Category | Microsoft Docs article | Related commit history on GitHub | Change details |
---|---|---|---|
admin | Mailbox Usage | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/mailbox-usage.md | The **Mailbox** chart shows you the total number of user or shared mailboxes in > Shared mailboxes do not have activity independent of a user mailbox so only a count of shared mailboxes will be shown when this mailbox type is selected. On the Mailbox chart:+ - The Y axis is the number of user or shared mailboxes. - The X axis is the selected date range for this specific report. On the Mailbox chart: The **Storage** chart shows you amount of storage used in your organization by mailbox type. Storage Chart doesn't include archive mailboxes. For more information about auto-expanding archiving, see [Overview of auto-expanding archiving in Microsoft 365](../../compliance/autoexpanding-archiving.md). On the Storage chart:+ - The Y axis is the amount of storage being used by user or shared mailboxes in your organization. - The X axis is the selected date range for this specific report. ### The Quota chart -The **Quota** chart shows you the number of user or shared mailboxes in each quota category. There are four quota categories: +The **Quota** chart shows you the number of user or shared mailboxes in each quota category. There are four quota categories: + - Good: The number of users or shared mailboxes whose storage used is below the "issue warning" quota. - Warning: The number of users or shared mailboxes whose storage used is at or above the "issue warning" quota, but below the "prohibit send" quota. - Can't send: The number of users or shared mailboxes whose storage used is at or above the prohibit send quota, but below the prohibit send/receive quota. - Can't send/receive: The number of users or shared mailboxes whose storage used is at or above the "prohibit send/receive" quota. On the Quota chart:+ - The Y axis is the number of user or shared mailboxes in each storage quota. - The X axis is the quota category. This table shows you a breakdown of mailbox usage at the per mailbox level. You |Last activity date | The date the mailbox last had an email send or read activity. | |Item count|The total number of items in the mailbox. | |Storage used (MB)|The total storage used. |-|Deleted Item Count|The total number of deleted items in the mailbox. | -|Deleted Item Size (MB)|The total size of all deleted items in the mailbox. | +|Deleted Item Count|The total number of recoverable items in the mailbox. | +|Deleted Item Size (MB)|The total size of all recoverable items in the mailbox. | |Issue warning quota (MB)|The storage limit when the mailbox owner will receive a warning that it's about to hit the storage quota. | |Prohibit send quota (MB)|The storage limit when the mailbox can no longer send emails. | |Prohibit send receive quota (MB)|The storage limit when the mailbox can no longer send or receive emails. | This table shows you a breakdown of mailbox usage at the per mailbox level. You |Report Period| The period for which the report is available.| |Has Archive|Shows if the mailbox has an online archive enabled. | +To learn more about the recoverable items folder, see [Recoverable Items folder in Exchange Online](/exchange/security-and-compliance/recoverable-items-folder/recoverable-items-folder#recoverable-items-mailbox-quotas). If your organization's policies prevents you from viewing reports where user information is identifiable, you can change the privacy setting for all these reports. Check out the **Hide user details in the reports** section in the [Activity Reports in the Microsoft 365 admin center](activity-reports.md). |
admin | Ai Assistance | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/adoption/ai-assistance.md | Each insight captures the number of Copilot-enabled users in your organization p ### Summarize -- **Summarize a Teams meeting:** This represents the number of users who summarize meetings using Copilot in Microsoft Teams. This doesn't include the instances when the user types to summarize a meeting in the Copilot chat box.-- **Summarize a Teams conversation**: This represents the number of users who summarize Teams conversations using Copilot in Microsoft Teams. This doesn't include the instances when the user types to summarize a conversation in the Copilot chat box.-- **Summarize an email thread:** This represents the number of users who summarize email threads using Copilot in Outlook. This doesn't include the instances when the user types to summarize an Outlook thread in the Copilot chat box.-- **Summarize a Word document:** This represents the number of users who summarize Word documents using Copilot in Microsoft Word. This doesn't include the instances when the user types to summarize a document in the Copilot chat box.-- **Summarize a presentation:** This represents the number of users who summarize a presentation using Copilot in Microsoft PowerPoint. This doesn't include the instances when the user types to summarize a presentation in the Copilot chat box.+- **Summarize a Teams meeting:** This represents the number of users who summarize meetings using Copilot in Microsoft Teams. +- **Summarize a Teams conversation**: This represents the number of users who summarize Teams conversations using Copilot in Microsoft Teams. +- **Summarize an email thread:** This represents the number of users who summarize email threads using Copilot in Outlook. +- **Summarize a Word document:** This represents the number of users who summarize Word documents using Copilot in Microsoft Word. +- **Summarize a presentation:** This represents the number of users who summarize a presentation using Copilot in Microsoft PowerPoint. ### Create |
enterprise | Cross Tenant Mailbox Migration | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/cross-tenant-mailbox-migration.md | Yes. However, we only keep the store permissions as described in these articles: ### Do you have any recommendations for batches? -Don't exceed 2,000 mailboxes per batch. We strongly recommend submitting batches two weeks prior to the cut-over date as there's no impact on the end users during synchronization. If you need guidance for mailboxes quantities over 50,000, you can reach out to the Engineering Feedback Distribution List at crosstenantmigrationpreview@service.microsoft.com. +To ensure a smooth migration process, we recommend limiting the number of mailboxes per batch to 2,000 and submitting batches at least two weeks prior to the cut-over date. This will not impact end users during synchronization. For guidance on migrating quantities exceeding 50,000 mailboxes, please contact your account team for assistance. ### What if I use Service encryption with Microsoft Purview Customer Key? |
enterprise | External Guest Access | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/external-guest-access.md | Title: "Overview of external collaboration options in Microsoft 365 (IT admins)" + Title: IT Admins - Overview of external collaboration options in Microsoft 365 - Previously updated : 04/07/2022+ Last updated : 01/17/2024 audience: ITPro -description: "Learn about how people outside your organization can access your Microsoft 365 subscription for meetings, guest sharing, chat, and collaboration." +description: Learn about how people outside your organization can access your Microsoft 365 resources for meetings, guest sharing, chat, and collaboration. -# Overview of external collaboration options in Microsoft 365 (IT admins) +# IT Admins - Overview of external collaboration options in Microsoft 365 With Microsoft 365, your users can collaborate with people outside your organization in a variety of ways. Users can share files, invite guests to teams, have meetings with external participants, and chat with people from other organizations. This article covers the external collaboration options available and links to the content you need to configure each. The following table shows the primary ways people from outside your organization |Authenticated file and folder sharing|Guest account|Enabled| |Site sharing|Guest account|Enabled| |Team sharing|Guest account|Enabled|+|Cross-cloud sharing|Guest account|Disabled| +|Multitenant organization sharing|Guest account|Disabled| |Shared channel in Teams|Existing Microsoft 365 external account|Disabled| |External chat and meetings|Existing Microsoft 365 external account|Enabled|+|Cross-cloud meetings|Existing Microsoft 365 external account|Disabled| |Anonymous meeting join|None|Enabled| |Unauthenticated file and folder sharing|None|Enabled| -People outside your organization do not have access unless a user in your organization initiates one of these activities. You can disable any of these settings if you don't want to allow that activity in your organization. +People outside your organization don't have access unless a user in your organization initiates one of these activities. You can disable any of these settings if you don't want to allow that activity in your organization. ++If you have business processes or requirements around allowing collaboration with external organizations, see [Onboard trusted vendors to collaborate in Microsoft 365](/microsoft-365/solutions/trusted-vendor-onboarding). ## Document, site, and team sharing with guest accounts -Sharing documents, sites, and teams with people outside your organization uses *guest accounts*. Guest accounts are a type of account in Microsoft Entra ID that is managed through [Microsoft Entra B2B collaboration](/azure/active-directory/external-identities/what-is-b2b). They can be used to share resources in your organization with anyone who has an email address. You can manage guest accounts the same way you manage users in your organization. Guests do not require a license for most features of collaboration. +Sharing documents, sites, and teams with people outside your organization uses *guest accounts*. Guest accounts are a type of account in Microsoft Entra ID that is managed through [Microsoft Entra B2B collaboration](/entra/external-id/what-is-b2b). They can be used to share resources in your organization with anyone who has an email address, including people in [other Microsoft 365 cloud environments](#cross-cloud-sharing-and-meetings). You can manage guest accounts the same way you manage users in your organization. Guests don't require a license for most features of collaboration. Guests can only access resources that you specifically share with them. With guests you can: For information about how to plan for collaboration with guests in Microsoft 365, see the following references: - [Plan external collaboration](/microsoft-365/solutions/plan-external-collaboration)+ - [Set up secure file sharing and collaboration with Microsoft Teams](/microsoft-365/solutions/setup-secure-collaboration-with-teams) For information about how to set up Microsoft 365 for collaboration with guests, see the following references: - [Collaborate with guests on a document](/microsoft-365/solutions/collaborate-on-documents)+ - [Collaborate with guests in a site](/microsoft-365/solutions/collaborate-in-site)+ - [Collaborate with guests in a team](/microsoft-365/solutions/collaborate-as-team)- + ## Shared channels -Shared channels are a type of Teams channel that allows you to share with people outside the team, including people in other Microsoft 365 organizations. While shared channels is turned on by default in Teams, external collaboration with shared channels is disabled by default. External collaboration with shared channels uses [Microsoft Entra B2B direct connect](/azure/active-directory/external-identities/b2b-direct-connect-overview) which allows you to add people from other Microsoft 365 organizations to Teams channels without the need for creating a guest account. +Shared channels are a type of Teams channel that allows you to share with people outside the team, including people in other Microsoft 365 organizations. While shared channels is turned on by default in Teams, external collaboration with shared channels is disabled by default. External collaboration with shared channels uses [Microsoft Entra B2B direct connect](/entra/external-id/b2b-direct-connect-overview) which allows you to add people from other Microsoft 365 organizations to Teams channels without the need for creating a guest account. -Shared channels have a particular advantage over guest accounts in that they do not require external participants to switch orgs in the Teams desktop client or log into your organization. They can remain logged in to their organization and access the channel directly. +Shared channels have a particular advantage over guest accounts in that they don't require external participants to switch accounts in the Teams desktop client or log into your organization. They can use their regular work or school account and access the channel directly. -Sharing channels with people outside your organization requires that your organization and the external organization both configure an organizational relationship in [Microsoft Entra B2B Direct Connect](/azure/active-directory/external-identities/b2b-direct-connect-overview). +Sharing channels with people outside your organization requires that your organization and the external organization both configure an organizational relationship in Microsoft Entra B2B Direct Connect. For information about how to set up Microsoft 365 for external collaboration with shared channels, see the following references: - [Plan external collaboration](/microsoft-365/solutions/plan-external-collaboration)+ - [Shared channels in Microsoft Teams](/MicrosoftTeams/shared-channels)+ - [Collaborate with external participants in a channel](/microsoft-365/solutions/collaborate-teams-direct-connect) ## External chat and meetings Users in your organization can chat, add users to meetings, and use audio or video conferencing in Teams with users in external Microsoft 365 organizations. By default, users in your organization can communicate in these ways with all other Microsoft 365 domains. People in other organizations can communicate in these ways with your users if they know the user's email address. You can allow or block specific domains or block all domains if you want to disable the feature. -You can also allow users in your organization to communicate with people from outside your organization who are using Teams accounts that are not managed by an organization, as well as Skype for Business (online and on-premises) and Skype users. +You can also allow users in your organization to communicate with people from outside your organization who are using Teams accounts that aren't managed by an organization, as well as Skype for Business (online and on-premises) and Skype users. -Guest accounts are not used as part of external chat and meetings. External participants remain signed in to their organization or to Skype and can communicate directly with people in your organization. They do not have access to your teams or channels. +Guest accounts aren't used as part of external chat and meetings. External participants remain signed in to their organization or to Skype and can communicate directly with people in your organization. They don't have access to your teams or channels. For information about how to set up Microsoft 365 for external chat and meetings, see the following references: - [Use guest access and external access to collaborate with people outside your organization](/microsoftteams/communicate-with-users-from-other-organizations)+ - [Manage external access in Microsoft Teams](/microsoftteams/manage-external-access). -## Anonymous meeting join +## Anonymous meeting join People from outside your organization can join meetings in the following ways: - If they're logged in to your organization with a guest account, they join meetings as a guest.-- If they're logged in to a different organization with a work or school account, and both organizations have set up external access, they join meetings as an external participant.-- If they're not a guest or external participant, they must join meetings anonymously. -If the anonymous join setting is enabled for your organization, anonymous users can only join a meeting using a meeting link that has been shared with them (such as a link in the meeting invitation). They will be prompted to enter a display name of their choosing when joining the meeting anonymously. Depending on the lobby settings, the anonymous user may be automatically admitted to the meeting, or be added to a lobby where the meeting organizer (or meeting participants with the presenter role) can allow or deny access to the meeting. +- If they're logged in to a different organization with a work or school account, and both organizations trust each other in [external access](/microsoftteams/manage-external-access) or are part of [cross-cloud meeting connection](/microsoftteams/cross-cloud-meetings#add-a-new-cross-cloud-meeting-connection), they join meetings as an external participant. -It is not possible to verify the identity of anonymous users before, during or after the meeting. +- If they're not a guest or external participant, they must join meetings anonymously. ++If the anonymous join setting is enabled for your organization, anonymous users can join a meeting using a meeting link that has been shared with them (such as a link in the meeting invitation). They're prompted to enter a display name of their choosing when joining the meeting anonymously. Depending on the lobby settings, the anonymous user may be automatically admitted to the meeting, or be added to a lobby where the meeting organizer (or meeting participants with the presenter role) can allow or deny access to the meeting. -You can control anonymous users' ability to join meetings at the organization level. If it's enabled for the organization, meeting organizers can control anonymous join through meeting policy settings. +It is not possible to verify the identity of anonymous users before, during or after the meeting. -For information about configuring anonymous join for meetings, see [Manage anonymous participant access to Teams meetings](/microsoftteams/anonymous-users-in-meetings). +You can control anonymous users' ability to join meetings at the organization level and through meeting policy settings. For information about configuring anonymous join for meetings, see [Manage anonymous participant access to Teams meetings](/microsoftteams/anonymous-users-in-meetings). ## Unauthenticated file and folder access In Microsoft 365, files and folders in Teams, SharePoint, and OneDrive can be shared using unauthenticated - or *Anyone* - links. Anyone links give access to the shared item to anyone who has the link. Anyone links can be shared with others, giving those people access to the file or folder. -People using an Anyone link do not have to authenticate, and their access cannot be audited. File and folder owners can revoke access at any time by deleting the link. +People using an Anyone link don't have to authenticate, and their access can't be audited. File and folder owners can revoke access at any time by deleting the link. Anyone links can't be used with files in a Teams shared channel site. For information about working with anonymous file and folder sharing, see the following references: - [Manage sharing settings](/sharepoint/turn-external-sharing-on-or-off)+ - [Best practices for sharing files and folders with unauthenticated users](/microsoft-365/solutions/best-practices-anonymous-sharing) -## Related topics +## Cross-cloud sharing and meetings -[Intro to file collaboration in Microsoft 365, powered by SharePoint](/sharepoint/intro-to-file-collaboration) +You can collaborate with users in other Microsoft Azure cloud environments (such as between Microsoft Azure Commercial and Microsoft Azure Government) in the following ways: ++- **Cross-cloud guest access** - You can share documents, sites, and teams with organizations that are in other Microsoft Azure cloud environments. ++- **Cross-cloud meetings** - You can meet with people in other Microsoft Azure cloud environments with an authenticated meeting experience that doesn't require guest accounts. ++Both options require that you enable connections to the other cloud environment and set up an organizational relationship with the specific organization with which you want to collaborate. ++For information about setting up cross-cloud guest access, see [Collaborate with guests from other Microsoft 365 cloud environments](/microsoft-365/solutions/collaborate-guests-cross-cloud). ++For information about setting up cross-cloud meetings, see [Meet with people in other Microsoft 365 cloud environments](/microsoftteams/cross-cloud-meetings). ++## Multitenant organizations ++If your organization manages multiple Microsoft 365 tenants, you can set up a multitenant organization in Microsoft 365 to facilitate collaboration and resource access between tenants. Multitenant organizations synchronize users between tenants using Microsoft Entra B2B collaboration users. With the new Microsoft Teams desktop client, users can search for users in other tenants, receive real-time notifications from all the tenants in the multitenant organization, and participate in chats, meetings, and calls across all of the tenants without needing to switch tenants. ++For information about how to set up a multitenant organization, see [Plan for multitenant organizations in Microsoft 365](/microsoft-365/enterprise/plan-multi-tenant-org-overview) and [Set up a multitenant org in Microsoft 365](/microsoft-365/enterprise/set-up-multi-tenant-org). ++## Related articles ++[Intro to file collaboration in Microsoft 365](/sharepoint/intro-to-file-collaboration) [File collaboration in SharePoint with Microsoft 365](/sharepoint/deploy-file-collaboration) [Use guest access and external access to collaborate with people outside your organization](/microsoftteams/communicate-with-users-from-other-organizations) -[Limit guest sharing to specific organizations](/microsoft-365/solutions/limit-guest-sharing-to-specific-organization) - [Limit organizations where users can have guest accounts](/microsoft-365/solutions/limit-organizations-where-users-have-guest-accounts) [Control who can bypass the meeting lobby in Microsoft Teams](/microsoftteams/who-can-bypass-meeting-lobby) |
