Updates from: 01/20/2024 05:01:30
Category Microsoft Docs article Related commit history on GitHub Change details
business-premium Create Communications Site https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/create-communications-site.md
f1.keywords:
- NOCSH -+ ms.audience: Admin Last updated 10/10/2023 ms.localizationpriority: medium-+ - Adm_O365-- M365-subscription-management
+- M365-subscription-management
- M365-identity-device-management - M365-Campaigns - tier1
description: "Create a SharePoint communications site for your campaign or busin
# Create a communications site
-A great way to communicate priorities, share strategy documents, and highlight upcoming events is to use a communications site in SharePoint, and that's what this article is all about. Communications sites are for sharing things broadly across your whole business or campaignΓÇöit's your internal strategy site and tactical room.
+A great way to communicate priorities, share strategy documents, and highlight upcoming events is to use a communications site in SharePoint, and that's what this article is all about. Communications sites are for sharing things broadly across your whole business or campaignΓÇöit's your internal strategy site and tactical room.
## Best practices
The following links for PowerPoint and PDF can be downloaded and printed in tabl
3. At the top of the SharePoint home page, select **+ Create site** and choose the **Communication site** option.
-Learn all [about Communications sites](https://support.office.com/article/What-is-a-SharePoint-communication-site-94A33429-E580-45C3-A090-5512A8070732) and how to [create a communication site in SharePoint Online](https://support.microsoft.com/en-us/office/create-a-communication-site-in-sharepoint-online-7fb44b20-a72f-4d2c-9173-fc8f59ba50eb).
+Learn all [about Communications sites](https://support.office.com/article/What-is-a-SharePoint-communication-site-94A33429-E580-45C3-A090-5512A8070732) and how to [create a communication site in SharePoint Online](https://support.microsoft.com/office/create-a-communication-site-in-sharepoint-online-7fb44b20-a72f-4d2c-9173-fc8f59ba50eb).
## Admin settings
If you don't see the **+ Create** site link, self-service site creation might no
## Next step
-[Protect managed devices](m365bp-protect-managed-devices.md) for your organization.
+[Protect managed devices](m365bp-protect-managed-devices.md) for your organization.
business-premium Create Teams For Collaboration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/create-teams-for-collaboration.md
f1.keywords:
- NOCSH -+ ms.audience: Admin ms.localizationpriority: medium Last updated 10/10/2023-+ - Adm_O365-- M365-subscription-management
+- M365-subscription-management
- M365-identity-device-management - M365-Campaigns - tier1
business-premium M365 Business Premium Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365-business-premium-setup.md
description: "How to set up Microsoft 365 Business Premium or work with a soluti
search.appverid: MET150 -+ audience: Admin Last updated 11/02/2023 ms.localizationpriority: medium -
+f1.keywords: NOCSH
+ - m365-security - tier1
When you're ready to sign up for Microsoft 365 Business Premium, you have severa
## [Sign up on your own](#tab/GetOwn)
-1. Visit the [Microsoft 365 Business Premium product page](https://www.microsoft.com/en-us/microsoft-365/business/microsoft-365-business-premium?activetab=pivot%3aoverviewtab).
+1. Visit the [Microsoft 365 Business Premium product page](https://www.microsoft.com/microsoft-365/business/microsoft-365-business-premium?activetab=pivot%3aoverviewtab).
2. Choose to try or buy your subscription. See [Try or buy a Microsoft 365 for business subscription](../commerce/try-or-buy-microsoft-365.md). On the [Microsoft 365 Products site](https://www.aka.ms/office365signup), choose **Microsoft 365 Business Premium**.
When you're ready to sign up for Microsoft 365 Business Premium, you have severa
## [Work with a Microsoft partner](#tab/Partner)
-Microsoft has a list of solution providers who are authorized to sell offerings, including Microsoft 365 Business Premium. If you're not already working with a solution provider, you can find one by following these steps:
+Microsoft has a list of solution providers who are authorized to sell offerings, including Microsoft 365 Business Premium. If you're not already working with a solution provider, you can find one by following these steps:
1. Go to the [Browse Partners](https://appsource.microsoft.com/marketplace/partner-dir).
Microsoft has a list of solution providers who are authorized to sell offerings,
- Your location - Your organization's size
- - **Focus areas**, such as **Security** and/or **Threat Protection**
+ - **Focus areas**, such as **Security** and/or **Threat Protection**
- **Services**, such as **Licensing** or **Managed Services (MSP)** As soon as you select one or more criteria, the list of partners updates.
Microsoft has a list of solution providers who are authorized to sell offerings,
To complete the basic setup process, you can choose from several options available: -- Start with the guided setup experience for basic setup and configuration, and then proceed to [set up your security protection](m365bp-security-overview.md); or
+- Start with the guided setup experience for basic setup and configuration, and then proceed to [set up your security protection](m365bp-security-overview.md); or
- Work with a Microsoft partner who can help you get everything set up and configured. ## [**Guided setup process**](#tab/Guided)
-Microsoft 365 Business Premium includes a guided setup process, as shown in the following video:
+Microsoft 365 Business Premium includes a guided setup process, as shown in the following video:
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE471FJ title="Set up Microsoft 365 for business"] ### The guided setup process, step by step
-1. As a global administrator, go to the [Microsoft 365 admin center](https://admin.microsoft.com/) and sign in.
+1. As a global administrator, go to the [Microsoft 365 admin center](https://admin.microsoft.com/) and sign in.
2. A Business Advisor screen opens where you can select your top goals for Microsoft 365. Select and save your goals, or select **Skip for new**.
-3. By default, you're in the simplified view. In the upper left corner, select **Simplified view > Dashboard view**, and then select **Go to guided setup**.
+3. By default, you're in the simplified view. In the upper left corner, select **Simplified view > Dashboard view**, and then select **Go to guided setup**.
4. To install your Microsoft 365 Apps (Word, Excel, PowerPoint, OneNote, and Outlook), select the download button, and then follow the prompts. Or, skip this step for now and install your apps later. Select **Continue**. 5. To add your organization's domain (*recommended*) or to use your default `.onmicrosoft.com` domain, select an option and then follow the prompts. Then select **Use this domain**. To get help with this task, see [Add a domain to Microsoft 365](../admin/setup/add-domain.md).
-6. To add a user, fill in the user's first name, last name, and user name, and then select **Add users and assign licenses**. Or, select **View all users** to go to your active users page, where you can view, add, and manage users. To get help with this task, see [Add users and assign licenses at the same time](../admin/add-users/add-users.md). We recommend adding your administrators and members of your security team now.
+6. To add a user, fill in the user's first name, last name, and user name, and then select **Add users and assign licenses**. Or, select **View all users** to go to your active users page, where you can view, add, and manage users. To get help with this task, see [Add users and assign licenses at the same time](../admin/add-users/add-users.md). We recommend adding your administrators and members of your security team now.
6. If you added your domain in step 5, connect your domain to Microsoft 365. To get help with this task, see [Change nameservers to set up Microsoft 365 with any domain registrar](../admin/get-help-with-domains/change-nameservers-at-any-domain-registrar.md).
Microsoft 365 Business Premium includes a guided setup process, as shown in the
### Employee quick setup guide
-[:::image type="content" source="media/employee-setup-guide.png" alt-text="Screenshot of employee setup guide steps.":::](https://support.microsoft.com/en-us/office/employee-quick-setup-in-microsoft-365-for-business-7f34c318-e772-46a5-8c0a-ab86661542d1)
+[:::image type="content" source="media/employee-setup-guide.png" alt-text="Screenshot of employee setup guide steps.":::](https://support.microsoft.com/office/employee-quick-setup-in-microsoft-365-for-business-7f34c318-e772-46a5-8c0a-ab86661542d1)
After you have added users to your Microsoft 365 subscription, give them a link to the [Employee quick setup guide](https://support.microsoft.com/office/7f34c318-e772-46a5-8c0a-ab86661542d1). The guide walks them through signing in, getting Microsoft 365 Apps, and saving, copying, and sharing files.
If you'd prefer to have a Microsoft partner help you get and set up Microsoft 36
- Your location - Your organization's size (**Microsoft Customer Size**)
- - **Focus areas**, such as **Security** and/or **Threat Protection**
+ - **Focus areas**, such as **Security** and/or **Threat Protection**
- **Services**, such as **Licensing** or **Managed Services (MSP)** As soon as you select one or more criteria, the list of partners updates.
If you'd prefer to have a Microsoft partner help you get and set up Microsoft 36
## Next step Proceed to [Configure your security protection](m365bp-security-overview.md).-
business-premium M365 Campaigns Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365-campaigns-setup.md
f1.keywords:
- NOCSH -+ audience: Admin Last updated 11/01/2023 ms.localizationpriority: medium-+ - M365-Campaigns - m365solution-smb - tier1
Campaigns and political parties in the USA are eligible for special pricing for
> [!IMPORTANT] > Due to local regulations, we are unable to offer Microsoft 365 for Campaigns in the following states at this time: CO, DE, IL, OK, WI & WY. We encourage campaigns in those states to explore additional offerings at [Microsoft 365 for business](https://www.office.com/business).
-If your campaign or political party qualifies, Microsoft 365 for Campaigns is the least expensive plan available through Microsoft. See [Microsoft 365 for Campaigns](https://m365forcampaigns.microsoft.com).
+If your campaign or political party qualifies, Microsoft 365 for Campaigns is the least expensive plan available through Microsoft. See [Microsoft 365 for Campaigns](https://m365forcampaigns.microsoft.com).
> [!TIP] > If you're not eligible for special pricing, Microsoft 365 Business Premium is still the most cost-effective way obtain comprehensive security for a collaboration environment. See [How to get Microsoft 365 Business Premium](get-microsoft-365-business-premium.md).
After you have subscribed to Microsoft 365 for Campaigns, your next step is to g
Make sure that you meet the following requirements before you begin your setup process:
-| Requirement | Description |
+|Requirement|Description|
|:|:|
-| Subscription | Microsoft 365 Business Premium or Microsoft 365 for Campaigns <br/><br/> To start a trial or purchase your subscription, see the following resources: <br/>- [Get Microsoft 365 Business Premium](m365-business-premium-setup.md#sign-up-for-microsoft-365-business-premium)<br/>- [Get Microsoft 365 for Campaigns](#get-microsoft-365-for-campaigns) |
-| Permissions | To complete the initial setup process, you must be a Global Admin. [Learn more about admin roles](../admin/add-users/about-admin-roles.md). |
-| Browser requirements | Microsoft Edge, Safari, Chrome or Firefox. [Learn more about browser requirements](https://www.microsoft.com/microsoft-365/microsoft-365-and-office-resources#coreui-heading-uyetipy). |
-| Operating systems (client) | **Windows**: Windows 10 or 11 Pro<br/>**macOS**: One of the three most recent versions of macOS |
-| Operating systems (servers) | Windows Server or Linux Server <br/>(Requires an additional license, such as [Microsoft Defender for Business servers](../security/defender-business/get-defender-business.md#how-to-get-microsoft-defender-for-business-servers).) |
+|Subscription|Microsoft 365 Business Premium or Microsoft 365 for Campaigns <br/><br/> To start a trial or purchase your subscription, see the following resources: <ul><li>[Get Microsoft 365 Business Premium](m365-business-premium-setup.md#sign-up-for-microsoft-365-business-premium)</li><li>[Get Microsoft 365 for Campaigns](#get-microsoft-365-for-campaigns)</li></ul>|
+|Permissions|To complete the initial setup process, you must be a Global Admin. [Learn more about admin roles](../admin/add-users/about-admin-roles.md).|
+|Browser requirements|Microsoft Edge, Safari, Chrome or Firefox. [Learn more about browser requirements](https://www.microsoft.com/microsoft-365/microsoft-365-and-office-resources#coreui-heading-uyetipy).|
+|Operating systems (client)|**Windows**: Windows 10 or 11 Pro <br/> **macOS**: One of the three most recent versions of macOS|
+|Operating systems (servers)|Windows Server or Linux Server <br/> (Requires an additional license, such as [Microsoft Defender for Business servers](../security/defender-business/get-defender-business.md#how-to-get-microsoft-defender-for-business-servers).)|
> [!TIP] > For more detailed information about Microsoft 365, Office, and system requirements, see [Microsoft 365 and Office Resources](https://www.microsoft.com/microsoft-365/microsoft-365-and-office-resources).
business-premium M365bp Avoid Phishing And Attacks https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-avoid-phishing-and-attacks.md
f1.keywords:
- NOCSH -+ ms.audience: Admin Last updated 10/26/2023 ms.localizationpriority: medium-+ - M365-Campaigns - m365solution-smb - highpri
In addition to the protection Microsoft 365 Business Premium offers against atta
- **Spam or junk mail**. There are many reasons you might receive junk e-mail and not all junk mail is the same. However, you can reduce what gets through to you, and thus reduce the risks of attacks, by filtering out junk mail. - **Phishing**. A phishing scam is an email that seems legitimate but is an attempt to get your personal information or steal your money.-- **Spoofing**. Scammers can also use a technique called spoofing to make it appear as if you've received an email from yourself. -- **Malware** is malicious software that can be installed on your computer after you've selected a link or opened a document from an email. There are various types of malware (for example, ransomware, when your computer is taken over), but you don't want to have any of them.
+- **Spoofing**. Scammers can also use a technique called spoofing to make it appear as if you've received an email from yourself.
+- **Malware** is malicious software that can be installed on your computer after you've selected a link or opened a document from an email. There are various types of malware (for example, ransomware, when your computer is taken over), but you don't want to have any of them.
## Best practices
Learn more about how to:
- [Keep your files and communications safe with Office](https://support.microsoft.com/en-us/office/keep-your-files-and-communications-safe-with-office-c4ddc381-7395-42da-887c-8836a3bb975f). - [Stay secure and private at work](https://support.office.com/article/stay-secure-and-private-at-work-104c7d91-b25a-453d-beee-ba64b6c6fc2d).
-
+ ## Next step
-Learn how to [send encrypted email](m365bp-use-labels-encryption.md).
+Learn how to [send encrypted email](m365bp-use-labels-encryption.md).
business-premium M365bp Collaborate Share Securely https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-collaborate-share-securely.md
f1.keywords:
- NOCSH -+ audience: Admin Last updated 01/12/2024 ms.localizationpriority: medium-+ - M365-Campaigns - m365solution-smb - m365-security
description: "An overview on how to collaborate and share files and communicate
:::image type="content" source="media/mission5.png" alt-text="Diagram with Collaborate And Share Securely highlighted.":::
-The best way to collaborate and share securely is to use Microsoft Teams, and Teams is included in Microsoft 365 Business Premium. With Teams, all your files and communications are in a protected environment. With Teams, you can help set up and configure secure file sharing and communication within your organization.
+The best way to collaborate and share securely is to use Microsoft Teams, and Teams is included in Microsoft 365 Business Premium. With Teams, all your files and communications are in a protected environment. With Teams, you can help set up and configure secure file sharing and communication within your organization.
Your steps are to:
business-premium M365bp Device Groups Mdb https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-device-groups-mdb.md
description: "Learn about device groups and how to apply policies with Intune in
search.appverid: MET150 -+ audience: Admin Last updated 07/19/2023 ms.localizationpriority: medium -
+f1.keywords: NOCSH
+ - SMB - m365-security - tier1
# Device groups and categories in Microsoft 365 Business Premium
-Microsoft 365 Business Premium includes endpoint protection through Microsoft Defender for Business and Microsoft Intune. Device protection policies are applied to devices through certain collections that are called device groups. In Intune, devices are grouped into device categories as a different way of organizing them.
+Microsoft 365 Business Premium includes endpoint protection through Microsoft Defender for Business and Microsoft Intune. Device protection policies are applied to devices through certain collections that are called device groups. In Intune, devices are grouped into device categories as a different way of organizing them.
## Working with device groups
You can also go to the Microsoft Entra ID portal ([https://entra.microsoft.com](
In the Microsoft Entra ID portal, you can create dynamic groups based on the device category and device category name. Use dynamic group rules to automatically add and remove devices. If a device's attributes change, the system looks at your dynamic group rules for the directory to see if the device meets the rule requirements (is added) or no longer meets the rules requirements (is removed).
-You can create a dynamic group for either devices or users, but not for both. You also can't create a device group based on the device owners' attributes. Device membership rules can only reference device attributions.
+You can create a dynamic group for either devices or users, but not for both. You also can't create a device group based on the device owners' attributes. Device membership rules can only reference device attributions.
## How categories are used when enrolling devices
After categories and device groups are established, people who have iOS and Andr
After choosing a category, the device is automatically added to the corresponding group. If a device is already enrolled before you configure categories, the user sees a notification about the device on the Company Portal website. This lets the user know to select a category the next time they access the Company Portal app on iOS/iPadOS or Android. > [!NOTE]
+>
> - You can edit a device category in the Microsoft Entra ID portal, but you must manually update any security groups that reference this category. > - If you delete a category, devices assigned to it display the category name **Unassigned**. ## View the categories of devices that you manage
-1. Sign in to the [Microsoft Intune admin center](https://intune.microsoft.com), choose **Devices** > **All devices**.
+1. Sign in to the [Microsoft Intune admin center](https://intune.microsoft.com), choose **Devices** \> **All devices**.
2. In the list of devices, examine the **Device category** column.
-3. If the Device category column isn't shown, select **Columns** > **Category** > **Apply**.
+3. If the Device category column isn't shown, select **Columns** \> **Category** \> **Apply**.
## Change the category of a device
-1. Sign in to the [Microsoft Intune admin center](https://intune.microsoft.com), choose **Devices** > **All devices**.
+1. Sign in to the [Microsoft Intune admin center](https://intune.microsoft.com), choose **Devices** \> **All devices**.
2. Select the category you want from the list, to see its properties.
business-premium M365bp Device States https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-device-states.md
f1.keywords:
- NOCSH -+ audience: Admin Last updated 10/26/2022 ms.localizationpriority: medium-+ - tier1 - MiniMaven
You can view and monitor device health state by using Defender for Business capa
:::image type="content" source="../medib-deviceinventory.png" alt-text="Screenshot of device inventory in Defender for Business":::
-1. Go to the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) and sign in.
+1. Go to the Microsoft Defender portal (<https://security.microsoft.com>) and sign in.
2. In the navigation pane, go to **Assets** > **Devices**. A list of devices that were onboarded to Defender for Business displays. 3. Select a device to view more information and available actions. :::image type="content" source="../medib-selected-device.png" alt-text="Screenshot showing a selected device with details and actions available":::
-
## See also
business-premium M365bp Intune Admin Roles In The Mac https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-intune-admin-roles-in-the-mac.md
f1.keywords:
- CSH -+ audience: Admin Last updated 01/12/2024 ms.localizationpriority: medium-+ - tier1 description: "The Microsoft 365 admin center lets you manage some Microsoft Intune roles, which map to business functions and give permissions to do specific tasks."
description: "The Microsoft 365 admin center lets you manage some Microsoft Intu
Your Microsoft 365 or Office 365 subscription comes with a set of admin roles that you can assign to any users in your organization using the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>. Each admin role maps to common business functions and gives people in your organization permissions to do specific tasks in the admin centers. Given this, these roles are only a subset of all the roles available in the Intune admin center, which includes additional roles specific to Intune itself.
-Before adding specific Intune roles, roles must be assigned in Microsoft Entra ID. To see these roles, sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) > Tenant administration > Roles > All roles >**. You can manage the role on the following pages:
+Before adding specific Intune roles, roles must be assigned in Microsoft Entra ID. To see these roles, sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) \> **Tenant administration** \> **Roles** \> **All roles**. You can manage the role on the following pages:
- Properties: The name, description, permissions, and scope tags for the role. - Assignments: A list of role assignments defining which users have access to which users or devices. A role can have multiple assignments, and a user can be in multiple assignments.
Find more information on [Microsoft Entra roles and RBAC](/azure/active-director
## Microsoft Intune built-in roles
-Built-in roles use pre-defined rules based on common Intune scenarios. Alternatively, custom roles are built upon rules that are strictly defined by you.
+Built-in roles use pre-defined rules based on common Intune scenarios. Alternatively, custom roles are built upon rules that are strictly defined by you.
Here are the built-in roles that you can assign:
-|Admin role |Who should be assigned this role? |
-|||
-|**Application manager** | Assign the Application manager role to users who manage the application lifecycle for mobile apps, configure policy-managed apps, and view device info and configuration profiles. |
-|**Help desk operator** | Assign the help desk operator role to users who assign apps and policies to users and devices. |
-|**Intune role administrator** | Assign the Intune role administrator to users who can assign Intune permissions to other admins and can manage custom and built in Intune roles. |
-|**Policy and profile manager** | Assign the policy and profile manager role to users manage compliance policy, configuration profiles and Apple enrollment. |
-|**Read only operator** | Assign the read only operator role to users who can only view users, devices, enrollment details and configurations. |
-|**School administrator** | Assign the school administrator role to users for full access to manage Windows 10-11 and iOS devices, apps, and configurations in Intune for Education. |
-|**Cloud PC Administrator** | A Cloud PC Administrator has read and write access to all Cloud PC features located within the Cloud PC blade. |
-|**Cloud PC Reader** | A Cloud PC Reader has read access to all Cloud PC features located within the Cloud PC blade. |
+|Admin role|Who should be assigned this role?|
+|||
+|**Application manager**|Assign the Application manager role to users who manage the application lifecycle for mobile apps, configure policy-managed apps, and view device info and configuration profiles.|
+|**Help desk operator**|Assign the help desk operator role to users who assign apps and policies to users and devices.|
+|**Intune role administrator**|Assign the Intune role administrator to users who can assign Intune permissions to other admins and can manage custom and built in Intune roles.|
+|**Policy and profile manager**|Assign the policy and profile manager role to users manage compliance policy, configuration profiles and Apple enrollment.|
+|**Read only operator**|Assign the read only operator role to users who can only view users, devices, enrollment details and configurations.|
+|**School administrator**|Assign the school administrator role to users for full access to manage Windows 10-11 and iOS devices, apps, and configurations in Intune for Education.|
+|**Cloud PC Administrator**|A Cloud PC Administrator has read and write access to all Cloud PC features located within the Cloud PC blade.|
+|**Cloud PC Reader**|A Cloud PC Reader has read access to all Cloud PC features located within the Cloud PC blade.|
## Microsoft Intune custom roles
To copy a role:
1. After you've made all the changes that you want, choose Next to get to the Review + create page. Select **Create**.
-> [!Note]
->To be able to administer Intune you must have an Intune license assigned. Alternatively, you can allow non-licensed users to administer Intune by setting **Allow access to unlicensed admins** to **Yes**.
+ > [!NOTE]
+ > To be able to administer Intune you must have an Intune license assigned. Alternatively, you can allow non-licensed users to administer Intune by setting **Allow access to unlicensed admins** to **Yes**.
## How to assign a role
You can assign a built-in or custom role to an Intune user. To create, edit, or
## Delegated administration for Microsoft Partners If you're working with a Microsoft partner, you can assign them admin roles. They, in turn, can assign users in your company - or their company - admin roles. You might want them to do this, for example, if they're setting up and managing your online organization for you.
-
+ A partner can assign these roles:
-
+ - Full administration, which has privileges equivalent to a global admin, except for managing multi-factor authentication through the Partner Center. - Limited administration, which has privileges equivalent to a helpdesk admin. Before the partner can assign these roles to users, you must add the partner as a delegated admin to your account. This process is initiated by an authorized partner. The partner sends you an email to ask you if you want to give them permission to act as a delegated admin. For instructions, see [Authorize or remove partner relationships](../admin/misc/add-partner.md).
-
+ ## See also
-[Resources for Microsoft partners working with small and medium-sized businesses](../security/defender-business/mdb-partners.md)
+[Resources for Microsoft partners working with small and medium-sized businesses](../security/defender-business/mdb-partners.md)
business-premium M365bp Managed Unmanaged Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-managed-unmanaged-devices.md
Title: Secure managed and unmanaged devices
-description: Identify personal, unmanaged devices and company-owned devices, and learn how to secure them.
+ Title: Secure managed and unmanaged devices
+description: Identify personal, unmanaged devices and company-owned devices, and learn how to secure them.
-+ Last updated 10/26/2023 -
+ms.localizationpriority: medium
+ - M365-Campaigns - m365solution-smb - highpri
- tier1 search.appverid: MET150
+f1.keywords: NOCSH
audience: Admin # Secure managed and unmanaged devices
-An important part of your security strategy is protecting the devices your employees use to access company data. Such devices include computers, tablets, and phones. Your organization's IT or security team, together with device users, can take steps to protect data and managed or unmanaged devices.
+An important part of your security strategy is protecting the devices your employees use to access company data. Such devices include computers, tablets, and phones. Your organization's IT or security team, together with device users, can take steps to protect data and managed or unmanaged devices.
-- **Managed devices** are typically company-owned devices that are usually set up and configured by your company's IT or security team.
+- **Managed devices** are typically company-owned devices that are usually set up and configured by your company's IT or security team.
- **Unmanaged devices**, also referred to as bring-your-own devices, or *BYOD*, tend to be personally owned devices that employees set up and use. Unmanaged devices can be onboarded and protected just like managed devices. Or, if you prefer, users can take steps to protect their BYOD devices themselves. - ## [**Managed devices**](#tab/Managed)
-
-To protect managed devices, your organization's IT or security team can:
+
+To protect managed devices, your organization's IT or security team can:
- **Use Windows Autopilot to get a user's Windows device ready for first use**. With Autopilot you can install business critical apps, apply policies, and enable features like BitLocker before the device is given to a user. You can also use Autopilot to reset, repurpose, and recover Windows devices. To learn more, see [Windows Autopilot](/mem/autopilot/windows-autopilot).-- **Upgrade Windows devices from previous versions of Windows to Windows 10 Pro or Windows 11 Pro**. Before onboarding, Windows client devices should be running Windows 10 Pro or Enterprise, or Windows 11 Pro or Enterprise. If your organization has Windows devices running Windows 7 Pro, Windows 8 Pro, or Windows 8.1 Pro, your Microsoft 365 Business Premium subscription entitles you to upgrade those devices at no additional cost. To learn more, see [Upgrade Windows devices to Windows 10 or 11 Pro](m365bp-upgrade-windows-pro.md).
