Updates from: 01/16/2021 04:12:17
Category Microsoft Docs article Related commit history on GitHub Change details
admin https://docs.microsoft.com/en-us/microsoft-365/admin/basic-mobility-security/capabilities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/capabilities.md
@@ -29,16 +29,16 @@ Basic Mobility and Security can help you secure and manage mobile devices like i
You can use Basic Mobility and Security to secure and manage the following devices. - iOS 11.0 or later versions
-
+ - Android 5.0 or later versions<sup>3</sup>
-
+ - Windows 8.1<sup>1</sup>
-
+ - Windows 8.1 RT<sup>1</sup>
-
+ - Windows 10<sup>2</sup>
-
-- Windows 10 Mobile<sup>2</sup> +
+- Windows 10 Mobile<sup>2</sup>
<sup>1</sup>Access control for Windows 8.1 RT devices is limited to Exchange ActiveSync.
@@ -64,14 +64,15 @@ The supported apps for the different types of mobile devices in the following ta
>[!NOTE] - >Support for iOS 10.0 and later versions includes iPhone and iPad devices.-- >Management of BlackBerry OS devices isn’t supported by Mobile Device Management for Microsoft 365. Use BlackBerry Business Cloud Services (BBCS) from BlackBerry to manage BlackBerry OS devices. Blackberry devices running Android OS are supported as standard Android devices
+- >Management of BlackBerry OS devices isnΓÇÖt supported by Basic Security and Mobility. Use BlackBerry Business Cloud Services (BBCS) from BlackBerry to manage BlackBerry OS devices. Blackberry devices running Android OS are supported as standard Android devices
- >Users wonΓÇÖt be prompted to enroll and wonΓÇÖt be blocked or reported for policy violation if they use the mobile browser to access Microsoft 365 SharePoint sites, documents in Office Online, or email in Outlook Web App.
-
+ The following diagram shows what happens when a user with a new device signs in to an app that supports access control with Basic Mobility and Security. The user is blocked from accessing Microsoft 365 resources in the app until they enroll their device. :::image type="content" source="../../media/basic-mobility-security/bms-1-access-control.png" alt-text="Basic Mobility and Security access control":::
-Note:Policies and access rules created in MDM for Microsoft 365 Business Standard will override Exchange ActiveSync mobile device mailbox policies and device access rules created in the Exchange admin center. After a device is enrolled in MDM for Microsoft 365 Business Standard, any Exchange ActiveSync mobile device mailbox policy or device access rule applied to the device will be ignored. To learn more about Exchange ActiveSync, seeΓÇ»[Exchange ActiveSync in Exchange Online](https://go.microsoft.com/fwlink/p/?LinkId=524380).
+> [!NOTE]
+> Policies and access rules created in Basic Mobility and Security for Microsoft 365 Business Standard will override Exchange ActiveSync mobile device mailbox policies and device access rules created in the Exchange admin center. After a device is enrolled in Basic Mobility and Security for Microsoft 365 Business Standard, any Exchange ActiveSync mobile device mailbox policy or device access rule applied to the device will be ignored. To learn more about Exchange ActiveSync, seeΓÇ»[Exchange ActiveSync in Exchange Online](https://go.microsoft.com/fwlink/p/?LinkId=524380).
## Policy settings for mobile devices
@@ -80,11 +81,11 @@ If you create a policy to block access with certain settings turned on, users ar
The settings that can block users from accessing Microsoft 365 resources are in these sections: - Security
-
+ - Encryption
-
+ - Jail broken
-
+ - Managed email profile For example, the following diagram shows what happens when a user with an enrolled device isnΓÇÖt compliant with a security setting in a mobile device management policy that applies to their device. The user signs in to an app that supports access control with Basic Mobility and Security. They are blocked from accessing Microsoft 365 resources in the app until their device complies with the security setting.
@@ -106,7 +107,7 @@ The following sections list the policy settings you can use to help secure and m
|Password expiration (days) |Yes|Yes|Yes| |Remember password history and prevent reuse |Yes|Yes|Yes|
-## Encryption settings
+## Encryption settings
|**Setting name**|**iOS 7.1 and later**|**Android 5 and later**|**Samsung Knox**| |:-----|:-----|:-----|:-----|
@@ -128,7 +129,7 @@ The following option can block users from accessing their Microsoft 365 email if
|:-----|:-----|:-----|:-----| |Email profile is managed |Yes|No|No|
-## Cloud settings
+## Cloud settings
|**Setting name**|**iOS 7.1 and later**|**Android 5 and later**|**Samsung Knox**| |:-----|:-----|:-----|:-----|
@@ -139,14 +140,14 @@ The following option can block users from accessing their Microsoft 365 email if
|Allow Google backup |N/A|No|Yes| |Allow Google account auto sync |N/A|No|Yes|
-## System settings
+## System settings
|**Setting name**|**iOS 7.1 and later**|**Android 5 and later**|**Samsung Knox**| |:-----|:-----|:-----|:-----| |Block screen capture |Yes|No|Yes| |Block sending diagnostic data from device |Yes|No|Yes|
-## Application settings
+## Application settings
|**Setting name**|**iOS 7.1 and later**|**Android 5 and later**|**Samsung Knox**| |:-----|:-----|:-----|:-----|
@@ -154,7 +155,7 @@ The following option can block users from accessing their Microsoft 365 email if
|Block access to application store |Yes|No|Yes| |Require password when accessing application store |No|Yes|Yes|
-## Device capabilities settings
+## Device capabilities settings
|**Setting name**|**iOS 7.1 and later**|**Android 5 and later**|**Samsung Knox**| |:-----|:-----|:-----|:-----|
@@ -181,7 +182,7 @@ You can set the following additional policy settings by using Security & Complia
|SystemSecurityTLS |Yes|No| |WLANEnabled |No|No|
-## Settings supported by Windows
+## Settings supported by Windows
You can manage Windows 10 devices by enrolling them as mobile devices. After an applicable policy is deployed, users with Windows 10 devices will be required to enroll in Basic Mobility and Security the first time they use the built-in email app to access their Microsoft 365 email (requires Azure AD premium subscription).
@@ -192,14 +193,14 @@ The following settings are supported for Windows 10 devices that are enrolled as
- Require an alphanumeric password - Minimum password length
-
+ - Number of sign-in failures before device is wiped
-
+ - Minutes of inactivity before device is locked
-
+ - Password expiration (days)
-
-- Remember password history and prevent reuse +
+- Remember password history and prevent reuse
>[!NOTE] >The following settings regulating passwords only control local Windows accounts. Windows accounts provided through join a domain or Azure Active Directory aren't affected by these settings.
@@ -213,21 +214,20 @@ Block sending diagnostic data from device.
You can set these additional policy settings by using PowerShell cmdlets: - AllowConvenienceLogon
-
+ - UserAccountControlStatus
-
+ - FirewallStatus
-
+ - AutoUpdateStatus
-
-- AntiVirusStatus +
+- AntiVirusStatus
- AntiVirusSignatureStatus
-
+ - SmartScreenEnabled
-
+ - WorkFoldersSyncUrl
-
## Remotely wipe a mobile device
admin https://docs.microsoft.com/en-us/microsoft-365/admin/basic-mobility-security/choose-between-basic-mobility-and-security-and-intune https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/choose-between-basic-mobility-and-security-and-intune.md
@@ -48,7 +48,7 @@ Both Basic Mobility and Security and Intune are included in a variety of plans,
|Enterprise Mobility & Security E5 |No|Yes| >[!NOTE]
->You can't begin using Basic Mobility and Security if you're already using Microsoft Intune.
+>You can't start using Basic Mobility and Security if you're already using Microsoft Intune.
For details, see [Microsoft 365 and Office 365 platform service descriptions](https://docs.microsoft.com/office365/servicedescriptions/office-365-platform-service-description/office-365-platform-service-description).
@@ -64,12 +64,13 @@ Microsoft Intune and built-in Basic Mobility and Security both give you the abil
|Device types|Managing different OS platforms and major management mode variants. |Windows<br/>iOS<br/>Android<br/>Android Samsung KNOX<br/>|Windows<br/>iOS<br/>Android<br/>Android Samsung KNOX<br/>mac OS, iPad OS| |Device compliance|Set and manage security policies, like device level PIN lock and jailbreak detection. |Limitations on Android 9 and later devices. See [details](capabilities.md). |Yes| |Conditional access based on device compliance |Prevent noncompliant devices from accessing corporate email and data from the cloud. |Not supported on Windows 10.<br/>Limited to controlling access to Exchange Online, SharePoint Online, and Outlook. |Yes |
-|Device configuration |Configure device settings (for example, disabling the camera)|Limited set of settings.|Yes|Device compliance|Set and manage security policies, like device level PIN lock and jailbreak detection. |Limitations on Android 9 and later devices. See [details](capabilities.md). |Yes|
+|Device configuration |Configure device settings (for example, disabling the camera)|Limited set of settings.|Yes|
+|Device compliance |Set and manage security policies, like device level PIN lock and jailbreak detection. |Limitations on Android 9 and later devices. See [details](capabilities.md). |Yes|
|Email profiles |Provision a native email profile on the device. |Yes|Yes| |WiFi profiles |Provision a native WiFi profile on the device. |No|Yes| |VPN profiles |Provision a native VPN profile on the device. |No|Yes|
-|MDM application management |Deploy your internal line-of-business apps and from apps stores to users. |No|Yes|
-|MAM |Ensure your users can securely access corporate information using the Office mobile and line-of-business apps, by helping to restrict actions like copy, cut, paste, and save as, to only those apps approved for corporate data. |No|Yes|
+|Basic Mobility and Security application management |Deploy your internal line-of-business apps and from apps stores to users. |No|Yes|
+|Mobile application protection |Enable your users to securely access corporate information using the Office mobile and line-of-business apps they know, while ensuring security of data by helping to restrict actions like copy, cut, paste, and save as, to only those apps managed approved for corporate data. Works even if the devices are not enrolled to Basic Mobility and Security. See Protect app data using MAM policies. |No|Yes|
|Managed browser |Enable more secure web browsing using the Edge app. |No|Yes| |Zero touch enrollment programs Autopilot) |Enroll large numbers of corporate-owned devices, while simplifying user setup. |No|Yes| |||
admin https://docs.microsoft.com/en-us/microsoft-365/admin/basic-mobility-security/create-an-apns-certificate-for-ios-devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/create-an-apns-certificate-for-ios-devices.md
@@ -21,37 +21,37 @@ description: "Manage iOS devices in Basic Mobility and Security."
To manage iOS devices such as iPads and iPhones in Basic Mobility and Security, create an APNs certificate. 1. Sign in to Microsoft 365 with your global admin account.
-
+ 2. In your browser, typeΓÇ»[https://protection.office.com](https://protection.office.com/).
-
-3. Select ΓÇ»**Data loss prevention**ΓÇ»>ΓÇ»**Device management**, and choose **APNs Certificate for iOS devices**.
+
+3. Select ΓÇ»**Data loss prevention**ΓÇ»>ΓÇ»**Device management**, and choose **APNs Certificate for iOS devices**.
4. On the Apple Push Notification Certificate Settings page, choose **Next**.
-
+ 5. Select Download your CSR file and save the certificate signing request to somewhere on your computer that you'll remember. Select  **Next**.
-
+ 6. On the Create an APNs certificate page: 1. Select  Apple APNS Portal to open the Apple Push Certificates Portal.
-
- 2. Sign in with an Apple ID.
+
+ 2. Sign in with an Apple ID.
>[!IMPORTANT] >Use a company Apple ID associated with an email account that will remain with your organization even if the user who manages the account leaves. Save this ID because you'll need to use the same ID when it's time to renew the certificate. 3. Select  **Create a Certificate**  and accept the Terms of Use.
-
+ 4. Browse to the certificate signing request you downloaded to your computer from Microsoft 365, and select **Upload**.
-
+ Download the APNs certificate created by the Apple Push Certificate Portal to your computer.
-
+ >[!TIP] >If you're having trouble downloading the certificate, refresh your browser. 7. Go back to Microsoft 365, and select **Next**  to get to the  **Upload APNS certificate** page.
-
+ 8. Browse to the APN certificate you downloaded from the Apple Push Certificates Portal.
-
+ 9. SelectΓÇ» **Finish**.
