Updates from: 01/20/2021 04:09:57
Category Microsoft Docs article Related commit history on GitHub Change details
admin https://docs.microsoft.com/en-us/microsoft-365/admin/activity-reports/activity-reports https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/activity-reports.md
@@ -81,7 +81,9 @@ To learn more, see [About admin roles](../add-users/about-admin-roles.md) and [A
Depending on your subscription, here are the available reports. -- [Email activity](email-activity.md)
+- [Email activity](email-activity-ww.md)
+
+- [Email activity for US Government](email-activity.md)
- [Mailbox usage](mailbox-usage.md)
@@ -93,7 +95,9 @@ Depending on your subscription, here are the available reports.
- [Active Users for US Government](active-users.md) -- [Email apps usage](email-apps-usage.md)
+- [Email apps usage](email-apps-usage-ww.md)
+
+- [Email apps usage for US Government](email-apps-usage.md)
- [Forms activity](forms-activity-ww.md)
admin https://docs.microsoft.com/en-us/microsoft-365/admin/activity-reports/email-activity-ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/email-activity-ww.md new file mode 100644
@@ -0,0 +1,58 @@
+---
+title: "Microsoft 365 Reports in the admin center - Email activity"
+ms.author: kwekua
+author: kwekua
+manager: scotv
+audience: Admin
+ms.topic: article
+ms.service: o365-administration
+localization_priority: Normal
+ms.collection:
+- M365-subscription-management
+- Adm_O365
+- Adm_NonTOC
+ms.custom: AdminSurgePortfolio
+search.appverid:
+- BCS160
+- MET150
+- MOE150
+- GEA150
+ms.assetid: 1cbe2c00-ca65-4fb9-9663-1bbfa58ebe44
+description: "Learn how to get an email activity report using the Microsoft 365 Reports dashboard in the Microsoft 365 admin center."
+---
+
+# Microsoft 365 Reports in the admin center - Email activity
+
+The Microsoft 365 **Reports** dashboard shows you the activity overview across the products in your organization. It enables you to drill in to individual product level reports to give you more granular insight about the activities within each product. Check out [the Reports overview topic](activity-reports.md).
+
+For example, you can get a high level view of email traffic within your organization from the Reports page, and then you can drill into the Email activity widget to understand the trends and per user level details of the email activity within your organization.
+
+> [!NOTE]
+> You must be a global administrator, global reader or reports reader in Microsoft 365 or an Exchange, SharePoint, Teams Service, Teams Communications, or Skype for Business administrator to see reports.
+
+## How to get to the email activity report
+
+1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page.
+2. Select **View More** under **Email activity**.
+3. From the **Email activity** drop-down list, select **Exchange** \> **Email activity**.
+
+## Interpret the email activity report
+
+You can get a view into your user's email activity by looking at the **Activity** and **Users** charts.
+
+![Email activity report](../../media/5eb1d9e9-8106-4843-acb7-c0238c0da816.png)
+
+|Item|Description|
+|:-----|:-----|
+|1. <br/> |The **Email activity** report can be viewed for trends over the last 7 days, 30 days, 90 days, or 180 days. However, if you select a particular day in the report, the table (7) will show data for up to 28 days from the current date (not the date the report was generated). <br/> |
+|2. <br/> |The data in each report usually covers up to the last 24 to 48 hours. <br/> |
+|3. <br/> |The **Activity** chart enables you to understand the trend of the amount of email activity going on in your organization. You can understand the split of email send, email read, email received, meeting created, or meeting interacted activities. <br/> |
+|4. <br/> |The **User** chart enables you to understand the trend of the amount of unique users who are generating the email activities. You can look at the trend of users performing email sending, email reading, email receiving, meeting creating, or meeting interacting activities. <br/> |
+|5. <br/> | On the **Activity** chart, the Y axis is the count of activity of the type email sent, email received, email read, meeting created, and meeting interacted. <br/> On the **Users** activity chart, the Y axis is the user's performing activity of the type email sent, email received, email read, meeting created, or meeting interacted. <br/> The X axis on both charts is the selected date range for this specific report. <br/> |
+|6. <br/> |You can filter the series you see on the chart by selecting an item in the legend. <br/> |
+|7. <br/> | The table shows you a breakdown of the email activities at the per-user level. This shows all users that have an Exchange product assigned to them and their email activities. <br/> <br/> **Username** is the email address of the user. <br/> **Display name** is the full name if the user. <br/> **Deleted** refers to the user whose current state is deleted, but was active during some part of the reporting period of the report. <br/> **Deleted date** is the date the user was deleted. <br/> **Last activity date** refers to the last time the user performed a read or send email activity. <br/> **Send actions** is the number of times an email send action was recorded for the user. <br/> **Receive actions** is the number of times an email received action was recorded for the user. <br/> **Read actions** is the number of times an email read action was recorded for the user. <br/> **Meeting created actions** is the number of times a meeting request send action was recorded for the user. <br/> **Meeting interacted actions** is the number of times a meeting request accept, tentative, decline, or cancel action was recorded for the user. <br/> **Product assigned** is the products that are assigned to this user. <br/> If your organization's policies prevents you from viewing reports where user information is identifiable, you can change the privacy setting for all these reports. Check out the **How do I hide user level details?** section in the [Activity Reports in the Microsoft 365 admin center](activity-reports.md). <br/> |
+|8. <br/> |Select **Choose columns** to add or remove columns from the report. <br/> ![Email activity report - choose columns](../../media/80ffa0ad-61c5-4a6f-8a1d-5f6730ff7da9.png)|
+|9. <br/> |You can also export the report data into an Excel .csv file, by selecting the **Export** link. This exports data of all users and enables you to do simple sorting and filtering for further analysis. If you have less than 2000 users, you can sort and filter within the table in the report itself. If you have more than 2000 users, in order to filter and sort, you will need to export the data. <br/> |
+|||
+
+Note: The Email activity report is only available for mailboxes that are associated with users who have licenses.
admin https://docs.microsoft.com/en-us/microsoft-365/admin/activity-reports/email-apps-usage-ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/email-apps-usage-ww.md new file mode 100644
@@ -0,0 +1,55 @@
+title: "Microsoft 365 Reports in the admin center - Email apps usage"
+ms.author: kwekua
+author: kwekua
+manager: scotv
+audience: Admin
+ms.topic: article
+ms.service: o365-administration
+localization_priority: Normal
+ms.collection:
+- M365-subscription-management
+- Adm_O365
+- Adm_NonTOC
+ms.custom: AdminSurgePortfolio
+search.appverid:
+- BCS160
+- MET150
+- MOE150
+- GEA150
+ms.assetid: c2ce12a2-934f-4dd4-ba65-49b02be4703d
+description: "Learn how to get Email apps usage report to know about email apps connecting to Exchange Online and the Outlook version users are using."
+---
+
+# Microsoft 365 Reports in the admin center - Email apps usage
+
+The Microsoft 365 **Reports** dashboard shows you the activity overview across the products in your organization. It enables you to drill in to individual product level reports to give you more granular insight about the activities within each product. Check out [the Reports overview topic](activity-reports.md). In the email apps usage report, you can see how many email apps are connecting to Exchange Online. You can also see the version information of Outlook apps that users are using, which will allow you to follow up with those who are using unsupported versions to install supported versions of Outlook.
+
+> [!NOTE]
+> You must be a global administrator, global reader or reports reader in Microsoft 365 or an Exchange, SharePoint, Teams Service, Teams Communications, or Skype for Business administrator to see reports.
+
+## How to get to the email apps report
+
+1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page.
+2. Select **View More** under **Email activity**.
+3. From the **Email activity** drop-down list, select **Exchange** \> **Email apps usage**.
+
+## Interpret the email apps report
+
+You can get a view into email apps activity by looking at the **Users** and **Clients** charts.
+
+![Email clients used](../../media/d78af7db-2b41-4d37-8b6e-bc7e47edd1dd.png)
+
+|Item|Description|
+|:-----|:-----|
+|1. <br/> |The **Email apps usage** report can be viewed for trends over the last 7 days, 30 days, 90 days, or 180 days. However, if you select a particular day in the report, the table (7) will show data for up to 28 days from the current date (not the date the report was generated). <br/> |
+|2. <br/> |The data in each report usually covers up to the last 24 to 48 hours. <br/> |
+|3. <br/> |The **Users** view shows you the number of unique users that connected to Exchange Online using any email app. <br/> |
+|4. <br/> |The **Apps** view shows you the number of unique users by app over the selected time period. <br/> |
+|5. <br/> |The **Versions** view shows you the number of unique users for each version of Outlook in Windows. <br/> |
+|6. <br/> | On the **Users** chart, the Y axis is the total count of unique users that connected to an app on any day of the reporting period. <br/> On the **Users** chart, the X axis is number of unique users that used the app for that reporting period. <br/> On the **Apps** chart, the Y axis is the total count of unique users who used a specific app during the reporting period. <br/> On the **Apps** chart, the X axis is the list of apps in your organization. <br/> On the **Versions** chart, the Y axis is the total count of unique users using a specific version of Outlook desktop. If the report can't resolve the version number of Outlook, the quantity will show as **Undetermined**. <br/> On the **Versions** chart, the X axis is the list of apps in your organization. <br/> |
+|7. <br/> |You can filter the series you see on the chart by selecting an item in the legend. <br/> |
+|8. <br/> | You might not see all the items in the list below in the columns until you add them.<br/> **Username** is the name of the email app's owner. <br/> **Last activity date** is the latest date the user read or sent an email message. <br/> **Mac mail**, **Mac Outlook** and **Outlook**, **Outlook mobile** and **Outlook on the web** are examples of email apps you may have in your organization. <br/> If your organization's policies prevents you from viewing reports where user information is identifiable, you can change the privacy setting for all these reports. Check out the **How do I hide user level details?** section in the [Activity Reports in the Microsoft 365 admin center](activity-reports.md). <br/> |
+|9. <br/> |Select **Choose columns** to add or remove columns from the report. <br/> ![Email apps usage report - choose columns](../../media/041bd6ff-27e8-409d-9608-282edcfa2316.png)|
+|10. <br/> |You can also export the report data into an Excel .csv file, by selecting the **Export** link. This exports data of all users and enables you to do simple sorting and filtering for further analysis. If you have less than 2000 users, you can sort and filter within the table in the report itself. If you have more than 2000 users, in order to filter and sort, you will need to export the data. <br/> |
+|||
+
admin https://docs.microsoft.com/en-us/microsoft-365/admin/activity-reports/mailbox-usage https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/mailbox-usage.md
@@ -34,11 +34,12 @@ The **Mailbox usage report** provides information about users with a user mailbo
2. Select **View More** under **Email activity**. 3. From the **Email activity** drop-down list, select **Exchange** \> **Mailbox usage**.
-
## Interpret the mailbox usage report You can get a view into your organization's **Mailbox usage** by looking at the **Mailbox**, **Storage** and **Quota** charts.
+![Mailbox usage report](../../media/9f610e91-cbc1-4e59-b824-7b1ddd84b738.png)
+ |Item|Description| |:-----|:-----| |1. <br/> |The **Mailbox usage** report can be viewed for trends over the last 7 days, 30 days, 90 days, or 180 days. However, if you select a particular day in the report, the table will show data for up to 28 days from the current date (not the date the report was generated). <br/> |
@@ -49,6 +50,7 @@ You can get a view into your organization's **Mailbox usage** by looking at the
|6. <br/> | On the **Mailbox** chart, the Y axis is the count of user mailboxes. <br/> On the **Storage** chart, the Y axis is the amount of storage being used by user mailboxes in your organization. <br/> On the **Quota** chart, the Y axis is the number of user mailboxes in each storage quota. <br/> The X axis on the Mailbox and Storage charts is the selected date range for this specific report. <br/> The X axis on the Quota charts is the quota category. <br/> | |7. <br/> |You can filter charts you see by selecting an item in the legend. <br/> | |8. <br/> | The table shows you a breakdown of mailbox usage at the per-user level. You can add additional columns to the table. <br/> **User name** is the email address of the user. <br/> **Display Name** is the full name if the user. <br/> **Deleted** refers to the mailbox whose current state is deleted, but was active during some part of the reporting period of the report. <br/> **Deleted date** is the date the mailbox was deleted. <br/> **Create date** is the date the mailbox was created. <br/> **Last activity date** refers to the date the mailbox had an email send or read activity. <br/> **Item count** refers to the total number of items in the mailbox. <br/> **Storage used (MB)** refers to the total storage used. <br/> **Deleted Item Count** refers to the total number of deleted items in the mailbox. <br/> **Deleted Item Size (MB)** refers to the total size of all deleted items in the mailbox. <br/> **Issue warning quota (MB)** refers to the storage limit when the mailbox owner will receive a warning that it's about to hit the storage quota. <br/> **Prohibit send quota (MB)** refers to the storage limit when the mailbox can no longer send emails. <br/> **Prohibit send receive quota (MB)** refers to the storage limit when the mailbox can no longer send or receive emails. <br/> If your organization's policies prevents you from viewing reports where user information is identifiable, you can change the privacy setting for all these reports. Check out the **Hide user details in the reports** section in the [Activity Reports in the Microsoft 365 admin center](activity-reports.md). <br/> |
-|9. <br/> |You can also export the report data into an Excel .csv file, by selecting the **Export** link. <br/> |
+|9. <br/> |Select **Choose columns** to add or remove columns from the report. <br/> ![Mailbox usage report - choose columns](../../media/ea3d0b18-6ac6-41b0-9bb9-4844f040ea75.png)|
+|10. <br/> |You can also export the report data into an Excel .csv file, by selecting the **Export** link. <br/> |
|||
admin https://docs.microsoft.com/en-us/microsoft-365/admin/admin-overview/admin-mobile-app https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/admin-mobile-app.md
@@ -74,7 +74,7 @@ Yes, but with reduced functionality. You'll be able to sign in and view service
### What languages are supported by the app?
-The app supports all 39 languages that the web-based Microsoft 365 admin center supports.
+The app supports all 39 languages that the web-based Microsoft 365 admin center supports. To change the language, select the app launch icon in the upper bar and choose **Settings** > **Language**.
### Why does the Messages tile on the Home screen show numbers even after I've read the new messages?
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/communication-compliance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance.md
@@ -46,7 +46,7 @@ Communication compliance policies can assist with reviewing messages in your org
- **Risk management**
- Organizations are responsible to all communications distributed throughout their infrastructure and corporate network systems. Using communication compliance policies to help identify and manage potential legal exposure and risk can help minimize risks before they can damage corporate operations. For example, you could scan messages in your organization for unauthorized communications and conlficts of interest about confidential projects such as upcoming acquisitions, mergers, earnings disclosures, reorganizations, or leadership team changes.
+ Organizations are responsible to all communications distributed throughout their infrastructure and corporate network systems. Using communication compliance policies to help identify and manage potential legal exposure and risk can help minimize risks before they can damage corporate operations. For example, you could scan messages in your organization for unauthorized communications and conflicts of interest about confidential projects such as upcoming acquisitions, mergers, earnings disclosures, reorganizations, or leadership team changes.
- **Regulatory compliance**
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/create-a-keyword-dictionary https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-keyword-dictionary.md
@@ -22,7 +22,7 @@ description: "Learn the basic steps to creating a keyword dictionary in the Offi
# Create a keyword dictionary
-Data loss prevention (DLP) can identify, monitor, and protect your sensitive items. Identifying sensitive items sometimes requires looking for keywords, particularly when identifying generic content (such as healthcare-related communication), or inappropriate or explicit language. Although you can create keyword lists in sensitive information types, keyword lists are limited in size and require modifying XML to create or edit them. Keyword dictionaries provide simpler management of keywords and at a much larger scale, supporting up to 100KB of terms (post compression) in the dictionary and support any language. The tenant limit is also 100KB after compression.
+Data loss prevention (DLP) can identify, monitor, and protect your sensitive items. Identifying sensitive items sometimes requires looking for keywords, particularly when identifying generic content (such as healthcare-related communication), or inappropriate or explicit language. Although you can create keyword lists in sensitive information types, keyword lists are limited in size and require modifying XML to create or edit them. Keyword dictionaries provide simpler management of keywords and at a much larger scale, supporting up to 1MB of terms (post compression) in the dictionary and support any language. The tenant limit is also 1MB after compression. 1MB of post compression limit means that all dictionaries combined across a tenant can have close to 1 million character.
> [!NOTE] > Microsoft 365 Information Protection now supports in preview double byte character set languages for:
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/data-classification-activity-explorer https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/data-classification-activity-explorer.md
@@ -46,6 +46,8 @@ Every account that accesses and uses data classification must have a license ass
- Office 365 (E5) - Advanced Compliance (E5) add-on - Advanced Threat Intelligence (E5) add-on
+- Microsoft 365 E5/A5 Info Protection & Governance
+- Microsoft 365 E5/A5 Compliance
### Permissions
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/encryption-office-365-certificate-chains https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/encryption-office-365-certificate-chains.md
@@ -183,23 +183,21 @@ Expand the root and intermediate sections below to see additional details about
| **Thumbprint (SHA-256)** | 6DC47172E01CBCB0BF62580D895FE2B8AC9AD4F873801E0C10B9C837D21EB177 | | **Pin (SHA-256)** | HqPF5D7WbC2imDpCpKebHpBnhs6fG1hiFBmgBGOofTg= |
-### **GlobalSign**
+### **GlobalSign Root CA - R1**
-| **Subject** | CN=GlobalSign<br>O=GlobalSign<br>OU=GlobalSign Root CA - R2 |
+| **Subject** | CN=GlobalSign Root CA<br>OU=Root CA<br>O=GlobalSign nv-sa<br>C=BE |
| --- | --- |
-| **Serial Number** | 04:00:00:00:00:01:0F:86:26:E6:0D |
+| **Serial Number** | 04:00:00:00:00:01:15:4B:5A:C3:94 |
| **Public Key Length** | RSA 2048 bits (e 65537) | | **Signature Algorithm** | sha1RSA |
-| **Validity Not Before** | Dec 15 08:00:00 2006 UTC |
-| **Validity Not After** | Dec 15 08:00:00 2021 UTC |
-| **Subject Key Identifier** | 9b:e2:07:57:67:1c:1e:c0:6a:06:de:59:b4:9a:2d:df:dc:19:86:2e |
-| **Authority Key Identifier** | keyid:9b:e2:07:57:67:1c:1e:c0:6a:06:de:59:b4:9a:2d:df:dc:19:86:2e |
-| **Thumbprint (SHA-1)** | 75E0ABB6138512271C04F85FDDDE38E4B7242EFE |
-| **Thumbprint (SHA-256)** | CA42DD41745FD0B81EB902362CF9D8BF719DA1BD1B1EFC946F5B4C99F42C1B9E |
-| **Pin (SHA-256)** | iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0= |
-| **CRL URLs** | http://crl.globalsign.net/root-r2.crl |
+| **Validity Not Before** | Sep 01 12:00:00 1998 UTC |
+| **Validity Not After** | Jan 28 12:00:00 2028 UTC |
+| **Subject Key Identifier** | 60:7b:66:1a:45:0d:97:ca:89:50:2f:7d:04:cd:34:a8:ff:fc:fd:4b |
+| **Thumbprint (SHA-1)** | B1BC968BD4F49D622AA89A81F2150152A41D829C |
+| **Thumbprint (SHA-256)** | EBD41040E4BB3EC742C9E381D31EF2A41A48B6685C96E7CEF3C1DF6CD4331C99 |
+| **Pin (SHA-256)** | K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q= |
-### **GlobalSign**
+### **GlobalSign Root CA - R3**
| **Subject** | CN=GlobalSign<br>O=GlobalSign<br>OU=GlobalSign Root CA - R3 | | --- | --- |
@@ -214,20 +212,6 @@ Expand the root and intermediate sections below to see additional details about
| **Thumbprint (SHA-1)** | D69B561148F01C77C54578C10926DF5B856976AD | | **Thumbprint (SHA-256)** | CBB522D7B7F127AD6A0113865BDF1CD4102E7D0759AF635A7CF4720DC963C53B |
-### **GlobalSign Root CA**
-
-| **Subject** | CN=GlobalSign Root CA<br>OU=Root CA<br>O=GlobalSign nv-sa<br>C=BE |
-| --- | --- |
-| **Serial Number** | 04:00:00:00:00:01:15:4B:5A:C3:94 |
-| **Public Key Length** | RSA 2048 bits (e 65537) |
-| **Signature Algorithm** | sha1RSA |
-| **Validity Not Before** | Sep 01 12:00:00 1998 UTC |
-| **Validity Not After** | Jan 28 12:00:00 2028 UTC |
-| **Subject Key Identifier** | 60:7b:66:1a:45:0d:97:ca:89:50:2f:7d:04:cd:34:a8:ff:fc:fd:4b |
-| **Thumbprint (SHA-1)** | B1BC968BD4F49D622AA89A81F2150152A41D829C |
-| **Thumbprint (SHA-256)** | EBD41040E4BB3EC742C9E381D31EF2A41A48B6685C96E7CEF3C1DF6CD4331C99 |
-| **Pin (SHA-256)** | K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q= |
- ### **thawte Primary Root CA - G3** | **Subject** | CN=thawte Primary Root CA - G3<br>OU=&quot;(c) 2008 thawte, Inc. - For authorized use only&quot;<br>OU=Certification Services Division<br>O=&quot;thawte, Inc.&quot;<br>C=US |
@@ -332,29 +316,12 @@ Expand the root and intermediate sections below to see additional details about
| **CRL URLs** | http://crl.digicert.cn/DigiCertGlobalRootCA.crl | | **OCSP URLs** | http://ocsp.digicert.cn |
-### **DigiCert Cloud Services CA-1**
-
-| **Subject** | CN=DigiCert Cloud Services CA-1<br>O=DigiCert Inc<br>C=US |
-| --- | --- |
-| **Issuer** | CN=DigiCert Global Root CA<br>OU=www.digicert.com<br>O=DigiCert Inc<br>C=US |
-| **Serial Number** | 01:9E:C1:C6:BD:3F:59:7B:B2:0C:33:38:E5:51:D8:77 |
-| **Public Key Length** | RSA 2048 bits (e 65537) |
-| **Signature Algorithm** | sha256RSA |
-| **Validity Not Before** | Aug 04 12:00:00 2015 UTC |
-| **Validity Not After** | Aug 04 12:00:00 2030 UTC |
-| **Subject Key Identifier** | dd:51:d0:a2:31:73:a9:73:ae:8f:b4:01:7e:5d:8c:57:cb:9f:f0:f7 |
-| **Authority Key Identifier** | keyid:03:de:50:35:56:d1:4c:bb:66:f0:a3:e2:1b:1b:c3:97:b2:3d:d1:55 |
-| **Thumbprint (SHA-1)** | 81B68D6CD2F221F8F534E677523BB236BBA1DC56 |
-| **Thumbprint (SHA-256)** | 2F6889961A7CA7067E8BA103C2CF9B9A924F8CA293F11178E23A1978D2F133D3 |
-| **Pin (SHA-256)** | UgpUVparimk8QCjtWQaUQ7EGrtrykc/L8N66EhFY3VE= |
-| **CRL URLs** | http://crl4.digicert.com/DigiCertGlobalRootCA.crl<br>http://crl3.digicert.com/DigiCertGlobalRootCA.crl |
-| **OCSP URLs** | http://ocsp.digicert.com |
### **DigiCert Cloud Services CA-1** | **Subject** | CN=DigiCert Cloud Services CA-1<br>O=DigiCert Inc<br>C=US | | --- | --- |
-| **Issuer** | CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US |
+| **Issuer** | CN=DigiCert Global Root CA<br>OU=www.digicert.com<br>O=DigiCert Inc<br>C=US |
| **Serial Number** | 0F:17:1A:48:C6:F2:23:80:92:18:CD:2E:D6:DD:C0:E8 | | **Public Key Length** | RSA 2048 bits | | **Signature Algorithm** | sha256RSA |
@@ -364,7 +331,8 @@ Expand the root and intermediate sections below to see additional details about
| **Authority Key Identifier** | KeyID:03:de:50:35:56:d1:4c:bb:66:f0:a3:e2:1b:1b:c3:97:b2:3d:d1:55 | | **Thumbprint (SHA-1)** | B3F6B64A07BB9611F47174407841F564FB991F29 | | **Thumbprint (SHA-256)** | 5F88694615E4C61686E106B84C3338C6720C535F60D36F61282ED15E1977DD44 |
-| **CRL URLs** | http://crl3.digicert.com/DigiCertGlobalRootCA.crl http://crl4.digicert.com/DigiCertGlobalRootCA.crl |
+| **Pin (SHA-256)** | UgpUVparimk8QCjtWQaUQ7EGrtrykc/L8N66EhFY3VE= |
+| **CRL URLs** | http://crl3.digicert.com/DigiCertGlobalRootCA.crl <br> http://crl4.digicert.com/DigiCertGlobalRootCA.crl |
| **OCSP URLs** | http://ocsp.digicert.com | ### **DigiCert SHA2 Extended Validation Server CA**
@@ -956,4 +924,4 @@ su.symcb.com/su.crt<br>
<https://www.digicert.com/CACerts/DigiCertGlobalRootCA.crt><br> <https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt><br> <https://www.microsoft.com/pki/mscorp/msitwww1.crt><br>
-<https://www.microsoft.com/pki/mscorp/msitwww2.crt><br>
\ No newline at end of file
+<https://www.microsoft.com/pki/mscorp/msitwww2.crt><br>
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/encryption-sensitivity-labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/encryption-sensitivity-labels.md
@@ -173,6 +173,9 @@ As a best practice, use groups rather than users. This strategy keeps your confi
This setting doesn't restrict who can access the content that the label encrypts, while still encrypting the content and providing you with options to restrict how the content can be used (permissions), and accessed (expiry and offline access). However, the application opening the encrypted content must be able to support the authentication being used. For this reason, federated social providers such as Google, and onetime passcode authentication work for email only, and only when you use Exchange Online. Microsoft accounts can be used with Office 365 apps and the [Azure Information Protection viewer](https://portal.azurerms.com/#/download).
