+ > [!IMPORTANT]

+ > If you get the error message **This user is synchronized with your local Active DirectoryΓÇÄ. Some details can be edited only through your local Active Directory**, It means that the Active Directory is authoritative for attributes on synchronized users, you need to modify the attributes in your on-premises Active Directory.

+This article is for people who set password expiration policy for a business, school, or nonprofit. To complete these steps, you need to sign in with your Microsoft 365 admin account. [What's an admin account?](/microsoft-365/admin/add-users/about-admin-roles).

+> Creating an additional .onmicrosoft domain and using it as your default will not do a rename for SharePoint Online. To make changes to your .onmicrosoft SharePoint domain you would need to use the [SharePoint domain rename preview](/sharepoint/change-your-sharepoint-domain-name) (currently available to any tenant with less than 1,000 sites).

+> If you're using Microsoft 365 mail services, removal of your initial .onmicrosoft domain is not supported.

+- admindeeplinkMAC

+description: "Learn how to cancel your Dynamics 365, Intune, Power Platform, and Microsoft 365 for business trial or paid subscriptions in the Microsoft 365 admin center."

+You can cancel your subscription at any time in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 356 admin center</a>. However, to receive a refund, you must meet certain refund eligibility requirements. For more information, see [Understand refund eligibility](#understand-refund-eligibility).

+If you have multiple subscriptions to the same product, such as Microsoft 365 Business Premium, canceling one subscription wonΓÇÖt impact the purchased licenses or services inside the others.

+> [!IMPORTANT]

+> This article only applies to Dynamics 365, Intune, Power Platform, and Microsoft 365 for business subscriptions. If you have Microsoft 365 Family or Personal, see [Cancel a Microsoft 365 subscription](https://support.microsoft.com/office/cancel-a-microsoft-365-subscription-46e2634c-c64b-4c65-94b9-2cc9c960e91b?OCID=M365_DocsCancel_Link).

+## Understand refund eligibility

+### If you have a billing profile

+You must cancel within 72 hours of starting a paid subscription to get a prorated refund for unused time you already paid for. Refunds arenΓÇÖt available after 72 hours.

+For example, let's say you bought a one year subscription for which you pay $20 each month for a single license. You bought the subscription on February 1, 2022 at 11 AM UST, and decide to cancel it on February 3, 2022 at 11 AM UST. We deduct $1.43 for the two days you held the subscription, and you receive a prorated refund of $18.57.

+**Not sure if you have a billing profile?** To learn how to find out if you have a billing profile, see [View my billing profiles](../billing-and-payments/manage-billing-profiles.md#view-my-billing-profiles).

+### If you don't have a billing profile

+Use the following table to help determine if you can cancel your subscription yourself.

+|If your subscription has |You can |

+|--|--|

+|25 or fewer licenses | Cancel your trial or paid subscription online in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 356 admin center</a> at any time. |

+|More than 25 licenses | Reduce the number of licenses to 25 or fewer and try again, or [call support to cancel your subscription](../../admin/get-help-support.md). |

+For subscriptions that don't have a billing profile, you can only cancel during a limited window of time after you buy or renew your subscription. If the cancellation window has passed, [turn off recurring billing](renew-your-subscription.md) to cancel the subscription at the end of its term.

+If you cancel during the limited time window, any prorated credit will be returned to you within the next billing cycle.

+|Deliver the message to the hosted quarantine |_Quarantine_|n/a| This action is currently in **public preview**. During this phase, emails quarantined by DLP policies will show policy type as ExchangeTransportRule.</br> Delivers the message to the quarantine in EOP. For more information, see [Quarantined email messages in EOP](/microsoft-365/security/office-365-security/quarantine-email-messages).|

+> [!IMPORTANT]

+> All users who contribute to the scanned location either by adding files or consuming files need to have a license, not just the scanner user.

+- [Microsoft 365 subscription](https://www.microsoft.com/microsoft-365/compare-microsoft-365-enterprise-plans?rtc=1)

+|Extend labeling beyond Office apps by using File Explorer and PowerShell, with additional features for Office apps on Windows (if needed)|[Azure Information Protection unified labeling client for Windows](/azure/information-protection/rms-client/aip-clientv2)|

+description: "Learn about work with SharePoint Syntex document understanding model explanations in PowerShell."