-
+ To complete setup, go back to the Security & Compliance Center > **Security policies** > **Device management** > **Manage settings**.
admin https://docs.microsoft.com/en-us/microsoft-365/admin/basic-mobility-security/create-device-security-policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/create-device-security-policies.md
@@ -34,8 +34,8 @@ You can use Basic Mobility and Security to create device policies that help prot
- To create and deploy Basic Mobility and Security policies in Microsoft 365, you need to be a Microsoft 365 global admin. For more info, see [Permissions in the Security & Compliance Center](https://support.microsoft.com/office/d10608af-7934-490a-818e-e68f17d0e9c1). - Before you deploy policies, let your organization know the potential impacts of enrolling a device in Basic Mobility and Security. Depending on how you set up the policies, noncompliant devices can be blocked from accessing Microsoft 365 and data, including installed applications, photos, and personal information on an enrolled device, and data can be deleted.
-> [!NOTE]
-> Policies and access rules created in MDM for Microsoft 365 Business Standard override Exchange ActiveSync mobile device mailbox policies and device access rules created in the Exchange admin center. After a device is enrolled in MDM for Microsoft 365 Business Standard, any Exchange ActiveSync mobile device mailbox policy or device access rule applied to the device is ignored. To learn more about Exchange ActiveSync, see [Exchange ActiveSync in Exchange Online](https://go.microsoft.com/fwlink/p/?LinkId=524380).
+>[!NOTE]
+>Policies and access rules created in Basic Mobility and Security for Microsoft 365 Business Standard override Exchange ActiveSync mobile device mailbox policies and device access rules created in the Exchange admin center. After a device is enrolled in Basic Mobility and Security for Microsoft 365 Business Standard, any Exchange ActiveSync mobile device mailbox policy or device access rule applied to the device is ignored. To learn more about Exchange ActiveSync, see [Exchange ActiveSync in Exchange Online](https://go.microsoft.com/fwlink/p/?LinkId=524380).
## Step 1: Create a device policy and deploy to a test group
@@ -86,7 +86,7 @@ To help secure your organization information, you should block app access to Mic
1. From your browser, type [https://protection.office.com/devicev2](https://protection.office.com/devicev2). 2. Select **Manage organization-wide device access settings**.
-3. To block unsupported devices, choose **Block** under **If a device isn't supported by MDM for Microsoft 365**, and then select **Save**.
+3. To block unsupported devices, choose **Block** under **If a device isn't supported by Basic Mobility and Security for Microsoft 365**, and then select **Save**.
:::image type="content" source="../../media/basic-mobility-security/bms-5-block-access.png" alt-text="Basic Mobility and Security block access option":::
admin https://docs.microsoft.com/en-us/microsoft-365/admin/basic-mobility-security/enroll-your-mobile-device https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/enroll-your-mobile-device.md
@@ -34,15 +34,15 @@ Organizations choose Basic Mobility and Security so that employees can use their
Basic Mobility and Security for Microsoft 365 hosted by the Intune service works with most, but not all, mobile devices. The following are supported with Basic Mobility and Security: - iOS 10.0 or later
-
+ - Android 4.4 or later
-
+ - Windows 8.1 and Windows 10 (Phone and PC)
-
+ If your device is not listed above, and you need to use it with Basic Mobility and Security, contact your work or school administrator.
->[!TIP]
->If you're having trouble enrolling your device, seeΓÇ»[Troubleshoot Basic Mobility and Security](troubleshoot.md).
+>[!TIP]
+>If you're having trouble enrolling your device, seeΓÇ»[Troubleshoot Basic Mobility and Security](/basic-mobility-security/troubleshoot.md).
## Set up your mobile device with Intune and Basic Mobility and Security
@@ -74,4 +74,4 @@ To connect and configure your Windows phone or PC with the Company portal to M
## What's next?
-After your device is enrolled in Basic Mobility and Security, you can start using Office apps on your device to work with email, calendar, contacts, and documents.
\ No newline at end of file
+After your device is enrolled in Basic Mobility and Security, you can start using Office apps on your device to work with email, calendar, contacts, and documents.
admin https://docs.microsoft.com/en-us/microsoft-365/admin/basic-mobility-security/frequently-asked-questions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/frequently-asked-questions.md
@@ -26,19 +26,19 @@ This article contains frequently asked questions about Basic Mobility and Securi
## How can I get Basic Mobility and Security? I don't see it in the Microsoft 365 admin center
-1. Activate Basic Mobility and Security by going to the [Office 365 Security & Compliance](https://protection.office.com/) page.
+1. Activate Basic Mobility and Security by going to the [Office 365 Security & Compliance](https://protection.office.com/) page.
-2. Go to Data loss prevention > Device management.
+2. Go to Data loss prevention > Device management.
## How can I get started with device management in Basic Mobility and Security? There are four steps to getting started with Basic Mobility and Security: 1. Activate Basic Mobility and Security by going to the [Office 365 Security & Compliance](https://protection.office.com/).
-
+ 2. Go to Data loss prevention > Device management > Device policies.
-3. Create device management policies, and apply them to groups of users that are set up in security groups. We recommend that you start by deploying the policies to a small test group. For more info, see [Create device security policies in Basic Mobility and Security](create-device-security-policies.md). ΓÇ»
+3. Create device management policies, and apply them to groups of users that are set up in security groups. We recommend that you start by deploying the policies to a small test group. For more info, see [Create device security policies in Basic Mobility and Security](create-device-security-policies.md).
4. Users who have had a policy applied to them are prompted to enroll their devices when they try to access Microsoft 365 data. For more info, see [Enroll your mobile device using Basic Mobility and Security](enroll-your-mobile-device.md).
@@ -46,18 +46,18 @@ For more details, see [Set up Basic Mobility and Security](set-up.md).
## IΓÇÖm trying to set up Basic Mobility and Security but it seems stuck. The Microsoft 365 Service Health has been showing ΓÇ£provisioningΓÇ¥ for a while. What can I do?
-It may take some time to get the service ready for you. When provisioning is complete, you'll see the Mobile Device Management for Microsoft 365 page. If you've waited 24 hours and the status is still provisioning, please contact Support and we'll help figure out what the issue is. For support options, see [Still need help?](https://support.microsoft.com/office/frequently-asked-questions-about-basic-mobility-and-security-3871f99c-c9db-4a23-86f9-902c1b02f58d#bkmk_needhelp)ΓÇ»
+It may take some time to get the service ready for you. When provisioning is complete, you'll see the Basic Mobility and Security page. If you've waited 24 hours and the status is still provisioning, please contact Support and we'll help figure out what the issue is. For support options, see [Still need help?](https://support.microsoft.com/office/frequently-asked-questions-about-basic-mobility-and-security-3871f99c-c9db-4a23-86f9-902c1b02f58d#bkmk_needhelp).
## What can I do if device enrollment fails? If you're having trouble getting a device enrolled, first check the following: - Make sure that the device isn't already enrolled with another mobile device management provider, such as Intune.
-
+ - Make sure that the device is set to the correct date and time.
-
+ - Switch to a different WIFI or cellular network on the device.
-
+ - For Android or iOS devices, uninstall and reinstall the Intune Company Portal app on the device. If enrollment still isn't working, see [Troubleshoot Basic Mobility and Security](troubleshoot.md).
@@ -84,5 +84,4 @@ After a device is enrolled in Basic Mobility and Security, any Exchange ActiveSy
## I set up Basic Mobility and Security but now I want to remove it. What are the steps?
-Unfortunately, you can't simply "unprovision" Basic Mobility and Security after you've set it up. But you can remove it for groups of users by removing user security groups from the device policies you've created. Or, you can disable it for everyone by removing the device policies so they aren't in place and aren't enforced. For more info, see [Turn off Basic Mobility and Security](turn-off.md).
-
+Unfortunately, you can't simply "unprovision" Basic Mobility and Security after you've set it up. But you can remove it for groups of users by removing user security groups from the device policies you've created. Or, you can disable it for everyone by removing the device policies so they aren't in place and aren't enforced. For more info, see [Turn off Basic Mobility and Security](turn-off.md).
\ No newline at end of file
admin https://docs.microsoft.com/en-us/microsoft-365/admin/basic-mobility-security/get-details-about-managed-devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/get-details-about-managed-devices.md
@@ -46,18 +46,18 @@ For more info on these steps, seeΓÇ»[Connect to Microsoft 365 with PowerShell](h
1. Go to [Microsoft Online Services Sign-In Assistant for IT Professionals RTWl](https://www.microsoft.com/download/details.aspx?id=41950) and select  **Download for Microsoft Online Services Sign-in Assistant**.
-2. Install the Microsoft Azure Active Directory Module for Windows PowerShell with these steps:
+2. Install the Microsoft Azure Active Directory Module for Windows PowerShell with these steps:
1. Open an administrator-level PowerShell command prompt. 2. Run the Install-Module MSOnline command.
-
- 3. If prompted to install the NuGet provider, type Y and press ENTER.
- 4. If prompted to install the module from PSGallery, type Y and press ENTER.
+ 3. If prompted to install the NuGet provider, type Y and press ENTER.
+
+ 4. If prompted to install the module from PSGallery, type Y and press ENTER.
5. After installation, close the PowerShell command window.
-
+ ### Step 2: Connect to your Microsoft 365 subscription 1. In the Windows Azure Active Directory Module for Windows PowerShell, run the following command.
@@ -65,9 +65,9 @@ For more info on these steps, seeΓÇ»[Connect to Microsoft 365 with PowerShell](h
$UserCredential = Get-Credential 2. In the Windows PowerShell Credential Request dialog box, type the user name and password for your Microsoft 365 global admin account, and then select **OK**.
-
+ 3. Run the following command.
-
+ Connect-MsolService -Credential $UserCredential ### Step 3: Make sure youΓÇÖre able to run PowerShell scripts
@@ -80,17 +80,17 @@ To run the Get-MsolUserDeviceComplianceStatus.ps1 script, you need to enable
1. From your Windows Desktop, select **Start**, and then type Windows PowerShell. Right-click Windows PowerShell, and then select **Run as administrator**. 2. Run the following command.
-
+ Set-ExecutionPolicy RemoteSigned 3. When prompted, type Y and then press Enter.
-
+ **Run the Get-MsolDevice cmdlet to display details for all devices in your organization** 1. Open the Microsoft Azure Active Directory Module for Windows PowerShell. 2. Run the following command.
-
+ Get-MsolDevice -All -ReturnRegisteredOwners | Where-Object {$_.RegisteredOwners.Count -gt 0} For more examples, see ΓÇ»[Get-MsolDevice](https://go.microsoft.com/fwlink/?linkid=841721).
@@ -102,55 +102,38 @@ First, save the script to your computer.
1. Copy and paste the following text into Notepad. 2. param (
-
3. [PSObject[]]$users = @(),
-
4. [Switch]$export,
-
5. [String]$exportFileName = "UserDeviceComplianceStatus_" + (Get-Date -Format "yyMMdd_HHMMss") + ".csv",
-
6. [String]$exportPath = [Environment]::GetFolderPath("Desktop")
-
7. )
-
9. [System.Collections.IDictionary]$script:schema = @{
-
11. DeviceId = ''
-
12. DeviceOSType = ''
-
13. DeviceOSVersion = ''
-
14. DeviceTrustLevel = ''
-
15. DisplayName = ''
-
16. IsCompliant = ''
-
17. IsManaged = ''
-
18. ApproximateLastLogonTimestamp = ''
-
19. DeviceObjectId = ''
-
20. RegisteredOwnerUpn = ''
-
21. RegisteredOwnerObjectId = ''
admin https://docs.microsoft.com/en-us/microsoft-365/admin/basic-mobility-security/manage-device-access-settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/manage-device-access-settings.md
@@ -27,18 +27,18 @@ If you're using Basic Mobility and Security, there might be devices that you can
Use these steps: 1. Sign in to Microsoft 365 with your global admin account.
-
+ 2. In your browser, type:ΓÇ»[https://protection.office.com](https://protection.office.com/). >[!IMPORTANT]
- >If this is the first time you're using MDM for Microsoft 365 Business Standard, activate it here: [Activate Mobile Device Management](https://admin.microsoft.com/EAdmin/Device/IntuneInventory.aspx). After you've activated it, manage your devices with [Office 365 Security & Compliance](https://protection.office.com/).