+> [!NOTE]
+> Consider using this setting with [SharePoint and OneDrive integration with Azure AD B2B](https://docs.microsoft.com/sharepoint/sharepoint-azureb2b-integration-preview) when sensitivity labels are [enabled for Office files in SharePoint and OneDrive](sensitivity-labels-sharepoint-onedrive-files.md).
+ Some typical scenarios for any authenticated users setting: - You don't mind who views the content, but you want to restrict how it is used. For example, you don't want the content to be edited, copied, or printed.
@@ -408,3 +411,6 @@ Before you can use encryption, you might need to do some configuration tasks.
- For Exchange Online, see the instructions for [Exchange Online: IRM Configuration](https://docs.microsoft.com/azure/information-protection/configure-office365#exchangeonline-irm-configuration). - For Exchange on-premises, you must deploy the [RMS connector and configure your Exchange servers](https://docs.microsoft.com/azure/information-protection/deploy-rms-connector).
+## Next steps
+
+Need to share your labeled and encrypted documents with people outside your organization? See [Sharing encrypted documents with external users](sensitivity-labels-office-apps.md#sharing-encrypted-documents-with-external-users).
\ No newline at end of file
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/office-365-encryption-risks-and-protections https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/office-365-encryption-risks-and-protections.md
@@ -59,7 +59,7 @@ Some risk scenarios and the currently available encryption technologies that mit
| | SharePoint Online | Supports [Cryptographic Mode 2](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/hh867439(v=ws.10)), an updated and enhanced RMS cryptographic implementation. It supports RSA 2048 for signature and encryption, and SHA-256 for signature. | [Managed by Microsoft](https://docs.microsoft.com/azure/information-protection/plan-implement-tenant-key), which is the default setting; or <br> <br> Customer-managed, which is an alternative to Microsoft-managed keys. Organizations that have an IT-managed Azure subscription can use BYOK and log its usage at no extra charge. For more information, see [Implementing bring your own key](https://docs.microsoft.com/azure/information-protection/plan-implement-tenant-key). In this configuration, nCipher HSMs are used to protect your keys. For more information, see [nCipher HSMs and Azure RMS](https://www.thales-esecurity.com/msrms/cloud). | Yes | | S/MIME | Exchange Online | Cryptographic Message Syntax Standard 1.5 (PKCS #7) | Depends on the customer-managed public key infrastructure deployed. Key management is performed by the customer, and Microsoft never has access to the private keys used for signing and decryption. | Yes, when configured to encrypt outgoing messages with 3DES or AES256 | | Office 365 Message Encryption | Exchange Online | Same as Azure RMS ([Cryptographic Mode 2](https://technet.microsoft.com/library/dn569290.aspx) - RSA 2048 for signature and encryption, and SHA-256 for signature) | Uses Azure Information Protection as its encryption infrastructure. The encryption method used depends on where you obtain the RMS keys used to encrypt and decrypt messages. | Yes |
-| SMTP TLS with partner organization | Exchange Online | TLS 1.2 with AES 256 | The TLS certificate for Exchange Online (outlook.office.com) is a 2048-bit SHA256RSA certificate issued by Baltimore CyberTrust Root. <br> <br> The TLS root certificate for Exchange Online is a 2048-bit SHA1RSA certificate issued by Baltimore CyberTrust Root. | Yes, when TLS 1.2 with 256-bit cipher strength is used |
+| SMTP TLS with partner organization | Exchange Online | TLS 1.2 with AES 256 | The TLS certificate for Exchange Online (outlook.office.com) is a 2048-bit SHA-256 with RSA Encryption certificate issued by DigiCert Cloud Services CA-1. <br> <br> The TLS root certificate for Exchange Online is a 2048-bit SHA-1 with RSA Encryption certificate issued by [GlobalSign Root CA ΓÇô R1](https://docs.microsoft.com/microsoft-365/compliance/exchange-online-uses-tls-to-secure-email-connections?view=o365-worldwide#tls-certificate-information-for-exchange-online). <br> <br> Be aware that, for security reasons, our certificates do change from time to time. | Yes, when TLS 1.2 with 256-bit cipher strength is used |
*\*TLS certificates referenced in this table are for US datacenters; non-US datacenters also use 2048-bit SHA256RSA certificates.*
@@ -83,6 +83,6 @@ Some risk scenarios and the currently available encryption technologies that mit
| | SharePoint Online | Supports [Cryptographic Mode 2](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/hh867439(v=ws.10)), an updated and enhanced RMS cryptographic implementation. It supports RSA 2048 for signature and encryption, and SHA-256 for hash in the signature. | [Managed by Microsoft](https://docs.microsoft.com/azure/information-protection/plan-implement-tenant-key), which is the default setting; or <br> <br> Customer-managed (also known as BYOK), which is an alternative to Microsoft-managed keys. Organizations that have an IT-managed Azure subscription can use BYOK and log its usage at no extra charge. For more information, see [Implementing bring your own key](https://docs.microsoft.com/azure/information-protection/plan-implement-tenant-key). <br> <br> In the BYOK scenario, nCipher HSMs are used to protect your keys. For more information, see [nCipher HSMs and Azure RMS](https://www.thales-esecurity.com/msrms/cloud). | Yes | | S/MIME | Exchange Online | Cryptographic Message Syntax Standard 1.5 (PKCS #7) | Depends on the public key infrastructure deployed. | Yes, when configured to encrypt outgoing messages with 3DES or AES-256. | | Office 365 Message Encryption | Exchange Online | Same as Azure RMS ([Cryptographic Mode 2](https://technet.microsoft.com/library/dn569290.aspx) - RSA 2048 for signature and encryption, and SHA-256 for hash in the signature) | Uses Azure RMS as its encryption infrastructure. The encryption method used depends on where you obtain the RMS keys used to encrypt and decrypt messages. <br> <br> If you use Microsoft Azure RMS to obtain the keys, Cryptographic Mode 2 is used. If you use Active Directory (AD) RMS to obtain the keys, either Cryptographic Mode 1 or Cryptographic Mode 2 is used. The method used depends on your on-premises AD RMS deployment. Cryptographic Mode 1 is the original AD RMS cryptographic implementation. It supports RSA 1024 for signature and encryption and supports SHA-1 for signature. This mode continues to be supported by all current versions of RMS, except for BYOK configurations that use HSMs. | Yes |
-| SMTP TLS with partner organization | Exchange Online | TLS 1.2 with AES 256 | The TLS certificate for Exchange Online (outlook.office.com) is a 2048-bit SHA256RSA certificate issued by Baltimore CyberTrust Root. <br> <br> The TLS root certificate for Exchange Online is a 2048-bit sha1RSA certificate issued by Baltimore CyberTrust Root. <br> <br> Be aware that, for security reasons, our certificates do change from time to time. | Yes |
+| SMTP TLS with partner organization | Exchange Online | TLS 1.2 with AES 256 | The TLS certificate for Exchange Online (outlook.office.com) is a 2048-bit SHA-256 with RSA Encryption certificate issued by DigiCert Cloud Services CA-1. <br> <br> The TLS root certificate for Exchange Online is a 2048-bit SHA-1 with RSA Encryption certificate issued by [GlobalSign Root CA ΓÇô R1](https://docs.microsoft.com/microsoft-365/compliance/exchange-online-uses-tls-to-secure-email-connections?view=o365-worldwide#tls-certificate-information-for-exchange-online). <br> <br> Be aware that, for security reasons, our certificates do change from time to time. | Yes, when TLS 1.2 with 256-bit cipher strength is used |
*\*TLS certificates referenced in this table are for US datacenters; non-US datacenters also use 2048-bit SHA256RSA certificates.*
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/records-management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/records-management.md
@@ -80,7 +80,7 @@ A standard retention label has retention settings and actions but doesn't mark c
|Delete|Allowed <sup>1</sup> |**Blocked** |**Blocked**| **Blocked**| |Copy|Allowed |Allowed | Allowed| Allowed| |Move within container <sup>2</sup>|Allowed |Allowed | Allowed| Allowed|
-|Move across containers <sup>2</sup>|Allowed |Allowed if never unlocked | Allowed| **Blocked**|
+|Move across containers <sup>2</sup>|Allowed |Allowed if never unlocked | **Blocked** | **Blocked**|
|Open/Read|Allowed |Allowed | Allowed| Allowed| |Change label|Allowed |Allowed - container admin only | Allowed - container admin only| **Blocked** |Remove label|Allowed |Allowed - container admin only | Allowed - container admin only| **Blocked**
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/retention-policies-sharepoint https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-policies-sharepoint.md
@@ -54,7 +54,7 @@ For retention policies and auto-apply label policies: SharePoint sites must be i
To support retention, SharePoint and OneDrive create a Preservation Hold library if one doesn't exist. You can view this library on the **Site contents** page in the top-level site of the site collection. Most users can't view the Preservation Hold library because it's visible only to site collection administrators.
-If somebody attempts to change or delete a document that's subject to retention settings, a check is made whether the content's been changed since the retention settings were applied. If this is the first change since the retention settings were applied, the content is copied to the Preservation Hold library, which allows the person to change or delete the original content. Any content in a site collection can be copied to the Preservation Hold library, independently from retention settings.
+If somebody attempts to change or delete a document that's subject to retain the content, a check is made whether the content's been changed since the retention settings were applied. If this is the first change since the retention settings were applied, the content is copied to the Preservation Hold library, which allows the person to change or delete the original content. Any content in a site collection can be copied to the Preservation Hold library, independently from retention settings.
A timer job periodically cleans up the Preservation Hold library. This job compares all content in the Preservation Hold library to all queries used by the retention settings for that content. Content that is older than their configured retention period is deleted from the Preservation Hold library, and the original location if it is still there. This timer job runs every seven days, which means that it can take up to seven days for content to be deleted.
@@ -68,7 +68,7 @@ When the retention settings are to retain and delete:
![Diagram of content lifecycle in SharePoint and OneDrive](../media/Retention_Diagram_of_retention_flow_in_sites.png)
-1. **If the content is modified or deleted** during the retention period, a copy of the original content as it existed when the retention policy was assigned is created in the Preservation Hold library. There, the timer job identifies items whose retention period has expired. Those items are moved to the second-stage Recycle Bin, where they're permanently deleted at the end of 93 days. The second-stage Recycle Bin is not visible to end users (only the first-stage Recycle Bin is), but site collection admins can view and restore content from there.
+1. **If the content is modified or deleted** during the retention period, a copy of the original content as it existed when the retention settings were assigned is created in the Preservation Hold library. There, the timer job identifies items whose retention period has expired. Those items are moved to the second-stage Recycle Bin, where they're permanently deleted at the end of 93 days. The second-stage Recycle Bin is not visible to end users (only the first-stage Recycle Bin is), but site collection admins can view and restore content from there.
> [!NOTE] > To help prevent inadvertent data loss, we no longer permanently delete content from the Preservation Hold library. Instead, we permanently delete content only from the Recycle Bin, so all content from the Preservation Hold library now goes through the second-stage Recycle Bin.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-office-apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-office-apps.md
@@ -61,7 +61,7 @@ The numbers listed are the minimum Office application version required for each
|[Let users assign permissions](encryption-sensitivity-labels.md#let-users-assign-permissions) |2004+ | 16.35+ | Under review | Under review | Under review | |[View label usage with label analytics](label-analytics.md) and send data for administrators | Preview: [Current Channel (Preview)](https://office.com/insider) | Preview: [Current Channel (Preview)](https://office.com/insider) | Under review | Under review | Yes <sup>\*</sup> | |[Require users to apply a label to their email and documents](sensitivity-labels.md#what-label-policies-can-do) | Preview: Rolling out to [Current Channel (Preview)](https://office.com/insider) | Preview: Rolling out to [Current Channel (Preview)](https://office.com/insider) | Under review | Preview: [Beta Channel](https://office.com/insider) | Under review
-|[Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md) | 2009+ | Preview for Word and PowerPoint: Rolling out to [Current Channel (Preview)](https://office.com/insider) | Under review | Under review | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) |
+|[Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md) | 2009+ | Rolling out: 16.44+ | Under review | Under review | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) |
|Support [AutoSave](https://support.office.com/article/6d6bd723-ebfd-4e40-b5f6-ae6e8088f7a5) and [coauthoring](https://support.office.com/article/ee1509b4-1f6e-401e-b04a-782d26f564a4) on labeled and encrypted documents | Under review | Under review | Under review | Under review | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) | |
@@ -86,7 +86,7 @@ The numbers listed are the minimum Office application version required for each
|[Let users assign permissions](encryption-sensitivity-labels.md#let-users-assign-permissions) | 1910+ | 16.21+ | 4.7.1+ | 4.0.39+ | Yes | |[Require users to apply a label to their email and documents](#require-users-to-apply-a-label-to-their-email-and-documents) | Preview: [Current Channel (Preview)](https://office.com/insider)) | 16.43+ | 4.57.0+ | 4.2037.4+ | Yes | |[View label usage with label analytics](label-analytics.md) and send data for administrators | Preview: [Current Channel (Preview)](https://office.com/insider) | Preview: [Current Channel (Preview)](https://office.com/insider) | Under review | Under review | Yes |
-|[Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md) | 2009+ | Under review | Under review | Under review | Yes |
+|[Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md) | 2009+ | 16.44+ | Under review | Under review | Yes |
|
@@ -159,8 +159,8 @@ For a more consistent label experience with meaningful reporting, provide approp
- **Confidential \ All Employees** - **Confidential \ Anyone (no encryption)**
- > [!NOTE]
- > If users manually remove encryption from a labeled document that's stored in SharePoint or OneDrive and you've [enabled sensitivity labels for Office files in SharePoint and OneDrive](sensitivity-labels-sharepoint-onedrive-files.md), the label encryption will be automatically restored the next time the document is accessed or downloaded.
+> [!NOTE]
+> If users manually remove encryption from a labeled document that's stored in SharePoint or OneDrive and you've [enabled sensitivity labels for Office files in SharePoint and OneDrive](sensitivity-labels-sharepoint-onedrive-files.md), the label encryption will be automatically restored the next time the document is accessed or downloaded.
## Apply sensitivity labels to files, emails, and attachments
@@ -203,7 +203,15 @@ This means that if you share documents with another organization that uses diffe
In addition to restricting access to users in your own organization, you can extend access to any other user who has an account in Azure Active Directory. All Office apps and other [RMS-enlightened application](https://docs.microsoft.com/azure/information-protection/requirements-applications#rms-enlightened-applications) can open encrypted documents after the user has successfully authenticated.
-If external users do not have an account in Azure Active Directory, you can create a guest account for them in your tenant. For their email address, you can specify any email address that they already use. For example, their Gmail address. This guest account can also be used to access a shared document in SharePoint or OneDrive when you have [enabled sensitivity labels for Office files in SharePoint and OneDrive](sensitivity-labels-sharepoint-onedrive-files.md).
+If external users do not have an account in Azure Active Directory, they can authenticate by using guest accounts in your tenant. These guest accounts can also be used to access shared documents in SharePoint or OneDrive when you have [enabled sensitivity labels for Office files in SharePoint and OneDrive](sensitivity-labels-sharepoint-onedrive-files.md):
+
+- One option is to create these guest accounts yourself. You can specify any email address that these users already use. For example, their Gmail address.
+
+ The advantage of this option is that you can restrict access and rights to specific users by specifying their email address in the encryption settings. The downside is the administration overhead for the account creation and coordination with the label configuration.
+
+- Another option is to use [SharePoint and OneDrive integration with Azure AD B2B (Preview)](https://docs.microsoft.com/sharepoint/sharepoint-azureb2b-integration-preview) so that guest accounts are automatically created when your users share links.
+
+ The advantage of this option is minimum administrative overhead because the accounts are created automatically, and simpler label configuration. For this scenario, you must select the encryption option [Add any authenticated user](encryption-sensitivity-labels.md#requirements-and-limitations-for-add-any-authenticated-users) because you won't know the email addresses in advance. The downside is that this setting doesn't let you restrict access and usage rights to specific users.
External users can also use a Microsoft account for encrypted documents when they use Microsoft 365 Apps ([formerly Office 365 apps](https://docs.microsoft.com/deployoffice/name-change)) on Windows, and newly supported on macOS (version 16.42+), Android (version 16.0.13029+), and iOS (version 2.42+). For example, somebody shares an encrypted document with them, and the encryption settings specify their Gmail email address. This user can create their own Microsoft account that uses their Gmail email address. Then, after signing in with this account, they can open the document and edit it, according to the usage restrictions specified for that user. For a walkthrough example of this scenario, see [Opening and editing the protected document](https://docs.microsoft.com/azure/information-protection/secure-collaboration-documents#opening-and-editing-the-protected-document).