+- **Upgrade Windows devices from previous versions of Windows to Windows 10 Pro or Windows 11 Pro**. Before onboarding, Windows client devices should be running Windows 10 Pro or Enterprise, or Windows 11 Pro or Enterprise. If your organization has Windows devices running Windows 7 Pro, Windows 8 Pro, or Windows 8.1 Pro, your Microsoft 365 Business Premium subscription entitles you to upgrade those devices at no additional cost. To learn more, see [Upgrade Windows devices to Windows 10 or 11 Pro](m365bp-upgrade-windows-pro.md).
- **Onboard devices and protect them with [mobile threat defense](../security/defender-business/mdb-mtd.md) capabilities**. Microsoft Defender for Business is included with Microsoft 365 Business Premium. It includes advanced protection from ransomware, malware, phishing, and other threats. If you prefer to use [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) instead, you can use Intune to enroll and manage devices. To learn more, see [Onboard devices to Microsoft Defender for Business](m365bp-onboard-devices-mdb.md).-- **View and monitor device health in the Microsoft Defender portal** ([https://security.microsoft.com](https://security.microsoft.com)). You can view details, such as health state and exposure level for all onboarded devices. You can also take actions, such as running an antivirus scan or starting an automated investigation on a device that has detected threats or vulnerabilities. To learn more, see [Monitor onboarded devices](m365bp-device-states.md) and [Review detected threats](m365bp-review-threats-take-action.md).
+- **View and monitor device health in the Microsoft Defender portal** ([https://security.microsoft.com](https://security.microsoft.com)). You can view details, such as health state and exposure level for all onboarded devices. You can also take actions, such as running an antivirus scan or starting an automated investigation on a device that has detected threats or vulnerabilities. To learn more, see [Monitor onboarded devices](m365bp-device-states.md) and [Review detected threats](m365bp-review-threats-take-action.md).
For their part in protecting managed devices, users can: -- **Use the Microsoft Authenticator app to sign in**. The Microsoft Authenticator app works with all accounts that use multi-factor authentication (MFA). To learn more, see [Download and install the Microsoft Authenticator app](https://support.microsoft.com/en-us/account-billing/download-and-install-the-microsoft-authenticator-app-351498fc-850a-45da-b7b6-27e523b8702a).-- **Join their devices to your organization's network**. Users can follow a process to register their device, set up MFA, and complete the sign-in process using their account. To learn more, see [Join your work device to your work or school network](https://support.microsoft.com/en-us/account-billing/join-your-work-device-to-your-work-or-school-network-ef4d6adb-5095-4e51-829e-5457430f3973).-- **Make sure antivirus/antimalware software is installed and up to date on all devices**. Once devices are onboarded, antivirus, antimalware, and other threat protection capabilities are configured for those devices. Users are prompted to install updates as they come in. To learn more, see See [Keep your PC up to date](https://support.microsoft.com/en-us/windows/keep-your-pc-up-to-date-de79813c-7919-5fed-080f-0871c7bd9bde).
+- **Use the Microsoft Authenticator app to sign in**. The Microsoft Authenticator app works with all accounts that use multi-factor authentication (MFA). To learn more, see [Download and install the Microsoft Authenticator app](https://support.microsoft.com/account-billing/download-and-install-the-microsoft-authenticator-app-351498fc-850a-45da-b7b6-27e523b8702a).
+- **Join their devices to your organization's network**. Users can follow a process to register their device, set up MFA, and complete the sign-in process using their account. To learn more, see [Join your work device to your work or school network](https://support.microsoft.com/account-billing/join-your-work-device-to-your-work-or-school-network-ef4d6adb-5095-4e51-829e-5457430f3973).
+- **Make sure antivirus/antimalware software is installed and up to date on all devices**. Once devices are onboarded, antivirus, antimalware, and other threat protection capabilities are configured for those devices. Users are prompted to install updates as they come in. To learn more, see See [Keep your PC up to date](https://support.microsoft.com/windows/keep-your-pc-up-to-date-de79813c-7919-5fed-080f-0871c7bd9bde).
To learn more about protecting managed devices, see [Set up and secure managed devices](m365bp-protect-managed-devices.md).
To protect unmanaged devices, such as BYOD devices, your organization's IT or se
- **Encourage users to keep their antivirus protection turned on and up to date**. Devices should have the latest technology and features needed to protect against new malware and attack techniques. Microsoft regularly releases security intelligence updates and product updates. To learn more, see [Microsoft Defender Antivirus security intelligence and product updates](../security/defender-endpoint/microsoft-defender-antivirus-updates.md). - **Consider onboarding unmanaged devices and protecting them with [mobile threat defense](../security/defender-business/mdb-mtd.md) capabilities**. Or, if you prefer to use [Microsoft Intune](/mem/intune/fundamentals/what-is-intune), you can use Intune to enroll and manage devices. To learn more, see [Onboard devices to Microsoft Defender for Business](m365bp-onboard-devices-mdb.md).-- **View and monitor device health in the Microsoft Defender portal** ([https://security.microsoft.com](https://security.microsoft.com)). After devices are onboarded to Defender for Business (or Intune), you can view details, such as health state and exposure level for onboarded devices. You can also take actions, such as running an antivirus scan or starting an automated investigation on a device that has detected threats or vulnerabilities. To learn more, see [Monitor onboarded devices](m365bp-device-states.md) and [Review detected threats](m365bp-review-threats-take-action.md).
+- **View and monitor device health in the Microsoft Defender portal** ([https://security.microsoft.com](https://security.microsoft.com)). After devices are onboarded to Defender for Business (or Intune), you can view details, such as health state and exposure level for onboarded devices. You can also take actions, such as running an antivirus scan or starting an automated investigation on a device that has detected threats or vulnerabilities. To learn more, see [Monitor onboarded devices](m365bp-device-states.md) and [Review detected threats](m365bp-review-threats-take-action.md).
For their part in protecting unmanaged devices, users can: - **Turn on encryption and firewall protection**. Disk encryption protects data when devices are lost or stolen. Firewall protection helps protect devices from unwanted contact initiated by other computers when you're connected to the Internet or a network. To learn more, see [Protect unmanaged Windows PCs and Macs in Microsoft 365 Business Premium](m365bp-protect-pcs-macs.md).-- **Make sure antivirus/antimalware software is installed and up to date on all devices**. To learn more, see [Stay protected with Windows Security](https://support.microsoft.com/en-us/windows/stay-protected-with-windows-security-2ae0363d-0ada-c064-8b56-6a39afb6a963).-- **Keep their devices up to date with operating system and application updates**. To learn more, see [Keep your PC up to date](https://support.microsoft.com/en-us/windows/keep-your-pc-up-to-date-de79813c-7919-5fed-080f-0871c7bd9bde).
+- **Make sure antivirus/antimalware software is installed and up to date on all devices**. To learn more, see [Stay protected with Windows Security](https://support.microsoft.com/windows/stay-protected-with-windows-security-2ae0363d-0ada-c064-8b56-6a39afb6a963).
+- **Keep their devices up to date with operating system and application updates**. To learn more, see [Keep your PC up to date](https://support.microsoft.com/windows/keep-your-pc-up-to-date-de79813c-7919-5fed-080f-0871c7bd9bde).
- **Consider allowing their devices to be managed by your security team**. Microsoft 365 Business Premium includes advanced protection from ransomware, malware, phishing, and other threats. To learn more, select the **Managed devices** tab (in this article). To learn more about protecting unmanaged devices, see [Set up unmanaged (BYOD) devices](m365bp-set-up-unmanaged-devices.md).
To learn more about protecting unmanaged devices, see [Set up unmanaged (BYOD) d
- [Set up information protection capabilities](m365bp-set-up-compliance.md) - [Set up BYOD devices](m365bp-set-up-unmanaged-devices.md) or [Set up and secure managed devices](m365bp-protect-managed-devices.md) - [Use email securely](m365bp-use-email-securely.md)-- [Collaborate and share securely](m365bp-collaborate-share-securely.md)
+- [Collaborate and share securely](m365bp-collaborate-share-securely.md)
business-premium M365bp Mdb Maintain Environment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-mdb-maintain-environment.md
f1.keywords:
- NOCSH -+ audience: Admin Last updated 01/12/2024 ms.localizationpriority: medium-+ - M365-Campaigns - m365solution-smb - highpri
description: "Keep your systems, devices, user accounts, and security policies u
# Monitor and maintain Microsoft 365 Business Premium and Defender for Business
-After you have set up and configured [Microsoft 365 Business Premium](m365bp-overview.md) or the standalone version of [Microsoft Defender for Business](../security/defender-business/mdb-overview.md), your next step is to prepare a plan for maintenance and operations. It's important to keep your systems, devices, user accounts, and security policies up to date to help protect against cyberattacks. You can use this article as a guide to prepare your plan.
+After you have set up and configured [Microsoft 365 Business Premium](m365bp-overview.md) or the standalone version of [Microsoft Defender for Business](../security/defender-business/mdb-overview.md), your next step is to prepare a plan for maintenance and operations. It's important to keep your systems, devices, user accounts, and security policies up to date to help protect against cyberattacks. You can use this article as a guide to prepare your plan.
As you prepare your plan, you can organize the various tasks into two main categories, as listed in the following table:
-| Task type | Sections |
+|Task type|Sections|
|||
-| **[Security tasks](#security-tasks)** | [Daily security tasks](#daily-security-tasks) <br/>[Weekly security tasks](#weekly-security-tasks)<br/>[Monthly security tasks](#monthly-security-tasks)<br/>[Security tasks to perform as needed](#security-tasks-to-perform-as-needed) |
-| **[General admin tasks](#general-admin-tasks)** | [Admin center tasks](#admin-center-tasks)<br/>[Users, groups, and passwords](#users-groups-and-passwords)<br/>[Email and calendars](#email-and-calendars)<br/>[Devices](#devices)<br/>[Subscriptions and billing](#subscriptions-and-billing) |
+|**[Security tasks](#security-tasks)**|[Daily security tasks](#daily-security-tasks) <br/>[Weekly security tasks](#weekly-security-tasks)<br/>[Monthly security tasks](#monthly-security-tasks)<br/>[Security tasks to perform as needed](#security-tasks-to-perform-as-needed)|
+|**[General admin tasks](#general-admin-tasks)**|[Admin center tasks](#admin-center-tasks)<br/>[Users, groups, and passwords](#users-groups-and-passwords)<br/>[Email and calendars](#email-and-calendars)<br/>[Devices](#devices)<br/>[Subscriptions and billing](#subscriptions-and-billing)|
## Security tasks
Security tasks are typically performed by security administrators and security o
### [**Microsoft 365 Business Premium**](#tab/M365BP)
-| Task | Description |
-|||
-| Check your threat vulnerability management dashboard | Get a snapshot of threat vulnerability by looking at your vulnerability management dashboard, which reflects how vulnerable your organization is to cybersecurity threats. A high exposure score means your devices are more vulnerable to exploitation. <br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, select **Vulnerability management > Dashboard**.<br/><br/>2. Take a look at your **Organization exposure score**. If it's in the acceptable or "High" range, you can move on. If it isn't, select **Improve score** to see more details and security recommendations to improve this score. <br/><br/>Being aware of your exposure score helps you to:<br/>- Quickly understand and identify high-level takeaways about the state of security in your organization<br/>- Detect and respond to areas that require investigation or action to improve the current state<br/>- Communicate with peers and management about the impact of security efforts |
-| Review pending actions in the Action center | As threats are detected, [remediation actions](#remediation-actions-for-devices) come into play. Depending on the particular threat and how your security settings are configured, remediation actions might be taken automatically or only upon approval, which is why these should be monitored regularly. Remediation actions are tracked in the Action center.<br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Action center**.<br/><br/>2. Select the **Pending** tab to view and approve (or reject) any pending actions. Such actions can arise from antivirus or antimalware protection, automated investigations, manual response activities, or live response sessions.<br/><br/>3. Select the **History** tab to view a list of completed actions.|
-| Review devices with threat detections | When threats are detected on devices, your security team needs to know so that any needed actions, such as isolating a device, can be taken promptly. <br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Reports > General > Security report**.<br/><br/>2. Scroll down to the **Vulnerable devices** row. If threats were detected on devices, you can see that information in this row.|
-| Learn about new incidents or alerts | As threats are detected and alerts are triggered, incidents are created. Your company's security team can view and manage incidents in the Microsoft Defender portal.<br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation menu, select **Incidents**. Incidents are displayed on the page with associated alerts.<br/><br/>2. Select an alert to open its flyout pane, where you can learn more about the alert.<br/><br/>3. In the flyout, you can see the alert title, view a list of assets (such as endpoints or user accounts) that were affected, take available actions, and use links to view more information and even open the details page for the selected alert. |
-| Run a scan or automated investigation | Your security team can initiate a scan or an automated investigation on a device that has a high risk level or detected threats. Depending on the results of the scan or automated investigation, [remediation actions](#remediation-actions-for-devices) can occur automatically or upon approval.<br/><br/>1. In the Microsoft Defender portal (https://security.microsoft.com), in the navigation pane, choose **Assets** > **Devices**.<br/><br/>2. Select a device to open its flyout panel, and review the information that is displayed.<br/>- Select the ellipsis (...) to open the actions menu.<br/>- Select an action, such as **Run antivirus scan** or **Initiate Automated Investigation**. |
+|Task|Description|
+|||
+|Check your threat vulnerability management dashboard|Get a snapshot of threat vulnerability by looking at your vulnerability management dashboard, which reflects how vulnerable your organization is to cybersecurity threats. A high exposure score means your devices are more vulnerable to exploitation. <br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, select **Vulnerability management > Dashboard**.<br/><br/>2. Take a look at your **Organization exposure score**. If it's in the acceptable or "High" range, you can move on. If it isn't, select **Improve score** to see more details and security recommendations to improve this score. <br/><br/>Being aware of your exposure score helps you to:<br/>- Quickly understand and identify high-level takeaways about the state of security in your organization<br/>- Detect and respond to areas that require investigation or action to improve the current state<br/>- Communicate with peers and management about the impact of security efforts|
+|Review pending actions in the Action center|As threats are detected, [remediation actions](#remediation-actions-for-devices) come into play. Depending on the particular threat and how your security settings are configured, remediation actions might be taken automatically or only upon approval, which is why these should be monitored regularly. Remediation actions are tracked in the Action center.<br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Action center**.<br/><br/>2. Select the **Pending** tab to view and approve (or reject) any pending actions. Such actions can arise from antivirus or antimalware protection, automated investigations, manual response activities, or live response sessions.<br/><br/>3. Select the **History** tab to view a list of completed actions.|
+|Review devices with threat detections|When threats are detected on devices, your security team needs to know so that any needed actions, such as isolating a device, can be taken promptly. <br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Reports > General > Security report**.<br/><br/>2. Scroll down to the **Vulnerable devices** row. If threats were detected on devices, you can see that information in this row.|
+|Learn about new incidents or alerts|As threats are detected and alerts are triggered, incidents are created. Your company's security team can view and manage incidents in the Microsoft Defender portal.<br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation menu, select **Incidents**. Incidents are displayed on the page with associated alerts.<br/><br/>2. Select an alert to open its flyout pane, where you can learn more about the alert.<br/><br/>3. In the flyout, you can see the alert title, view a list of assets (such as endpoints or user accounts) that were affected, take available actions, and use links to view more information and even open the details page for the selected alert.|
+|Run a scan or automated investigation|Your security team can initiate a scan or an automated investigation on a device that has a high risk level or detected threats. Depending on the results of the scan or automated investigation, [remediation actions](#remediation-actions-for-devices) can occur automatically or upon approval.<br/><br/>1. In the Microsoft Defender portal (https://security.microsoft.com), in the navigation pane, choose **Assets** > **Devices**.<br/><br/>2. Select a device to open its flyout panel, and review the information that is displayed.<br/>- Select the ellipsis (...) to open the actions menu.<br/>- Select an action, such as **Run antivirus scan** or **Initiate Automated Investigation**.|
### [**Defender for Business**](#tab/MDB)
-| Task | Description |
-|||
-| **Check your threat vulnerability management dashboard** | Get a snapshot of threat vulnerability by looking at your vulnerability management dashboard, which reflects how vulnerable your organization is to cybersecurity threats. A high exposure score means your devices are more vulnerable to exploitation. <br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, select **Vulnerability management > Dashboard**.<br/><br/>2. Take a look at your **Organization exposure score**. If it's in the acceptable or "High" range, you can move on. If it isn't, select **Improve score** to see more details and security recommendations to improve this score. <br/><br/>Being aware of your exposure score helps you to:<br/>- Quickly understand and identify high-level takeaways about the state of security in your organization<br/>- Detect and respond to areas that require investigation or action to improve the current state<br/>- Communicate with peers and management about the impact of security efforts |
-| **Review pending actions in the Action center** | As threats are detected, [remediation actions](#remediation-actions-for-devices) come into play. Depending on the particular threat and how your security settings are configured, remediation actions might be taken automatically or only upon approval, which is why these should be monitored regularly. Remediation actions are tracked in the Action center.<br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Action center**.<br/><br/>2. Select the **Pending** tab to view and approve (or reject) any pending actions. Such actions can arise from antivirus or antimalware protection, automated investigations, manual response activities, or live response sessions.<br/><br/>3. Select the **History** tab to view a list of completed actions.|
-| **Review devices with threat detections** | When threats are detected on devices, your security team needs to know so that any needed actions, such as isolating a device, can be taken promptly. <br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Reports > General > Security report**.<br/><br/>2. Scroll down to the **Vulnerable devices** row. If threats were detected on devices, you can see that information in this row.|
-| **Learn about new incidents or alerts** | As threats are detected and alerts are triggered, incidents are created. Your company's security team can view and manage incidents in the Microsoft Defender portal.<br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation menu, select **Incidents**. Incidents are displayed on the page with associated alerts.<br/><br/>2. Select an alert to open its flyout pane, where you can learn more about the alert.<br/><br/>3. In the flyout, you can see the alert title, view a list of assets (such as endpoints or user accounts) that were affected, take available actions, and use links to view more information and even open the details page for the selected alert. |
-| **Run a scan or automated investigation** | Your security team can initiate a scan or an automated investigation on a device that has a high risk level or detected threats. Depending on the results of the scan or automated investigation, [remediation actions](#remediation-actions-for-devices) can occur automatically or upon approval.<br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Assets** > **Devices**.<br/><br/>2. Select a device to open its flyout panel, and review the information that is displayed.<br/>- Select the ellipsis (...) to open the actions menu.<br/>- Select an action, such as **Run antivirus scan** or **Initiate Automated Investigation**. |
-
+|Task|Description|
+|||
+|**Check your threat vulnerability management dashboard**|Get a snapshot of threat vulnerability by looking at your vulnerability management dashboard, which reflects how vulnerable your organization is to cybersecurity threats. A high exposure score means your devices are more vulnerable to exploitation. <br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, select **Vulnerability management > Dashboard**.<br/><br/>2. Take a look at your **Organization exposure score**. If it's in the acceptable or "High" range, you can move on. If it isn't, select **Improve score** to see more details and security recommendations to improve this score. <br/><br/>Being aware of your exposure score helps you to:<br/>- Quickly understand and identify high-level takeaways about the state of security in your organization<br/>- Detect and respond to areas that require investigation or action to improve the current state<br/>- Communicate with peers and management about the impact of security efforts|
+|**Review pending actions in the Action center**|As threats are detected, [remediation actions](#remediation-actions-for-devices) come into play. Depending on the particular threat and how your security settings are configured, remediation actions might be taken automatically or only upon approval, which is why these should be monitored regularly. Remediation actions are tracked in the Action center.<br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Action center**.<br/><br/>2. Select the **Pending** tab to view and approve (or reject) any pending actions. Such actions can arise from antivirus or antimalware protection, automated investigations, manual response activities, or live response sessions.<br/><br/>3. Select the **History** tab to view a list of completed actions.|
+|**Review devices with threat detections**|When threats are detected on devices, your security team needs to know so that any needed actions, such as isolating a device, can be taken promptly. <br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Reports > General > Security report**.<br/><br/>2. Scroll down to the **Vulnerable devices** row. If threats were detected on devices, you can see that information in this row.|
+|**Learn about new incidents or alerts**|As threats are detected and alerts are triggered, incidents are created. Your company's security team can view and manage incidents in the Microsoft Defender portal.<br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation menu, select **Incidents**. Incidents are displayed on the page with associated alerts.<br/><br/>2. Select an alert to open its flyout pane, where you can learn more about the alert.<br/><br/>3. In the flyout, you can see the alert title, view a list of assets (such as endpoints or user accounts) that were affected, take available actions, and use links to view more information and even open the details page for the selected alert.|
+|**Run a scan or automated investigation**|Your security team can initiate a scan or an automated investigation on a device that has a high risk level or detected threats. Depending on the results of the scan or automated investigation, [remediation actions](#remediation-actions-for-devices) can occur automatically or upon approval.<br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Assets** > **Devices**.<br/><br/>2. Select a device to open its flyout panel, and review the information that is displayed.<br/>- Select the ellipsis (...) to open the actions menu.<br/>- Select an action, such as **Run antivirus scan** or **Initiate Automated Investigation**.|
Security tasks are typically performed by security administrators and security o
### [**Microsoft 365 Business Premium**](#tab/M365BP)
-| Task | Description |
-|||
-| **Monitor and improve your Microsoft Secure Score** | Microsoft Secure Score is a measurement of your organization's security posture. Higher numbers indicate that fewer improvement actions are needed. By using Secure Score, you can: <br/>- Report on the current state of your organization's security posture.<br/>- Improve your security posture by providing discoverability, visibility, guidance, and control.<br/>- Compare with benchmarks and establish key performance indicators (KPIs).<br/><br/>To check your score, follow these steps:<br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane choose **Secure score**. <br/><br/>2. Review and make decisions about the remediations and actions in order to improve your overall Microsoft secure score. |
-| **Improve your Secure Score for devices** | Improve your security configuration by remediating issues using the security recommendations list. As you do so, your Microsoft Secure Score for Devices improves and your organization becomes more resilient against cybersecurity threats and vulnerabilities going forward. It's always worth the time it takes to review and improve your score.<br/><br/>To check your secure score, follow these steps: <br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane select **Secure score**.<br/><br/>2. From the **Microsoft Secure Score for Devices** card in the Defender Vulnerability Management dashboard, select one of the categories. A list of recommendations related to that category displays, along with recommendations.<br/><br/>3.Select an item on the list to display details related to the recommendation.<br/><br/>4. Select **Remediation options**.<br/><br/>5. Read the description to understand the context of the issue and what to do next. Choose a due date, add notes, and select **Export all remediation activity data to CSV** so you can attach it to an email for follow-up. A confirmation message tells you the remediation task has been created.<br/><br/>6. Send a follow-up email to your IT Administrator and allow for the time that you've allotted for the remediation to propagate in the system.<br/><br/>7. Return to the Microsoft Secure Score for Devices card on the dashboard. The number of security controls recommendations has decreased as a result of your actions.<br/><br/>8. Select **Security controls** to go back to the Security recommendations page. The item that you addressed isn't listed there anymore, which results in your Microsoft secure score improving. |
+|Task|Description|
+|||
+|**Monitor and improve your Microsoft Secure Score**|Microsoft Secure Score is a measurement of your organization's security posture. Higher numbers indicate that fewer improvement actions are needed. By using Secure Score, you can: <br/>- Report on the current state of your organization's security posture.<br/>- Improve your security posture by providing discoverability, visibility, guidance, and control.<br/>- Compare with benchmarks and establish key performance indicators (KPIs).<br/><br/>To check your score, follow these steps:<br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane choose **Secure score**. <br/><br/>2. Review and make decisions about the remediations and actions in order to improve your overall Microsoft secure score.|
+|**Improve your Secure Score for devices**|Improve your security configuration by remediating issues using the security recommendations list. As you do so, your Microsoft Secure Score for Devices improves and your organization becomes more resilient against cybersecurity threats and vulnerabilities going forward. It's always worth the time it takes to review and improve your score.<br/><br/>To check your secure score, follow these steps: <br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane select **Secure score**.<br/><br/>2. From the **Microsoft Secure Score for Devices** card in the Defender Vulnerability Management dashboard, select one of the categories. A list of recommendations related to that category displays, along with recommendations.<br/><br/>3.Select an item on the list to display details related to the recommendation.<br/><br/>4. Select **Remediation options**.<br/><br/>5. Read the description to understand the context of the issue and what to do next. Choose a due date, add notes, and select **Export all remediation activity data to CSV** so you can attach it to an email for follow-up. A confirmation message tells you the remediation task has been created.<br/><br/>6. Send a follow-up email to your IT Administrator and allow for the time that you've allotted for the remediation to propagate in the system.<br/><br/>7. Return to the Microsoft Secure Score for Devices card on the dashboard. The number of security controls recommendations has decreased as a result of your actions.<br/><br/>8. Select **Security controls** to go back to the Security recommendations page. The item that you addressed isn't listed there anymore, which results in your Microsoft secure score improving.|