+ >If this is the first time you're using Basic Mobility and Security for Microsoft 365 Business Standard, activate it here: [Activate Basic Security and Mobility](https://admin.microsoft.com/EAdmin/Device/IntuneInventory.aspx). After you've activated it, manage your devices with [Office 365 Security & Compliance](https://protection.office.com/).
3. Go to Data loss prevention > **Device management** > **Device policies**, and select **Manage organization-wide device access settings**.
-
+ 4. SelectΓÇ»**Block**. :::image type="content" source="../../media/basic-mobility-security/bms-5-block-access.png" alt-text="Basic Mobility and Security block access checkbox":::
-5. SelectΓÇ»**Save**.
+5. SelectΓÇ»**Save**.
To learn what devices Basic Mobility and Security supports, seeΓÇ»[Capabilities of Basic Mobility and Security](capabilities.md).\ No newline at end of file
admin https://docs.microsoft.com/en-us/microsoft-365/admin/basic-mobility-security/manage-enrolled-devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/manage-enrolled-devices.md
@@ -31,15 +31,15 @@ After you've set it up, the people in your organization must enroll their devi
To get to the device management panel, follow these steps: 1. Go to theΓÇ»[Microsoft 365 admin center](https://support.microsoft.com/office/758befc4-0888-4009-9f14-0d147402fd23).
-
+ 2. Type Mobile Device Management into the search field, and select **Mobile Device Management** from the list of results. :::image type="content" source="../../media/basic-mobility-security/bms-6-mobile-device-management-option.png" alt-text="Mobile device management option":::
-3. SelectΓÇ» **Manage devices**.
+3. SelectΓÇ» **Let's get started**.
## Manage mobile devices
-
+ After you've got Basic Mobility and Security set up, here are some ways you can manage the mobile devices in your organization. |**To do this**|**Do this**|
admin https://docs.microsoft.com/en-us/microsoft-365/admin/basic-mobility-security/privacy-and-security https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/privacy-and-security.md
@@ -18,6 +18,6 @@ description: "After you activate Basic Mobility and Security, you can create mob
# Privacy and security in Basic Mobility and Security
-Basic Mobility and Security is a cloud-based service powered by Microsoft Intune that helps you manage and secure mobile devices used in your organization. After you activate Basic Mobility and Security, you can create mobile device management policies. These policies can then be deployed to mobile devices that have been enrolled by licensed Microsoft 365 users in your organization.
+Basic Mobility and Security is a cloud-based service powered by Microsoft Intune that helps you manage and secure mobile devices in your organization. After you activate Basic Mobility and Security, you can create mobile device management policies. These policies can then be deployed to mobile devices that have been enrolled by licensed Microsoft 365 users in your organization.
Microsoft Intune sends information to Microsoft 365 about the compliance status of each managed device, and then you can generate reports that show whether managed devices in your organization are compliant based upon the policies that were set. To learn more about Microsoft's commitment to the privacy and security, see theΓÇ»[Microsoft Trust Center](https://www.microsoft.com/trust-center).\ No newline at end of file
admin https://docs.microsoft.com/en-us/microsoft-365/admin/basic-mobility-security/set-up https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/set-up.md
@@ -26,7 +26,7 @@ The built-in Basic Mobility and Security for Microsoft 365 helps you secure and
Have questions? For a FAQ to help address common questions, see [Basic Mobility and Security Frequently-asked questions (FAQ)](frequently-asked-questions.md). Be aware that you cannot use a delegated administrator account to manage Basic Mobility and Security. For more info, see [Partners: Offer delegated administration](https://support.microsoft.com/office/partners-offer-delegated-administration-26530dc0-ebba-415b-86b1-b55bc06b073e). 
-Device management is part of the Security & Compliance Center so you'll need to go there to kick off MDM setup.
+Device management is part of the Security & Compliance Center so you'll need to go there to kick off Basic Mobility and Security setup.
## Activate the Basic Mobility and Security service
@@ -40,7 +40,7 @@ Device management is part of the Security & Compliance Center so you'll need to
When the service is ready, complete the following steps to finish setup.
-### Step 1: (Required) Configure domains for MDM
+### Step 1: (Required) Configure domains for Basic Mobility and Security
If you don't have a custom domain associated with Microsoft 365 or if you're not managing Windows devices, you can skip this section. Otherwise, you'll need to add DNS records for the domain at your DNS host. If you've added the records already, as part of setting up your domain with Microsoft 365, you're all set. After you add the records, Microsoft 365 users in your organization who sign in on their Windows device with an email address that uses your custom domain are redirected to enroll in Basic Mobility and Security.
admin https://docs.microsoft.com/en-us/microsoft-365/admin/basic-mobility-security/troubleshoot https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/troubleshoot.md
@@ -25,32 +25,32 @@ If you're running into issues when you try to enroll a device in Basic Mobility
To start, check the following: - Make sure that the device is not already enrolled with another mobile device management provider, such as Intune.
-
+ - Make sure that the device is set to the correct date and time.
-
+ - Switch to a different WIFI or cellular network on the device.
-
+ - For Android or iOS devices, uninstall and reinstall the Intune Company Portal app on the device. ## iOS phone or tablet - Make sure that you've set up an APNs certificate. For more info, see [Create an APNs Certificate for iOS devices](create-an-apns-certificate-for-ios-devices.md).
-
+ - In **Settings** > **General** > **Profile (or Device Management)**, make sure that a Management Profile is not already installed. If it is, remove it.
-
+ - If you see the error message, "Device failed to enroll," sign in to Microsoft 365 and make sure that a license that includes Exchange Online has been assigned to the user who is signed in to the device.
-
+ - If you see the error message, "Profile failed to install," try one of the following:
-
+ - Make sure that Safari is the default browser on the device, and that cookies are not disabled.
-
- - Reboot the device, and then navigate to portal.manage.microsoft.com. Sign in with your Microsoft 365 user ID and password, and attempt to install the profile manually.
+
+ - Reboot the device, and then navigate to portal.manage.microsoft.com. Sign in with your Microsoft 365 user ID and password, and attempt to install the profile manually.
## Windows RT - Make sure that your domain is set up in Microsoft 365 to work with Basic Mobility and Security. For more info, see [Set up Basic Mobility and Security](set-up.md). -- Make sure that the user is choosing **Turn On** rather than choosing **Join**.
+- Make sure that the user is choosing **Turn On** rather than choosing **Join**.
## Windows 10 PC
@@ -61,9 +61,9 @@ To start, check the following:
## Android phone or tablet - Make sure the device is running Android 4.4 or later.
-
+ - Make sure that Chrome is up to date and is set as the default browser.
-
+ - If you see the error message, "We couldn't enroll this device," sign in to Microsoft 365 and make sure that a license that includes Exchange Online has been assigned to the user who is signed in to the device.
-
+ - Check the Notification Area on the device to see if any required end-user actions are pending, and if they are, complete the actions.\ No newline at end of file
admin https://docs.microsoft.com/en-us/microsoft-365/admin/basic-mobility-security/turn-off https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/turn-off.md
@@ -21,9 +21,9 @@ description: "Remove groups or policies to turn off Basic Mobility and Security.
To effectively turn off Basic Mobility and Security, you remove groups of people defined by security groups from the device management policies, or remove the policies themselves. - Remove groups of users by removing user security groups from the device policies you've created.
-
+ - Disable Basic Mobility and Security for everyone by removing all Basic Mobility and Security device policies.
-
+ These options remove Basic Mobility and Security enforcement for devices in your organization. Unfortunately, you can't simply "unprovision" Basic Mobility and Security after you've set it up. >[!IMPORTANT]
@@ -36,11 +36,10 @@ These options remove Basic Mobility and Security enforcement for devices in your
2. Select a device policy, and select **Edit policy**. 3. On the  **Deployment**  page, select **Remove**.
-
+ 4. UnderΓÇ» **Groups**, select a security group. 5. Select ΓÇ»**Remove**, and select **Save**.
-
## Remove Basic Mobility and Security device policies
@@ -50,5 +49,5 @@ These options remove Basic Mobility and Security enforcement for devices in your
3. In the Warning dialog box, select **Yes**.
->[!NOTE]
+>[!NOTE]
>For more steps to unblock devices if your organization devices are still in a blocked state, see the blog post [Removing Access Control from Mobile Device Management for Office 365](https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Removing-Access-Control-from-Mobile-Device-Management-for-Office/ba-p/279934).
admin https://docs.microsoft.com/en-us/microsoft-365/admin/basic-mobility-security/wipe-mobile-device https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/wipe-mobile-device.md
@@ -27,22 +27,22 @@ You can use built-in Basic Mobility and Security for Microsoft 365 to remove onl
## Before you begin Mobile devices can store sensitive organizational information and provide access to your organization's Microsoft 365 resources. To help protect your organization's information, you can do Factory reset or Remove company data:
-
+ - **Factory reset**: Deletes all data on a user's mobile device, including installed applications, photos, and personal information. When the wipe is complete, the device is restored to its factory settings.
-
-- **Remove company data**: Removes only organization data and leaves installed applications, photos, and personal information on a user's mobile device. +
+- **Remove company data**: Removes only organization data and leaves installed applications, photos, and personal information on a user's mobile device.
- **When a device is wiped (Factory Reset or Remove Company Data)**, the device is removed from the list of managed devices. - **Automatically reset a device**: You can set up a Basic Mobility and Security policy that automatically factory resets a device after the user unsuccessfully tries to enter the device password a specific number of times. To do this, follow the steps inΓÇ»[Create device security policies in basic mobility and security](create-device-security-policies.md). -- **If you want to know the user experience** when you wipe their device, seeΓÇ» [What's the user and device impact?](#whats-the-user-and-device-impact).
+- **If you want to know the user experience** when you wipe their device, seeΓÇ» [What's the user and device impact?](#whats-the-user-and-device-impact).
## Wipe a mobile device 1. Go to theΓÇ»[Microsoft 365 admin center](https://support.microsoft.com/office/758befc4-0888-4009-9f14-0d147402fd23).
-
-2. Type Mobile Device Management into the search field, and select **Mobile Device Management** from the list of results.
+
+2. Type Mobile Device Management into the search field, and select **Mobile Device Management** from the list of results.
:::image type="content" source="../../media/basic-mobility-security/bms-6-mobile-device-management-option.png" alt-text="Basic Mobility and Secruity mobile device management option":::
@@ -81,7 +81,7 @@ The wipe is sent immediately to the mobile device and the device is marked as no
|Microsoft 365 app data is wiped if the device is protected by Intune App Protection policies. The apps aren't removed. For devices not protected by Mobile Application Management (MAM) policies, Outlook and OneDrive won't remove cached data.<br/>**Note** For applying Intune App protection policies you must have an Intune license.|Yes|Yes| |Policy settings applied by Basic Mobility and Security to devices are no longer enforced; users can change the settings.|Yes|Yes| |Email profiles created by Basic Mobility and Security are removed and cached email on the device is deleted.|Yes|N/A|
->[!NOTE]
+>[!NOTE]
>Company Portal app is available at the App Store for iOS and the Play Store for Android devices. ## Related topics
admin https://docs.microsoft.com/en-us/microsoft-365/admin/manage/message-center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/message-center.md
@@ -63,6 +63,7 @@ You can also use the [Microsoft 365 Admin app](https://go.microsoft.com/fwlink/p
|Can I get message center posts emailed instead? <br/> |Yes! You can select to have a weekly digest emailed to you and up to two other email addresses. The emailed weekly digest is turned on by default. If you aren't getting your weekly digests, check your spam folder. See the [Preferences](#preferences) section of this article for more information on how to set up the weekly digest. <br/> | |How do I stop getting the Message center digest? <br/> |Go to Message center in the admin center and select **Edit preferences**. Turn off the option to **Send a weekly email digest of my messages**. If you also no longer want to receive email about major updates, turn off **Send me emails for major updates**. <br/> | |How can I ensure data privacy notifications are received by the right contacts in my organization? <br/> |As a global admin you will receive data privacy messages for your organization. Additionally, you can assign the Message Center Privacy reader role to people who should see data privacy messages. Other admin roles with access to Message Center cannot view data privacy messages. <br/><br/>For more info, see [Preferences](#preferences) in this article.<br/> |
+|Why canΓÇÖt I see a message that was previously there? <br/> |To manage the number of messages within Message center, each message will expire and be removed after a period of time. Generally, messages expire 30 days post the time period outlined in the message body. <br/> |
### Messages
admin https://docs.microsoft.com/en-us/microsoft-365/admin/setup/download-software-licenses-csp https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/download-software-licenses-csp.md new file mode 100644
@@ -0,0 +1,38 @@
+---
+title: "Download perpetual software and product license keys"
+f1.keywords:
+- NOCSH
+ms.author: cmcatee
+author: cmcatee-MSFT
+manager: scotv
+audience: Admin
+ms.topic: article
+ms.service: o365-administration
+localization_priority: Normal
+ms.collection:
+- M365-subscription-management
+- Adm_O365
+- Adm_TOC
+search.appverid:
+- MET150
+ms.custom:
+- AdminSurgePortfolio
+description: Learn how to download the software and product license keys for perpetual software bought through the Cloud Solution Provider (CSP) program.