@@ -212,10 +220,10 @@ External users can also use a Microsoft account for encrypted documents when the
When a user with a Microsoft account opens an encrypted document in this way, it automatically creates a guest account for the tenant if a guest account with the same name doesn't already exist. When the guest account exists, it can then be used to open documents in SharePoint and OneDrive by using a browser (Office on the web), in addition to opening encrypted documents from the Windows desktop app.
-However, the automatic guest account is not created immediately because of replication latency. If you specify personal email addresses as part of your label encryption settings, we recommend that you create corresponding guest accounts in Azure Active Directory. Then let these users know that they must use this account to open an encrypted document from your organization.
+However, the automatic guest account is not created immediately in this scenario, because of replication latency. If you specify personal email addresses as part of your label encryption settings, we recommend that you create corresponding guest accounts in Azure Active Directory. Then let these users know that they must use this account to open an encrypted document from your organization.
> [!TIP]
-> Because you can't be sure that external users will be using a supported Office client app, sharing links from SharePoint and OneDrive after creating guest accounts is a more reliable method to support secure collaboration with external users.
+> Because you can't be sure that external users will be using a supported Office client app, sharing links from SharePoint and OneDrive after creating guest accounts (for specific users) or when you use [SharePoint and OneDrive integration with Azure AD B2B](https://docs.microsoft.com/sharepoint/sharepoint-azureb2b-integration-preview) (for any authenticated user) is a more reliable method to support secure collaboration with external users.
## When Office apps apply content marking and encryption
@@ -265,29 +273,6 @@ When you configure a sensitivity label for content markings, you can use the fol
> [!NOTE] > The syntax for these variables is case-sensitive.
-## Require users to apply a label to their email and documents
-
-> [!IMPORTANT]
-> Also known as mandatory labeling, not all apps on all platforms currently support the policy setting of **Require users to apply a label to their email and documents**.
->
-> The [Azure Information Protection unified labeling client](https://docs.microsoft.com/azure/information-protection/rms-client/install-unifiedlabelingclient-app) supports mandatory labeling and for labeling built in to Office apps, see the tables in the [capabilities](#support-for-sensitivity-label-capabilities-in-apps) section on this page.
-
-When this policy setting is selected, users assigned the policy must select and apply a sensitivity label under the following scenarios:
--- For the Azure Information Protection unified labeling client:
- - For documents (Word, Excel, PowerPoint): When an unlabeled document is saved or users close the document.
- - For emails (Outlook): At the time users send an unlabeled message.
--- For labeling built in to Office apps:
- - For documents ((Word, Excel, PowerPoint): When an unlabeled document is opened or saved.
- - For emails (Outlook): At the time users send an unlabeled email message.
-
-Additional information for built-in labeling:
--- When users are prompted to add a sensitivity label because they open an unlabeled document, they can add a label or choose to open the document in read-only mode.--- When mandatory labeling is in effect, users can't remove sensitivity labels from documents, but can change an existing label.- #### Setting different visual markings for Word, Excel, PowerPoint, and Outlook As an additional variable, you can configure visual markings per Office application type by using an "If.App" variable statement in the text string, and identify the application type by using the values **Word**, **Excel**, **PowerPoint**, or **Outlook**. You can also abbreviate these values, which is necessary if you want to specify more than one in the same If.App statement.
@@ -323,6 +308,28 @@ Examples:
In Word and PowerPoint, the label applies the watermark text "This content is Confidential". In Excel, the label applies the watermark text "Confidential". In Outlook, the label doesn't apply any watermark text because watermarks as visual markings are not supported for Outlook.
+## Require users to apply a label to their email and documents
+
+> [!IMPORTANT]
+> Also known as mandatory labeling, not all apps on all platforms currently support the policy setting of **Require users to apply a label to their email and documents**.
+>
+> The [Azure Information Protection unified labeling client](https://docs.microsoft.com/azure/information-protection/rms-client/install-unifiedlabelingclient-app) supports mandatory labeling and for labeling built in to Office apps, see the tables in the [capabilities](#support-for-sensitivity-label-capabilities-in-apps) section on this page.
+
+When this policy setting is selected, users assigned the policy must select and apply a sensitivity label under the following scenarios:
+
+- For the Azure Information Protection unified labeling client:
+ - For documents (Word, Excel, PowerPoint): When an unlabeled document is saved or users close the document.
+ - For emails (Outlook): At the time users send an unlabeled message.
+
+- For labeling built in to Office apps:
+ - For documents ((Word, Excel, PowerPoint): When an unlabeled document is opened or saved.
+ - For emails (Outlook): At the time users send an unlabeled email message.
+
+Additional information for built-in labeling:
+
+- When users are prompted to add a sensitivity label because they open an unlabeled document, they can add a label or choose to open the document in read-only mode.
+
+- When mandatory labeling is in effect, users can't remove sensitivity labels from documents, but can change an existing label.
## End-user documentation
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files.md
@@ -251,3 +251,5 @@ If you have Microsoft 365 Multi-Geo, you must run this command for each of your
## Next steps After you've enabled sensitivity labels for Office files in SharePoint and OneDrive, consider automatically labeling these files by using auto-labeling policies. For more information, see [Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md).+
+Need to share your labeled and encrypted documents with people outside your organization? See [Sharing encrypted documents with external users](sensitivity-labels-office-apps.md#sharing-encrypted-documents-with-external-users).
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/managing-office-365-endpoints https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/managing-office-365-endpoints.md
@@ -156,7 +156,7 @@ These CNAME redirects are a normal part of the DNS and are transparent to the cl
A proxy server validates the initial URL, which in the above example is serviceA.office.com, and this URL would be included in Office 365 publishing. The proxy server requests DNS resolution of that URL to an IP Address and will receive back IP_1. It does not validate the intermediary CNAME redirection records.
-Hard-coded configurations or allowing traffic based on indirect Office 365 FQDNs is not recommended, not supported by Microsoft, and is known to cause customer connectivity issues. DNS solutions that block on CNAME redirection, or that otherwise incorrectly resolve Office 365 DNS entries, can be solved via DNS conditional forwarding (scoped to directly used Office 365 FQDNs) with DNS recursion enabled. Many third-party network perimeter products natively integrate recommended Office 365 endpoint traffic bypass in their configuration using the [Office 365 IP Address and URL Web service](microsoft-365-ip-web-service.md).
+Hard-coded configurations or whitelisting based on indirect Office 365 FQDNs are not recommended, not supported by Microsoft, and are known to cause customer connectivity issues. DNS solutions that block on CNAME redirection, or that otherwise incorrectly resolve Office 365 DNS entries, can be solved via DNS forwarders with DNS recursion enabled or by using DNS root hints. Many third-party network perimeter products natively integrate recommended Office 365 endpoint whitelisting in their configuration using the [Office 365 IP Address and URL Web service](microsoft-365-ip-web-service.md).
<a name="bkmk_akamai"> </a> ### Why do I see names such as nsatc.net or akadns.net in the Microsoft domain names?
includes https://docs.microsoft.com/en-us/microsoft-365/includes/microsoft-365-content-updates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/microsoft-365-content-updates.md
@@ -2,6 +2,176 @@
+## Week of January 11, 2021
++
+| Published On |Topic title | Change |
+|------|------------|--------|
+| 1/11/2021 | [Add your Google Workspace domain](/microsoft-365/business-video/moveto-microsoft-365/add-google-domain?view=o365-worldwide) | added |
+| 1/11/2021 | [Cancel Google Workspace (and keep your domain)](/microsoft-365/business-video/moveto-microsoft-365/cancel-google?view=o365-worldwide) | added |
+| 1/11/2021 | [Connect your domain to Microsoft 365](/microsoft-365/business-video/moveto-microsoft-365/connect-domain-tom365?view=o365-worldwide) | added |
+| 1/11/2021 | [Migrate business email and calendar from Google Workspace](/microsoft-365/business-video/moveto-microsoft-365/migrate-email?view=o365-worldwide) | added |
+| 1/11/2021 | [Switch from Google Workspace to Microsoft 365 for business](/microsoft-365/business-video/moveto-microsoft-365/move-from-google-workspace-overview?view=o365-worldwide) | added |
+| 1/11/2021 | [Migrate Google files to Microsoft 365 for business ](/microsoft-365/business-video/moveto-microsoft-365/mover-migrate-files?view=o365-worldwide) | added |
+| 1/11/2021 | [Set up Microsoft 365 for Google Workspace migration](/microsoft-365/business-video/moveto-microsoft-365/set-up-microsoft-365-forgoogle?view=o365-worldwide) | added |
+| 1/11/2021 | [Insider risk solution](/microsoft-365/compliance/insider-risk-solution-overview?view=o365-21vianet) | modified |
+| 1/11/2021 | [Learn about retention for Teams](/microsoft-365/compliance/retention-policies-teams?view=o365-21vianet) | modified |
+| 1/11/2021 | [Cross-tenant mailbox migration](/microsoft-365/enterprise/cross-tenant-mailbox-migration?view=o365-21vianet) | modified |
+| 1/11/2021 | [Setup guides for Microsoft 365 and Office 365 services](/microsoft-365/enterprise/setup-guides-for-microsoft-365?view=o365-21vianet) | modified |
+| 1/11/2021 | [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-21vianet) | modified |
+| 1/11/2021 | [Microsoft 365 documentation # < 60 chars](/microsoft-365/index?view=o365-21vianet) | modified |
+| 1/11/2021 | [Adjust settings after enrollment](/microsoft-365/managed-desktop/get-started/conditional-access?view=o365-21vianet) | modified |
+| 1/11/2021 | [Gain insights through Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-insights?view=o365-21vianet) | modified |
+| 1/11/2021 | [Create a payload for Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-payloads?view=o365-21vianet) | modified |
+| 1/11/2021 | [Simulate a phishing attack with Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/attack-simulation-training?view=o365-21vianet) | modified |
+| 1/11/2021 | [Attack Simulator in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/attack-simulator?view=o365-21vianet) | modified |
+| 1/11/2021 | [Campaign Views in Microsoft Defender for Office 365 Plan](/microsoft-365/security/office-365-security/campaigns?view=o365-21vianet) | modified |
+| 1/11/2021 | [Office 365 Security, Microsoft Defender for Office 365, EOP, MSDO](/microsoft-365/security/office-365-security/index?view=o365-21vianet) | modified |
+| 1/11/2021 | [Application Guard for Office 365 (public preview) for admins](/microsoft-365/security/office-365-security/install-app-guard?view=o365-21vianet) | modified |
+| 1/11/2021 | [Automated investigation and response in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-air?view=o365-21vianet) | modified |
+| 1/11/2021 | [Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-atp?view=o365-21vianet) | modified |
+| 1/11/2021 | [Threat investigation & response capabilities - Microsoft Defender for Office 365 Plan 2](/microsoft-365/security/office-365-security/office-365-ti?view=o365-21vianet) | modified |
+| 1/11/2021 | [Protect against threats](/microsoft-365/security/office-365-security/protect-against-threats?view=o365-21vianet) | modified |
+| 1/11/2021 | [Quarantined email messages](/microsoft-365/security/office-365-security/quarantine-email-messages?view=o365-21vianet) | modified |
+| 1/11/2021 | [Quarantined messages FAQ](/microsoft-365/security/office-365-security/quarantine-faq?view=o365-21vianet) | modified |
+| 1/11/2021 | [Microsoft recommendations for EOP and Defender for Office 365 security settings](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365-atp?view=o365-21vianet) | modified |
+| 1/11/2021 | [Recover from a ransomware attack](/microsoft-365/security/office-365-security/recover-from-ransomware?view=o365-21vianet) | modified |
+| 1/11/2021 | [Export Content Search results](/microsoft-365/compliance/export-search-results?view=o365-21vianet) | modified |
+| 1/11/2021 | [Advanced eDiscovery limits](/microsoft-365/compliance/limits-ediscovery20?view=o365-21vianet) | modified |
+| 1/11/2021 | [Anti-phishing policies](/microsoft-365/security/office-365-security/set-up-anti-phishing-policies?view=o365-21vianet) | modified |
+| 1/12/2021 | [Advanced eDiscovery limits](/microsoft-365/compliance/limits-ediscovery20?view=o365-21vianet) | modified |
+| 1/12/2021 | [Export Content Search results](/microsoft-365/compliance/export-search-results?view=o365-21vianet) | modified |
+| 1/12/2021 | [Limits in core eDiscovery case](/microsoft-365/compliance/limits-core-ediscovery?view=o365-21vianet) | modified |
+| 1/12/2021 | [Limits for content search and Core eDiscovery in the compliance center](/microsoft-365/compliance/limits-for-content-search?view=o365-21vianet) | modified |
+| 1/12/2021 | [Manage your allows and blocks in the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list?view=o365-21vianet) | modified |
+| 1/12/2021 | [Microsoft 365 Business Premium security and compliance features](/microsoft-365/business/security-features?view=o365-21vianet) | modified |
+| 1/12/2021 | [Apply Information Rights Management (IRM) to a list or library](/microsoft-365/compliance/apply-irm-to-a-list-or-library?view=o365-21vianet) | modified |
+| 1/12/2021 | [Insider risk management cases](/microsoft-365/compliance/insider-risk-management-cases?view=o365-21vianet) | modified |
+| 1/12/2021 | [Insider risk management settings](/microsoft-365/compliance/insider-risk-management-settings?view=o365-21vianet) | modified |
+| 1/12/2021 | [Parity between Azure Information Protection for Office 365 operated by 21Vianet and commercial offerings](/microsoft-365/admin/services-in-china/parity-between-azure-information-protection?view=o365-21vianet) | modified |
+| 1/12/2021 | [Configure device proxy and internet connection settings for Endpoint DLP](/microsoft-365/compliance/endpoint-dlp-configure-proxy?view=o365-21vianet) | added |
+| 1/12/2021 | [Get started with Microsoft 365 Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-getting-started?view=o365-21vianet) | modified |
+| 1/12/2021 | [Advanced eDiscovery alignment with the EDRM](/microsoft-365/compliance/advanced-ediscovery-edrm?view=o365-21vianet) | added |
+| 1/12/2021 | [Create and manage Advanced eDiscovery cases in Microsoft 365](/microsoft-365/compliance/create-and-manage-advanced-ediscoveryv2-case?view=o365-21vianet) | added |
+| 1/12/2021 | [Create a legal hold notice](/microsoft-365/compliance/create-hold-notification?view=o365-21vianet) | modified |
+| 1/12/2021 | [Create and configure retention policies to automatically retain or delete content](/microsoft-365/compliance/create-retention-policies?view=o365-21vianet) | modified |
+| 1/12/2021 | [Data loss prevention and Microsoft Teams](/microsoft-365/compliance/dlp-microsoft-teams?view=o365-21vianet) | modified |
+| 1/12/2021 | [eDiscovery](/microsoft-365/compliance/ediscovery?view=o365-21vianet) | modified |
+| 1/12/2021 | [Set up Advanced eDiscovery in Microsoft 365](/microsoft-365/compliance/get-started-with-advanced-ediscovery?view=o365-21vianet) | modified |
+| 1/12/2021 | [Manage legal investigations in Microsoft 365](/microsoft-365/compliance/manage-legal-investigations?view=o365-21vianet) | modified |
+| 1/12/2021 | [Overview of the Advanced eDiscovery solution in Microsoft 365](/microsoft-365/compliance/overview-ediscovery-20?view=o365-21vianet) | modified |
+| 1/12/2021 | [Microsoft Managed Desktop and ITIL](/microsoft-365/managed-desktop/mmd-and-itsm?view=o365-21vianet) | modified |
+| 1/12/2021 | [Working with Microsoft Consulting Services](/microsoft-365/managed-desktop/get-ready/apps-mcs?view=o365-21vianet) | modified |
+| 1/12/2021 | [Apps in Microsoft Managed Desktop](/microsoft-365/managed-desktop/get-ready/apps?view=o365-21vianet) | modified |
+| 1/12/2021 | [Prepare on-premises resources access for Microsoft Managed Desktop](/microsoft-365/managed-desktop/get-ready/authentication?view=o365-21vianet) | modified |
+| 1/12/2021 | [Prepare certificates and network profiles for Microsoft Managed Desktop](/microsoft-365/managed-desktop/get-ready/certs-wifi-lan?view=o365-21vianet) | modified |
+| 1/12/2021 | [Prepare mapped drives for Microsoft Managed Desktop](/microsoft-365/managed-desktop/get-ready/mapped-drives?view=o365-21vianet) | modified |
+| 1/12/2021 | [Prepare printing resources for Microsoft Managed Desktop](/microsoft-365/managed-desktop/get-ready/printing?view=o365-21vianet) | modified |
+| 1/12/2021 | [Fix issues found by the readiness assessment tool](/microsoft-365/managed-desktop/get-ready/readiness-assessment-fix?view=o365-21vianet) | modified |
+| 1/12/2021 | [Readiness assessment tool](/microsoft-365/managed-desktop/get-ready/readiness-assessment-tool?view=o365-21vianet) | modified |
+| 1/12/2021 | [Access the Admin portal](/microsoft-365/managed-desktop/get-started/access-admin-portal?view=o365-21vianet) | modified |
+| 1/12/2021 | [Assign licenses](/microsoft-365/managed-desktop/get-started/assign-licenses?view=o365-21vianet) | modified |
+| 1/12/2021 | [New Microsoft Edge](/microsoft-365/managed-desktop/get-started/edge-browser-app?view=o365-21vianet) | modified |
+| 1/12/2021 | [Microsoft 365 Apps for enterprise](/microsoft-365/managed-desktop/get-started/m365-apps?view=o365-21vianet) | modified |
+| 1/12/2021 | [Register new devices yourself](/microsoft-365/managed-desktop/get-started/register-devices-self?view=o365-21vianet) | modified |
+| 1/12/2021 | [Register existing devices yourself](/microsoft-365/managed-desktop/get-started/register-reused-devices-self?view=o365-21vianet) | modified |
+| 1/12/2021 | [Set up devices for Microsoft Managed Desktop](/microsoft-365/managed-desktop/get-started/set-up-devices?view=o365-21vianet) | modified |
+| 1/12/2021 | Frequently Asked Questions | removed |
+| 1/12/2021 | [Is Microsoft Managed Desktop right for you?](/microsoft-365/managed-desktop/intro/index?view=o365-21vianet) | modified |
+| 1/12/2021 | [Microsoft Managed Desktop roles and responsibilities](/microsoft-365/managed-desktop/intro/roles-and-responsibilities?view=o365-21vianet) | modified |
+| 1/12/2021 | [Microsoft Managed Desktop technologies](/microsoft-365/managed-desktop/intro/technologies?view=o365-21vianet) | modified |
+| 1/12/2021 | [App control](/microsoft-365/managed-desktop/service-description/app-control?view=o365-21vianet) | modified |
+| 1/12/2021 | [Microsoft Managed Desktop archived devices](/microsoft-365/managed-desktop/service-description/archived-device-list?view=o365-21vianet) | modified |
+| 1/12/2021 | [Exceptions to the service plan](/microsoft-365/managed-desktop/service-description/customizing?view=o365-21vianet) | modified |
+| 1/12/2021 | [Microsoft Managed Desktop product lifecycle](/microsoft-365/managed-desktop/service-description/device-lifecycle?view=o365-21vianet) | modified |
+| 1/12/2021 | [Microsoft Managed Desktop devices](/microsoft-365/managed-desktop/service-description/device-list?view=o365-21vianet) | modified |
+| 1/12/2021 | [Device configuration](/microsoft-365/managed-desktop/service-description/device-policies?view=o365-21vianet) | modified |
+| 1/12/2021 | [Microsoft Managed Desktop service description](/microsoft-365/managed-desktop/service-description/index?view=o365-21vianet) | modified |
+| 1/12/2021 | [Microsoft Managed Desktop operations and monitoring](/microsoft-365/managed-desktop/service-description/operations-and-monitoring?view=o365-21vianet) | modified |
+| 1/12/2021 | [Privacy and personal data](/microsoft-365/managed-desktop/service-description/privacy-personal-data?view=o365-21vianet) | modified |
+| 1/12/2021 | [Supported regions and languages](/microsoft-365/managed-desktop/service-description/regions-languages?view=o365-21vianet) | modified |
+| 1/12/2021 | [Security operations in Microsoft Managed Desktop](/microsoft-365/managed-desktop/service-description/security-operations?view=o365-21vianet) | modified |
+| 1/12/2021 | [Security technologies in Microsoft Managed Desktop](/microsoft-365/managed-desktop/service-description/security?view=o365-21vianet) | modified |
+| 1/12/2021 | [How updates are handled in Microsoft Managed Desktop](/microsoft-365/managed-desktop/service-description/updates?view=o365-21vianet) | modified |
+| 1/12/2021 | [Admin support for Microsoft Managed Desktop](/microsoft-365/managed-desktop/working-with-managed-desktop/admin-support?view=o365-21vianet) | modified |
+| 1/12/2021 | [Get user support for Microsoft Managed Desktop](/microsoft-365/managed-desktop/working-with-managed-desktop/end-user-support?view=o365-21vianet) | modified |
