| Category | Microsoft Docs article | Related commit history on GitHub | Change details |
|---|---|---|---|
| bookings | Add Staff | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/add-staff.md | Although Bookings is a feature of Microsoft 365, not all of your staff members a By deselecting this box, staff can be given custom hours that further limit when they can be booked. This is helpful for scenarios where a staff member may only be on site Tuesdays and Wednesdays, or they dedicate their mornings for one type of appointments, and their afternoons for other types. > [!NOTE]- > Only the first 31 staff members that you add to your staff page will appear when you assign staff members to a service. + > The first 100 staff members that you add to your staff page will appear when you assign staff members to a service. ## Make a Bookings user a super user without adding them as Staff in Bookings |
| compliance | Archiving Third Party Data | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archiving-third-party-data.md | description: "Learn how to import and archive third-party data from social media Microsoft 365 lets administrators use data connectors to import and archive third-party data from social media platforms, instant messaging platforms, and document collaboration platforms, to mailboxes in your Microsoft 365 organization. One primary benefit of using data connectors to import and archive third-party data in Microsoft 365 is that you can apply various Microsoft 365 compliance solutions to that after it's been imported. This helps you ensure that your organization's non-Microsoft data is in compliance with the regulations and standards that affect your organization. +Watch this interactive guide that demonstrates how to create data connectors to archive third-party data and examples of applying compliance solutions to data after it's imported to Microsoft 365. ++> [!VIDEO https://mslearn.cloudguides.com/guides/Archive%20data%20from%20non-Microsoft%20sources%20in%20Microsoft%20365] + ## Third-party data connectors The Microsoft 365 compliance center provides native third-party data connectors from Microsoft to import data from various data sources, such as LinkedIn, Instant Bloomberg, and Twitter and data connectors that support the Insider risk management solution. In addition to these data connectors, Microsoft works with the following partners to provide many more third part data connectors in the Microsoft 365 compliance center. Your organization works with these partners to set up their archiving service before creating a corresponding data connector in the Microsoft 365 compliance center. |
| compliance | Classifier Learn About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/classifier-learn-about.md | -description: "A Microsoft 365 trainable classifier is a tool you can use to recognize various types of content for labeling or policy application by giving it positive and negative samples to look at." +description: "Trainable classifiers can recognize various types of content for labeling or policy application by giving it positive and negative samples to look at." # Learn about trainable classifiers Classifying and labeling content so it can be protected and handled properly is ## Manually -This method requires human judgment and action. An admin may either use the pre-existing labels and sensitive information types or create their own and then publish them. Users and admins apply them to content as they encounter it. You can then protect the content and manage its disposition. +Manual classification requires human judgment and action. Users and admins apply them to content as they encounter it. You can use either use the pre-existing labels and sensitive information types or use custom created ones. You can then protect the content and manage its disposition. ## Automated pattern-matching Sensitivity and retention labels can then be automatically applied to make the c ## Classifiers -This classification method is particularly well suited to content that isn't easily identified by either the manual or automated pattern matching methods. This method of classification is more about using a classifier to identify an item based on what the item is, not by elements that are in the item (pattern matching). A classifier learns how to identify a type of content by looking at hundreds of examples of the content you're interested in classifying. +This classification method is well suited to content that isn't easily identified by either the manual or automated pattern-matching methods. This method of classification is more about using a classifier to identify an item based on what the item is, not by elements that are in the item (pattern matching). A classifier learns how to identify a type of content by looking at hundreds of examples of the content you're interested in classifying. ### Where you can use classifiers Microsoft 365 comes with multiple pre-trained classifiers: > [!CAUTION] > We are deprecating the **Offensive Language** pre-trained classifier because it has been producing a high number of false positives. Don't use it and if you are currently using it, you should move your business processes off of it. We recommend using the **Threat**, **Profanity**, and **Harassment** pre-trained classifiers instead. -- **Resumes**: detects items that are textual accounts of an applicant's personal, educational, professional qualifications, work experience, and other personally identifying information-- **Source Code**: detects items that contain a set of instructions and statements written in the top 25 used computer programming languages on GitHub- - ActionScript - - C - - C# - - C++ - - Clojure - - CoffeeScript - - Go - - Haskell - - Java - - JavaScript - - Lua - - MATLAB - - Objective-C - - Perl - - PHP - - Python - - R - - Ruby - - Scala - - Shell - - Swift - - TeX - - Vim Script +- **Resumes**: detects docx, .pdf, .rtf, .txt items that are textual accounts of an applicant's personal, educational, professional qualifications, work experience, and other personally identifying information +- **Source Code**: detects items that contain a set of instructions and statements written in the top 25 used computer programming languages on GitHub: ActionScript, C, C#, C++, Clojure, CoffeeScript, Go, Haskell, Java, JavaScript, Lua, MATLAB, Objective-C, Perl, PHP, Python, R, Ruby, Scala, Shell, Swift, TeX, Vim Script. > [!NOTE] > Source Code is trained to detect when the bulk of the text is source code. It does not detect source code text that is interspersed with plain text. -- **Agreements**: detects content related to legal agreements such as non-disclosure agreements, statements of work, loan and lease agreements, employment and non-compete agreements-- **Discrimination**: detects explicit discriminatory language and is particularly sensitive to discriminatory language against the African American/Black communities when compared to other communities.