| Category | Microsoft Docs article | Related commit history on GitHub | Change details |
|---|---|---|---|
| microsoft-365-copilot-overview | Microsoft 365 Copilot Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/copilot/microsoft-365-copilot-overview.md | Microsoft Copilot for Microsoft 365 iteratively processes and orchestrates these The semantic index brings a whole new world of understanding to your data in Microsoft 365. Through enhanced interactions with your individual and company data via the Microsoft Graph, and the creation of a new index, the semantic index is an improvement to Microsoft 365 search that lays the foundation for the next generation of Search and Copilot experiences. The semantic index respects security and policies in the Microsoft Graph so that when a user issues a query either directly via search or in Microsoft 365 chat via Copilot, it's always in the security context of the user, and only content that a user has access to is returned. -The semantic index does more than enhance search results; it works to help you understand your data, find information quicker and improve productivity. Users can interact with the semantic index initially through Microsoft 365 Chat integration, and then over time, Microsoft will improve the search experience in SharePoint Online, Microsoft Teams, and the Microsoft 365 app: +To learn more, see [Semantic Index for Copilot](/MicrosoftSearch/semantic-index-for-copilot). --We are in the early stages of rolling out the semantic index to all organizations with Microsoft Copilot for Microsoft 365 and an eligible Microsoft 365 license, without any administrative involvement. Microsoft automatically manages the enablement of the semantic index, with prioritization given for organizations that purchase more than 300 licenses for Microsoft Copilot for Microsoft 365. When user indexing is complete, administrators will see a ΓÇÿSemantic indexing is completeΓÇÖ status in the Microsoft 365 admin center for enabled users. When tenant level indexing starts in an organization, admins will see ΓÇÿSemantic index is enabled for your organizationΓÇÖ on the Search and Intelligence page in the Microsoft 365 admin center. ---> [!IMPORTANT] -> Microsoft will not provide timelines or status of semantic indexing of user and tenant level indexing for individual tenants. Organizations are advised to use the process above to check on indexing status for their tenants. --To learn more about Semantic Index for Copilot, check out these resources: --- [Semantic Index for Copilot: Explained by Microsoft](https://www.youtube.com/watch?v=KtsVRCsdvoU)+## Availability -- [Semantic Index for Copilot whitepaper](https://aka.ms/SemanticIndex/Whitepaper)+Copilot for Microsoft 365 is an add-on plan with the following licensing prerequisites: -## Availability +- Microsoft 365 E5 +- Microsoft 365 E3 +- Office 365 E3 +- Office 365 E5 +- Microsoft 365 A5 for faculty +- Microsoft 365 A3 for faculty +- Office 365 A5 for faculty +- Office 365 A3 for faculty +- Microsoft 365 Business Standard +- Microsoft 365 Business Premium -Microsoft Copilot for Microsoft 365 is generally available as an add-on to customers with Microsoft E3, E5, A3, or A5 faculty. Contact your Microsoft account team to start the purchase process. +You can use the [Microsoft Copilot for Microsoft 365 setup guide](https://admin.microsoft.com/Adminportal/Home?Q=learndocs#/modernonboarding/microsoft365copilotsetupguide) in the Microsoft 365 admin center to assign the required licenses to users. For more information, see [Assign licenses to users in the Microsoft 365 admin center](/microsoft-365/admin/manage/assign-licenses-to-users) and [Microsoft Copilot for Microsoft 365 requirements](microsoft-365-copilot-requirements.md). ## Additional resources |
| microsoft-365-copilot-requirements | Microsoft 365 Copilot Requirements | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/copilot/microsoft-365-copilot-requirements.md | There are many Copilot experiences, including some core experiences like Excel, ## License requirements -Microsoft Copilot for Microsoft 365 users require a license for Microsoft 365 E3, E5, A3, or A5 faculty, and a license for Microsoft Copilot for Microsoft 365. You can use the [Microsoft Copilot for Microsoft 365 setup guide](https://admin.microsoft.com/Adminportal/Home?Q=learndocs#/modernonboarding/microsoft365copilotsetupguide) in the Microsoft 365 admin center to assign the required licenses to users. For more information, see [Assign licenses to users in the Microsoft 365 admin center](/microsoft-365/admin/manage/assign-licenses-to-users). +Copilot for Microsoft 365 is an add-on plan with the following licensing prerequisites: ++- Microsoft 365 E5 +- Microsoft 365 E3 +- Office 365 E3 +- Office 365 E5 +- Microsoft 365 A5 for faculty +- Microsoft 365 A3 for faculty +- Office 365 A5 for faculty +- Office 365 A3 for faculty +- Microsoft 365 Business Standard +- Microsoft 365 Business Premium ++You can use the [Microsoft Copilot for Microsoft 365 setup guide](https://admin.microsoft.com/Adminportal/Home?Q=learndocs#/modernonboarding/microsoft365copilotsetupguide) in the Microsoft 365 admin center to assign the required licenses to users. For more information, see [Assign licenses to users in the Microsoft 365 admin center](/microsoft-365/admin/manage/assign-licenses-to-users). ## Conditional Access |