+This example shows how to create a custom phrase list explanation template by taking the values from a term set. This includes the preferred term names and any synonyms.

+description: "Learn about how to export and import document understanding models with PowerShell in SharePoint Syntex."

+SharePoint Syntex models can be exported as PnP templates, enabling reuse across content centers or tenants.

+## Export all models in a content center

+To export all models in a content center into a single PnP template, use the following [PnP PowerShell](https://pnp.github.io/powershell/) cmdlets:

+## Export specific models

+To export specific models from a content center into a PnP template, use the following [PnP PowerShell](https://pnp.github.io/powershell/) cmdlets:

+The extract.json defines which models you want to export, allowing to specify model by name or ID and optionally configuring to not extract training data.

+### Example - Specify model by name

+### Example - Specify model by ID

+> [!NOTE]

+> Training data is required for a model to be editable when imported to a destination content center.

+description: "Learn how to manage SharePoint Syntex with PowerShell."

+For these scenarios, the SharePoint Syntex cmdlets in the PnP PowerShell module can be used to interact with models and explanations. To learn more about how to install this module, see [PnP PowerShell overview](/powershell/sharepoint/sharepoint-pnp/sharepoint-pnp-cmdlets).

+Select from the following scenarios to learn how to use PowerShell to manage SharePoint Syntex:

+ Start here if you want to learn how to use PowerShell to trigger document understanding processing on a document library.

+Document understanding models will process newly uploaded files to a library. It is also possible to manually request processing in the UI. However there might be scenarios where it is more efficient to trigger processing through PowerShell.

+You can request processing of all files in the library, even if they have previously been classified. This might be useful if you have updated a model or added another model to the library.

+> Using the -Force option with more than 5000 items will automatically enable off peak processing.

+If you want to limit processing to a specific subset of items in a library, you can use a script to select a specific group of files. In the following example, the script allows a field to be selected, and a field value to filter by. More complex queries can be completed using [Get-PnPListItem](https://pnp.github.io/powershell/cmdlets/Get-PnPListItem.html).

+SharePoint Syntex models typically are deployed to document libraries across your tenant. This can be done by using the content center site, but this can also be done using [PnP PowerShell](https://pnp.github.io/powershell/) as explained in this article.

+## Listing the available models in a content center

+To get an overview of the models added to the current SharePoint Syntex content center site, use the [Get-PnPSyntexModel](https://pnp.github.io/powershell/cmdlets/Get-PnPSyntexModel.html) cmdlet:

+To apply a model to a library, use the [Publish-PnPSyntexModel](https://pnp.github.io/powershell/cmdlets/Publish-PnPSyntexModel.html) cmdlet:

+Once you've deployed a model to many libraries, you might want to review the list of libraries using your model. This can be done using the [Get-PnPSyntexModelPublication](https://pnp.github.io/powershell/cmdlets/Get-PnPSyntexModelPublication.html) cmdlet:

+If you want to publish multiple models to multiple libraries, create an input CSV file listing the models and the target locations:

+This CSV file can then be used as an input into a script that will publish the listed models to the appropriate libraries. In the following example, batching is used to increase the efficiency of the requests.

+ Title: Microsoft Defender for Endpoint detection fields

+description: Understand how the detection fields map to the values in Microsoft Defender for Endpoint

+# Microsoft Defender for Endpoint detection fields

+> [!NOTICE]

+> The Microsoft Defender for Endpoint SIEM REST API is planned for deprecation, as the Microsoft Defender for Endpoint Alert API and the Microsoft 365 Defender Incident API that replace it provide much richer metadata - including the up-to-date status of the alert, all evidence entities that are related to the alert, all comments entered by analysts, and allows updating status, assignedTo, classification, and determination fields programmatically.

+>

+> No new onboarding to the Microsoft Defender for Endpoint SIEM API will be supported - instead, see [Enable SIEM integration in Defender for Endpoint](enable-siem-integration.md) for more information on integrating with the Microsoft Defender for Endpoint Alert API or the Microsoft 365 Defender Incident API.

+>

+> For information on integration SIEM Tools (Splunk, ArcSight, and QRadar), see [Integrate your SIEM tools with Microsoft Defender for Endpoint](../defender-endpoint/configure-siem.md).

