

+- Intune mobile device platforms

+- connect Intune to Defender

+- monitor device risk

+- monitor device compliance

+- deploy security baselines

+- enroll devices into Intune

+- manage device endpoints

+- zero trust deployment stack

+- device management with zero trust

+- Conditional access policy

+- Microsoft Intune

+- Intune device management