-- **Finance**: detects content in corporate finance, accounting, economy, banking and investment categories-- **Harassment**: detects a specific category of offensive language text items related to offensive conduct targeting one or multiple individuals based on the following traits: race, ethnicity, religion, national origin, gender, sexual orientation, age, disability-- **Healthcare**: detects content in medical and healthcare administration aspects such as medical services, diagnoses, treatment, claims etc-- **HR**: detects content in human resources related categories of recruitment, interviewing, hiring, training, evaluating, warning and termination-- **IP**: detects content in Intellectual Property related categories such as trade secrets and similar confidential information-- **IT**: detects content in Information Technology and Cybersecurity categories such as network settings, information security, hardware and software-- **Legal Affairs**: detects content in legal affairs related categories such as litigation, legal process, legal obligation, legal terminology, law and legislation-- **Procurement**: detects content in categories of bidding, quoting, purchasing and paying for supply of goods and services-- **Profanity**: detects a specific category of offensive language text items that contain expressions that embarrass most people-- **Tax**: detects Tax relation content such as tax planning, tax forms, tax filing, tax regulations-- **Threat**: detects a specific category of offensive language text items related to threats to commit violence or do physical harm or damage to a person or property+- **Agreements**: Detects content related to legal agreements such as non-disclosure agreements, statements of work, loan and lease agreements, employment and non-compete agreements. Detects content in .docx, .docm, .doc, .dotx, .dotm, .dot, .pdf, .rtf, .txt, .one, .msg, .eml files. +- **Discrimination**: Detects explicit discriminatory language and is sensitive to discriminatory language against the African American/Black communities when compared to other communities. +- **Finance**: Detects content in corporate finance, accounting, economy, banking, and investment categories. Detects content in .docx, .docm, .doc, .dotx, .dotm, .dot, .pdf, .rtf, .txt, .one, .msg, .eml, .pptx, .pptm, .ppt, .potx, .potm, .pot, .ppsx, .ppsm, .pps, .ppam, .ppa, .xlsx, .xlsm, .xlsb, .xls, .csv, .xltx, .xltm, .xlt, .xlam, .xla files. +- **Harassment**: Detects a specific category of offensive language text items related to offensive conduct targeting one or multiple individuals based on the following traits: race, ethnicity, religion, national origin, gender, sexual orientation, age, disability. +- **Healthcare**: Detects content in medical and healthcare administration aspects such as medical services, diagnoses, treatment, claims, etc. Detects content in .docx, .docm, .doc, .dotx, .dotm, .dot, .pdf, .rtf, .txt, .one, .msg, .eml, .pptx, .pptm, .ppt, .potx, .potm, .pot, .ppsx, .ppsm, .pps, .ppam, .ppa, .xlsx, .xlsm, .xlsb, .xls, .csv, .xltx, .xltm, .xlt, .xlam, .xla files. +- **HR**: Detects content in human resources related categories of recruitment, interviewing, hiring, training, evaluating, warning, and termination. Detects content in .docx, .docm, .doc, .dotx, .dotm, .dot, .pdf, .rtf, .txt, .one, .msg, .eml, .pptx, .pptm, .ppt, .potx, .potm, .pot, .ppsx, .ppsm, .pps, .ppam, .ppa, .xlsx, .xlsm, .xlsb, .xls, .csv, .xltx, .xltm, .xlt, .xlam, .xla files. +- **IP**: Detects content in Intellectual Property related categories such as trade secrets and similar confidential information. Detects content in .docx, .docm, .doc, .dotx, .dotm, .dot, .pdf, .rtf, .txt, .one, .msg, .eml, .pptx, .pptm, .ppt, .potx, .potm, .pot, .ppsx, .ppsm, .pps, .ppam, .ppa, .xlsx, .xlsm, .xlsb, .xls, .csv, .xltx, .xltm, .xlt, .xlam, .xla files. +- **IT**: Detects content in Information Technology and Cybersecurity categories such as network settings, information security, hardware, and software. Detects content in .docx, .docm, .doc, .dotx, .dotm, .dot, .pdf, .rtf, .txt, .one, .msg, .eml, .pptx, .pptm, .ppt, .potx, .potm, .pot, .ppsx, .ppsm, .pps, .ppam, .ppa, .xlsx, .xlsm, .xlsb, .xls, .csv, .xltx, .xltm, .xlt, .xlam, .xla files. +- **Legal Affairs**: Detects content in legal affairs-related categories such as litigation, legal process, legal obligation, legal terminology, law, and legislation. Detects content in .docx, .docm, .doc, .dotx, .dotm, .dot, .pdf, .rtf, .txt, .one, .msg, .eml files. +- **Procurement**: Detects content in categories of bidding, quoting, purchasing, and paying for supply of goods and services. Detects content in .docx, .docm, .doc, .dotx, .dotm, .dot, .pdf, .rtf, .txt, .one, .msg, .eml, .xlsx, .xlsm, .xlsb, .xls, .csv, .xltx, .xltm, .xlt, .xlam, .xla files. +- **Profanity**: Detects a specific category of offensive language text items that contain expressions that embarrass most people. +- **Tax**: Detects Tax relation content such as tax planning, tax forms, tax filing, tax regulations. Detects content in .docx, .docm, .doc, .dotx, .dotm, .dot, .pdf, .rtf, .txt, .one, .msg, .eml, .pptx, .pptm, .ppt, .potx, .potm, .pot, .ppsx, .ppsm, .pps, .ppam, .ppa, .xlsx, .xlsm, .xlsb, .xls, .csv, .xltx, .xltm, .xlt, .xlam, xla files. +- **Threat**: Detects a specific category of offensive language text items related to threats to commit violence or do physical harm or damage to a person or property. These appear in the **Microsoft 365 compliance center** > **Data classification** > **Trainable classifiers** view with the status of `Ready to use`. |