frontline | Flw Team Collaboration | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/flw-team-collaboration.md | searchScope: appliesto: - Microsoft Teams - Microsoft 365 for frontline workers Previously updated : 09/27/2022 Last updated : 1/17/2024 # Frontline team collaboration Bring your frontline together to communicate, collaborate, and streamline operat ## Day-to-day communications and collaboration in Teams -Microsoft Teams enables your on-the-ground staff to collaborate efficiently with included collaboration features and apps. Your frontline workforce can use Teams on either personal or shared devices depending on the needs of your organization. +Microsoft Teams enables your on-the-ground staff to collaborate efficiently with collaboration features and apps. Your frontline workforce can use Teams on either personal or shared devices depending on the needs of your organization. -Teams includes the following ways to communicate and share information: +Here are some of the ways that your frontline can use Teams to communicate and share information. |Task |Description |Manage this capability |End-user training | |--||--||-|Chat, post messages, and communicate |Your frontline workers can seamlessly communicate within and across locations to with individual and channel chat messaging. Teams provides a great out-of-the-box collaboration experience for your organization, and most organizations find that the default settings work for them. |[Manage Chat, teams, channels, and apps](/microsoftteams/deploy-chat-teams-channels-microsoft-teams-landing-page). | [Start chats](https://support.microsoft.com/office/start-and-pin-chats-a864b052-5e4b-4ccf-b046-2e26f40e21b5) and [Work with posts and messages](https://support.microsoft.com/office/create-and-format-a-post-e66777da-636b-49eb-9408-b0d88b212885). Watch the [Tags in Microsoft Teams video](https://go.microsoft.com/fwlink/?linkid=2202727). | -|Call and meet with team members |Managers can set up individual meetings, or use channel meetings to manage daily meetings, both with the power of Teams audio, video, screen sharing, recording, and transcription features. You'll need to configure settings for meetings and conferencing, and enable a voice solution to use calling. |[Manage calling and meeting in Teams](/microsoftteams/deploy-meetings-microsoft-teams-landing-page) and [Plan your Teams voice solution](/microsoftteams/cloud-voice-landing-page) |[Make calls](https://support.microsoft.com/office/overview-of-teams-calls-425d6970-6e27-47b6-bc61-4c38fff51c4f) and [Join a meeting](https://support.microsoft.com/office/join-a-teams-meeting-078e9868-f1aa-4414-8bb9-ee88e9236ee4) | -|Store and share files and documents |Sharing files allows in-store staff to easily access information such as merchandising diagrams without having to leave the sales floor or get help from a manager. Every team automatically comes with a Files tab that you can use to store and share documents. This tab actually represents a folder within the default team site document library in SharePoint that is automatically created when the team is created. |[Overview of Teams and SharePoint integration](/sharepoint/teams-connected-sites) |[Upload and share files](https://support.microsoft.com/office/upload-and-share-files-57b669db-678e-424e-b0a0-15d19215cb12) | +|Chat, post messages, and communicate |Your frontline workers can seamlessly communicate within and across locations through chats and channel conversations. Teams provides a great out-of-the-box collaboration experience for your organization, and most organizations find that the default settings work for them. |[Manage chat, teams, channels, and apps](/microsoftteams/deploy-chat-teams-channels-microsoft-teams-landing-page). |Chats:<ul><li>[Chat in Teams](https://support.microsoft.com/en-us/office/chat-in-microsoft-teams-f3a917cb-1a83-42b2-a097-0678298703bb)</li><li>[Start chats](https://support.microsoft.com/office/start-and-pin-chats-a864b052-5e4b-4ccf-b046-2e26f40e21b5) (video)</li></ul> Channel conversations: <ul><li>[Send a message to a channel](https://support.microsoft.com/office/send-a-message-to-a-channel-in-microsoft-teams-5c8131ce-eaad-4798-bc73-e33f4652a9c4)</li><li>[Work with posts and messages](https://support.microsoft.com/office/create-and-format-a-post-e66777da-636b-49eb-9408-b0d88b212885) (video training)</li></ul>[Using tags in Teams](https://support.microsoft.com/office/using-tags-in-microsoft-teams-667bd56f-32b8-4118-9a0b-56807c96d91e)| +|Call and meet with team members |Managers can set up individual meetings, or use channel meetings to manage daily meetings, both with the power of Teams audio, video, screen sharing, recording, and transcription features. You'll need to configure settings for meetings and conferencing, and enable a voice solution to use calling. |[Overview of meetings, webinars, and town halls in Teams](/microsoftteams/deploy-meetings-microsoft-teams-landing-page) and [Plan your Teams voice solution](/microsoftteams/cloud-voice-landing-page) |Calls: <ul><li>[Make calls](https://support.microsoft.com/en-us/office/start-a-call-from-a-chat-in-microsoft-teams-f5138c9d-df4c-43d8-9cf6-53400c1a7798)</li><li>[Overview of Teams calls](https://support.microsoft.com/office/overview-of-teams-calls-425d6970-6e27-47b6-bc61-4c38fff51c4f) (video training)</li></ul> Meetings:<ul><li>[Join a meeting in Teams](https://support.microsoft.com/en-us/office/join-a-meeting-in-microsoft-teams-1613bb53-f3fa-431e-85a9-d6a91e3468c9)</li><li>[Join a meeting](https://support.microsoft.com/office/join-a-teams-meeting-078e9868-f1aa-4414-8bb9-ee88e9236ee4) (video training)</li></ul>| +|Store and share files and documents |Sharing files allows in-store staff to easily access information such as merchandising diagrams without having to leave the sales floor or get help from a manager. Every team automatically comes with a **Files** tab that you can use to store and share documents. This tab actually represents a folder within the default team site document library in SharePoint that's' automatically created when the team is created. |[Overview of Teams and SharePoint integration](/sharepoint/teams-connected-sites) |[Upload and share files](https://support.microsoft.com/office/upload-and-share-files-57b669db-678e-424e-b0a0-15d19215cb12) (video training) | ### See examples of how different industries can use communication capabilities in Teams Retail employees can use Teams to keep in touch and better serve customers. Diff #### Healthcare -Healthcare workers in a hospital use Teams capabilities to coordinate care. Everyone in the office is part of a general chat, and each group of workers (doctors, nurses, receptionists, and other staff) has their own channel where they can ask questions and communicate. Staff in different departments use Teams meetings and calls to keep up to date without having to leave their stations. When multiple staff are attending to one patient, they share notes and care plans over Teams. Staff who work with instruments and machinery, such as medical instrument technicians, can share fact and care sheets about equipment. +Healthcare workers in a hospital use Teams capabilities to coordinate care. Everyone in the office is part of a general chat, and each group of workers (doctors, nurses, receptionists, and other staff) can have their own channel where they can ask questions and communicate. Staff in different departments uses Teams meetings and calls to keep up to date without having to leave their stations. When multiple staff are attending to one patient, they share notes and care plans over Teams. Staff who work with instruments and machinery, such as medical instrument technicians, can share fact and care sheets about equipment. #### Financial services Bank employees can use Teams to communicate across branches and share informatio #### Manufacturing -Manufacturing workers can use Teams to communicate and coordinate production within and across locations. Plants can hold morning stand-up meetings without anyone having to leave their stations. Workers can use chat to get in touch with each other and foremen or supervisors so they don't need to search across large areas to find help. Your team can use file sharing to make sure everyone has on-the-go access to manuals, instruction sheets, inspection records, and any other information your workers need. +Manufacturing workers can use Teams to communicate and coordinate production within and across locations. Plants can hold morning stand-up meetings without anyone having to leave their stations. Workers can use chat to get in touch with each other and supervisors so they don't need to search across large areas to find help. Your team can use file sharing to make sure everyone has on-the-go access to manuals, instruction sheets, inspection records, and any other information your workers need. ## Apps in Teams Your team can use apps in Teams to coordinate and collaborate with each other on - [Streamline approvals with Approvals](#streamline-approvals-with-approvals) - [Check in on progress with Updates](#check-in-on-progress-with-updates) -Financial services organizations can also use the [Collaboration Manager for Loans](/industry/financial-services/collaboration-manager/overview) to seamlessly collaborate on the lending process. - > [!TIP] > Examples are given for the financial services, healthcare, nonprofit, and retail industries, but you can use these apps for an organization in any sector. ### Create, manage, and share schedules with Shifts -Use Shifts to seamlessly manage and share schedules. Managers can create custom groups such as cashiers, nurses, or mortgage specialists, assign shifts to employees, add custom labeling and breaks, and add open shifts that employees can request to take. Employees can use Shifts to set their availability, view their schedules, swap shifts with coworkers, and clock in and out. Managers can also create open shifts that employees can request. For example, a volunteer coordinator at a nonprofit could create open shifts that volunteers can request to take. --Learn how to [Manage Shifts for your organization](/microsoftteams/expand-teams-across-your-org/shifts/manage-the-shifts-app-for-your-organization-in-teams?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json). +Use Shifts to seamlessly manage and share schedules. Managers can create custom groups such as cashiers, nurses, or mortgage specialists, assign shifts to employees, add breaks, and add open shifts that employees can request to take. Employees can use Shifts to set their availability, view their schedules, swap shifts with coworkers, clock in and out, and more. For example, a volunteer coordinator at a nonprofit could create open shifts that volunteers can request to take. -Learn how to [help your employees track time and attendance with Shifts](shifts-toolkit.md). +Learn how to [manage Shifts for your organization](/microsoftteams/expand-teams-across-your-org/shifts/manage-the-shifts-app-for-your-organization-in-teams?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json). Share this [Shifts video training](https://support.microsoft.com/office/what-is-shifts-f8efe6e4-ddb3-4d23-b81b-bb812296b821) with your users. -[View videos and resources](shifts-toolkit.md) to share with your team to help them use features in Shifts. - ### Keep in touch with Walkie Talkie -The Walkie Talkie app provides instant push-to-talk communication. By using Walkie Talkie, employees and managers can communicate from anywhere in the store. For example, if a customer on one side of the store asks an employee if an item is in stock on the other side of the store, the employee can use Walkie Talkie to contact someone who works near the item. Because Walkie Talkie doesnΓÇÖt have limited range, employees can also easily consult with experts in other stores or corporate offices. +The Walkie Talkie app in Teams provides a push-to-talk (PTT) experience that enables clear, instant, and secure voice communications. For example, if a customer at one side of the store asks an employee if an item is in stock on the other side of the store, the employee can use Walkie Talkie to contact someone who works near the item. Employees can also easily consult with experts in other stores or corporate offices. Because Walkie Talkie works over Wi-Fi or cellular data, your frontline can communicate from anywhere they have an internet connection. |Industry |Example | |:--|:-|-|Retail | If a customer asks a store associate a question they don't know the answer to, the associate can use Walkie Talkie to call a manager or another expert without having to leave the customer. | -|Healthcare |A medical staff member who has a question about a patient's treatment can use Walkie Talkie to call another staff member who works with the patient. | +|Retail | If a customer asks a store associate a question they don't know the answer to, the associate can use Walkie Talkie to communicate with a manager or another expert without having to leave the customer. | +|Healthcare |A medical staff member who has a question about a patient's treatment can use Walkie Talkie to communicate with another staff member who works with the patient. | |Financial services |A bank employee discussing loan options with a customer can use Walkie Talkie to consult a loan expert to determine the best option for the customer. |-|Manufacturing |A technician can use Walkie Talkie to consult with an expert in another location while performing equipment maintenance or repair. | +|Manufacturing |A technician can use Walkie Talkie to consult with an expert in another location while performing equipment maintenance or repairs. | Learn how to [manage Walkie Talkie for your organization](/microsoftteams/walkie-talkie?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json). -Share this [Walkie Talkie video training](https://support.microsoft.com/office/use-walkie-talkie-in-teams-884a008a-761e-4b62-99f8-15671d9a2f69) with your users. +Share these Walkie Talkie resources with your users: -Watch the [Walkie Talkie featurette video](https://go.microsoft.com/fwlink/?linkid=2202710). +- [Get started with Teams Walkie Talkie](https://support.microsoft.com/office/get-started-with-teams-walkie-talkie-25bdc3d5-bbb2-41b7-89bf-650fae0c8e0c) +- [Communicate with your team in Walkie Talkie](https://support.microsoft.com/office/communicate-with-your-team-in-walkie-talkie-e4342550-5516-4451-b9ec-93166b60f8a4) ### Boost morale with Praise The Praise app allows management and frontline team members to congratulate each |Retail |A store manager can send the **Awesome** badge to an associate who meets their sales goals. | |Healthcare |A healthcare worker can send the **Kind heart** badge to a peer who puts extra effort into patient care. | |Financial services |A bank manager can send the **Achiever** badge to a relationship manager who helps to retain an important client. |-|Manufacturing |A supervisor can send the **Leadership** badge to a foreman whose team is performing well. | +|Manufacturing |A manager can send the **Leadership** badge to a supervisor whose team is performing well. | Learn how to [manage the Praise app for your organization](/microsoftteams/manage-praise-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json). Learn how to [manage the Tasks app for your organization](/microsoftteams/manage Share this [Tasks video training](https://support.microsoft.com/office/use-the-tasks-app-in-teams-e32639f3-2e07-4b62-9a8c-fd706c12c070) with your users. -Watch the [Tasks featurette video](https://go.microsoft.com/fwlink/?linkid=2202616). - ### Streamline approvals with Approvals Use Approvals to streamline requests and processes with your team. Create, manage, and share approvals directly from your hub for teamwork. Start an approval flow from the same place you send a chat, in a channel conversation, or from the Approvals app itself. Just select an approval type, add details, attach files, and choose approvers. Once submitted, approvers are notified and can review and act on the request. You can allow the Approvals app for your organization and add it to Teams. Learn how to [manage the Approvals app for your organization](/microsoftteams/ap Share this [Approvals video training](https://support.microsoft.com/office/what-is-approvals-a9a01c95-e0bf-4d20-9ada-f7be3fc283d3?wt.mc_id=otc_microsoft_teams) with your users. -Watch the [Approvals featurette video](https://go.microsoft.com/fwlink/?linkid=2202800). - ### Check in on progress with Updates The Updates in Microsoft Teams app provides a centralized place for members of your organization to create, review, and submit updates. By creating templates, you can use the Updates app to keep track of anything your organization needs. Updates is available for both desktop and mobile. Learn how to [manage the Updates app for your organization](/microsoftteams/mana Share this [Updates video training](https://support.microsoft.com/office/get-started-in-updates-c03a079e-e660-42dc-817b-ca4cfd602e5a) with your users. -Watch the [Updates featurette video](https://go.microsoft.com/fwlink/?linkid=2202831). --## Set up your teams, channels, and apps --When you're ready to connect your retail associates in Teams, you can set up teams and channels for your store teams and managers with pre-built or custom templates. The easiest way is to start with a template. The **Organize a store** and **Retail for managers** [templates](/microsoftteams/get-started-with-retail-teams-templates?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json) are pre-made templates that include channels and apps designed for retail. You can also create a template based off of an existing team. Even when you start with a template, you can customize the team and channels, and add more apps to suit your team's needs. --- Use channels with tabs to share news, keep employees in touch across shifts, and build community.-- Use teams templates to set up teams with similar structures (such as channels and tabs) across stores or regions.+## Manage apps -### Create a team based on a template --1. In Microsoft Teams, select **Join or create a team**. --2. Select **Create a team** and then scroll down to see available templates. --More information: [Create a team with templates](https://support.microsoft.com/office/create-a-team-with-team-templates-702a2977-e662-4038-bef5-bdf8ee47b17b) --### Manage apps --Refine what's in your team with apps. You can allow or block apps for your organization, or configure settings for apps, in the Microsoft Teams admin center. For more information about managing apps, see [Manage apps in the Microsoft Teams admin center](/microsoftteams/manage-apps). +Manage apps for your organization in the Teams admin center. To learn more, see [Overview of app management and governance in Teams admin center](/microsoftteams/manage-apps). Your users can add any apps that you have allowed to their teams. Share this training with your users to show them how: [Find and use apps](https://support.microsoft.com/office/find-and-use-apps-6e22a734-c002-4da0-ba63-681f155b142d). You can also set up shared mailboxes to allow for incoming mail from customers ( ## Use Viva Connections to create a personalized experience -> [!NOTE] -> Viva Connections isn't currently available for tablets. - Viva Connections is part of the [Microsoft Viva suite](/viva/microsoft-viva-overview) and enables you to create a personalized landing experience in Teams. -![Screenshot of the Viva Connections Dashboard on a mobile device.](media/flw-shifts-praise-tasks-approvals.png) --Use the Viva Connections Dashboard and add the Shifts, Tasks, and Approvals cards. Cards are connected to the Shifts, Tasks, and Approvals apps in Teams. Content in the cards is dynamic and personalized to the user. +The Viva Connections dashboard provides fast and easy access to information and job-related tasks. For example, add the Shifts card to show information about the next or current shift from the Shifts app. Content in the cards is dynamic and personalized to the user. -Learn more about [how to get Viva Connections](/viva/connections/viva-connections-overview) and [how to create a Viva Connections Dashboard](/viva/connections/create-dashboard). +Learn more about [Viva Connections](/viva/connections/viva-connections-overview) and [how to create a Viva Connections dashboard](/viva/connections/create-dashboard). ## Learn more about Teams capabilities for specific industries - [Teams for Retail](teams-for-retail-landing-page.md) - [Teams for Healthcare](teams-in-hc.md)-- [Collaboration Manager for Loans for Financial Services](/industry/financial-services/collaboration-manager/overview)+- [Teams for Manufacturing](teams-for-manufacturing.md) |
frontline | Hc Delegates | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/hc-delegates.md | -description: Learn how a user with Away status or Do Not Disturb status can explicitly set another user as a delegate in their Microsoft Teams status message. +description: Learn how a user with Away status or Do not disturb status can set another user as a delegate in their Teams status message. Previously updated : 11/03/2022 Last updated : 1/17/2024 # Use a Teams status message to assign a delegate -Users in Microsoft Teams can set their status to Away or Do not Disturb, and include a custom text status message. A user who's going to be away can assign someone as a delegate who people can contact instead. The message delegation feature works as follows: +Users in Microsoft Teams can set their status to Away or Do not disturb, and include a custom status message. A user who's going to be away can assign someone as a delegate who people can contact instead. The message delegation feature works as follows: 1. The user who's going to be away @mentions another user (the delegate) in their status message to let people know to contact the delegate instead while the user is away. ![Screenshot of a status message with a user set as a delegate.](media/message-delegation.png) -1. The user who's been @mentioned gets notified that they've been nominated as a delegate. -1. When someone opens a chat with the away user and sees their status message, they can hover over the delegate and easily message them instead. +1. The user who's @mentioned gets notified that they're designated as a delegate. +1. When someone opens a chat with the away user and sees their status message, they see the delegate's name and can easily message them instead. -Users can initiate the process themselves, and no admin involvement is required to enable the feature. +Users can initiate this process themselves. No admin involvement is required to enable the feature. -> [!NOTE] -> Status notes and delegation mention behaviors are also available in Skype for Business, but their availability depends on the user's co-existence mode. Skype for Business doesn't enforce a character limit on status notes. However, Microsoft Teams will only display the first 280 characters of a note set from Skype for Business. An ellipses (...) at the end of a note indicates that it's been truncated. Skype for Business doesn't support expiry times for notes. <br>Skype for Business Online was retired on July 31, 2021. [Learn how to upgrade to Microsoft Teams](/microsoftteams/upgrade-start-here). +## Example scenario -## Teams status message delegation use scenario in Healthcare --**Usage example without setting delegates** --Dr. Franco Piccio is on call at the radiology department. He receives an urgent personal call and has to step away for the next couple of hours. He asks one of his peers in the radiology department, Dr. Lena Ehrle, to cover for him while he's gone. He informally hands over his pager to Dr. Ehrle, who listens for urgent messages and pings on the pager and responds to them on behalf of Dr. Piccio in addition to her current responsibilities. Others on the team may not realize the informal delegation happened. Confusion ensues with a patient's care. --**Usage example with setting delegates** --Dr. Franco Piccio is on call at the radiology department. He receives an urgent personal call and has to step away for the next couple of hours. He asks one of his peers in the radiology department, Dr. Lena Ehrle to cover for him while he's gone. He changes his custom status message to say "I am unavailable for the next few hours. Please contact @DrEhrle for any emergencies." Others on the team realize the delegation happened as they're attempting to contact Dr. Piccio, so they now know to contact Dr. Ehrle in the meantime. Little to no confusion ensues with a patient's care. +Ravi Costa is a doctor on call at the radiology department. Ravi receives an urgent personal call and has to step away for the next couple of hours. Ravi asks a peer in the radiology department, Max Morin, to cover for them while they're away. They change their status in Teams to Away and set a status message that says "I'm unavailable for the next few hours. Contact @MaxMorin for any emergencies." Max is notified in Teams, and team members who try to contact Ravi see the status message and know to contact Max in the meantime. |