### [**Defender for Business**](#tab/MDB)
-| Task | Description |
-|||
-| **Monitor and improve your Secure Score** | Microsoft Secure Score is a measurement of your organization's security posture. Higher numbers indicate that fewer improvement actions are needed. By using Secure Score, you can: <br/>- Report on the current state of your organization's security posture.<br/>- Improve your security posture by providing discoverability, visibility, guidance, and control.<br/>- Compare with benchmarks and establish key performance indicators (KPIs).<br/><br/>To check your score, follow these steps:<br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane choose **Secure score**. <br/><br/>2. Review and make decisions about the remediations and actions in order to improve your overall Microsoft secure score. |
-| **Improve your Secure Score for devices** | Improve your security configuration by remediating issues using the security recommendations list. As you do so, your Microsoft Secure Score for Devices improves and your organization becomes more resilient against cybersecurity threats and vulnerabilities going forward. It's always worth the time it takes to review and improve your score.<br/><br/>To check your secure score, follow these steps: <br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane select **Secure score**.<br/><br/>2. From the **Microsoft Secure Score for Devices** card in the Defender Vulnerability Management dashboard, select one of the categories. A list of recommendations related to that category displays, along with recommendations.<br/><br/>3.Select an item on the list to display details related to the recommendation.<br/><br/>4. Select **Remediation options**.<br/><br/>5. Read the description to understand the context of the issue and what to do next. Choose a due date, add notes, and select **Export all remediation activity data to CSV** so you can attach it to an email for follow-up. A confirmation message tells you the remediation task has been created.<br/><br/>6. Send a follow-up email to your IT Administrator and allow for the time that you've allotted for the remediation to propagate in the system.<br/><br/>7. Return to the Microsoft Secure Score for Devices card on the dashboard. The number of security controls recommendations has decreased as a result of your actions.<br/><br/>8. Select **Security controls** to go back to the Security recommendations page. The item that you addressed isn't listed there anymore, which results in your Microsoft secure score improving. |
-
+|Task|Description|
+|||
+|**Monitor and improve your Secure Score**|Microsoft Secure Score is a measurement of your organization's security posture. Higher numbers indicate that fewer improvement actions are needed. By using Secure Score, you can: <br/>- Report on the current state of your organization's security posture.<br/>- Improve your security posture by providing discoverability, visibility, guidance, and control.<br/>- Compare with benchmarks and establish key performance indicators (KPIs).<br/><br/>To check your score, follow these steps:<br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane choose **Secure score**. <br/><br/>2. Review and make decisions about the remediations and actions in order to improve your overall Microsoft secure score.|
+|**Improve your Secure Score for devices**|Improve your security configuration by remediating issues using the security recommendations list. As you do so, your Microsoft Secure Score for Devices improves and your organization becomes more resilient against cybersecurity threats and vulnerabilities going forward. It's always worth the time it takes to review and improve your score.<br/><br/>To check your secure score, follow these steps: <br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane select **Secure score**.<br/><br/>2. From the **Microsoft Secure Score for Devices** card in the Defender Vulnerability Management dashboard, select one of the categories. A list of recommendations related to that category displays, along with recommendations.<br/><br/>3.Select an item on the list to display details related to the recommendation.<br/><br/>4. Select **Remediation options**.<br/><br/>5. Read the description to understand the context of the issue and what to do next. Choose a due date, add notes, and select **Export all remediation activity data to CSV** so you can attach it to an email for follow-up. A confirmation message tells you the remediation task has been created.<br/><br/>6. Send a follow-up email to your IT Administrator and allow for the time that you've allotted for the remediation to propagate in the system.<br/><br/>7. Return to the Microsoft Secure Score for Devices card on the dashboard. The number of security controls recommendations has decreased as a result of your actions.<br/><br/>8. Select **Security controls** to go back to the Security recommendations page. The item that you addressed isn't listed there anymore, which results in your Microsoft secure score improving.|
Security tasks are typically performed by security administrators and security o
### [**Microsoft 365 Business Premium**](#tab/M365BP)
-| Task | Description |
-|||
-| **Run reports** | Several reports are available in the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)).<br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, select **Reports**.<br/><br/>2. Choose a report to review. Each report displays many pertinent categories for that report.<br/><br/>3. Select **View details** to see deeper information for each category.<br/><br/>4. Select the title of a particular threat to see details specific to it.|
-| **Run a simulation tutorial** | It's always a good idea to increase the security preparedness for you and your team through training. You can access simulation tutorials in the Microsoft Defender portal. The tutorials cover several types of cyber threats. To get started, follow these steps:<br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Tutorials**.<<br/><br/>2. Read the walk-through for a tutorial you're interested in running, and then download the file, or copy the script needed to run the simulation according to the instructions. |
-| **Explore the Learning hub** | Use the Learning hub to increase your knowledge of cybersecurity threats and how to address them. We recommend exploring the resources that are offered, especially in the Microsoft Defender XDR and Endpoints sections.<br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Learning hub**.<br/><br/>2. Select an area, such as **Microsoft Defender XDR** or **Endpoints**.<br/><br/>3. Select an item to learn more about each concept. <br/><br/>Some resources in the Learning hub might cover functionality that isn't included in Microsoft 365 Business Premium. For example, advanced hunting capabilities are included in enterprise subscriptions, such as Defender for Endpoint Plan 2 or Microsoft Defender XDR, but not in Microsoft 365 Business Premium. See [How does Defender for Business compare to Microsoft 365 Business Premium?](../security/defender-business/mdb-overview.md#how-does-defender-for-business-compare-to-microsoft-365-business-premium) |
+|Task|Description|
+|||
+|**Run reports**|Several reports are available in the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)).<br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, select **Reports**.<br/><br/>2. Choose a report to review. Each report displays many pertinent categories for that report.<br/><br/>3. Select **View details** to see deeper information for each category.<br/><br/>4. Select the title of a particular threat to see details specific to it.|
+|**Run a simulation tutorial**|It's always a good idea to increase the security preparedness for you and your team through training. You can access simulation tutorials in the Microsoft Defender portal. The tutorials cover several types of cyber threats. To get started, follow these steps:<br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Tutorials**.<<br/><br/>2. Read the walk-through for a tutorial you're interested in running, and then download the file, or copy the script needed to run the simulation according to the instructions.|
+|**Explore the Learning hub**|Use the Learning hub to increase your knowledge of cybersecurity threats and how to address them. We recommend exploring the resources that are offered, especially in the Microsoft Defender XDR and Endpoints sections.<br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Learning hub**.<br/><br/>2. Select an area, such as **Microsoft Defender XDR** or **Endpoints**.<br/><br/>3. Select an item to learn more about each concept. <br/><br/>Some resources in the Learning hub might cover functionality that isn't included in Microsoft 365 Business Premium. For example, advanced hunting capabilities are included in enterprise subscriptions, such as Defender for Endpoint Plan 2 or Microsoft Defender XDR, but not in Microsoft 365 Business Premium. See [How does Defender for Business compare to Microsoft 365 Business Premium?](../security/defender-business/mdb-overview.md#how-does-defender-for-business-compare-to-microsoft-365-business-premium)|
### [**Defender for Business**](#tab/MDB)
-| Task | Description |
-|||
-| **Run security reports** | Several reports are available in the Microsoft Defender portal.<br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, select **Reports**.<br/><br/>2. Choose a report to review. Each report displays many pertinent categories for that report.<br/><br/>3. Select **View details** to see deeper information for each category.<br/><br/>4. Select the title of a particular threat to see details specific to it.|
-| **Run a simulation tutorial** | It's always a good idea to increase the security preparedness for you and your team through training. You can access simulation tutorials in the Microsoft Defender portal. The tutorials cover several types of cyber threats. To get started, follow these steps:<br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Tutorials**.<<br/><br/>2. Read the walk-through for a tutorial you're interested in running, and then download the file, or copy the script needed to run the simulation according to the instructions. |
-| **Explore the Learning hub** | Use the Learning hub to increase your knowledge of cybersecurity threats and how to address them. We recommend exploring the resources that are offered, especially in the Microsoft Defender XDR and Endpoints sections.<br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Learning hub**.<br/><br/>2. Select an area, such as **Microsoft Defender XDR** or **Endpoints**.<br/><br/>3. Select an item to learn more about each concept. <br/><br/>Some resources in the Learning hub might cover functionality that isn't included in Defender for Business. For example, advanced hunting capabilities are included in enterprise subscriptions, such as Defender for Endpoint Plan 2 or Microsoft Defender XDR, but not in Defender for Business. See [How does Defender for Business compare to Microsoft 365 Business Premium?](../security/defender-business/mdb-overview.md#how-does-defender-for-business-compare-to-microsoft-365-business-premium) |
-
+|Task|Description|
+|||
+|**Run security reports**|Several reports are available in the Microsoft Defender portal.<br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, select **Reports**.<br/><br/>2. Choose a report to review. Each report displays many pertinent categories for that report.<br/><br/>3. Select **View details** to see deeper information for each category.<br/><br/>4. Select the title of a particular threat to see details specific to it.|
+|**Run a simulation tutorial**|It's always a good idea to increase the security preparedness for you and your team through training. You can access simulation tutorials in the Microsoft Defender portal. The tutorials cover several types of cyber threats. To get started, follow these steps:<br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Tutorials**.<<br/><br/>2. Read the walk-through for a tutorial you're interested in running, and then download the file, or copy the script needed to run the simulation according to the instructions.|
+|**Explore the Learning hub**|Use the Learning hub to increase your knowledge of cybersecurity threats and how to address them. We recommend exploring the resources that are offered, especially in the Microsoft Defender XDR and Endpoints sections.<br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Learning hub**.<br/><br/>2. Select an area, such as **Microsoft Defender XDR** or **Endpoints**.<br/><br/>3. Select an item to learn more about each concept. <br/><br/>Some resources in the Learning hub might cover functionality that isn't included in Defender for Business. For example, advanced hunting capabilities are included in enterprise subscriptions, such as Defender for Endpoint Plan 2 or Microsoft Defender XDR, but not in Defender for Business. See [How does Defender for Business compare to Microsoft 365 Business Premium?](../security/defender-business/mdb-overview.md#how-does-defender-for-business-compare-to-microsoft-365-business-premium)|
Security tasks are typically performed by security administrators and security o
### [**Microsoft 365 Business Premium**](#tab/M365BP)
-| Task | Description |
-|||
-| **Manage false positives/negatives** | A false positive is an entity, such as a file or a process that was detected and identified as malicious even though the entity isn't actually a threat. A false negative is an entity that wasn't detected as a threat, even though it actually is malicious. False positives/negatives can occur with any threat protection solution, including Microsoft Defender for Office 365 and Microsoft Defender for Business, which are both included in Microsoft 365 Business Premium. Fortunately, steps can be taken to address and reduce these kinds of issues. <br/><br/>For false positives/negatives on devices, see [Address false positives/negatives in Microsoft Defender for Endpoint](../security/defender-endpoint/defender-endpoint-false-positives-negatives.md).<br/><br/>For false positives/negatives in email, see the following articles: <br/>- [How to handle malicious emails that are delivered to recipients (False Negatives), using Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/how-to-handle-false-negatives-in-microsoft-defender-for-office-365)<br/>- [How to handle Legitimate emails getting blocked (False Positive), using Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/how-to-handle-false-positives-in-microsoft-defender-for-office-365) |
-| **Strengthen your security posture** | Defender for Business includes a vulnerability management dashboard that provides you with exposure score and enables you to view information about exposed devices and see relevant security recommendations. You can use your Defender Vulnerability Management dashboard to reduce exposure and improve your organization's security posture. <br/><br/>See the following articles:<br/>- [Use your vulnerability management dashboard in Microsoft Defender for Business](../security/defender-business/mdb-view-tvm-dashboard.md)<br/>- [Dashboard insights](../security/defender-vulnerability-management/tvm-dashboard-insights.md) |
-| **Adjust security policies** | [Reports](../security/defender-business/mdb-reports.md) are available so that you can view information about detected threats, device status, and more. Sometimes it's necessary to adjust your security policies. For example, you might apply strict protection to some user accounts or devices, and standard protection to others. <br/><br/>See the following articles: <br/>- For device protection: [View or edit policies in Microsoft Defender for Business](../security/defender-business/mdb-view-edit-create-policies.md) <br/>- For email protection: [Recommended settings for EOP and Microsoft Defender for Office 365 security](../security/office-365-security/recommended-settings-for-eop-and-office365.md) |
-| **Analyze admin submissions** | Sometimes it's necessary to submit entities, such as email messages, URLs, or attachments to Microsoft for further analysis. Reporting items can help reduce the occurrence of false positives/negatives and improve threat detection accuracy. <br/><br/>See the following articles: <br/>- [Use the Submissions page to submit suspected spam, phish, URLs, legitimate email getting blocked, and email attachments to Microsoft](../security/office-365-security/submissions-admin.md)<br/>- [Admin review for user reported messages](../security/office-365-security/submissions-admin-review-user-reported-messages.md) |
-| **Protect priority user accounts** | Not all user accounts have access to the same company information. Some accounts have access to sensitive information, such as financial data, product development information, partner access to critical build systems, and more. If compromised, accounts that have access to highly confidential information pose a serious threat. We call these types of accounts priority accounts. Priority accounts include (but aren't limited to) CEOs, CISOs, CFOs, infrastructure admin accounts, build system accounts, and more.<br/><br/>See the following articles: <br/>- [Protect your administrator accounts](m365bp-protect-admin-accounts.md) <br/>- [Security recommendations for priority accounts in Microsoft 365](../security/office-365-security/priority-accounts-security-recommendations.md) |
-| **Protect high-risk devices** | The overall risk assessment of a device is based on a combination of factors, such as the types and severity of active alerts on the device. As your security team resolves active alerts, approves remediation activities, and suppresses subsequent alerts, the risk level decreases. <br/><br/>See [Manage devices in Microsoft Defender for Business](../security/defender-business/mdb-manage-devices.md). |
-| **Onboard or offboard devices** | As devices are replaced or retired, new devices are purchased, or your business needs change, you can onboard or offboard devices from Defender for Business. <br/><br/>See the following articles: <br/>- [Onboard devices to Microsoft Defender for Business](../security/defender-business/mdb-onboard-devices.md) <br/>- [Offboard a device from Microsoft Defender for Business](../security/defender-business/mdb-offboard-devices.md) |
-| **Remediate an item** | Microsoft 365 Business Premium includes several [remediation actions](#remediation-actions-for-devices). Some actions are taken automatically, and others await approval by your security team.<br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, go to **Assets** > **Devices**.<br/><br/>2. Select a device, such as one with a high risk level or exposure level. A flyout pane opens and displays more information about alerts and incidents generated for that item.<br/><br/>3. On the flyout, view the information that is displayed. Select the ellipsis (...) to open a menu that lists available actions.<br/><br/>4. Select an available action. For example, you might choose **Run antivirus scan**, which will cause Microsoft Defender Antivirus to start a quick scan on the device. Or, you could select **Initiate Automated Investigation** to trigger an automated investigation on the device. |
+|Task|Description|
+|||
+|**Manage false positives/negatives**|A false positive is an entity, such as a file or a process that was detected and identified as malicious even though the entity isn't actually a threat. A false negative is an entity that wasn't detected as a threat, even though it actually is malicious. False positives/negatives can occur with any threat protection solution, including Microsoft Defender for Office 365 and Microsoft Defender for Business, which are both included in Microsoft 365 Business Premium. Fortunately, steps can be taken to address and reduce these kinds of issues. <br/><br/>For false positives/negatives on devices, see [Address false positives/negatives in Microsoft Defender for Endpoint](../security/defender-endpoint/defender-endpoint-false-positives-negatives.md).<br/><br/>For false positives/negatives in email, see the following articles: <br/>- [How to handle malicious emails that are delivered to recipients (False Negatives), using Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/how-to-handle-false-negatives-in-microsoft-defender-for-office-365)<br/>- [How to handle Legitimate emails getting blocked (False Positive), using Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/how-to-handle-false-positives-in-microsoft-defender-for-office-365)|
+|**Strengthen your security posture**|Defender for Business includes a vulnerability management dashboard that provides you with exposure score and enables you to view information about exposed devices and see relevant security recommendations. You can use your Defender Vulnerability Management dashboard to reduce exposure and improve your organization's security posture. <br/><br/>See the following articles:<br/>- [Use your vulnerability management dashboard in Microsoft Defender for Business](../security/defender-business/mdb-view-tvm-dashboard.md)<br/>- [Dashboard insights](../security/defender-vulnerability-management/tvm-dashboard-insights.md)|
+|**Adjust security policies**|[Reports](../security/defender-business/mdb-reports.md) are available so that you can view information about detected threats, device status, and more. Sometimes it's necessary to adjust your security policies. For example, you might apply strict protection to some user accounts or devices, and standard protection to others. <br/><br/>See the following articles: <br/>- For device protection: [View or edit policies in Microsoft Defender for Business](../security/defender-business/mdb-view-edit-create-policies.md) <br/>- For email protection: [Recommended settings for EOP and Microsoft Defender for Office 365 security](../security/office-365-security/recommended-settings-for-eop-and-office365.md)|
+|**Analyze admin submissions**|Sometimes it's necessary to submit entities, such as email messages, URLs, or attachments to Microsoft for further analysis. Reporting items can help reduce the occurrence of false positives/negatives and improve threat detection accuracy. <br/><br/>See the following articles: <br/>- [Use the Submissions page to submit suspected spam, phish, URLs, legitimate email getting blocked, and email attachments to Microsoft](../security/office-365-security/submissions-admin.md)<br/>- [Admin review for user reported messages](../security/office-365-security/submissions-admin-review-user-reported-messages.md)|
+|**Protect priority user accounts**|Not all user accounts have access to the same company information. Some accounts have access to sensitive information, such as financial data, product development information, partner access to critical build systems, and more. If compromised, accounts that have access to highly confidential information pose a serious threat. We call these types of accounts priority accounts. Priority accounts include (but aren't limited to) CEOs, CISOs, CFOs, infrastructure admin accounts, build system accounts, and more.<br/><br/>See the following articles: <br/>- [Protect your administrator accounts](m365bp-protect-admin-accounts.md) <br/>- [Security recommendations for priority accounts in Microsoft 365](../security/office-365-security/priority-accounts-security-recommendations.md)|
+|**Protect high-risk devices**|The overall risk assessment of a device is based on a combination of factors, such as the types and severity of active alerts on the device. As your security team resolves active alerts, approves remediation activities, and suppresses subsequent alerts, the risk level decreases. <br/><br/>See [Manage devices in Microsoft Defender for Business](../security/defender-business/mdb-manage-devices.md).|
+|**Onboard or offboard devices**|As devices are replaced or retired, new devices are purchased, or your business needs change, you can onboard or offboard devices from Defender for Business. <br/><br/>See the following articles: <br/>- [Onboard devices to Microsoft Defender for Business](../security/defender-business/mdb-onboard-devices.md) <br/>- [Offboard a device from Microsoft Defender for Business](../security/defender-business/mdb-offboard-devices.md)|
+|**Remediate an item**|Microsoft 365 Business Premium includes several [remediation actions](#remediation-actions-for-devices). Some actions are taken automatically, and others await approval by your security team.<br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, go to **Assets** > **Devices**.<br/><br/>2. Select a device, such as one with a high risk level or exposure level. A flyout pane opens and displays more information about alerts and incidents generated for that item.<br/><br/>3. On the flyout, view the information that is displayed. Select the ellipsis (...) to open a menu that lists available actions.<br/><br/>4. Select an available action. For example, you might choose **Run antivirus scan**, which will cause Microsoft Defender Antivirus to start a quick scan on the device. Or, you could select **Initiate Automated Investigation** to trigger an automated investigation on the device.|
### [**Defender for Business**](#tab/MDB)
-| Task | Description |
-|||
-| **Manage false positives/negatives** | A false positive is an entity, such as a file or a process that was detected and identified as malicious even though the entity isn't actually a threat. A false negative is an entity that wasn't detected as a threat, even though it actually is malicious. False positives/negatives can occur with any threat protection solution, including Microsoft Defender for Office 365 and Microsoft Defender for Business, which are both included in Microsoft 365 Business Premium. Fortunately, steps can be taken to address and reduce these kinds of issues. <br/><br/>For false positives/negatives on devices, see [Address false positives/negatives in Microsoft Defender for Endpoint](../security/defender-endpoint/defender-endpoint-false-positives-negatives.md).<br/><br/>For false positives/negatives in email, see the following articles: <br/>- [How to handle malicious emails that are delivered to recipients (False Negatives), using Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/how-to-handle-false-negatives-in-microsoft-defender-for-office-365)<br/>- [How to handle Legitimate emails getting blocked (False Positive), using Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/how-to-handle-false-positives-in-microsoft-defender-for-office-365) |
-| **Strengthen your security posture** | Defender for Business includes a vulnerability management dashboard that provides you with exposure score and enables you to view information about exposed devices and see relevant security recommendations. You can use your Defender Vulnerability Management dashboard to reduce exposure and improve your organization's security posture. <br/><br/>See the following articles:<br/>- [Use your vulnerability management dashboard in Microsoft Defender for Business](../security/defender-business/mdb-view-tvm-dashboard.md)<br/>- [Dashboard insights](../security/defender-vulnerability-management/tvm-dashboard-insights.md) |
-| **Adjust security policies** | [Reports](../security/defender-business/mdb-reports.md) are available so that you can view information about detected threats, device status, and more. Sometimes it's necessary to adjust your security policies. For example, you might apply strict protection to some user accounts or devices, and standard protection to others. <br/><br/>See the following articles: <br/>- For device protection: [View or edit policies in Microsoft Defender for Business](../security/defender-business/mdb-view-edit-create-policies.md) <br/>- For email protection: [Recommended settings for EOP and Microsoft Defender for Office 365 security](../security/office-365-security/recommended-settings-for-eop-and-office365.md) |
-| **Analyze admin submissions** | Sometimes it's necessary to submit entities, such as email messages, URLs, or attachments to Microsoft for further analysis. Reporting items can help reduce the occurrence of false positives/negatives and improve threat detection accuracy. <br/><br/>See the following articles: <br/>- [Use the Submissions page to submit suspected spam, phish, URLs, legitimate email getting blocked, and email attachments to Microsoft](../security/office-365-security/submissions-admin.md)<br/>- [Admin review for user reported messages](../security/office-365-security/submissions-admin-review-user-reported-messages.md) |
-| **Protect priority user accounts** | Not all user accounts have access to the same company information. Some accounts have access to sensitive information, such as financial data, product development information, partner access to critical build systems, and more. If compromised, accounts that have access to highly confidential information pose a serious threat. We call these types of accounts priority accounts. Priority accounts include (but aren't limited to) CEOs, CISOs, CFOs, infrastructure admin accounts, build system accounts, and more.<br/><br/>See the following articles: <br/>- [Protect your administrator accounts](m365bp-protect-admin-accounts.md) <br/>- [Security recommendations for priority accounts in Microsoft 365](../security/office-365-security/priority-accounts-security-recommendations.md) |
-| **Protect high-risk devices** | The overall risk assessment of a device is based on a combination of factors, such as the types and severity of active alerts on the device. As your security team resolves active alerts, approves remediation activities, and suppresses subsequent alerts, the risk level decreases. <br/><br/>See [Manage devices in Microsoft Defender for Business](../security/defender-business/mdb-manage-devices.md). |
-| **Onboard or offboard devices** | As devices are replaced or retired, new devices are purchased, or your business needs change, you can onboard or offboard devices from Defender for Business. <br/><br/>See the following articles: <br/>- [Onboard devices to Microsoft Defender for Business](../security/defender-business/mdb-onboard-devices.md) <br/>- [Offboard a device from Microsoft Defender for Business](../security/defender-business/mdb-offboard-devices.md) |