| compliance | Disposition | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/disposition.md | Additionally: - To view the contents of items during the disposition process, add users to the **Content Explorer Content Viewer** role group. If users don't have the permissions from this role group, they can still select a disposition review action to complete the disposition review, but must do so without being able to view the item's contents from the mini-preview pane in the compliance center. -- By default, each person that accesses the **Disposition** page sees only items that they are assigned to review. For a records management administrator to see all items assigned to all users, and all retention labels that are configured for disposition review: Navigate to **Records management settings** > **General** > **Security group for records manager** to select and then enable a mail-enabled security group that contains the administrator accounts.+- By default, each person that accesses the **Disposition** page sees only items that they are assigned to review. For a records management administrator to see all items assigned to all users, and all retention labels that are configured for disposition review: Navigate to **Records management settings** > **Disposition** to select and then enable a mail-enabled security group that contains the administrator accounts. Microsoft 365 groups and security groups that aren't mail-enabled don't support this feature and don't display in the list to select. If you need to create a new mail-enabled security group, use the link to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a> to create the new group. When a disposition review is triggered at the end of the retention period, the r You can customize the notification email that reviewers receive, including instructions in different languages. For multi-language support, you must specify the translations yourself and this custom text is displayed to all reviewers irrespective of their locale. -Users receive an initial email notification per label at the end of the item's retention period, with a reminder per label once a week of all disposition reviews that they are assigned. They can click the link in the notification and reminder emails to go to the **Disposition** page in the Microsoft 365 compliance center to review the content and take an action. Alternately, the reviewers can go directly to the **Disposition** page in the compliance center. Then: +Users receive an initial email notification per label at the end of the item's retention period, with a reminder per label once a week of all disposition reviews that they are assigned. They can click the link in the notification and reminder emails to go directly to the **Records management** > **Disposition** page in the Microsoft 365 compliance center to review the content and take an action. Alternately, the reviewers can navigate to this **Disposition** page in the compliance center. Then: - Reviewers see only the disposition reviews that are assigned to them, whereas administrators who are added to the selected security group for records manager see all disposition reviews. Example default email notification sent to a reviewer: You can customize the email messages that are sent to disposition reviewers for the initial notification and then reminders. -From any of the Disposition pages in the compliance center, select **Records management settings**: +From any of the Records management pages in the compliance center, select **Records management settings**:  -Then select the **Disposition notifications** tab, and specify whether you want to use just the default email message, or add your own text to the default message. Your custom text is added to the email instructions after the information about the retention label and before the next steps instructions. +From the **Disposition** tab, in the **Email notifications for disposition reviews** section, select and specify whether you want to use just the default email message, or add your own text to the default message. Your custom text is added to the email instructions after the information about the retention label and before the next steps instructions. Text for all languages can be added, but formatting and images are unsupported. URLs and email addresses can be entered as text and depending on the email client, display as hyperlinks or unformatted text in the customized email. During a disposition review, the content never moves from its original location, ## Disposition of records -Use the **Disposition** tab from the **Records management** page to identify: +From the **Records management** main page > **Disposition** tab, you can identify: - Items deleted as a result of a disposition review. - Items marked as a record or regulatory record that were automatically deleted at the end of their retention period. |
| compliance | Document Metadata Fields In Advanced Ediscovery | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/document-metadata-fields-in-Advanced-eDiscovery.md | The following table lists the metadata fields for documents in a review set in a |Document date created|CreatedTime|Doc_date_created|Create date from document metadata.| |DocIndex*|||The index in the family. **-1** or **0** means it is the root.| |Document keywords||Doc_keywords|Keywords from the document metadata.|-|Document modified by||Doc_modified_by|Last modified date by from document metadata.| -|Document Revision|Doc_Version|Doc_Version|Revision from the document metadata.| +|Document modified by||Doc_modified_by|The user who last modified the document from document metadata.| +|Document revision|Doc_Version|Doc_Version|Revision from the document metadata.| |Document subject||Doc_subject|Subject from the document metadata.| |Document template||Doc_template|Template from the document metadata.| |DocLastSavedBy||Doc_last_saved_by|The name of the user who last saved the document.| |
| compliance | Permissions Filtering For Content Search | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/permissions-filtering-for-content-search.md | The _Filters_ parameter specifies the search criteria for the compliance securi |Department |`"Mailbox_Department -eq 'Finance'"` | ||| -- **Mailbox content filtering:** This type of filter is applied on the content that can be searched. This type of filter is called a *content filter* because it specifies the mailbox content the assigned users can search for. The syntax for this type of filter is **MailboxContent_** _SearchablePropertyName: value_, where _SearchablePropertyName_ specifies a Keyword Query Language (KQL) property that can be specified in a search. For example, the mailbox content filter `MailboxContent_recipients:contoso.com` would allow the user assigned this filter to only search for messages sent to recipients in the contoso.com domain. For a list of searchable message properties, see [Keyword queries and search conditions for eDiscovery](keyword-queries-and-search-conditions.md#searchable-email-properties).