frontline | Messaging Policies Hc | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/messaging-policies-hc.md | Title: Secure Messaging for healthcare organizations using Microsoft Teams + Title: Messaging policy settings for healthcare organizations using Microsoft Teams appliesto: - Microsoft Teams - Microsoft 365 for frontline workers -description: Learn how to customize a Secure Messaging policy for Microsoft Teams that can include read receipts and priority notifications. +description: Learn how to customize a messaging policy for Microsoft Teams that can include read receipts and priority notifications. Previously updated : 10/28/2022 Last updated : 1/17/2024 -# Secure Messaging for healthcare organizations +# Messaging policies for healthcare organizations -Messaging policies are used to control which chat and channel messaging features are available to users in Microsoft Teams. They're part of the overall deployment of Secure Messaging for healthcare organizations like hospitals, clinics, or doctor's offices, where having a message picked up and acted upon in a timely manner is crucial, as is knowing when messages are read. +Messaging policies are used to control which chat and channel messaging features are available to users in Microsoft Teams. They're part of the overall messaging deployment for healthcare organizations like hospitals, clinics, or doctor's offices, where having a message picked up and acted upon in a timely manner is crucial, as is knowing when messages are read. -You can use the global (Org-wide default) policy or create one or more custom messaging policies for people in your organization. Users in your organization will automatically get the global policy unless you create and assign a custom policy. After you create a custom policy, assign it a user or groups of users in your organization. For example, you may choose to only allow certain job roles to use these features (perhaps doctors and nurses only) and other workers (like the janitorial or kitchen staff) to get a more limited set of features. Decide for yourself what needs your organization has, the guidance here is at most a suggestion. +You can use the global (Org-wide default) policy that's automatically created or create and assign custom messaging policies. Users in your organization automatically get the global policy unless you create and assign a custom policy. Edit the settings in the global policy or create and assign one or more custom policies to turn on or turn off the features that you want. -Policies can be easily managed in the [Microsoft Teams admin center](https://admin.teams.microsoft.com) by logging in with administrator credentials and choosing **Messaging policies** in the left navigation pane. +For example, you might choose to only allow certain job roles to use certain features (perhaps doctors and nurses only) and other workers (like food services staff) to get a more limited set of features. Decide for yourself what needs your organization has, the guidance here is at most a suggestion. - :::image type="content" source="media/hc-messaging-policy-admin-center-new.png" alt-text="Screenshot of the Messaging policies page." lightbox="media/hc-messaging-policy-admin-center-new.png"::: - - To edit the existing default Messaging policy for your organization, select **Global (Org-wide default)**, and then make your changes. To create a new custom messaging policy, select **Add**, and then select your settings. Choose **Save** when you're done. +You manage messaging policies in the Teams admin center. To learn more, see [Manage messaging policies in Teams](/microsoftteams/messaging-policies-in-teams). -![Screenshot of messaging policy settings.](media/hc-messaging-policy.png) --The following settings are of special interest for Healthcare applications, and should be considered when designing a custom policy used in the Healthcare field: +The following messaging policy settings are of special interest for healthcare organizations, and should be considered when designing a custom policy used in the healthcare field. ## Read receipts -Read receipts allows the sender of a chat message to know when their message was read by the recipient in 1:1 and group chats 20 people or less. Use this setting to specify whether read receipts are user controlled, on for everyone, or off for everyone. Message read receipts are important in Healthcare organizations because they remove uncertainly about whether a message was read. +[Read receipts](https://support.microsoft.com/office/use-read-receipts-for-messages-in-microsoft-teams-533f2334-32ef-424b-8d56-ed30e019f856) allows the sender of a chat message to know when their message was read by the recipient in 1:1 chats and in group chats of 20 people or less. Use this setting to specify whether read receipts are user controlled, on for everyone, or off for everyone. Message read receipts are important in healthcare organizations because they remove uncertainly about whether a message was read. -For Healthcare applications, choose either **User controlled** or **On for everyone**. Keep in mind that when using the **On for everyone** setting, the only way to set receipts for the whole tenant is either to have only one messaging policy for the whole tenant (the default policy named "Global (Org-wide Default)") or to have all messaging policies in the tenant use the same settings for receipts. The read receipts feature is most effective when the feature is enabled to **On for everyone**. +For healthcare applications, choose either **User controlled** or **On for everyone**. Keep in mind that when using the **On for everyone** setting, the only way to set receipts for the whole tenant is either to have only one messaging policy for the whole tenant (the default global policy) or to have all messaging policies in the tenant use the same settings for receipts. The read receipts feature is most effective when set to **On for everyone**. -*Usage example without read receipts:* Jakob Roth, a high risk patient, is admitted to the hospital. Sofia Krause is a nurse working as part of the inter-disciplinary team (IDT) of medical workers, including different specialists, is assigned as the primary care coordinator in charge of this patient. Sofia sends emails and other instant messages to a group of nurses and doctors who use various messaging clients and apps, and often gets no response or indication whether a message was read by team members. Due to tangled communication processes, Jakob's medication is misapplied and his hospital stay is extended. +### Example scenario -*Usage example with read receipts:* Jakob Roth, a high risk patient, is admitted to the hospital. Sofia Krause is a nurse working as part of the inter-disciplinary team (IDT) of medical workers, including different specialists, is assigned as the primary care coordinator in charge of this patient. Sofia starts a group chat with a set of doctors and other nurses who will be working with the patient to coordinate care and starts an emergency triage. The nurses and doctors communicate and collaborate over the patient's care plan throughout the care coordination process. Important and urgent messages are sent through 1:1 and group chat conversations. Sofia uses the read receipts functionality to determine if messages sent requesting support are delivered and read by the targeted physicians or nurses. Jakob's patient outcomes are near-optimal and he goes home sooner because his health team communicates smoothly. +Remy Morris, a high-risk patient, is admitted to the hospital. Sofia Krause is a nurse who is assigned as the primary care coordinator of this patient. Sofia starts a group chat with a set of doctors and other nurses who are working with the patient and starts an emergency triage. The doctors and nurses communicate and collaborate over the patient's care plan. Important and urgent messages are sent through 1:1 and group chat conversations. Sofia uses read receipts to determine whether messages sent requesting support are delivered and read by the care team. ## Send urgent messages using priority notifications -A user can mark a message as *urgent* when sending chat messages to other users. This feature helps hospital staff alert one another when a critical incident requires their attention. Unlike regular *important* messages, [priority notifications](https://support.microsoft.com/article/mark-a-message-as-important-or-urgent-in-teams-ea99d5b6-1317-4550-8d75-86ff14cd4462) notify users every two minutes for up to 20 minutes or until the message is picked up and read by the recipient, maximizing the likelihood that the message is acted upon in a timely manner. +A user can mark a message as *urgent* when sending chat messages to other users. This feature helps hospital staff alert one another when a critical incident requires their attention. [Urgent messages using priority notifications](https://support.microsoft.com/article/mark-a-message-as-important-or-urgent-in-teams-ea99d5b6-1317-4550-8d75-86ff14cd4462) notify users every two minutes for up to 20 minutes or until the recipient reads the message, maximizing the likelihood that the message is acted upon in a timely manner. ++An admin can enable or disable the ability for users assigned this policy to send priority notifications. This feature is on by default. The recipient of the priority message might not have the same messaging policy, and won't be able to disable receiving priority messages. For healthcare applications, we recommend enabling the feature for at least some users, but you'll need to determine which ones. -An admin can enable or disable the ability for users assigned this policy to send priority notifications. This feature is on by default. The recipient of the priority message might not have the same messaging policy, and won't have an option to disable receiving priority messages. For Healthcare applications, we recommend enabling the feature for at least some users, but you'll need to determine which ones. +### Example scenario -*Usage example:* Sofia Krause is readmitting a high-risk patient, Jakob Roth. Manuela Carstens, a physician, is the primary care doctor for this patient. Sofia sends a message to Manuela using a priority notification asking for immediate help with triage of Jakob. Manuela's phone receives the message but Manuela didn't feel the phone vibration and doesn't reply. Teams renotifies Manuela and will continue to persistently renotify until she reads the message. If read receipts are also enabled, Sofia can be aware that the message was read by Manuela, even before Manuela decides how to respond. +Sofia Krause is readmitting a patient, Jakob Roth. Manuela Carstens, a physician, is the primary care doctor for this patient. Sofia sends an urgent message to Manuela using priority notifications asking for immediate help with triage of Jakob. Manuela's phone receives the message but Manuela didn't feel the phone vibration and doesn't reply. Teams renotifies Manuela and continues to repeatedly notify until Manuela reads the message. If read receipts are also enabled, Sofia is aware that the message was read by Manuela, even before Manuela decides how to respond. -## Related topics +## Related articles - [Manage messaging policies in Teams](/microsoftteams/messaging-policies-in-teams) - [Get started with Teams for Healthcare organizations](teams-in-hc.md) |
frontline | Simplify Business Processes | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/simplify-business-processes.md | searchScope: appliesto: - Microsoft Teams - Microsoft 365 for frontline workers Previously updated : 01/08/2024 Last updated : 01/17/2024 # Simplify business processes for frontline teams You can use Teams apps, Power Apps, and Power BI to simplify business processes for your frontline teams. -> [!VIDEO https://www.microsoft.com/videoplayer/embed/RWRzfc] +<!-- > [!VIDEO https://www.microsoft.com/videoplayer/embed/RWRzfc]--> > [!NOTE] > Additional capabilities for [financial services](/industry/financial-services), [healthcare](/industry/healthcare), [nonprofit](/industry/nonprofit), and [retail](/industry/retail) environments are available with the Microsoft industry clouds, which include capabilities from Dynamics 365 and Microsoft Azure as well as the Microsoft 365 features. Teams includes many apps to help you and your frontline workforce manage their d ## Create custom apps for your organization's needs -Add Power Apps to create low-code or no-code applications for your organization. You can build custom apps to connect your business data, so you can manage inventory or conduct store walks, for example. +Add Power Apps to create low-code or no-code apps for your organization. You can build custom apps to connect your business data, so you can manage inventory or conduct store walks, for example. > [!TIP]-> Examples are given for the financial services, healthcare, nonprofit, and retail industries, but you can use these apps for an organization in any sector. +> Examples are given for the financial services, healthcare, nonprofit, and retail industries, but apply to an organization in any sector. |Industry |Example | |:--|:-|-|Financial services |You can create an app for relationship and account managers to track calls and emails to clients. | -|Healthcare |You can create an app to track consumables inventory in exam rooms to make sure all rooms are ready for patients. | -|Retail | You can create an app to manage and track your inventory, or to conduct store walks where a person in charge checks all areas of a store before opening. | -|Manufacturing |You can create an app to track machinery and equipment inspections and repair needs. | +|Financial services |Create an app for relationship and account managers to track calls and emails to clients. | +|Healthcare |Create an app to track consumables inventory in exam rooms to make sure all rooms are ready for patients. | +|Retail | Create an app to manage and track your inventory, or to conduct store walks where a person in charge checks all areas of a store before opening. | +|Manufacturing |Create an app to track machinery and equipment inspections and repair needs. | -More information: [Power Apps](/microsoftteams/manage-power-platform-apps) and [Power Apps and Microsoft Teams integration](/powerapps/teams/overview). +More information: [Power Apps and Microsoft Teams integration](/powerapps/teams/overview). ## Track key performance indicators (KPIs) with Power BI reports -Share and collaborate on interactive Power BI content in Microsoft Teams channels and chats. You can add a [Power BI tab](/microsoftteams/platform/tabs/what-are-tabs) to Teams to embed interactive reports and chat in Teams about your reports, and get notified when important things happen in Power BI right in your Teams activity feed. +Share and collaborate on interactive Power BI content in Microsoft Teams channels and chats. You can add the Power BI app to Teams to embed interactive reports and chat in Teams about your reports. -More information: [Collaborate in Microsoft Teams with Power BI](/power-bi/collaborate-share/service-collaborate-microsoft-teams). +More information: [Collaborate with Power BI in Microsoft Teams, Outlook, and Office](/power-bi/collaborate-share/service-collaborate-microsoft-teams). |
lighthouse | M365 Lighthouse Manage Lighthouse Rbac Permissions | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-manage-lighthouse-rbac-permissions.md | + + Title: "Manage Lighthouse RBAC permissions in Microsoft 365 Lighthouse" +f1.keywords: NOCSH ++++ Last updated : 01/17/2024+audience: Admin +++ms.localizationpriority: medium ++- Tier1 +- scotvorg +- M365-subscription-management +- Adm_O365 ++- AdminSurgePortfolio +- M365-Lighthouse +search.appverid: MET150 +description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthouse, learn how to manage Lighthouse role-based access control (RBAC) permissions in Microsoft 365 Lighthouse." +++# Manage Lighthouse RBAC permissions in Microsoft 365 Lighthouse ++The Lighthouse permissions page allows administrators in Microsoft 365 Lighthouse to manage user role-based access control (RBAC) permissions in the partner tenant. Administrators can view and manage membership for each Lighthouse RBAC role to ensure that users in the partner tenant have right-sized permissions. Each Lighthouse RBAC role is associated with a security group instead of an Entra ID role, so when users are assigned a Lighthouse RBAC role, they're automatically associated with a specific Lighthouse RBAC security group. ++When administrators assign a Lighthouse RBAC role to a user in the partner tenant for the first time, a security group is automatically created. Administrators can view the associated security group for each Lighthouse RBAC role on the Lighthouse permissions page and in the Microsoft Entra admin center. All security group membership changes are reflected in both Lighthouse and the Microsoft Entra admin center. ++## Before you begin ++To access the Lighthouse permissions page and manage permissions, you must be a Global Administrator in Microsoft Entra ID. ++## View Lighthouse RBAC role membership and associated security group ++1. In the left navigation pane in <a href="https://go.microsoft.com/fwlink/p/?linkid=2168110" target="_blank">Lighthouse</a>, select **Permissions** > **Lighthouse permissions**. + +2. Select a Lighthouse role from the list to open the Lighthouse role details pane. + +3. View users in the partner tenant who are assigned the Lighthouse RBAC role and the associated security group. ++## Assign Lighthouse RBAC roles to users in the partner tenant ++1. In the left navigation pane in <a href="https://go.microsoft.com/fwlink/p/?linkid=2168110" target="_blank">Lighthouse</a>, select **Permissions** > **Lighthouse permissions**. + +2. Select a Lighthouse role from the list to open the Lighthouse role details pane. + +3. Select **Assign users**. + +4. Select the users you want to assign to the Lighthouse RBAC role. ++5. Select **Assign users**. + +> [!NOTE] +> The Lighthouse Operator role is viewable but not assignable from the Lighthouse permissions page. The Lighthouse Operator role is automatically assigned to users with GDAP permissions. ++## Remove users in the partner tenant from a Lighthouse RBAC role ++1. In the left navigation pane in <a href="https://go.microsoft.com/fwlink/p/?linkid=2168110" target="_blank">Lighthouse</a>, select **Permissions** > **Lighthouse permissions**. ++2. Select a Lighthouse role from the list to open the Lighthouse role details pane. ++3. Do one of the following: + - To remove a single user from the Lighthouse RBAC role, select the **X** next to the user you want to remove. + - To remove multiple users from the Lighthouse RBAC role, select the users you want to remove, and then select **Remove users**. ++4. In the confirmation window, select **Remove users** to confirm removal. ++## Next steps ++After you've added users to, or removed users from, the available Lighthouse RBAC roles, go to the Lighthouse permissions page to view the latest group membership for each role. ++> [!NOTE] +> Once you've added a user to, or removed a user from, a Lighthouse RBAC role, it may take up to an hour for group membership changes to appear in Lighthouse. ++To learn more about each Lighthouse RBAC role to determine which roles users in your partner tenant should have, see [Overview of permissions in Microsoft 365 Lighthouse](m365-lighthouse-overview-of-permissions.md). ++## Related content ++[Overview of permissions in Microsoft 365 Lighthouse](m365-lighthouse-overview-of-permissions.md) (article)\ +[Set up GDAP for your customers](m365-lighthouse-setup-gdap.md) (article)\ +[Overview of Delegated Access in Microsoft 365 Lighthouse](m365-lighthouse-delegated-access-overview.md) (article) |
lighthouse | M365 Lighthouse Overview Of Permissions | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-overview-of-permissions.md | description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthous # Overview of permissions in Microsoft 365 Lighthouse -Delegated access to customer tenants is required for Managed Service Providers (MSPs) to use Microsoft 365 Lighthouse. Granular delegated admin privileges (GDAP) give MSPs a high level of control and flexibility by providing customer access through [Microsoft Entra built-in roles](/azure/active-directory/roles/permissions-reference). Assigning the least privileged roles by task through GDAP to MSP technicians reduces security risk for both MSPs and customers. For more information on least privileged roles by task, see [Least-privileged roles - Partner Center](/partner-center/gdap-least-privileged-roles-by-task) and [Least privileged roles by task in Microsoft Entra ID](/azure/active-directory/roles/delegate-by-task). For more information on setting up a GDAP relationship with a customer tenant, see [Obtain granular admin permissions to manage a customer's service - Partner Center.](/partner-center/gdap-obtain-admin-permissions-to-manage-customer) +Microsoft 365 Lighthouse permissions are primarily managed by the following: -We recommend assigning roles to groups of MSP technicians based on the tasks each group needs to perform on behalf of the customer. For example, Service Desk Technicians may just need to read customer tenant data or reset user passwords. In contrast, Escalation Engineers may need to take more corrective actions to update customer tenant security settings. It's a best practice to assign the least permissive role required to complete a task so that customer and partner data is kept secure. We recommend using Privileged Identity Management (PIM) to enable time-scoped access to the Global Administrator role, if needed. Giving too many users global access is a security risk, and we recommend limiting it as much as possible. For more information on how to enable PIM, see [Set up Microsoft Entra PIM.](m365-lighthouse-configure-portal-security.md#set-up-azure-ad-privileged-identity-management-pim) +- Lighthouse role-based access control (RBAC) in the partner tenant +- Granular Delegated Admin Privileges (GDAP) in the customer tenant -The tables in the next section describe which GDAP roles grant permission to read customer data and take action on customer tenants in Lighthouse. See [Permissions in the partner tenant](#permissions-in-the-partner-tenant) in this article for additional roles required to manage Lighthouse entities (for example, tags and Lighthouse service requests). +To use Lighthouse, you need a combination of roles assigned via RBAC and GDAP. -## Example MSP service tiers, recommended GDAP roles, and permissions +## Managing Lighthouse RBAC permissions in the partner tenant -The following table lists the recommended GDAP roles for some example MSP service tiers. +Lighthouse permissions in the partner tenant are managed by assigning RBAC roles. Each role has a set of permissions that determines which data users can access and change within the partner tenant. -|| Account Managers| Service Desk Technicians | System Administrators | Escalation Engineers| -|||||| -| **Recommended GDAP roles** |<ul><li>Helpdesk Administrator</li></ul> |<ul><li>Security Reader<br>+</li><li>Helpdesk Administrator</li></ul> |<ul><li>Global Reader<br>+</li><li>User Administrator<br>+</li><li>Authentication Administrator</li></ul> |<ul><li>Global Reader<br>+</li><li>User Administrator<br>+</li><li>Intune Administrator<br>+</li><li>Security Administrator</li></ul>| +RBAC roles are managed from the Lighthouse permissions page in