+> - [Microsoft Defender for Endpoint Alert](alerts.md) is composed from one or more detections.

+> - **Microsoft Defender for Endpoint Detection** is composed from the suspicious event occurred on the Device and its related **Alert** details.

+>

+> The MicroFocus ArcSight FlexConnector described below has been replaced with an official SmartConnector that calls the Microsoft 365 Defender Incident API. For more information, see [Enable SIEM integration in Defender for Endpoint](enable-siem-integration.md).

+>

+

+ - **macOS** - Only applicable for Public Preview, minimum required version: 101.43.84

+ - **Linux** - Only applicable for Public Preview, minimum required version: 101.45.13

+

+

+

+| cd | Changes the current directory. | Y | Y | Y |

+| connections | Shows all the active connections. | Y | N | N |

+| dir | Shows a list of files and subdirectories in a directory. | Y | Y | Y |

+| drivers | Shows all drivers installed on the device. | Y | N | N |

+| fileinfo | Get information about a file. | Y | Y | Y |

+| findfile | Locates files by a given name on the device. | Y | Y | Y |

+| help | Provides help information for live response commands. | Y | Y | Y |

+| jobs | Shows currently running jobs, their ID and status. | Y | Y | Y |

+| persistence | Shows all known persistence methods on the device. | Y | N | N |

+| registry | Shows registry values. | Y | N | N |

+| scheduledtasks | Shows all scheduled tasks on the device. | Y | N | N |

+| services | Shows all services on the device. | Y | N | N |

+| startupfolders | Shows all known files in startup folders on the device. | Y | N | N |

+| status | Shows the status and output of specific command. | Y | N | N |

+| trace | Sets the terminal's logging mode to debug. | Y | Y | Y |

+| remediate | Remediates an entity on the device. The remediation action will vary depending on the entity type: File: delete Process: stop, delete image file Service: stop, delete image file Registry entry: delete Scheduled task: remove Startup folder item: delete file NOTE: This command has a prerequisite command. You can use the -auto command in conjunction with remediate to automatically run the prerequisite command. | Y | Y | Y |

+| scan | Runs an antivirus (quick) scan to help identify and remediate malware. | N | Y | Y |

+- [Live response command examples](live-response-command-examples.md)

+> During preview, full Microsoft Endpoint Configuration Manager automation and integration to perform an automated upgrade will be available in a later release of MECM. From the 2107 release with the latest hotfix rollup, you CAN use the Endpoint Protection node for configuration as well as Group Policy, PowerShell, Microsoft Endpoint Manager tenant attach or local configuration. In addition, you can leverage existing functionality in Microsoft Endpoint Configuration Manager to automate manual upgrade steps; methods for which are described below.

+- [Azure Virtual Desktop](https://azure.microsoft.com/services/virtual-desktop/) <br> Microsoft Defender for Endpoint now adds support for Azure Virtual Desktop.

+ Title: 'Application/Test rules'

+description: Rules to be followed when uploading an application/test

+search.appverid: MET150

+audience: Software-Vendor

+ms.localizationpriority: medium

+f1.keywords: NOCSH

+# Application/Test rules

+All applications or tests in Test Base need to comply with the following rules:

+## Test Base folders

+The following folders are used by the Test Base infrastructure:

+* %SYSTEMDRIVE%\USL

+* %SYSTEMDRIVE%\Ffmpeg

+* %SYSTEMDRIVE%\Monitoring

+* %SYSTEMDRIVE%\powershell-yaml

+* %SYSTEMDRIVE%\ProcMon

+* %SYSTEMDRIVE%\PSTools

+* %SYSTEMDRIVE%\TokenProviderTool

+* %SYSTEMDRIVE%\USLPowershellModules

+* %SYSTEMDRIVE%\UtcUtil

+* %SYSTEMDRIVE%\WPT

+* %SYSTEMDRIVE%\WULogs

+> [!IMPORTANT]

+> **Avoid the following**:

+> * Blocking the execution of any process from these folders. If your application is anti-malware software, configure your app installation to allow unimpeded execution of all processes from these folders.

+> * Tampering with any of these folders.

+## Test Base registry keys

+The applications/tests should not delete or modify any registry keys related to:

+* Windows telemetry level

+* Removing TLS 1.2