+- **Mailbox content filtering:** This type of filter is applied on the content that can be searched. This type of filter is called a *content filter* because it specifies the mailbox content or searchable email properties the assigned users can search for. The syntax for this type of filter is **MailboxContent_**_SearchablePropertyName, where _SearchablePropertyName_ specifies a Keyword Query Language (KQL) property that can be specified in a search. For example, the mailbox content filter `"MailboxContent_Recipients -like 'contoso.com'"` would allow the user assigned this filter to only search for messages sent to recipients in the contoso.com domain. For a list of searchable email properties, see [Keyword queries and search conditions for eDiscovery](keyword-queries-and-search-conditions.md#searchable-email-properties). > [!IMPORTANT] > A single search filter can't contain a mailbox filter and a mailbox content filter. To combine these in a single filter, you have to use a [filters list](#using-a-filters-list-to-combine-filter-types). But a filter can contain a more complex query of the same type. For example, `"Mailbox_CustomAttribute10 -eq 'FTE' -and Mailbox_MemberOfGroup -eq '$($DG.DistinguishedName)'"` The _Filters_ parameter specifies the search criteria for the compliance securi - **Mailbox and OneDrive filtering:** This type of filter specifies the mailboxes and OneDrive accounts the assigned users (specified by the _Users_ parameter) can search. The syntax for this type of filter is **Mailbox_** _MailboxPropertyName_, where _MailboxPropertyName_ specifies a mailbox property used to scope the mailboxes that can be searched. For example, the mailbox filter `"Mailbox_CustomAttribute10 -eq 'OttawaUsers'"` would allow the user assigned this filter to search only the mailboxes that have the value "OttawaUsers" in the CustomAttribute10 property. Any supported filterable recipient property can be used for the _MailboxPropertyName_ property. For a list of supported properties, see [Filterable properties for the -RecipientFilter parameter](/powershell/exchange/recipientfilter-properties). -- **Mailbox content filtering:** This type of filter is applied on the content that can be searched. It specifies the mailbox content the assigned users can search for. The syntax for this type of filter is **MailboxContent_** _SearchablePropertyName:value_, where _SearchablePropertyName_ specifies a Keyword Query Language (KQL) property that can be specified in a search. For example, the mailbox content filter `MailboxContent_recipients:contoso.com` would allow the user assigned this filter to only search for messages sent to recipients in the contoso.com domain. For a list of searchable message properties, see [Keyword queries and search conditions for eDiscovery](keyword-queries-and-search-conditions.md). +- **Mailbox content filtering:** This type of filter is applied on the content that can be searched. It specifies the mailbox content the assigned users can search for. The syntax for this type of filter is **MailboxContent_**_SearchablePropertyName_, where _SearchablePropertyName_ specifies a Keyword Query Language (KQL) property that can be specified in a search. For example, the mailbox content filter `"MailboxContent_Recipients -like 'contoso.com'"` would allow the user assigned this filter to only search for messages sent to recipients in the contoso.com domain. For a list of searchable email properties, see [Keyword queries and search conditions for eDiscovery](keyword-queries-and-search-conditions.md). - **Site and site content filtering:** There are two SharePoint and OneDrive for Business site-related filters that you can use to specify what site or site content the assigned users can search: |
| compliance | Set Up Compliance Boundaries | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/set-up-compliance-boundaries.md | Here's how the search permission filters are applied for each agency in this sce 2. After the content locations that can be searched are defined, the next part of the filter defines the content that eDiscovery managers can search. The first `SiteContent` filter lets Fourth Coffee eDiscovery managers only search for documents that have a site path property that contains (or starts with) `https://contoso.sharepoint.com/sites/FourthCoffee`; Coho Winery eDiscovery managers can only search documents that have a site path property that contains (or starts with) `https://contoso.sharepoint.com/sites/CohoWinery`. Therefore, the two `SiteContent` filters are *content filters* because they define the content that can be searched for. In both filters, eDiscovery managers can only search for documents with a specific document property value. All SharePoint-related filters are content filters because searchable site properties are stamped on all documents. For more information, see [Configure permissions filtering for eDiscovery](permissions-filtering-for-content-search.md#new-compliancesecurityfilter). > [!NOTE]- > Although the scenario in this article doesn't use them, you can also use mailbox content filters to specify the content that eDiscovery managers can search for. The syntax for mailbox content filters is `MailboxContent_<Property:value>`. For example, you can create content filters based on date ranges, recipients, or domains. For more information about mailbox content filters, see [Configure search permissions filtering](permissions-filtering-for-content-search.md#new-compliancesecurityfilter). + > Although the scenario in this article doesn't use them, you can also use mailbox content filters to specify the content that eDiscovery managers can search for. The syntax for mailbox content filters is `"MailboxContent_<property> -<comparison operator> '<value>'"`. You can create content filters based on date ranges, recipients, and domains or any searchable email property. For example, this filter would allow eDiscovery managers to only search for mail items sent or received by users in the contoso.com domain: `"MailboxContent_Participants -like 'contoso.com'"`. For more information about mailbox content filters, see [Configure search permissions filtering](permissions-filtering-for-content-search.md#new-compliancesecurityfilter). 3. The search permissions filter is joined to the search query by the **AND** Boolean operator. That means when an eDiscovery manager in one of the agencies runs an eDiscovery search, the items returned by the search must match the search query and the conditions defined in the search permissions filter. |