+---
+
+# Download perpetual software and product license keys
+
+This article explains how to download software and product license keys for perpetual software bought through the Cloud Solution Provider (CSP) program.
+
+## Before you begin
+
+You must be a Global admin to do the steps in this article. For more information, see [About admin roles](../add-users/about-admin-roles.md).
+
+## Download software and product license keys
+
+1. In the Microsoft 365 admin center, go to the **Billing** > <a href="https://go.microsoft.com/fwlink/p/?linkid=842054" target="_blank">Your products</a> page.
+2. On the **Products** tab, in the **Software** section, select the software that you want to download.
+3. On the subscription details page, in the **Downloads & keys** section, choose the **Product version**, **Language**, and **CPU & file type**, then select **Download**.
+4. To download the key, select **Copy key to clipboard**.
+5. In the right pane, select **Copy**, then close the pane.
+6. Paste the key in a file in a secure location and then enter it as instructed during the software installation. The key is needed to activate the downloaded software.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/alert-policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/alert-policies.md
@@ -28,7 +28,7 @@ You can use the alert policy and alert dashboard tools in the Microsoft 365 secu
Alert policies let you categorize the alerts that are triggered by a policy, apply the policy to all users in your organization, set a threshold level for when an alert is triggered, and decide whether to receive email notifications when alerts are triggered. There's also a **View alerts** page in the security and compliance center where you can view and filter alerts, set an alert status to help you manage alerts, and then dismiss alerts after you've addressed or resolved the underlying incident. > [!NOTE]
-> Alert policies are available for organizations with a Microsoft 365 Enterprise, Office 365 Enterprise, or Office 365 US Government E1/F1/G1, E3/G3, or E5/G5 subscription. Advanced functionality is only available for organizations with an E5/G5 subscription, or for organizations that have an E1/F1/G1 or E3/G3 subscription and a Microsoft Defender for Office 365 P2 or a Microsoft 365 E5 Compliance or an E5 eDiscovery and Audit add-on subscription. The functionality that requires an E5/G5 or add-on subscription is highlighted in this topic. Also note that alert policies are available in Office 365 GCC, GCC High, and DoD US government environments.
+> Alert policies are available for organizations with a Microsoft 365 Enterprise, Office 365 Enterprise, or Office 365 US Government E1/F1/G1, E3/F3/G3, or E5/G5 subscription. Advanced functionality is only available for organizations with an E5/G5 subscription, or for organizations that have an E1/F1/G1 or E3/F3/G3 subscription and a Microsoft Defender for Office 365 P2 or a Microsoft 365 E5 Compliance or an E5 eDiscovery and Audit add-on subscription. The functionality that requires an E5/G5 or add-on subscription is highlighted in this topic. Also note that alert policies are available in Office 365 GCC, GCC High, and DoD US government environments.
## How alert policies work
@@ -36,7 +36,9 @@ Here's a quick overview of how alert policies work and the alerts that are trigg
![Overview of how alert policies work](../media/e02a622d-b429-448b-8107-dd1a4770b4e0.png)
-1. An admin in your organization creates, configures, and turns on an alert policy by using the **Alert policies** page in the security and compliance center. You can also create alert policies by using the **New-ProtectionAlert** cmdlet in Security & Compliance Center PowerShell. To create alert policies, you have to be assigned the Manage Alerts role or the Organization Configuration role in the security and compliance center.
+1. An admin in your organization creates, configures, and turns on an alert policy by using the **Alert policies** page in the security and compliance center. You can also create alert policies by using the [New-ProtectionAlert](https://docs.microsoft.com/powershell/module/exchange/new-protectionalert) cmdlet in Security & Compliance Center PowerShell.
+
+ To create alert policies, you have to be assigned the Manage Alerts role or the Organization Configuration role in the security and compliance center.
> [!NOTE] > It takes up to 24 hours after creating or updating an alert policy before alerts can be triggered by the policy. This is because the policy has to be synced to the alert detection engine.
@@ -60,7 +62,7 @@ An alert policy consists of the following settings and conditions.
- **Activity the alert is tracking** - You create a policy to track an activity or in some cases a few related activities, such a sharing a file with an external user by sharing it, assigning access permissions, or creating an anonymous link. When a user performs the activity defined by the policy, an alert is triggered based on the alert threshold settings. > [!NOTE]
- > The activities that you can track depend on your organization's Office 365 Enterprise or Office 365 US Government plan. In general, activities related to malware campaigns and phishing attacks require an E5/G5 subscription or an E1/F1/G1 or E3/G3 subscription with an [Defender for Office 365](../security/office-365-security/office-365-atp.md) Plan 2 add-on subscription.
+ > The activities that you can track depend on your organization's Office 365 Enterprise or Office 365 US Government plan. In general, activities related to malware campaigns and phishing attacks require an E5/G5 subscription or an E1/F1/G1 or E3/F3/G3 subscription with an [Defender for Office 365](../security/office-365-security/office-365-atp.md) Plan 2 add-on subscription.
- **Activity conditions** - For most activities, you can define additional conditions that must be met to trigger an alert. Common conditions include IP addresses (so that an alert is triggered when the user performs the activity on a computer with a specific IP address or within an IP address range), whether an alert is triggered if a specific user or users perform that activity, and whether the activity is performed on a specific file name or URL. You can also configure a condition that triggers an alert when the activity is performed by any user in your organization. The available conditions are dependent on the selected activity.
@@ -71,7 +73,7 @@ An alert policy consists of the following settings and conditions.
If you select the setting based on unusual activity, Microsoft establishes a baseline value that defines the normal frequency for the selected activity. It takes up to seven days to establish this baseline, during which alerts won't be generated. After the baseline is established, an alert is triggered when the frequency of the activity tracked by the alert policy greatly exceeds the baseline value. For auditing-related activities (such as file and folder activities), you can establish a baseline based on a single user or based on all users in your organization; for malware-related activities, you can establish a baseline based on a single malware family, a single recipient, or all messages in your organization. > [!NOTE]
- > The ability to configure alert policies based on a threshold or based on unusual activity requires an E5/G5 subscription, or an E1/F1/G1 or E3/G3 subscription with a Microsoft Defender for Office 365 P2, Microsoft 365 E5 Compliance, or Microsoft 365 eDiscovery and Audit add-on subscription. Organizations with an E1/F1/G1 and E3/G3 subscription can only create alert policies where an alert is triggered every time that an activity occurs.
+ > The ability to configure alert policies based on a threshold or based on unusual activity requires an E5/G5 subscription, or an E1/F1/G1 or E3/F3/G3 subscription with a Microsoft Defender for Office 365 P2, Microsoft 365 E5 Compliance, or Microsoft 365 eDiscovery and Audit add-on subscription. Organizations with an E1/F1/G1 and E3/F3/G3 subscription can only create alert policies where an alert is triggered every time that an activity occurs.
- **Alert category** - To help with tracking and managing the alerts generated by a policy, you can assign one of the following categories to a policy.
@@ -102,21 +104,23 @@ Microsoft provides built-in alert policies that help identify Exchange admin per
The following table lists and describes the available default alert policies and the category each policy is assigned to. The category is used to determine which alerts a user can view on the View alerts page. For more information, see [RBAC permissions required to view alerts](#rbac-permissions-required-to-view-alerts).
-The table also indicates the Office 365 Enterprise and Office 365 US Government plan required for each one. Some default alert policies are available if your organization has the appropriate add-on subscription in addition to an E1/F1/G1 or E3/G3 subscription.
+The table also indicates the Office 365 Enterprise and Office 365 US Government plan required for each one. Some default alert policies are available if your organization has the appropriate add-on subscription in addition to an E1/F1/G1 or E3/F3/G3 subscription.
-| Default alert policy | Description | Category | Office 365 Enterprise subscription |
+| Default alert policy | Description | Category | Enterprise subscription |
|:-----|:-----|:-----|:-----| |**A potentially malicious URL click was detected**|Generates an alert when a user protected by [Safe Links](../security/office-365-security/atp-safe-links.md) in your organization clicks a malicious link. This event is triggered when URL verdict changes are identified by Microsoft Defender for Office 365 or when users override the Safe Links pages (based on your organization's Microsoft 365 for business Safe Links policy). This alert policy has a **High** severity setting. For Defender for Office 365 P2, E5, G5 customers, this alert automatically triggers [automated investigation and response in Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/office-365-air). For more information on events that trigger this alert, see [Set up Safe Links policies](../security/office-365-security/set-up-atp-safe-links-policies.md).|Threat management|E5/G5 or Defender for Office 365 P2 add-on subscription|
-|**Admin Submission result completed**|Generates an alert when an [Admin Submission](../security/office-365-security/admin-submission.md) completes the rescan of the submitted entity. An alert will be triggered every time a rescan result is rendered from an Admin Submission. These alerts are meant to remind you to [review the results of previous submissions](https://protection.office.com/reportsubmission), submit user reported messages to get the latest policy check and rescan verdicts, and help you determine if the filtering policies in your organization are having the intended impact. This policy has a **Low** severity setting.|Threat management|E1/F1, E3, or E5|
+|**Admin Submission result completed**|Generates an alert when an [Admin Submission](../security/office-365-security/admin-submission.md) completes the rescan of the submitted entity. An alert will be triggered every time a rescan result is rendered from an Admin Submission. These alerts are meant to remind you to [review the results of previous submissions](https://protection.office.com/reportsubmission), submit user reported messages to get the latest policy check and rescan verdicts, and help you determine if the filtering policies in your organization are having the intended impact. This policy has a **Low** severity setting.|Threat management|E1/F1, E3/F3, or E5|
|**Admin triggered manual investigation of email**|Generates an alert when an admin triggers the manual investigation of an email from Threat Explorer. For more information, see [Example: A security administrator triggers an investigation from Threat Explorer] (https://docs.microsoft.com/microsoft-365/security/office-365-security/automated-investigation-response-office#example-a-security-administrator-triggers-an-investigation-from-threat-explorer). This alert notifies your organization that the investigation was started. The alert provides information about who triggered it and includes a link to the investigation. This policy has an **Informational** severity setting.|Threat management| E5/G5 or Microsoft Defender for Office 365 P2 add-on subscription|
-|**Creation of forwarding/redirect rule**|Generates an alert when someone in your organization creates an inbox rule for their mailbox that forwards or redirects messages to another email account. This policy only tracks inbox rules that are created using Outlook on the web (formerly known as Outlook Web App) or Exchange Online PowerShell. This policy has a **Low** severity setting. For more information about using inbox rules to forward and redirect email in Outlook on the web, see [Use rules in Outlook on the web to automatically forward messages to another account](https://support.office.com/article/1433e3a0-7fb0-4999-b536-50e05cb67fed).|Threat management|E1/F1/G1, E3/G3, or E5/G5|
-|**eDiscovery search started or exported**|Generates an alert when someone uses the Content search tool in the Security and compliance center. An alert is triggered when the following content search activities are performed: <br/><br/>* A content search is started<br/>* The results of a content search are exported<br/>* A content search report is exported<br/><br/>Alerts are also triggered when the previous content search activities are performed in association with an eDiscovery case. This policy has a **Medium** severity setting. For more information about content search activities, see [Search for eDiscovery activities in the audit log](search-for-ediscovery-activities-in-the-audit-log.md#ediscovery-activities).|Threat management|E1/F1/G1, E3/G3, or E5/G5|
-|**Elevation of Exchange admin privilege**|Generates an alert when someone is assigned administrative permissions in your Exchange Online organization. For example, when a user is added to the Organization Management role group in Exchange Online. This policy has a **Low** severity setting.|Permissions|E1/F1/G1, E3/G3, or E5/G5|
+|**Creation of forwarding/redirect rule**|Generates an alert when someone in your organization creates an inbox rule for their mailbox that forwards or redirects messages to another email account. This policy only tracks inbox rules that are created using Outlook on the web (formerly known as Outlook Web App) or Exchange Online PowerShell. This policy has a **Low** severity setting. For more information about using inbox rules to forward and redirect email in Outlook on the web, see [Use rules in Outlook on the web to automatically forward messages to another account](https://support.office.com/article/1433e3a0-7fb0-4999-b536-50e05cb67fed).|Threat management|E1/F1/G1, E3/F3/G3, or E5/G5|