+| 1/12/2021 | [Identity and device access policies for allowing guest and external user B2B access - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/identity-access-policies-guest-access?view=o365-21vianet) | modified |
+| 1/12/2021 | [Prerequisite work for implementing identity and device access policies - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/identity-access-prerequisites?view=o365-21vianet) | modified |
+| 1/12/2021 | [Isolated SharePoint Online team sites](/microsoft-365/security/office-365-security/isolated-sharepoint-online-team-sites?view=o365-21vianet) | modified |
+| 1/12/2021 | [Support for validation of Domain Keys Identified Mail (DKIM) signed messages](/microsoft-365/security/office-365-security/support-for-validation-of-dkim-signed-messages?view=o365-21vianet) | modified |
+| 1/13/2021 | [Get incident notifications in Microsoft 365 Defender](/microsoft-365/security/mtp/get-incident-notifications?view=o365-21vianet) | modified |
+| 1/13/2021 | [Assign and complete improvement actions in Microsoft Compliance Manager](/microsoft-365/compliance/compliance-manager-improvement-actions?view=o365-21vianet) | modified |
+| 1/13/2021 | [Working with assessment templates in Microsoft Compliance Manager](/microsoft-365/compliance/compliance-manager-templates?view=o365-21vianet) | modified |
+| 1/13/2021 | [Connect to all Microsoft 365 services in a single PowerShell window](/microsoft-365/enterprise/connect-to-all-microsoft-365-services-in-a-single-windows-powershell-window?view=o365-21vianet) | modified |
+| 1/13/2021 | [Enable the Report Phish add-in](/microsoft-365/security/office-365-security/enable-the-report-phish-add-in?view=o365-21vianet) | added |
+| 1/13/2021 | [Admin submissions](/microsoft-365/security/office-365-security/admin-submission?view=o365-21vianet) | modified |
+| 1/13/2021 | [How automated investigation and response works in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/automated-investigation-response-office?view=o365-21vianet) | modified |
+| 1/13/2021 | [Best practices for configuring EOP](/microsoft-365/security/office-365-security/best-practices-for-configuring-eop?view=o365-21vianet) | modified |
+| 1/13/2021 | [Enable the Report Message add-in](/microsoft-365/security/office-365-security/enable-the-report-message-add-in?view=o365-21vianet) | modified |
+| 1/13/2021 | [Install and use the Junk Email Reporting add-in for Microsoft Outlook](/microsoft-365/security/office-365-security/junk-email-reporting-add-in-for-microsoft-outlook?view=o365-21vianet) | modified |
+| 1/13/2021 | [Automated investigation and response in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-air?view=o365-21vianet) | modified |
+| 1/13/2021 | [Report spam, non-spam, and phishing messages to Microsoft](/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft?view=o365-21vianet) | modified |
+| 1/13/2021 | [Manually submit messages to Microsoft for analysis](/microsoft-365/security/office-365-security/submit-spam-non-spam-and-phishing-scam-messages-to-microsoft-for-analysis?view=o365-21vianet) | modified |
+| 1/13/2021 | [Threat Explorer and Real-time detections](/microsoft-365/security/office-365-security/threat-explorer?view=o365-21vianet) | modified |
+| 1/13/2021 | [Tune anti-phishing protection](/microsoft-365/security/office-365-security/tuning-anti-phishing?view=o365-21vianet) | modified |
+| 1/13/2021 | [User submissions policy](/microsoft-365/security/office-365-security/user-submission?view=o365-21vianet) | modified |
+| 1/13/2021 | [View email security reports in the Security & Compliance Center](/microsoft-365/security/office-365-security/view-email-security-reports?view=o365-21vianet) | modified |
+| 1/14/2021 | [Enable unlimited archiving - Admin Help](/microsoft-365/compliance/enable-unlimited-archiving?view=o365-21vianet) | modified |
+| 1/14/2021 | [Get started with Microsoft 365 Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-getting-started?view=o365-21vianet) | modified |
+| 1/14/2021 | [Use Advanced Audit to investigate compromised accounts](/microsoft-365/compliance/mailitemsaccessed-forensics-investigations?view=o365-21vianet) | modified |
+| 1/14/2021 | [Search for Teams chat data for on-premises users](/microsoft-365/compliance/search-cloud-based-mailboxes-for-on-premises-users?view=o365-21vianet) | modified |
+| 1/14/2021 | [Use sensitivity labels with Microsoft Teams, Microsoft 365 groups, and SharePoint sites](/microsoft-365/compliance/sensitivity-labels-teams-groups-sites?view=o365-21vianet) | modified |
+| 1/14/2021 | [About admin roles in the Microsoft 365 admin center](/microsoft-365/admin/add-users/about-admin-roles?view=o365-21vianet) | modified |
+| 1/14/2021 | [Adjust settings after enrollment](/microsoft-365/managed-desktop/get-started/conditional-access?view=o365-21vianet) | modified |
+| 1/14/2021 | [Get started using Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-get-started?view=o365-21vianet) | added |
+| 1/14/2021 | [Manage audit log retention policies](/microsoft-365/compliance/audit-log-retention-policies?view=o365-21vianet) | modified |
+| 1/14/2021 | [Get started with Microsoft Compliance Manager](/microsoft-365/compliance/compliance-manager-setup?view=o365-21vianet) | modified |
+| 1/14/2021 | [Gain insights through Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-insights?view=o365-21vianet) | modified |
+| 1/14/2021 | [Create a payload for Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-payloads?view=o365-21vianet) | modified |
+| 1/14/2021 | [Simulate a phishing attack with Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/attack-simulation-training?view=o365-21vianet) | modified |
+| 1/14/2021 | [Attack Simulator in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/attack-simulator?view=o365-21vianet) | modified |
+| 1/14/2021 | [Evaluate Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-evaluation?view=o365-21vianet) | modified |
+| 1/14/2021 | [How to use DKIM for email in your custom domain](/microsoft-365/security/office-365-security/use-dkim-to-validate-outbound-email?view=o365-21vianet) | modified |
+| 1/14/2021 | [Configure teams with protection for highly sensitive data](/microsoft-365/solutions/configure-teams-highly-sensitive-protection?view=o365-21vianet) | modified |
+| 1/14/2021 | [Configure a team with security isolation](/microsoft-365/solutions/secure-teams-security-isolation?view=o365-21vianet) | modified |
+| 1/15/2021 | [Download perpetual software and product license keys](/microsoft-365/admin/setup/download-software-licenses-csp?view=o365-21vianet) | added |
+| 1/15/2021 | [Capabilities of Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/capabilities?view=o365-21vianet) | modified |
+| 1/15/2021 | [Choose between Basic Mobility and Security and Intune](/microsoft-365/admin/basic-mobility-security/choose-between-basic-mobility-and-security-and-intune?view=o365-21vianet) | modified |
+| 1/15/2021 | [Create an APNs certificate for iOS devices](/microsoft-365/admin/basic-mobility-security/create-an-apns-certificate-for-ios-devices?view=o365-21vianet) | modified |
+| 1/15/2021 | [Create device security policies in Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/create-device-security-policies?view=o365-21vianet) | modified |
+| 1/15/2021 | [Enroll your mobile device using Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/enroll-your-mobile-device?view=o365-21vianet) | modified |
+| 1/15/2021 | [Basic Mobility and Security frequently-asked questions (FAQ)](/microsoft-365/admin/basic-mobility-security/frequently-asked-questions?view=o365-21vianet) | modified |
+| 1/15/2021 | [Get details about Basic Mobility and Security managed devices](/microsoft-365/admin/basic-mobility-security/get-details-about-managed-devices?view=o365-21vianet) | modified |
+| 1/15/2021 | [Manage device access settings in Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/manage-device-access-settings?view=o365-21vianet) | modified |
+| 1/15/2021 | [Manage devices enrolled in Mobile Device Management in Microsoft 365](/microsoft-365/admin/basic-mobility-security/manage-enrolled-devices?view=o365-21vianet) | modified |
+| 1/15/2021 | [Privacy and security in Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/privacy-and-security?view=o365-21vianet) | modified |
+| 1/15/2021 | [Set up Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/set-up?view=o365-21vianet) | modified |
+| 1/15/2021 | [Troubleshoot Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/troubleshoot?view=o365-21vianet) | modified |
+| 1/15/2021 | [Turn off Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/turn-off?view=o365-21vianet) | modified |
+| 1/15/2021 | [Wipe a mobile device in Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/wipe-mobile-device?view=o365-21vianet) | modified |
+| 1/15/2021 | [Add several users at the same time to Microsoft 365 - Admin Help](/microsoft-365/enterprise/add-several-users-at-the-same-time?view=o365-21vianet) | modified |
+| 1/15/2021 | [Change history for Microsoft Managed Desktop documentation](/microsoft-365/managed-desktop/change-history-managed-desktop?view=o365-21vianet) | modified |
+| 1/15/2021 | [Get started using Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-get-started?view=o365-21vianet) | modified |
+| 1/15/2021 | [Gain insights through Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-insights?view=o365-21vianet) | modified |
+| 1/15/2021 | [Create a payload for Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-payloads?view=o365-21vianet) | modified |
+| 1/15/2021 | [Simulate a phishing attack with Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/attack-simulation-training?view=o365-21vianet) | modified |
+| 1/15/2021 | [Message center](/microsoft-365/admin/manage/message-center?view=o365-21vianet) | modified |
+| 1/15/2021 | [Alert policies in the security and compliance centers](/microsoft-365/compliance/alert-policies?view=o365-21vianet) | modified |
+| 1/15/2021 | [Sensitive information type entity definitions](/microsoft-365/compliance/sensitive-information-type-entity-definitions?view=o365-21vianet) | modified |
+| 1/15/2021 | [Microsoft Managed Desktop devices](/microsoft-365/managed-desktop/service-description/device-list?view=o365-21vianet) | modified |
+| 1/15/2021 | [Security recommendations for priority accounts in Microsoft 365](/microsoft-365/security/office-365-security/security-recommendations-for-priority-accounts?view=o365-21vianet) | modified |
+| 1/15/2021 | [Set up SPF to help prevent spoofing](/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing?view=o365-21vianet) | modified |
+| 1/15/2021 | [Configure a team with security isolation](/microsoft-365/solutions/secure-teams-security-isolation?view=o365-21vianet) | modified |
+| 1/15/2021 | [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-21vianet) | modified |
+| 1/15/2021 | [Office 365 U.S. Government GCC High endpoints](/microsoft-365/enterprise/microsoft-365-u-s-government-gcc-high-endpoints?view=o365-21vianet) | modified |
+| 1/16/2021 | [Get started with communication compliance](/microsoft-365/compliance/communication-compliance-configure?view=o365-21vianet) | modified |
+| 1/16/2021 | [Communication compliance feature reference](/microsoft-365/compliance/communication-compliance-feature-reference?view=o365-21vianet) | modified |
+| 1/16/2021 | [Investigate and remediate communication compliance alerts](/microsoft-365/compliance/communication-compliance-investigate-remediate?view=o365-21vianet) | modified |
+| 1/16/2021 | [Learn about communication compliance](/microsoft-365/compliance/communication-compliance?view=o365-21vianet) | modified |
+| 1/16/2021 | [Learn about retention for Yammer](/microsoft-365/compliance/retention-policies-yammer?view=o365-21vianet) | modified |
+| 1/16/2021 | [What's new in Microsoft 365 compliance](/microsoft-365/compliance/whats-new?view=o365-21vianet) | modified |
++ ## Week of January 04, 2021
@@ -168,6 +338,7 @@
| 1/6/2021 | [Use the communications editor](/microsoft-365/compliance/using-communications-editor?view=o365-21vianet) | modified | | 1/6/2021 | [Permissions - Security & Compliance Center](/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center?view=o365-21vianet) | modified | | 1/6/2021 | [Security recommendations for priority accounts in Microsoft 365](/microsoft-365/security/office-365-security/security-recommendations-for-priority-accounts?view=o365-21vianet) | modified |
+| 1/6/2021 | [Buy new licenses](/microsoft-365/business-video/buy-licenses?view=o365-worldwide) | added |
| 1/6/2021 | [Microsoft SharePoint Syntex adoption: Get started](/microsoft-365/contentunderstanding/adoption-getstarted) | modified | | 1/6/2021 | [Microsoft 365 documentation # < 60 chars](/microsoft-365/index?view=o365-21vianet) | modified | | 1/6/2021 | [DeviceFileEvents table in the advanced hunting schema](/microsoft-365/security/mtp/advanced-hunting-devicefileevents-table?view=o365-21vianet) | modified |
@@ -184,14 +355,15 @@
| 1/6/2021 | [Use sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-21vianet) | modified | | 1/6/2021 | [TLS 1.0 and 1.1 deprecation for Office 365](/microsoft-365/compliance/tls-1.0-and-1.1-deprecation-for-office-365?view=o365-21vianet) | modified | | 1/6/2021 | [Adjust settings after enrollment](/microsoft-365/managed-desktop/get-started/conditional-access?view=o365-21vianet) | modified |
-| 1/7/2021 | [Additional endpoints not included in the Office 365 IP Address and URL Web service](/microsoft-365/enterprise/additional-office365-ip-addresses-and-urls?view=o365-21vianet) | modified |
+| 1/7/2021 | [Naming changes in the Microsoft 365 Defender advanced hunting schema](/microsoft-365/security/mtp/advanced-hunting-schema-changes?view=o365-21vianet) | added |
| 1/7/2021 | [Additional device information for the migration from Microsoft Cloud Deutschland](/microsoft-365/enterprise/ms-cloud-germany-transition-add-devices?view=o365-21vianet) | modified | | 1/7/2021 | [EmailEvents table in the advanced hunting schema](/microsoft-365/security/mtp/advanced-hunting-emailevents-table?view=o365-21vianet) | modified | | 1/7/2021 | [Create a payload for Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-payloads?view=o365-21vianet) | modified | | 1/7/2021 | [Set up Safe Attachments policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/set-up-atp-safe-attachments-policies?view=o365-21vianet) | modified | | 1/7/2021 | [Set up Safe Links policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/set-up-atp-safe-links-policies?view=o365-21vianet) | modified | | 1/7/2021 | [Collaborate with guests in a team](/microsoft-365/solutions/collaborate-as-team?view=o365-21vianet) | modified |
-| 1/7/2021 | [Configure permissions filtering for Content Search](/microsoft-365/compliance/permissions-filtering-for-content-search?view=o365-21vianet) | modified |
+| 1/7/2021 | [AADSignInEventsBeta table in the advanced hunting schema](/microsoft-365/security/mtp/advanced-hunting-aadsignineventsbeta-table?view=o365-21vianet) | added |
+| 1/7/2021 | [AADSpnSignInEventsBeta table in the advanced hunting schema](/microsoft-365/security/mtp/advanced-hunting-aadspnsignineventsbeta-table?view=o365-21vianet) | added |
| 1/7/2021 | [Address space calculator for Azure gateway subnets](/microsoft-365/enterprise/address-space-calculator-for-azure-gateway-subnets?view=o365-21vianet) | modified | | 1/7/2021 | [How to configure Exchange Server on-premises to use Hybrid Modern Authentication](/microsoft-365/enterprise/configure-exchange-server-for-hybrid-modern-authentication?view=o365-21vianet) | modified | | 1/7/2021 | [Data move general FAQ](/microsoft-365/enterprise/data-move-faq?view=o365-21vianet) | modified |
@@ -201,7 +373,8 @@
| 1/7/2021 | [Prepare a non-routable domain for directory synchronization](/microsoft-365/enterprise/prepare-a-non-routable-domain-for-directory-synchronization?view=o365-21vianet) | modified | | 1/7/2021 | [Microsoft 365 Defender](/microsoft-365/security/mtp/microsoft-threat-protection?view=o365-21vianet) | modified | | 1/7/2021 | [Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-atp?view=o365-21vianet) | modified |
-| 1/7/2021 | [Learn about retention for Teams](/microsoft-365/compliance/retention-policies-teams?view=o365-21vianet) | modified |
+| 1/7/2021 | [AADSignInEventsBeta table in the advanced hunting schema](/microsoft-365/security/mtp/advanced-hunting-aadsignineventsbeta-table?view=o365-21vianet) | modified |
+| 1/7/2021 | [AADSpnSignInEventsBeta table in the advanced hunting schema](/microsoft-365/security/mtp/advanced-hunting-aadspnsignineventsbeta-table?view=o365-21vianet) | modified |
| 1/7/2021 | [Permissions - Security & Compliance Center](/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center?view=o365-21vianet) | modified | | 1/7/2021 | [Buy new licenses](/microsoft-365/business-video/buy-licenses?view=o365-worldwide) | modified | | 1/8/2021 | [Manage messages in Message center](/microsoft-365/admin/manage/manage-messages?view=o365-21vianet) | modified |
@@ -237,12 +410,46 @@
| 1/8/2021 | [Records Management in Microsoft 365](/microsoft-365/compliance/records-management?view=o365-21vianet) | modified |
+## Week of December 28, 2020
++
+| Published On |Topic title | Change |
+|------|------------|--------|
+| 12/28/2020 | [Assign licenses to users](/microsoft-365/admin/manage/assign-licenses-to-users?view=o365-21vianet) | modified |
+| 12/28/2020 | [Set up topic experiences in Microsoft 365](/microsoft-365/knowledge/set-up-topic-experiences) | modified |
+| 12/28/2020 | [Set up Customer Key at the application level](/microsoft-365/compliance/customer-key-set-up?view=o365-21vianet) | modified |
+| 12/29/2020 | [Convert a user mailbox to a shared mailbox](/microsoft-365/admin/email/convert-user-mailbox-to-shared-mailbox?view=o365-21vianet) | modified |
+| 12/29/2020 | [Legacy information for Office 365 Message Encryption](/microsoft-365/compliance/legacy-information-for-message-encryption?view=o365-21vianet) | modified |
+| 12/29/2020 | [Encryption Risks and Protections](/microsoft-365/compliance/office-365-encryption-risks-and-protections?view=o365-21vianet) | modified |
+| 12/29/2020 | [SharePoint-Compatible PDF readers that support Microsoft Information Rights Management services](/microsoft-365/compliance/sp-compatible-pdf-readers-for-irm?view=o365-21vianet) | modified |
+| 12/29/2020 | [Track your Microsoft Secure Score history and meet goals](/microsoft-365/security/mtp/microsoft-secure-score-history-metrics-trends?view=o365-21vianet) | modified |
+| 12/29/2020 | [Assess your security posture through Microsoft Secure Score](/microsoft-365/security/mtp/microsoft-secure-score-improvement-actions?view=o365-21vianet) | modified |
+| 12/29/2020 | [What's coming to Microsoft Secure Score](/microsoft-365/security/mtp/microsoft-secure-score-whats-coming?view=o365-21vianet) | modified |
+| 12/29/2020 | [What's new in Microsoft Secure Score](/microsoft-365/security/mtp/microsoft-secure-score-whats-new?view=o365-21vianet) | modified |
+| 12/29/2020 | [Microsoft Secure Score](/microsoft-365/security/mtp/microsoft-secure-score?view=o365-21vianet) | modified |
+| 12/30/2020 | [Add custodians to an Advanced eDiscovery case](/microsoft-365/compliance/add-custodians-to-case?view=o365-21vianet) | modified |
+| 12/30/2020 | [Assign eDiscovery permissions in the Security & Compliance Center](/microsoft-365/compliance/assign-ediscovery-permissions?view=o365-21vianet) | modified |
+| 12/30/2020 | [Import custodians to an Advanced eDiscovery case](/microsoft-365/compliance/bulk-add-custodians?view=o365-21vianet) | modified |
+| 12/30/2020 | [Manage custodians in an Advanced eDiscovery case](/microsoft-365/compliance/manage-new-custodians?view=o365-21vianet) | modified |
+| 12/30/2020 | [Add non-custodial data sources to an Advanced eDiscovery case](/microsoft-365/compliance/non-custodial-data-sources?view=o365-21vianet) | modified |
+| 12/30/2020 | [Advanced Audit in Microsoft 365](/microsoft-365/compliance/advanced-audit?view=o365-21vianet) | modified |
+| 12/30/2020 | [Set up a connector to archive Redtail Speak data in Microsoft 365](/microsoft-365/compliance/archive-redtailspeak-data?view=o365-21vianet) | modified |
+| 12/30/2020 | [Set up a connector to archive Salesforce Chatter data in Microsoft 365](/microsoft-365/compliance/archive-salesforcechatter-data?view=o365-21vianet) | modified |
+| 12/30/2020 | [Set up a connector to archive ServiceNow data in Microsoft 365](/microsoft-365/compliance/archive-servicenow-data?view=o365-21vianet) | modified |
+| 12/30/2020 | [Set up a connector to archive Yieldbroker data in Microsoft 365](/microsoft-365/compliance/archive-yieldbroker-data?view=o365-21vianet) | modified |
+| 12/31/2020 | [DeviceFromIP() function in advanced hunting for Microsoft 365 Defender](/microsoft-365/security/mtp/advanced-hunting-devicefromip-function?view=o365-21vianet) | added |
+| 12/31/2020 | [Preview features in Microsoft 365 Defender](/microsoft-365/security/mtp/preview?view=o365-21vianet) | modified |
++ ## Week of December 21, 2020 | Published On |Topic title | Change | |------|------------|--------|
-| 12/21/2020 | [Set up a connector to archive CellTrust data in Microsoft 365](/microsoft-365/compliance/archive-celltrust-data?view=o365-21vianet) | modified |
+| 12/21/2020 | [Set up a connector to archive Redtail Speak data in Microsoft 365](/microsoft-365/compliance/archive-redtailspeak-data?view=o365-21vianet) | added |
+| 12/21/2020 | [Set up a connector to archive Salesforce Chatter data in Microsoft 365](/microsoft-365/compliance/archive-salesforcechatter-data?view=o365-21vianet) | added |
+| 12/21/2020 | [Set up a connector to archive ServiceNow data in Microsoft 365](/microsoft-365/compliance/archive-servicenow-data?view=o365-21vianet) | added |
+| 12/21/2020 | [Set up a connector to archive Yieldbroker data in Microsoft 365](/microsoft-365/compliance/archive-yieldbroker-data?view=o365-21vianet) | added |