| compliance | Use Notifications And Policy Tips | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/use-notifications-and-policy-tips.md | For example, you may have a DLP policy applied to OneDrive for Business sites th 3. Third rule: If greater than five instances of this sensitive information are detected in a document, and the document is shared with people outside the organization, the **Block access to content** action restricts the permissions for the file, and the **Send a notification** action does not allow people to override the actions in this rule because the information is shared externally. Under no circumstances should people in your organization be allowed to share PII data outside the organization. +### User Override support + Here are some fine points to understand about using a policy tip to override a rule: - The option to override is per rule, and it overrides all of the actions in the rule (except sending a notification, which can't be overridden). Here are some fine points to understand about using a policy tip to override a r - If the policy tips in the most restrictive rule allow people to override the rule, then overriding this rule also overrides any other rules that the content matched. +- If NotifyAllowOverride action is set with WithoutJustification or WithJustification or FlasePositives, make sure BlockAccess is set to true and BlockAccessScope has appropriate value. Otherwise policy tip will come up but the user will not find an option to override the email with justification. ++#### Availability of Override ++|Notification Rule |Notify/Block action |Override available |Require Justification | +||||| +|Notify only |Notify |No |No | +|Notify + AllowOverride |Notify |No |No | +|Notify + AllowOverride + False positive |Notify |No |No | +|Notify + AllowOverride + With justification |Notify |No |No | +|Notify + AllowOverride + False positive + Without justification |Notify |No |No | +|Notify + AllowOverride + False positive + With justification |Notify |No |No | +|Notify + Block |Block |No |No | +|Notify + Block + AllowOverride |Block |Yes |No | +|Notify + Block + AllowOverride + False positive |Block |Yes |No | +|Notify + Block + AllowOverride + With justification |Block |Yes |Yes | +|Notify + Block + AllowOverride + False positive + Without justification |Block |Yes |No | +|Notify + Block + AllowOverride + False positive + With justification |Block |Yes |Yes | + ## Policy tips on OneDrive for Business sites and SharePoint Online sites |
| security | Microsoft 365 Zero Trust | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/Microsoft-365-zero-trust.md | Microsoft Information Protection provides a framework, process, and capabilities  -For more information, see [Deploy a Microsoft Information Protection solution](../compliance/information-protection-solution.md). +For more information on how to plan and deploy information protection, see [Deploy a Microsoft Information Protection solution](../compliance/information-protection-solution.md). ++If you're deploying information protection for data privacy regulations, this solution guide provides a recommended framework for the entire process: [Deploy information protection for data privacy regulations with Microsoft 365](../solutions/information-protection-deploy.md). |
| security | Deployment Rings | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/deployment-rings.md | audience: ITPro - M365-security-compliance - m365solution-endpointprotect- - m365solution-overview ms.technology: mde |
| security | Evaluate Defender Endpoint Enable | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/evaluate-defender-endpoint-enable.md | - Title: Pilot Defender for Endpoint evaluation -description: Enable your Microsoft 365 Defender trial lab or pilot environment. -keywords: Microsoft 365 Defender trial, try Microsoft 365 Defender, evaluate Microsoft 365 Defender, Microsoft 365 Defender evaluation lab, Microsoft 365 Defender pilot, cyber security, advanced persistent threat, enterprise security, devices, device, identity, users, data, applications, incidents, automated investigation and remediation, advanced hunting -search.product: eADQiWindows 10XVcnh -ms.sitesec: library -ms.pagetype: security - - NOCSH ----- - M365-security-compliance - - m365solution-overview - - m365solution-evalutatemtp ----# Pilot MDE Evaluation --**Applies to:** -- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/?linkid=2154037)--> [!NOTE] -> For the purpose of guiding you through a typical deployment, this scenario will only cover the use of Microsoft Endpoint Configuration Manager. Defender for Endpoint supports the use of other onboarding tools but won't cover those scenarios in the deployment guide. For more information, see [Onboard devices to Microsoft Defender for Endpoint](onboard-configure.md). --## Step 1. Check license state --Checking for the license state and whether it got properly provisioned, can be done through the admin center or through the **Microsoft Azure portal**. --1. To view your licenses, go to the **Microsoft Azure portal** and navigate to the [Microsoft Azure portal license section](https://portal.azure.com/#blade/Microsoft_AAD_IAM/LicensesMenuBlade/Products). --  --1. Alternately, in the admin center, navigate to **Billing** \> **Subscriptions**. -- On the screen, you'll see all the provisioned licenses and their current **Status**. --  --## Step 2. Onboard endpoints using any of the supported management tools --The [Plan deployment](deployment-strategy.md) topic outlines the general steps you need to take to deploy Defender for Endpoint. --Watch this video for a quick overview of the onboarding process and learn about the available tools and methods. --> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4bGqr] --After identifying your architecture, you'll need to decide which deployment method to use. The deployment tool you choose influences how you onboard endpoints to the service. --### Onboarding tool options --The following table lists the available tools based on the endpoint that you need to onboard. --<br> --**** --|Endpoint|Tool options| -||| -|**Windows**|[Local script (up to 10 devices)](../defender-endpoint/configure-endpoints-script.md) <p> [Group Policy](../defender-endpoint/configure-endpoints-gp.md) <p> [Microsoft Endpoint Manager/ Mobile Device Manager](../defender-endpoint/configure-endpoints-mdm.md) <p> [Microsoft Endpoint Configuration Manager](../defender-endpoint/configure-endpoints-sccm.md) <p> [VDI scripts](../defender-endpoint/configure-endpoints-vdi.md) <p> [Integration with Microsoft Defender for Cloud](../defender-endpoint/configure-server-endpoints.md#integration-with-azure-defender)| -|**macOS**|[Local scripts](../defender-endpoint/mac-install-manually.md) <p> [Microsoft Endpoint Manager](../defender-endpoint/mac-install-with-intune.md) <p> [JAMF Pro](../defender-endpoint/mac-install-with-jamf.md) <p> [Mobile Device Management](../defender-endpoint/mac-install-with-other-mdm.md)| -|**Linux Server**|[Local script](../defender-endpoint/linux-install-manually.md) <p> [Puppet](../defender-endpoint/linux-install-with-puppet.md) <p> [Ansible](../defender-endpoint/linux-install-with-ansible.md)| -|**iOS**|[App-based](../defender-endpoint/ios-install.md)| -|**Android**|[Microsoft Endpoint Manager](../defender-endpoint/android-intune.md)| -| |