Lighthouse. To access the Lighthouse permissions page and manage permissions, you must be a Global Administrator in Microsoft Entra ID. To learn more, see [Manage Lighthouse RBAC permissions in Microsoft 365 Lighthouse](m365-lighthouse-manage-lighthouse-rbac-permissions.md). -The following table lists the actions that the example MSP service tiers can perform on the different Lighthouse pages as determined by their assigned GDAP roles (which are indicated in the previous table). +There's currently only one Lighthouse RBAC role: Lighthouse Account Manager. The following table describes the Lighthouse Account Manager role. -| Lighthouse page | Account Managers allowed actions| Service Desk Technicians allowed actions |System Administrators allowed actions | Escalation Engineers allowed actions| -|||||| -| Home | <ul><li>View all data</li></ul> | <ul><li>View all data</li></ul> | <ul><li>View all data</li></ul> | <ul><li>View all data</li></ul> | -| Tenants | <ul><li>View tenants list</li><li>Update customer contacts and website</li><li>View deployment plans</li></ul> | <ul><li>View tenants list</li><li>Update customer contacts and website</li><li>View deployment plans</li></ul> | <ul><li>View tenants list</li><li>Update customer contacts and website</li><li>View deployment plans</li><li>View Microsoft 365 services usage</li></ul> | <ul><li>View tenants list</li><li>Update customer contacts and website</li><li>View deployment plans</li><li>View Microsoft 365 services usage</li></ul> | -| Users | <ul><li>View tenant level (non-user specific) data</li><li>Search user accounts across tenants</li><li>Reset password for non-administrators*</li></ul> | <ul><li>View all user-specific data</li><li>Search user accounts across tenants</li><li>Reset password for non-administrators*</li></ul>| <ul><li>View all user-specific data</li><li>Search user accounts across tenants</li><li>Reset password for non-administrators*</i><li>Block sign-in</li></ul> | <ul><li>View all user-specific data</li><li>Search user accounts across tenants</li><li>Reset password for non-administrators*</li><li>Block sign-in</li><li>Confirm compromised users</li><li>Dismiss risk for users</li></ul> | -| Devices | <ul><li>View all data</li></ul> | <ul><li>View all data</li></ul> | <ul><li>View all data</li></ul> | <ul><li>View all data</li><li>Sync device</li><li>Restart device</li><li>Collect diagnostics</li></ul>| -| Threat management | <ul><li>View all data</li></ul> | <ul><li>View all data</li></ul> | <ul><li>View all data</li></ul> | <ul><li>View all data</li><li>Run full scan</li><li>Run quick scan</li><li>Update antivirus protection</li><li>Reboot device</li></ul>| -| Baselines | <ul><li>View all data</li></ul> | <ul><li>View all data</li></ul> | <ul><li>View all data</li></ul> | <ul><li>View all data</li></ul> | -| Windows 365 | <ul><li>View all data</li></ul> | <ul><li>View all data</li></ul> | <ul><li>View all data</li></ul> | <ul><li>View all data</li></ul> | -| Service health**| N/A | N/A | N/A | N/A | -| Audit logs**| N/A | N/A | N/A | N/A | +| Lighthouse RBAC role | Description | +||| +| Lighthouse Account Manager | Provides full access to Sales Advisor pages and data across the entire partner tenant. Lighthouse Account Managers can export Sales Advisor data. | -*See [Password reset permissions](/azure/active-directory/roles/permissions-reference#password-reset-permissions) for a table that lists which roles are required to reset passwords for customer tenant administrators. +## Lighthouse RBAC roles and capabilities -**Different roles and permissions are required to view Service health and Audit logs. For more information, see [Permissions in the partner tenant](#permissions-in-the-partner-tenant). +The following table describes the actions that Lighthouse Account Managers can perform in Lighthouse. -> [!NOTE] -> If you get a message in Lighthouse saying that you don't have permission to view or edit information, you're assigned a role that doesn't have the appropriate permissions to perform the action. You'll need to reach out to an admin in your partner tenant who can assign you the appropriate role for the action you're trying to perform. +| Area | Actions | Lighthouse Account Manager | +|||::| +| **Tenants** | View the Tenants page | ✓ | +| | Manage tags | | +| | Activate and inactivate a tenant | | +| | View delegated status | ✓ | +| | View baseline assignment | | +| | View deployment status | ✓ | +| | View and edit customer contact information and website | ✓ | +| **Baselines** | View baselines (default, custom) | | +| | Create, edit, and assign baselines | | +| **Alerts** | View alerts | ✓ | +| | Manage alerts (change severity, status, or assignment) | | +| | Create, edit, and delete alert rules | | +| **Permissions** | Set up and manage Lighthouse permissions | | +| | Set up and manage GDAP | | +| | View GDAP status detail | | +| **Audit logs** | View audit logs | | +| **Sales Advisor** | View Sales Advisor reports and manage data | ✓ | +| **Support** | Open and manage service requests | | +| **Service health** | Monitor service health | | -## Delegated admin privileges (DAP) in Lighthouse +## Managing GDAP in the customer tenant -GDAP will eventually replace DAP as the primary method to configure delegated access for customer tenants. However, if GDAP hasn't been set up, MSP technicians may still access Lighthouse by using the Helpdesk Agent or Admin Agent roles granted through DAP. For customers where GDAP and DAP coexist, roles granted to MSP technicians through GDAP take precedence. For more information on GDAP or DAP deprecation, see [GDAP frequently asked questions](/partner-center/gdap-faq) or the [Partner Center announcements](/partner-center/announcements/2022-march#15) for dates and timelines. +GDAP gives you a high level of control and flexibility by providing access to customer tenants throughΓÇ»[Microsoft Entra built-in roles](/azure/active-directory/roles/permissions-reference). Assigning the least-privileged roles by task through GDAP to MSP technicians reduces security risk for both MSPs and customers. -For customers with DAP and no GDAP, the Admin Agent role grants permissions to view all tenant data and take any action in Lighthouse (see below for other actions that also require a role in the partner tenant). +For more information about setting up a GDAP relationship with a customer tenant in Lighthouse, see [Obtain granular admin permissions to manage a customer's service - Partner Center](/partner-center/gdap-obtain-admin-permissions-to-manage-customer).ΓÇ» -The Helpdesk Agent role grants permissions to view all tenant data and take limited action in Lighthouse, such as resetting user passwords, blocking user sign-ins, and updating customer contact information and websites. +For more information about least-privileged roles by task, seeΓÇ»[Least-privileged roles - Partner Center](/partner-center/gdap-least-privileged-roles-by-task) and [Least privileged roles by task in Microsoft Entra ID](/azure/active-directory/roles/delegate-by-task). -Given the broad permissions granted to partner tenant users with DAP roles, we recommend adopting GDAP as soon as possible. --## Permissions in the partner tenant --For certain actions in Lighthouse, role assignments in the partner tenant are required. The following table lists partner tenant roles and their associated permissions. --| Partner tenant roles | Permissions | -|--|--| -| Global Administrator of partner tenant | <ul><li>Sign up for Lighthouse in the Microsoft 365 admin center.</li><li>Accept partner contract amendments during the first-run experience.</li><li>Activate and inactivate a tenant.</li><li>Create, update, and delete tags.</li><li>Assign and remove tags from a customer tenant.</li><li>Review audit logs.</li><li>Create, edit, and view alert rules.</li></ul> | -| Partner tenant member with at least one Microsoft Entra role assigned with the following property set:<br>**microsoft.office365.supportTickets/allEntities/allTasks**<br>(For a complete list of Microsoft Entra roles, see [Microsoft Entra built-in roles](/azure/active-directory/roles/permissions-reference).) | Create Lighthouse service requests. | -| Partner tenant member who meets *both* of the following requirements: <ul><li>Has at least one Microsoft Entra role assigned with the following property set:<br>**microsoft.office365.serviceHealth/allEntities/allTasks**<br>(For a complete list of Microsoft Entra roles, see [Microsoft Entra built-in roles](/azure/active-directory/roles/permissions-reference).)</li><li>Has at least one DAP role assigned (Admin Agent or Helpdesk Agent)</li></ul> | View service health information. | +For more information about GDAP or Delegated Admin Privileges (DAP) deprecation, seeΓÇ»[GDAP frequently asked questions - Partner Center](/partner-center/gdap-faq), [Delegated administration privileges (DAP) FAQ - Partner Center](/partner-center/dap-faq), or search theΓÇ»[Partner Center announcements](/partner-center/announcements/)ΓÇ»for dates and timelines. ## Related content |
lighthouse | M365 Lighthouse Requirements | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-requirements.md | description: "For Managed Service Providers (MSPs), get a list of requirements t # Requirements for Microsoft 365 Lighthouse -Microsoft 365 Lighthouse is a portal that helps Managed Service Providers (MSPs) grow their business and deliver services at scale for small- and medium-sized business (SMB) customers. Lighthouse provides multi-tenant views across customer devices, data, users, and sales opportunities to help customers get the most value from Microsoft 365. +Microsoft 365 Lighthouse is an admin portal that provides advanced capabilities for Managed Service Providers (MSPs) to manage customers at scale through proactive account management, simplified onboarding, efficient tenant configuration, device protection, and alerts. Lighthouse provides insights into customer acquisition, retention, and growth opportunities, as well as multi-tenant views across customer devices, data, and users to help customers get the most value from Microsoft 365. -Lighthouse is available to partners enrolled in the Cloud Solution Provider (CSP) program, including both Direct-Bill and Indirect Resellers. +Lighthouse is available to partners enrolled in the Cloud Solution Provider (CSP) program, including both indirect resellers and direct-bill partners. > [!NOTE]-> Only MSPs are required to enroll in the CSP program; the customers they manage don't need to enroll in the CSP program. +> Only partners are required to enroll in the CSP program; the customers they manage don't need to enroll in the CSP program. -In addition, each MSP customer tenant must meet the following requirements to be actively monitored and managed in Lighthouse: +In addition, each customer tenant must meet the following requirements to be actively monitored and managed in Lighthouse: -- Must have delegated access set up for the Managed Service Provider (MSP) to be able to manage the customer tenant+- Must have delegated access set up for the partner to be able to manage the customer tenant > [!NOTE] > Either granular delegated admin privileges (GDAP) or a delegated admin privileges (DAP) relationship is required to onboard customers to Lighthouse. An indirect reseller relationship is no longer required to onboard to Lighthouse. If DAP and GDAP coexist in a customer tenant, GDAP permissions take precedence for MSP technicians in GDAP-enabled security groups. > [!NOTE] |
lighthouse | M365 Lighthouse Sign Up | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-sign-up.md | description: "For Managed Service Providers (MSPs), learn how to sign up for Mic # Sign up for Microsoft 365 Lighthouse -This article provides instructions for how to sign up for Microsoft 365 Lighthouse. Microsoft 365 Lighthouse is an admin portal that helps Managed Service Providers (MSPs) grow their business and deliver managed services at scale for small-and medium-sized business (SMB) customers. Lighthouse provides multi-tenant views across customer devices, data, users, and sales opportunities to help customers get the most value from Microsoft 365. +This article provides instructions for how to sign up for Microsoft 365 Lighthouse. Microsoft 365 Lighthouse is an admin portal that provides advanced capabilities for Managed Service Providers (MSPs) to manage customers at scale through proactive account management, simplified onboarding, efficient tenant configuration, device protection, and alerts. Lighthouse provides insights into customer acquisition, retention, and growth opportunities, as well as multi-tenant views across customer devices, data, and users to help customers get the most value from Microsoft 365. ## Before you begin -- Microsoft 365 Lighthouse is deployed in the partner tenant only—not in the customer tenants, but make sure you and your tenants meet the requirements listed in [Microsoft 365 Lighthouse requirements](m365-lighthouse-requirements.md).+Microsoft 365 Lighthouse is deployed in the partner tenant only—not in the customer tenants, but make sure you and your tenants meet the requirements listed in [Microsoft 365 Lighthouse requirements](m365-lighthouse-requirements.md). -- You must be a Global Administrator in the partner tenant that you're signing in to.+## Sign up for Microsoft 365 Lighthouse -## Steps to sign up for Microsoft 365 Lighthouse +1. Go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2168110" target="_blank">https://lighthouse.microsoft.com</a>. -1. Go to the Microsoft 365 admin center at <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">https://admin.microsoft.com</a> and sign in using your partner tenant credentials. + If your partner tenant is eligible to use Microsoft 365 Lighthouse, you'll see a welcome message and your managed tenants will begin loading. After this initial loading process completes (which may take a couple minutes), you can start using Lighthouse to manage your customers. -2. Go to **Billing** > **Purchase services** > **Microsoft 365**. - > [!NOTE]- > Instead of **Billing**, some partners may need to go to **Marketplace** > **All products**, and then search for **Microsoft 365 Lighthouse**. - -3. Under **Microsoft 365 Lighthouse**, select **Details**. + > If you see the message, "You must be an indirect reseller or direct-bill partner to use this service," see [Requirements for Microsoft 365 Lighthouse](m365-lighthouse-requirements.md) for eligibility details. -4. Select **Buy**. +2. If you see the message, "You need to sign up for Microsoft 365 Lighthouse in the Microsoft 365 admin center," then follow these steps: - > [!NOTE] - > Lighthouse requires one license for the partner tenant only. No additional per-user licenses are required for the partner, and no Lighthouse licenses are required in any customer tenant. + 1. Go to the Microsoft 365 admin center at <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">https://admin.microsoft.com</a> and sign in using your partner tenant credentials. ++ 2. Go to **Billing** > **Purchase services** > **Microsoft 365**. + + > [!NOTE] + > Instead of **Billing**, some partners may need to go to **Marketplace** > **All products**, and then search for **Microsoft 365 Lighthouse**. + + 3. Under **Microsoft 365 Lighthouse**, select **Details**. - To verify that Lighthouse was successfully added to your tenant, look for Microsoft 365 Lighthouse under **Billing** > **Your products** in the Microsoft 365 admin center. + 4. Select **Buy**. -5. If you aren't redirected to the Lighthouse portal, go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2168110" target="_blank">https://lighthouse.microsoft.com</a>. + > [!NOTE] + > Lighthouse requires one license for the partner tenant only. No additional per-user licenses are required for the partner, and no Lighthouse licenses are required in any customer tenant. -6. Select **Agree & Continue** to complete the partner agreement amendment. + To verify that Lighthouse was successfully added to your tenant, look for Microsoft 365 Lighthouse under **Billing** > **Your products** in the Microsoft 365 admin center. - > [!NOTE] - > After you complete sign-up, it can take up to 48 hours for customer data to appear in Lighthouse. + 5. If you aren't redirected to the Lighthouse portal, go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2168110" target="_blank">https://lighthouse.microsoft.com</a>. ++> [!NOTE] +> After you complete sign-up, it can take up to 48 hours for customer data to appear in Lighthouse. ## Next steps |
security | Defender Endpoint Demonstration App Reputation | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-app-reputation.md | +- [Microsoft Defender for Business](https://www.microsoft.com/security/business/endpoint-security/microsoft-defender-business) +- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) Test how Microsoft Defender for Endpoint SmartScreen helps you identify phishing and malware websites based on App reputation. ## Scenario requirements and setup -- Windows 10-- Internet Explorer or Microsoft Edge browser required+- Windows 11 or Windows 10 +- Windows Server 2022 or Windows Server 2019 or Windows Server 2016 or Windows Server 2012 R2 or Windows Server 2008 R2 +- Microsoft Edge or Internet Explorer browser required - To turn ON/OFF, go to **Settings** > **Update & Security** > **Windows Security** > **Open Windows Security** > **App & browser control** > **Check apps and files** ## Scenario Demos This download is known malware; SmartScreen should block this program from runni - [Known malware](https://demo.smartscreen.msft.net/download/known/knownmalicious.exe) - Launching this link should render a message similar to the following: +Launching this link should render a message similar to the following: - :::image type="content" source="images/smartscreen-app-reputation-known-malware.png" alt-text="Screenshot showing how SmartScreen detects a file download with an unsafe reputation.; the download is blocked."::: + :::image type="content" source="images/smartscreen-app-reputation-known-malware.png" alt-text="Screenshot showing how SmartScreen detects a file download with an unsafe reputation; the download is blocked."::: ## Learn more |
security | Mde Linux Deployment On Sap | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mde-linux-deployment-on-sap.md | + + Title: Deployment guidance for Microsoft Defender for Endpoint on Linux for SAP +description: Deployment guidance for Microsoft Defender for Endpoint on Linux for SAP +keywords: microsoft, defender, Microsoft Defender for Endpoint, linux, installation, SAp ++++ms.localizationpriority: medium ++audience: ITPro ++- m365-security +- tier3 +- mde-linux +++search.appverid: met150 Last updated : 01/10/2024+++# Deployment guidance for Microsoft Defender for Endpoint on Linux for SAP ++**Applies to:** ++- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) +- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) ++This article provides deployment guidance for Microsoft Defender for Endpoint on Linux for SAP. You'll learn about recommended SAP OSS(Online Services System) notes, the system requirements, prerequisites, important configuration settings, recommended antivirus exclusions, and guidance on scheduling antivirus scans. ++Conventional security defenses that have been commonly used to protect SAP systems such as isolating infrastructure behind firewalls and limiting interactive operating system logons are no longer considered sufficient to mitigate modern sophisticated threats. It's essential to deploy modern defenses to detect and contain threats in real-time. SAP applications unlike most other workloads require basic assessment and validation before deploying Microsoft Defender for Endpoint. The Enterprise Security administrators should contact the SAP Basis Team prior to deploying Defender for Endpoint. The SAP Basis Team should be cross trained with a basic level of knowledge about Defender for Endpoint. ++## Recommended SAP OSS Notes ++- [2248916 - Which files and directories should be excluded from an antivirus scan for SAP BusinessObjects Business Intelligence Platform products in Linux/Unix? - SAP ONE Support Launchpad](https://launchpad.support.sap.com/#/notes/2248916) +- [1984459 - Which files and directories should be excluded from an antivirus scan for SAP Data Services - SAP ONE Support Launchpad](https://launchpad.support.sap.com/#/notes/1984459) +- [2808515 - Installing security software on SAP servers running on Linux - SAP ONE Support Launchpad](https://launchpad.support.sap.com/#/notes/2808515) +- [1730930 - Using antivirus software in an SAP HANA appliance - SAP ONE Support Launchpad](https://launchpad.support.sap.com/#/notes/1730930) +- [1730997 - Unrecommended versions of antivirus software - SAP ONE Support Launchpad](https://launchpad.support.sap.com/#/notes/1730997) ++## SAP Applications on Linux ++- SAP only supports Suse, Redhat and Oracle Linux. Other distributions aren't supported for SAP S4 or NetWeaver applications. +- Suse 15.x, Redhat 8.x or 9.x and Oracle Linux 8.x are strongly recommended. +- Suse 12.x, Redhat 7.x and Oracle Linux 7.x are technically supported but haven't been extensively tested. +- Suse 11.x, Redhat 6.x and Oracle Linux 6.x might not be supported and haven't been tested. +- Suse and Redhat offer tailored distributions for SAP. These ΓÇ£for SAPΓÇ¥ versions of Suse and Redhat might have different packages preinstalled and possibly different kernels. +- SAP only supports certain Linux File systems. In general, XFS and EXT3 are used. Oracle Automatic Storage Management (ASM) filesystem is sometimes used for Oracle DBMS and can't be read by Defender for Endpoint. +- Some SAP applications use ΓÇ£standalone enginesΓÇ¥ such as TREX, Adobe Document Server, Content Server and LiveCache. These engines require specific configuration and file exclusions. +- SAP applications often have Transport and Interface directories with many thousands of small files. If the number of files is larger than 100,000, it might and affect performance. It's recommended to archive files. +- It's strongly recommended to deploy Defender for Endpoint to non-productive SAP landscapes for several weeks before deploying to production. The SAP Basis Team should use tools such as sysstat, KSAR and nmon to verify if CPU and other performance parameters are impacted. ++## Prerequisites for deploying Microsoft Defender for Endpoint for Linux on SAP VMs ++- Microsoft Defender for Endpoint [version](./linux-whatsnew.md) >= 101.23082.0009 | Release version: 30.123082.0009 or higher must be deployed. +- Microsoft Defender for Endpoint for Linux supports all the [Linux releases](microsoft-defender-endpoint-linux.md#system-requirements) used by SAP applications. +- Microsoft Defender for Endpoint for Linux requires connectivity to [specific Internet endpoints](microsoft-defender-endpoint-linux.md#network-connections) from VMs to update AV Definitions. +- Microsoft Defender for Endpoint for Linux requires some crontab (or other task scheduler) entries to schedule scans, log rotation, and Microsoft Defender for Endpoint updates. Enterprise Security team will normally manage these entries. Refer to [How to schedule an update of the Microsoft Defender for Endpoint (Linux) | Microsoft Learn](linux-update-mde-linux.md). ++The default configuration option for deployment as an Azure Extension for AntiVirus (AV) will be Passive Mode. This means that the AV component of Microsoft Defender for Endpoint won't intercept IO calls. It's recommended to run Microsoft Defender for Endpoint in Passive Mode on all SAP applications and to schedule a scan once per day. In this