+|**eDiscovery search started or exported**|Generates an alert when someone uses the Content search tool in the Security and compliance center. An alert is triggered when the following content search activities are performed: <br/><br/>* A content search is started<br/>* The results of a content search are exported<br/>* A content search report is exported<br/><br/>Alerts are also triggered when the previous content search activities are performed in association with an eDiscovery case. This policy has a **Medium** severity setting. For more information about content search activities, see [Search for eDiscovery activities in the audit log](search-for-ediscovery-activities-in-the-audit-log.md#ediscovery-activities).|Threat management|E1/F1/G1, E3/F3/G3, or E5/G5|
+|**Elevation of Exchange admin privilege**|Generates an alert when someone is assigned administrative permissions in your Exchange Online organization. For example, when a user is added to the Organization Management role group in Exchange Online. This policy has a **Low** severity setting.|Permissions|E1/F1/G1, E3/F3/G3, or E5/G5|
|**Email messages containing malware removed after delivery**|Generates an alert when any messages containing malware are delivered to mailboxes in your organization. If this event occurs, Microsoft removes the infected messages from Exchange Online mailboxes using [Zero-hour auto purge](../security/office-365-security/zero-hour-auto-purge.md). This policy has an **Informational** severity setting and automatically triggers [automated investigation and response in Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/office-365-air).|Threat management|E5/G5 or Microsoft Defender for Office 365 P2 add-on subscription| |**Email messages containing phish URLs removed after delivery**|Generates an alert when any messages containing phish are delivered to mailboxes in your organization. If this event occurs, Microsoft removes the infected messages from Exchange Online mailboxes using [Zero-hour auto purge](../security/office-365-security/zero-hour-auto-purge.md). This policy has an **Informational** severity setting and automatically triggers [automated investigation and response in Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/office-365-air).|Threat management|E5/G5 or Defender for Office 365 P2 add-on subscription|
-|**Email reported by user as malware or phish**|Generates an alert when users in your organization report messages as phishing email using the Report Message add-in. This policy has an **Informational** severity setting. For more information about this add-in, see [Use the Report Message add-in](https://support.office.com/article/b5caa9f1-cdf3-4443-af8c-ff724ea719d2). For Defender for Office 365 P2, E5, G5 customers, this alert automatically triggers [automated investigation and response in Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/office-365-air).|Threat management|E1/F1/G1, E3/G3, or E5/G5|
-|**Email sending limit exceeded**|Generates an alert when someone in your organization has sent more mail than is allowed by the outbound spam policy. This is usually an indication the user is sending too much email or that the account may be compromised. This policy has a **Medium** severity setting. If you get an alert generated by this alert policy, it's a good idea to [check whether the user account is compromised](../security/office-365-security/responding-to-a-compromised-email-account.md).|Threat management|E1/F1/G1, E3/G3, or E5/G5|
-|**Messages have been delayed**|Generates an alert when Microsoft can't deliver email messages to your on-premises organization or a partner server by using a connector. When this happens, the message is queued in Office 365. This alert is triggered when there are 2,000 messages or more that have been queued for more than an hour. This policy has a **High** severity setting.|Mail flow|E1/F1/G1, E3/G3, or E5/G5|
+|**Email reported by user as malware or phish**|Generates an alert when users in your organization report messages as phishing email using the Report Message add-in. This policy has an **Informational** severity setting. For more information about this add-in, see [Use the Report Message add-in](https://support.office.com/article/b5caa9f1-cdf3-4443-af8c-ff724ea719d2). For Defender for Office 365 P2, E5, G5 customers, this alert automatically triggers [automated investigation and response in Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/office-365-air).|Threat management|E1/F1/G1, E3/F3/G3, or E5/G5|
+|**Email sending limit exceeded**|Generates an alert when someone in your organization has sent more mail than is allowed by the outbound spam policy. This is usually an indication the user is sending too much email or that the account may be compromised. This policy has a **Medium** severity setting. If you get an alert generated by this alert policy, it's a good idea to [check whether the user account is compromised](../security/office-365-security/responding-to-a-compromised-email-account.md).|Threat management|E1/F1/G1, E3/F3/G3, or E5/G5|
+|**Form blocked due to potential phishing attempt**|Generates an alert when someone in your organization has been restricted from sharing forms and collecting responses using Microsoft Forms due to detected repeated phishing attempt behavior. This policy has a **High severity** setting.|Threat management|E1, E3/F3, or E5|
+|**Form flagged and confirmed as phishing**|Generates an alert when a form created in Microsoft Forms from within your organization has been identified as potential phishing through Report Abuse and confirmed as phishing by Microsoft. This policy has a **High** severity setting.|Threat management|E1, E3/F3, or E5|
+|**Messages have been delayed**|Generates an alert when Microsoft can't deliver email messages to your on-premises organization or a partner server by using a connector. When this happens, the message is queued in Office 365. This alert is triggered when there are 2,000 messages or more that have been queued for more than an hour. This policy has a **High** severity setting.|Mail flow|E1/F1/G1, E3/F3/G3, or E5/G5|
|**Malware campaign detected after delivery**|Generates an alert when an unusually large number of messages containing malware are delivered to mailboxes in your organization. If this event occurs, Microsoft removes the infected messages from Exchange Online mailboxes. This policy has a **High** severity setting.|Threat management|E5/G5 or Microsoft Defender for Office 365 P2 add-on subscription| |**Malware campaign detected and blocked**|Generates an alert when someone has attempted to send an unusually large number of email messages containing a certain type of malware to users in your organization. If this event occurs, the infected messages are blocked by Microsoft and not delivered to mailboxes. This policy has a **Low** severity setting.|Threat management|E5/G5 or Defender for Office 365 P2 add-on subscription| |**Malware campaign detected in SharePoint and OneDrive**|Generates an alert when an unusually high volume of malware or viruses is detected in files located in SharePoint sites or OneDrive accounts in your organization. This policy has a **High** severity setting.|Threat management|E5/G5 or Defender for Office 365 P2 add-on subscription|
@@ -126,16 +130,17 @@ The table also indicates the Office 365 Enterprise and Office 365 US Government
|**Phish delivered due to an IP allow policy**|Generates an alert when Microsoft detects an IP allow policy that allowed delivery of a high confidence phishing message to a mailbox. This policy has an **Informational** severity setting. For more information about the IP allow policy (connection filtering), see [Configure the default connection filter policy - Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/configure-the-connection-filter-policy).|Threat management|E5/G5 or Defender for Office 365 P1 or P2 add-on subscription| |**Phish not zapped because ZAP is disabled**| Generates an alert when Microsoft detects delivery of a high confidence phishing message to a mailbox because Zero-Hour Auto Purge for Phish messages is disabled. This policy has an **Informational** severity setting.|Threat management|E5/G5 or Defender for Office 365 P2 add-on subscription| |**Phish delivered due to tenant or user override**<sup>1</sup>|Generates an alert when Microsoft detects an admin or user override allowed the delivery of a phishing message to a mailbox. Examples of overrides include an inbox or mail flow rule that allows messages from a specific sender or domain, or an anti-spam policy that allows messages from specific senders or domains. This policy has a **High** severity setting.|Threat management|E5/G5 or Defender for Office 365 P2 add-on subscription|
-|**Suspicious email forwarding activity**|Generates an alert when someone in your organization has auto-forwarded email to a suspicious external account. This is an early warning for behavior that may indicate the account is compromised, but not severe enough to restrict the user. This policy has a **Medium** severity setting. Although it's rare, an alert generated by this policy may be an anomaly. It's a good idea to [check whether the user account is compromised](../security/office-365-security/responding-to-a-compromised-email-account.md).|Threat management|E1/F1/G1, E3/G3, or E5/G5|
-|**Suspicious email sending patterns detected**|Generates an alert when someone in your organization has sent suspicious email and is at risk of being restricted from sending email. This is an early warning for behavior that may indicate that the account is compromised, but not severe enough to restrict the user. This policy has a **Medium** severity setting. Although it's rare, an alert generated by this policy may be an anomaly. However, it's a good idea to [check whether the user account is compromised](../security/office-365-security/responding-to-a-compromised-email-account.md).|Threat management|E1/F1/G1, E3/G3, or E5/G5 |
-|**Tenant restricted from sending email**|Generates an alert when most of the email traffic from your organization has been detected as suspicious and Microsoft has restricted your organization from sending email. Investigate any potentially compromised user and admin accounts, new connectors, or open relays, and then contact Microsoft Support to unblock your organization. This policy has a **High** severity setting. For more information about why organizations are blocked, see [Fix email delivery issues for error code 5.7.7xx in Exchange Online](https://go.microsoft.com/fwlink/?linkid=2022138).|Threat management|E1/F1/G1, E3/G3, or E5/G5|
+|**Suspicious email forwarding activity**|Generates an alert when someone in your organization has autoforwarded email to a suspicious external account. This is an early warning for behavior that may indicate the account is compromised, but not severe enough to restrict the user. This policy has a **Medium** severity setting. Although it's rare, an alert generated by this policy may be an anomaly. It's a good idea to [check whether the user account is compromised](../security/office-365-security/responding-to-a-compromised-email-account.md).|Threat management|E1/F1/G1, E3/F3/G3, or E5/G5|
+|**Suspicious email sending patterns detected**|Generates an alert when someone in your organization has sent suspicious email and is at risk of being restricted from sending email. This is an early warning for behavior that may indicate that the account is compromised, but not severe enough to restrict the user. This policy has a **Medium** severity setting. Although it's rare, an alert generated by this policy may be an anomaly. However, it's a good idea to [check whether the user account is compromised](../security/office-365-security/responding-to-a-compromised-email-account.md).|Threat management|E1/F1/G1, E3/F3/G3, or E5/G5 |
+|**Tenant restricted from sending email**|Generates an alert when most of the email traffic from your organization has been detected as suspicious and Microsoft has restricted your organization from sending email. Investigate any potentially compromised user and admin accounts, new connectors, or open relays, and then contact Microsoft Support to unblock your organization. This policy has a **High** severity setting. For more information about why organizations are blocked, see [Fix email delivery issues for error code 5.7.7xx in Exchange Online](https://go.microsoft.com/fwlink/?linkid=2022138).|Threat management|E1/F1/G1, E3/F3/G3, or E5/G5|
|**Unusual external user file activity**|Generates an alert when an unusually large number of activities are performed on files in SharePoint or OneDrive by users outside of your organization. This includes activities such as accessing files, downloading files, and deleting files. This policy has a **High** severity setting.|Information governance|E5/G5, Microsoft Defender for Office 365 P2, or Microsoft 365 E5 add-on subscription| |**Unusual volume of external file sharing**|Generates an alert when an unusually large number of files in SharePoint or OneDrive are shared with users outside of your organization. This policy has a **Medium** severity setting.|Information governance|E5/G5, Defender for Office 365 P2, or Microsoft 365 E5 add-on subscription| |**Unusual volume of file deletion**|Generates an alert when an unusually large number of files are deleted in SharePoint or OneDrive within a short time frame. This policy has a **Medium** severity setting.|Information governance|E5/G5, Defender for Office 365 P2, or Microsoft 365 E5 add-on subscription| |**Unusual increase in email reported as phish**|Generates an alert when there's a significant increase in the number of people in your organization using the Report Message add-in in Outlook to report messages as phishing mail. This policy has a **High** severity setting. For more information about this add-in, see [Use the Report Message add-in](https://support.office.com/article/b5caa9f1-cdf3-4443-af8c-ff724ea719d2).|Threat management|E5/G5 or Defender for Office 365 P2 add-on subscription| |**User impersonation phish delivered to inbox/folder**<sup>1,</sup><sup>2</sup>|Generates an alert when Microsoft detects that an admin or user override has allowed the delivery of a user impersonation phishing message to the inbox (or other user-accessible folder) of a mailbox. Examples of overrides include an inbox or mail flow rule that allows messages from a specific sender or domain, or an anti-spam policy that allows messages from specific senders or domains. This policy has a **Medium** severity setting.|Threat management|E5/G5 or Defender for Office 365 P2 add-on subscription|