| security | Microsoft 365 Security Center Defender Cloud | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-365-security-center-defender-cloud.md | f1.keywords: Previously updated : 11/15/2023 Last updated : 01/15/2024 audience: ITPro search.appverid: -> [!IMPORTANT] -> The integration of Microsoft Defender for Cloud in Microsoft Defender XDR is now in preview. Some information in this article relates to prereleased products/services that might be substantially modified before they are commercially released. Microsoft makes no warranties, express or implied, for the information provided here. - [Microsoft Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction) is now part of Microsoft Defender XDR. Security teams can now access Defender for Cloud alerts and incidents within the Microsoft Defender portal, providing richer context to investigations that span cloud resources, devices, and identities. In addition, security teams can get the complete picture of an attack, including suspicious and malicious events that happen in their cloud environment, through immediate correlations of alerts and incidents. Microsoft Defender XDR combines protection, detection, investigation, and response capabilities to protect attacks on device, email, collaboration, identity, and cloud apps. The portal's detection and investigation capabilities are now extended to cloud entities, offering security operations teams a single pane of glass to significantly improve their operational efficiency. |
| security | Whats New | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/whats-new.md | ms.pagetype: security ms.localizationpriority: medium Previously updated : 12/06/2023 Last updated : 01/15/2024 audience: ITPro - - M365-security-compliance - - tier1 +- M365-security-compliance +- tier1 You can also get product updates and important notifications through the [messag ## January 2024 +- (GA) Microsoft Defender for Cloud alerts integration with Microsoft Defender XDR is now generally available. Learn more about the integration in [Microsoft Defender for Cloud in Microsoft Defender XDR](microsoft-365-security-center-defender-cloud.md). - **Activity log** is now available within an incident page. Use the activity log to view all audits and comments, and add comments to the log of an incident. For details, see [Activity log](manage-incidents.md#activity-log). - (Preview) **[Query history](advanced-hunting-query-history.md) in advanced hunting** is now available. You can now rerun or refine queries you have run recently. Up to 30 queries in the past 28 days can be loaded in the query history pane. - (Preview) Additional features you can use to **[drill down](/advanced-hunting-query-results#drill-down-from-query-results)** further from your query results in advanced hunting are now available. |
| security | Air User Automatic Feedback Response | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/air-user-automatic-feedback-response.md | + + Title: Automatic user notifications for user reported phishing results in AIR +description: Admins can learn about the automatic feedback response feature that sends the results of automated investigation and response (AIR) to user reported phishing messages. ++++ Last updated : 12/21/2023++appliesto: + - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/mdo-security-comparison" target="_blank">Microsoft Defender for Office 365 plan 2</a> + - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a> +++# Automatic user notifications for user reported phishing results in AIR ++> [!NOTE] +> The features described in this article are currently in Private Preview, aren't available in all organizations, and are subject to change. ++In Microsoft 365 organizations with Exchange Online mailboxes, admins can configure the backend for messages that users report as malicious or not malicious in Outlook (send to Microsoft, send to a reporting mailbox, or both), and configure the various notification options for user reported messages. For more information, see [User reported settings](submissions-user-reported-messages-custom-mailbox.md). ++In Microsoft 365 organizations with Microsoft Defender for Office 365 Plan 2, when a user reports a message as phishing, an investigation is automatically created in [automated investigation and response (AIR)](air-about.md). Admins can configure the user reported message settings to send an email notification to the user who reported the message based on the verdict from AIR. This notification is also known as _automatic feedback response_. ++This article explains how to enable and customize automatic feedback response for specific AIR verdicts, how the notification email messages are sent, and what the notifications look like. ++## What do you need to know before you begin? ++- You open the Microsoft Defender portal at <https://security.microsoft.com>. To go