mode: ++- **Real-time protection is turned off**: Threats are not remediated by Microsoft Defender Antivirus. +- **On-demand scanning is turned on**: Still use the scan capabilities on the endpoint. +- **Automatic threat remediation is turned off**: No files will be moved and the security administrator is expected to take required action. +- **Security intelligence updates are turned on**: Alerts will be available on security administrator's tenant. ++The Linux crontab is typically used to schedule Microsoft Defender for Endpoint AV scan and log rotation tasks: +[How to schedule scans with Microsoft Defender for Endpoint (Linux) | Microsoft Learn](linux-schedule-scan-mde.md) ++Endpoint Detection and Response (EDR) functionality is active whenever Microsoft Defender for Endpoint for Linux is installed. There is no simple way to disable EDR functionality through command line or configuration. For more information on troubleshooting EDR, see the sections [Useful Commands](#useful-commands) and [Useful Links](#useful-links). ++## Important Configuration Settings for Microsoft Defender for Endpoint on SAP on Linux ++It's recommended to check the installation and configuration of Defender for Endpoint with the command mdatp health. ++The key parameters recommended for SAP applications are: ++- healthy = true +- release_ring = Production. Pre-release and insider rings shouldn't be used with SAP Applications. +- real_time_protection_enabled = false. Real-time protection is off in passive mode which is the default mode and will prevent real-time IO interception. +- automatic_definition_update_enabled = true +- definition_status = ΓÇ£up_to_dateΓÇ¥. Run a manual update if a new value is identified. +- edr_early_preview_enabled = ΓÇ£disabledΓÇ¥. If enabled on SAP systems it might lead to system instability. +- conflicting_applications = [ ]. Other AV or security software installed on a VM such as Clam. +- supplementary_events_subsystem = "ebpf". Do not proceed if ebpf is not displayed. Contact the security admin team. ++This article has some useful hints on troubleshooting installation issues for Microsoft Defender for Endpoint: +[Troubleshoot installation issues for Microsoft Defender for Endpoint on Linux | Microsoft Docs](linux-support-install.md#installation-failed) ++## Recommended Microsoft Defender for Endpoint AntiVirus Exclusions for SAP on Linux ++Enterprise Security Team must obtain a full list of AV exclusions from the SAP Administrators (typically the SAP Basis Team). +It's recommended to initially exclude: ++- DBMS data files, log files and temp files, including disks containing backup files +- The entire contents of the SAPMNT directory +- The entire contents of the SAPLOC directory +- The entire contents of the TRANS directory +- The entire contents of directories for standalone engines such as TREX +- Hana ΓÇô exclude /hana/shared, /hana/data and /hana/log - see Note 1730930 +- SQL Server ΓÇô [Configure antivirus software to work with SQL Server - SQL Server | Microsoft Learn](/troubleshoot/sql/database-engine/security/antivirus-and-sql-server) +- Oracle ΓÇô See How To Configure Anti-Virus On Oracle Database Server (Doc ID 782354.1) +- DB2 ΓÇô [https://www.ibm.com/support/pages/which-db2-directories-exclude-linux-anti-virus-software](https://www.ibm.com/support/pages/which-db2-directories-exclude-linux-anti-virus-software) +- SAP ASE ΓÇô contact SAP +- MaxDB ΓÇô contact SAP ++Oracle ASM systems don't need exclusions as Microsoft Defender for Endpoint can't read ASM disks. ++Customers with Pacemaker clusters should also configure these exclusions: ++```bash +mdatp exclusion folder add --path /usr/lib/pacemaker/ (for RedHat /var/lib/pacemaker/) +``` ++```bash +mdatp exclusion process add --name pacemakerd +``` ++```bash +mdatp exclusion process add --name crm_* +``` ++Customers running the Azure Security security policy might trigger a scan using the Freeware Clam AV solution. It's recommended to disable Clam AV scan after a VM has been protected with Microsoft Defender for Endpoint using following commands: ++```bash +sudo azsecd config -s clamav -d "Disabled" +``` ++```bash +sudo service azsecd restart +``` ++```bash +sudo azsecd status +``` ++The following articles detail how to configure AV exclusions for processes, files, and folders per individual VM: ++- [Set up exclusions for Microsoft Defender Antivirus scans | Microsoft Learn](configure-exclusions-microsoft-defender-antivirus.md) +- [Common mistakes to avoid when defining exclusions | Microsoft Learn](common-exclusion-mistakes-microsoft-defender-antivirus.md) ++## Scheduling a Daily AV Scan ++The recommended configuration for SAP applications disables real-time interception of IO calls for AV scanning. The recommended setting is passive mode in which real_time_protection_enabled = false. ++The following link details how to schedule a scan: [How to schedule scans with Microsoft Defender for Endpoint (Linux) | Microsoft Learn](linux-schedule-scan-mde.md). ++Large SAP systems might have more than 20 SAP application servers each with a connection to the SAPMNT NFS share. Twenty or more application servers simultaneously scanning the same NFS server will likely overload the NFS server. By default Microsoft Defender for Endpoint for Linux won't scan NFS sources. ++If there's a requirement to scan SAPMNT then this scan should be configured on one or two VMs only. ++Scheduled scans for SAP ECC, BW, CRM, SCM, Solution Manager, and other components should be staggered at different times to avoid all SAP components from overloading a shared NFS storage source shared by all SAP components. ++## Useful Commands ++If, during manual zypper installation on Suse an error ΓÇ£Nothing provides ΓÇÿpolicycoreutilsΓÇÖΓÇ¥ occurs, refer to: +[Troubleshoot installation issues for Microsoft Defender for Endpoint on Linux](linux-support-install.md). ++There are several command-line commands that can control the operation of mdatp. To enable the passive mode you can use the following command: ++```bash +mdatp config passive-mode --value enabled +``` ++> [!NOTE] +> passive mode is the default mode on installing defender for endpoint on Linux. ++To turn off real-time protection, you can use the command: ++```bash +mdatp config real-time-protection --value disabled +``` ++This command tells mdatp to retrieve the latest definitions from the cloud: ++```bash +mdatp definitions update +``` ++This command tests whether mdatp can connect to the cloud-based endpoints via the network: ++```bash +mdatp connectivity test +``` ++These commands updates the mdatp software if needed: ++```bash +yum update mdatp +``` ++```bash +zypper update mdatp +``` ++Since mdatp runs as a linux system service, you can control mdatp using the service command, for example: ++```bash +service mdatp status +``` ++This command creates a diagnostic file that can be uploaded to Microsoft support: ++```bash +sudo mdatp diagnostic create +``` ++## Useful Links ++- Microsoft Endpoint Manager doesn't support Linux at this time +- [Manage Microsoft Defender for Endpoint configuration settings on devices with Microsoft Endpoint Manager | Microsoft Learn](security-config-management.md) +- [Microsoft Defender for Endpoint Linux - Configuration and Operation Command List - Microsoft Tech Community](https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/microsoft-defender-for-endpoint-linux-configuration-and/ba-p/1577902) +- [Deploying Microsoft Defender for Endpoint on Linux Servers. - Microsoft Tech Community](https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/deploying-microsoft-defender-for-endpoint-on-linux-servers/ba-p/1560326) +- [Troubleshoot cloud connectivity issues for Microsoft Defender for Endpoint on Linux | Microsoft Docs](linux-support-connectivity.md#run-the-connectivity-test) +- [Troubleshoot performance issues for Microsoft Defender for Endpoint on Linux | Microsoft Docs](linux-support-perf.md#troubleshoot-performance-issues-using-microsoft-defender-for-endpoint-client-analyzer) |
security | Advanced Delivery Policy Configure | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/advanced-delivery-policy-configure.md | If your MX record doesn't point to Microsoft 365, the IP address in the `Authent > - Create a dedicated [send connector](/exchange/mail-flow/mail-routing/connector-selection) that doesn't authenticate the phishing simulation messages as internal. > - Configure the phishing simulation to bypass the Exchange Server infrastructure and route mail directly to your Microsoft 365 MX record (for example, contoso-com.mail.protection.outlook.com). > - Although you can set intra-organization message scanning to None in [anti-spam policies](/microsoft-365/security/office-365-security/anti-spam-policies-configure#use-the-microsoft-defender-portal-to-create-anti-spam-policies) we don't recommend this option because it affects other email messages.-> +> > If you're using the [Built-in protection preset security policy](preset-security-policies.md#profiles-in-preset-security-policies) or your custom Safe Links policies have the setting **Do not rewrite URLs, do checks via SafeLinks API only** enabled, time of click protection doesn't treat phishing simulation links in email as threats in Outlook on the web, Outlook for iOS and Android, Outlook for Windows v16.0.15317.10000 or later, and Outlook for Mac v16.74.23061100 or later. If you're using older versions of Outlook, consider disabling the **Do not rewrite URLs, do checks via SafeLinks API only** setting in custom Safe Links policies. > > Adding phishing simulation URLs to the **Do not rewrite the following URLs in email** section in Safe Links policies might result in unwanted alerts for URL clicks. Phishing simulation URLs in email messages are automatically allowed both during mail flow and at time of click. |
security | Air Review Approve Pending Completed Actions | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/air-review-approve-pending-completed-actions.md | As automated investigations on email & collaboration content result in verdicts, These remediation actions are not taken unless and until your security operations team approves them. We recommend reviewing and approving any pending actions as soon as possible so that your automated investigations complete in a timely manner. You need to be part of Search & purge role before taking any actions. -We've added additional checks for duplicate or overlapping investigations with the same clusters approved multiple times. If the same investigation cluster is already approved in the previous hour, new duplicate remediation will not be processed again. This behavior doesn't remove duplicate investigations or investigation evidence - it simply de-duplicates approved actions to improve remediation processing speed. For the duplicate approved cluster investigations, you won't see action details in the [action center](https://security.microsoft.com/action-center/history) side panel. +We've added additional checks for duplicate or overlapping investigations with the same clusters approved multiple times. If the same investigation cluster is already approved in the previous hour, new duplicate remediation will not be processed again. This behavior doesn't remove duplicate investigations or investigation evidence - it simply de-duplicates approved actions to improve remediation processing speed. For the duplicate approved cluster investigations, you won't see action details in the [action center](https://security.microsoft.com/action-center/history) side panel. ## Approve (or reject) pending actions There are four different ways to find and take auto investigation actions: - Select **Open investigation page** to view more details about the investigation. - Select **Approve** to initiate a pending action. - Select **Reject** to prevent a pending action from being taken.- + > [!NOTE] > Pending actions time out after awaiting approval for one week. |
security | Anti Malware Policies Configure | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-malware-policies-configure.md | In Microsoft 365 organizations with mailboxes in Exchange Online or standalone E The default anti-malware policy automatically applies to all recipients. For greater granularity, you can also create custom anti-malware policies that apply to specific users, groups, or domains in your organization. > [!NOTE]-> The default anti-malware policy applies to inbound and outbound email. Custom anti-malware policies apply to inbound email only. +> The default anti-malware policy applies to inbound and outbound email. Custom anti-malware policies apply to inbound email only. You can configure anti-malware policies in the Microsoft Defender portal or in PowerShell (Exchange Online PowerShell for Microsoft 365 organizations with mailboxes in Exchange Online; standalone EOP PowerShell for organizations without Exchange Online mailboxes). |
security | Anti Malware Protection About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-malware-protection-about.md | EOP offers multi-layered malware protection that's designed to catch all known m - **Real-time threat response**: During some outbreaks, the anti-malware team might have enough information about a virus or other form of malware to write sophisticated policy rules that detect the threat, even before a definition is available from any of the scan engines used by the service. These rules are published to the global network every 2 hours to provide your organization with an extra layer of protection against attacks. - **Fast anti-malware definition deployment**: The anti-malware team maintains close relationships with partners who develop anti-malware engines. As a result, the service can receive and integrate malware definitions and patches before they're publicly released. Our connection with these partners often allows us to develop our own remedies as well. The service checks for updated definitions for all anti-malware engines every hour. -In EOP, messages that are found to contain malware in _any_ attachments are quarantined. Whether the recipients can view or otherwise interact with the quarantined messages is controlled by _quarantine policies_. By default, messages that were quarantined due to malware can only be viewed and released by admins. Users can't release their own quarantined malware messages, regardless of any available settings that admins configure. For more information, see the following articles: +In EOP, messages that are found to contain malware in _any_ attachments are quarantined<sup>\*</sup>. Whether the recipients can view or otherwise interact with the quarantined messages is controlled by _quarantine policies_. By default, messages that were quarantined due to malware can only be viewed and released by admins. Users can't release their own quarantined malware messages, regardless of any available settings that admins configure. For more information, see the following articles: ++<sup>\*</sup> Malware filtering is skipped on SecOps mailboxes that are identified in the advanced delivery policy. For more information, see [Configure the advanced delivery policy for third-party phishing simulations and email delivery to SecOps mailboxes](advanced-delivery-policy-configure.md). - [Anatomy of a quarantine policy](quarantine-policies.md#anatomy-of-a-quarantine-policy) - [Manage quarantined messages and files as an admin in EOP](quarantine-admin-manage-messages-files.md). |
security | Anti Phishing Policies About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-phishing-policies-about.md | To prevent the question mark or "via" tag from being added to messages from spec For more information, see [Identify suspicious messages in Outlook.com and Outlook on the web](https://support.microsoft.com/office/3d44102b-6ce3-4f7c-a359-b623bec82206) - ## First contact safety tip The **Show first contact safety tip** setting is available in EOP and Defender for Office 365 organizations and has no dependency on spoof intelligence or impersonation protection settings. The safety tip is shown to recipients in the following scenarios: Impersonation safety tips appear to users when messages are identified as impers - **Show user impersonation unusual characters safety tip**: The From address contains unusual character sets (for example, mathematical symbols and text or a mix of uppercase and lowercase letters) in a sender specified in [user impersonation protection](#user-impersonation-protection). Available only if **Enable users to protect** is turned on and configured. The text says: - > The email address `<email address>` includes unexpected letters or numbers. We recommend you don't interact with this message. + > The email address `<email address>` includes unexpected letters or numbers. We recommend you don't interact with this message. > [!NOTE] > Safety tips are not stamped in the following messages: |
security | Anti Phishing Policies Eop Configure | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-phishing-policies-eop-configure.md | Use the :::image type="icon" source="../../media/m365-cc-sc-search-icon.png" bor Use :::image type="icon" source="../../media/m365-cc-sc-download-icon.png" border="false"::: **Export** to export the list of policies to a CSV file. -Select a policy by clicking anywhere in the row other than the check box next to the name to open the details flyout for the policy. +Select a policy by clicking anywhere in the row other than the check box next to the name to open the details flyout for the policy. > [!TIP] > To see details about other anti-phishing policies without leaving the details flyout, use :::image type="icon" source="../../media/updownarrows.png" border="false"::: **Previous item** and **Next item** at the top of the flyout. |
security | Anti Spam Policies Configure | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-spam-policies-configure.md | You can configure anti-spam policies in the Microsoft Defender portal or in Powe > > Users can't release their own messages that were quarantined as high confidence phishing, regardless of how the quarantine policy is configured. If the policy allows users to release their own quarantined messages, users are instead allowed to _request_ the release of their quarantined high-confidence phishing messages. - - **Intra-Organizational messages to take action on**: Controls whether spam filtering and the corresponding verdict actions are applied to internal messages (messages sent between users within the organization). The available values are: - - **Default**: This is the default value. This value is the same as selecting **High confidence phishing messages**. - - **None** - - **High confidence phishing messages** - - **Phishing and high confidence phishing messages** - - **All phishing and high confidence spam messages** - - **All phishing and spam messages** - + - **Intra-Organizational messages to take action on**: Controls whether spam filtering and the corresponding verdict actions are applied to internal messages (messages sent between users within the organization). The available values are: + - **Default**: This is the default value. This value is the same as selecting **High confidence phishing messages**. + - **None** + - **High confidence phishing messages** + - **Phishing and high confidence phishing messages** + - **All phishing and high confidence spam messages** + - **All phishing and spam messages** + - **Retain spam in quarantine for this many days**: Specifies how long to keep the message in quarantine if you selected **Quarantine message** as the action for a spam filtering verdict. After the time period expires, the message is deleted, and isn't recoverable. A valid value is from 1 to 30 days. > [!TIP] |
security | Anti Spam Protection About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-spam-protection-about.md | To configure the default anti-spam policy, and to create, modify, and remove cus > [!TIP] > If you disagree with the spam filtering verdict, you can report the message to Microsoft as a false positive (good mail marked as bad) or a false negative (bad email allowed). For more information, see:+> > - [How do I report a suspicious email or file to Microsoft?](submissions-report-messages-files-to-microsoft.md). > - [How to handle legitimate emails getting blocked (false positive), using Microsoft Defender for Office 365](step-by-step-guides/how-to-handle-false-positives-in-microsoft-defender-for-office-365.md) > - [How to handle malicious emails that are delivered to recipients (false negatives), using Microsoft Defender for Office 365](step-by-step-guides/how-to-handle-false-negatives-in-microsoft-defender-for-office-365.md) To configure the default anti-spam policy, and to create, modify, and remove cus > The anti-spam message headers can tell you why a message was marked as spam, or why it skipped spam filtering. For more information, see [Anti-spam message headers](message-headers-eop-mdo.md). > > You can't completely turn off spam filtering in Microsoft 365, but you can use Exchange mail flow rules (also known as transport rules) to bypass most spam filtering on incoming messages (for example, if you route email through a third-party protection service or device before delivery to Microsoft 365). For more information, see [Use mail flow rules to set the spam confidence level (SCL) in messages](/exchange/security-and-compliance/mail-flow-rules/use-rules-to-set-scl).+> > - High confidence phishing messages are still filtered. Other features in EOP aren't affected (for example, messages are always scanned for malware). > - If you need to bypass spam filtering for SecOps mailboxes or phishing simulations, don't use mail flow rules. For more information, see [Configure the delivery of third-party phishing simulations to users and unfiltered messages to SecOps mailboxes](advanced-delivery-policy-configure.md). > |
security | Attack Simulation Training Training Campaigns | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulation-training-training-campaigns.md | You can't remove Training campaigns with the **Status** value **In progress** or To remove an existing Training campaign from the **Training** tab, select the Training campaign by selecting the check box next to the name, select the :::image type="icon" source="../../media/m365-cc-sc-delete-icon.png" border="false"::: **Delete** action that appears, and then select **Confirm** in the confirmation dialog. -After you remove the Training campaign, it's no longer listed on the **Training** tab. +After you remove the Training campaign, it's no longer listed on the **Training** tab. ## Set the training threshold |
security | Configuration Analyzer For Security Policies | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configuration-analyzer-for-security-policies.md | After you automatically or manually update the setting, click **Refresh** to see ### Configuration drift analysis and history tab in the configuration analyzer > [!NOTE]-> [Unified Auditing](/purview/audit-log-enable-disable) needs to be enabled for drift analysis. +> [Unified Auditing](/purview/audit-log-enable-disable) needs to be enabled for drift analysis. This tab allows you to track the changes that have been made to your security policies and how those changes compare to the Standard or Strict settings. By default, the following information is displayed: |