-| **Remediate an item** | Defender for Business includes several [remediation actions](#remediation-actions-for-devices). Some actions are taken automatically, and others await approval by your security team.<br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, go to **Assets** > **Devices**.<br/><br/>2. Select a device, such as one with a high risk level or exposure level. A flyout pane opens and displays more information about alerts and incidents generated for that item.<br/><br/>3. On the flyout, view the information that is displayed. Select the ellipsis (...) to open a menu that lists available actions.<br/><br/>4. Select an available action. For example, you might choose **Run antivirus scan**, which will cause Microsoft Defender Antivirus to start a quick scan on the device. Or, you could select **Initiate Automated Investigation** to trigger an automated investigation on the device. |
-
+|Task|Description|
+|||
+|**Manage false positives/negatives**|A false positive is an entity, such as a file or a process that was detected and identified as malicious even though the entity isn't actually a threat. A false negative is an entity that wasn't detected as a threat, even though it actually is malicious. False positives/negatives can occur with any threat protection solution, including Microsoft Defender for Office 365 and Microsoft Defender for Business, which are both included in Microsoft 365 Business Premium. Fortunately, steps can be taken to address and reduce these kinds of issues. <br/><br/>For false positives/negatives on devices, see [Address false positives/negatives in Microsoft Defender for Endpoint](../security/defender-endpoint/defender-endpoint-false-positives-negatives.md).<br/><br/>For false positives/negatives in email, see the following articles: <br/>- [How to handle malicious emails that are delivered to recipients (False Negatives), using Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/how-to-handle-false-negatives-in-microsoft-defender-for-office-365)<br/>- [How to handle Legitimate emails getting blocked (False Positive), using Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/how-to-handle-false-positives-in-microsoft-defender-for-office-365)|
+|**Strengthen your security posture**|Defender for Business includes a vulnerability management dashboard that provides you with exposure score and enables you to view information about exposed devices and see relevant security recommendations. You can use your Defender Vulnerability Management dashboard to reduce exposure and improve your organization's security posture. <br/><br/>See the following articles:<br/>- [Use your vulnerability management dashboard in Microsoft Defender for Business](../security/defender-business/mdb-view-tvm-dashboard.md)<br/>- [Dashboard insights](../security/defender-vulnerability-management/tvm-dashboard-insights.md)|
+|**Adjust security policies**|[Reports](../security/defender-business/mdb-reports.md) are available so that you can view information about detected threats, device status, and more. Sometimes it's necessary to adjust your security policies. For example, you might apply strict protection to some user accounts or devices, and standard protection to others. <br/><br/>See the following articles: <br/>- For device protection: [View or edit policies in Microsoft Defender for Business](../security/defender-business/mdb-view-edit-create-policies.md) <br/>- For email protection: [Recommended settings for EOP and Microsoft Defender for Office 365 security](../security/office-365-security/recommended-settings-for-eop-and-office365.md)|
+|**Analyze admin submissions**|Sometimes it's necessary to submit entities, such as email messages, URLs, or attachments to Microsoft for further analysis. Reporting items can help reduce the occurrence of false positives/negatives and improve threat detection accuracy. <br/><br/>See the following articles: <br/>- [Use the Submissions page to submit suspected spam, phish, URLs, legitimate email getting blocked, and email attachments to Microsoft](../security/office-365-security/submissions-admin.md)<br/>- [Admin review for user reported messages](../security/office-365-security/submissions-admin-review-user-reported-messages.md)|
+|**Protect priority user accounts**|Not all user accounts have access to the same company information. Some accounts have access to sensitive information, such as financial data, product development information, partner access to critical build systems, and more. If compromised, accounts that have access to highly confidential information pose a serious threat. We call these types of accounts priority accounts. Priority accounts include (but aren't limited to) CEOs, CISOs, CFOs, infrastructure admin accounts, build system accounts, and more.<br/><br/>See the following articles: <br/>- [Protect your administrator accounts](m365bp-protect-admin-accounts.md) <br/>- [Security recommendations for priority accounts in Microsoft 365](../security/office-365-security/priority-accounts-security-recommendations.md)|
+|**Protect high-risk devices**|The overall risk assessment of a device is based on a combination of factors, such as the types and severity of active alerts on the device. As your security team resolves active alerts, approves remediation activities, and suppresses subsequent alerts, the risk level decreases. <br/><br/>See [Manage devices in Microsoft Defender for Business](../security/defender-business/mdb-manage-devices.md).|
+|**Onboard or offboard devices**|As devices are replaced or retired, new devices are purchased, or your business needs change, you can onboard or offboard devices from Defender for Business. <br/><br/>See the following articles: <br/>- [Onboard devices to Microsoft Defender for Business](../security/defender-business/mdb-onboard-devices.md) <br/>- [Offboard a device from Microsoft Defender for Business](../security/defender-business/mdb-offboard-devices.md)|
+|**Remediate an item**|Defender for Business includes several [remediation actions](#remediation-actions-for-devices). Some actions are taken automatically, and others await approval by your security team.<br/><br/>1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, go to **Assets** > **Devices**.<br/><br/>2. Select a device, such as one with a high risk level or exposure level. A flyout pane opens and displays more information about alerts and incidents generated for that item.<br/><br/>3. On the flyout, view the information that is displayed. Select the ellipsis (...) to open a menu that lists available actions.<br/><br/>4. Select an available action. For example, you might choose **Run antivirus scan**, which will cause Microsoft Defender Antivirus to start a quick scan on the device. Or, you could select **Initiate Automated Investigation** to trigger an automated investigation on the device.|
Security tasks are typically performed by security administrators and security o
The following table summarizes remediation actions that are available for devices in Microsoft 365 Business Premium and Defender for Business:
-| Source | Actions |
-|||
-| **Automated investigations** | Quarantine a file<br/>Remove a registry key<br/>Kill a process<br/>Stop a service<br/>Disable a driver<br/>Remove a scheduled task |
-| **Manual response actions** | Run antivirus scan<br/>Isolate device<br/>Add an indicator to block or allow a file |
-| **Live response** | Collect forensic data<br/>Analyze a file<br/>Run a script<br/>Send a suspicious entity to Microsoft for analysis<br/>Remediate a file<br/>Proactively hunt for threats |
+|Source|Actions|
+|||
+|**Automated investigations**|Quarantine a file<br/>Remove a registry key<br/>Kill a process<br/>Stop a service<br/>Disable a driver<br/>Remove a scheduled task|
+|**Manual response actions**|Run antivirus scan<br/>Isolate device<br/>Add an indicator to block or allow a file|
+|**Live response**|Collect forensic data<br/>Analyze a file<br/>Run a script<br/>Send a suspicious entity to Microsoft for analysis<br/>Remediate a file<br/>Proactively hunt for threats|
## General admin tasks
If you're new to Microsoft 365, take a moment to get an [Overview of the Microso
### Admin center tasks
-| Task | Resources to learn more |
-|:|:|
-| Get started using the Microsoft 365 admin center | [Overview of the Microsoft 365 admin center](../admin/admin-overview/admin-center-overview.md) |
-| Learn about new features in the Microsoft 365 admin center | [What's new in the Microsoft 365 admin center](../admin/whats-new-in-preview.md) |
-| Find out about new product updates and features so you can help prepare users | [Stay on top of Microsoft 365 product and feature changes](../admin/manage/stay-on-top-of-updates.md) |
-| View usage reports to see how people are using Microsoft 365 | [Microsoft 365 Reports in the admin center](../admin/activity-reports/activity-reports.md) |
-| Open a technical support ticket | [Get support for Microsoft 365 for business](../admin/get-help-support.md) |
+|Task|Resources to learn more|
+|||
+|Get started using the Microsoft 365 admin center|[Overview of the Microsoft 365 admin center](../admin/admin-overview/admin-center-overview.md)|
+|Learn about new features in the Microsoft 365 admin center|[What's new in the Microsoft 365 admin center](../admin/whats-new-in-preview.md)|
+|Find out about new product updates and features so you can help prepare users|[Stay on top of Microsoft 365 product and feature changes](../admin/manage/stay-on-top-of-updates.md)|
+|View usage reports to see how people are using Microsoft 365|[Microsoft 365 Reports in the admin center](../admin/activity-reports/activity-reports.md)|
+|Open a technical support ticket|[Get support for Microsoft 365 for business](../admin/get-help-support.md)|
### Users, groups, and passwords
-| Task | Resources to learn more |
-|:|:|
-| Add a new user | [Add a new employee to Microsoft 365](../admin/add-users/add-new-employee.md) |
-| Assign or unassign licenses for users | [Assign or unassign licenses for users in the Microsoft 365 admin center](../admin/manage/assign-licenses-to-users.md) <br/><br/>[Assign Microsoft 365 licenses to user accounts by using PowerShell](../enterprise/assign-licenses-to-user-accounts-with-microsoft-365-powershell.md) |
-| Assign admin roles to people who need admin permissions | [Assign admin roles in the Microsoft 365 admin center](../admin/add-users/assign-admin-roles.md) <br/><br/>[Assign admin roles to Microsoft 365 user accounts with PowerShell](../enterprise/assign-roles-to-user-accounts-with-microsoft-365-powershell.md)|
-| Remove licenses from users | [Assign or unassign licenses for users in the Microsoft 365 admin center](../admin/manage/assign-licenses-to-users.md)<br/><br/>[Remove Microsoft 365 licenses from user accounts with PowerShell](../enterprise/remove-licenses-from-user-accounts-with-microsoft-365-powershell.md) |
-| Turn pronouns on or off | [Turn pronouns on or off for your organization in the Microsoft 365 admin center](../admin/add-users/turn-pronouns-on-or-off.md) |
-| Determine whether to allow guest access to groups for their whole organization or for individual groups<br/>(*applies to Microsoft 365 Business Premium*) | [Guest users in Microsoft 365 admin center](../admin/add-users/about-guest-users.md) |
-| Remove a user account when someone leaves your organization | [Overview: Remove a former employee and secure data](../admin/add-users/remove-former-employee.md) |
-| Reset passwords for user accounts | [Reset passwords in Microsoft 365 for business](../admin/add-users/reset-passwords.md) |
+|Task|Resources to learn more|
+|||
+|Add a new user|[Add a new employee to Microsoft 365](../admin/add-users/add-new-employee.md)|
+|Assign or unassign licenses for users|[Assign or unassign licenses for users in the Microsoft 365 admin center](../admin/manage/assign-licenses-to-users.md) <br/><br/>[Assign Microsoft 365 licenses to user accounts by using PowerShell](../enterprise/assign-licenses-to-user-accounts-with-microsoft-365-powershell.md)|
+|Assign admin roles to people who need admin permissions|[Assign admin roles in the Microsoft 365 admin center](../admin/add-users/assign-admin-roles.md) <br/><br/>[Assign admin roles to Microsoft 365 user accounts with PowerShell](../enterprise/assign-roles-to-user-accounts-with-microsoft-365-powershell.md)|
+|Remove licenses from users|[Assign or unassign licenses for users in the Microsoft 365 admin center](../admin/manage/assign-licenses-to-users.md)<br/><br/>[Remove Microsoft 365 licenses from user accounts with PowerShell](../enterprise/remove-licenses-from-user-accounts-with-microsoft-365-powershell.md)|
+|Turn pronouns on or off|[Turn pronouns on or off for your organization in the Microsoft 365 admin center](../admin/add-users/turn-pronouns-on-or-off.md)|
+|Determine whether to allow guest access to groups for their whole organization or for individual groups<br/>(*applies to Microsoft 365 Business Premium*)|[Guest users in Microsoft 365 admin center](../admin/add-users/about-guest-users.md)|
+|Remove a user account when someone leaves your organization|[Overview: Remove a former employee and secure data](../admin/add-users/remove-former-employee.md)|
+|Reset passwords for user accounts|[Reset passwords in Microsoft 365 for business](../admin/add-users/reset-passwords.md)|
### Email and calendars
-| Task | Resources to learn more |
-|:|:|
-| Migrate email and contacts from Gmail or another email provider to Microsoft 365 | [Migrate email and contacts to Microsoft 365](../admin/setup/migrate-email-and-contacts-admin.md) |
-| Add an email signature, legal disclaimer, or disclosure statement to email messages that come in or go out | [Create organization-wide signatures and disclaimers](../admin/setup/create-signatures-and-disclaimers.md) |
-| Set up, edit, or delete a security group | [Create, edit, or delete a security group in the Microsoft 365 admin center](../admin/email/create-edit-or-delete-a-security-group.md) |
-| Add users to a distribution group | [Add a user or contact to a Microsoft 365 distribution group](../admin/email/add-user-or-contact-to-distribution-list.md) |
-| Set up a shared mailbox so people can monitor and send email from a common email addresses, like `info@contoso.com` | [Create a shared mailbox](../admin/email/create-a-shared-mailbox.md) |
+|Task|Resources to learn more|
+|||
+|Migrate email and contacts from Gmail or another email provider to Microsoft 365|[Migrate email and contacts to Microsoft 365](../admin/setup/migrate-email-and-contacts-admin.md)|
+|Add an email signature, legal disclaimer, or disclosure statement to email messages that come in or go out|[Create organization-wide signatures and disclaimers](../admin/setup/create-signatures-and-disclaimers.md)|
+|Set up, edit, or delete a security group|[Create, edit, or delete a security group in the Microsoft 365 admin center](../admin/email/create-edit-or-delete-a-security-group.md)|
+|Add users to a distribution group|[Add a user or contact to a Microsoft 365 distribution group](../admin/email/add-user-or-contact-to-distribution-list.md)|
+|Set up a shared mailbox so people can monitor and send email from a common email addresses, like `info@contoso.com`|[Create a shared mailbox](../admin/email/create-a-shared-mailbox.md)|
### Devices
-| Task | Resources to learn more |
-|:|:|
-| Use Windows Autopilot to set up and preconfigure new devices or to reset, repurpose, and recover devices<br/>(*applies to Microsoft 365 Business Premium*) | [Overview of Windows Autopilot](/mem/autopilot/windows-autopilot) |
-| View current status of and manage devices | [Manage devices in Microsoft Defender for Business](../security/defender-business/mdb-manage-devices.md) |
-| Onboard devices to Defender for Business | [Onboard devices to Defender for Business](../security/defender-business/mdb-onboard-devices.md) |
-| Offboard devices from Defender for Business | [Offboard a device from Defender for Business](../security/defender-business/mdb-offboard-devices.md) |
-| Manage devices with Intune | [What does device management with Intune mean?](/mem/intune/fundamentals/what-is-device-management)<br/><br/>[Manage your devices and control device features in Microsoft Intune](/mem/intune/fundamentals/manage-devices) |
+|Task|Resources to learn more|
+|||
+|Use Windows Autopilot to set up and preconfigure new devices or to reset, repurpose, and recover devices<br/>(*applies to Microsoft 365 Business Premium*)|[Overview of Windows Autopilot](/mem/autopilot/windows-autopilot)|
+|View current status of and manage devices|[Manage devices in Microsoft Defender for Business](../security/defender-business/mdb-manage-devices.md)|
+|Onboard devices to Defender for Business|[Onboard devices to Defender for Business](../security/defender-business/mdb-onboard-devices.md)|
+|Offboard devices from Defender for Business|[Offboard a device from Defender for Business](../security/defender-business/mdb-offboard-devices.md)|
+|Manage devices with Intune|[What does device management with Intune mean?](/mem/intune/fundamentals/what-is-device-management)<br/><br/>[Manage your devices and control device features in Microsoft Intune](/mem/intune/fundamentals/manage-devices)|
### Domains
-| Task | Resources to learn more |
-|:|:|
-| Add a domain (like contoso.com) to your Microsoft 365 subscription | [Add a domain to Microsoft 365](../admin/setup/add-domain.md) |
-| Buy a domain | [Buy a domain name](../admin/get-help-with-domains/buy-a-domain-name.md) |
-| Remove a domain | [Remove a domain](../admin/get-help-with-domains/remove-a-domain.md) |
+|Task|Resources to learn more|
+|||
+|Add a domain (like contoso.com) to your Microsoft 365 subscription|[Add a domain to Microsoft 365](../admin/setup/add-domain.md)|
+|Buy a domain|[Buy a domain name](../admin/get-help-with-domains/buy-a-domain-name.md)|
+|Remove a domain|[Remove a domain](../admin/get-help-with-domains/remove-a-domain.md)|
### Subscriptions and billing
-| Task | Resources to learn more |
-|:|:|
-| View your bill or invoice | [View your Microsoft 365 for business subscription bill or invoice](../commerce/billing-and-payments/view-your-bill-or-invoice.md) |
-| Manage your payment methods | [Manage payment methods](../commerce/billing-and-payments/manage-payment-methods.md) |
-| Change the frequency of your payments | [Change your Microsoft 365 subscription billing frequency](../commerce/billing-and-payments/change-payment-frequency.md) |
-| Change your billing address | [Change your Microsoft 365 for business billing addresses](../commerce/billing-and-payments/change-your-billing-addresses.md) |
+|Task|Resources to learn more|
+|||
+|View your bill or invoice|[View your Microsoft 365 for business subscription bill or invoice](../commerce/billing-and-payments/view-your-bill-or-invoice.md)|
+|Manage your payment methods|[Manage payment methods](../commerce/billing-and-payments/manage-payment-methods.md)|
+|Change the frequency of your payments|[Change your Microsoft 365 subscription billing frequency](../commerce/billing-and-payments/change-payment-frequency.md)|
+|Change your billing address|[Change your Microsoft 365 for business billing addresses](../commerce/billing-and-payments/change-your-billing-addresses.md)|
## See also -- [Security incident management](m365bp-security-incident-management.md)
+- [Security incident management](m365bp-security-incident-management.md)
- [Reports in Defender for Business](../security/defender-business/mdb-reports.md) - [Microsoft 365 for business security best practices](secure-your-business-data.md)
business-premium M365bp Mdb Whats New https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-mdb-whats-new.md
Title: What's new in Microsoft 365 Business Premium and Microsoft Defender for Business description: Learn about new features and capabilities in Microsoft 365 Business Premium and Microsoft Defender for Business.-- MET150
+search.appverid:
+- MET150
- BCS160 -+ audience: Admin Last updated 01/02/2024 ms.localizationpriority: medium-+ - tier2 - m365-security
+f1.keywords: NOCSH
# What's new in Microsoft 365 Business Premium and Microsoft Defender for Business
This article lists new features in the latest release of [Microsoft 365 Business
## December 2023 -- **Streaming API is now generally available for Defender for Business**. For partners or customers looking to build their own security operations center, the Defender for Endpoint streaming API is now available for Defender for Business and Microsoft 365 Business Premium. See [Use the streaming API with Microsoft Defender for Business](../security/defender-business/mdb-streaming-api.md).
+- **Streaming API is now generally available for Defender for Business**. For partners or customers looking to build their own security operations center, the Defender for Endpoint streaming API is now available for Defender for Business and Microsoft 365 Business Premium. See [Use the streaming API with Microsoft Defender for Business](../security/defender-business/mdb-streaming-api.md).
## October 2023 - **Automated attack disruption** capabilities are coming to Defender for Business! Learn how these capabilities can disrupt a human-operated attack almost immediately. See [Automatic attack disruption in Microsoft Defender for Business](../security/defender-business/mdb-attack-disruption.md). -- **October is Cybersecurity Awareness Month**. See [how we're making it easier for small and medium-sized businesses to stay secure]( https://aka.ms/cybersecuritysmb).
+- **October is Cybersecurity Awareness Month**. See [how we're making it easier for small and medium-sized businesses to stay secure]( https://aka.ms/cybersecuritysmb).
- **Special pricing for new Microsoft 365 Business Premium customers**. During October, we're offering special pricing for new customers. For all the details, see [Security for your small or medium-sized business](https://aka.ms/SMBSecurity).
This article lists new features in the latest release of [Microsoft 365 Business
- **Security summary reports** are rolling out. Use these reports to view threats that were prevented by Defender for Business, Microsoft Secure Score status, and recommendations for improving security. See [Reports in Microsoft Defender for Business](../security/defender-business/mdb-reports.md). -- **Streaming API (preview) is now available for Defender for Business**. For partners or customers looking to build their own security operations center, the Defender for Endpoint streaming API is now in preview for Defender for Business and Microsoft 365 Business Premium. The API supports streaming of device file, registry, network, sign-in events and more to Azure Event Hub, Azure Storage, and Microsoft Sentinel to support advanced hunting and attack detection. See [Use the streaming API (preview) with Microsoft Defender for Business](../security/defender-business/mdb-streaming-api.md).
+- **Streaming API (preview) is now available for Defender for Business**. For partners or customers looking to build their own security operations center, the Defender for Endpoint streaming API is now in preview for Defender for Business and Microsoft 365 Business Premium. The API supports streaming of device file, registry, network, sign-in events and more to Azure Event Hub, Azure Storage, and Microsoft Sentinel to support advanced hunting and attack detection. See [Use the streaming API (preview) with Microsoft Defender for Business](../security/defender-business/mdb-streaming-api.md).
- **Managed detection and response integration with Blackpoint Cyber**. This solution is ideal for customers who don't have the resources to invest in an in-house security operations center and for partners who want to augment their IT team with security experts to investigate, triage, and remediate the alerts generated by Defender for Business and Business Premium. [Learn more bout Blackpoint Cyber](https://aka.ms/BlackpointMSFT).
This article lists new features in the latest release of [Microsoft 365 Business
## January 2023 -- **Attack surface reduction capabilities are rolling out**. [Attack surface reduction capabilities in Defender for Business](../security/defender-business/mdb-asr.md) include attack surface reduction rules and a new attack surface reduction rules report. Attack surface reduction rules target certain behaviors that are considered risky because they're commonly abused by attackers through malware. In the Microsoft Defender portal ([https://security.microsoft.com/](https://security.microsoft.com/)), you can now view a report showing detections and configuration information for attack surface reduction rules. In the navigation pane, choose **Reports**, and under **Endpoints**, choose **Attack surface reduction rules**.
+- **Attack surface reduction capabilities are rolling out**. [Attack surface reduction capabilities in Defender for Business](../security/defender-business/mdb-asr.md) include attack surface reduction rules and a new attack surface reduction rules report. Attack surface reduction rules target certain behaviors that are considered risky because they're commonly abused by attackers through malware. In the Microsoft Defender portal ([https://security.microsoft.com/](https://security.microsoft.com/)), you can now view a report showing detections and configuration information for attack surface reduction rules. In the navigation pane, choose **Reports**, and under **Endpoints**, choose **Attack surface reduction rules**.
-- **Default experience for Defender for Business when an enterprise plan is added**. Defender for Business now retains its default experience ([simplified configuration and setup](../security/defender-business/mdb-simplified-configuration.md)) even if an enterprise plan, such as [Defender for Endpoint Plan 2](../security/defender-endpoint/microsoft-defender-endpoint.md) or [Microsoft Defender for Servers Plan 1 or 2](/azure/defender-for-cloud/plan-defender-for-servers) is added. To learn more, see [What happens if I have a mix of Microsoft endpoint security subscriptions](/microsoft-365/security/defender-business/mdb-faq?#what-happens-if-i-have-a-mix-of-microsoft-endpoint-security-subscriptions)?
+- **Default experience for Defender for Business when an enterprise plan is added**. Defender for Business now retains its default experience ([simplified configuration and setup](../security/defender-business/mdb-simplified-configuration.md)) even if an enterprise plan, such as [Defender for Endpoint Plan 2](../security/defender-endpoint/microsoft-defender-endpoint.md) or [Microsoft Defender for Servers Plan 1 or 2](/azure/defender-for-cloud/plan-defender-for-servers) is added. To learn more, see [What happens if I have a mix of Microsoft endpoint security subscriptions](/microsoft-365/security/defender-business/mdb-faq?#what-happens-if-i-have-a-mix-of-microsoft-endpoint-security-subscriptions)?
## November 2022 - **[Microsoft Defender for Business servers](../security/defender-business/get-defender-business-servers.md)**, a new add-on for Defender for Business, is now generally available. To learn more, see the following articles:
- - [How to get Microsoft Defender for Business servers](../security/defender-business/get-defender-business-servers.md)
- - [Tech Community Blog: Server security made simple for small businesses](https://techcommunity.microsoft.com/t5/small-and-medium-business-blog/server-security-made-simple-for-small-businesses/ba-p/3648928)
+ - [How to get Microsoft Defender for Business servers](../security/defender-business/get-defender-business-servers.md)
+ - [Tech Community Blog: Server security made simple for small businesses](https://techcommunity.microsoft.com/t5/small-and-medium-business-blog/server-security-made-simple-for-small-businesses/ba-p/3648928)
- **License reporting (preview) in Defender for Business**. A new report (rolling out in preview) enables you to view your Defender for Business license usage. To learn more, see [Reports in Microsoft Defender for Business](../security/defender-business/mdb-reports.md).
This article lists new features in the latest release of [Microsoft 365 Business
## May 2022 - **Defender for Business** (standalone) is now generally available. To learn more, see the following resources:-
- - [Tech Community blog: Introducing Microsoft Defender for Business](https://techcommunity.microsoft.com/t5/small-and-medium-business-blog/introducing-microsoft-defender-for-business/ba-p/2898701)
- - [What is Microsoft Defender for Business?](../security/defender-business/mdb-overview.md)
- - [Get Microsoft Defender for Business](../security/defender-business/get-defender-business.md)
+ - [Tech Community blog: Introducing Microsoft Defender for Business](https://techcommunity.microsoft.com/t5/small-and-medium-business-blog/introducing-microsoft-defender-for-business/ba-p/2898701)
+ - [What is Microsoft Defender for Business?](../security/defender-business/mdb-overview.md)
+ - [Get Microsoft Defender for Business](../security/defender-business/get-defender-business.md)
## March 2022
business-premium M365bp Mfa For Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-mfa-for-users.md
f1.keywords:
- NOCSH -+ audience: Admin Last updated 05/02/2023 ms.localizationpriority: medium-+ - M365-Campaigns - m365solution-smb - highpri
business-premium M365bp Onboard Devices Mdb https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-onboard-devices-mdb.md
description: Onboard your organization's devices to Microsoft Defender for Busin
search.appverid: MET150 -+ audience: Admin Last updated 07/19/2023 ms.localizationpriority: medium -
+f1.keywords: NOCSH
+ - SMB - m365-security - tier1
This article also includes:
## Use automatic onboarding for Windows devices that are already enrolled in Intune
-You can onboard Windows client devices to Defender for Business automatically if those devices are already enrolled in Intune. Defender for Business detects Windows client devices that are already enrolled in Intune, and prompts you to choose whether to onboard those devices automatically. Security policies and settings in Defender for Business are then applied to those devices. We call this process *automatic onboarding*.
+You can onboard Windows client devices to Defender for Business automatically if those devices are already enrolled in Intune. Defender for Business detects Windows client devices that are already enrolled in Intune, and prompts you to choose whether to onboard those devices automatically. Security policies and settings in Defender for Business are then applied to those devices. We call this process *automatic onboarding*.
-Automatic onboarding helps get your devices protected almost immediately.
+Automatic onboarding helps get your devices protected almost immediately.
Note that the automatic onboarding option applies to Windows client devices only, if the following conditions are met: - Your organization was already using Intune or Mobile Device Management (MDM) in Intune before you got Defender for Business (Microsoft 365 Business Premium customers already have Microsoft Intune and MDM).
See [Onboard devices to Microsoft Defender for Business](../security/defender-bu
## Onboard mobile devices using the Microsoft Defender app
-You can now onboard Android and iOS devices using the Microsoft Defender app. With [mobile threat defense capabilities in Defender for Business](../security/defender-business/mdb-mtd.md), users download the Microsoft Defender app from Google Play or the Apple App Store, sign in, and complete onboarding steps.