| security | Evaluate Defender Endpoint Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/evaluate-defender-endpoint-overview.md | - Title: Evaluate Microsoft 365 Defender for Endpoint overview -description: Set up a Microsoft 365 Defender trial lab or pilot environment. Test and experience how the security solution is designed to protect devices, identity, data, and apps in your organization. -keywords: Microsoft 365 Defender trial, try Microsoft 365 Defender, evaluate Microsoft 365 Defender, Microsoft 365 Defender evaluation lab, Microsoft 365 Defender pilot, cyber security, advanced persistent threat, enterprise security, devices, device, identity, users, data, applications, incidents, automated investigation and remediation, advanced hunting -search.product: eADQiWindows 10XVcnh -ms.sitesec: library -ms.pagetype: security - - NOCSH ----- - M365-security-compliance - - m365solution-overview - - m365solution-evalutatemtp ----# Evaluate Microsoft 365 Defender for Endpoint overview --**Applies to:** -- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/?linkid=2154037)-- Microsoft 365 Defender-- --Comprehensive security product evaluations can be a complex process, requiring cumbersome environment and device configurations before an end-to-end attack simulation can actually be done. Adding to the complexity is the challenge of tracking where the simulation activities, alerts, and results are reflected during the evaluation. --The Microsoft Defender for Endpoint evaluation lab is designed to eliminate the complexities of device and environment configuration. This enables you to: --- Focus on evaluating the capabilities of the platform-- Run simulations-- See the prevention, detection, and remediation features in action-<br> --> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4woug] --Using the simplified set-up experience, you can focus on running your own test scenarios and the pre-made simulations to see how Defender for Endpoint performs. --You'll have full access to the powerful capabilities of the platform such as automated investigations, advanced hunting, and threat analytics, allowing you to test the comprehensive protection stack that Defender for Endpoint offers. --You can add Windows 10, or Windows Server 2019, or Windows Server 2022 devices that come pre-configured to have the latest OS versions and the right security components in place as well as Office 2019 Standard installed. --You can also install threat simulators. Defender for Endpoint has partnered with industry leading threat simulation platforms to help you test out the Defender for Endpoint capabilities without having to leave the portal. -- Install your preferred simulator, run scenarios within the evaluation lab, and then instantly see how the platform performs. This capability is all conveniently available at no extra cost to you. You'll also have convenient access to wide array of simulations, which you can access and run from the simulations catalog. |
| security | Evaluate Defender Endpoint Pilot | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/evaluate-defender-endpoint-pilot.md | - Title: Experience Microsoft Defender for Endpoint (MDE) through simulated attacks -description: Pilot your Microsoft 365 Defender trial lab or pilot environment. -keywords: Microsoft 365 Defender trial, try Microsoft 365 Defender, evaluate Microsoft 365 Defender, Microsoft 365 Defender evaluation lab, Microsoft 365 Defender pilot, cyber security, advanced persistent threat, enterprise security, devices, device, identity, users, data, applications, incidents, automated investigation and remediation, advanced hunting -search.product: eADQiWindows 10XVcnh -ms.sitesec: library -ms.pagetype: security - - NOCSH ----- - M365-security-compliance - - m365solution-overview - - m365solution-evalutatemtp ----# Experience Microsoft Defender for Endpoint (MDE) through simulated attacks --**Applies to:** -- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/?linkid=2154037)---> [!TIP] -> -> - Learn about the latest enhancements in Microsoft Defender for Endpoint: [What's new in Defender for Endpoint?](https://cloudblogs.microsoft.com/microsoftsecure/2018/11/15/whats-new-in-windows-defender-atp/). -> - Defender for Endpoint demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/). --You might want to experience Defender for Endpoint before you onboard more than a few devices to the service. To do this, you can run controlled attack simulations on a few test devices. After running the simulated attacks, you can review how Defender for Endpoint surfaces malicious activity and explore how it enables an efficient response. --## Before you begin --To run any of the provided simulations, you need at least [one onboarded device](onboard-configure.md). --Read the walkthrough document provided with each attack scenario. Each document includes OS and application requirements as well as detailed instructions that are specific to an attack scenario. --## Run a simulation --1. In **Help** \> **Simulations & tutorials**, select which of the available attack scenarios you would like to simulate: -- - **Scenario 1: Document drops backdoor** - simulates delivery of a socially engineered lure document. The document launches a specially crafted backdoor that gives attackers control. -- - **Scenario 2: PowerShell script in fileless attack** - simulates a fileless attack that relies on PowerShell, showcasing attack surface reduction and device learning detection of malicious memory activity. -- - **Scenario 3: Automated incident response** - triggers automated investigation, which automatically hunts for and remediates breach artifacts to scale your incident response capacity. --2. Download and read the corresponding walkthrough document provided with your selected scenario. --3. Download the simulation file or copy the simulation script by navigating to **Help** \> **Simulations & tutorials**. You can choose to download the file or script on the test device but it's not mandatory. --4. Run the simulation file or script on the test device as instructed in the walkthrough document. --> [!NOTE] -> Simulation files or scripts mimic attack activity but are actually benign and will not harm or compromise the test device. --## ALTERNATE TOPIC TEXT --## Simulate attack scenarios --Use the test devices to run your own attack simulations by connecting to them. --You can simulate attack scenarios using: --- The ["Do It Yourself" attack scenarios](https://securitycenter.windows.com/tutorials)-- Threat simulators--You can also use [Advanced hunting](advanced-hunting-overview.md) to query data and [Threat analytics](threat-analytics.md) to view reports about emerging threats. --### Do-it-yourself attack scenarios --If you are looking for a pre-made simulation, you can use our ["Do It Yourself" attack scenarios](https://securitycenter.windows.com/tutorials). These scripts are safe, documented, and easy to use. These scenarios will reflect