| 12/21/2020 | [Archive third-party data](/microsoft-365/compliance/archiving-third-party-data?view=o365-21vianet) | modified | | 12/21/2020 | [Learn about retention policies & labels to automatically retain or delete content](/microsoft-365/compliance/retention?view=o365-21vianet) | modified | | 12/21/2020 | [Threat Explorer and Real-time detections](/microsoft-365/security/office-365-security/threat-explorer?view=o365-21vianet) | modified |
@@ -260,147 +467,3 @@
| 12/23/2020 | [Set up topic experiences in Microsoft 365](/microsoft-365/knowledge/set-up-topic-experiences) | modified | | 12/23/2020 | [Topic center overview (Preview) ](/microsoft-365/knowledge/topic-center-overview) | modified | | 12/23/2020 | [Topic Experiences overview (Preview)](/microsoft-365/knowledge/topic-experiences-overview) | modified |--
-## Week of December 14, 2020
--
-| Published On |Topic title | Change |
-|------|------------|--------|
-| 12/14/2020 | [Set up Safe Links policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/set-up-atp-safe-links-policies?view=o365-21vianet) | modified |
-| 12/15/2020 | [Alert policies in the security and compliance centers](/microsoft-365/compliance/alert-policies?view=o365-21vianet) | modified |
-| 12/15/2020 | [Automatically apply a sensitivity label to content in Microsoft 365](/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-21vianet) | modified |
-| 12/15/2020 | [Archive third-party data](/microsoft-365/compliance/archiving-third-party-data?view=o365-21vianet) | modified |
-| 12/15/2020 | [Assign eDiscovery permissions in the Security & Compliance Center](/microsoft-365/compliance/assign-ediscovery-permissions?view=o365-21vianet) | modified |
-| 12/15/2020 | [Create eDiscovery holds in a Core eDiscovery case](/microsoft-365/compliance/create-ediscovery-holds?view=o365-21vianet) | modified |
-| 12/15/2020 | [Manage mailbox auditing](/microsoft-365/compliance/enable-mailbox-auditing?view=o365-21vianet) | modified |
-| 12/15/2020 | [Learn about Microsoft 365 Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-21vianet) | modified |
-| 12/15/2020 | [Meet data protection and regulatory requirements with Compliance Manager for Microsoft cloud services](/microsoft-365/compliance/meet-data-protection-and-regulatory-reqs-using-microsoft-cloud?view=o365-21vianet) | modified |
-| 12/15/2020 | [Search the audit log in the Security & Compliance Center](/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-21vianet) | modified |
-| 12/15/2020 | [Send email notifications and show policy tips for DLP policies](/microsoft-365/compliance/use-notifications-and-policy-tips?view=o365-21vianet) | modified |
-| 12/15/2020 | [Network configuration for Microsoft Managed Desktop](/microsoft-365/managed-desktop/get-ready/network?view=o365-21vianet) | modified |
-| 12/15/2020 | [Go to the Action center to view and approve your automated investigation and remediation tasks](/microsoft-365/security/mtp/mtp-action-center?view=o365-21vianet) | modified |
-| 12/15/2020 | [Approve or reject pending actions following an automated investigation](/microsoft-365/security/mtp/mtp-autoir-actions?view=o365-21vianet) | modified |
-| 12/15/2020 | [Details and results of an automated investigation](/microsoft-365/security/mtp/mtp-autoir-results?view=o365-21vianet) | modified |
-| 12/15/2020 | [Automated investigation and response in Microsoft 365 Defender](/microsoft-365/security/mtp/mtp-autoir?view=o365-21vianet) | modified |
-| 12/15/2020 | [Configure automated investigation and response capabilities in Microsoft 365 Defender](/microsoft-365/security/mtp/mtp-configure-auto-investigation-response?view=o365-21vianet) | modified |
-| 12/15/2020 | [Remediation actions in Microsoft 365 Defender](/microsoft-365/security/mtp/mtp-remediation-actions?view=o365-21vianet) | modified |
-| 12/15/2020 | [Configure global settings for Safe Links settings in Defender for Office 365](/microsoft-365/security/office-365-security/configure-global-settings-for-safe-links?view=o365-21vianet) | modified |
-| 12/15/2020 | [Configure outbound spam filtering](/microsoft-365/security/office-365-security/configure-the-outbound-spam-policy?view=o365-21vianet) | modified |
-| 12/15/2020 | [Configure spam filter policies](/microsoft-365/security/office-365-security/configure-your-spam-filter-policies?view=o365-21vianet) | modified |
-| 12/15/2020 | [Protect against threats](/microsoft-365/security/office-365-security/protect-against-threats?view=o365-21vianet) | modified |
-| 12/15/2020 | [Quarantine tags](/microsoft-365/security/office-365-security/quarantine-tags?view=o365-21vianet) | modified |
-| 12/15/2020 | [Remove blocked users from the Restricted Users portal](/microsoft-365/security/office-365-security/removing-user-from-restricted-users-portal-after-spam?view=o365-21vianet) | modified |
-| 12/15/2020 | [Safe Documents in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/safe-docs?view=o365-21vianet) | modified |
-| 12/15/2020 | [Anti-phishing policies](/microsoft-365/security/office-365-security/set-up-anti-phishing-policies?view=o365-21vianet) | modified |
-| 12/15/2020 | [Set up Safe Attachments policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/set-up-atp-safe-attachments-policies?view=o365-21vianet) | modified |
-| 12/15/2020 | [Set up Safe Links policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/set-up-atp-safe-links-policies?view=o365-21vianet) | modified |
-| 12/15/2020 | [Manage your allowed and blocked URLs in the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list?view=o365-21vianet) | modified |
-| 12/15/2020 | [Turn on Microsoft Defender for Office 365 - SharePoint, OneDrive, & Teams](/microsoft-365/security/office-365-security/turn-on-atp-for-spo-odb-and-teams?view=o365-21vianet) | modified |
-| 12/15/2020 | [About admin roles in the Microsoft 365 admin center](/microsoft-365/admin/add-users/about-admin-roles?view=o365-21vianet) | modified |
-| 12/15/2020 | [Overview of data loss prevention](/microsoft-365/compliance/data-loss-prevention-policies?view=o365-21vianet) | modified |
-| 12/15/2020 | [Disposition of content](/microsoft-365/compliance/disposition?view=o365-21vianet) | modified |
-| 12/15/2020 | [Get started with records management in Microsoft 365](/microsoft-365/compliance/get-started-with-records-management?view=o365-21vianet) | modified |
-| 12/15/2020 | [Get started with retention policies and retention labels](/microsoft-365/compliance/get-started-with-retention?view=o365-21vianet) | modified |
-| 12/15/2020 | [Additional endpoints not included in the Office 365 IP Address and URL Web service](/microsoft-365/enterprise/additional-office365-ip-addresses-and-urls?view=o365-21vianet) | modified |
-| 12/15/2020 | [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-21vianet) | modified |
-| 12/15/2020 | [Assess your security posture through Microsoft Secure Score](/microsoft-365/security/mtp/microsoft-secure-score-improvement-actions?view=o365-21vianet) | modified |
-| 12/15/2020 | [Microsoft Secure Score](/microsoft-365/security/mtp/microsoft-secure-score?view=o365-21vianet) | modified |
-| 12/15/2020 | [Identity and device access policies for allowing guest and external B2B access - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/identity-access-policies-guest-access?view=o365-21vianet) | modified |
-| 12/15/2020 | [Permissions - Security & Compliance Center](/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center?view=o365-21vianet) | modified |
-| 12/15/2020 | [Microsoft 365 Reports in the admin center - SharePoint site usage](/microsoft-365/admin/activity-reports/sharepoint-site-usage?view=o365-21vianet) | modified |
-| 12/15/2020 | [Change nameservers to set up Microsoft 365 with any domain registrar](/microsoft-365/admin/get-help-with-domains/change-nameservers-at-any-domain-registrar?view=o365-21vianet) | modified |
-| 12/15/2020 | [Remove a domain](/microsoft-365/admin/get-help-with-domains/remove-a-domain?view=o365-21vianet) | modified |
-| 12/15/2020 | [Manage messages in Message center](/microsoft-365/admin/manage/manage-messages?view=o365-21vianet) | modified |
-| 12/15/2020 | [Pilot Microsoft 365 from my custom domain](/microsoft-365/admin/misc/pilot-microsoft-365-from-my-custom-domain?view=o365-21vianet) | modified |
-| 12/15/2020 | [Microsoft Productivity Score](/microsoft-365/admin/productivity/productivity-score?view=o365-worldwide) | modified |
-| 12/15/2020 | [Access on-premises resources from an Azure AD-joined device in Microsoft 365 Business](/microsoft-365/business/access-resources?view=o365-21vianet) | modified |
-| 12/15/2020 | [Set up a connector to archive Instant Bloomberg data](/microsoft-365/compliance/archive-instant-bloomberg-data?view=o365-21vianet) | modified |
-| 12/15/2020 | [Set up Customer Key](/microsoft-365/compliance/customer-key-set-up?view=o365-21vianet) | modified |
-| 12/15/2020 | [Legacy information for Office 365 Message Encryption](/microsoft-365/compliance/legacy-information-for-message-encryption?view=o365-21vianet) | modified |
-| 12/15/2020 | [Message Encryption FAQ](/microsoft-365/compliance/ome-faq?view=o365-21vianet) | modified |
-| 12/15/2020 | [How to opt-in for migration from Microsoft Cloud Germany (Microsoft Cloud Deutschland) to Office 365 services in the new German datacenter regions](/microsoft-365/enterprise/ms-cloud-germany-migration-opt-in?view=o365-21vianet) | modified |
-| 12/15/2020 | [AD FS migration steps for the migration from Microsoft Cloud Deutschland](/microsoft-365/enterprise/ms-cloud-germany-transition-add-adfs?view=o365-21vianet) | modified |
-| 12/15/2020 | [Additional device information for the migration from Microsoft Cloud Deutschland](/microsoft-365/enterprise/ms-cloud-germany-transition-add-devices?view=o365-21vianet) | modified |
-| 12/15/2020 | [Migration phases actions and impacts for the migration from Microsoft Cloud Deutschland (advanced)](/microsoft-365/enterprise/ms-cloud-germany-transition-add-experience?view=o365-21vianet) | modified |
-| 12/15/2020 | [Pre-work for the migration from Microsoft Cloud Deutschland](/microsoft-365/enterprise/ms-cloud-germany-transition-add-pre-work?view=o365-21vianet) | modified |
-| 12/15/2020 | [What has changed for the migration to Office 365 services in the new German datacenter regions](/microsoft-365/enterprise/ms-cloud-germany-transition-experience?view=o365-21vianet) | modified |
-| 12/15/2020 | [Migration phases actions and impacts for the migration from Microsoft Cloud Deutschland (general)](/microsoft-365/enterprise/ms-cloud-germany-transition-phases?view=o365-21vianet) | modified |
-| 12/15/2020 | [Migration from Microsoft Cloud Deutschland to Office 365 services in the new German datacenter regions](/microsoft-365/enterprise/ms-cloud-germany-transition?view=o365-21vianet) | modified |
-| 12/15/2020 | [What's coming to Microsoft Secure Score](/microsoft-365/security/mtp/microsoft-secure-score-whats-coming?view=o365-21vianet) | modified |
-| 12/15/2020 | [What's new in Microsoft Secure Score](/microsoft-365/security/mtp/microsoft-secure-score-whats-new?view=o365-21vianet) | modified |
-| 12/15/2020 | [Configure anti-malware policies](/microsoft-365/security/office-365-security/configure-anti-malware-policies?view=o365-21vianet) | modified |
-| 12/15/2020 | [View and release quarantined messages from shared mailboxes](/microsoft-365/security/office-365-security/view-and-release-quarantined-messages-from-shared-mailboxes?view=o365-21vianet) | modified |
-| 12/15/2020 | [Microsoft 365 solution and architecture center # < 60 chars](/microsoft-365/solutions/index?view=o365-21vianet) | modified |
-| 12/16/2020 | [Convert a user mailbox to a shared mailbox](/microsoft-365/admin/email/convert-user-mailbox-to-shared-mailbox?view=o365-21vianet) | modified |
-| 12/16/2020 | [Remove license from shared mailbox](/microsoft-365/admin/email/remove-license-from-shared-mailbox?view=o365-21vianet) | modified |
-| 12/16/2020 | [Deploy add-ins in the admin center](/microsoft-365/admin/manage/manage-deployment-of-add-ins?view=o365-21vianet) | modified |
-| 12/16/2020 | [Increase threat protection](/microsoft-365/campaigns/m365-campaigns-increase-protection?view=o365-21vianet) | modified |
-| 12/16/2020 | [Sensitive information type entity definitions](/microsoft-365/compliance/sensitive-information-type-entity-definitions?view=o365-21vianet) | modified |
-| 12/16/2020 | [Use sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-21vianet) | modified |
-| 12/16/2020 | [Add several users at the same time to Microsoft 365 - Admin Help](/microsoft-365/enterprise/add-several-users-at-the-same-time?view=o365-21vianet) | modified |
-| 12/16/2020 | [Microsoft 365 documentation # < 60 chars](/microsoft-365/index?view=o365-21vianet) | modified |
-| 12/16/2020 | Give user permissions to the topic center (Preview) | removed |
-| 12/16/2020 | Knowledge management overview (Preview) | removed |
-| 12/16/2020 | [Set up topic experiences in Microsoft 365](/microsoft-365/knowledge/set-up-topic-experiences) | modified |
-| 12/16/2020 | [Topic center overview (Preview) ](/microsoft-365/knowledge/topic-center-overview) | modified |
-| 12/16/2020 | [Manage topic discovery in Microsoft 365](/microsoft-365/knowledge/topic-experiences-discovery) | modified |
-| 12/16/2020 | [Topic experiences security and privacy](/microsoft-365/knowledge/topic-experiences-security-privacy) | modified |
-| 12/16/2020 | [Get started driving adoption of Topic Experiences (Preview)](/microsoft-365/knowledge/topics-adoption-getstarted) | modified |
-| 12/16/2020 | Work with topics in the topic center(Preview) | removed |
-| 12/16/2020 | [Create safe sender lists](/microsoft-365/security/office-365-security/create-safe-sender-lists-in-office-365?view=o365-21vianet) | modified |
-| 12/16/2020 | [Investigate malicious email that was delivered in Office 365, Find and investigate malicious email](/microsoft-365/security/office-365-security/investigate-malicious-email-that-was-delivered?view=o365-21vianet) | modified |
-| 12/16/2020 | [Microsoft recommendations for EOP and Defender for Office 365 security settings](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365-atp?view=o365-21vianet) | modified |
-| 12/16/2020 | [Microsoft 365 groups naming policy](/microsoft-365/solutions/groups-naming-policy?view=o365-21vianet) | modified |
-| 12/16/2020 | [Microsoft Compliance Manager quickstart guide](/microsoft-365/compliance/compliance-manager-quickstart?view=o365-21vianet) | modified |
-| 12/16/2020 | [Create custom sensitive information types with Exact Data Match](/microsoft-365/compliance/create-custom-sensitive-information-types-with-exact-data-match-based-classification?view=o365-21vianet) | modified |
-| 12/16/2020 | [Get started with content explorer](/microsoft-365/compliance/data-classification-content-explorer?view=o365-21vianet) | modified |
-| 12/16/2020 | [Learn about information barriers in Microsoft 365](/microsoft-365/compliance/information-barriers?view=o365-21vianet) | modified |
-| 12/16/2020 | [Apply a document understanding model to a document library](/microsoft-365/contentunderstanding/apply-a-model) | modified |
-| 12/16/2020 | [Create an extractor](/microsoft-365/contentunderstanding/create-an-extractor) | modified |
-| 12/16/2020 | [Document understanding overview](/microsoft-365/contentunderstanding/document-understanding-overview) | modified |
-| 12/16/2020 | [Leverage term store taxonomy when creating an extractor](/microsoft-365/contentunderstanding/leverage-term-store-taxonomy) | modified |
-| 12/16/2020 | [Evaluate Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-evaluation?view=o365-21vianet) | modified |
-| 12/17/2020 | [Data loss prevention and Microsoft Teams](/microsoft-365/compliance/dlp-microsoft-teams?view=o365-21vianet) | modified |
-| 12/17/2020 | [Get started with sensitivity labels](/microsoft-365/compliance/get-started-with-sensitivity-labels?view=o365-21vianet) | modified |
-| 12/17/2020 | [Microsoft Information Protection in Microsoft 365](/microsoft-365/compliance/information-protection?view=o365-21vianet) | modified |
-| 12/17/2020 | [Learn about retention policies & labels to automatically retain or delete content](/microsoft-365/compliance/retention?view=o365-21vianet) | modified |
-| 12/17/2020 | [Leverage term store taxonomy when creating an extractor](/microsoft-365/contentunderstanding/leverage-term-store-taxonomy) | modified |
-| 12/17/2020 | [Anti-phishing policies](/microsoft-365/security/office-365-security/set-up-anti-phishing-policies?view=o365-21vianet) | modified |
-| 12/17/2020 | [Add your organization brand to your encrypted messages](/microsoft-365/compliance/add-your-organization-brand-to-encrypted-messages?view=o365-21vianet) | modified |
-| 12/17/2020 | [Service encryption with Customer Key](/microsoft-365/compliance/customer-key-overview?view=o365-21vianet) | modified |
-| 12/17/2020 | [Set up Customer Key at the application level](/microsoft-365/compliance/customer-key-set-up?view=o365-21vianet) | modified |
-| 12/17/2020 | [Email encryption in Microsoft 365](/microsoft-365/compliance/email-encryption?view=o365-21vianet) | modified |
-| 12/17/2020 | [Encryption in Microsoft 365](/microsoft-365/compliance/encryption?view=o365-21vianet) | modified |
-| 12/17/2020 | [Message Encryption (OME) version comparison](/microsoft-365/compliance/ome-version-comparison?view=o365-21vianet) | modified |
-| 12/17/2020 | [Message Encryption](/microsoft-365/compliance/ome?view=o365-21vianet) | modified |
-| 12/17/2020 | [Migration from Microsoft Cloud Deutschland to Office 365 services in the new German datacenter regions](/microsoft-365/enterprise/ms-cloud-germany-transition?view=o365-21vianet) | modified |
-| 12/17/2020 | [Microsoft Productivity Score - Communication](/microsoft-365/admin/productivity/communication?view=o365-worldwide) | modified |
-| 12/17/2020 | [Microsoft Productivity Score - Content collaboration](/microsoft-365/admin/productivity/content-collaboration?view=o365-worldwide) | modified |
-| 12/17/2020 | [Microsoft Productivity Score - Meetings](/microsoft-365/admin/productivity/meetings?view=o365-worldwide) | modified |
-| 12/17/2020 | [Microsoft Productivity Score - Mobility](/microsoft-365/admin/productivity/mobility?view=o365-worldwide) | modified |
-| 12/17/2020 | [Microsoft Productivity Score - Teamwork](/microsoft-365/admin/productivity/teamwork?view=o365-worldwide) | modified |
-| 12/17/2020 | [Microsoft 365 Multi-Geo](/microsoft-365/enterprise/microsoft-365-multi-geo?view=o365-21vianet) | modified |
-| 12/17/2020 | [Buy Microsoft 365 Business Voice](/microsoft-365/business-video/buy-business-voice?view=o365-worldwide) | modified |
-| 12/17/2020 | [Decryption in eDiscovery](/microsoft-365/compliance/ediscovery-decryption?view=o365-21vianet) | modified |
-| 12/18/2020 | [Microsoft SharePoint Syntex adoption: Get started](/microsoft-365/contentunderstanding/adoption-getstarted) | modified |
-| 12/18/2020 | [Pre-work for the migration from Microsoft Cloud Deutschland](/microsoft-365/enterprise/ms-cloud-germany-transition-add-pre-work?view=o365-21vianet) | modified |
-| 12/18/2020 | [Advanced Audit in Microsoft 365](/microsoft-365/compliance/advanced-audit?view=o365-21vianet) | modified |
-| 12/18/2020 | [Manage mailbox auditing](/microsoft-365/compliance/enable-mailbox-auditing?view=o365-21vianet) | modified |
-| 12/18/2020 | [Learn about retention policies & labels to automatically retain or delete content](/microsoft-365/compliance/retention?view=o365-21vianet) | modified |
-| 12/18/2020 | [Cross-tenant mailbox migration](/microsoft-365/enterprise/cross-tenant-mailbox-migration?view=o365-21vianet) | modified |
-| 12/18/2020 | [Migration phases actions and impacts for the migration from Microsoft Cloud Deutschland (general)](/microsoft-365/enterprise/ms-cloud-germany-transition-phases?view=o365-21vianet) | modified |
-| 12/18/2020 | [Access the Microsoft 365 Defender APIs](/microsoft-365/security/mtp/api-access?view=o365-21vianet) | modified |
-| 12/18/2020 | [Microsoft 365 Defender advanced hunting API](/microsoft-365/security/mtp/api-advanced-hunting?view=o365-21vianet) | modified |
-| 12/18/2020 | [Other security and threat protection APIs](/microsoft-365/security/mtp/api-articles?view=o365-21vianet) | modified |
-| 12/18/2020 | [Create an app to access Microsoft 365 Defender APIs on behalf of a user](/microsoft-365/security/mtp/api-create-app-user-context?view=o365-21vianet) | modified |
-| 12/18/2020 | [Create an app to access Microsoft 365 Defender without a user](/microsoft-365/security/mtp/api-create-app-web?view=o365-21vianet) | modified |
-| 12/18/2020 | [Common Microsoft 365 Defender REST API error codes](/microsoft-365/security/mtp/api-error-codes?view=o365-21vianet) | modified |
-| 12/18/2020 | [Hello World for Microsoft 365 Defender REST API](/microsoft-365/security/mtp/api-hello-world?view=o365-21vianet) | modified |
-| 12/18/2020 | [Microsoft 365 Defender incidents APIs and the incident resource type](/microsoft-365/security/mtp/api-incident?view=o365-21vianet) | modified |
-| 12/18/2020 | [List incidents API in Microsoft 365 Defender](/microsoft-365/security/mtp/api-list-incidents?view=o365-21vianet) | modified |
-| 12/18/2020 | [Overview of Microsoft 365 Defender APIs](/microsoft-365/security/mtp/api-overview?view=o365-21vianet) | modified |
-| 12/18/2020 | [Partner access through Microsoft 365 Defender APIs](/microsoft-365/security/mtp/api-partner-access?view=o365-21vianet) | modified |
-| 12/18/2020 | [Supported Microsoft 365 Defender APIs](/microsoft-365/security/mtp/api-supported?view=o365-21vianet) | modified |
-| 12/18/2020 | [Microsoft 365 Defender APIs license and terms of use](/microsoft-365/security/mtp/api-terms?view=o365-21vianet) | modified |
-| 12/18/2020 | [Update incidents API](/microsoft-365/security/mtp/api-update-incidents?view=o365-21vianet) | modified |
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/microsoft-secure-score-whats-new https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/microsoft-secure-score-whats-new.md
@@ -30,6 +30,12 @@ To make Microsoft Secure Score a better representative of your security posture,
Microsoft Secure Score can be found at https://security.microsoft.com/securescore in the [Microsoft 365 security center](overview-security-center.md).