+You can now onboard Android and iOS devices using the Microsoft Defender app. With [mobile threat defense capabilities in Defender for Business](../security/defender-business/mdb-mtd.md), users download the Microsoft Defender app from Google Play or the Apple App Store, sign in, and complete onboarding steps.
For detailed instructions, see the **Mobile devices** tab in [Onboard devices to Microsoft Defender for Business](../security/defender-business/mdb-onboard-devices.md).
To learn more about mobile threat defense, see [Mobile threat defense capabiliti
## Use Intune to enroll devices
-To enroll a device, you can enroll it yourself, or have users sign in to the company portal app, enroll their devices, and then install any apps that are needed.
+To enroll a device, you can enroll it yourself, or have users sign in to the company portal app, enroll their devices, and then install any apps that are needed.
If you were already using Intune or Mobile Device Management before you got Defender for Business, you can continue to use Intune to onboard your organization's devices. With Intune, you can onboard computers, tablets, and phones, including iOS and Android devices.
-See [Device enrollment in Microsoft Intune](/mem/intune/enrollment/device-enrollment).
+See [Device enrollment in Microsoft Intune](/mem/intune/enrollment/device-enrollment).
## What about servers?
After the command has run, the Command Prompt window closes automatically. If su
## Onboard devices gradually
-If you prefer to onboard devices in phases, which we call *gradual device onboarding*, follow these steps:
+If you prefer to onboard devices in phases, which we call *gradual device onboarding*, follow these steps:
1. Identify a set of devices to onboard.
If you prefer to onboard devices in phases, which we call *gradual device onboar
4. Select an operating system (such as **Windows 10 and 11)**, and then choose an onboarding method (such as **Local script**). Follow the guidance provided for the method you selected.
-5. Repeat this process for each set of devices you want to onboard.
+5. Repeat this process for each set of devices you want to onboard.
> [!TIP] > You don't have to use the same onboarding package every time you onboard devices. For example, you can use a local script to onboard some devices, and later on, you can choose another method to onboard more devices.
If you want to offboard a device, use one of the following procedures:
2. Under **Device management**, choose **Offboarding**.
-3. Select an operating system, such as **Windows 10 and 11**, and then, under **Offboard a device**, in the **Deployment method** section, choose **Local script**.
+3. Select an operating system, such as **Windows 10 and 11**, and then, under **Offboard a device**, in the **Deployment method** section, choose **Local script**.
4. In the confirmation screen, review the information, and then choose **Download** to proceed. 5. Select **Download offboarding package**. We recommend saving the offboarding package to a removable drive.
-6. Run the script on each device that you want to offboard. Need help with this task? See the following resources:
-
- - Windows devices: [Offboard Windows devices using a local script](../security/defender-endpoint/configure-endpoints-script.md#offboard-devices-using-a-local-script)
+6. Run the script on each device that you want to offboard. Need help with this task? See the following resources:
+ - Windows devices: [Offboard Windows devices using a local script](../security/defender-endpoint/configure-endpoints-script.md#offboard-devices-using-a-local-script)
- Mac: [Uninstalling on Mac](../security/defender-endpoint/mac-resources.md#uninstalling) > [!IMPORTANT]
business-premium M365bp Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-overview.md
f1.keywords:
- NOCSH -+ ms.audience: Admin Last updated 11/02/2023 ms.localizationpriority: medium-+ - M365-Campaigns - m365solution-overview - m365solution-smb
description: "Learn how to implement cybersecurity for small or medium sized bus
# Microsoft 365 Business Premium ΓÇô productivity and cybersecurity for small business
-Microsoft 365 Business Premium-ΓÇöwith its world class [productivity and cybersecurity](why-choose-microsoft-365-business-premium.md) capabilitiesΓÇö-is a wise choice for small and medium-sized businesses. Designed for small and medium-sized businesses (up to 300 users), Microsoft 365 Business Premium helps safeguard your data, devices, and information.
+Microsoft 365 Business PremiumΓÇöwith its world class [productivity and cybersecurity](why-choose-microsoft-365-business-premium.md) capabilitiesΓÇöis a wise choice for small and medium-sized businesses. Designed for small and medium-sized businesses (up to 300 users), Microsoft 365 Business Premium helps safeguard your data, devices, and information.
-You are your organization's first and best defense against hackers and cyberattackers, including random individuals, organized crime, or highly sophisticated nation states. The task before you is this: let Microsoft 365 Business Premium help secure your organizationΓÇÖs future! Approach this task by taking on the following six goals:
+You are your organization's first and best defense against hackers and cyberattackers, including random individuals, organized crime, or highly sophisticated nation states. The task before you is this: let Microsoft 365 Business Premium help secure your organization's future! Approach this task by taking on the following six goals:
:::image type="content" source="media/sixmissions.png" alt-text="Diagram listing your six goals.":::
-| What to do | How to do it |
+|What to do|How to do it|
|:|:|
-| **Fortify your environment** <br/> (Tasks your admin completes.) | [**1. Sign in and set up your environment**](m365-business-premium-setup.md). Complete the basic setup process for Microsoft 365 Business Premium (or [Microsoft 365 for Campaigns](m365-campaigns-setup.md)). Add users, assign licenses, and configure your domain to work with Microsoft 365. Get a quick setup guide to share with employees.<br/><br/>[**2. Configure your security protection**](m365bp-security-overview.md). Set up critical front-line security measures to prevent cyberattacks. Set up multi-factor authentication (MFA), protect your admin accounts, and protect against malware and other threats. Get an overview of how to secure unmanaged and managed devices, and set up your information protection capabilities. |
-| **Train your team**.<br/>(Tasks everyone does.) | [**3. Set up unmanaged (BYOD) devices**](m365bp-set-up-unmanaged-devices.md). Set up all the unmanaged ("bring your own device," also referred to as BYOD) devices so they're used more safely as part of your ecosystem.<br/><br/>[**4. Use email securely**](m365bp-use-email-securely.md). Know what to watch for in your email, and train everyone on the necessary steps to protect yourself and others from attacks.<br/><br/>[**5. Collaborate and share securely**](m365bp-collaborate-share-securely.md). Share files with others and collaborate more securely by using Microsoft Teams, SharePoint, and OneDrive. |
-| **Safeguard managed devices**. <br/>(Tasks your admin or security team does.) | [**6. Set up and secure managed devices**](m365bp-protect-managed-devices.md). Enroll and secure computers, tablets, and phones so they can be protected from threats. |
+|**Fortify your environment** <br/> (Tasks your admin completes.)|[**1. Sign in and set up your environment**](m365-business-premium-setup.md). Complete the basic setup process for Microsoft 365 Business Premium (or [Microsoft 365 for Campaigns](m365-campaigns-setup.md)). Add users, assign licenses, and configure your domain to work with Microsoft 365. Get a quick setup guide to share with employees.<br/><br/>[**2. Configure your security protection**](m365bp-security-overview.md). Set up critical front-line security measures to prevent cyberattacks. Set up multi-factor authentication (MFA), protect your admin accounts, and protect against malware and other threats. Get an overview of how to secure unmanaged and managed devices, and set up your information protection capabilities.|
+|**Train your team**.<br/>(Tasks everyone does.)|[**3. Set up unmanaged (BYOD) devices**](m365bp-set-up-unmanaged-devices.md). Set up all the unmanaged ("bring your own device," also referred to as BYOD) devices so they're used more safely as part of your ecosystem.<br/><br/>[**4. Use email securely**](m365bp-use-email-securely.md). Know what to watch for in your email, and train everyone on the necessary steps to protect yourself and others from attacks.<br/><br/>[**5. Collaborate and share securely**](m365bp-collaborate-share-securely.md). Share files with others and collaborate more securely by using Microsoft Teams, SharePoint, and OneDrive.|
+|**Safeguard managed devices**. <br/>(Tasks your admin or security team does.)|[**6. Set up and secure managed devices**](m365bp-protect-managed-devices.md). Enroll and secure computers, tablets, and phones so they can be protected from threats.|
-Completing all six goals is the most effective way to thwart hackers, protect against ransomware, and help ensure your organizationΓÇÖs future is safeguarded with the best cybersecurity defenses.
+Completing all six goals is the most effective way to thwart hackers, protect against ransomware, and help ensure your organization's future is safeguarded with the best cybersecurity defenses.
**Let's get started!**
The guidance in these goals is based upon the [Zero Trust security model](/secur
Proceed to [Sign in and set up Microsoft 365 Business Premium](m365-business-premium-setup.md). See [What's new in Microsoft 365 Business Premium and Microsoft Defender for Business](m365bp-mdb-whats-new.md)--
business-premium M365bp Protect Admin Accounts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-protect-admin-accounts.md
f1.keywords:
- NOCSH -+ audience: Admin Last updated 10/26/2022 ms.localizationpriority: medium-+ - M365-Campaigns - m365solution-smb - highpri
Use admin accounts only for Microsoft 365 administration. Admins should have a s
You'll want to set up at least one other Global admin account to give admin access to another trusted employee. You can also create separate admin accounts for user management (this role is called **User management administrator**). For more information, see [about admin roles](/office365/admin/add-users/about-admin-roles). > [!IMPORTANT]
-> Although we recommend setting up a set of admin accounts, you'll want to limit the number of global admins for your organization. In addition, we recommend adhering to the concept of least-privilege access, which means you grant access to only the data and operations needed to perform their jobs. [Learn more about the principle of least privilege](/azure/active-directory/develop/secure-least-privileged-access).
+> Although we recommend setting up a set of admin accounts, you'll want to limit the number of global admins for your organization. In addition, we recommend adhering to the concept of least-privilege access, which means you grant access to only the data and operations needed to perform their jobs. [Learn more about the principle of least privilege](/azure/active-directory/develop/secure-least-privileged-access).
To create more admin accounts:
To create more admin accounts:
![Choose Users and then Active users in the left nav.](../media/Activeusers.png)
- 2. On the **Active users** page, select **Add a user** at the top of the page.
+ 2. On the **Active users** page, select **Add a user** at the top of the page.
3. In the **Add a user** panel, enter basic information such as name and username information.
business-premium M365bp Protect Against Malware Cyberthreats https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-protect-against-malware-cyberthreats.md
f1.keywords:
- NOCSH -+ audience: Admin
This article describes how to increase your threat protection with Microsoft 365
3. [Adjust sharing settings for SharePoint and OneDrive files and folders](#3-adjust-sharing-settings-for-sharepoint-and-onedrive-files-and-folders) to prevent accidental oversharing of files. 4. [Set up and review your alert policies](#4-set-up-and-review-your-alert-policies) to protect against data loss. 5. [Manage calendar sharing](#5-manage-calendar-sharing) to determine whether employees can share their calendars with external users or manage the level of detail that can be shared.
-6. [Create more security policies for email and collaboration](#6-create-additional-security-policies-for-email-and-collaboration-if-needed) (if needed). Preset security policies provide strong protection; however, you can define your own custom policies to suit your company's needs.
+6. [Create more security policies for email and collaboration](#6-create-additional-security-policies-for-email-and-collaboration-if-needed) (if needed). Preset security policies provide strong protection; however, you can define your own custom policies to suit your company's needs.
## 1. Review and apply preset security policies for email and collaboration
Your subscription includes [preset security policies](../security/office-365-sec
:::image type="content" source="media/m365bp-presetsecuritypolicies.png" alt-text="Screenshot of preset security policies."::: > [!NOTE]
-> Preset security policies are not the same thing as [security defaults](m365bp-turn-on-mfa.md). Typically, you'll be using *either* security defaults *or* Conditional Access first, and then you'll add your security policies. [Preset security policies](#what-are-preset-security-policies) simplify the process of adding your security policies. You can also [create optional custom security policies](#6-create-additional-security-policies-for-email-and-collaboration-if-needed) (if needed).
+> Preset security policies are not the same thing as [security defaults](m365bp-turn-on-mfa.md). Typically, you'll be using *either* security defaults *or* Conditional Access first, and then you'll add your security policies. [Preset security policies](#what-are-preset-security-policies) simplify the process of adding your security policies. You can also [create optional custom security policies](#6-create-additional-security-policies-for-email-and-collaboration-if-needed) (if needed).
### What are preset security policies?
Preset security policies provide protection for your email and collaboration con
The following table summarizes the levels of protection and preset policy types. | Level of protection | Description |
-|:|:|
+|||
| **Standard protection** <br/>(*recommended for most businesses*) | Standard protection uses a baseline profile that's suitable for most users. Standard protection includes anti-spam, anti-malware, anti-phishing, spoof settings, impersonation settings, Safe Links, and Safe Attachments policies. | | **Strict protection** | Strict protection includes the same kinds of policies as standard protection, but with more stringent settings. If your business must meet extra security requirements or regulations, consider applying strict protection to at least your priority users or high value targets. | | **Built-in protection** | Protects against malicious links and attachments in email. Built-in protection is enabled and applied to all users by default. |
If users are assigned multiple policies, an order of priority is used to apply t
1. **Strict protection** receives the highest priority and overrides all other policies.
-2. **Standard protection**
+2. **Standard protection**
3. **Custom security policies** 4. **Built-in protection** receives the lowest priority and is overridden by strict protection, standard protection, and custom policies.
-Strict protection overrides all other policies, and other policies override built-in protection.
+Strict protection overrides all other policies, and other policies override built-in protection.
To learn more about preset security policies, see [Preset security policies in EOP and Microsoft Defender for Office 365](../security/office-365-security/preset-security-policies.md).
To learn more about preset security policies, see [Preset security policies in E
> [!IMPORTANT] > Before you begin, make sure you have one of the following roles assigned in Exchange Online (which is included in your subscription):
->
+>
> - Global Administrator > - Organization Management > - Security Administrator
->
+>
> To learn more, see [Permissions in Exchange Online](/exchange/permissions-exo/permissions-exo) and [About admin roles](../admin/add-users/about-admin-roles.md). To assign preset security policies, follow these steps:
To assign preset security policies, follow these steps:
> [!TIP] > To learn more about assigning preset security policies, see the following articles:
+>
> - [Use the Microsoft Defender portal to assign Standard and Strict preset security policies to users](../security/office-365-security/preset-security-policies.md#use-the-microsoft-365-defender-portal-to-assign-standard-and-strict-preset-security-policies-to-users) > - [Recommended settings for email and collaboration content](../security/office-365-security/recommended-settings-for-eop-and-office365.md) (Microsoft 365 Business Premium includes Exchange Online Protection and Microsoft Defender for Office 365 Plan 1)
To assign preset security policies, follow these steps:
Microsoft 365 Business Premium includes [Defender for Business](../security/defender-business/mdb-overview.md), which provides advanced protection for your organization's devices, including client computers, tablets, and mobile phones. Server protection is also available if you have Microsoft Defender for Business servers.
-To turn on Defender for Business, you actually initiate the provisioning process.
+To turn on Defender for Business, you actually initiate the provisioning process.
1. Go to the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) and sign in.
The following image shows some of the default policies that are included with Mi
You can view your alerts in either the Microsoft Defender portal or the Microsoft Purview compliance portal.
-| Type of alert | What to do |
-|||
-| Security alert, such as when a user selects a malicious link, an email is reported as malware or phish, or a device is detected as containing malware | Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a> and under **Email & collaboration** select **Policies & rules** > **Alert policy**. Alternatively, you can go directly to <https://security.microsoft.com/alertpolicies>. |
-| Compliance alert, such as when a user shares sensitive or confidential information (data loss prevention alert) or there's an unusual volume of external file sharing (information governance alert) | Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft Purview compliance portal</a>, and then select **Policies** > **Alert** > **Alert policies**. |
+|Type of alert|What to do|
+|||
+|Security alert, such as when a user selects a malicious link, an email is reported as malware or phish, or a device is detected as containing malware|Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a> and under **Email & collaboration** select **Policies & rules** > **Alert policy**. Alternatively, you can go directly to <https://security.microsoft.com/alertpolicies>.|
+|Compliance alert, such as when a user shares sensitive or confidential information (data loss prevention alert) or there's an unusual volume of external file sharing (information governance alert)|Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft Purview compliance portal</a>, and then select **Policies** \> **Alert** \> **Alert policies**.|
For more information, see [View alerts](../compliance/alert-policies.md#view-alerts).
If your users are allowed to share their calendars, see [these instructions](htt
## 6. Create additional security policies for email and collaboration (if needed)
-The [preset security policies](#what-are-preset-security-policies) described earlier in this article provide strong protection for most businesses. However, you're not limited to using preset security policies only. You can define your own custom security policies to suit your company's needs.
+The [preset security policies](#what-are-preset-security-policies) described earlier in this article provide strong protection for most businesses. However, you're not limited to using preset security policies only. You can define your own custom security policies to suit your company's needs.
For more information about using preset security policies or custom policies, see [Determine your protection policy strategy](../security/office-365-security/mdo-deployment-guide.md#determine-your-protection-policy-strategy).
business-premium M365bp Protect Managed Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-protect-managed-devices.md
f1.keywords:
- NOCSH -+ audience: Admin Last updated 11/02/2023 ms.localizationpriority: medium-+ - M365-Campaigns - m365solution-smb - m365-security
description: "Learn how to secure managed devices from security threats and cybe
:::image type="content" source="media/mission6.png" alt-text="Diagram with Set Up and Secure Managed Devices highlighted.":::
-Microsoft 365 Business Premium includes [Microsoft Defender for Business](../security/defender-business/mdb-overview.md) to help protect your organization's devices from ransomware, malware, phishing, and other threats.
+Microsoft 365 Business Premium includes [Microsoft Defender for Business](../security/defender-business/mdb-overview.md) to help protect your organization's devices from ransomware, malware, phishing, and other threats.
> [!NOTE] > This article applies primarily to managed devices. Guidance for protecting unmanaged devices is available here: [Set up unmanaged (BYOD) devices](m365bp-set-up-unmanaged-devices.md).
->
+>
> [Learn more about managed and unmanaged devices](m365bp-managed-unmanaged-devices.md). Your tasks are to:
business-premium M365bp Review Remediation Actions Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-review-remediation-actions-devices.md
description: See how to view remediations that were taken automatically or that
search.appverid: MET150 -+ audience: Admin Last updated 10/26/2023 ms.localizationpriority: medium -
+f1.keywords: NOCSH
+ - SMB - m365-security - m365-initiative-defender-business
Examples of remediation actions include sending a file to quarantine, stopping a
- [How to use the Action center](#how-to-use-your-action-center). - [Types of remediation actions](#types-of-remediation-actions). - ## How to use your Action center 1. Go to the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), and sign in.
Your subscription includes several different types of remediation actions for de
The following table lists remediation actions that are available:
-| Source | Actions |
-|||
-| [Automated attack disruption](../security/defender-business/mdb-attack-disruption.md) (NEW!) | - Contain a device<br/>- Contain a user account on a device |
-| [Automated investigations](../security/defender-endpoint/automated-investigations.md) | - Quarantine a file <br/>- Remove a registry key <br/>- Kill a process <br/>- Stop a service <br/>- Disable a driver <br/>- Remove a scheduled task |
-| [Manual response actions](../security/defender-endpoint/respond-machine-alerts.md) | - Run antivirus scan <br/>- Isolate device <br/>- Add an indicator to block or allow a file |
-| [Live response](../security/defender-endpoint/live-response.md) | - Collect forensic data <br/>- Analyze a file <br/>- Run a script <br/>- Send a suspicious entity to Microsoft for analysis <br/>- Remediate a file <br/>- Proactively hunt for threats |
+|Source|Actions|
+|||
+|[Automated attack disruption](../security/defender-business/mdb-attack-disruption.md) (NEW!)|<ul><li>Contain a device</li><li>Contain a user account on a device</li></ul>|
+|[Automated investigations](../security/defender-endpoint/automated-investigations.md)|<ul><li>Quarantine a file/li><li>Remove a registry key/li><li>Kill a process/li><li>Stop a service/li><li>Disable a driver/li><li>Remove a scheduled task</li></ul>|
+|[Manual response actions](../security/defender-endpoint/respond-machine-alerts.md)|<ul><li>Run antivirus scan/li><li>Isolate device/li><li>Add an indicator to block or allow a file</li></ul>|
+|[Live response](../security/defender-endpoint/live-response.md)|<ul><li>Collect forensic data/li><li>Analyze a file/li><li>Run a script/li><li>Send a suspicious entity to Microsoft for analysis/li><li>Remediate a file/li><li>Proactively hunt for threats</li></ul>|
business-premium M365bp Review Threats Take Action https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-review-threats-take-action.md
Title: "Review detected threats on devices and take action"
f1.keywords: NOCSH -+ audience: Admin-+ Last updated 10/26/2023 ms.localizationpriority: medium
- m365-security - tier1 search.appverid: MET150
-description: "Learn how to review and manage threats detected by Microsoft Defender Antivirus on your Windows devices."
+description: "Learn how to review and manage threats detected by Microsoft Defender Antivirus on your Windows devices."
# Review detected threats
business-premium M365bp Security Incident Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-security-incident-management.md
f1.keywords:
- NOCSH -+ audience: Admin Last updated 09/15/2022 ms.localizationpriority: medium-+ - M365-Campaigns - m365solution-smb - m365-security
description: "An overview of security incident management"
# Security incident management
-After you have set up and configured your security capabilities in Microsoft 365 Business Premium, your security team can monitor and address any detected threats. As threats are detected, alerts are generated and incidents are created. Remediation actions can come into play to help mitigate threats.
+After you have set up and configured your security capabilities in Microsoft 365 Business Premium, your security team can monitor and address any detected threats. As threats are detected, alerts are generated and incidents are created. Remediation actions can come into play to help mitigate threats.
Want to see how it works? Watch this short video on a typical incident response.
To learn more about incident responses, see the following articles:
- [Review security recommendations](../security/defender-business/mdb-view-tvm-dashboard.md?toc=/microsoft-365/business-premium/toc.json&bc=/microsoft-365/business-premium/breadcrumb/toc.json). - [Review detected threats and take action](m365bp-review-threats-take-action.md). - [Review remediation actions](m365bp-review-remediation-actions-devices.md).-- [Respond to a compromised email account](../security/office-365-security/responding-to-a-compromised-email-account.md).
+- [Respond to a compromised email account](../security/office-365-security/responding-to-a-compromised-email-account.md).
business-premium M365bp Security Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-security-overview.md
f1.keywords:
- NOCSH -+ audience: Admin Last updated 11/02/2023 ms.localizationpriority: medium-+ - M365-Campaigns - m365solution-smb - m365-security
After you have completed the basic setup process for [Microsoft 365 Business Pre
5. [Set up information protection capabilities](m365bp-set-up-compliance.md). > [!TIP]
-> If you're a Microsoft partner, see [Resources for Microsoft partners working with small and medium-sized businesses](../security/defender-business/mdb-partners.md) and download our security guide and checklist!
+> If you're a Microsoft partner, see [Resources for Microsoft partners working with small and medium-sized businesses](../security/defender-business/mdb-partners.md) and download our security guide and checklist!
business-premium M365bp Set Up Compliance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-set-up-compliance.md
f1.keywords:
- NOCSH -+ audience: Admin
description: "Set up your information protection capabilities for compliance and
# Set up information protection capabilities
-Your Microsoft 365 Business Premium subscription includes information protection capabilities for compliance and privacy. These capabilities include sensitivity labels, data loss prevention (DLP), and encryption. You can use your information protection capabilities to help protect your company's data, and keep your and your customers' sensitive information more secure.
+Your Microsoft 365 Business Premium subscription includes information protection capabilities for compliance and privacy. These capabilities include sensitivity labels, data loss prevention (DLP), and encryption. You can use your information protection capabilities to help protect your company's data, and keep your and your customers' sensitive information more secure.
Use this article to get started with your information protection capabilities.
business-premium M365bp Set Up Unmanaged Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-set-up-unmanaged-devices.md
f1.keywords:
- NOCSH -+ audience: Admin Last updated 11/02/2023 ms.localizationpriority: medium-+ - M365-Campaigns - m365solution-smb - m365-security
business-premium M365bp Threats Detected Defender Av https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-threats-detected-defender-av.md
Title: "Threats detected by Microsoft Defender Antivirus"
f1.keywords: CSH -+ audience: Admin-+ -+ - m365-security - tier1 Last updated 09/15/2022
Microsoft Defender Antivirus protects your Windows devices from software threats
- Viruses typically spread by attaching their code to other files on your device or network and can cause infected programs to work incorrectly. - Malware includes malicious files, applications, and code that can cause damage and disrupt normal use of devices. Also, malware can allow unauthorized access, use system resources, steal passwords and account information, lock you out of your computer and ask for ransom, and more. - Spyware collects data, such as web-browsing activity, and sends the data to remote servers.
-
+ To provide threat protection, Microsoft Defender Antivirus uses several methods. These methods include cloud-delivered protection, real-time protection, and dedicated protection updates. - Cloud-delivered protection helps provide near-instant detection and blocking of new and emerging threats. - Always-on scanning uses file- and process-behavior monitoring and other techniques (also known as *real-time protection*).-- Dedicated protection updates are based on machine learning, human and automated big-data analysis, and in-depth threat resistance research.
+- Dedicated protection updates are based on machine learning, human and automated big-data analysis, and in-depth threat resistance research.
-To learn more about malware and Microsoft Defender Antivirus, see the following articles:
+To learn more about malware and Microsoft Defender Antivirus, see the following articles:
- [Understanding malware & other threats](/windows/security/threat-protection/intelligence/understanding-malware) - [How Microsoft identifies malware and potentially unwanted applications](/windows/security/threat-protection/intelligence/criteria) - [Next-generation protection in Windows 10](/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10)
-## What happens when a non-Microsoft antivirus solution is used?
+## What happens when a non-Microsoft antivirus solution is used?
-Microsoft Defender Antivirus is part of the operating system and is enabled on devices that are running Windows 10. However, if you're using a non-Microsoft antivirus solution and you aren't using [Microsoft Defender for Endpoint](/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection), then Microsoft Defender Antivirus automatically goes into disabled mode.