security | Connectors Mail Flow Intelligence | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/connectors-mail-flow-intelligence.md | Microsoft 365 encountered a connection error when it tried to connect to the des - Select the connector from the list by clicking anywhere in the row other than the round check box that appears next to the **Status** column. In the connector details flyout that opens, do either of the following actions: - Delete the connector by selecting :::image type="icon" source="../../media/m365-cc-sc-delete-icon.png" border="false"::: **Delete** at the top of the flyout, and then select **Confirm** in the confirmation flyout that opens.- - Disable the connector by selecting :::image type="icon" source="../../media/m365-cc-sc-disable-icon.png" border="false"::: **Disable** at the top of the flyout, and then select **Confirm** in the confirmation flyout that opens. + - Disable the connector by selecting :::image type="icon" source="../../media/m365-cc-sc-disable-icon.png" border="false"::: **Disable** at the top of the flyout, and then select **Confirm** in the confirmation flyout that opens. - In Microsoft 365, change the accepted domain that's associated with your on-premises email environment from **Internal Relay** to **Authoritative**. For instructions, see [Manage accepted domains in Exchange Online](/exchange/mail-flow-best-practices/manage-accepted-domains/manage-accepted-domains). |
security | Create Safe Sender Lists In Office 365 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/create-safe-sender-lists-in-office-365.md | The available safe sender lists are described in the following list in order fro The rest of this article contains specifics about each method. > [!IMPORTANT]-> Messages that are identified as malware or high confidence phishing are always quarantined, regardless of the safe sender list option that you use. For more information, see [Secure by default in Office 365](secure-by-default.md). +> Messages that are identified as malware<sup>\*</sup> or high confidence phishing are always quarantined, regardless of the safe sender list option that you use. For more information, see [Secure by default in Office 365](secure-by-default.md). +> +> <sup>\*</sup> Malware filtering is skipped on SecOps mailboxes that are identified in the advanced delivery policy. For more information, see [Configure the advanced delivery policy for third-party phishing simulations and email delivery to SecOps mailboxes](advanced-delivery-policy-configure.md). > > Be careful to closely monitor _any_ exceptions that you make to spam filtering using safe sender lists. > |
security | Defender For Office 365 Whats New | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/defender-for-office-365-whats-new.md | For more information on what's new with other Microsoft Defender security produc ## September 2023 -- URL top-level domain blocking is available in the **Tenant allow block list**. [Learn more](tenant-allow-block-list-urls-configure.md) +- URL top-level domain blocking is available in the **Tenant allow block list**. [Learn more](tenant-allow-block-list-urls-configure.md). ## August 2023 |
security | External Senders Microsoft 365 Services | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/external-senders-microsoft-365-services.md | Microsoft offers several support options for people having trouble sending mail - Follow the instructions in any non-delivery report (also known as an NDR or bounce message) that you receive. - Check out the most common problems that external senders encounter in [External senders - Troubleshoot email sent to Microsoft 365](external-senders-mail-flow-troubleshooting.md). - Check the [Microsoft community forums](https://community.office365.com/f/).-- Ask the Microsoft 365 recipient to contact Microsoft Support and open a support ticket on your behalf. Typically, external senders can't open support tickets in Microsoft 365. But, there are legal reasons that might require Microsoft Support to communicate directly with owner of the blocked source IP address space. +- Ask the Microsoft 365 recipient to contact Microsoft Support and open a support ticket on your behalf. Typically, external senders can't open support tickets in Microsoft 365. But, there are legal reasons that might require Microsoft Support to communicate directly with owner of the blocked source IP address space. For more information about Microsoft Technical support for Microsoft 365, see [Support](/office365/servicedescriptions/office-365-platform-service-description/support). |
security | Mdo Email Entity Page | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mdo-email-entity-page.md | You can also trigger **Tenant level block** actions for files, URLs, or senders You'll be able to select **Take actions** from the top right corner of the entity page and this will open the Action wizard for you to select the specific action you need. > [!TIP]-We're adding the ability to take multiple actions together. You can take email remediation actions, create submissions, tenant level block actions (block senders, domains, files, and URLs), investigative actions, and proposed remediation from the **same panel**. Actions are now contextual and grouped together depending on the **latest location of the email message**. +We're adding the ability to take multiple actions together. You can take email remediation actions, create submissions, tenant level block actions (block senders, domains, files, and URLs), investigative actions, and proposed remediation from the **same panel**. Actions are now contextual and grouped together depending on the **latest location of the email message**. :::image type="content" source="../../media/Take-ActionWizard-Email-entity.png" alt-text="Take action from entity page." lightbox="../../media/Take-ActionWizard-Email-entity.png"::: In the existing Action wizard you can take email actions, create email submissions, block senders and sender domains, take investigative actions, and do two step approval (add to remediation) in the same flyout. The flyout follows a consistent flow for ease of use. The Action wizard uses the same system as Explorer actions (for example, for Delete, Submissions, and Investigation actions). You can see and track these actions in the Unified action center at <https://security.microsoft.com/action-center/history> (for deleted emails), on the Submission page at <https://security.microsoft.com/reportsubmission> (for submissions), and in the Tenant Allow/Block List at <https://security.microsoft.com/tenantAllowBlockList> page (for block entries). > [!TIP]-> These enancements bring the following benefits: -> - SecOps can now select multiple actions together in the single flow. +> These enhancements bring the following benefits: +> +> - SecOps can now select multiple actions together in the single flow. > - We grouped actions together for a logical grouping of good (false positive) and bad (false negative) message actions. > - Actions are contextual in nature in the same panel. For example, if the message is in already in Inbox, the **Move to Inbox** action is grayed out. > |
security | Mdo Usage Card About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mdo-usage-card-about.md | appliesto: [!INCLUDE [MDO Trial banner](../includes/mdo-trial-banner.md)] -In Microsoft Defender for Office 365, the usage card is available to help admins and Security Operations (SecOps) teams understand their organization's active usage of Defender for Office 365 licenses in comparison to the actual number of licenses purchased. +In organizations with Microsoft Defender for Office 365, the usage card is available to help admins and Security Operations (SecOps) teams understand the usage of Defender for Office 365. Specifically, they can compare the active usage of Defender for Office 365 licenses vs the actual number of available licenses. -> [!NOTE] -> The usage card is enabled for tenants with at least one paid Defender for Office 365 plan 1 (P1) or Defender for Office 365 plan 2 (P2) license. +> [!TIP] +> The usage card is enabled for tenants with at least one paid Defender for Office 365 Plan 1 or Defender for Office 365 Plan 2 license. -Usage cards can help determine: +Usage cards can help determine the following scenarios: -- Active usage of Exchange Online licenses and how many of those are active usage of Microsoft Defender for Office 365. --- Breakdown of active usage across key P1 and P2 capabilities (P1: protection and detection; P2: SecOps capabilities). --- Number of active P1 and P2 licenses that are purchased.+- The active usage of Exchange Online licenses and how many of those licenses are active usage of Microsoft Defender for Office 365. +- A Breakdown of active usage across key Plan 1 and Plan 2 capabilities (Plan 1: protection and detection; Plan 2: SecOps capabilities). +- The Number of active Plan 1 and Plan 2 licenses purchased. ## View the usage card -The usage card is available in the Microsoft Defender portal at https://security.microsoft.com. Go to **Reports** > **Email & collaboration reports and insights**. You'll find Defender for Office 365 usage under the **Email & collaboration insights** section. Or, to go directly to the **Email & collaboration reports and insights** page, use https://security.microsoft.com/emailandcollabreport. --In the usage card for the global and billing admins, there's a **Add more licenses** link at the bottom of the card, which takes you to the billing portal to purchase more licenses for your organization. ---The **See licensing details** option is available only for global and billing admins. For global readers, security admins, SecOps, and security readers, this option isn't available. --## Understand the usage details --To learn more about the active user count, license details, and other information, select **Show details** on the usage card. A flyout opens that shows data from the last 28 days. +1. In the Microsoft Defender portal at <https://security.microsoft.com>, go to **Reports** \> **Email & collaboration** section \> **Email & collaboration reports**. Or, to go directly to the **Email & collaboration reports and insights** page, use <https://security.microsoft.com/emailandcollabreport>. +2. On the **Email & collaboration reports and insights** page, go to the **Email & collaboration insights** section, and find the **Defender for Office 365 usage** card. -The **Details** flyout contains the following information: + :::image type="content" source="../../medio.png"::: -- Number of active users in your organization and P2 licenses.+For members of **Global Administrator** or **Billing Administrator** roles in [Microsoft Entra permissions](/microsoft-365/admin/add-users/about-admin-roles), following items are available on the card: -- Specific count of active users of Safe Links or Safe Attachments for Office 365. +- **Add more licenses** +- **See licensing details** -- Specific count of active users of Safe Links or Safe Attachments for emails.+These items aren't available for member of **Global Reader**, **Security Administrator**, **Security Operator**, or **Security Reader** roles. -- Specific count of active users of Safe Links for Teams. +## Understand usage details -- Number of active users who triggered manual or automated investigation.+On the **Defender for Office 365 usage** card, select **Show details**. -- Number of active users for whom remediation action were triggered. -- Number of active users targeted by phishing simulation training.+The details flyout that opens contains the following information from the last 28 days: -- Threat protection status report.+- The number of active users in the organization and the number of Plan 2 licenses. +- **Configured prevention and detection** section: + - **Users with Office protection**: The number of active users of Safe Links or Safe Attachments for Office 365. + - **Users with email protection**: The number of active users of Safe Links or Safe Attachments for emails. + - **Users with Teams protection**: The number of active users of Safe Links for Teams. +- **Security Operations capabilities** section: The number of active users for the following categories: + - **Users for whom manual and automated investigations were triggered**. + - **Users for whom remediations were triggered**. + - **Users targeted by phishing simulation training**. -- Add more licenses (admins and SecOps teams only). +**Threat protection status report** takes you to the [Threat protection status report](reports-email-security.md#threat-protection-status-report). -Click **See licensing details** to go to the billing page to purchase more licenses. Or, click **Close** to exit the flyout. +**See licensing details** is available for members of the **Global Administrators** or **Security Operator** roles in [Microsoft Entra permissions](/microsoft-365/admin/add-users/about-admin-roles). ## Frequently asked questions Click **See licensing details** to go to the billing page to purchase more licen There are three types of active users: -- **Defender for Office 365 active users**: The distinct user count with active usage of Microsoft Defender for Office 365 P1 and/or P2 licenses over a period of 28 days for a specific paid Microsoft Defender for Office 365 tenant.-+- **Defender for Office 365 active users**: The distinct user count with active usage of Microsoft Defender for Office 365 Plan 1 and/or Plan 2 licenses over a period of 28 days for a specific paid Microsoft Defender for Office 365 tenant. - **Active users**: The distinct user count with active usage of licenses over the past 28 days for a specific paid Microsoft Defender for Office 365 tenant.--- **Other active users**: Active users without the Microsoft Defender for Office 365 active users. +- **Other active users**: Active users without the Microsoft Defender for Office 365 active users. ### What is the usage count? Usage count can be determined by: - **Users with Office 365 protection**: Distinct count of active users of Safe Links for Office 365 or Safe Attachments for Office 365.- - **Users with email protection**: Distinct count of active users of Safe Links for email or Safe Attachments for email.+- **Users for whom manual and automated investigations were triggered**: Manual investigations triggered from Threat Explorer or auto investigations actions approved or rejected by SecOps in Incidents or in Action center. +- **Users for whom remediations were triggered**: Manual remediations in Threat Explorer, Email entity, Advanced Hunting, Automation, or Action center. +- **Users targeted by phishing simulation training**: Users who were targeted as part of simulations over past 28 days. -- **Users for whom manual and automated investigations were triggered**: Manual investigations triggered from Threat Explorer or auto investigations actions approved or rejected by SecOps in Incidents or in Action center. --- **Users for whom remediations were triggered**: Manual remediations in Threat Explorer, Email entity, Advanced Hunting, Automation, or Action center. +### I have Defender for Office 365 Plan 1 or Plan 2 paid license. Why can I not see the usage card? -- **Users targeted by phishing simulation training**: Users who were targeted as part of simulations over past 28 days. --### I have Defender for Office 365 P1 or P2 paid license. Why can I not see the usage card? --If you have at least one Defender for Office 365 P1 or P2 license, but you're still unable to see the card because of one of the following reasons: +If you have at least one Defender for Office 365 Plan 1 or Plan 2 license, but you're still unable to see the card because of one of the following reasons: - You don't have the required role to be able to view the card.- - Your organization had no active usage in the past 28 days. ### What does Collecting license and usage data status mean? -If you see **Collecting license and usage data** status in your usage card, it means Microsoft is still collecting your current licensing and usage data. When it's available, you'll be able to see the full usage card and other details. +If you see **Collecting license and usage data** status in your usage card, it means Microsoft is still collecting your current licensing and usage data. When it's available, you can see the full usage card and other details. :::image type="content" source="../../media/usage-card-collecting-data.png" alt-text="Screenshot of the usage card showing the collecting data status." lightbox="../../media/usage-card-collecting-data.png"::: -### Why does it still show overage even though you don't have any Microsoft Defender for Office 365 P2 license and no usage of SecOps capabilities? +### Why does it still show overage even though you don't have any Microsoft Defender for Office 365 Plan 2 license and no usage of SecOps capabilities? -If you have overage across Microsoft Defender for Office 365 P1 licenses offering protection and detection, you can remediate this overage by purchasing more Microsoft Defender for Office 365 P1 licenses. +If you have overage across Microsoft Defender for Office 365 Plan 1 licenses offering protection and detection, you can remediate this overage by purchasing more Microsoft Defender for Office 365 Plan 1 licenses. |
security | Message Trace Defender Portal | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/message-trace-defender-portal.md | appliesto: In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, message trace follows email messages as they travel through your Microsoft 365 organization. You can determine if a message was received, rejected, deferred, or delivered by the service. It also shows what actions were taken on the message before it reached its final status. -You can use the information from message trace to efficiently answer user questions about what happened to messages, troubleshoot mail flow issues, and validate policy changes. +You can use the information from message trace to efficiently answer user questions about what happened to messages, troubleshoot mail flow issues, and validate policy changes. The **Summary report** in the message trace contains the information that helps you answer user questions and troubleshoot mail flow issues. This **Summary report** enables you to view the report in a file that can be opened in Windows Explorer (also known as File Explorer). |
security | Preset Security Policies | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/preset-security-policies.md | If your organization has Defender for Office 365, you enable or disable the rule - **Organizations with Defender for Office 365**: - - Run the following command to determine whether the rules for the Standard and Strict preset security policies are currently enabled or disabled: + - Run the following command to determine whether the rules for the Standard and Strict preset security policies are currently enabled or disabled: ```powershell Write-Output -InputObject ("`r`n"*3),"EOP protection rule",("-"*50);Get-EOPProtectionPolicyRule -Identity "Standard Preset Security Policy" | Format-Table Name,State; Write-Output -InputObject `r`n,"Defender for Office 365 protection rule",("-"*50);Get-ATPProtectionPolicyRule -Identity "Standard Preset Security Policy" | Format-Table Name,State; Write-Output -InputObject ("`r`n"*3),"EOP protection rule",("-"*50);Get-EOPProtectionPolicyRule -Identity "Strict Preset Security Policy" | Format-Table Name,State; Write-Output -InputObject `r`n,"Defender for Office 365 protection rule",("-"*50);Get-ATPProtectionPolicyRule -Identity "Strict Preset Security Policy" | Format-Table Name,State |
security | Priority Accounts Turn On Priority Account Protection | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/priority-accounts-turn-on-priority-account-protection.md | This article describes how to confirm that priority account protection is turned - You open the Microsoft Defender portal at <https://security.microsoft.com>. - You need to be assigned permissions before you can do the procedures in this article. You have the following options:- - [Microsoft Defender XDR Unified role based access control (RBAC)](/microsoft-365/security/defender/manage-rbac) (Affects the Defender portal only, not PowerShell): **Authorization and settings/System settings/Read and manage** or **Authorization and settings/System settings/Read-only**. + - [Microsoft Defender XDR Unified role based access control (RBAC)](/microsoft-365/security/defender/manage-rbac) (Affects the Defender portal only, not PowerShell): **Authorization and settings/System settings/Read and manage** or **Authorization and settings/System settings/Read-only**. - [Exchange Online permissions](/exchange/permissions-exo/permissions-exo): Membership in the **Organization Management** or **Security Administrator** role groups. - [Microsoft Entra permissions](/microsoft-365/admin/add-users/about-admin-roles): Membership in the **Global Administrator** or **Security Administrator** roles gives users the required permissions _and_ permissions for other features in Microsoft 365. The effects of priority account protection are visible in the following reportin - [Threat Explorer and real-time detections](threat-explorer-about.md) - [Email entity page](mdo-email-entity-page.md) -For information about where the Priority account tag and other user tags are available as filters, see [User tags in reports and features](user-tags-about.md#user-tags-in-reports-and-features). +For information about where the Priority account tag and other user tags are available as filters, see [User tags in reports and features](user-tags-about.md#user-tags-in-reports-and-features). ### Threat protection status report |
security | Quarantine About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/quarantine-about.md | In Microsoft 365 organizations with mailboxes in Exchange Online or standalone E Whether a detected message is quarantined by default depends on the following factors: - The protection feature that detected the message. For example, the following detections are always quarantined:- - Malware detections by [anti-malware policies](anti-malware-policies-configure.md) and [Safe Attachments policies](safe-attachments-policies-configure.md), including [Built-in protection](preset-security-policies.md) for Safe Attachments. + - Malware detections by [anti-malware policies](anti-malware-policies-configure.md) and [Safe Attachments policies](safe-attachments-policies-configure.md), including [Built-in protection](preset-security-policies.md) for Safe Attachments<sup>\*</sup>. - High-confidence phishing detections by [anti-spam policies](anti-spam-policies-configure.md). - Whether you're using the Standard and/or Strict [preset security policies](preset-security-policies.md). The Strict profile quarantines more types of detections than the Standard profile. +<sup>\*</sup> Malware filtering is skipped on SecOps mailboxes that are identified in the advanced delivery policy. For more information, see [Configure the advanced delivery policy for third-party phishing simulations and email delivery to SecOps mailboxes](advanced-delivery-policy-configure.md). + The default actions for protection features in EOP and Defender for Office 365, including preset security policies, are described in the feature tables in [Recommended settings for EOP and Microsoft Defender for Office 365 security](recommended-settings-for-eop-and-office365.md). For anti-spam and anti-phishing protection, admins can also modify the default policy or create custom policies to quarantine messages instead of delivering them to the Junk Email folder. For instructions, see the following articles: |