+## January 2021
+
+### Added our first security recommendation for Microsoft Teams
+
+Microsoft Teams customers will see "Restrict Anonymous user joins during meetings" as a new improvement action in Secure Score.
+ ## December 2020 ### Added six accounts-related improvement actions for Microsoft Defender for Endpoint (previously Microsoft Defender ATP):
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-payloads https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulation-training-payloads.md
@@ -53,7 +53,7 @@ Add a custom description to describe the indicator and click within the indicato
## Review payload
-You're done building your payload. Now it's time to review the details and see a preview of your payload. The preview will include all indicators that you've created. You can edit each part of the payload from this step. Once satisfied, **Submit** your payload.
+You're done building your payload. Now it's time to review the details and see a preview of your payload. The preview will include all indicators that you've created. You can edit each part of the payload from this step. Once satisfied, you can **Submit** your payload.
> [!IMPORTANT] > Payloads that you've created will have **Tenant** as their source. When selecting payloads, make sure that you don't filter out **Tenant**.
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-anti-phishing-policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/set-up-anti-phishing-policies.md
@@ -155,7 +155,7 @@ The following impersonation settings are only available in anti-phishing policie
> [!NOTE] >
- > - In each anti-phishing policy, you can specify a maximum of 60 protected users (sender email addresses). You can't specify the same protected user in multiple policies.
+ > - In each anti-phishing policy, you can specify a maximum of 60 protected users (sender email addresses). You can't specify the same protected user in multiple policies. So, regardless of how many policies apply to a recipient, the maximum number of protected users (sender email addresses) for each individual recipient is 60. For more information about policy priority and how policy processing stops after the first policy is applied, see [Order and precedence of email protection](how-policies-and-protections-are-combined.md).
> > - User impersonation protection does not work if the sender and recipient have previously communicated via email. If the sender and recipient have never communicated via email, the message will be identified as an impersonation attempt.
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing.md
@@ -24,22 +24,23 @@ description: "Learn how to update a Domain Name Service (DNS) record to use Send
[!INCLUDE [Microsoft 365 Defender rebranding](../includes/microsoft-defender-for-office.md)] -- [Prerequisites <a name="UpdateSPFTXT"></a>](#updating-your-spf-txt-record-for-office-365-a-nameUpdateSPFTXT)-- [Create / update your SPF TXT record for Office 365 <a name="CreateUpdateSPFTXT"></a>](#to-create-or-update-your-spf-txt-record-a-namecreateupdatespftxta)
- - [How to handle subdomains? <a name="SPFandSubdomains"></a>](#how-to-handle-subdomains-a-namespfandsubdomainsa)
-- [SPF troubleshooting and best practices <a name="TshootingSPF"></a>](#next-steps-after-you-set-up-spf-for-office-365-a-nametshootingspfa)-- [Advanced SPF examples <a name="AdvancedSPFexs"></a>](#more-information-about-spf-a-nameadvancedspfexsa)
+- [Prerequisites](#prerequisites)
+- [Create or update your SPF TXT record](#create-or-update-your-spf-txt-record)
+ - [How to handle subdomains?](#how-to-handle-subdomains)
+- [What does SPF email authentication actually do?](#what-does-spf-email-authentication-actually-do)
+ - [Troubleshooting SPF](#troubleshooting-spf)
+- [More information about SPF](#more-information-about-spf)
This article describes how to update an Domain Name Service (DNS) record so that you can use Sender Policy Framework (SPF) email authentication with your custom domain in Office 365. Using SPF helps to validate outbound email sent from your custom domain. It's a first step in setting up other recommended email authentication methods DMARC and DKIM (two further email authentication methods supported in Office 365).
-## Updating your SPF TXT record for Office 365 <a name="UpdateSPFTXT"></a>
+## Prerequisites
> [!IMPORTANT] > If you are a **small business**, or are unfamiliar with IP addresses or DNS configuration, call your Internet domain registrar (ex. GoDaddy, Bluehost, web.com) to ask for help with DNS configuration of SPF (and any other email authentication method). *Also*, if you haven't bought, or don't use a custom URL (in other words the URL you and your customers browse to reach Office 365 ends in **onmicrosoft.com**), SPF has been set up for you in the Office 365 service. No further steps are required in that case. Thanks for reading.
-Before you update the TXT record in DNS, you need to gather some information needed to make the record. For advanced examples and a more detailed discussion about supported SPF syntax, see [How SPF works to prevent spoofing and phishing in Office 365](how-office-365-uses-spf-to-prevent-spoofing.md#HowSPFWorks).
+Before you create or update the SPF TXT record for Office 365 in external DNS, you need to gather some information needed to make the record. For advanced examples and a more detailed discussion about supported SPF syntax, see [How SPF works to prevent spoofing and phishing in Office 365](how-office-365-uses-spf-to-prevent-spoofing.md#HowSPFWorks).
Gather this information:
@@ -54,7 +55,7 @@ Gather this information:
> [!IMPORTANT] > In order to use a custom domain, Office 365 requires that you add a Sender Policy Framework (SPF) TXT record to your DNS record to help prevent spoofing.
-## Create or update your SPF TXT record <a name="CreateUpdateSPFTXT"></a>
+## Create or update your SPF TXT record
1. Ensure that you're familiar with the SPF syntax in the following table.
@@ -93,7 +94,7 @@ Gather this information:
4. Test your SPF TXT record.
-## How to handle subdomains? <a name="SPFandSubdomains"></a>
+## How to handle subdomains?
It is important to note that *you need to create a separate record for each subdomain as subdomains don't inherit the SPF record of their top level domain*.
@@ -103,7 +104,7 @@ An additional wildcard SPF record (`*.`) is required for every domain and subdom
*.subdomain.contoso.com. IN TXT "v=spf1 -all" ```
-## Next steps <a name="TshootingSPF"></a>
+## Troubleshooting SPF
Having trouble with your SPF TXT record? Read [Troubleshooting: Best practices for SPF in Office 365](how-office-365-uses-spf-to-prevent-spoofing.md#SPFTroubleshoot).
@@ -124,7 +125,7 @@ If you've already set up mail for Office 365, then you have already included Mic
- You intend to set up DKIM and DMARC (recommended).
-## More information about SPF <a name="AdvancedSPFexs"></a>
+## More information about SPF
For advanced examples, a more detailed discussion about supported SPF syntax, spoofing, troubleshooting, and how Office 365 supports SPF, see [How SPF works to prevent spoofing and phishing in Office 365](how-office-365-uses-spf-to-prevent-spoofing.md#HowSPFWorks).
solutions https://docs.microsoft.com/en-us/microsoft-365/solutions/empower-people-to-work-remotely-remote-access https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/empower-people-to-work-remotely-remote-access.md
@@ -46,7 +46,7 @@ Without split tunneling, all of your remote work traffic gets sent across the VP
![Network traffic from VPN clients without tunneling](../media/empower-people-to-work-remotely-remote-access/empower-people-to-work-remotely-remote-access-before-tunneling.png)
-Microsoft 365 traffic must take an indirect route through your organization, which could be the forwarded to a Microsoft network entry point far away from the VPN clientΓÇÖs physical location. This indirect path adds latency to the network traffic and decreases overall performance.
+Microsoft 365 traffic must take an indirect route through your organization, which could be forwarded to a Microsoft network entry point far away from the VPN clientΓÇÖs physical location. This indirect path adds latency to the network traffic and decreases overall performance.
With split tunneling, you can configure your VPN client to exclude specific types of traffic from being sent over the VPN connection to the organization network.
solutions https://docs.microsoft.com/en-us/microsoft-365/solutions/foundation-solutions-overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/foundation-solutions-overview.md deleted file mode 100644
@@ -1,25 +0,0 @@
-title: Microsoft 365 Foundation Solutions Overview
-description: Read these foundation solution guides to understand concepts and features and help you make the choices that lead to a functioning end result, from planning to implementation, to adoption.
-ms.author: samanro
-author: samanro
-manager: bcarter
-ms.audience: ITPro
-ms.topic: article
-ms.prod: microsoft-365-enterprise
-localization_priority: Normal
-ms.collection:
-- M365-subscription-management
-ms.custom:
-f1.keywords: NOCSH
-ROBOTS: NOINDEX
-
-# Microsoft 365 Foundation Solutions Overview
-
-![blocks](https://docs.microsoft.com/office/media/icons/blocks-blue.png) **Foundation solutions** These solutions provide a complete guidance for a specific business problem or need. They guide you through concepts and features and help you make the choices that lead to a functioning end result, from planning to implementation, to adoption.
--- [Empower remote workers](empower-people-to-work-remotely.md)-- [Collaborate securely in teams, groups, and sites](setup-secure-collaboration-with-teams.md)-- [Set up threat protection and cyber security across your organization](deploy-threat-protection.md)-- [Deploy information protection for data privacy regulations](information-protection-deploy.md)
solutions https://docs.microsoft.com/en-us/microsoft-365/solutions/industry-specific-guidance-overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/industry-specific-guidance-overview.md deleted file mode 100644
@@ -1,21 +0,0 @@
-title: Microsoft 365 industry-specific guidance overview
-description: Find best practices for your industry - finance, healthcare, and education.
-ms.author: samanro
-author: samanro
-manager: bcarter
-ms.audience: ITPro
-ms.topic: article
-ms.prod: microsoft-365-enterprise
-localization_priority: Normal
-ms.collection:
-- M365-subscription-management
-ms.custom:
-f1.keywords: NOCSH
-ROBOTS: NOINDEX
--
-# Microsoft 365 industry-specific guidance overview
-
-![Best practices ribbon](https://docs.microsoft.com/office/media/icons/best-practices-blue.png) **Industry-specific guidance** Find best practices for your industry - finance, healthcare, and education.
solutions https://docs.microsoft.com/en-us/microsoft-365/solutions/productivity-solutions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/productivity-solutions.md deleted file mode 100644
@@ -1,20 +0,0 @@
-title: Productivity solutions overview
-description: Description.
-ms.author: samanro
-author: samanro
-manager: bcarter
-ms.audience: ITPro
-ms.topic: article
-ms.prod: microsoft-365-enterprise
-localization_priority: Normal
-ms.collection:
-- M365-subscription-management-- M365-collaboration
-ms.custom:
-f1.keywords: NOCSH
-
-# Heading
-
-Text
solutions https://docs.microsoft.com/en-us/microsoft-365/solutions/solution-architecture-center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/solution-architecture-center.md deleted file mode 100644
@@ -1,37 +0,0 @@
-title: Microsoft 365 solution and architecture center
-description: Technical guidance for understanding, planning, and implementing integrated Microsoft 365 solutions for enterprise resource planning and secure collaboration.
-ms.author: samanro
-author: samanro
-manager: bcarter
-ms.audience: ITPro
-ms.topic: article
-ms.prod: microsoft-365-enterprise
-localization_priority: Normal
-ms.collection:
-- M365-subscription-management
-ms.custom:
-f1.keywords: NOCSH
-ROBOTS: NOINDEX
--
-# Microsoft 365 solution and architecture center
-
-This solution and architecture center brings together the technical guidance you need to understand, plan, and implement integrated Microsoft 365 solutions for enterprise resource planning and secure and compliant modern collaboration. In this center, you'll find:
-
-![blocks](https://docs.microsoft.com/office/media/icons/blocks-blue.png) **[Foundational solution guidance](foundation-solutions-overview.md)** These solutions provide a complete guidance for a specific business problem or need. They guide you through concepts and features and help you make the choices that lead to a functioning end result, from planning to implementation, to adoption.
--- [Empower remote workers with Microsoft 365](empower-people-to-work-remotely.md)-- [Set up secure collaboration with Microsoft 365](setup-secure-collaboration-with-teams.md)-- [Deploy threat protection across Microsoft 365](deploy-threat-protection.md)-- [Deploy information protection for data privacy regulations](information-protection-deploy.md)-
-![objects](https://docs.microsoft.com/office/media/icons/objects-blue.png) **[Workload solution and scenario guidance](workload-solutions-scenarios-overview.md)** These scenarios and solutions help you accomplish a specific business objective. You can add them onto the foundational solutions to add capabilities to your environment.
-
-![Cloud and ruler symbols](https://docs.microsoft.com/office/media/icons/cloud-architecture2.png) **[Solution and architecture illustrations](productivity-illustrations.md)** View or download these illustrations to understand Microsoft 365's capabilities and the architecture of Microsoft 365's cloud services.
-
-![Best practices ribbon](https://docs.microsoft.com/office/media/icons/best-practices-blue.png) **[Industry-specific guidance](industry-specific-guidance-overview.md)** Find best practices for your industry ΓÇö finance, healthcare, and education.
-
-![Layout/navigation symbol](https://docs.microsoft.com/office/media/icons/layout-navigation-blue.png) **[Design principles](design-principles.md)** Understand the key principles you need to understand networking, identity, security, and multi-national architectures.
-
solutions https://docs.microsoft.com/en-us/microsoft-365/solutions/tenant-management-device-management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/tenant-management-device-management.md new file mode 100644
@@ -0,0 +1,78 @@
+---
+title: Step 5. Device and app management for your Microsoft 365 for enterprise tenants
+ms.author: josephd
+author: JoeDavies-MSFT
+manager: laurawi
+ms.audience: ITPro
+ms.topic: article
+ms.prod: microsoft-365-enterprise
+localization_priority: Normal
+ms.collection:
+- M365-subscription-management
+- Strat_O365_Enterprise
+- m365solution-tenantmanagement
+ms.custom:
+- Ent_Solutions
+description: "Deploy the correct option for device and app management for your Microsoft 365 tenants."
+---
+
+# Step 5. Device and app management for your Microsoft 365 for enterprise tenants
+
+Microsoft 365 for enterprise includes features to help manage devices and the use of apps on those devices within your organization with mobile device management (MDM) and mobile application management (MAM). You can manage iOS, Android, macOS, and Windows devices to protect access to your organization's resources, including your data. For example, you can prevent emails from being sent to people outside your organization or isolate organization data from personal data on your worker's personal devices.
+
+Here is an example of the validation and management of users, their devices, and their use of local and cloud productivity apps like Microsoft Teams.
+
+![Validation and management of users, devices, and apps](../media/tenant-management-overview/tenant-management-device-app-mgmt.png)
+
+To help you secure and protect your organization's resources, Microsoft 365 for enterprise includes features to help manage devices and their access to apps. There are two options for device management:
+
+- Microsoft Intune, which is a comprehensive device and app management solution for enterprises.
+- Basic Mobility and Security, which is a subset of Intune services included with all Microsoft 365 products for managing devices in your organization. For more information, see [Capabilities of Basic Mobility and Security](https://docs.microsoft.com/microsoft-365/admin/basic-mobility-security/capabilities).
+
+If you have Microsoft 365 E3 or E5, you should use Intune.
+
+## Microsoft Intune
+
+You use [Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/planning-guide) to manage access to your organization using MDM or MAM. MDM is when users "enroll" their devices in Intune. After a device is enrolled, it is a managed device and can receive your organization's policies, rules, and settings. For example, you can install specific apps, create a password policy, install a VPN connection, and more.
+
+Users with their own personal devices may not want to enroll their devices or be managed by Intune and your organization's policies. But you still need to protect your organization's resources and data. In this scenario, you can protect your apps using MAM. For example, you can use an MAM policy that requires a user to enter a PIN when accessing SharePoint on the device.
+
+You'll also determine how you're going to manage personal devices and organization-owned devices. You might want to treat devices differently, depending on their uses.
+
+## Identity and device access configurations
+
+Microsoft provides a set of configurations for [identity and device access](../security/office-365-security/microsoft-365-policies-configurations.md) to ensure a secure and productive workforce. These configurations include the use of:
+
+- Azure AD Conditional Access policies
+- Microsoft Intune device compliance and app protection policies
+- Azure AD Identity Protection user risk policies
+- Additional policies of cloud apps
+
+Here is an example of the application of these settings and policies to validate and restrict users, their devices, and their use of local and cloud productivity apps like Microsoft Teams.
+
+![Identity and device access configurations for requirements and restrictions on users, thier devices, and their use of apps](../media/tenant-management-overview/tenant-management-device-app-mgmt-golden-config.png)
+
+For device access and app management, use the configurations in these articles:
+
+- [Prerequisites](../security/office-365-security/identity-access-prerequisites.md)
+- [Common identity and device access policies](../security/office-365-security/identity-access-policies.md)
+
+## Results of Step 5
+
+For device and app management for your Microsoft 365 tenant, you have determined the Intune settings and policies to validate and restrict users, their devices, and their use of local and cloud productivity apps.
+
+Here is an example of a tenant with Intune device and app management with the new elements highlighted.
+
+![Example of a tenant with Intune device and app management](../media/tenant-management-overview/tenant-management-tenant-build-step5.png)
+
+In this illustration, the tenant has:
+
+- Organization-owned devices enrolled in Intune.
+- Intune device and app policies for enrolled and personal devices.
+
+## Ongoing maintenance for device and app management
+
+On an ongoing basis, you might need to:
+
+- Manage device enrollment.
+- Revise your settings and policies for additional apps, devices, and security requirements.
solutions https://docs.microsoft.com/en-us/microsoft-365/solutions/tenant-management-identity https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/tenant-management-identity.md new file mode 100644
@@ -0,0 +1,107 @@
+---
+title: Step 3. Identity for your Microsoft 365 for enterprise tenants
+ms.author: josephd
+author: JoeDavies-MSFT
+manager: laurawi
+ms.audience: ITPro
+ms.topic: article
+ms.prod: microsoft-365-enterprise
+localization_priority: Normal
+ms.collection:
+- M365-subscription-management
+- Strat_O365_Enterprise
+- m365solution-tenantmanagement
+ms.custom:
+- Ent_Solutions
+description: "Deploy the correct identity model for your Microsoft 365 tenants and enforce strong user sign-ins."
+---
+
+# Step 3. Identity for your Microsoft 365 for enterprise tenants
+
+Your Microsoft 365 tenant includes an Azure Active Directory (Azure AD) tenant to manage identities and authentication for sign-ins. Getting your identity infrastructure configured correctly is vital to managing Microsoft 365 user access and permissions for your organization.
+
+## Cloud-only vs. hybrid
+
+Here are the two types of identity models and their best fit and benefits.
++
+| Model | Description | How Microsoft 365 authenticates user credentials | Best for | Greatest benefit |
+|:-------|:-----|:-----|:-----|:-----|
+| Cloud-only | User account only exists in the Azure AD tenant for your Microsoft 365 tenant. | The Azure AD tenant for your Microsoft 365 tenant performs the authentication with the cloud identity account. | Organizations that do not have or need an on-premises AD DS. | Simple to use. No extra directory tools or servers required. |
+| Hybrid | User account exists in your on-premises Active Directory Domain Services (AD DS) and a copy is also in the Azure AD tenant for your Microsoft 365 tenant. Azure AD Connect runs on an on-premises server to synchronize AD DS changes to your Azure AD tenant. The user account in Azure AD might also include a hashed version of the already hashed AD DS user account password. | The Azure AD tenant for your Microsoft 365 tenant either handles the authentication process or redirects the user to another identity provider. | Organizations using AD DS or another identity provider. | Users can use the same credentials when accessing on-premises or cloud-based resources. |
+||||||
+
+Here are the basic components of cloud-only identity.