directly to the **User reported settings** page, use <https://security.microsoft.com/securitysettings/userSubmission>. ++- You need to be assigned permissions before you can do the procedures in this article. You have the following options: + - [Email & collaboration permissions in the Microsoft Defender portal](mdo-portal-permissions.md): Membership in the **Organization Management** or **Security Administrator** role groups. + - [Microsoft Entra permissions](/microsoft-365/admin/add-users/about-admin-roles): Membership in the **Global Administrator** or **Security Administrator** roles gives users the required permissions _and_ permissions for other features in Microsoft 365. ++## Use the Microsoft Defender portal to configure automatic feedback response ++1. In the Microsoft Defender portal at <https://security.microsoft.com>, go to **Settings** \> **Email & collaboration** \> **User reported settings** tab. To go directly to the **User reported settings** page, use <https://security.microsoft.com/securitysettings/userSubmission>. ++2. On the **User reported settings** page, verify that **Monitor reported messages in Outlook** is selected. ++3. In the **Email notifications** \> **Results email** section, select **Automatically email users the results of the investigation**, and then select one or more of the following options that appear: + - **Phishing or malware**: An email notification is sent to the user who reported the message as phishing when AIR identifies the threat as phishing, high confidence phishing, or malware. + - **Spam**: An email notification is sent to the user who reported the message as phishing when AIR identifies the threat as spam. + - **No threats found**: An email notification is sent to the user who reported the message as phishing when AIR identifies no threat. ++ :::image type="content" source="../../media/air-automatic-feedback.png" alt-text="Automatic feedback response options on the User reported settings page." lightbox="../../media/air-automatic-feedback.png"::: ++4. The notification email uses the same template as when an admin selects :::image type="icon" source="../../media/m365-cc-scc-mark-and-notify-icon.png" border="false"::: **Mark as and notify** on the **Submissions** page at <https://security.microsoft.com/reportsubmission>. ++ You can customize the notification email by selecting the **Customize results email** link. ++ In the **Customize admin review email notifications** flyout that opens, configure the following settings on the **Phishing** (which corresponds to the **Phishing or malware** automatic feedback response option), **Junk** and **No threats found** tabs: ++ - **Email body results text**: Enter the custom text to use. You can use different text for **Phishing**, **Junk** and **No threats found**. + - **Email footer text**: Enter the custom message footer text to use. The same text is used for **Phishing**, **Junk** and **No threats found**. ++ :::image type="content" source="../../media/air-automatic-feedback-customize-email-notifications.png" alt-text="The user email notification customization options on the User reported settings page." lightbox="../../media/air-automatic-feedback-customize-email-notifications.png"::: ++ When you're finished in the **Customize admin review email notifications** flyout, select **Confirm** to return to the **User reported settings** page. ++## How automated feedback response works ++After you enable automated feedback response, the user who reported the message as phishing receives an email notification based on the AIR verdict and the selected **Automatically email users the results of the investigation** options: ++> [!TIP] +> The following screenshots show example notification email messages that are sent to users. As explained earlier, you can customize the notification email using the options in **Customize results email** in the user reported settings. ++- **No threats found**: If a user reports a message as phishing, the submission triggers AIR on the reported message. If the investigation finds no threats, the user who reported the message receives a notification email that looks like this: ++ :::image type="content" source="../../media/air-automatic-feedback-no-threats-found-email.png" alt-text="An example notification email for No threats found." lightbox="../../media/air-automatic-feedback-no-threats-found-email.png"::: ++- **Spam**: If a user reports a message as phishing, the submission triggers AIR on the reported message. If the investigation finds the message is spam, the user who reported the message receives a notification email that looks like this: ++ :::image type="content" source="../../media/air-automatic-feedback-spam-email.png" alt-text="An example notification email for Spam found." lightbox="../../media/air-automatic-feedback-spam-email.png"::: ++- **Phishing or malware**: If a user reports a message as phishing, the submission triggers AIR on the reported message. What happens next depends on the results of the investigation: + - **High confidence phishing or malware**: The message needs to be remediated using one of the following