security | Quarantine End User | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/quarantine-end-user.md | When you select multiple quarantined messages on the **Email** tab by selecting ## Manage quarantined messages in Microsoft Teams -When a potentially malicious chat message is detected in Microsoft Teams, zero-hour auto purge (ZAP) removes the message and quarantines it. Users can now view and manage these quarantined Teams messages in the Microsoft Defender portal. Quarantine notifications aren't supported for quarantined Teams messages. +When a potentially malicious chat message is detected in Microsoft Teams, zero-hour auto purge (ZAP) removes the message and quarantines it. Users can now view and manage these quarantined Teams messages in the Microsoft Defender portal. Quarantine notifications aren't supported for quarantined Teams messages. ### View your quarantined messages in Microsoft Teams -In the Microsoft Defender portal at https://security.microsoft.com, go to **Email & collaboration** > **Review** > **Quarantine** > **Teams messages** tab. Or, to go directly to the **Teams messages** tab on the **Quarantine** page, use <https://security.microsoft.com/quarantine?viewid=Teams>. +In the Microsoft Defender portal at https://security.microsoft.com, go to **Email & collaboration** > **Review** > **Quarantine** > **Teams messages** tab. Or, to go directly to the **Teams messages** tab on the **Quarantine** page, use <https://security.microsoft.com/quarantine?viewid=Teams>. You can sort the entries by clicking on an available column header. Select :::image type="icon" source="../../media/m365-cc-sc-customize-icon.png" border="false"::: **Customize columns** to change the columns that are shown. The default columns are: - **Teams message text**: Contains the subject for the teams message. - **Date quarantined**: Showed when the message was quarantined.-- **Status**: Shows whether the message is already reviewed and released or needs review. +- **Status**: Shows whether the message is already reviewed and released or needs review. - **Sender**: The person who sent the message that was quarantined. - **Quarantine reason**: Available options are **High confidence phish** and **Malware**. - **Expires**: Indicates the time after which the message is removed from quarantine. By default, this value is 30 days. In the details flyout that opens, the following information is available: - **Release status** - **Policy type** - **Message details** section: Includes date and time of the message sent, the sender address, Teams message ID, and the list of recipients.- - **Sender address** + - **Sender address** - **Time received** - **Recipients** - **Teams message ID** On the **Teams messages** tab, select the quarantined message by selecting the c - **Preview message**: You can view the details of the message you selected. If you don't release or remove a message, it's automatically deleted from quarantine after the date shown in the **Expires** column.- |
security | Quarantine Policies | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/quarantine-policies.md | Back on the **Quarantine policy** page, the policy that you created is now liste ### Create quarantine policies in PowerShell > [!TIP]-> The PermissionToAllowSender permission in quarantine policies in PowerShell isn't used. +> The PermissionToAllowSender permission in quarantine policies in PowerShell isn't used. If you'd rather use PowerShell to create quarantine policies, connect to [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell) or [standalone Exchange Online Protection PowerShell](/powershell/exchange/connect-to-exchange-online-protection-powershell) and use the following syntax: |
security | Real Time Detections | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/real-time-detections.md | Here are the common components within these experiences: - You can use commas to add multiple values for the same filter. :::image type="content" source="../../media/explorer-new-experience-filters.png" alt-text="Screenshot showing filters in Explorer." lightbox="../../media/explorer-new-experience-filters.png":::- + - Charts - Charts provide a visual, aggregate view of data based on filters. You can use different filters to view the data by different dimensions. Here are the common components within these experiences: > You may see no results in chart view even if you are seeing an entry in the list view. This happens if the filter does not produce any data. For example, if you have applied the filter malware family, but the underlying data does not have any malicious emails, then you may see the message no data available for this scenario. :::image type="content" source="../../media/explorer-new-experience-export-chart-data.png" alt-text="Screenshot showing exporting chart data." lightbox="../../media/explorer-new-experience-export-chart-data.png":::- + - Results grid - Results grid shows the email results based on the filters you've applied. Here are the common components within these experiences: > You can toggle between the **Chart view** and the **List view** to maximize your result set. :::image type="content" source="../../media/explorer-new-experience-list-chart-view.png" alt-text="Screenshot showing viewing chart data." lightbox="../../media/explorer-new-experience-list-chart-view.png":::- + - Detailed flyout - You can click on hyperlinks to get to the email summary panel (entries in Subject column), recipient, or IP flyout. |
security | Remediate Malicious Email Delivered Office 365 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/remediate-malicious-email-delivered-office-365.md | Open any remediation item to view details about it, including its remediation na - On-premises/external - Failed/dropped - Unknown- + - **Types of Move and Delete actions supported**: - **Move to junk folder**: Moves messages to the user's Junk Email folder. - **Move to inbox**: Moves messages to the users Inbox folder. - **Move to deleted items**: Moves messages to the user's Deleted Items folder. - **Soft delete**: Moves messages to a deleted folder in the cloud. - **Hard delete**: Permanently deletes the messages.- + Suspicious messages are categorized as either remediable or nonremediable. In most cases, remediable and nonremediable messages combine equals total messages submitted. But in rare cases this may not be true. This can happen because of system delays, timeouts, or expired messages. Messages expire based on the Explorer retention period for your organization. Unless you're remediating old messages after your organization's Explorer retention period, it's advisable to retry remediating items if you see number inconsistencies. For system delays, remediation updates are typically refreshed within a few hours. |
security | Reports Email Security | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/reports-email-security.md | In the details table below the chart, the following information is available: To see all columns, you likely need to do one or more of the following steps: - - Horizontally scroll in your web browser. - - Narrow the width of appropriate columns. - - Zoom out in your web browser. +- Horizontally scroll in your web browser. +- Narrow the width of appropriate columns. +- Zoom out in your web browser. Select :::image type="icon" source="../../media/m365-cc-sc-filter-icon.png" border="false"::: **Filter** to modify the report by selecting one or more of the following values in the flyout that opens: In the details table below the chart, the following information is available: To see all columns, you likely need to do one or more of the following steps: - - Horizontally scroll in your web browser. - - Narrow the width of appropriate columns. - - Zoom out in your web browser. +- Horizontally scroll in your web browser. +- Narrow the width of appropriate columns. +- Zoom out in your web browser. Select :::image type="icon" source="../../media/m365-cc-sc-filter-icon.png" border="false"::: **Filter** to modify the report by selecting one or more of the following values in the flyout that opens: You need to be assigned permissions before you can view and use the reports that - **Security Reader** - **Global Reader** - [Microsoft Entra permissions](/microsoft-365/admin/add-users/about-admin-roles): Membership in the **Global Administrator**<sup>\*</sup>, **Security Administrator**, **Security Reader**, or **Global Reader** roles in Microsoft Entra ID gives users the required permissions _and_ permissions for other features in Microsoft 365.-the + <sup>\*</sup> Membership in the **Organization Management** role group or in the **Global Administrator** role is required to use the :::image type="icon" source="../../media/m365-cc-sc-create-icon.png" border="false"::: **[Create schedule](#schedule-recurring-reports)** or :::image type="icon" source="../../media/m365-cc-sc-download-icon.png" border="false"::: **[Request report](#request-on-demand-reports-for-download)** actions in reports (where available). ## What if the reports aren't showing data? Depending on the report and possibly the specific view in the report, one or mor When you're finished on the **Select filters** page, select **Next**. 5. On the **Recipients** page, choose recipients for the report in the **Send email to** box. The default value is your email address, but you can add others by doing either of the following steps:- - Click in the box, wait for the list of users to resolve, and then select the user from the list below the box. - - Click in the box, start typing a value, and then select the user from the list below the box. + - Click in the box, wait for the list of users to resolve, and then select the user from the list below the box. + - Click in the box, start typing a value, and then select the user from the list below the box. To remove an entry from the list, select :::image type="icon" source="../../media/m365-cc-sc-remove-selection-icon.png" border="false"::: next to the entry. Depending on the report and possibly the specific view in the report, one or mor The reports are emailed to the specified recipients based on the schedule you configured -The scheduled report entry is available on the **Managed schedules** page as described in the next subsection. +The scheduled report entry is available on the **Managed schedules** page as described in the next subsection. #### Manage existing scheduled reports Back on the **Manage schedules** page, the deleted scheduled report entry is no When you're finished on the **Name on-demand report** page, select **Next**. 4. On the **Recipients** page, choose recipients for the report in the **Send email to** box. The default value is your email address, but you can add others by doing either of the following steps:- - Click in the box, wait for the list of users to resolve, and then select the user from the list below the box. - - Click in the box, start typing a value, and then select the user from the list below the box. + - Click in the box, wait for the list of users to resolve, and then select the user from the list below the box. + - Click in the box, start typing a value, and then select the user from the list below the box. To remove an entry from the list, select :::image type="icon" source="../../media/m365-cc-sc-remove-selection-icon.png" border="false"::: next to the entry. Back on the **Manage schedules** page, the deleted scheduled report entry is no When you're finished on the **New on-demand report created** page, select **Done**. -The report creation task (and eventually the finished report) is available on the **Reports for download** page as described in the next subsection. +The report creation task (and eventually the finished report) is available on the **Reports for download** page as described in the next subsection. #### Download reports After you request an on-demand report as described in the previous section, you In the Microsoft Defender portal at <https://security.microsoft.com>, go to **Reports** \> **Email & collaboration** \> select **Reports for download**. Or, to go directly to the **Reports for download** page, use <https://security.microsoft.com/ReportsForDownload>. On the **Reports for download** page, the following information is shown for each available report:- - **Start date** - - **Name** - - **Report type** - - **Last sent** - - **Status**: - - **Pending**: The report is still being created, and it isn't available to download yet. - - **Complete - Ready for download**: Report generation is complete, and the report is available to download. - - **Complete - No results found**: Report generation is complete, but the report contains no data, so you can't download it. ++- **Start date** +- **Name** +- **Report type** +- **Last sent** +- **Status**: + - **Pending**: The report is still being created, and it isn't available to download yet. + - **Complete - Ready for download**: Report generation is complete, and the report is available to download. + - **Complete - No results found**: Report generation is complete, but the report contains no data, so you can't download it. To download the report, select the check box next in the start date of the report, and then select the :::image type="icon" source="../../media/m365-cc-sc-download-icon.png" border="false"::: **Download report** action that appears. |
security | Responding To A Compromised Email Account | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/responding-to-a-compromised-email-account.md | To unblock a mailbox from sending email, follow the procedures in [Remove blocke 1. In the Microsoft 365 admin center at <https://admin.microsoft.com>, do the following steps: 1. Go to **Users** \> **Active users**. Or, to go directly to the **Active users** page, use <https://admin.microsoft.com/Adminportal/Home#/users>. 2. On the **Active users** page, find and select the user account from the list by doing one of the following steps:- - Select the user by clicking anywhere in the row other than the check box next to the name. In the details flyout that opens, verify the **Account** tab is selected, and then select **Manage roles** in the **Roles** section. + - Select the user by clicking anywhere in the row other than the check box next to the name. In the details flyout that opens, verify the **Account** tab is selected, and then select **Manage roles** in the **Roles** section. - Select the user by selecting the check box next to the name. Select :::image type="icon" source="../../media/m365-cc-sc-more-actions-icon.png" border="false"::: **More actions** \> :::image type="icon" source="../../media/m365-cc-sc-manage-roles-icon.png" border="false"::: **Manage roles**. 3. In the **Manage admin roles** flyout that opens, do the following steps: - Record any information that you want to restore later. To unblock a mailbox from sending email, follow the procedures in [Remove blocke ### Step 7 Optional: Additional precautionary steps -1. Verify the contents of the **Sent items** folder of the account in Outlook or Outlook on the web. +1. Verify the contents of the **Sent items** folder of the account in Outlook or Outlook on the web. You might need to inform people in your contacts list that your account was compromised. For example, the attacker might have sent messages asking your contacts for money, or the attacker might have sent a virus to hijack their computers. |
security | Safe Documents In E5 Plus Security About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/safe-documents-in-e5-plus-security-about.md | Users don't need Defender for Endpoint installed on their local devices to get S - To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell). - You need to be assigned permissions before you can do the procedures in this article. You have the following options:- - [Microsoft Defender XDR Unified role based access control (RBAC)](/microsoft-365/security/defender/manage-rbac) (Affects the Defender portal only, not PowerShell): **Authorization and settings/Security settings/Core Security settings (manage)** or **Authorization and settings/Security settings/Core Security settings (read)**. + - [Microsoft Defender XDR Unified role based access control (RBAC)](/microsoft-365/security/defender/manage-rbac) (Affects the Defender portal only, not PowerShell): **Authorization and settings/Security settings/Core Security settings (manage)** or **Authorization and settings/Security settings/Core Security settings (read)**. - [Exchange Online permissions](/exchange/permissions-exo/permissions-exo): - _Configure Safe Documents settings_: Membership in the **Organization Management** or **Security Administrator** role groups. - _Read-only access to Safe Documents settings_: Membership in the **Global Reader**, **Security Reader**, or **View-Only Organization Management** role groups. |
security | Safe Links About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/safe-links-about.md | You turn on or turn off Safe Links protection for Microsoft Teams in Safe Links > [!NOTE] > When you turn on or turn off Safe Links protection for Teams, it might take up to 24 hours for the change to take effect. >-> Safe Links protection for Teams is supported in Teams desktop and web instances. +> Safe Links protection for Teams is supported in Teams desktop and web instances. URLs in Teams are checked against a list of known malicious links when the protected user clicks the link (time-of-click protection). URLs aren't rewritten. If a link is found to be malicious, users have the following experiences: |
security | Protect Your C Suite With Priority Account Protection | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/protect-your-c-suite-with-priority-account-protection.md | If you want to achieve these steps via [Exchange Online PowerShell](/powershell/ - View a list of priority accounts: `Get-User -IsVIP | select Identity` - Add user to list of priority accounts: `Set-User -VIP $true -Identity <Identity>` - Remove user from list of priority accounts: `Set-User -VIP $false -Identity <Identity>`-- |
security | Reducing Attack Surface In Microsoft Teams | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/reducing-attack-surface-in-microsoft-teams.md | You can reduce the risk of unwanted or inappropriate content being shared during 1. **Login** to the Teams admin center at: <https://admin.teams.microsoft.com/>. 2. On the left-hand navigation, expand **Meetings** and then choose **Meeting Policies**. 3. If you've assigned any custom or built-in policies to users, you'll need to do these steps for each of them if appropriate, otherwise select **Global (Org-wide default)**.-4. Under the **Content sharing** heading, set **Who can present** to **Only organizers and co-organizers**. +4. Under the **Content sharing** heading, set **Who can present** to **Only organizers and co-organizers**. 5. Select **Save**. 6. You need to change this setting for each policy. |
security | Stay Informed With Message Center | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/stay-informed-with-message-center.md | Title: Steps to set up a weekly digest email of message center changes for Microsoft Defender for Office 365 -description: The steps to setup a weekly digest email of message center activity to stay up-to-date about changes to Microsoft Defender for Office 365. +description: The steps to set up a weekly digest email of message center activity to stay up-to-date about changes to Microsoft Defender for Office 365. search.product: ms.mktglfcycl: deploy Would it be convenient if, every week, a digest email of Microsoft Defender for The message center is where admins learn about official *service announcements and feature changes*, via visiting the site (desktop or mobile app), consulting Microsoft Planner, or *by email*. -Follow the steps below to make that helpful digest email happen. +## Before you begin -## What you'll need +What you'll need before you get started. - Microsoft Defender for Office 365 Plan 1 or 2 - Sufficient permissions (Message center reader as a minimum)-- 5 minutes to perform the steps below. -## Steps to set up a weekly digest mail of message center changes and notifications. +## Steps to set up a weekly digest mail of message center changes and notifications -1. Login to the **Admin Center** at <https://admin.microsoft.com>. +1. Log in to the **Admin Center** at <https://admin.microsoft.com>. 1. On the left-hand navigation, select **Show All**. 1. Expand **Health** and press **Message Center**. 1. On the page that loads, select **Preferences**.-1. A flyout will appear on the right, select the **Email** tab. -1. Ensure the email notification settings are as expected, you can select **Other e-mail addresses** if required to setup the digest to be sent to different users or a shared mailbox for example. +1. A flyout appears on the right, select the **Email** tab. +1. Make sure the email notification settings are as expected. You can select **Other e-mail addresses** if you want the digest to be sent to different users or a shared mailbox. 1. Select the **Send me a weekly digest about services I select** box, and select the services you wish to receive information about, as a minimum you should select **Exchange Online** & **Microsoft Defender XDR**. 1. Press **Save**. You're done. -## Watch: Track your message center tasks in Planner --[Video](https://www.microsoft.com/en-us/videoplayer/embed/RE4C7Ne) - ## Learn More [Track new and changed features in the Microsoft 365 Message center](../../../admin/manage/message-center.md) |
security | Step By Step Guide Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/step-by-step-guide-overview.md | These step-by-step guides help administrators configure and use Microsoft Defend ***If you learn Microsoft products best by doing***, the step-by-step guides will jumpstart configuration and testing. They are as useful for set up in a *trial subscription* as they are in *production*. > [!NOTE]-> Try the [Defender for Office 365 setup guide](https://go.microsoft.com/fwlink/?linkid=2224785) for step-by-step instructions that are tenant-aware and customized to your organization's needs. This setup guide helps you implement anti-malware policies, anti-phishing policies, safe attachments, and more. +> Try the [Defender for Office 365 setup guide](https://go.microsoft.com/fwlink/?linkid=2224785) for step-by-step instructions that are tenant-aware and customized to your organization's needs. This setup guide helps you implement anti-malware policies, anti-phishing policies, safe attachments, and more. ## Why use Microsoft Defender for Office 365 step-by-step guides |
security | Understand Overrides In Email Entity | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/understand-overrides-in-email-entity.md | Title: Understanding overrides within the email entity page in Microsoft Defender for Office 365 + Title: Understanding overrides within the email entity page in Microsoft Defender for Office 365 description: Shows the different overrides in the email entity page in Microsoft Defender for Office 365 to help admins troubleshoot configurations.--++ --++ audience: ITPro - m365-guidance-templates - m365-security - tier3 Previously updated : 08/14/2023 Last updated : 08/14/2023 # Understanding overrides within the email entity page in Microsoft Defender for Office 365 -Within the Microsoft Defender for Office 365 *[email entity page](/microsoft-365/security/office-365-security/mdo-email-entity-page)*, there's a wealth of useful information about an email, including if applicable the **overrides** which affected that message, and potentially the location that the message was delivered or moved to post delivery. - +Within the Microsoft Defender for Office 365 *[email entity page](/microsoft-365/security/office-365-security/mdo-email-entity-page)*, there's a wealth of useful information about an email, including if applicable the **overrides** which affected that message, and potentially the location that the message was delivered or moved to post delivery. + This article is all about helping you **understand the different overrides**, how they're triggered, and helpful information for diagnosing when the effect of an override was unexpected, such as an email being blocked when no threats were found. ## Overrides details table The following table lists all overrides, a description of what that override mea ## Next steps You can find a similar detailed table covering all the different detection technologies at [aka.ms/emailtech](/microsoft-365/security/office-365-security/step-by-step-guides/understand-detection-technology-in-email-entity).--- |