Defender for Endpoint capabilities and walk you through investigation experience. --> [!NOTE] -> The connection to the test devices is done using RDP. Make sure that your firewall settings allow RDP connections. --1. Connect to your device and run an attack simulation by selecting **Connect**. --  --2. Save the RDP file and launch it by selecting **Connect**. --  -- > [!NOTE] - > If you don't have a copy of the password saved during the initial setup, you can reset the password by selecting **Reset password** from the menu: - > - >  - > - > The device will change it's state to "Executing password reset", then you'll be presented with your new password in a few minutes. --3. Enter the password that was displayed during the device creation step. --  --4. Run Do-it-yourself attack simulations on the device. --### Threat simulator scenarios --If you chose to install any of the supported threat simulators during the lab setup, you can run the built-in simulations on the evaluation lab devices. --Running threat simulations using third-party platforms is a good way to evaluate Microsoft Defender for Endpoint capabilities within the confines of a lab environment. --> [!NOTE] -> Before you can run simulations, ensure the following requirements are met: -> -> - Devices must be added to the evaluation lab -> - Threat simulators must be installed in the evaluation lab --1. From the portal select **Create simulation**. --2. Select a threat simulator. --  --3. Choose a simulation or look through the simulation gallery to browse through the available simulations. -- You can get to the simulation gallery from: -- - The main evaluation dashboard in the **Simulations overview** tile or - - By navigating from the navigation pane **Evaluation and tutorials** \> **Simulation & tutorials**, then select **Simulations catalog**. --4. Select the devices where you'd like to run the simulation on. --5. Select **Create simulation**. --6. View the progress of a simulation by selecting the **Simulations** tab. View the simulation state, active alerts, and other details. --  --After running your simulations, we encourage you to walk through the lab progress bar and explore **Microsoft Defender for Endpoint triggered an automated investigation and remediation**. Check out the evidence collected and analyzed by the feature. --Hunt for attack evidence through advanced hunting by using the rich query language and raw telemetry and check out some world-wide threats documented in Threat analytics. |
| security | Non Windows | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/non-windows.md | For more details on how to get started, visit the Defender for Endpoint on macOS ## Microsoft Defender for Endpoint on Linux -Microsoft Defender for Endpoint on Linux offers preventative (AV), endpoint detection and response (EDR), and vulnerability management capabilities for Linux servers. This includes a full command line experience to configure and manage the agent, initiate scans, and manage threats. We support recent versions of the six most common Linux Server distributions: RHEL 7.2+, CentOS Linux 7.2+, Ubuntu 16 LTS, or higher LTS, SLES 12+, Debian 9+, and Oracle Linux 7.2. Microsoft Defender for Endpoint on Linux can be deployed and configured using Puppet, Ansible, or using your existing Linux configuration management tool. For information about the key features and benefits, read our +Microsoft Defender for Endpoint on Linux offers preventative antivirus (AV), endpoint detection and response (EDR), and vulnerability management capabilities for Linux servers. This includes a full command line experience to configure and manage the agent, initiate scans, and manage threats. We support recent versions of the six most common Linux Server distributions: RHEL 7.2+, CentOS Linux 7.2+, Ubuntu 16 LTS, or higher LTS, SLES 12+, Debian 9+, and Oracle Linux 7.2. Microsoft Defender for Endpoint on Linux can be deployed and configured using Puppet, Ansible, or using your existing Linux configuration management tool. For information about the key features and benefits, read our [announcements](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/Linux). For more details on how to get started, visit the Microsoft Defender for Endpoint on Linux [documentation](microsoft-defender-endpoint-linux.md). |
| security | Switch To Mde Troubleshooting | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/switch-to-mde-troubleshooting.md | - - M365-security-compliance - - m365solution-migratetomdatp - - m365solution-overview - - m365solution-mcafeemigrate - - m365solution-symantecmigrate ++- m365solution-scenario Previously updated : 11/30/2021 Last updated : 01/11/2022 ms.technology: mde If you are using a non-Microsoft antivirus/antimalware solution on Windows Serve - [Microsoft Defender Antivirus compatibility with other security products](microsoft-defender-antivirus-compatibility.md) -- [Onboarding tools and methods for Windows devices in Defender for Endpoint](configure-endpoints.md) +- [Onboarding tools and methods for Windows devices in Defender for Endpoint](configure-endpoints.md) |
| security | Tvm Supported Os | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/tvm-supported-os.md | Ubuntu 16.04 LTS or higher LTS|Yes|Yes|Yes|Yes|Yes Oracle Linux 7.2 or higher|Yes|Yes|Yes|Yes|Yes SUSE Linux Enterprise Server 12 or higher|Yes|Yes|Yes|Yes|Yes Linux Debian 9 or higher|Yes|Yes|Yes|Yes|Yes-Android 6.0 or higher (in preview)|Yes|Yes|Not supported|Not supported|Not supported -iOS 12.0 or higher (in preview)|Yes|Not supported|Not supported|Not supported|Not supported +Android 6.0 or higher|Yes|Yes|Not supported|Not supported|Not supported +iOS 12.0 or higher|Yes|Not supported|Not supported|Not supported|Not supported > [!NOTE] > Some features are not available for down-level Operating System, check the Microsoft 365 Defender Portal for more details on supported OS. |
| security | Eval Create Eval Environment | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/eval-create-eval-environment.md | - - m365solution-overview - - m365solution-evalutatemtp + ms.technology: m365d |
| security | Eval Defender Endpoint Architecture | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/eval-defender-endpoint-architecture.md | - - m365solution-overview - - m365solution-evalutatemtp + ms.technology: m365d |
| security | Eval Defender Endpoint Enable Eval | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/eval-defender-endpoint-enable-eval.md | - - m365solution-overview - - m365solution-evalutatemtp + ms.technology: m365d |
| security | Eval Defender Endpoint Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/eval-defender-endpoint-overview.md | - - m365solution-overview + - m365solution-scenario - m365solution-evalutatemtp ms.technology: m365d |