-|**User restricted from sending email**|Generates an alert when someone in your organization is restricted from sending outbound mail. This typically results when an account is compromised, and the user is listed on the **Restricted Users** page in the Security & Compliance Center. (To access this page, go to **Threat management > Review > Restricted Users**). This policy has a **High** severity setting. For more information about restricted users, see [Removing a user, domain, or IP address from a block list after sending spam email](https://docs.microsoft.com/office365/securitycompliance/removing-user-from-restricted-users-portal-after-spam).|Threat management|E1/F1/G1, E3/G3, or E5/G5|
-||||
+|**User restricted from sending email**|Generates an alert when someone in your organization is restricted from sending outbound mail. This typically results when an account is compromised, and the user is listed on the **Restricted Users** page in the Security & Compliance Center. (To access this page, go to **Threat management > Review > Restricted Users**). This policy has a **High** severity setting. For more information about restricted users, see [Removing a user, domain, or IP address from a block list after sending spam email](https://docs.microsoft.com/office365/securitycompliance/removing-user-from-restricted-users-portal-after-spam).|Threat management|E1/F1/G1, E3/F3/G3, or E5/G5|
+|**User restricted from sharing forms and collecting responses**|Generates an alert when someone in your organization has been restricted from sharing forms and collecting responses using Microsoft Forms due to detected repeated phishing attempt behavior. This policy has a **High** severity setting.|Threat management|E1, E3/F3, or E5|
+|||||
> [!NOTE] > <sup>1</sup> We've temporarily removed this default alert policy based on customer feedback. We're working to improve it, and will replace it with a new version in the near future. Until then, you can create a custom alert policy to replace this functionality by using the following settings:<br/>&nbsp; * Activity is Phish email detected at time of delivery<br/>&nbsp; * Mail is not ZAP'd<br/>&nbsp; * Mail direction is Inbound<br/>&nbsp; * Mail delivery status is Delivered<br/>&nbsp; * Detection technology is Malicious URL retention, URL detonation, Advanced phish filter, General phish filter, Domain impersonation, User impersonation, and Brand impersonation<br/><br/>&nbsp;&nbsp;&nbsp;For more information about anti-phishing in Office 365, see [Set up anti-phishing and anti-phishing policies](../security/office-365-security/set-up-anti-phishing-policies.md).<br/><br/><sup>2</sup> To recreate this alert policy, follow the guidance in the previous footnote, but choose User impersonation as the only Detection technology.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitive-information-type-entity-definitions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitive-information-type-entity-definitions.md
@@ -12220,7 +12220,8 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- National Health Index Id - National Health Index #
-## New Zealand social wlefare number
+## New Zealand social welfare number
+ This sensitive information type is only available for use in: - data loss prevention policies - communication compliance policies
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/add-several-users-at-the-same-time https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/add-several-users-at-the-same-time.md
@@ -1,7 +1,7 @@
--- title: "Add several users at the same time to Microsoft 365 - Admin Help"
-ms.author: sirkkuw
-author: Sirkkuw
+ms.author: kwekua
+author: kwekua
manager: scotv audience: Admin ms.topic: article
@@ -23,31 +23,30 @@ search.appverid:
- MBS150 - GEA150 - BCS160
-ms.assetid: 1f5767ed-e717-4f24-969c-6ea9d412ca88
description: "Learn how to add multiple users to Microsoft 365 for business from a list in a spreadsheet or other CSV formatted file. Watch a video on YouTube that explains how to add accounts to Microsoft 365. At the end of this process, each user with an account will have a Microsoft 365 mailbox. " --- # Add several users at the same time to Microsoft 365 - Admin Help
-Each person on your team needs a user account before they can sign in and access Microsoft 365 services, such as email and Office. If you have a lot of people, you can add their accounts all at once from an Excel spreadsheet or other file saved in CSV format. [Not sure what CSV format is?](add-several-users-at-the-same-time.md#__toc316652088)
+Each person on your team needs a user account before they can sign in and access Microsoft 365 services, such as email and Office. If you have a lot of people, you can add their accounts all at once from an Excel spreadsheet or other file saved in CSV format. [Not sure what CSV format is](add-several-users-at-the-same-time.md#not-sure-what-csv-format-is)?
-> [!NOTE]
+> [!NOTE]
> If you're not using the new Microsoft 365 admin center, you can turn it on by selecting the **Try the new admin center** toggle located at the top of the Home page. ## Add multiple users in the Microsoft 365 admin center
-1. Sign in to Microsoft 365 with your work or school account.
-
+1. Sign in to Microsoft 365 with your work or school account.
+ 2. In the admin center, choose **Users** \> **Active users**. 3. Select **Add multiple users**.
-4. On the **Import multiple users** panel, you can optionally download a sample CSV file with or without sample data filled in.
-
- Your spreadsheet needs to include the **exact same column headings** as the sample one (User Name, First Name, and so on). If you use the template, open it in a text editing tool, like Notepad, and consider leaving all the data in row 1 alone, and only entering data in rows 2 and below.
-
- Your spreadsheet also needs to include values for the user name (like bob@contoso.com) and a display name (like Bob Kelly) for each user.
-
+4. On the **Import multiple users** panel, you can optionally download a sample CSV file with or without sample data filled in.
+
+ Your spreadsheet needs to include the **exact same column headings** as the sample one (User Name, First Name, and so on). If you use the template, open it in a text editing tool, like Notepad, and consider leaving all the data in row 1 alone, and only entering data in rows 2 and below.
+
+ Your spreadsheet also needs to include values for the user name (like bob@contoso.com) and a display name (like Bob Kelly) for each user.
+ ``` User Name,First Name,Last Name,Display Name,Job Title,Department,Office Number,Office Phone,Mobile Phone,Fax,Address,City,State or Province,ZIP or Postal Code,Country or Region chris@contoso.com,Chris,Green,Chris Green,IT Manager,Information Technology,123451,123-555-1211,123-555-6641,123-555-6700,1 Microsoft way,Redmond,Wa,98052,United States
@@ -61,25 +60,22 @@ Each person on your team needs a user account before they can sign in and access
5. Enter a file path into the box, or choose **Browse** to browse to the CSV file location, then choose **Verify**. If there are problems with the file, the problem is displayed in the panel. You can also download a log file.
-
-5. On the **Set user options** dialog you can set the sign-in status and choose the product license that will be assigned to all users.
-
-6. On the **View your result** dialog you can choose to send the results to either yourself or other users (passwords will be in plain text) and you can see how many users were created, and if you need to purchase more licenses to assign to some of the new users.
+
+6. On the **Set user options** dialog you can set the sign-in status and choose the product license that will be assigned to all users.
+
+7. On the **View your result** dialog you can choose to send the results to either yourself or other users (passwords will be in plain text) and you can see how many users were created, and if you need to purchase more licenses to assign to some of the new users.
## Next steps
-<a name="bk_preview"> </a>
--- Now that these people have accounts, they need to [Download and install or reinstall Microsoft 365 or Office 2016 on a PC or Mac](https://support.office.com/article/4414eaaf-0478-48be-9c42-23adc4716658). Each person on your team can install Microsoft 365 on up to 5 PCs or Macs.
-
-- Each person can also [Set up Office apps and email on a mobile device](https://support.office.com/article/7dabb6cb-0046-40b6-81fe-767e0b1f014f) on up to 5 tablets and 5 phones, such as iPhones, iPads, and Android phones and tablets. This way they can edit Office files from anywhere.
-
- See [Set up Microsoft 365 for business](https://support.office.com/article/6a3a29a0-e616-4713-99d1-15eda62d04fa) for an end-to-end list of the setup steps.
-
+
+- Now that these people have accounts, they need to [Download and install or reinstall Microsoft 365 or Office 2016 on a PC or Mac](https://support.office.com/article/4414eaaf-0478-48be-9c42-23adc4716658). Each person on your team can install Microsoft 365 on up to 5 PCs or Macs.
+
+- Each person can also [Set up Office apps and email on a mobile device](https://support.office.com/article/7dabb6cb-0046-40b6-81fe-767e0b1f014f) on up to 5 tablets and 5 phones, such as iPhones, iPads, and Android phones and tablets. This way they can edit Office files from anywhere.
+
+ See [Set up Microsoft 365 for business](https://support.office.com/article/6a3a29a0-e616-4713-99d1-15eda62d04fa) for an end-to-end list of the setup steps.
+ ## More information about how to add users to Microsoft 365
-<a name="bk_preview"> </a>
### Not sure what CSV format is?
-<a name="__toc316652088"> </a>
A CSV file is a file with comma separated values. You can create or edit a file like this with any text editor or spreadsheet program, such as Excel.
@@ -89,25 +85,24 @@ Save the file with a new name, and specify CSV format.
![An image of how to save a file in Excel in CSV format](../media/35a86ebe-63ab-4b4d-9a92-e177de33ebae.png)
-When you save the file, you'll probably get a prompt that some features in your workbook will be lost if you save the file in CSV format. This is okay. Click **Yes** to continue.
+When you save the file, you'll probably get a prompt that some features in your workbook will be lost if you save the file in CSV format. This is okay. Click **Yes** to continue.
![A picture of the prompt you might get from Excel asking if you really want to save the file as a CSV format](../media/51032a81-690c-45ef-bfc5-09ea7f790e98.png) ### Tips for formatting your spreadsheet
-<a name="__toc314595848"> </a>
--- **Do I need the same column headings as in the sample spreadsheet?** Yes. The sample spreadsheet contains column headings in the first row. These headings are required. For each user you want to add to Microsoft 365, create a row under the heading. If you add, change, or delete any of the column headings, Microsoft 365 might not be able to create users from the information in the file.
-
-- **What if I don't have all the information required for each user?** The user name and display name are required, and you cannot add a new user without this information. If you don't have some of the other information, such as the fax, you can use a space plus a comma to indicate that the field should remain blank.
-
-- **How small or large can the spreadsheet be?** The spreadsheet must have at least two rows. One is for the column headings (the user data column label) and one for the user. You cannot have more than 251 rows. If you need to import more than 250 users, you can create more than one spreadsheet.
-
-- **What languages can I use?** When you create your spreadsheet, you can enter user data column labels in any language or characters, but you must not change the order of the labels, as shown in the sample. You can then make entries into the fields, using any language or characters, and save your file in a Unicode or UTF-8 format.
-
-- **What if I'm adding users from different countries or regions?** Create a separate spreadsheet for each area. You'll need to step through the Bulk add users wizard which each spreadsheet, giving a single location of all users included in the file that you're working with.
-
-- **Is there a limit to the number of characters I can use?** The following table shows the user data column labels and the maximum character length for each in the sample spreadsheet.
-
+
+- **Do I need the same column headings as in the sample spreadsheet?** Yes. The sample spreadsheet contains column headings in the first row. These headings are required. For each user you want to add to Microsoft 365, create a row under the heading. If you add, change, or delete any of the column headings, Microsoft 365 might not be able to create users from the information in the file.
+
+- **What if I don't have all the information required for each user?** The user name and display name are required, and you cannot add a new user without this information. If you don't have some of the other information, such as the fax, you can use a space plus a comma to indicate that the field should remain blank.
+
+- **How small or large can the spreadsheet be?** The spreadsheet must have at least two rows. One is for the column headings (the user data column label) and one for the user. You cannot have more than 251 rows. If you need to import more than 250 users, you can create more than one spreadsheet.
+
+- **What languages can I use?** When you create your spreadsheet, you can enter user data column labels in any language or characters, but you must not change the order of the labels, as shown in the sample. You can then make entries into the fields, using any language or characters, and save your file in a Unicode or UTF-8 format.
+
+- **What if I'm adding users from different countries or regions?** Create a separate spreadsheet for each area. You'll need to step through the Bulk add users wizard which each spreadsheet, giving a single location of all users included in the file that you're working with.
+
+- **Is there a limit to the number of characters I can use?** The following table shows the user data column labels and the maximum character length for each in the sample spreadsheet.