actions: + - Approve the recommended action (shown as pending actions in the investigation or in the Action center). + - Remediation through other means (for example, [Threat Explorer](threat-explorer-about.md)). ++ After the message has been remediated, the investigation is closed as **Remediated** or **Partially remediated**. Only when the investigation status is one of those values is the email notification sent to the user who reported the message. ++ > [!TIP] + > For high confidence phishing or malware, the investigation might immediate close as **Remediated** if the message isn't found in the mailbox (the message was deleted). There's no pending investigation to close, so no email notification is sent to the user who reported the message. ++ - **Phishing**: The investigation creates no pending actions, but the user still receives a notification email that the message was found to be phishing. ++ The notification email looks like this: ++ :::image type="content" source="../../media/air-automatic-feedback-phishing-or-malware-email.png" alt-text="An example notification email for Phishing or malware found." lightbox="../../media/air-automatic-feedback-phishing-or-malware-email.png"::: ++When AIR reaches a verdict and the notification email is sent to the user who reported the message as phishing, the following property values are shown for the entry on the **User reported** tab on the **Submissions** page in the Defender portal: ++- **Marked as**: Contains the verdict. +- **Marked by**: The value is **Automation**. ++Whether the message was automatically or manually sent to Microsoft for review, or the message was investigated by AIR, the verdict is shown in the **Marked as** property. For more information about the **User reported** tab on the **Submissions** page, see [Admin options for user reported messages](submissions-admin.md#admin-options-for-user-reported-messages). ++## Learn More ++To learn more about submissions and investigations in Defender for Microsoft 365, see the following articles: ++- [Automated investigation and response in Microsoft Defender for Office 365](air-about.md) +- [View the results of an automated investigation in Microsoft 365](air-view-investigation-results.md) +- [Admin review for reported messages](admin-review-reported-message.md) +- [How automated investigation and response works in Microsoft Defender for Office 365](air-about-office.md) |
| security | Submissions User Reported Messages Custom Mailbox | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/submissions-user-reported-messages-custom-mailbox.md | When **Monitor reported messages in Outlook** is selected and you also select ** When you're finished in the **Customize admin review email notifications** flyout, select **Confirm** to return to the **User reported settings** page. - - **Automatically email users the results of the investigation**: If you select this option, select one or more of the following values that appear: - - **Phishing or malware** - - **Spam** - - **No threats found** + - **Automatically email users the results of the investigation**: This feature is available only in Defender for Office 365 Plan 2 organizations with [automated investigation and response (AIR)](air-about.md). ++ > [!NOTE] + > This feature is currently in Private Preview, isn't available in all organizations, and is subject to change. ++ If a user reports a message as phishing, an investigation in AIR is automatically created. The following options send notification email to the user who reported the message based on the results from AIR (select one or more options): ++ - **Phishing or malware**: An email notification is sent to the user who reported the message as phishing when AIR identifies the threat as phishing, high confidence phishing, or malware. + - **Spam**: An email notification is sent to the user who reported the message as phishing when AIR identifies the threat as spam. + - **No threats found**: An email notification is sent to the user who reported the message as phishing when AIR identifies no threat. ++ For more information, see [Automatic user notifications for user reported phishing results in AIR](air-user-automatic-feedback-response.md). - **Customize sender and branding** section: - **Specify a Microsoft 365 mailbox to use ads the From address of email notifications**: Select this option and enter the sender's email address in the box that appears. If you don't select this option, the default sender is submissions@messaging.microsoft.com. |
| syntex | Syntex Privacy Security | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/syntex-privacy-security.md | Microsoft Syntex is also covered under the [Microsoft Product Terms](https://www For more detailed information, see the following resources: -- **Microsoft 365** ΓÇô [Plan for security and compliance](/purview/plan-for-security-and-compliance)+- **Microsoft 365** ΓÇô [Quick tasks for getting started with compliance in Microsoft Purview](/purview/compliance-quick-tasks) - **Microsoft SharePoint** ΓÇô [Plan compliance requirements for SharePoint and OneDrive](/SharePoint/compliant-environment) |