| security | Eval Defender Endpoint Pilot | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/eval-defender-endpoint-pilot.md | - - m365solution-overview - - m365solution-evalutatemtp + ms.technology: m365d |
| security | Eval Defender Identity Architecture | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/eval-defender-identity-architecture.md | - - m365solution-overview - - m365solution-evalutatemtp + ms.technology: m365d |
| security | Eval Defender Identity Enable Eval | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/eval-defender-identity-enable-eval.md | - - m365solution-overview - - m365solution-evalutatemtp + ms.technology: m365d |
| security | Eval Defender Identity Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/eval-defender-identity-overview.md | - - m365solution-overview + - m365solution-scenario - m365solution-evalutatemtp ms.technology: m365d |
| security | Eval Defender Identity Pilot | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/eval-defender-identity-pilot.md | - - m365solution-overview - - m365solution-evalutatemtp + ms.technology: m365d |
| security | Eval Defender Investigate Respond Additional | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/eval-defender-investigate-respond-additional.md | - - m365solution-overview - - m365solution-evalutatemtp + ms.technology: m365d |
| security | Eval Defender Investigate Respond | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/eval-defender-investigate-respond.md | - - m365solution-overview + - m365solution-scenario - m365solution-evalutatemtp ms.technology: m365d |
| security | Eval Defender Mcas Architecture | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/eval-defender-mcas-architecture.md | - - m365solution-overview - - m365solution-evalutatemtp + ms.technology: m365d |
| security | Eval Defender Mcas Enable Eval | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/eval-defender-mcas-enable-eval.md | - - m365solution-overview - - m365solution-evalutatemtp + ms.technology: m365d |
| security | Eval Defender Mcas Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/eval-defender-mcas-overview.md | - - m365solution-overview + - m365solution-scenario - m365solution-evalutatemtp ms.technology: m365d |
| security | Eval Defender Mcas Pilot | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/eval-defender-mcas-pilot.md | - - m365solution-overview - - m365solution-evalutatemtp + ms.technology: m365d |
| security | Eval Defender Office 365 Architecture | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/eval-defender-office-365-architecture.md | - - m365solution-overview - - m365solution-evalutatemtp + ms.technology: m365d |
| security | Eval Defender Office 365 Enable Eval | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/eval-defender-office-365-enable-eval.md | - - m365solution-overview - - m365solution-evalutatemtp + ms.technology: m365d |
| security | Eval Defender Office 365 Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/eval-defender-office-365-overview.md | - - m365solution-overview + - m365solution-scenario - m365solution-evalutatemtp ms.technology: m365d |
| security | Eval Defender Office 365 Pilot | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/eval-defender-office-365-pilot.md | - - m365solution-overview - - m365solution-evalutatemtp + ms.technology: m365d |
| security | Eval Defender Promote To Production | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/eval-defender-promote-to-production.md | - - m365solution-overview + - m365solution-scenario - m365solution-evalutatemtp ms.technology: m365d |
| security | User Tags | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/user-tags.md | ms.prod: m365-security # User tags in Microsoft Defender for Office 365 -> [!NOTE] -> The user tags feature is in Preview, isn't available to everyone, and is subject to change. For information about the release schedule, check out the [Microsoft 365 roadmap](https://www.microsoft.com/microsoft-365/roadmap). - User tags are identifiers for specific groups of users in [Microsoft Defender for Office 365](defender-for-office-365.md). There are two types of user tags: - **System tags**: Currently, [Priority accounts](../../admin/setup/priority-accounts.md) is the only type of system tag. |
| security | Top Security Tasks For Remote Work | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/top-security-tasks-for-remote-work.md | Applying these policies will take only a few minutes, but be prepared to support ||| |Microsoft 365 plans (without Azure AD P1 or P2)|[Enable Security defaults in Azure AD](/azure/active-directory/fundamentals/concept-fundamentals-security-defaults). Security defaults in Azure AD include MFA for users and administrators.| |Microsoft 365 E3 (with Azure AD P1)|Use [Common Conditional Access policies](/azure/active-directory/conditional-access/concept-conditional-access-policy-common) to configure the following policies: <br/>- [Require MFA for administrators](/azure/active-directory/conditional-access/howto-conditional-access-policy-admin-mfa) <br/>- [Require MFA for all users](/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa) <br/> - [Block legacy authentication](/azure/active-directory/conditional-access/howto-conditional-access-policy-block-legacy)|-|Microsoft 365 E5 (with Azure AD P2)|Taking advantage of Azure AD Identity Protection, begin to implement Microsoft's [recommended set of conditional access and related policies](./office-365-security/identity-access-policies.md) by creating these two policies:<br/> - [Require MFA when sign-in risk is medium or high](./office-365-security/identity-access-policies.md#require-mfa-based-on-sign-in-risk) <br/>- [Block clients that don't support modern authentication](./office-365-security/identity-access-policies.md#block-clients-that-dont-support-multi-factor)<br/>- [High risk users must change password](./office-365-security/identity-access-policies.md#high-risk-users-must-change-password)| +|Microsoft 365 E5 (with Azure AD P2)|Taking advantage of Azure AD Identity Protection, begin to implement Microsoft's [recommended set of conditional access and related policies](./office-365-security/identity-access-policies.md) by creating these policies:<br/> - [Require MFA when sign-in risk is medium or high](./office-365-security/identity-access-policies.md#require-mfa-based-on-sign-in-risk) <br/>- [Block clients that don't support modern authentication](./office-365-security/identity-access-policies.md#block-clients-that-dont-support-multi-factor)<br/>- [High risk users must change password](./office-365-security/identity-access-policies.md#high-risk-users-must-change-password)| | ## 2: Protect against threats |