+ |**User data column label**|**Maximum character length**| |:-----|:-----| |User Name (Required) <br/> |79 including the at sign (@), in the format name@domain.\<extension\>. The user's alias cannot exceed 50 characters, and the domain name cannot exceed 48 characters. <br/> |
@@ -125,17 +120,13 @@ When you save the file, you'll probably get a prompt that some features in your
|State or Province <br/> |128 <br/> | |ZIP or Postal Code <br/> |40 <br/> | |Country or Region <br/> |128 <br/> |
-
+ ### Still having problems when adding users to Microsoft 365? -- **Double-check that the spreadsheet is formatted correctly.** Check the column headings to make sure they match the headings in the sample file. Make sure you're following the rules for character lengths and that each field is separated by a comma.
-
+- **Double-check that the spreadsheet is formatted correctly.** Check the column headings to make sure they match the headings in the sample file. Make sure you're following the rules for character lengths and that each field is separated by a comma.
+ - **If you don't see the new users in Microsoft 365 right away, wait a few minutes.** It can take a little while for changes to go across all the services in Microsoft 365.
-
+ ## Related articles [Add users individually or in bulk to Microsoft 365](https://docs.microsoft.com/office365/admin/add-users/add-users)----
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/urls-and-ip-address-ranges.md
@@ -83,3 +83,5 @@ Data columns shown are:
[Microsoft Azure IP Ranges and Service Tags ΓÇô China Cloud](https://www.microsoft.com/download/details.aspx?id=57062) [Microsoft Public IP Space](https://www.microsoft.com/download/details.aspx?id=53602)+
+[Service Name and Transport Protocol Port Number Registry](https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml)
managed-desktop https://docs.microsoft.com/en-us/microsoft-365/managed-desktop/change-history-managed-desktop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/change-history-managed-desktop.md
@@ -17,7 +17,41 @@ ms.localizationpriority: normal
# Change history for Microsoft Managed Desktop documentation
-This article lists new and updated articles in the [Microsoft Managed Desktop documentation](index.yml). "Updated" articles are those which have had material additions or corrections--minor fixes such as correction of typos, style, or formatting issues are not listed. You can always view the history of specific commits (including details of any changes) by visiting the [repo on GitHub](https://github.com/MicrosoftDocs/microsoft-365-docs/tree/public/microsoft-365/managed-desktop).
+This article lists new and updated articles in the [Microsoft Managed Desktop documentation](index.yml). "Updated" articles have had material additions or corrections--minor fixes such as correction of typos, style, or formatting issues are not listed. You can always view the history of specific commits (including details of any changes) by visiting the [repo on GitHub](https://github.com/MicrosoftDocs/microsoft-365-docs/tree/public/microsoft-365/managed-desktop).
++
+## December 2020
+New or changed article | Description
+--- | ---
+[What is Microsoft Managed Desktop?](https://docs.microsoft.com/microsoft-365/managed-desktop/intro/index) | Updated article
+[Work with reports](working-with-managed-desktop/reports.md) | Updated article
+[Privacy and personal data](service-description/privacy-personal-data.md) | Updated article
+[Compliance](intro/compliance.md) | Updated article
+[Prerequisites](get-ready/prerequisites.md) | Updated article
+[Network configuration](get-ready/network.md) | Updated article
++
+## November 2020
+New or changed article | Description
+--- | ---
+[Fix issues found by the readiness assessment tool](get-ready/readiness-assessment-fix.md) | Updated article
+[Readiness assessment tool](get-ready/readiness-assessment-tool.md) | New article
+[Fix issues found by the readiness assessment tool](get-ready/readiness-assessment-fix.md) | New article
+[Register new devices yourself](get-started/register-devices-self.md) | Updated article
+[Steps for Partners to register devices](get-started/register-devices-partner.md) | Updated article
+[Prerequisites for guest accounts](get-ready/guest-accounts.md) | New article
+[Access the admin portal](get-started/access-admin-portal.md) | Updated article
++
+## October 2020
+New or changed article | Description
+--- | ---
+[Prerequisites](get-ready/prerequisites.md) | Updated article
+[Work with insights](working-with-managed-desktop/insights.md) | Updated article
+[Steps for Partners to register devices](get-started/register-devices-partner.md) | Updated article
+[Access the admin portal](get-started/access-admin-portal.md) | Updated article
+[Deploy apps to devices](get-started/deploy-apps.md) | Updated article
+[Getting help for users](working-with-managed-desktop/end-user-support.md) | Updated article
## September 2020
managed-desktop https://docs.microsoft.com/en-us/microsoft-365/managed-desktop/service-description/device-list https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/service-description/device-list.md
@@ -66,6 +66,7 @@ The links to devices here are for your reference only. If you want to order devi
| [Surface Laptop Go](https://www.microsoft.com/surface/business/surface-laptop-go) | 128 GB / Intel i5 / 8 GB RAM | None | Oct 12, 2022 | Oct 12, 2025 | | [Surface Laptop 3](https://www.microsoft.com/surface/business/surface-laptop-3) | 128 GB / Intel i5 / 8 GB RAM | None | Oct 22, 2021 | Oct 22, 2024 | | [Surface Pro 7](https://www.microsoft.com/surface/business/surface-pro-7) | 128 GB / Intel i5 / 8 GB RAM | None | Oct 22, 2021 | Oct 22, 2024 |
+| **\*[Surface Pro 7+](https://www.microsoft.com/p/surface-pro-7-for-business/8p43n3k93409?activetab=pivot%3aoverviewtab)** | 128 GB / Intel i5 / 8 GB RAM | None | Jan 15, 2022 | Jan 15, 2025 |
In addition, the device must also meet these criteria:
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-get-started https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulation-training-get-started.md
@@ -25,8 +25,6 @@ description: "Admins can learn how to use Attack simulation training to run simu
[!INCLUDE [Microsoft 365 Defender rebranding](../includes/microsoft-defender-for-office.md)]
-[!INCLUDE [Prerelease information](../includes/prerelease.md)]
- If your organization has Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2, which includes [Threat Investigation and Response capabilities](office-365-ti.md), you can use Attack simulation training in the Microsoft Security Center to run realistic attack scenarios in your organization. These simulated attacks can help you identify and find vulnerable users before a real attack impacts your bottom line. Read this article to learn more. > [!NOTE]
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-insights https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulation-training-insights.md
@@ -17,8 +17,6 @@ description: "Admins can learn how Attack simulation training in the Microsoft 3
Within Attack simulation training, Microsoft provides you with insights based on outcomes of simulations and trainings that employees went through. These insights will help keep you informed on the threat readiness progress of your employees, as well as recommend next steps to better prepare your employees and your environment for attacks.
-[!INCLUDE [Prerelease information](../includes/prerelease.md)]
- We are continuously working on expanding the insights that are available to you. Behavior impact and recommended actions are currently available. To start, head over to [Attack simulation training in the Microsoft 365 security center](https://security.microsoft.com/attacksimulator?viewid=overview). ## Behavior impact on compromise rate
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-payloads https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulation-training-payloads.md
@@ -17,8 +17,6 @@ description: "Admins can learn how to create custom payloads for Attack simulati
Microsoft offers a robust payload catalog for various social engineering techniques to pair with your attack simulation training. However, you might want to create custom payloads that will work better for your organization. This article describes how to create a payload in Attack simulation training in Microsoft Defender for Office 365.
-[!INCLUDE [Prerelease information](../includes/prerelease.md)]
- You can create a payload by clicking on **Create a payload** in either the [dedicated **Payloads** tab](https://security.microsoft.com/attacksimulator?viewid=payload) or within the [simulation creation wizard](attack-simulation-training.md#selecting-a-payload). The first step in the wizard will have you select a payload type. **Currently, only email is available**.
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulation-training.md
@@ -17,8 +17,6 @@ description: "Admins can learn how to simulate phishing attacks and train their
Attack simulation training in Microsoft Defender for Office 365 lets you run benign cyberattack simulations on your organization to test your security policies and practices, as well as train your employees to increase their awareness and decrease their susceptibility to attacks. This article walks you through creating a simulated phishing attack using attack simulation training.
-[!INCLUDE [Prerelease information](../includes/prerelease.md)]
- For getting started information about Attack simulation training, see [Get started using Attack simulation training](attack-simulation-training-get-started.md). To launch a simulated phishing attack, open the [Microsoft 365 security center](https://security.microsoft.com/), go to **Email & collaboration** \> **Attack simulation training**, and switch to the [**Simulations**](https://security.microsoft.com/attacksimulator?viewid=simulations) tab.
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/security-recommendations-for-priority-accounts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/security-recommendations-for-priority-accounts.md
@@ -23,7 +23,7 @@ description: "Admins can learn how to elevate the security settings and use repo
# Security recommendations for priority accounts in Microsoft 365
-Not all user accounts have access to the same company information. Some accounts have access to sensitive information, such as financial data, product development information, partner access to critical build systems, and more. Accounts that have access to highly confidential information pose a serious threat if compromised. We call these types of accounts _priority accounts_. Priority accounts include CEOs, CISOs, CFOs, infrastructure admin accounts, build system accounts and more.
+Not all user accounts have access to the same company information. Some accounts have access to sensitive information, such as financial data, product development information, partner access to critical build systems, and more. If compromised, accounts that have access to highly confidential information pose a serious threat. We call these types of accounts _priority accounts_. Priority accounts include (but aren't limited to) CEOs, CISOs, CFOs, infrastructure admin accounts, build system accounts, and more.
For attackers, ordinary phishing attacks that cast a random net for ordinary or unknown users are inefficient. On the other hand, _spear phishing_ or _whaling_ attacks that target priority accounts are very rewarding for attackers. So, priority accounts require stronger than ordinary protection to help prevent account compromise.
@@ -39,6 +39,7 @@ Microsoft 365 and Microsoft Defender for Office 365 contain several key features
|[Use Strict preset security policies for priority accounts](#use-strict-preset-security-policies-for-priority-accounts)|![Included](../../media/d238e041-6854-4a78-9141-049224df0795.png)|![Included](../../media/d238e041-6854-4a78-9141-049224df0795.png)|![Included](../../media/d238e041-6854-4a78-9141-049224df0795.png)| |[Apply user tags to priority accounts](#apply-user-tags-to-priority-accounts)|||![Included](../../media/d238e041-6854-4a78-9141-049224df0795.png)| |[Monitor priority accounts in alerts, reports, and detections](#monitor-priority-accounts-in-alerts-reports-and-detections)|||![Included](../../media/d238e041-6854-4a78-9141-049224df0795.png)|
+|[Train users](#train-users)|![Included](../../media/d238e041-6854-4a78-9141-049224df0795.png)|![Included](../../media/d238e041-6854-4a78-9141-049224df0795.png)|![Included](../../media/d238e041-6854-4a78-9141-049224df0795.png)|
| ## Increase sign-in security for priority accounts
@@ -94,6 +95,31 @@ After you secure and tag your priority users, you can use the available reports,
|Email issues for priority accounts report|The **Email issues for priority accounts** report in the Exchange admin center (EAC) contains information about undelivered and delayed messages for **priority accounts**. For more information, see [Email issues for priority accounts report](https://docs.microsoft.com/exchange/monitoring/mail-flow-reports/mfr-email-issues-for-priority-accounts-report).| |
+## Train users
+
+Training users with priority accounts can help save those users and your security operations team much time and frustration. Savvy users are less likely to open attachments or click links in questionable email messages, and they are more likely to avoid suspicious websites.
+
+The Harvard Kennedy School [Cybersecurity Campaign Handbook](https://www.belfercenter.org/CyberPlaybook) provides excellent guidance for establishing a strong culture of security awareness within your organization, including training users to identify phishing attacks.