+Microsoft Defender Antivirus is part of the operating system and is enabled on devices that are running Windows 10. However, if you're using a non-Microsoft antivirus solution and you aren't using [Microsoft Defender for Endpoint](/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection), then Microsoft Defender Antivirus automatically goes into disabled mode.
When in disabled mode, users and customers can still use Microsoft Defender Antivirus for scheduled or on-demand scans to identify threats; however, Microsoft Defender Antivirus will no longer:
When in disabled mode, users and customers can still use Microsoft Defender Anti
If you uninstall the non-Microsoft antivirus solution, Microsoft Defender Antivirus will automatically go into active mode to protect your Windows devices from threats. > [!TIP]
+>
> - If you're using Microsoft 365, consider using Microsoft Defender Antivirus as your primary antivirus solution. Integration can provide better protection. See [Better together: Microsoft Defender Antivirus and Office 365](/windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus). > - Make sure to keep Microsoft Defender Antivirus up to date, even if you're using a non-Microsoft antivirus solution.
If you uninstall the non-Microsoft antivirus solution, Microsoft Defender Antivi
When threats are detected by Microsoft Defender Antivirus, the following things happen: -- Users receive [notifications in Windows](https://support.microsoft.com/windows/8942c744-6198-fe56-4639-34320cf9444e). -- Detections are listed in the [Windows Security app](/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center) on the **Protection history** page.
+- Users receive [notifications in Windows](https://support.microsoft.com/windows/8942c744-6198-fe56-4639-34320cf9444e).
+- Detections are listed in the [Windows Security app](/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center) on the **Protection history** page.
- If you've [secured your Windows 10 devices](../admin/setup/secure-win-10-pcs.md) and [enrolled them in Intune](/mem/intune/enrollment/windows-enrollment-methods), and your organization has 800 or fewer devices enrolled, you'll see threat detections and insights in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a> on the **Threats and antivirus** page, which you can access from the **Microsoft Defender Antivirus** card on the **Home** page (or from the navigation pane by selecting **Health** > **Threats & antivirus**). If your organization has more than 800 devices enrolled in Intune, you'll be prompted to view threat detections and insights from Microsoft Intune instead of from the **Threats and antivirus** page.
-
+ > [!NOTE] > The **Microsoft Defender Antivirus** card and **Threats and antivirus** page are being rolled out in phases, so you may not have immediate access to them.
-In most cases, users don't need to take any further action. As soon as a malicious file or program is detected on a device, Microsoft Defender Antivirus blocks it and prevents it from running. Plus, newly detected threats are added to the antivirus and antimalware engine so that other devices and users are protected, as well.
+In most cases, users don't need to take any further action. As soon as a malicious file or program is detected on a device, Microsoft Defender Antivirus blocks it and prevents it from running. Plus, newly detected threats are added to the antivirus and antimalware engine so that other devices and users are protected, as well.
If there's an action a user needs to take, such as approving the removal of a malicious file, they'll see that in the notification they receive. To learn more about actions that Microsoft Defender Antivirus takes on a user's behalf, or actions users might need to take, see [Protection History](https://support.microsoft.com/office/f1e5fd95-09b4-46d1-b8c7-1059a1e09708). To learn how to manage threat detections as an IT professional/admin, see [Review detected threats and take action](m365bp-review-threats-take-action.md).
-To learn more about different threats, visit the <a href="https://www.microsoft.com/wdsi/threats" target="_blank">Microsoft Security Intelligence Threats site</a>, where you can perform the following actions:
+To learn more about different threats, visit the <a href="https://www.microsoft.com/wdsi/threats" target="_blank">Microsoft Security Intelligence Threats site</a>, where you can perform the following actions:
- View current information about top threats. - View the latest threats for a specific region.
To learn more about different threats, visit the <a href="https://www.microsoft.
[How to turn on and use Microsoft Defender Antivirus from the Windows Security app](/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus) (article)\ [How to turn on Microsoft Defender Antivirus by using Group Policy](/mem/intune/user-help/turn-on-defender-windows#turn-on-windows-defender) (article)\ [How to update your antivirus definitions](/mem/intune/user-help/turn-on-defender-windows#update-your-antivirus-definitions) (article)\
-[How to submit malware and non-malware to Microsoft for analysis](/microsoft-365/security/office-365-security/submissions-submit-files-to-microsoft) (article)
+[How to submit malware and non-malware to Microsoft for analysis](/microsoft-365/security/office-365-security/submissions-submit-files-to-microsoft) (article)
business-premium M365bp Trial Playbook Microsoft Business Premium https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-trial-playbook-microsoft-business-premium.md
f1.keywords:
- NOCSH -+ audience: Admin -+ - m365-security - tier1 Last updated 07/19/2023 ms.localizationpriority: medium
+search.appverid:
- MOE150 - MET150 description: "Make the most of your Microsoft 365 Business Premium trial. Try out some of the key productivity and security capabilities."
Microsoft 365 Business Premium includes Defender for Business, a new security so
<a name='start-using-the-microsoft-365-defender-portal-'></a>
-## Start using the Microsoft Defender portal
+## Start using the Microsoft Defender portal
1. Access the Microsoft Defender portal at [https://security.microsoft.com](https://security.microsoft.com).
business-premium M365bp Turn On Mfa https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-turn-on-mfa.md
f1.keywords:
- NOCSH -+ audience: Admin Last updated 11/02/2023 ms.localizationpriority: medium-+ - M365-Campaigns - m365solution-smb - highpri
MFA is an important first step in securing your company, and security defaults m
### To enable security defaults (or confirm they're already enabled) 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as least a [Security Administrator](/entra/identity/role-based-access-control/permissions-reference#security-administrator).
-1. Browse toΓÇ»**Identity**ΓÇ»> **Overview** > **Properties**.
+1. Browse to **Identity** \> **Overview** \> **Properties**.
1. Select **Manage security defaults**. 1. Set **Security defaults** to **Enabled**. 1. Select **Save**.
business-premium M365bp Upgrade Windows Pro https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-upgrade-windows-pro.md
f1.keywords:
- NOCSH -+ audience: Admin
description: "Learn how to upgrade your Windows devices to Windows 10 or 11 Pro
# Upgrade Windows devices to Windows 10 or 11 Pro
-If you have Windows devices running Windows 7 Pro, Windows 8 Pro, or Windows 8.1 Pro, your Microsoft 365 Business Premium subscription entitles you to upgrade those devices to Windows 10 or 11 Pro.
+If you have Windows devices running Windows 7 Pro, Windows 8 Pro, or Windows 8.1 Pro, your Microsoft 365 Business Premium subscription entitles you to upgrade those devices to Windows 10 or 11 Pro.
You can choose from several methods to upgrade:
You can choose from several methods to upgrade:
1. On a Windows device, sign in using your account for Microsoft 365 Business Premium.
-2. Go to Windows Update, and check for updates.
+2. Go to Windows Update, and check for updates.
3. If your device isn't running Windows 10 Pro, you'll be prompted to upgrade. Follow the prompts to complete your upgrade. ## Upgrade your device using the Microsoft Software Download site
-
-*The Windows Update method is preferred. However, you can select this option if the device that you're using right now is the same device that you want to update.*
+
+*The Windows Update method is preferred. However, you can select this option if the device that you're using right now is the same device that you want to update.*
1. Go to the [Microsoft Software Download site](https://go.microsoft.com/fwlink/?LinkID=836951).
-2. On the **Download Windows 10** site, select **Update now** to start upgrading the device to Windows 10 Pro.
+2. On the **Download Windows 10** site, select **Update now** to start upgrading the device to Windows 10 Pro.
## Create installation media from the Microsoft Software Download site *Select this option to create Windows 10 installation media (USB flash drive or ISO file) that you'll use to install Windows 10 on a different device than the one you're using right now.*
-
+ 1. Go to the [Microsoft Software Download site](https://go.microsoft.com/fwlink/?LinkID=836960).
-2. Follow the instructions on how to use the tool and create your installation media.
+2. Follow the instructions on how to use the tool and create your installation media.
> [!NOTE] > If you have Windows devices running Windows 7 Pro, Windows 8 Pro, or Windows 8.1 Pro, your Microsoft 365 Business Premium subscription entitles you upgrade those devices to Windows Pro 10.
You can choose from several methods to upgrade:
3. Select the option to upgrade to Windows 10/11 Pro. 4. Choose either **Learn more** or **Install**, and then follow the prompts. Note that you might need to purchase Windows 10 Pro.
-
+ ## See also [Activate Windows](https://support.microsoft.com/windows/activate-windows-c39005d4-95ee-b91e-b399-2820fda32227#WindowsVersion=Windows_10) [Microsoft 365 for business training videos](https://go.microsoft.com/fwlink/?linkid=2197659)--
business-premium M365bp Use Email Securely https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-use-email-securely.md
f1.keywords:
- NOCSH -+ audience: Admin Last updated 11/01/2023 ms.localizationpriority: medium-+ - M365-Campaigns - m365solution-smb - m365-security
description: "Know what to watch for in email. Train your team to guard against
:::image type="content" source="media/mission4.png" alt-text="Diagram with Use email securely highlighted.":::
-Microsoft 365 Business Premium includes features that help protect against threats. However, users play a role in using email securely, too. Email can contain malicious attacks that are cloaked as harmless communications. Email systems are especially vulnerable, because email is handled by everyone in the organization, and safety relies on people making consistently good decisions with those communications.
+Microsoft 365 Business Premium includes features that help protect against threats. However, users play a role in using email securely, too. Email can contain malicious attacks that are cloaked as harmless communications. Email systems are especially vulnerable, because email is handled by everyone in the organization, and safety relies on people making consistently good decisions with those communications.
This article describes how to help everyone in your organization to keep your information safe from attackers.
business-premium M365bp Use Labels Encryption https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-use-labels-encryption.md
f1.keywords:
- NOCSH -+ ms.audience: Admin Last updated 11/01/2023 ms.localizationpriority: medium-+ - M365-Campaigns - m365solution-smb - tier1
Before individuals send email with confidential or sensitive information, they s
## Set it up
-If you want to encrypt a message that doesn't meet a pre-defined rule or your admin hasn't set up any rules, you can apply a variety of different encryption rules before you send the message. To send an encrypted message from Outlook 2013 or 2016, or Outlook 2016 for Mac, select **Options > Permissions**, then select the protection option you need. You can also send an encrypted message by selecting the **Protect** button in Outlook on the web. For more information, see [Send, view, and reply to encrypted messages in Outlook for PC](https://support.microsoft.com/en-us/office/send-view-and-reply-to-encrypted-messages-in-outlook-for-pc-eaa43495-9bbb-4fca-922a-df90dee51980).
+If you want to encrypt a message that doesn't meet a pre-defined rule or your admin hasn't set up any rules, you can apply a variety of different encryption rules before you send the message. To send an encrypted message from Outlook 2013 or 2016, or Outlook 2016 for Mac, select **Options > Permissions**, then select the protection option you need. You can also send an encrypted message by selecting the **Protect** button in Outlook on the web. For more information, see [Send, view, and reply to encrypted messages in Outlook for PC](https://support.microsoft.com/office/send-view-and-reply-to-encrypted-messages-in-outlook-for-pc-eaa43495-9bbb-4fca-922a-df90dee51980).
## Admin settings
You create mail flow rules to encrypt email messages with Microsoft Purview Mess
2. Choose the Admin tile.
-3. In the Admin center, choose **Admin centers > Exchange**.
+3. In the Admin center, choose **Admin centers** \> **Exchange**.
For more information, see [Define mail flow rules to encrypt email messages](../compliance/define-mail-flow-rules-to-encrypt-email.md).
You can also apply branding to customize the look and the text in the email mess
## Next step
-[Learn how to collaborate securely](m365bp-collaborate-share-securely.md).
+[Learn how to collaborate securely](m365bp-collaborate-share-securely.md).
business-premium M365bp Users Install M365 Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-users-install-m365-apps.md
f1.keywords:
- NOCSH -+ audience: Admin Last updated 11/02/2023 ms.localizationpriority: medium-+ - M365-Campaigns - m365solution-smb - tier1
description: "How to install Microsoft 365 Apps also called Office apps on your
# Install Microsoft 365 Apps on your devices
-Microsoft 365 Business Premium includes Microsoft 365 Apps, such as Word, PowerPoint, Excel, OneNote, and Outlook. People in your organization can install these apps on their computers, tablets, and phone and have access to the most current features and security updates.
+Microsoft 365 Business Premium includes Microsoft 365 Apps, such as Word, PowerPoint, Excel, OneNote, and Outlook. People in your organization can install these apps on their computers, tablets, and phone and have access to the most current features and security updates.
> [!TIP] > This article applies primarily to unmanaged (or BYOD) devices. Microsoft 365 admins can manage Microsoft 365 installation options instead. To learn more, see the following articles:
+>
> - [Managed and unmanaged devices](m365bp-managed-unmanaged-devices.md). > - [Manage Microsoft 365 installation options in the Microsoft 365 admin center](/DeployOffice/manage-software-download-settings-office-365).
Microsoft 365 Business Premium includes Microsoft 365 Apps, such as Word, PowerP
Here's how users can install their apps:
-1. Go to [https://office.com](https://office.com), and sign in.
+1. Go to <https://office.com> and sign in.
-2. Select **Install apps** > **Premium Microsoft 365 Apps**. See [Install Microsoft 365 apps](../admin/setup/install-applications.md)
+2. Select **Install apps** \> **Premium Microsoft 365 Apps**. See [Install Microsoft 365 apps](../admin/setup/install-applications.md)
## See also - Install Microsoft 365 Apps: [Install Office on your PC or Mac](https://support.microsoft.com/office/4414eaaf-0478-48be-9c42-23adc4716658) - Set up mobile devices: [Microsoft 365 mobile setup - Help](https://support.microsoft.com/office/7dabb6cb-0046-40b6-81fe-767e0b1f014f)-- Set up email in Outlook: [Windows](https://support.microsoft.com/office/6e27792a-9267-4aa4-8bb6-c84ef146101b) or [Mac](https://support.microsoft.com/office/6e27792a-9267-4aa4-8bb6-c84ef146101b#PickTab=Outlook_for_Mac)
+- Set up email in Outlook: [Windows](https://support.microsoft.com/office/6e27792a-9267-4aa4-8bb6-c84ef146101b) or [Mac](https://support.microsoft.com/office/6e27792a-9267-4aa4-8bb6-c84ef146101b#PickTab=Outlook_for_Mac)
- [Upgrade users to the latest Microsoft 365 Apps](../admin/setup/upgrade-users-to-latest-office-client.md) ## Next step Set up protection for [unmanaged devices](m365bp-protect-pcs-macs.md).
-
business-premium M365bp Users Protect Unmanaged Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-users-protect-unmanaged-devices.md
f1.keywords:
- NOCSH -+ audience: Admin Last updated 11/02/2023 ms.localizationpriority: medium-+ - M365-Campaigns - m365solution-smb - highpri
With Microsoft 365 Business Premium, you can [secure managed devices](m365bp-pro
> [!NOTE] > This article applies primarily to unmanaged (or BYOD) devices. Guidance for protecting managed devices is available here: [Set up and secure managed devices](m365bp-protect-managed-devices.md).
->
## [Windows 10 or 11](#tab/Windows10-11)
With Microsoft 365 Business Premium, you can [secure managed devices](m365bp-pro
Device encryption is available on a wide range of Windows devices and helps protect your data by encrypting it. If you turn on device encryption, only authorized individuals are able to access your device and data. See [turn on device encryption](https://support.microsoft.com/help/4028713/windows-10-turn-on-device-encryption) for instructions.
- If device encryption isn't available on your device, you can turn on standard [BitLocker encryption](https://support.microsoft.com/help/4028713/windows-10-turn-on-device-encryption) instead. (BitLocker isn't available on Windows 10 Home edition.)
+If device encryption isn't available on your device, you can turn on standard [BitLocker encryption](https://support.microsoft.com/help/4028713/windows-10-turn-on-device-encryption) instead. (BitLocker isn't available on Windows 10 Home edition.)
### Protect your device with Windows Security
If you have an earlier version of Windows and are using Microsoft Security Essen
You should always run Windows Defender Firewall even if you have another firewall turned on. Turning off Windows Defender Firewall might make your device (and your network, if you have one) more vulnerable to unauthorized access. See [Turn Windows Firewall on or off](https://support.microsoft.com/help/4028544/windows-10-turn-windows-defender-firewall-on-or-off) for instructions.
-## Next step
+## Next step for Windows
Now, let's work on [securing the email system](m365bp-use-email-securely.md) against phishing and other attacks.
You can also reduce the risk of malware by using software only from reliable sou
Use firewall settings to protect your Mac from unwanted contact initiated by other computers when you're connected to the Internet or a network. Without this protection, your Mac might be more vulnerable to unauthorized access. See [about the application firewall](https://support.apple.com/HT201642) for instructions.
-## Next step
+## Next step for Mac
-Now, let's work on [securing email usage](m365bp-use-email-securely.md) against phishing and other attacks.
+Now, let's work on [securing email usage](m365bp-use-email-securely.md) against phishing and other attacks.
business-premium M365bp View Edit Create Mdb Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-view-edit-create-mdb-policies.md
description: View, edit, create, and delete device protection policies in Micros
search.appverid: MET150 -+ audience: Admin Last updated 07/19/2023 ms.localizationpriority: medium -
+f1.keywords: NOCSH
+ - SMB - m365-security - tier1
The following details apply to working with your policies in the Microsoft Defen
4. On the **General information** tab, review the information. If necessary, you can edit the description. Then choose **Next**.
-5. On the **Device groups** tab, determine which device groups should receive this policy.
+5. On the **Device groups** tab, determine which device groups should receive this policy.
- To keep the selected device group as it is, choose **Next**. - To remove a device group from the policy, select **Remove**.
The following details apply to working with your policies in the Microsoft Defen
After you have specified which device groups should receive the policy, choose **Next**.
-6. On the **Configuration settings** tab, review the settings. If necessary, you can edit the settings for your policy. To get help with this task, see the following articles:
+6. On the **Configuration settings** tab, review the settings. If necessary, you can edit the settings for your policy. To get help with this task, see the following articles:
- - [Understand next-generation configuration settings](../security/defender-business/mdb-next-generation-protection.md)
+ - [Understand next-generation configuration settings](../security/defender-business/mdb-next-generation-protection.md)
- [Firewall settings](../security/defender-business/mdb-firewall.md) After you have specified your next-generation protection settings, choose **Next**.
The following details apply to working with your policies in the Microsoft Defen
7. On the **Review your policy** tab, review the general information, targeted devices, and configuration settings. - Make any needed changes by selecting **Edit**.
- - When youΓÇÖre ready to proceed, choose **Update policy**.
+ - When you're ready to proceed, choose **Update policy**.
<a name='create-a-new-device-protection-policy-in-microsoft-365-defender'></a>
The following details apply to working with your policies in the Microsoft Defen
7. On the **Review your policy** tab, review the general information, targeted devices, and configuration settings. - Make any needed changes by selecting **Edit**.
- - When youΓÇÖre ready to proceed, choose **Create policy**.
+ - When you're ready to proceed, choose **Create policy**.
## Working with device policies in the Microsoft Intune admin center
Use the following information to create and manage device policies in Intune, do
1. In the Microsoft Intune admin center ([https://intune.microsoft.com](https://intune.microsoft.com)), select a policy, and then select **Properties**.
-2. Select **Settings** to expand a list of the configuration settings in the policy. You canΓÇÖt modify the settings from this view, but you can review how they're configured.
+2. Select **Settings** to expand a list of the configuration settings in the policy. You can't modify the settings from this view, but you can review how they're configured.
3. To modify the policy, select **Edit** for each category where you want to make a change:
Use the following information to create and manage device policies in Intune, do
- Scope tags - Configuration settings
-4. After youΓÇÖve made changes, select **Save** to save your edits. Edits to one category must be saved before you can introduce edits to any additional categories.
+4. After you've made changes, select **Save** to save your edits. Edits to one category must be saved before you can introduce edits to any additional categories.
## Manage conflicts
business-premium Secure Your Business Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/secure-your-business-data.md
f1.keywords:
- CSH -+ audience: Admin
description: "Learn best practices to protect your data using Microsoft 365 Busi
# Microsoft 365 for business security best practices > [!TIP]
-> **This article is for small and medium-sized businesses who have up to 300 users**.
+> **This article is for small and medium-sized businesses who have up to 300 users**.
> If you're looking for information for enterprise organizations, see [Deploy ransomware protection for your Microsoft 365 tenant](../solutions/ransomware-protection-microsoft-365.md). > If you're a Microsoft partner, see [Resources for Microsoft partners working with small and medium-sized businesses](../security/defender-business/mdb-partners.md).
Microsoft 365 Business Basic, Standard, and Premium all include antiphishing, an
- Devices, such as computers, tablets, and phones (also referred to as endpoints) - Email & collaboration content (such as Office documents)-- Data (encryption, sensitivity labels, and Data Loss Prevention)
+- Data (encryption, sensitivity labels, and Data Loss Prevention)
This article describes the top 10 ways to secure your business data with Microsoft 365 for business. For more information about what each plan includes, see [Microsoft 365 User Subscription Suites for Small and Medium-sized Businesses](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWR6bM).
This article describes the top 10 ways to secure your business data with Microso
The following table summarizes how to secure your data using Microsoft 365 for business.