+
+![Basic components of cloud-only identity](../media/about-microsoft-365-identity/cloud-only-identity.png)
+
+In this illustration, on-premises and remote users sign in with accounts in the Azure AD tenant of their Microsoft 365 tenant.
+
+Here are the basic components of hybrid identity.
+
+![Basic components of hybrid identity](../media/about-microsoft-365-identity/hybrid-identity.png)
+
+In this illustration, on-premises and remote users sign in to their Microsoft 365 tenant with accounts in the Azure AD tenant that have been copied from their on-premises AD DS.
+
+## Synchronizing your on-premises AD DS
+
+Depending on your business needs and technical requirements, the hybrid identity model and directory synchronization is the most common choice for enterprise customers who are adopting Microsoft 365. Directory synchronization allows you to manage identities in your AD DS and all updates to user accounts, groups, and contacts are synchronized to the Azure AD tenant of your Microsoft 365 tenant.
+
+>[!Note]
+>When AD DS user accounts are synchronized for the first time, they are not automatically assigned a Microsoft 365 license and cannot access Microsoft 365 services, such as email. You must first assign them a usage location. Then, assign a license to these user accounts, either individually or dynamically through group membership.
+>
+
+Here are the two types of authentication when using the hybrid identity model.
+
+| Authentication type | Description |
+|:-------|:-----|
+| Managed authentication | Azure AD handles the authentication process by using a locally-stored hashed version of the password or sends the credentials to an on-premises software agent to be authenticated by the on-premises AD DS. <br> <br> There are two types of managed authentication: Password hash synchronization (PHS) and Pass-through authentication (PTA). With PHS, Azure AD performs the authentication itself. With PTA, Azure AD has AD DS perform the authentication. |
+| Federated authentication | Azure AD redirects the client computer requesting authentication to another identity provider. |
+| | |
+
+See [choosing the right authentication method](https://docs.microsoft.com/azure/active-directory/hybrid/choose-ad-authn) to learn more.
+
+## Enforcing strong sign-ins
+
+To increase the security of user sign-ins, use the features and capabilities in the following table.
+
+| Capability | Description | More information | Licensing requirements |
+|:-------|:-----|:-----|:-----|:-----|
+| Windows Hello for Business | Replaces passwords with strong two-factor authentication when signing on a Windows device. The two factors are a new type of user credential that is tied to a device and a biometric or PIN. | [Windows Hello for Business Overview](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-overview) | Microsoft 365 E3 or E5 |
+| Azure AD Password Protection | Detects and blocks known weak passwords and their variants and can also block additional weak terms that are specific to your organization. | [Configure Azure AD password protection](https://docs.microsoft.com/azure/active-directory/authentication/concept-password-ban-bad) | Microsoft 365 E3 or E5 |
+| Use multi-factor authentication (MFA) | MFA requires that user sign-ins be subject to an additional verification beyond the user account password, such as verification with a smartphone app or a text message sent to a smartphone. See [this video](https://support.microsoft.com/office/set-up-multi-factor-authentication-in-microsoft-365-business-a32541df-079c-420d-9395-9d59354f7225) for instructions on how users set up MFA. | [MFA for Microsoft 365 for enterprise](../enterprise/microsoft-365-secure-sign-in.md#mfa) | Microsoft 365 E3 or E5 |
+| Identity and device access configurations | Settings and policies that consist of recommended prerequisite features and their settings combined with Conditional Access, Intune, and Azure AD Identity Protection policies that determine whether a given access request should be granted and under what conditions. | [Identity and device access configurations](../security/office-365-security/microsoft-365-policies-configurations.md) | Microsoft 365 E3 or E5 |
+| Azure AD Identity Protection | Protect against credential compromise, where an attacker determines a userΓÇÖs account name and password to gain access to an organizationΓÇÖs cloud services and data. | [Azure AD Identity Protection](https://docs.microsoft.com/azure/active-directory/active-directory-identityprotection) | Microsoft 365 E5 or Microsoft 365 E3 with the Identity & Threat Protection add-on |
+| | | |
+++
+## Results of Step 3
+
+For identity for your Microsoft 365 tenant, you have determined:
+
+- Which identity model to use.
+- How you will enforce strong user and device access.
+
+Here is an example a tenant with the new hybrid identity elements highlighted.
+
+![Example of hybrid identity for a tenant](../media/tenant-management-overview/tenant-management-tenant-build-step3.png)
+
+In this illustration, the tenant has:
+
+- An AD DS forest that is being synchronized with the Azure AD tenant using a DirSync server and Azure AD Connect.
+- A copy of the AD DS user accounts and other objects from the AD DS forest.
+- A set of Conditional Access policies to enforce secure user sign-ins and access based on the user account.
+
+## Ongoing maintenance for identity
+
+On an ongoing basis, you might need to:
+
+- Add or modify user accounts and groups. For cloud-only identity, you maintain your cloud-based users and groups with Azure AD tools such as the Microsoft 365 admin center or PowerShell. For hybrid identity, you maintain your on-premises users and groups with AD DS tools.
+- Add or modify your identity and device access configuration to enforce sign-in security requirements.
+
+## Next step
+
+[![Step 4. Migrate your on-premises Office servers and data](../media/tenant-management-overview/tenant-management-step-grid-migration.png)](tenant-management-migration.md)
+
+Continue with [migration](tenant-management-migration.md) to migrate your on-premises Office servers and their data to Microsoft 365.
solutions https://docs.microsoft.com/en-us/microsoft-365/solutions/tenant-management-migration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/tenant-management-migration.md new file mode 100644
@@ -0,0 +1,96 @@
+---
+title: Step 4. Migration for your Microsoft 365 for enterprise tenants
+ms.author: josephd
+author: JoeDavies-MSFT
+manager: laurawi
+ms.audience: ITPro
+ms.topic: article
+ms.prod: microsoft-365-enterprise
+localization_priority: Normal
+ms.collection:
+- M365-subscription-management
+- Strat_O365_Enterprise
+- m365solution-tenantmanagement
+ms.custom:
+- Ent_Solutions
+description: "Migrate your Windows devices, Office client apps, and Office servers for your Microsoft 365 tenants."
+---
+
+# Step 4. Migration for your Microsoft 365 for enterprise tenants
+
+Most enterprise organizations have a heterogeneous environment that includes multiple releases of operating systems, client software, and server software. Microsoft 365 for enterprise includes the most secure versions of the key components of your IT infrastructure. It also includes productivity features that are designed to take advantage of cloud technologies.
+
+To maximize the business value of the Microsoft 365 for enterprise integrated suite of products, begin planning and implementing a strategy to migrate these releases:
+
+| From | To |
+|:-------|:-----|
+| Windows 7 and Windows 8.1 | Windows 10 Enterprise |
+| Office client products installed on your worker's devices | Microsoft 365 Apps for enterprise |
+| Office server products installed on on-premises servers | Their equivalent cloud-based services in Microsoft 365 |
+| | |
+
+## Migrating to Windows 10
+
+Each Microsoft 365 for enterprise license includes a license for Windows 10 Enterprise. To migrate your devices that run Windows 7 or Windows 8.1, you can do an in-place upgrade. Support ended for Windows 7 on *January 14, 2020*.
+
+For additional methods of installing Windows 10 Enterprise beyond an in-place upgrade, see [Windows 10 deployment scenarios](https://docs.microsoft.com/windows/deployment/windows-10-deployment-scenarios). You can also [plan for Windows 10 deployment](https://aka.ms/planforwin10deployment) on your own.
+
+## Migrating to Microsoft 365 Apps for enterprise
+
+Microsoft 365 for enterprise includes Microsoft 365 Apps for enterprise, a version of the Office client products (Word, PowerPoint, Excel, and Outlook) that is installed and updated from the Microsoft cloud. For more information, see [About Microsoft 365 Apps for enterprise](https://docs.microsoft.com/deployoffice/about-microsoft-365-apps).
+
+Rather than keeping your computers current for Office 2019 or older versions, take the following steps:
+
+1. Get and assign a Microsoft 365 license for your users.
+2. Uninstall Office 2013 or Office 2016 on their computers.
+3. Install Microsoft 365 Apps for enterprise, either individually or during an IT rollout. For more information, see [Deployment guide for Microsoft 365 Apps](https://docs.microsoft.com/deployoffice/deployment-guide-microsoft-365-apps).
+
+Microsoft 365 Apps for enterprise installs both security updates and new feature updates automatically and can take advantage of cloud-based services in Microsoft 365 for enhanced security and productivity.
+
+## Migrating on-premises servers and data to Microsoft 365
+
+Microsoft 365 for enterprise includes cloud-based versions of Office server services that use some of the same tools as on-premises versions of Office server software, such as web browsers and the Outlook client. These cloud-based services are automatically updated for security and new features. After migration, your IT department can save the time it takes to maintain and update on-premises servers.
+
+Use the following resources for information about migrating users and data for specific Microsoft 365 workloads:
+
+- [Move mailboxes from on-premises Exchange Server to Exchange Online](https://docs.microsoft.com/exchange/hybrid-deployment/move-mailboxes)
+- [Migrate SharePoint data from SharePoint Server to SharePoint Online](https://docs.microsoft.com/sharepointmigration/migrate-to-sharepoint-online)
+- [Migrate Skype for Business Online to Microsoft Teams](https://docs.microsoft.com/microsoftteams/migration-interop-guidance-for-teams-with-skype)
+
+## Transition your entire organization
+
+To get a better picture of how to move your entire organization to the products and services in Microsoft 365 for enterprise, download this transition poster:
+
+[![Image showing the Transition to Microsoft 365 poster.](../media/microsoft-365-overview/transition-org-to-m365.png)](https://download.microsoft.com/download/2/c/7/2c7bcc04-aae3-4604-9707-1ffff66b9851/transition-org-to-m365.pdf)
+
+This two-page poster is a quick way to inventory your existing infrastructure. Use it to get guidance for moving to a product or service in Microsoft 365 for enterprise. It shows Windows and Office products and other infrastructure and security elements such as device management, identity and threat protection, and information protection and compliance.
+
+## Results of Step 4
+
+For migration for your Microsoft 365 tenant, you have determined:
+
+- Which devices are running Windows 7 or Windows 8.1 and the plan to update them to Windows 10 Enterprise.
+- Which devices are running the Office client apps and the plan to update them to Microsoft 365 apps for enterprise.
+- Which on-premises Office server services should be migrated to their Microsoft 365 equivalent and the plan to migrate them and their data.
+
+Here is an example of a tenant with a completed migration of on-premises servers.
+
+![Example of a tenant with a completed migration of on-premises servers](../media/tenant-management-overview/tenant-management-tenant-build-step4.png)
+
+In this illustration, the organization has:
+
+- Migrated its on-premises Exchange Server mailboxes to Exchange Online.
+- Migrated its on-premises SharePoint Server sites and data to SharePoint in Microsoft 365.
+
+## Ongoing maintenance for migration
+
+On an ongoing basis, you might need to:
+
+- Depending on the state of your Exchange mailbox migration, continue rolling the transition to Exchange Online out to your organization.
+- Depending on the state of your on-premises SharePoint site migration, continue rolling the transition to SharePoint in Microsoft 365 out to your organization.
+
+## Next step
+
+[![Step 5. Deploy device and app management](../media/tenant-management-overview/tenant-management-step-grid-device-mgmt.png)](tenant-management-device-management.md)
+
+Continue with [device and app management](tenant-management-device-management.md) to deploy device and app management.
solutions https://docs.microsoft.com/en-us/microsoft-365/solutions/tenant-management-networking https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/tenant-management-networking.md new file mode 100644
@@ -0,0 +1,175 @@
+---
+title: Step 2. Optimal networking for your Microsoft 365 for enterprise tenants
+ms.author: josephd
+author: JoeDavies-MSFT
+manager: laurawi
+ms.audience: ITPro
+ms.topic: article
+ms.prod: microsoft-365-enterprise
+localization_priority: Normal
+ms.collection:
+- M365-subscription-management
+- Strat_O365_Enterprise
+- m365solution-tenantmanagement
+ms.custom:
+- Ent_Solutions
+description: "Optimize the network access to your Microsoft 365 tenants."
+---
+
+# Step 2. Optimal networking for your Microsoft 365 for enterprise tenants
+
+Microsoft 365 for enterprise includes cloud productivity apps such as Teams and Exchange Online, and Microsoft Intune, along with many identity and security services of Microsoft Azure. All of these cloud-based services rely on the security, performance, and reliability of connections from client devices on your on-premises network or any location on the Internet.
+
+To optimize network access for your tenant, you need to:
+
+- Optimize the path between your on-premises users and the closest location to the Microsoft Global Network.
+- Optimize access to the Microsoft Global Network for your remote users that are using a remote access VPN solution.
+- Use Network Insights to design the network perimeter for your office locations.
+- Optimize access to specific assets hosted on SharePoint sites with the Office 365 CDN.
+- Configure proxy and network edge devices to bypass processing for Microsoft 365 trusted traffic with the list of endpoints and automate the updating of the list as changes are made.
+
+## Enterprise on-premises workers
+
+For enterprise networks, you should optimize the end user experience by enabling the highest-performing network access between clients and the closest Microsoft 365 endpoints. The quality of end user experience is directly related to the performance and responsiveness of the application that the user is using. For example, Microsoft Teams relies on low latency so that user phone calls, conferences and shared screen collaborations are glitch-free.
+
+The primary goal in the network design should be to minimize latency by reducing the round-trip time (RTT) from client devices to the Microsoft Global Network, Microsoft's public network backbone that interconnects all of Microsoft's datacenters with low latency, high availability cloud application entry points, known as front doors, spread around the world.
+
+Here is an example of a traditional enterprise network.
+
+![A traditional enterprise network with central access to the Internet](../media/tenant-management-overview/tenant-management-networking-traditional.png)
+
+In this illustration, branch offices connect to a central office through wide area network (WAN) devices and a WAN backbone. Internet access is through a security or proxy device at the network edge of the central office and an Internet service provider (ISP). On the Internet, the Microsoft Global Network has a series of front doors in regions around the world. Organizations can also use intermediate locations for additional packet processing and security for traffic. An organization's Microsoft 365 tenant is located within the Microsoft Global Network.
+
+The problems with this configuration for Microsoft 365 cloud services are:
+
+- For users in branch offices, traffic gets sent to non-local front doors, increasing latency.
+- Sending traffic to intermediate locations create network hairpins that perform duplicate packet processing on trusted traffic, increasing latency.
+- Network edge devices perform unneeded and duplicate packet processing on trusted traffic, increasing latency.
+
+Optimizing Microsoft 365 network performance doesn't need to be complicated. You can get the best possible performance by following a few key principles:
+
+- Identify Microsoft 365 network traffic, which is trusted traffic destined to Microsoft cloud services.
+- Allow local branch egress of Microsoft 365 network traffic to the internet from each location where users connect to Microsoft 365.
+- Avoid network hairpins.
+- Allow Microsoft 365 traffic to bypass proxies and packet inspection devices.
+
+If you implement these principles, you get an enterprise network optimized for Microsoft 365.
+
+![An enterprise network optimized for Microsoft 365](../media/tenant-management-overview/tenant-management-networking-optimized.png)
+
+In this illustration, branch offices have their own Internet connection through a software-defined WAN device (SDWAN) device, which sends trusted Microsoft 365 traffic to the regionally closest front door. At the central office, trusted Microsoft 365 traffic bypasses the security or proxy device and intermediate devices are no longer used.
+
+Here's are how the optimized configuration solves the latency issues of a traditional enterprise network:
+
+- Trusted Microsoft 365 traffic skips the WAN backbone and is sent to local front doors for all offices, decreasing latency.
+- Network hairpins that perform duplicate packet processing are skipped for Microsoft 365 trusted traffic, decreasing latency.
+- Network edge devices that perform unneeded and duplicate packet processing are skipped for Microsoft 365 trusted traffic, decreasing latency.
+
+For more information, see [Microsoft 365 network connectivity overview](../enterprise/microsoft-365-networking-overview.md).
+
+## Remote workers
+
+If your remote workers are using a traditional VPN client to obtain remote access to your organization network, verify that the VPN client has split tunneling support. Without split tunneling, all of your remote work traffic gets sent across the VPN connection, where it must be forwarded to your organizationΓÇÖs edge devices, get processed, and then sent on the Internet. Here is an example.
+
+![Network traffic from VPN clients without tunneling](../media/empower-people-to-work-remotely-remote-access/empower-people-to-work-remotely-remote-access-before-tunneling.png)
+
+In this illustration, Microsoft 365 traffic must take an indirect route through your organization, which could be forwarded to a Microsoft Global Network front door far away from the VPN clientΓÇÖs physical location. This indirect path adds latency to the network traffic and decreases overall performance.
+
+With split tunneling, you can configure your VPN client to exclude specific types of traffic from being sent over the VPN connection to the organization network.
+
+To optimize access to Microsoft 365 cloud resources, configure your split tunneling VPN clients to exclude traffic to the **Optimize** category Microsoft 365 endpoints over the VPN connection. For more information, see [Office 365 endpoint categories](../enterprise/microsoft-365-network-connectivity-principles.md#new-office-365-endpoint-categories) and [the lists](../enterprise/microsoft-365-vpn-implement-split-tunnel.md#implement-vpn-split-tunneling) of Optimize category endpoints for split tunneling.
+
+Here is the resulting traffic flow for split tunneling, in which most of the traffic to Microsoft 365 cloud apps bypass the VPN connection.
+
+![Network traffic from VPN clients with tunneling](../media/empower-people-to-work-remotely-remote-access/empower-people-to-work-remotely-remote-access-after-tunneling.png)
+
+In this illustration, the VPN client sends and receives crucial Microsoft 365 cloud service traffic directly over the Internet and to the nearest front door into the Microsoft Global Network.
+
+For more information and guidance, see [Optimize Office 365 connectivity for remote users using VPN split tunneling](../enterprise/microsoft-365-vpn-split-tunnel.md).
+
+## Using Network Insights (preview)
+
+Network insights are performance metrics collected from your Microsoft 365 tenant that help you design network perimeters for your office locations. Each insight provides live details about the performance characteristics for a specified issue for each geographic location where on-premises users are accessing your tenant.
+
+There are two tenant level network insights that may be shown for the tenant:
+
+- [Exchange sampled connections impacted by connectivity issues](../enterprise/office-365-network-mac-perf-insights.md#exchange-sampled-connections-impacted-by-connectivity-issues)
+- [SharePoint sampled connections impacted by connectivity issues](../enterprise/office-365-network-mac-perf-insights.md#sharepoint-sampled-connections-impacted-by-connectivity-issues)
+
+These are the specific network insights for each office location:
+
+- [Backhauled network egress](../enterprise/office-365-network-mac-perf-insights.md#backhauled-network-egress)
+- [Better performance detected for customers near you](../enterprise/office-365-network-mac-perf-insights.md#better-performance-detected-for-customers-near-you)
+- [Use of a non-optimal Exchange Online service front door](../enterprise/office-365-network-mac-perf-insights.md#use-of-a-non-optimal-exchange-online-service-front-door)
+- [Use of a non-optimal SharePoint Online service front door](../enterprise/office-365-network-mac-perf-insights.md#use-of-a-non-optimal-sharepoint-online-service-front-door)
+- [Low download speed from SharePoint front door](../enterprise/office-365-network-mac-perf-insights.md#low-download-speed-from-sharepoint-front-door)
+- [China user optimal network egress](../enterprise/office-365-network-mac-perf-insights.md#china-user-optimal-network-egress)
+
+>[!IMPORTANT]
+>Network insights, performance recommendations and assessments in the Microsoft 365 Admin Center is currently in preview status. It is only available for Microsoft 365 tenants that have been enrolled in the feature preview program.
+
+For more information, see [Microsoft 365 Network Insights](../enterprise/office-365-network-mac-perf-insights.md).
+
+## SharePoint performance with the Office 365 CDN
+
+A cloud-based Content Delivery Network (CDN) allows you to reduce load times, save bandwidth, and speed responsiveness. A CDN improves performance by caching static assets such as graphic or video files closer to the browsers requesting them, which helps to speed up downloads and reduce latency. You can use the built-in Office 365 Content Delivery Network (CDN), included with SharePoint in Microsoft 365 E3 and E5, to host static assets to provide better performance for your SharePoint pages.
+
+The Office 365 CDN is composed of multiple CDNs that allow you to host static assets in multiple locations, or _origins_, and serve them from global high-speed networks. Depending on the kind of content you want to host in the Office 365 CDN, you can add **public** origins, **private** origins, or both.
+
+When deployed and configured, the Office 365 CDN uploads assets from public and private origins and makes them available for fast access to users located across the Internet.
+
+![Office 365 CDN deployed for users](../media/O365-CDN/o365-cdn-flow-transparent.svg "Office 365 CDN deployed for users")
+
+For more information, see [Use the Office 365 CDN with SharePoint Online](../enterprise/use-microsoft-365-cdn-with-spo.md).
+
+## Automated endpoint listing
+
+To have your on-premises clients, edge devices, and cloud-based packet analysis services skip processing of trusted Microsoft 365 traffic, you must configure them with the set of endpoints (IP address ranges and DNS names) corresponding to Microsoft 365 services. These endpoints can be manually configured in firewalls and other edge security devices, PAC files for client computers to bypass proxies, or SD-WAN devices at branch offices. However, the endpoints change over time, requiring ongoing manual maintenance of the endpoint lists in these locations.