security | Submissions User Reported Messages Custom Mailbox | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/submissions-user-reported-messages-custom-mailbox.md | Before you get started, you need to use the following steps to configure Exchang > [!NOTE] > This step is especially important if you use [Attack simulation training](attack-simulation-training-get-started.md) or a third-party product to do phishing simulations. If you don't configure the reporting mailbox as a SecOps mailbox, a user reported message might trigger a training assignment by the phishing simulation product. -- Create a custom anti-malware policy for the reporting mailbox with the following settings:-- - Turn off Zero-hour auto purge (ZAP) for malware (**Protection settings** section \> **Enable zero-hour auto purge for malware** isn't selected or `-ZapEnabled $false` in PowerShell). -- - Turn off the [common attachments filter](anti-malware-protection-about.md#common-attachments-filter-in-anti-malware-policies) (**Protection settings** section \> **Enable the common attachments filter** isn't selected or `-EnableFileFilter $false` in PowerShell). -- For instructions, see [Create an anti-malware policy](anti-malware-policies-configure.md#use-the-microsoft-365-defender-portal-to-create-anti-malware-policies). --- Verify that the reporting mailbox isn't included in the Standard or Strict preset security policies. For instructions, see [Preset security policies](preset-security-policies.md).--- **Defender for Office 365**: Configure the following additional settings:-- - Exclude the reporting mailbox from the Built-in protection preset security policy. For instructions, see [Preset security policies](preset-security-policies.md). -- - Create a Safe Attachments policy for the mailbox where Safe Attachments scanning, including Dynamic Delivery, is turned off (**Settings** \> **Safe Attachments unknown malware response** section \> **Off** or `-Enable $false` in PowerShell). For instructions, see [Set up Safe Attachments policies in Microsoft Defender for Office 365](safe-attachments-policies-configure.md). -- - Create a Safe Links policy for the reporting mailbox where Safe Links scanning in email is turned off (**URL & click protection settings** \> **On: Safe Links checks a list of known, malicious links when users click links in email** isn't selected or `EnableSafeLinksForEmail $false` in PowerShell). For instructions, see [Set up Safe Links policies in Microsoft Defender for Office 365](safe-links-policies-configure.md). - - If you have data loss prevention (DLP), exclude the reporting mailbox from DLP. For more information, see [Data loss prevention Exchange conditions and actions reference](/purview/dlp-exchange-conditions-and-actions). After you verify that the reporting mailbox meets all of these requirements, use the procedures in this article to identify the reporting mailbox and to configure the related settings. On the **User reported settings** page, the available settings for reporting mes When **Monitor reported messages in Outlook** is selected and you also select **Use the built-in Report button in Outlook**, the following options are available on the **User reported settings** page: -- **Outlook** section \> **Select an Outlook report button configuration** section \> **When the user reports an email** section: +- **Outlook** section \> **Select an Outlook report button configuration** section \> **When the user reports an email** section: - **Ask the user to confirm before reporting**: A pre-reporting pop-up is shown in supported versions of Outlook for the following user actions: - **Report phishing** Remember, the report submission policy doesn't exist if any of the following sta Likewise, the report submission rule doesn't exist if either of the following statements are true: -- No one ever specified a reporting mailbox on the **User reported settings** page (but remember, the global admin's Exchange Online mailbox is used by default). +- No one ever specified a reporting mailbox on the **User reported settings** page (but remember, the global admin's Exchange Online mailbox is used by default). - No one ever manually created the report submission rule in PowerShell. - Someone manually deleted the report submission rule in PowerShell. This example creates the report submission policy with the default settings: - **Select an Outlook report button configuration** section: **Use the built-in Report button in Outlook** selected. - **Reported message destinations** section:- - **Send reported messages to**: **Microsoft and my reporting mailbox** is selected: `-EnableReportToMicrosoft $true`, `-ReportJunkToCustomizedAddress $true`, `-ReportNotJunkToCustomizedAddress $true`, and `-ReportPhishToCustomizedAddress $true` are the default values, so you don't need to use those parameters. + - **Send reported messages to**: **Microsoft and my reporting mailbox** is selected: `-EnableReportToMicrosoft $true`, `-ReportJunkToCustomizedAddress $true`, `-ReportNotJunkToCustomizedAddress $true`, and `-ReportPhishToCustomizedAddress $true` are the default values, so you don't need to use those parameters. To populate **Add an Exchange Online mailbox to send reported messages to** with the email address of the reporting mailbox, use the following cmdlets and parameters: Other settings: [-MultiLanguagePreSubmitMessageButtonLinkForPhishing "Language1 Before Phishing Info Button URL","Language2 Before Phishing Info Button URL",..."Language7 Before Phishing Info Button URL"] ` -MultiLanguagePreSubmitMessageTitleForJunk "Language1 Before Junk Title Text","Language2 Before Junk Title Text",..."Language7 Before Junk Title Text" ` -MultiLanguagePreSubmitMessageForJunk "Language1 Before Junk Description Text","Language2 Before Junk Description Text",..."Language7 Before Junk Description Text" `- [-MultiLanguagePreSubmitMessageButtonTextForJunk "Language1 Before Junk Info Button Text","Language2 Before Junk Info Button Text",..."Language7 Before Junk Info Button Text"] ` - [-MultiLanguagePreSubmitMessageButtonLinkForJunk "Language1 Before Junk Info Button URL","Language2 Before Junk Info Button URL",..."Language7 Before Junk Info Button URL"] + [-MultiLanguagePreSubmitMessageButtonTextForJunk "Language1 Before Junk Info Button Text","Language2 Before Junk Info Button Text",..."Language7 Before Junk Info Button Text"] ` + [-MultiLanguagePreSubmitMessageButtonLinkForJunk "Language1 Before Junk Info Button URL","Language2 Before Junk Info Button URL",..."Language7 Before Junk Info Button URL"] -MultiLanguagePreSubmitMessageTitleForNotJunk "Language1 Before Not Junk Title Text","Language2 Before Not Junk Title Text",..."Language7 Before Not Junk Title Text" ` -MultiLanguagePreSubmitMessageForNotJunk "Language1 Before Not Junk Description Text","Language2 Before Not Junk Description Text",..."Language7 Before Not Junk Description Text" ` [-MultiLanguagePreSubmitMessageButtonTextForNotJunk "Language1 Before Not Junk Info Button Text","Language2 Before Not Junk Info Button Text",..."Language7 Before Not Junk Info Button Text"] ` |
security | Teams Message Entity Panel | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/teams-message-entity-panel.md | Selecting a Teams message across any Microsoft Defender for Office 365 experienc - **Channel details**: Available for messages in channels - **Conversation type** - **Conversation name**: Contains the name of the channel.- - **Name and email**: Contains the name and address of the channel. + - **Name and email**: Contains the name and address of the channel. - **URLs**: - **Name and type** Contains the URL from the Teams message. - **Threat** |
security | Tenant Allow Block List About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/tenant-allow-block-list-about.md | These articles contain procedures in the Microsoft Defender portal and in PowerS Use the **Submissions** page (also known as *admin submission*) at <a href="https://security.microsoft.com/reportsubmission" target="_blank">https://security.microsoft.com/reportsubmission</a> to create block entries for the following types of items as you report them as false negatives to Microsoft: - **Domains and email addresses**:- - Email messages from these senders are marked as *phishing* and then moved to quarantine. + - Email messages from these senders are marked as *phishing* and then moved to quarantine. - Users in the organization can't send email to these blocked domains and addresses. They receive the following non-delivery report (also known as an NDR or bounce message): `550 5.7.703 Your message can't be delivered because messages to XXX, YYY are blocked by your organization using Tenant Allow Block List.` The entire message is blocked for all internal and external recipients of the message, even if only one recipient email address or domain is defined in a block entry. > [!TIP] |
security | Tenant Allow Block List Email Spoof Configure | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/tenant-allow-block-list-email-spoof-configure.md | For detailed syntax and parameter information, see [Set-TenantAllowBlockListItem Back on the **Domains & addresses** tab, the entry is no longer listed. - #### Use PowerShell to remove entries for domains and email addresses from the Tenant Allow/Block List In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), use the following syntax: For detailed syntax and parameter information, see [Set-TenantAllowBlockListSpoo 4. In the warning dialog that opens, select **Delete**. - #### Use PowerShell to remove entries for spoofed senders from the Tenant Allow/Block List In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), use the following syntax: |
security | Threat Explorer About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/threat-explorer-about.md | Tags information is also shown in the URL clicks flyout. To view it, go to Phish > Learn more by watching [this video](https://www.youtube.com/watch?v=UoVzN0lYbfY&list=PL3ZTgFEc7LystRja2GnDeUFqk44k7-KXf&index=4). -## Upcoming improvements to the threat hunting experience +## Upcoming improvements to the threat hunting experience ### Updated threat information for emails |
security | Threat Explorer Views | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/threat-explorer-views.md | Select the **View** menu using the navigation bar. Once you have selected a view ## All email -To view this report, in Explorer, select **All email** in the top navigation pane. This view shows emails identified as malicious due to phishing or malware, as well all other non-malicious emails like regular email, spam, and bulk mail. +To view this report, in Explorer, select **All email** in the top navigation pane. This view shows emails identified as malicious due to phishing or malware, as well all other non-malicious emails like regular email, spam, and bulk mail. :::image type="content" source="../../media/all-email-new.png" alt-text="Screenshot of the Threat Explorer View menu." lightbox="../../media/all-email-new.png"::: -> [!NOTE] -> If you get a **Too much data to display** error, add a filter and, if necessary, narrow the date range you're viewing. +> [!NOTE] +> If you get a **Too much data to display** error, add a filter and, if necessary, narrow the date range you're viewing. -To apply a filter, select the filter dropdown, select an item in the list, and then select **Refresh**. You can view information by sender, sender's domain, recipients, subject, attachment filename, malware family, detection technology (how the malware was detected), and more. +To apply a filter, select the filter dropdown, select an item in the list, and then select **Refresh**. You can view information by sender, sender's domain, recipients, subject, attachment filename, malware family, detection technology (how the malware was detected), and more. -You can view more details about specific email messages, such as subject line, recipient, sender, status, and so on below the chart. +You can view more details about specific email messages, such as subject line, recipient, sender, status, and so on below the chart. ## Malware To view this report, in Explorer, select **Malware** in the top navigation pane. :::image type="content" source="../../media/threat-explorer-malware-new.png" alt-text="Screenshot of the View data about email identified as malware." lightbox="../../media/threat-explorer-malware-new.png"::: -Use this list to view data by sender, recipients, sender domain, subject, detection technology, and more. +Use this list to view data by sender, recipients, sender domain, subject, detection technology, and more. -You can also use the **Top malware families** section to identify the malware families used most frequently to attack the users and the number of times it is used in last 30 days. +You can also use the **Top malware families** section to identify the malware families used most frequently to attack the users and the number of times it is used in last 30 days. Below the chart, view more details about specific messages. When you select an item in the list, a fly-out pane opens, where you can learn more about the item you selected. To view this report, in Explorer (or real-time detections), select **Phish** in :::image type="content" source="../../media/phish-new.png" alt-text="Screenshot of the View data about email identified as phishing attempts." lightbox="../../media/phish-new.png"::: -Your list of viewing options include data by sender, recipients, sender domain, sender IP, URL domain, click verdict, and more. +Your list of viewing options include data by sender, recipients, sender domain, sender IP, URL domain, click verdict, and more. For example, to see what actions were taken when people clicked on URLs that were identified as phishing attempts, select **Click verdict**, select one or more options, and then select **Refresh**. -Below the chart, view more details about specific emails, **URL clicks**, **Top URLs**, **Top clicks**, and more. +Below the chart, view more details about specific emails, **URL clicks**, **Top URLs**, **Top clicks**, and more. -When you select an item in the list, such as a URL that was detected, a fly-out pane opens, where you can learn more about the item you selected. +When you select an item in the list, such as a URL that was detected, a fly-out pane opens, where you can learn more about the item you selected. :::image type="content" source="../../media/threat-explorer-email-phish-details-new.png" alt-text="Screenshot of the Details about a detected URL." lightbox="../../media/threat-explorer-email-phish-details-new.png"::: To view this report, in Explorer, select **URL clicks** in the top navigation pa :::image type="content" source="../../media/threat-explorer-url-clicks-new.png" alt-text="Screenshot of the view data about url clicks." lightbox="../../media/threat-explorer-url-clicks-new.png"::: -You can view information by recipient, detection technology (how the malware was detected), and workload (Email, Office, Teams). +You can view information by recipient, detection technology (how the malware was detected), and workload (Email, Office, Teams). You can also use the **Top clicks** and **Top targeted users** options to get more information on user click patterns and know which users are more vulnerable to external attacks. ## Queries and filters |
security | Try Microsoft Defender For Office 365 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/try-microsoft-defender-for-office-365.md | In the **Manage MDO evaluation settings** flyout that opens, the following infor - **Safe Attachments** - **Anti-phishing** -- **Users, groups, and domains** section: Select **Edit users, groups, and domains** to change who the evaluation or trial applies to as described earlier in [Set up an evaluation or trial in audit mode](#set-up-an-evaluation-or-trial-in-audit-mode). +- **Users, groups, and domains** section: Select **Edit users, groups, and domains** to change who the evaluation or trial applies to as described earlier in [Set up an evaluation or trial in audit mode](#set-up-an-evaluation-or-trial-in-audit-mode). - **Impersonation settings** section: - If impersonation protection isn't configured in the anti-phishing evaluation policy, select **Apply impersonation protection** to configure impersonation protection: No special reports are created for **blocking mode**, so use the standard report You can filter many of the views in the Threat protection status report by the **Protected by** value **MDO** to see the effects of Defender for Office 365. - [View data by Overview](reports-email-security.md#view-data-by-overview)- + - [View data by Email \> Phish and Chart breakdown by Detection Technology](reports-email-security.md#view-data-by-email--phish-and-chart-breakdown-by-detection-technology) - Messages detected by [campaigns](campaigns.md) appear in **Campaign**. - Messages detected by Safe Attachments appear in **File detonation** and **File detonation reputation**. In **audit mode**, you're looking for reports that show detections by the evalua - **Email links**: - Report view: [View data by Email \> Phish and Chart breakdown by Detection Technology](reports-email-security.md#view-data-by-email--phish-and-chart-breakdown-by-detection-technology) - **Detection** filters: **URL detonation reputation** and **URL detonation**.- - **Attachments in email**: + - **Attachments in email**: - Report view: [View data by Email \> Phish and Chart breakdown by Detection Technology](reports-email-security.md#view-data-by-email--phish-and-chart-breakdown-by-detection-technology) - **Detection** filters: **File detonation** and **File detonation reputation**. - **Impersonation** In **audit mode**, you're looking for reports that show detections by the evalua - **Embedded malware** - Report view: [View data by Email \> Malware and Chart breakdown by Detection Technology](reports-email-security.md#view-data-by-email--malware-and-chart-breakdown-by-detection-technology) - **Detection** filters: **File detonation** and **File detonation reputation**.- - **Spoofed senders**: + - **Spoofed senders**: - Report view: [View data by Email \> Phish and Chart breakdown by Detection Technology](reports-email-security.md#view-data-by-email--phish-and-chart-breakdown-by-detection-technology)- - **Detection** filters: **Spoof intra-org**, **Spoof external domain**, and **Spoof DMARC**. + - **Detection** filters: **Spoof intra-org**, **Spoof external domain**, and **Spoof DMARC**. - **Real-time URL click protection** uses the [View data by URL click protection action in the URL protection report](reports-defender-for-office-365.md#view-data-by-url-click-protection-action-in-the-url-protection-report) that's filtered by **Evaluation: Yes**. |
security | User Tags About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/user-tags-about.md | The details flyout of the user tag contains the following information, based on - **Description** - A link to <https://security.microsoft.com/securitysettings/priorityAccountProtection> to turn on or turn off [priority account protection](priority-accounts-turn-on-priority-account-protection.md) - **Applied to**-- **Custom tags**: The details flyout for a custom tag contains the same information as the **User tags** page, plus the list of users and groups that the tag applies to. +- **Custom tags**: The details flyout for a custom tag contains the same information as the **User tags** page, plus the list of users and groups that the tag applies to. To take action on user tags, see the next section. After you apply system tags or custom tags to users, you can use those tags as f - [Admin submissions and user reported messages](submissions-admin.md) - In organizations above a certain size, the [Email issues for priority accounts report](/exchange/monitoring/mail-flow-reports/mfr-email-issues-for-priority-accounts-report) is available in the Exchange admin center (EAC). -For information about where the effects of priority account protection are visible, see [Review differentiated protection from priority account protection](priority-accounts-turn-on-priority-account-protection.md#review-differentiated-protection-from-priority-account-protection). +For information about where the effects of priority account protection are visible, see [Review differentiated protection from priority account protection](priority-accounts-turn-on-priority-account-protection.md#review-differentiated-protection-from-priority-account-protection). ## More information |
security | Zero Trust Identity Device Access Policies Exchange | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/zero-trust-identity-device-access-policies-exchange.md | Here are the steps: ```powershell Get-OwaMailboxPolicy | Format-Table Name,ConditionalAccessPolicy ```- + 3. To allow viewing attachments but no downloading, run the following command on the affected policies: ```powershell |
syntex | Backup Faq | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/backup/backup-faq.md | |
syntex | Backup Limitations | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/backup/backup-limitations.md | |
syntex | Backup Offboarding | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/backup/backup-offboarding.md | |
syntex | Backup Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/backup/backup-overview.md | description: Learn about the backup and recovery capabilities for SharePoint, Ex # Overview of Microsoft 365 Backup (Preview) > [!NOTE]-> Microsoft 365 Backup (Preview) is rolling out. When it is available worldwide, this message will be updated and you will be able to see and enable the feature in the Syntex billing setup flow in the Microsoft 365 admin center. -<! -> [!NOTE] -> This feature is currently in preview and subject to change and [limitations as defined](backup-limitations.md). Before you begin, read the [Microsoft 365 Backup preview terms and conditions](backup-preview-terms.md). -> +> Microsoft 365 Backup (Preview) is now available worldwide in all commercial cloud environments. This preview feature is subject to change and [limitations as defined](backup-limitations.md). Before you begin, read the [Microsoft 365 Backup preview terms and conditions](backup-preview-terms.md). + ## About the preview Microsoft 365 Backup is currently in preview and will begin rolling out to organizations in early 2024. You can set up billing for the product as described in [Set up Microsoft 365 Backup](backup-setup.md). Once Microsoft 365 Backup has been deployed and is available for use in your tenant, you'll see it in the Microsoft 365 admin center page under **Settings**. |
syntex | Backup Pricing | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/backup/backup-pricing.md | |
syntex | Backup Restore Data | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/backup/backup-restore-data.md | |
syntex | Backup Setup | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/backup/backup-setup.md | |
syntex | Backup View Edit Policies | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/backup/backup-view-edit-policies.md | |