-| Best practices and capabilities | Microsoft 365 Business Premium | Microsoft 365 Business Standard | Microsoft 365 Business Basic |
+|Best practices and capabilities|Microsoft 365 Business Premium|Microsoft 365 Business Standard|Microsoft 365 Business Basic|
|||||
-| **1. Use multi-factor authentication** (MFA), also known as two-step verification. See [Turn on multifactor authentication](m365bp-turn-on-mfa.md). | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: |
-| - [Security defaults](/azure/active-directory/fundamentals/concept-fundamentals-security-defaults#enabling-security-defaults) (suitable for most organizations) | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: |
-| - [Conditional Access](m365bp-turn-on-mfa.md) (for more stringent requirements) | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | | |
-| **2. Set up and protect your administrator accounts**. See [Protect your admin accounts](m365bp-protect-admin-accounts.md). | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|
-| **3. Use preset security policies to protect email and collaboration content**. See [Review and apply preset security policies](/microsoft-365/business-premium/m365bp-protect-against-malware-cyberthreats#1-review-and-apply-preset-security-policies-for-email-and-collaboration). | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: |
-| - [Anti-spam, anti-malware, and anti-phishing protection](../security/office-365-security/eop-about.md) for email | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: |
-| - [Advanced anti-phishing, spoof settings, impersonation settings, Safe Links, and Safe Attachments](../security/office-365-security/mdo-security-comparison.md) for email and Office documents | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | | |
-| **4. Protect all devices**, including personal and company devices. See [Secure managed and unmanaged devices](m365bp-managed-unmanaged-devices.md). | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | | |
-| - [Microsoft 365 Apps](m365bp-users-install-m365-apps.md) (Word, Excel, PowerPoint, and more) installed on users' computers, phones, and tablets | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | |
-| - [Windows 10 or 11 Pro Upgrade](m365bp-upgrade-windows-pro.md) from Windows 7 Pro, Windows 8 Pro, or Windows 8.1 Pro | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | | |
-| - [Advanced threat protection](m365bp-onboard-devices-mdb.md) for users' computers, phones, and tablets | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | | |
-| **5. Train everyone on email best practices**. See [Protect yourself against phishing and other attacks](m365bp-avoid-phishing-and-attacks.md). | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: |
-| - [Anti-spam, anti-malware, and anti-phishing protection](../security/office-365-security/eop-about.md) for email | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: |
-| - [Advanced threat protection](../security/office-365-security/mdo-security-comparison.md) for email and Office documents | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | | |
-| **6. Use Microsoft Teams for collaboration and sharing**. | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: |
-| - [Microsoft Teams](create-teams-for-collaboration.md) for communication, collaboration, and sharing | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: |
-| - [Safe Links & Safe Attachments](/microsoft-365/security/office-365-security/mdo-support-teams-about) with Microsoft Teams | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | | |
-| - [Sensitivity labels for meetings](/microsoft-365/compliance/sensitivity-labels-meetings) to protect calendar items, Microsoft Teams meetings, and chat | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | | |
-| - [Data Loss Prevention](/microsoft-365/compliance/dlp-teams-default-policy) in Microsoft Teams to safeguard company data | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | | |
-| **7. Set sharing settings for SharePoint and OneDrive files and folders**. | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: |
-| - [Safe Links](/microsoft-365/security/office-365-security/safe-links-about) and [Safe Attachments](/microsoft-365/security/office-365-security/safe-attachments-for-spo-odfb-teams-about) for SharePoint and OneDrive | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | | |
-| - [Sensitivity labels](/microsoft-365/compliance/get-started-with-sensitivity-labels) to mark items as sensitive, confidential. etc. | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | | |
-| - [Data Loss Prevention](/microsoft-365/compliance/get-started-with-the-default-dlp-policy) to safeguard company data | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | | |
-| **8. Use Microsoft 365 Apps on devices** | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | |
-| - [Outlook and Web/mobile versions of Microsoft 365 Apps](https://support.microsoft.com/en-us/office/what-is-microsoft-365-for-business-56e60c2b-1929-4a04-bd9b-ff5b844364f3) for all users | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: |
-| - [Microsoft 365 Apps](m365bp-users-install-m365-apps.md) installed on users' devices | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | |
-| - [Employee quick setup guide](https://support.microsoft.com/office/7f34c318-e772-46a5-8c0a-ab86661542d1) to help users get set up and running | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: |
-| **9. Manage calendar sharing for your business**. | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: |
-| - [Outlook](../admin/setup/setup-outlook.md) for email and calendars | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: |
-| - [Data Loss Prevention](/microsoft-365/compliance/get-started-with-the-default-dlp-policy) to safeguard company data | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | | |
-| **10. Maintain your environment** by performing tasks, such asl adding or removing users and devices. See [Maintain your environment](m365bp-mdb-maintain-environment.md). | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | :::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: |
+|**1. Use multi-factor authentication** (MFA), also known as two-step verification. See [Turn on multifactor authentication](m365bp-turn-on-mfa.md).|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|
+|- [Security defaults](/azure/active-directory/fundamentals/concept-fundamentals-security-defaults#enabling-security-defaults) (suitable for most organizations)|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|
+|- [Conditional Access](m365bp-turn-on-mfa.md) (for more stringent requirements)|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|||
+|**2. Set up and protect your administrator accounts**. See [Protect your admin accounts](m365bp-protect-admin-accounts.md).|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|
+|**3. Use preset security policies to protect email and collaboration content**. See [Review and apply preset security policies](/microsoft-365/business-premium/m365bp-protect-against-malware-cyberthreats#1-review-and-apply-preset-security-policies-for-email-and-collaboration).|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|
+|- [Anti-spam, anti-malware, and anti-phishing protection](../security/office-365-security/eop-about.md) for email|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|
+|- [Advanced anti-phishing, spoof settings, impersonation settings, Safe Links, and Safe Attachments](../security/office-365-security/mdo-security-comparison.md) for email and Office documents|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|||
+|**4. Protect all devices**, including personal and company devices. See [Secure managed and unmanaged devices](m365bp-managed-unmanaged-devices.md).|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|||
+|- [Microsoft 365 Apps](m365bp-users-install-m365-apps.md) (Word, Excel, PowerPoint, and more) installed on users' computers, phones, and tablets|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::||
+|- [Windows 10 or 11 Pro Upgrade](m365bp-upgrade-windows-pro.md) from Windows 7 Pro, Windows 8 Pro, or Windows 8.1 Pro|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|||
+|- [Advanced threat protection](m365bp-onboard-devices-mdb.md) for users' computers, phones, and tablets|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|||
+|**5. Train everyone on email best practices**. See [Protect yourself against phishing and other attacks](m365bp-avoid-phishing-and-attacks.md).|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|
+|- [Anti-spam, anti-malware, and anti-phishing protection](../security/office-365-security/eop-about.md) for email|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|
+|- [Advanced threat protection](../security/office-365-security/mdo-security-comparison.md) for email and Office documents|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|||
+|**6. Use Microsoft Teams for collaboration and sharing**.|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|
+|- [Microsoft Teams](create-teams-for-collaboration.md) for communication, collaboration, and sharing|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|
+|- [Safe Links & Safe Attachments](/microsoft-365/security/office-365-security/mdo-support-teams-about) with Microsoft Teams|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|||
+|- [Sensitivity labels for meetings](/microsoft-365/compliance/sensitivity-labels-meetings) to protect calendar items, Microsoft Teams meetings, and chat|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|||
+|- [Data Loss Prevention](/microsoft-365/compliance/dlp-teams-default-policy) in Microsoft Teams to safeguard company data|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|||
+|**7. Set sharing settings for SharePoint and OneDrive files and folders**.|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|
+|- [Safe Links](/microsoft-365/security/office-365-security/safe-links-about) and [Safe Attachments](/microsoft-365/security/office-365-security/safe-attachments-for-spo-odfb-teams-about) for SharePoint and OneDrive|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|||
+|- [Sensitivity labels](/microsoft-365/compliance/get-started-with-sensitivity-labels) to mark items as sensitive, confidential. etc.|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|||
+|- [Data Loss Prevention](/microsoft-365/compliance/get-started-with-the-default-dlp-policy) to safeguard company data|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|||
+|**8. Use Microsoft 365 Apps on devices**|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::||
+|- [Outlook and Web/mobile versions of Microsoft 365 Apps](https://support.microsoft.com/en-us/office/what-is-microsoft-365-for-business-56e60c2b-1929-4a04-bd9b-ff5b844364f3) for all users|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|
+|- [Microsoft 365 Apps](m365bp-users-install-m365-apps.md) installed on users' devices|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::||
+|- [Employee quick setup guide](https://support.microsoft.com/office/7f34c318-e772-46a5-8c0a-ab86661542d1) to help users get set up and running|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|
+|**9. Manage calendar sharing for your business**.|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|
+|- [Outlook](../admin/setup/setup-outlook.md) for email and calendars|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|
+|- [Data Loss Prevention](/microsoft-365/compliance/get-started-with-the-default-dlp-policy) to safeguard company data|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|||
+|**10. Maintain your environment** by performing tasks, such asl adding or removing users and devices. See [Maintain your environment](m365bp-mdb-maintain-environment.md).|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|
For more information about what each plan includes, see [Microsoft 365 User Subscription Suites for Small and Medium-sized Businesses](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWR6bM).-
business-premium Set Up Meetings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/set-up-meetings.md
f1.keywords:
- NOCSH -+ ms.audience: Admin Last updated 10/26/2023 ms.localizationpriority: medium-+ - M365-Campaigns - m365solution-smb - tier1
business-premium Share Files And Videos https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/share-files-and-videos.md
f1.keywords:
- NOCSH -+ ms.audience: Admin Last updated 09/08/2023 ms.localizationpriority: medium-+ - M365-Campaigns - m365solution-smb - tier1
Download an infographic in [PDF](https://go.microsoft.com/fwlink/?linkid=2079435
## Next step Upon completion of this step, [create a communication site](create-communications-site.md) for your team.-
business-premium Why Choose Microsoft 365 Business Premium https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/why-choose-microsoft-365-business-premium.md
f1.keywords:
- NOCSH -+ audience: Admin Last updated 05/10/2023 ms.localizationpriority: medium-+ - M365-Campaigns - m365solution-smb - tier1
Microsoft 365 Business Premium is a complete productivity and security solution
- **Defend against sophisticated cyberthreats and safeguard your business data** with advanced protection against phishing, ransomware, and data loss. - **Manage and secure devices** (Windows, Mac, iOS, and Android) that connect to your data, and help keep those devices up to date.
-Microsoft 365 Business Premium offers you one comprehensive solution for productivity and security. As an admin or IT Pro, you have everything you need in one place for administration, billing, and 24x7 support, while reducing cost and complexity for your business.
+Microsoft 365 Business Premium offers you one comprehensive solution for productivity and security. As an admin or IT Pro, you have everything you need in one place for administration, billing, and 24x7 support, while reducing cost and complexity for your business.
## Video: Top 5 benefits of Microsoft 365 Business Premium
security Api Release Notes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/api/api-release-notes.md
Last updated 02/02/2021
The following information lists the updates made to the Microsoft Defender for Endpoint APIs and the dates they were made.
-> [!TIP]
-> RSS feed: Get notified when this page is updated by copying and pasting the following URL into your feed reader:
->
-> ```http
-> /api/search/rss?search=%22Release+notes+for+updates+made+to+the+Microsoft+Defender+for+Endpoint+set+of+APIs%22&locale=en-us&facet=&%24filter=scopes%2Fany%28t%3A+t+eq+%27Windows+10%27%29
-> ```
- ## Release notes - newest to oldest (dd.mm.yyyy) ### 08.08.2022
security Configure Network Connections Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-network-connections-microsoft-defender-antivirus.md
search.appverid: met150
**Platforms** - Windows
-> [!TIP]
-> RSS feed: Get notified when this page is updated by copying and pasting the following URL into your feed reader:
->
-> ```https
-> https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-network-connections-microsoft-defender-antivirus.md.atom
-> ```
- To ensure Microsoft Defender Antivirus cloud-delivered protection works properly, your security team must configure your network to allow connections between your endpoints and certain Microsoft servers. This article lists connections that must be allowed for using the firewall rules. It also provides instructions for validating your connection. Configuring your protection properly will ensure you receive the best value from your cloud-delivered protection services. > [!IMPORTANT]
security Data Storage Privacy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/data-storage-privacy.md
Title: Microsoft Defender for Endpoint data storage and privacy description: Learn about how Microsoft Defender for Endpoint handles privacy and data that it collects.
-keywords: Microsoft Defender for Endpoint, data storage and privacy, storage, privacy, licensing, geolocation, data retention, data
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ ms.localizationpriority: medium audience: ITPro - m365-security - tier2
+- essentials-accountability
search.appverid: met150 Last updated 08/07/2023
security Manage Indicators https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-indicators.md
search.appverid: met150 Previously updated : 07/20/2023 Last updated : 01/18/2024 # Create indicators
An Indicator of compromise (IoC) is a forensic artifact, observed on the network
- signatures of malicious network traffic - URLs or domains that are known malware distributors
-To halt additional compromise or prevent breaches of known IoCs, successful IoC tools should be able to detect all malicious data that is enumerated by the tool's rule set.
+To halt other compromise or prevent breaches of known IoCs, successful IoC tools should be able to detect all malicious data that is enumerated by the tool's rule set.
IoC matching is an essential feature in every endpoint protection solution. This capability gives SecOps the ability to set a list of indicators for detection and for blocking (prevention and response). Organizations can create indicators that define the detection, prevention, and exclusion of IoC entities. You can define the action to be taken as well as the duration for when to apply the action, and the scope of the device group to apply it to.
This video shows a walkthrough of creating and adding indicators:
### About Microsoft indicators
-As a general rule, you should only create indicators for known bad IoCs, or for any files / websites that should be explicitly allowed in your organization. For more information on the types of sites that MDE may block by default, see [Microsoft Defender SmartScreen overview](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview).
+As a general rule, you should only create indicators for known bad IoCs, or for any files / websites that should be explicitly allowed in your organization. For more information on the types of sites that Defender for Endpoint can block by default, see [Microsoft Defender SmartScreen overview](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview).
-False Positive (FP) refers to a SmartScreen false positive, Microsoft says it's malware / phish but it's actually a safe site, so customer wants to create an allow policy for this.
+False Positive (FP) refers to a SmartScreen false positive, such that it's considered to be malware or phish, but actually isn't a threat, so you want to create an allow policy for it.
-You can also help drive improvements to Microsoft's security intelligence by submitting false positives, and suspicious or known-bad IoCs for analysis. If you believe a warning or block was incorrectly shown for a file or application, or if you believe an undetected file is malware, you can submit a file to Microsoft for review. For more information, see [Submit files for analysis](https://www.microsoft.com/en-us/wdsi/filesubmission/).
+You can also help drive improvements to Microsoft's security intelligence by submitting false positives, and suspicious or known-bad IoCs for analysis. If a warning or block is incorrectly shown for a file or application, or if you suspect an undetected file is malware, you can submit a file to Microsoft for review. For more information, see [Submit files for analysis](https://www.microsoft.com/en-us/wdsi/filesubmission/).
#### IP/URL indicators
-There several reasons for using IP/URL indicators, such as unblocking users from a SmartScreen false positive (FP) or overriding a Web Content Filtering (WFC) block.
+You can use IP/URL indicators to unblock users from a SmartScreen false positive (FP) or to override a Web Content Filtering (WFC) block.
-You can use URL and IP indicators to manage site access. You can create interim IP and URL indicators to temporarily unblock users from a SmartScreen block. You may also have indicators that you keep for a long period of time to selectively bypass web content filtering blocks.
+You can use URL and IP indicators to manage site access. You can create interim IP and URL indicators to temporarily unblock users from a SmartScreen block. You might also have indicators that you keep for a long period of time to selectively bypass web content filtering blocks.
Consider the case where you have a web content filtering categorization for a particular site that is correct. In this example, you have web content filtering set to block all social media, which is correct for your overall organizational goals. However, the marketing team has a real need to use a specific social media site for advertising and announcements. In that case, you can unblock the specific social media site using IP or URL indicators for the specific group (or groups) to use.
Here's an example of how that works:
#### File hash indicators
-In some cases, creating a new indicator for a newly identified file IoC - as an immediate stop-gap measure - might be appropriate to block files or even applications. However, using indicators to attempt to block an application may not provide the expected results as applications are typically composed of many different files. The preferred methods of blocking applications are to use [Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview) or AppLocker.
+In some cases, creating a new indicator for a newly identified file IoC - as an immediate stop-gap measure - might be appropriate to block files or even applications. However, using indicators to attempt to block an application might not provide the expected results as applications are typically composed of many different files. The preferred methods of blocking applications are to use [Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview) or AppLocker.
Because each version of an application has a different file hash, using indicators to block hashes isn't recommended.
Because each version of an application has a different file hash, using indicato
#### Certificate indicators
-In some cases, there may be a specific certificate that has been used to sign a file or application that your organization would like to allow / block. Certificate indicators are supported in MDE, provided they are of the .CER or .PEM file format. See [Create indicators based on certificates](indicator-certificates.md) for more details.
+In some cases, a specific certificate that's used to sign a file or application that your organization is set to allow or block. Certificate indicators are supported in Defender for Endpoint, if they use the .CER or .PEM file format. See [Create indicators based on certificates](indicator-certificates.md) for more details.
## IoC detection engines
The cloud detection engine of Defender for Endpoint regularly scans collected da
## Endpoint prevention engine
-The same list of indicators is honored by the prevention agent. Meaning, if Microsoft Defender Antivirus is the primary Antivirus configured, the matched indicators are treated according to the settings. For example, if the action is "Alert and Block", Microsoft Defender Antivirus prevents file executions (block and remediate) and a corresponding alert will be raised. On the other hand, if the Action is set to "Allow", Microsoft Defender Antivirus won't detect nor block the file from being run.
+The same list of indicators is honored by the prevention agent. Meaning, if Microsoft Defender Antivirus is the primary antivirus configured, the matched indicators are treated according to the settings. For example, if the action is "Alert and Block", Microsoft Defender Antivirus prevents file executions (block and remediate) and a corresponding alert appears. On the other hand, if the Action is set to "Allow", Microsoft Defender Antivirus doesn't detect or block the file.
## Automated investigation and remediation engine
-The automated investigation and remediation behave the same. If an indicator is set to "Allow", Automated investigation and remediation ignore a "bad" verdict for it. If set to "Block", Automated investigation and remediation treat it as "bad".
+The automated investigation and remediation behave similarly to the endpoint prevention engine. If an indicator is set to "Allow", automated investigation and remediation ignores a "bad" verdict for it. If set to "Block", automated investigation and remediation treats it as "bad".
-The `EnableFileHashComputation` setting computes the file hash for the cert and file IoC during file scans. It supports IoC enforcement of hashes and certs belong to trusted applications. It is concurrently enabled with the allow or block file setting. `EnableFileHashComputation` is enabled manually through Group Policy, and is disabled by default.
+The `EnableFileHashComputation` setting computes the file hash for the cert and file IoC during file scans. It supports IoC enforcement of hashes and certs belong to trusted applications. It's concurrently enabled with the allow or block file setting. `EnableFileHashComputation` is enabled manually through Group Policy, and is disabled by default.
## Enforcement types for Indicators
-When creating a new indicator (IoC), one or more of the following actions are available:
+When your security team creates a new indicator (IoC), the following actions are available:
- **Allow** ΓÇô the IoC is allowed to run on your devices. - **Audit** ΓÇô an alert is triggered when the IoC runs.
The table below shows exactly which actions are available per indicator (IoC) ty
The functionality of pre-existing IoCs won't change. However, the indicators were renamed to match the current supported response actions: -- The "alert only" response action was renamed to "audit" with the generate alert setting enabled.
+- The "alert only" response action was renamed to "audit" with the generated alert setting enabled.
- The "alert and block" response was renamed to "block and remediate" with the optional generate alert setting.
-The IoC API schema and the threat ids in advance hunting have been updated to align with the renaming of the IoC response actions. The API scheme changes apply to all IoC Types.
+The IoC API schema and the threat IDs in advance hunting are updated to align with the renaming of the IoC response actions. The API scheme changes apply to all IoC Types.
> [!NOTE] >
The IoC API schema and the threat ids in advance hunting have been updated to al
## Known issues and limitations
-Customers may experience issues with alerts for Indicators of Compromise. The following scenarios are situations where alerts may not be created or may be created with inaccurate information. Each of these issues are being investigated by our engineering team and will be resolved in an upcoming update.
+Customers might experience issues with alerts for Indicators of Compromise. The following scenarios are situations where alerts aren't created or are created with inaccurate information. Each issue is investigated by our engineering team.
-- **Block indicators** ΓÇô Generic alerts with informational severity only will be fired. Custom alerts (i.e. custom title and severity) will not be fired in these cases.-- **Warn indicators** ΓÇô Generic alerts and custom alerts are possible in this scenario, however, the results are not deterministic due to an issue with the alert detection logic. In some cases, customers may see a generic alert, whereas a custom alert may show in other cases.
+- **Block indicators** ΓÇô Generic alerts with informational severity only will be fired. Custom alerts (that is, custom title and severity) aren't fired in these cases.
+- **Warn indicators** ΓÇô Generic alerts and custom alerts are possible in this scenario, however, the results aren't deterministic due to an issue with the alert detection logic. In some cases, customers might see a generic alert, whereas a custom alert might show in other cases.
- **Allow** ΓÇô No alerts are generated (by design).-- **Audit** - Alerts will be generated based on the severity provided by the customer.-- In some cases, alerts coming from EDR detections may take precedence over those stemming from AV blocks, in which case an information alert will be generated.
+- **Audit** - Alerts are generated based on the severity provided by the customer.
+- In some cases, alerts coming from EDR detections might take precedence over alerts stemming from antivirus blocks, in which case an information alert will be generated.
+
+Microsoft Store apps cannot be blocked by Defender because they're signed by Microsoft.
## Related articles
security Manage Mde Post Migration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-mde-post-migration.md
Title: Manage Microsoft Defender for Endpoint after initial setup or migration description: Now that you've made the switch to Microsoft Defender for Endpoint, your next step is to manage your threat protection features
-keywords: post-migration, manage, operations, maintenance, utilization, Microsoft Defender for Endpoint, edr
audience: ITPro
- m365-security - tier2
+- essentials-manage
Last updated 04/17/2023
security Mde Planning Guide https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mde-planning-guide.md
Title: Get started with your Microsoft Defender for Endpoint deployment description: Learn how to get started with the deploy, setup, licensing validation, tenant configuration, network configuration stages
-keywords: deploy, setup, network configuration
-ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
- m365solution-scenario - highpri - tier1
+ - essentials-get-started
search.appverid: met150 Previously updated : 12/18/2020 Last updated : 01/19/2024 # Get started with your Microsoft Defender for Endpoint deployment
security Microsoft Defender Antivirus Updates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-updates.md
search.appverid: met150
**Platforms** - Windows -
-> [!NOTE]
-> You can use RSS to be notified when this page is updated. To get notified when this page is updated, copy and paste the following URL into your RSS feed reader:
->
-> ```https
-> https://learn.microsoft.com/api/search/rss?search=%22Microsoft+Defender+Antivirus+security+intelligence+and+product+updates%22&locale=en-us
-> ```
- Keeping Microsoft Defender Antivirus up to date is critical to assure your devices have the latest technology and features needed to protect against new malware and attack techniques. Update your antivirus protection, even if Microsoft Defender Antivirus is running in [passive mode](microsoft-defender-antivirus-compatibility.md). This article includes information about the two types of updates for keeping Microsoft Defender Antivirus current: - [Security intelligence updates](#security-intelligence-updates)
security Microsoft Defender Endpoint https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint.md
Title: Microsoft Defender for Endpoint description: Microsoft Defender for Endpoint is an enterprise endpoint security platform that helps defend against advanced persistent threats.
-keywords: introduction to Microsoft Defender for Endpoint, introduction to Microsoft Defender for Endpoint, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence, attack surface reduction, next-generation protection, automated investigation and remediation, microsoft threat experts, secure score, advanced hunting, Microsoft Defender XDR, cyber threat hunting
-ms.sitesec: library
-ms.pagetype: security
--++ ms.localizationpriority: high audience: ITPro - m365-security - tier1
+- essentials-overview
search.appverid: met150 Previously updated : 06/14/2023 Last updated : 01/19/2024 # Microsoft Defender for Endpoint
security Preferences Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/preferences-setup.md
Title: Configure general Defender for Endpoint settings description: Use the settings page to configure general settings, permissions, apis, and rules.
-keywords: settings, general settings, permissions, apis, rules
-ms.sitesec: library
-ms.pagetype: security
--++ ms.localizationpriority: medium audience: ITPro - m365-security - tier2
+- essentials-manage
search.appverid: met150 Previously updated : 12/18/2020 Last updated : 01/19/2024 # Configure general Defender for Endpoint settings
security Preview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/preview.md
The Defender for Endpoint service is constantly being updated to include new fea
Learn about new features in the Defender for Endpoint preview release and be among the first to try upcoming features by turning on the preview experience.
-> [!TIP]
-> Get notified when this page is updated by copying and pasting the following URL into your feed reader: `https://learn.microsoft.com/api/search/rss?search=%22In+the+navigation+pane%2C+select+Settings+%3E+Advanced+features+%3E+Preview+features.%22&locale=en-us&facet=`
- For more information on new capabilities that are generally available, see [What's new in Defender for Endpoint](whats-new-in-microsoft-defender-endpoint.md). ## What you need to know
security Whats New In Microsoft Defender Endpoint https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint.md
The following features are in preview or generally available (GA) in the latest
For more information on preview features, see [Preview features](preview.md).
-> [!TIP]
-> RSS feed: Get notified when this page is updated by copying and pasting the following URL into your feed reader:
->
-> ```https
-> https://learn.microsoft.com/api/search/rss?search=%22features+are+generally+available+%28GA%29+in+the+latest+release+of+Microsoft+Defender+for+Endpoint%22&locale=en-us&facet=
-> ```
- For more information on what's new with Microsoft Defender for Endpoint on Windows, see: [What's new in Microsoft Defender for Endpoint on Windows](windows-whatsnew.md)
security Tvm Block Vuln Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/tvm-block-vuln-apps.md
- Tier1 search.appverid: met150 Previously updated : 04/12/2022 Last updated : 01/18/2024 # Block vulnerable applications
If you don't see the mitigation option while requesting a remediation, it's beca
- Recommendations related to operating systems - Recommendations related to apps for macOS and Linux - Apps where Microsoft doesn't have sufficient information or a high confidence to block
+- Microsoft Store apps, which cannot be blocked because they are signed by Microsoft
If you try to block an application and it doesn't work, you may have reached the maximum indicator capacity. If so, you can delete old indicators [Learn more about indicators](../defender-endpoint/manage-indicators.md).
security Get Started Xdr https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/get-started-xdr.md
Once identified, the individuals or groups will receive an email notifying them
2. Add a **Phone number** (optional) that Defender Experts can call for matters that require immediate attention. 3. Under the **Contact for** dropdown box, choose **Incident notification** or **Service review**. 4. Select **Add**.
-1. Select **Next** to confirm your contacts list and proceed to creating a Teams channel where you can also receive incident notifications.
-1. Select **Next** to Review your settings.
-1. Select **Submit**. The step-by-step guide then completes the initial setup.
-1. Select **View readiness assessment** to complete the necessary actions required to [optimize your security posture](#prepare-your-environment-for-the-defender-experts-service).
+1. Select **Next** to confirm your contacts list and proceed to [creating a Teams channel](#receive-managed-response-notifications-and-updates-in-microsoft-teams) where you can also receive incident notifications.
To edit or update your notification contacts after the initial setup, go to **Settings** > **Defender Experts** > **Notification contacts**.
To edit or update your notification contacts after the initial setup, go to **Se
## Receive managed response notifications and updates in Microsoft Teams
-Apart from email and in-portal chat, you also have to option to use Microsoft Teams to receive updates about managed responses and communicate with our experts in real time. When this setting is turned on, a new team named **Defender Experts team** is created, where managed response notifications related to ongoing incidents are sent as new posts in the **Managed response** channel. Learn more about using Teams chat
+Apart from email and in-portal chat, you also have to option to use Microsoft Teams to receive updates about managed responses and communicate with our experts in real time. When this setting is turned on, a new team named **Defender Experts team** is created, where managed response notifications related to ongoing incidents are sent as new posts in the **Managed response** channel. [Learn more about using Teams chat](../defender/start-using-mdex-xdr.md#teams-chat)
> [!IMPORTANT]
-> Defender Experts will have access to all messages posted on any channel in the created **Defender Experts team**. To prevent Defender Experts from accessing messages in this team, select **Apps** in Teams > **Manage your apps** > **Defender Experts** > **Remove**. This removal action cannot be reversed.
+> Defender Experts will have access to all messages posted on any channel in the created **Defender Experts team**. To prevent Defender Experts from accessing messages in this team, go to **Apps** in Teams then navigate to **Manage your apps** > **Defender Experts** > **Remove**. This removal action cannot be reversed.
**To turn on Teams notifications and chat:**
-1. In the same Defender Experts settings setup, under Teams, select the Communicate on Teams checkbox.
-2. Select Next to Review your settings.
-3. Select Submit. The step-by-step guide then completes the initial setup.
-4. Select View readiness assessment to complete the necessary actions required to [optimize your security posture](#prepare-your-environment-for-the-defender-experts-service).
+1. In the same Defender Experts settings setup, under **Teams**, select the **Communicate on Teams** checkbox.
+2. Select **Next** to review your settings.
+3. Select **Submit**. The step-by-step guide then completes the initial setup.
+4. Select **View readiness assessment** to complete the necessary actions required to [optimize your security posture](#prepare-your-environment-for-the-defender-experts-service).