+
+To automate the listing and change management for Microsoft 365 endpoints in your client PAC files and network devices, use the [Office 365 IP Address and URL REST-based web service](../enterprise/microsoft-365-ip-web-service.md). This service helps you better identify and differentiate Microsoft 365 network traffic, making it easier for you to evaluate, configure, and stay current with the latest changes.
+
+You can use PowerShell, Python, or other languages to determine the changes to endpoints over time and configure your PAC files and edge network devices.
+
+The basic process is:
+
+1. Use the Office 365 IP Address and URL web service and the configuration mechanism of your choice to configure your PAC files and network devices with the current set of Microsoft 365 endpoints.
+2. Run a daily recurring to check for changes in the endpoints or use a notification method.
+3. When changes are detected, regenerate and redistribute the PAC file for client computers and make the changes to your network devices.
+
+For more information, see [Office 365 IP Address and URL web service](../enterprise/microsoft-365-ip-web-service.md).
+
+## Results of Step 2
+
+For your Microsoft 365 tenant with optimal networking, you have determined:
+
+- How to optimize network performance for on-premises users by adding Internet connections to all branch offices and eliminating network hairpins.
+- How to implement automated trusted endpoint listing for your client-based PAC files and your network devices and services, including ongoing updates (most suitable for enterprise networks).
+- How to support the access of remote workers to on-premises resources.
+- How to use Network Insights
+- How to deploy the Office 365 CDN.
+
+Here is an example of an enterprise organization and its tenant with optimal networking.
+
+![Example of a tenant with optimal networking](../media/tenant-management-overview/tenant-management-tenant-build-step2.png)
+
+[See a larger version of this image](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/media/tenant-management-overview/tenant-management-tenant-build-step2.png)
+
+In this illustration, the tenant for this enterprise organization has:
+
+- Local internet access for each branch office with an SDWAN device that forwards trusted Microsoft 365 traffic to a local front door.
+- No network hairpins.
+- Central office security and proxy edge devices that forward Microsoft 365 trusted traffic to a local front door.
+
+## Ongoing maintenance for optimal networking
+
+On an ongoing basis, you might need to:
+
+- Update your edge devices and deployed PAC files for changes in endpoints or verify that your automated process works properly.
+- Manage your assets in the Office 365 CDN.
+- Update the split tunneling configuration in your VPN clients for changes in endpoints.
+
+## Next step
+
+[![Step 3. Synchronize your identities and enforce secure sign-ins](../media/tenant-management-overview/tenant-management-step-grid-identity.png)](tenant-management-identity.md)
+
+Continue with [identity](tenant-management-identity.md) to synchronize your on-premises accounts and groups and enforce secure user sign-ins.
solutions https://docs.microsoft.com/en-us/microsoft-365/solutions/tenant-management-overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/tenant-management-overview.md new file mode 100644
@@ -0,0 +1,146 @@
+---
+title: Tenant management for Microsoft 365 for enterprise
+ms.author: josephd
+author: JoeDavies-MSFT
+manager: laurawi
+ms.audience: ITPro
+ms.topic: article
+ms.prod: microsoft-365-enterprise
+localization_priority: Normal
+ms.collection:
+- M365-subscription-management
+- Strat_O365_Enterprise
+- m365solution-tenantmanagement
+ms.custom:
+- Ent_Solutions
+description: "An overview of the planning, deployment, and ongoing operation of your Microsoft 365 tenants."
+---
+
+# Tenant management for Microsoft 365 for enterprise
+
+Creating a path to your organization's digital transformation with cloud computing requires a firm foundation upon which your workers can rely for productivity, collaboration, performance, privacy, compliance, and security.
+
+Correct configuration of your Microsoft 365 tenants provides that foundation, leaving your workers to focus on getting their work done and your IT department to focus on end-to-end solutions that provide additional business value.
+
+This solution takes you through the configuration of that foundation in these steps:
+
+1. Determine your tenants
+2. Optimize your networking
+3. Synchronize your identities and enforce secure sign-ins
+4. Migrate your Windows devices, Office clients, and on-premises Office servers and data
+5. Deploy device and app management
+
+But first, let's take a moment to understand what a tenant is and what a tenant that provides a firm foundation looks like.
+
+## A Microsoft 365 tenant defined
+
+A Microsoft 365 tenant is a dedicated instance of the services of Microsoft 365 and your organization data stored within a specific default location, such as Europe or North America. This location is specified when you create the tenant for your organization. Each Microsoft 365 tenant is distinct, unique, and separate from all other Microsoft 365 tenants. You create a Microsoft 365 tenant when you purchase one or more products from Microsoft, such as Microsoft 365 E3 or E5, and a set of licenses for each.
+
+Your Microsoft 365 tenant also includes an Azure Active Directory (Azure AD) tenant, which is a dedicated instance of Azure AD for user accounts, groups, and other objects. Each Azure AD tenant is distinct, unique, and separate from all other Azure AD tenants. While your organization can have multiple Azure AD tenants that you can set up with Azure subscriptions, Microsoft 365 tenants can only use a single Azure AD tenant, the one that was created when you created the tenant.
+
+Here is an example:
+
+![An example Microsoft 365 tenant with its Azure AD tenant](../media/tenant-management-overview/tenant-management-example-tenant.png)
+
+*Tenant management* is the planning, deployment, and ongoing operation of your Microsoft 365 tenants.
+
+## Attributes of a well-designed and operating tenant
+
+Beyond the correct name and location for your tenant, there are additional elements to plan, deploy, and manage to ensure that your user experiences with cloud productivity apps&mdash;such as Microsoft Teams and Exchange Online&mdash;are effective, secure, and performant.
+
+Here are the elements:
+
+- You have the correct set of products (subscriptions) and licenses.
+ - The set of products match your business, IT, and security needs.
+ - There is an adequate number of licenses for your workers and anticipated changes in staffing.
+- For networking:
+ - You have configured the correct DNS domain names.
+ - For enterprise networks, you have optimized network traffic to the Microsoft network for onsite workers.
+ - You have optimized network traffic for remote workers who are using a VPN client.
+- You have synchronized your Active Directory Domain Services (AD DS) accounts, groups, and other objects.
+ - Your Azure AD tenant accounts are mapped to Exchange Online mailboxes with the correct DNS domains for email addresses.
+ - Your user accounts have been assigned the correct licenses from the correct purchased products (such as Microsoft 365 E3 or E5).
+- You have configured strong identity and access management.
+ - You are requiring secure user sign-in with passwordless or multi-factor authentication (MFA).
+ - You have Conditional Access policies that enforce sign-in requirements and restrictions for higher levels of security.
+- On-premises Office servers and their data have been migrated to cloud apps or are being used in a hybrid configuration.
+- You are doing device management with Intune or Basic Mobility and Security built into Microsoft 365.
+ - Your organization-owned devices are enrolled and managed.
+ - The apps for personal devices are managed.
+
+Here is an example of a Microsoft 365 tenant with all these elements in place.
+
+![An example Microsoft 365 tenant](../media/tenant-management-overview/tenant-management-tenant-config.png)
+
+In this illustration, the Microsoft 365 tenant includes:
+
+- Products and licenses for Microsoft 365 E3 and E5.
+- Microsoft 365 productivity apps.
+- Intune with enrolled devices and device and application policies.
+- An Azure AD tenant that has synchronized user account (groups and other directory objects are not shown), domains, and Conditional Access policies.
+
+## Tenant capabilities for Microsoft 365 for enterprise
+
+The following sections and table list the key capabilities and licensing for the steps in this solution.
+
+### Tenant
+
+| Capability or feature | Description | Licensing |
+|:-------|:-----|:-------|
+| Multiple tenants | Each Microsoft 365 tenant is distinct, unique, and separate from all other Microsoft 365 tenants. With multiple tenants, there are restrictions and additional considerations when managing them and providing services to your users. | Microsoft 365 E3 or E5 |
+| Cross-tenant mailbox migration | Tenant administrators can move mailboxes between tenants with minimal infrastructure dependencies in their on-premises systems. This removes the need to off-board and onboard mailboxes. | Microsoft 365 E3 or E5 |
+| Multi-Geo | Your tenant can store data at rest in the other datacenter geo locations that you've chosen to meet data residency requirements. | Microsoft 365 E3 or E5 |
+| Move core data to a new datacenter geo | As Microsoft adds new datacenter geos for additional capacity and compute resources, you can request a datacenter geo move for in-geo data residency for your core customer data. | Microsoft 365 E3 or E5 |
+||||
+
+### Networking
+
+| Capability or feature | Description | Licensing |
+|:-------|:-----|:-------|
+| Network Insights | Network performance metrics collected from your Microsoft 365 tenant to help you design network perimeters for your office locations. | Microsoft 365 E3 or E5 |
+| Automate endpoint updates | Automate the configuration and ongoing updates for Microsoft 365 endpoints in your client PAC files and network devices and services. | Microsoft 365 E3 or E5 |
+||||
+
+### Identity
+
+| Capability or feature | Description | Licensing |
+|:-------|:-----|:-------|
+| Synchronize on-premises Active Directory Domain Services (AD DS) with your Azure AD tenant | Leverage your on-premises identity provider for user accounts, groups, and other objects. | Microsoft 365 E3 or E5 |
+| MFA enforced with security defaults | Protect against compromised identities and devices by requiring a second form of authentication for sign-ins. Security defaults requires MFA for all user accounts. | Microsoft 365 E3 or E5 |
+| MFA enforced with Conditional Access| Require MFA based on the attributes of the sign-in with Conditional Access policies. | Microsoft 365 E3 or E5 |
+| MFA enforced with risk-based Conditional Access | Require MFA based on the risk of the user sign-in with Microsoft Defender for Identity. | Microsoft 365 E5 or E3 with Azure AD Premium P2 licenses |
+| Self-Service Password Reset (SSPR) | Allow your users to reset or unlock their passwords or accounts. | Microsoft 365 E3 or E5 |
+||||
+
+### Migration
+
+| Capability or feature | Description | Licensing |
+|:-------|:-----|:-------|
+| Migrate to Windows 10 | Migrate your devices that run Windows 7 or Windows 8.1 to Windows 10 Enterprise. | Windows 10 Enterprise licenses included with Microsoft 365 E3 or E5 |
+| Migrate to Microsoft 365 Apps for enterprise | Migrate your Office client apps such as Word and PowerPoint to the versions installed from the cloud that are updated with new features. | Microsoft 365 E3 or E5 |
+| Migrate on-premises servers and data to Microsoft 365 | Migrate your Exchange mailboxes, SharePoint sites, and Skype for Business Online to Microsoft 365 cloud services. | Microsoft 365 E3 or E5 |
+||||
+
+### Device and app management
+
+| Capability or feature | Description | Licensing |
+|:-------|:-----|:-------|
+| Microsoft Intune | A cloud-based service that provides mobile device management (MDM) and mobile application management (MAM) to control how your organizationΓÇÖs application and the devices are used, including mobile phones, tablets, and laptops. | Microsoft 365 E3 or E5 |
+| Basic Mobility and Security | Secure and manage your users' mobile devices like iPhones, iPads, Androids, and Windows phones with this built-in service. | Microsoft 365 E3 or E5 |
+||||
+
+## Next steps
+
+Use these steps to set up and manage your Microsoft 365 tenants.
+
+1. [Determine your tenants](tenant-management-tenants.md)
+2. [Optimize your networking](tenant-management-networking.md)
+3. [Synchronize your identities and enforce secure sign-ins](tenant-management-identity.md)
+4. [Migrate your on-premises Office servers and data](tenant-management-migration.md)
+5. [Deploy device and app management](tenant-management-device-management.md)
+
+[![The steps to deploy and manage a Microsoft 365 tenant](../media/tenant-management-overview/tenant-management-step-grid.png)](tenant-management-tenants.md)
+
+Each step describes deployment options, summarizes the results, and ongoing maintenance tasks.
+
+To understand how a fictional but representative multi-national organization deployed the elements of their Microsoft 365 tenant, see the [Contoso case study](../enterprise/contoso-case-study.md).
solutions https://docs.microsoft.com/en-us/microsoft-365/solutions/tenant-management-tenants https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/tenant-management-tenants.md new file mode 100644
@@ -0,0 +1,152 @@
+---
+title: Step 1. Your Microsoft 365 for enterprise tenants
+ms.author: josephd
+author: JoeDavies-MSFT
+manager: laurawi
+ms.audience: ITPro
+ms.topic: article
+ms.prod: microsoft-365-enterprise
+localization_priority: Normal
+ms.collection:
+- M365-subscription-management
+- Strat_O365_Enterprise
+- m365solution-tenantmanagement
+ms.custom:
+- Ent_Solutions
+description: "Deploy and manage single or multiple Microsoft 365 tenants, with options for multi-geo and moving locations."
+---
+
+# Step 1. Your Microsoft 365 for enterprise tenants
+
+One of your first tenant decisions is how many to have. Each Microsoft 365 tenant is distinct, unique, and separate from all other Microsoft 365 tenants. ItΓÇÖs corresponding Azure AD tenant is also distinct, unique, and separate from all other Microsoft 365 tenants.
+
+## Single tenant
+Having a single tenant simplifies many aspects of your organizationΓÇÖs use of Microsoft 365. A single tenant means a single Azure AD tenant with a single set of accounts, groups, and policies. Permissions and sharing of resources across your organization can be done through this central identity provider.
+
+A single tenant provides the most feature-rich and simplified collaboration and productivity experience for your users.
+
+Here is an example showing the default location and Azure AD tenant of a Microsoft 365 tenant.
+
+![A single Microsoft 365 tenant with its Azure AD tenant](../media/tenant-management-overview/tenant-management-example-tenant.png)
+
+## Multiple tenants
+
+There are many reasons why your organization could have multiple tenants:
+
+- Administrative isolation
+- Decentralized IT
+- Historical decisions
+- Mergers, acquisitions, or divestitures
+- Clear separation of branding for conglomerate organizations
+- Pre-production, test, or sandbox tenants
+
+Here is an example of an organization that has two tenants (Tenant A and Tenant B) in the same default datacenter geo. Each tenant as a separate Azure AD tenant.
+
+![Multiple Microsoft 365 tenants with their own Azure AD tenants](../media/tenant-management-overview/tenant-management-example-multi-tenant.png)
+
+When you have multiple tenants, there are restrictions and additional considerations when managing them and providing services to your users.
+
+### Inter-tenant collaboration
+
+If you want your users to collaborate more effectively across different Microsoft 365 tenants in a secure manner, inter-tenant collaboration options include using a central location for files and conversations, sharing calendars, using IM, audio/video calls for communication, and securing access to resources and applications.
+
+For more information, see [Microsoft 365 inter-tenant collaboration](../enterprise/microsoft-365-inter-tenant-collaboration.md).
+
+### Cross-tenant mailbox migration (preview)
+
+Prior to cross-tenant mailbox migration (in preview), when moving Exchange Online mailboxes between tenants, you have to completely offboard a user mailbox from their current tenant (the source tenant) to on-premises and then onboard them to a new tenant (the target tenant). With the new cross-tenant mailbox migration feature, tenant administrators in both source and target tenants can move mailboxes between the tenants with minimal infrastructure dependencies in their on-premises systems. This removes the need to off-board and onboard mailboxes.
+
+Here are two example tenants and their mailboxes before cross-tenant mailbox migration.
+
+![Multiple Microsoft 365 tenants and their mailboxes](../media/tenant-management-overview/tenant-management-cross-tenant-mailbox-before.png)
+
+In this illustration, two separate tenants have their own domains and set of Exchange mailboxes.
+
+Here is the target tenant (Tenant A) after cross-tenant mailbox migration.
+
+![The target tenant after cross-tenant mailbox migration](../media/tenant-management-overview/tenant-management-cross-tenant-mailbox-after.png)
+
+In this illustration, a single tenant has both domains and both sets of Exchange mailboxes.
+
+For more information, see [Cross-tenant mailbox migration](../enterprise/cross-tenant-mailbox-migration.md).
+
+### Tenant-to-tenant migrations
+
+There are several architectural approaches for mergers, acquisitions, divestitures, and other scenarios that might lead you to migrate an existing Microsoft 365 tenant to a new tenant.
+
+For detailed guidance, see [Microsoft 365 tenant-to-tenant migrations](../enterprise/microsoft-365-tenant-to-tenant-migrations.md).
+
+## Multi-Geo for a tenant
+
+With Microsoft 365 Multi-Geo, you can provision and store data at rest in the other datacenter geo locations that you've chosen to meet data residency requirements, and at the same time unlock your global rollout of modern productivity experiences to your workers.
+
+In a Multi-Geo environment, your Microsoft 365 tenant consists of a default or central location where your Microsoft 365 subscription was originally created and one or more satellite locations. In a multi-geo tenant, the information about geo locations, groups, and user information is mastered in a global Azure AD tenant. Because your tenant information is mastered centrally and synchronized into each geo location, collaboration experiences involving anyone from your company are shared across the locations.
+
+Here is an example of an organization that has its default location in Europe and a satellite location in North America. Both locations share the same global Azure AD tenant for the single Microsoft 365 tenant.
+
+![Example of a multi-geo Microsoft 365 tenant](../media/tenant-management-overview/tenant-management-example-multi-geo.png)
+
+For more information, see [Microsoft 365 Multi-Geo](../enterprise/microsoft-365-multi-geo.md).
+
+## Moving core data to a new datacenter geo
+
+Microsoft continues to open new datacenter geos for Microsoft 365 services. These new datacenter geos add capacity and compute resources to support our ongoing customer demand and usage growth. Additionally, the new datacenter geos offer in-geo data residency for core customer data.
+
+Although opening a new datacenter geo does not impact you and your core data stored in an already existing datacenter geo, Microsoft allows you to request an early migration of your organization's core customer data at rest to a new datacenter geo.
+
+Here is an example in which a Microsoft 365 tenant was moved from the European Union (EU) datacenter geo to the one located in the United Kingdom (UK).
+
+![Example of moving a Microsoft 365 tenant between datacenter geos](../media/tenant-management-overview/tenant-management-example-tenant-move.png)
+
+For more information, see [Moving core data to new Microsoft 365 datacenter geos](../enterprise/moving-data-to-new-datacenter-geos.md).
+
+## Products and licenses for a tenant
+
+Your Microsoft 365 tenant gets created when you purchase your first product, such as Microsoft 365 E3. Along with the product are licenses, which are charged a monthly or annual fee. An administrator then assigns an available license from one of your products to a user account, either directly or through group membership. Depending on your organization's business needs, you might have a set of products, each with their own pool of licenses.
+
+Determining the set of products and the number of licenses for each requires some planning to:
+
+- Ensure you have enough licenses for the user accounts that need advanced features.
+- Prevent you from running out of licenses or having too many unassigned licenses, based on changes in staffing at your organization.
++
+## Results of Step 1
+
+For your Microsoft 365 for enterprise tenants, you have determined:
+
+- How many tenants you have or need.
+- For each tenant, which products and licenses must be purchased.
+- Whether a tenant needs to be Multi-Geo to comply with data residency requirements.
+- Whether you need to set up inter-tenant collaboration.
+- Whether you need to migrate one tenant to another.
+- Whether you need to move core data from one datacenter geo to new one.
+
+Here is an example of a new tenant.
+
+![Example of a new tenant](../media/tenant-management-overview/tenant-management-tenant-build-step1.png)
+
+In this illustration, the tenant has:
+
+- A default location corresponding to a Microsoft 365 datacenter geo.
+- A set of products and licenses.
+- The set of cloud productivity apps, some of which are specific to products.
+- An Azure AD tenant that contains global administrator accounts and an initial DNS domain name.
+
+As we move through the additional steps of this solution, we will build out this figure.
+
+## Ongoing maintenance for tenants
+
+On an ongoing basis, you might need to:
+
+- Add a new tenant.
+- Add new products to a tenant with an initial number of licenses.
+- Change the set of licenses for a product in a tenant to adjust for changing staff requirements.
+- Move your core data from a tenant to a new datacenter geo location.
+- Add Multi-Geo for data residency requirements.
+- Set up inter-tenant collaboration.
+
+## Next step
+
+[![Step 2. Optimize your tenant for network for access](../media/tenant-management-overview/tenant-management-step-grid-networking.png)](tenant-management-networking.md)
+
+Continue with [networking](tenant-management-networking.md) to provide optimal networking from your workers to Microsoft 365 cloud services.
solutions https://docs.microsoft.com/en-us/microsoft-365/solutions/workload-solutions-scenarios-overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/workload-solutions-scenarios-overview.md deleted file mode 100644
@@ -1,21 +0,0 @@
-title: Microsoft 365 workload solutions and scenarios
-description: Accomplish your business objectives with these solution guides for specific Microsoft 365 workloads.
-ms.author: samanro
-author: samanro
-manager: bcarter
-ms.audience: ITPro
-ms.topic: article
-ms.prod: microsoft-365-enterprise
-localization_priority: Normal
-ms.collection:
-- M365-subscription-management
-ms.custom:
-f1.keywords: NOCSH
-ROBOTS: NOINDEX
--
-# Microsoft 365 workload solutions and scenarios
-
-![objects](https://docs.microsoft.com/office/media/icons/objects-blue.png) **Workload scenarios and solutions** These scenarios and solutions help you accomplish a specific business objective. You can add them onto the foundational solutions to add capabilities to your environment.