+
+Microsoft 365 provides the following resources to help inform users in your organization:
+
+<br>
+
+****
+
+|Concept|Resources|Description|
+|---|---|---|
+|Microsoft 365|[Customizable learning pathways](https://docs.microsoft.com/office365/customlearning/)|These resources can help you put together training for users in your organization.|
+|Microsoft 365 security|[Learning module: Secure your organization with built-in, intelligent security from Microsoft 365](https://docs.microsoft.com/learn/modules/security-with-microsoft-365)|This module enables you to describe how Microsoft 365 security features work together and to articulate the benefits of these security features.|
+|Multi-factor authentication|[Two-step verification: What is the additional verification page?](https://docs.microsoft.com/azure/active-directory/user-help/multi-factor-authentication-end-user-first-time)|This article helps end users understand what multi-factor authentication is and why it's being used at your organization.|
+|Attack simulation training|[Get started using Attack simulation training](attack-simulation-training-get-started.md)|Attack simulation training in Microsoft Defender for Office 365 Plan 2 allows admin to configure, launch, and track simulated phishing attacks against specific groups of users.|
+
+In addition, Microsoft recommends that users take the actions described in this article: [Protect your account and devices from hackers and malware](https://support.microsoft.com/office/066d6216-a56b-4f90-9af3-b3a1e9a327d6). These actions include:
+
+- Using strong passwords
+- Protecting devices
+- Enabling security features on Windows 10 and Mac PCs (for unmanaged devices)
+ ## See also [Announcing Priority Account Protection in Microsoft Defender for Office 365](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/announcing-priority-account-protection-in-microsoft-defender-for/ba-p/1696385)
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing.md
@@ -24,37 +24,37 @@ description: "Learn how to update a Domain Name Service (DNS) record to use Send
[!INCLUDE [Microsoft 365 Defender rebranding](../includes/microsoft-defender-for-office.md)]
- **Summary:** This article describes how to update a Domain Name Service (DNS) record so that you can use Sender Policy Framework (SPF) with your custom domain in Office 365. Using SPF helps to validate outbound email sent from your custom domain.
+- [Prerequisites <a name="UpdateSPFTXT"></a>](#updating-your-spf-txt-record-for-office-365-a-nameUpdateSPFTXT)
+- [Create / update your SPF TXT record for Office 365 <a name="CreateUpdateSPFTXT"></a>](#to-create-or-update-your-spf-txt-record-a-namecreateupdatespftxta)
+ - [How to handle subdomains? <a name="SPFandSubdomains"></a>](#how-to-handle-subdomains-a-namespfandsubdomainsa)
+- [SPF troubleshooting and best practices <a name="TshootingSPF"></a>](#next-steps-after-you-set-up-spf-for-office-365-a-nametshootingspfa)
+- [Advanced SPF examples <a name="AdvancedSPFexs"></a>](#more-information-about-spf-a-nameadvancedspfexsa)
-In order to use a custom domain, Office 365 requires that you add a Sender Policy Framework (SPF) TXT record to your DNS record to help prevent spoofing. SPF identifies which mail servers are allowed to send mail on your behalf. Basically, SPF, along with DKIM, DMARC, and other technologies supported by Office 365, help prevent spoofing and phishing. SPF is added as a TXT record that is used by DNS to identify which mail servers can send mail on behalf of your custom domain. Recipient mail systems refer to the SPF TXT record to determine whether a message from your custom domain comes from an authorized messaging server.
+This article describes how to update an Domain Name Service (DNS) record so that you can use Sender Policy Framework (SPF) email authentication with your custom domain in Office 365.
-For example, let's say that your custom domain contoso.com uses Office 365. You add an SPF TXT record that lists the Office 365 messaging servers as legitimate mail servers for your domain. When the receiving messaging server gets a message from joe@contoso.com, the server looks up the SPF TXT record for contoso.com and finds out whether the message is valid. If the receiving server finds out that the message comes from a server other than the Office 365 messaging servers listed in the SPF record, the receiving mail server can choose to reject the message as spam.
-
-Also, if your custom domain does not have an SPF TXT record, some receiving servers may reject the message outright. This is because the receiving server cannot validate that the message comes from an authorized messaging server.
-
-If you've already set up mail for Office 365, then you have already included Microsoft's messaging servers in DNS as an SPF TXT record. However, there are some cases where you may need to update your SPF TXT record in DNS. For example:
--- Previously, you had to add a different SPF TXT record to your custom domain if you were using SharePoint Online. This is no longer required. This change should reduce the risk of SharePoint Online notification messages ending up in the Junk Email folder. Update your SPF TXT record if you are hitting the 10 lookup limit and receiving errors that say things like, "exceeded the lookup limit" and "too many hops".--- If you have a hybrid environment with Office 365 and Exchange on-premises.
+Using SPF helps to validate outbound email sent from your custom domain. It's a first step in setting up other recommended email authentication methods DMARC and DKIM (two further email authentication methods supported in Office 365).
-- You intend to set up DKIM and DMARC (recommended).
+## Updating your SPF TXT record for Office 365 <a name="UpdateSPFTXT"></a>
-## Updating your SPF TXT record for Office 365
+> [!IMPORTANT]
+> If you are a **small business**, or are unfamiliar with IP addresses or DNS configuration, call your Internet domain registrar (ex. GoDaddy, Bluehost, web.com) to ask for help with DNS configuration of SPF (and any other email authentication method). *Also*, if you haven't bought, or don't use a custom URL (in other words the URL you and your customers browse to reach Office 365 ends in **onmicrosoft.com**), SPF has been set up for you in the Office 365 service. No further steps are required in that case. Thanks for reading.
-Before you update the TXT record in DNS, you need to gather some information and determine the format of the record. This will help prevent you from generating DNS errors. For advanced examples and a more detailed discussion about supported SPF syntax, see [How SPF works to prevent spoofing and phishing in Office 365](how-office-365-uses-spf-to-prevent-spoofing.md#HowSPFWorks).
+Before you update the TXT record in DNS, you need to gather some information needed to make the record. For advanced examples and a more detailed discussion about supported SPF syntax, see [How SPF works to prevent spoofing and phishing in Office 365](how-office-365-uses-spf-to-prevent-spoofing.md#HowSPFWorks).
Gather this information: -- The current SPF TXT record for your custom domain. For instructions, see [Gather the information you need to create Office 365 DNS records](https://docs.microsoft.com/microsoft-365/admin/get-help-with-domains/information-for-dns-records).
+- The current SPF TXT record for your custom domain, if one exists. For instructions, see [Gather the information you need to create Office 365 DNS records](https://docs.microsoft.com/microsoft-365/admin/get-help-with-domains/information-for-dns-records).
-- External IP addresses of all on-premises messaging servers. For example, **131.107.2.200**.
+- Go to your messaging server(s) and find out the External IP addresses (needed from all on-premises messaging servers). For example, **131.107.2.200**.
- Domain names to use for all third-party domains that you need to include in your SPF TXT record. Some bulk mail providers have set up subdomains to use for their customers. For example, the company MailChimp has set up **servers.mcsv.net**. -- Determine what enforcement rule you want to use for your SPF TXT record. We recommend **-all**. For detailed information about other syntax options, see [SPF TXT record syntax for Office 365](how-office-365-uses-spf-to-prevent-spoofing.md#SPFSyntaxO365).
+- Figure out what enforcement rule you want to use for your SPF TXT record. The **-all** rule is recommended. For detailed information about other syntax options, see [SPF TXT record syntax for Office 365](how-office-365-uses-spf-to-prevent-spoofing.md#SPFSyntaxO365).
-### To add or update your SPF TXT record
+> [!IMPORTANT]
+> In order to use a custom domain, Office 365 requires that you add a Sender Policy Framework (SPF) TXT record to your DNS record to help prevent spoofing.
+
+## Create or update your SPF TXT record <a name="CreateUpdateSPFTXT"></a>
1. Ensure that you're familiar with the SPF syntax in the following table.
@@ -93,9 +93,9 @@ Gather this information:
4. Test your SPF TXT record.
-## How to handle subdomains?
+## How to handle subdomains? <a name="SPFandSubdomains"></a>
-It is important to note that you need to create a separate record for each subdomain as subdomains don't inherit the SPF record of their top level domain.
+It is important to note that *you need to create a separate record for each subdomain as subdomains don't inherit the SPF record of their top level domain*.
An additional wildcard SPF record (`*.`) is required for every domain and subdomain to prevent attackers from sending email claiming to be from non-existent subdomains. For example:
@@ -103,12 +103,35 @@ An additional wildcard SPF record (`*.`) is required for every domain and subdom
*.subdomain.contoso.com. IN TXT "v=spf1 -all" ```
-## More information about SPF
+## Next steps <a name="TshootingSPF"></a>
+
+Having trouble with your SPF TXT record? Read [Troubleshooting: Best practices for SPF in Office 365](how-office-365-uses-spf-to-prevent-spoofing.md#SPFTroubleshoot).
++
+## What does SPF email authentication actually do?
+
+SPF identifies which mail servers are allowed to send mail on your behalf. Basically, SPF, along with DKIM, DMARC, and other technologies supported by Office 365, help prevent spoofing and phishing. SPF is added as a TXT record that is used by DNS to identify which mail servers can send mail on behalf of your custom domain. Recipient mail systems refer to the SPF TXT record to determine whether a message from your custom domain comes from an authorized messaging server.
+
+For example, let's say that your custom domain contoso.com uses Office 365. You add an SPF TXT record that lists the Office 365 messaging servers as legitimate mail servers for your domain. When the receiving messaging server gets a message from joe@contoso.com, the server looks up the SPF TXT record for contoso.com and finds out whether the message is valid. If the receiving server finds out that the message comes from a server other than the Office 365 messaging servers listed in the SPF record, the receiving mail server can choose to reject the message as spam.
+
+Also, if your custom domain does not have an SPF TXT record, some receiving servers may reject the message outright. This is because the receiving server cannot validate that the message comes from an authorized messaging server.
+
+If you've already set up mail for Office 365, then you have already included Microsoft's messaging servers in DNS as an SPF TXT record. However, there are some cases where you may need to update your SPF TXT record in DNS. For example:
+
+- Previously, you had to add a different SPF TXT record to your custom domain if you were using SharePoint Online. This is no longer required. This change should reduce the risk of SharePoint Online notification messages ending up in the Junk Email folder. Update your SPF TXT record if you are hitting the 10 lookup limit and receiving errors that say things like, "exceeded the lookup limit" and "too many hops".
+
+- If you have a hybrid environment with Office 365 and Exchange on-premises.
+
+- You intend to set up DKIM and DMARC (recommended).
+
+## More information about SPF <a name="AdvancedSPFexs"></a>
For advanced examples, a more detailed discussion about supported SPF syntax, spoofing, troubleshooting, and how Office 365 supports SPF, see [How SPF works to prevent spoofing and phishing in Office 365](how-office-365-uses-spf-to-prevent-spoofing.md#HowSPFWorks).
-## Next steps: After you set up SPF for Office 365
+## Links to configure DKIM and DMARC
-Having trouble with your SPF TXT record? Read [Troubleshooting: Best practices for SPF in Office 365](how-office-365-uses-spf-to-prevent-spoofing.md#SPFTroubleshoot).
+ SPF is designed to help prevent spoofing, but there are spoofing techniques that SPF can't protect against. To defend against these, once you've set up SPF, you should configure DKIM and DMARC for Office 365.
+
+[DKIM](https://docs.microsoft.com/microsoft-365/security/office-365-security/use-dkim-to-validate-outbound-email?view=o365-worldwide) email authentication's goal is to prove the contents of the mail haven't been tampered with.
- SPF is designed to help prevent spoofing, but there are spoofing techniques that SPF cannot protect against. In order to protect against these, once you have set up SPF, you should also configure DKIM and DMARC for Office 365. To get started, see [Use DKIM to validate outbound email sent from your custom domain in Office 365](use-dkim-to-validate-outbound-email.md). Next, see [Use DMARC to validate email in Office 365](use-dmarc-to-validate-email.md).
+[DMARC](https://docs.microsoft.com/microsoft-365/security/office-365-security/use-dmarc-to-validate-email?view=o365-worldwide) email authentication's goal is to make sure that SPF and DKIM information matches the From address.
\ No newline at end of file
solutions https://docs.microsoft.com/en-us/microsoft-365/solutions/secure-teams-security-isolation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/secure-teams-security-isolation.md
@@ -42,7 +42,7 @@ Watch this video for an overview of the deployment process.
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4mGHf] <a name="poster"></a>
-For a 2-page summary of this scenario, see the [Microsoft Teams with security isolation poster](../downloads/team-security-isolation-poster.pdf).
+For a 1-page summary of this scenario, see the [Microsoft Teams with security isolation poster](../downloads/team-security-isolation-poster.pdf).
[![Microsoft Teams with security isolation poster](../media/secure-teams-security-isolation/team-security-isolation-poster.png)](../downloads/team-security-isolation-poster.pdf)