To turn on Teams notifications and chat after the initial setup, go to **Settings** > **Defender Experts** > **Teams**. :::image type="content" source="../../media/xdr/Teams-managed-response.png" alt-text="Screenshot of option to activate Teams for receiving managed response." lightbox="../../media/xdr/Teams-managed-response.png":::
-You can add new members to the channel by navigating to **Defender Experts team** > More options (…) > **Manage team** > **Add member**.
+You can add new members to the channel by navigating to **Defender Experts team** > **More options (…)** > **Manage team** > **Add member**.
## Prepare your environment for the Defender Experts service
The readiness assessment has two parts:
> [!IMPORTANT] > Defender Experts for XDR reviews your readiness assessment periodically, especially if there are any changes to your environment, such as the addition of new devices and identities. It's important that you regularly monitor and run the readiness assessment beyond the initial onboarding to ensure that your environment has strong security posture to reduce risk.
-After youΓÇÖve completed all the required tasks and met the onboarding targets in your readiness assessment, your service delivery manager (SDM) initiates the monitoring phase of the Defender Experts for XDR service, where, for a few days, our experts start monitoring your environment closely to identify latent threats, sources of risk, and normal activity. As we get better understanding of your critical assets, we can streamline the service and fine-tune our responses.
+After you complete all the required tasks and met the onboarding targets in your readiness assessment, your service delivery manager (SDM) initiates the monitoring phase of the Defender Experts for XDR service, where, for a few days, our experts start monitoring your environment closely to identify latent threats, sources of risk, and normal activity. As we get better understanding of your critical assets, we can streamline the service and fine-tune our responses.
Once our experts begin to perform comprehensive response work on your behalf, youΓÇÖll start receiving [notifications about incidents](../defender/start-using-mdex-xdr.md#incident-notifications) that require remediation steps and targeted recommendations on critical incidents. You can also chat with our experts or your SDMs regarding important queries and regular business and security posture reviews, and [view real-time reports](../defender/start-using-mdex-xdr.md#understand-the-defender-experts-for-xdr-report) on the number of incidents weΓÇÖve investigated and resolved on your behalf.
security Start Using Mdex Xdr https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/start-using-mdex-xdr.md
The **Chat** tab within the Microsoft Defender XDR portal provides you with a sp
#### Teams chat
-Apart from using the in-portal chat, you also have the option to engage in real-time chat conversations with Defender Experts directly within Microsoft Teams, providing you and your SOC team additional flexibility when responding to incidents that require managed response. Learn more about turning on notifications and chat on Teams
+Apart from using the in-portal chat, you also have the option to engage in real-time chat conversations with Defender Experts directly within Microsoft Teams, providing you and your SOC team additional flexibility when responding to incidents that require managed response. [Learn more about turning on notifications and chat on Teams](../defender/get-started-xdr.md#receive-managed-response-notifications-and-updates-in-microsoft-teams)
-Once you turn on chat on Teams, a new team named Defender Experts team is created. An incident that requires your attention is posted on this teamΓÇÖs Managed response channel as a new post. To engage with our experts (for example, ask follow-up questions), use the Reply text bar to type your message.
+Once you turn on chat on Teams, a new team named **Defender Experts team** is created. An incident that requires your attention is posted on this teamΓÇÖs Managed response channel as a new post. To engage with our experts (for example, ask follow-up questions), use the **Reply** text bar to type your message.
:::image type="content" source="../../media/xdr/teams-chat-managed-response.png" alt-text="Screenshot of managed response teams channel." lightbox="../../media/xdr/teams-chat-managed-response.png"::: **Important reminders when using the Teams chat:** - Only reply to posts (announcing managed response is published on an incident) created by Defender Experts. When you create a new post, our experts might not be able to see it.-- Tag or mention our experts by typing @Defender Experts in your replies, so they are notified to join the chat conversation.
+- Tag or mention our experts by typing *@Defender Experts* in your replies, so they are notified to join the chat conversation.
- DonΓÇÖt attach any attachments (for example, files for analysis) in the chat. For security reasons, Defender Experts won't be able to view the attachments. Instead, send them to appropriate submissions channels or provide links where they can be found in Microsoft Defender XDR portal. Conversations in the Teams chat about an incident are also synchronized with the incidentΓÇÖs **Chat** tab in the Microsoft Defender XDR portal so that you can see messages and updates about an investigation wherever you go.
security Whats New https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/whats-new.md
Lists the new features and functionality in Microsoft Defender XDR.
-RSS feed: Get notified when this page is updated by copying and pasting the following URL into your feed reader:
-
-```http
-https://learn.microsoft.com/api/search/rss?search=%22Lists+the+new+features+and+functionality+in+Microsoft+365+defender%22&locale=en-us
-```
- For more information on what's new with other Microsoft Defender security products, see: - [What's new in Microsoft Defender for Office 365](../office-365-security/defender-for-office-365-whats-new.md)
security Mdo About https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mdo-about.md
- m365-security - tier1 - highpri
+ - essentials-overview
- seo-marvel-apr2020 - intro-overview
description: Is Microsoft Defender for Office 365 worth it? Let's find out. Previously updated : 9/14/2023 Last updated : 01/19/2024 appliesto: - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/mdo-security-comparison#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a> - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a>
security Mdo Deployment Guide https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mdo-deployment-guide.md
search.appverid:
- zerotrust-solution - tier1
+ - essentials-get-started
description: Learn how to get started with the initial deployment and configuration of Microsoft Defender for Office 365. Previously updated : 11/7/2023 Last updated : 01/19/2024 appliesto: - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/mdo-security-comparison#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a> - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a>
security Mdo Sec Ops Guide https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mdo-sec-ops-guide.md
- zerotrust-solution - msftsolution-secops - tier1
+ - essentials-manage
description: A prescriptive playbook for SecOps personnel to manage Microsoft Defender for Office 365. Previously updated : 6/22/2023 Last updated : 01/19/2024 appliesto: - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/mdo-security-comparison#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a> - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a>
security Secure By Default https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/secure-by-default.md
Title: Secure by default in Office 365 f1.keywords: - NOCSH--++ Previously updated : 6/20/2023 Last updated : 01/19/2024 audience: ITPro ms.localizationpriority: medium
search.appverid:
- m365-security - tier2
+ - essentials-accountability
description: Learn more about the secure by default setting in Exchange Online Protection (EOP)
solutions Architecture Icons Templates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/architecture-icons-templates.md
You can see these icons, symbols, and templates in action in downloadable files
Microsoft permits the use of these icons in architectural diagrams, training materials, or documentation. You may copy, distribute, and display the icons only for the permitted use unless granted explicit permission by Microsoft. Microsoft reserves all other rights.
- > [!div class="button"]
- > [Download SVG and PNG icons](https://go.microsoft.com/fwlink/?linkid=869455)
+> [!div class="button"]
+> [Download SVG icons](https://go.microsoft.com/fwlink/?linkid=869455)
- > [!div class="button"]
- > [Download Visio templates and stencils](https://go.microsoft.com/fwlink/?linkid=2056186)
+
+> [!div class="button"]
+> [Download Visio templates and stencils](https://go.microsoft.com/fwlink/?linkid=2056186)
### Use the Visio templates and stencils
syntex Backup Limitations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/backup/backup-limitations.md
Performance and speed of web interfaces, initial configuration, and restores mig
- You can create only one active backup policy per underlying service (that is, one for OneDrive accounts, one for SharePoint sites, and one for Exchange online users). You can add or remove as many artifacts (sites or user accounts) to or from each active policy. -- Once the sites or mailboxes are added to a backup policy, it might take up to 15 minutes per 1,000 sites or mailboxes for restore points to become available for restore. Backups will begin as soon as the policy is in effect, even if the restore points aren't yet available. This limitation will be completely removed shortly.
+- Once the sites or mailboxes are added to a backup policy, it might take up to 15 minutes per 1,000 sites or mailboxes for restore points to become available for restore. Backups begin as soon as the policy is in effect, even if the restore points aren't yet available. This limitation will be removed shortly.
- The CSV upload feature for bulk addition of sites or user accounts in the backup policy creation workflow can accommodate a maximum of 3,000 entries per CSV file.
Performance and speed of web interfaces, initial configuration, and restores mig
- The rule-based feature for bulk addition of user accounts via security groups or distribution lists can accommodate a maximum of three groups at a time. These rules are static and applied one time only. That is, the security groups or distribution lists are flattened at the time of adding to the backup configuration policy and won't be dynamically updated in the system if users are added or removed from the original security group, for example. - Backup and restore of tenants that have the multi-geo feature enabled for OneDrive and SharePoint might not work properly. We recommend not using the preview version of Backup until multi-geo support is fully enabled.-
+<!
+- When you remove a OneDrive for Business account or a SharePoint site from a backup policy, you continue to be billed for the existing backups for the next one year of their retention. Additionally, the price of that backup will be proportional to the size of the site or account throughout that remaining year.
+>
### Restore - Site search is case-sensitive and is a prefix-type search.
syntex Backup Restore Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/backup/backup-restore-data.md
The restore point frequency, also known as the [recovery point objective](backup
|Type |RPO for 0-14 days in the past |RPO for 15-365 days in the past | |||| |Full OneDrive account and full SharePoint site restore |15 minutes |One week |
-|Exchange Online |10 seconds |10 seconds |
+|Exchange Online |10 minutes |10 minutes |
## Restore data from backup for OneDrive, SharePoint, and Exchange
syntex Set Up Microsoft Syntex https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/set-up-microsoft-syntex.md
The following table provides links to the specific setup instructions for each s
|Unstructured document processing | [Set up unstructured document processing](unstructured-setup.md) | |Content assembly | [Set up content assembly](content-assembly-setup.md) | |Image tagging | [Set up image tagging](image-tagging-setup.md) |
-|Taxonomy tagging | [Set up taxonomy tagging](taxonomy-tagging-setup.md) |
-|Syntex eSignature | [Set up Syntex eSignature](esignature-setup.md) |
+|Taxonomy tagging | [Set up taxonomy tagging](taxonomy-tagging-setup.md) |
+|Translation | [Set up document translation](translation-setup.md) |
+|Syntex eSignature | [Set up Syntex eSignature](esignature-setup.md) |
|Optical character recognition | [Set up optical character recognition](ocr.md) |
-|Microsoft 365 Archive (Preview) | [Set up Microsoft 365 Archive](archive/archive-setup.md) |
+|Microsoft 365 Archive (Preview) | [Set up Microsoft 365 Archive](archive/archive-setup.md) |
|Microsoft 365 Backup (Preview) | [Set up Microsoft 365 Backup](backup/backup-setup.md) |
syntex Syntex Azure Billing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/syntex-azure-billing.md
The following Microsoft Syntex products are currently available:
- Content assembly - Image tagging - Taxonomy tagging
+- Translation
- Syntex eSignature - Optical character recognition - Microsoft 365 Archive (Preview)
syntex Syntex Licensing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/syntex-licensing.md
Pay-as-you-go currently supports the following Syntex
- Content assembly - Image tagging - Taxonomy tagging
+- Translation
- Syntex eSignature - Optical character recognition - Microsoft 365 Archive (Preview)
syntex Syntex Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/syntex-overview.md
You create *modern templates* based on the business documents you use most. You
[Learn more about how to generate documents using content assembly.](content-assembly.md)
-### Prebuilt document processing
+### Document processing
+
+#### Prebuilt document processing
:::row::: :::column span="":::
Instead of having to create a new document processing model from scratch, you ca
[Learn more about prebuilt models in Microsoft Syntex.](prebuilt-overview.md)
-### Structured and freeform document processing
+#### Structured and freeform document processing
:::row::: :::column span="":::
Both structured and freeform models use Microsoft Power Apps AI Builder to creat
[Learn more about structured and freeform models in Microsoft Syntex.](form-processing-overview.md)
-### Unstructured document processing
+#### Unstructured document processing
:::row::: :::column span="":::
Both structured and freeform models use Microsoft Power Apps AI Builder to creat
[Learn more about taxonomy tagging in Microsoft Syntex.](taxonomy-tagging-overview.md)
-### Syntex eSignature
+### Translation
:::row::: :::column span="3":::
- Send electronic requests using Syntex eSignature, keeping your content in Microsoft 365 while itΓÇÖs being reviewed and signed. Use Syntex eSignature to quickly and securely send documents for signature to people both inside and outside of your organization.
+ Easily create a translated copy of a document or video transcipt in a SharePoint document library. You translate the file, while preserving the original format and structure of the file. Translation is available for all supported languages and dialects.
:::column-end:::
+ :::column span="":::
+ ![Image of generic translation icon.](../media/content-understanding/translation-image.png)
+ :::column-end:::
+
+[Learn more about translation in Microsoft Syntex.](translation-overview.md)
++
+### Syntex eSignature
+ :::column span=""::: ![Image of generic esignature icon.](../media/content-understanding/esignature-image.png) :::column-end:::
+ :::column span="3":::
+ Send electronic requests using Syntex eSignature, keeping your content in Microsoft 365 while itΓÇÖs being reviewed and signed. Use Syntex eSignature to quickly and securely send documents for signature to people both inside and outside of your organization.
+ :::column-end:::
:::row-end::: [Learn more about using Microsoft Syntex eSignature.](esignature-overview.md)
Both structured and freeform models use Microsoft Power Apps AI Builder to creat
### Optical character recognition :::row:::
- :::column span="":::
- ![Image of generic OCR icon.](../media/content-understanding/ocr-image.png)
- :::column-end:::
:::column span="3"::: The optical character recognition (OCR) service in Syntex lets you extract printed or handwritten text from images. Syntex automatically scans the image files, extracts the relevant text, and makes the text from the images available for search and indexing. This lets you quickly and accurately find the keywords and phrases you're looking for. :::column-end:::
+ :::column span="":::
+ ![Image of generic OCR icon.](../media/content-understanding/ocr-image.png)
+ :::column-end:::
:::row-end::: [Learn more about using the OCR service in Microsoft Syntex.](ocr-overview.md)
syntex Syntex Pay As You Go Services https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/syntex-pay-as-you-go-services.md
When you use Microsoft Syntex [pay-as-you-go](syntex-azure-billing.md), services
|Image tagging |The number of images processed. Each processed image counts as one transaction. You wonΓÇÖt be charged if you only enable pay-as-you-go billing for image tagging. You are charged only when you [enable image tagging on a document library](image-tagging.md). |$0.001/transaction | |Taxonomy tagging |The number of documents processed. Each processed document counts as one transaction. You wonΓÇÖt be charged if you only enable pay-as-you-go billing for taxonomy tagging. You're charged only when you [enable taxonomy tagging on a document library](taxonomy-tagging.md). |$0.05/transaction | |SharePoint eSignature |The number of electronic signature requests processed. Each signature request for up to 10 recipients counts as one transaction. |$2.00/transaction |
+|Document translation |For document translation, the number of characters processed. Character count includes letters, Unicode code points, punctuation, and white spaces. <br>For video transcript translation, the number of characters from the source transcript. (This meter is charged only when the translation has successfully resulted in a new transcript.) |$15.00/1M characters |
|Optical character recognition |The number of pages processed for images (JPEG, JPG, PNG, or BMP); the number of pages processed for PDF, TIF, or TIFF; or the number of embedded images in Teams chats and email messages. Each of these counts as one transaction. Processing occurs every time the file is edited. |$0.001/transaction| |Microsoft 365 Archive (Preview) |The number of gigabytes (GB) of data archived. (This meter is only charged when archived storage plus active storage in SharePoint exceeds a tenantΓÇÖs included or licensed allocated SharePoint storage quota limit.) <br>Reactivation of archived data after seven days. |$0.05/GB/month (shows on invoice as $0.00167/GB/day)<br><br><br>$0.60/GB| |Microsoft 365 Backup (Preview) |The number of gigabytes (GB) of data backed up. |$0.15/GB/month (shows on invoice as $0.005/GB/day)|
+<!|Translation |For document translation, the number of characters processed. Character count includes letters, Unicode code points, punctuation, and white spaces. <br>For video transcript translation, the number of characters from the source transcript. (This meter is only charged when the translation has successfully resulted in a new transcript.) |$15.00/1M characters |>
## Related articles
syntex Translation Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/translation-overview.md
+
+ Title: Overview of document translation in Microsoft Syntex
++++ Last updated : 01/19/2024
+audience: admin
+++
+search.appverid:
+
+ - enabler-strategic
+ - m365initiative-syntex
+ms.localizationpriority: medium
+description: Learn about the document translation service in Microsoft Syntex.
++
+# Overview of document translation in Microsoft Syntex
+
+Microsoft Syntex lets you easily create a translated copy of a selected file or a set of files in a SharePoint document library. You can translate a file, while preserving the original format and structure of the file. Translation is available for all supported languages and dialects.
+
+![Screenshot showing a document library with translated documents.](../media/content-understanding/translation-sample-library.png)
+
+This feature lets you translate files of different types either manually or automatically by creating a rule. You can use custom glossaries and models to improve the quality and consistency of your translations.
+
+You can also use the translation feature for translating video transcripts and closed captioning files. For more information, see [Transcript translations in Stream for SharePoint](https://prod.support.services.microsoft.com/office/microsoft-syntex-pay-as-you-go-transcript-translations-in-stream-for-sharepoint-2e34ad1b-e213-47ed-a806-5cc0d88751de).
+
+## Requirements and limitations
+
+### Supported file types
+
+Document translation is available for the following file types: .csv, .docx, .htm, .html, .markdown, .md, .msg, .pdf, .pptx, .txt, and .xlsx. For legacy file types .doc, .rtf, .xls, .ods.ppt, and .odp, the translated copy is created in the modern equivalent (.docx, .xlsx, or .pptx).
+
+### Supported file size
+
+The maximum file size for documents to be translated is limited to 40 MB.
+
+### Supported languages
+
+Translation in Syntex is available for [all supported languages and dialects](/azure/ai-services/translator/language-support?source=recommendations#translation).
+
+### Current release notes
+
+- Text on an image within a document isn't translated.
+
+- Password-protected files aren't translated.
+
+- On-demand translation on folders will be available in a future release.
+
+### Frequently asked questions
+
+For answers to frequently asked questions about document translation, see [Document Translation: FAQ](/azure/ai-services/translator/document-translation/faq#document-translation-faq).
syntex Translation Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/translation-setup.md
+
+ Title: Set up and manage document translation in Microsoft Syntex
++++ Last updated : 01/19/2024
+audience: admin
+++
+search.appverid:
+
+ - enabler-strategic
+ - m365initiative-syntex
+ms.localizationpriority: medium
+description: Learn how to set up document translation in Microsoft Syntex.
++
+# Set up and manage document translation in Microsoft Syntex
+
+The document translation service for Microsoft Syntex is set up in the Microsoft 365 admin center.
+
+## Prerequisites
+
+### Licensing
+
+Before you can use translation in Syntex, you must first link an Azure subscription in [Syntex pay-as-you-go](syntex-azure-billing.md). Translation in Syntex is billed based on the [type and number of transactions](syntex-pay-as-you-go-services.md).
+
+### Permissions
+
+You must have Global admin or SharePoint admin permissions to be able to access the Microsoft 365 admin center and set up translation in Syntex.
+
+## Set up translation
+
+After an [Azure subscription is linked to Microsoft Syntex](syntex-azure-billing.md), translation is automatically set up and turned on for all SharePoint sites.
+
+## Manage sites
+
+By default, document translation is turned on for libraries in all SharePoint sites. Follow these steps to limit which sites users can use document translation.
+
+1. In the Microsoft 365 admin center, select <a href="https://go.microsoft.com/fwlink/p/?linkid=2171997" target="_blank">**Setup**</a>, and then select **Use content AI with Microsoft Syntex**.
+
+2. On the **Use content AI with Microsoft Syntex** page, select **Manage Microsoft Syntex**.
+
+3. On the **Microsoft Syntex** panel, select **Document translation**.
+
+4. On the **Document translation** panel:
+
+ a. Choose which site or sites this service should be enabled for.
+
+ b. To restrict user access to this service, under **Sites where document translation can be used when it's turned on**, select **Edit**. On the **Where can document translation be used?** panel, select **No sites** or **Selected sites (up to 100)** and follow the instructions to either select the sites or upload a CSV listing a maximum of 100 sites. You can then manage site access permissions for the sites you selected.
+
+ c. Select **Save**.
+
+## Video transcript translation
+
+To turn on translation for video transcripts and closed captioning, see [Enable transcript translations in Stream for SharePoint](https://prod.support.services.microsoft.com/office/microsoft-syntex-pay-as-you-go-transcript-translations-in-stream-for-sharepoint-2e34ad1b-e213-47ed-a806-5cc0d88751de#bkmk_enabletranslations).
syntex Translation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/translation.md
+
+ Title: Translate a document in Microsoft Syntex
++++ Last updated : 01/19/2024
+audience: admin
+++
+search.appverid:
+
+ - enabler-strategic
+ - m365initiative-syntex
+ms.localizationpriority: medium
+description: Learn how to translate documents using Microsoft Syntex.
++
+# Translate a document in Microsoft Syntex
+
+Translation in Microsoft Syntex lets you create a translated copy of a file manually on demand or automatically by using rules. You can set a rule to create a translated copy automatically when a document is created, or when data in a column is modified.ΓÇï
+
+When a file is translated, the file name of the translated copy is appended to show the ISO code for the language.
+
+## Translate a document on demand
+
+To create a translated version of a document, follow these steps:
+
+1. From a SharePoint document library, select the file or files you want to translate. Then use either of the following methods to start the translation process.
+
+ - From the ribbon, select **More options** (**...**), and then select **Translate**.
+
+ ![Screenshot showing the Translate option from the ribbon.](../media/content-understanding/translation-ribbon-option2.png)
+
+ - Or, next to the file name in the list of documents, select **Show more actions for this item** (**...**), and then select **Translate**.
+
+ ![Screenshot showing the Translate option next to the document.](../media/content-understanding/translation-show-more-actions.png)
+
+2. On the **Translate documents** screen, enter a language or use the drop-down menu to choose a language you want to translate the file, and then select **Translate**.
+
+ ![Screenshot showing the Translate documents screen with language options.](../media/content-understanding/translation-translate-documents.png)
+
+3. You receive a confirmation message saying that the request to translate the file has been submitted.
+
+ ![Screenshot showing the translation confirmation screen.](../media/content-understanding/translation-confirmation.png)
+
+## Translate a document automatically
+
+You can create a rule to automatically translate a document [when a new file is added](#translate-a-video-transcript) or [when data in a column changes](#when-data-in-a-column-changes).
+
+### When a new file is added
+
+To create a rule to translate documents automatically when a document is created, follow these steps:
+
+1. From a SharePoint document library, select **Automate** > **Rules** > **Create a rule**.
+
+ ![Screenshot of the document library showing the Automate > Rules > Create a rule option.](../media/content-understanding/content-processing-create-rule.png)
+
+2. On the **Create a rule** page, select **A new file is added**.
+
+ ![Screenshot of the Create a rule page showing the A new file is added option highlighted.](../media/content-understanding/content-processing-create-a-rule-page.png)
+
+3. Under **When a new file is added**, complete the rule statement:
+
+ a. Select **Choose action**, and then select **create a translated copy in**.
+
+ ![Screenshot of the rule statement page showing the translation option highlighted.](../media/content-understanding/translation-rule-create-copy.png)
+
+ b. Select **enter a language**, and then enter a language or use the drop-down menu to choose a language into which you want to translate the file.
+
+ ![Screenshot of the rule statement page showing the enter language option.](../media/content-understanding/translation-rule-enter-language.png)
+
+4. When your rule statement is complete, select **Create**. You can [see and manage the new rule](content-processing-overview.md#manage-a-rule) on the **Manage rules** page.
+
+### When data in a column changes
+
+To create a rule to translate documents automatically when data in a column changes, follow these steps:
+
+1. From a SharePoint document library, select **Automate** > **Rules** > **Create a rule**.
+
+ ![Screenshot of the document library showing the Automate > Rules > Create a rule option.](../media/content-understanding/content-processing-create-rule.png)
+
+2. On the **Create a rule** page, select **Data in a column changes**.
+
+ ![Screenshot of the Create a rule page showing the A new file is added option highlighted.](../media/content-understanding/content-processing-create-a-rule-page.png)
+
+3. Under **When data in a column changes**, complete the rule statement:
+
+ a. Select **Choose a column**, and then select the appropriate column for which to translate the file.
+
+ ![Screenshot of the Create a rule page showing the beginning rule statement.](../media/content-understanding/translation-beginning-rule.png)
+
+ b. Select **Choose a condition**, and then select the appropriate condition under which to translate the file.
+
+ c. Select **Choose action**, and then select **create a translated copy in**.
+
+ d. Select **enter a language**, and then select the language into which you want to translate the file.
+
+ ![Screenshot of the Create a rule page showing the enter a language option.](../media/content-understanding/translation-column-enter-language.png)
+
+4. When your rule statement is complete, select **Create**. You can [see and manage the new rule](content-processing-overview.md#manage-a-rule) on the **Manage rules** page.
+<!
+### View the translation activity feed of a document library
+
+When a file is translated, you'll see an update in the source library activity feed. The updates occur in both the source library and the target library.
+
+In the document library, in the upper-right corner of the page, select the details pane icon (![Screenshot of the details pane icon.](../media/content-understanding/details-pane-icon.png)) to view the recent history, activity, and rules that have been applied to the library.
+
+ ![Screenshot of a document library showing the details pane highlighted.](../media/content-understanding/content-processing-details-pane.png)
+>
+## Translate a video transcript
+
+To create a translated version of a video transcript or closed captioning, see [How to translate transcripts in Stream for SharePoint](https://prod.support.services.microsoft.com/office/microsoft-syntex-pay-as-you-go-transcript-translations-in-stream-for-sharepoint-2e34ad1b-e213-47ed-a806-5cc0d88751de#bkmk_howtotranslate).