Updates from: 01/21/2023 05:09:25
Category Microsoft Docs article Related commit history on GitHub Change details
bookings Bookings In Outlook https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/bookings-in-outlook.md
For more information, see the [Bookings with me Microsoft 365 Roadmap item](http
```PowerShell Set-SharingPolicy "Default Sharing Policy" -Domains @{Add="Anonymous:CalendarSharingFreeBusySimple"} ```
-3. For mailboxes that get assigned a customized SharingPolicy, the policy must have Anonymous:SharingPolicyAction as one of the domains.
+3. For mailboxes that get assigned a customized SharingPolicy, the policy must have Anonymous:SharingPolicyAction as one of the domains.
```Powershell: get-mailbox adam@contoso.com | Format-List SharingPolicy
business-premium Get Microsoft 365 Business Premium https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/get-microsoft-365-business-premium.md
audience: Admin
Previously updated : 09/15/2022 Last updated : 01/18/2023 ms.localizationpriority: high - Adm_O365 - M365-subscription-management - M365-Campaigns - m365solution-smb-- highpri - tier1 - Adm_O365
description: "Get Microsoft 365 Business Premium so you can protect your company
When you're ready to sign up for Microsoft 365 Business Premium, you have several options. You can: -- [Try or buy Microsoft 365 Business Premium on your own](#sign-up-for-microsoft-365-business-premium-on-your-own)-- [Work with a Microsoft partner](#work-with-a-microsoft-partner-to-get-microsoft-365-business-premium)
+- Try or buy Microsoft 365 Business Premium on your own; or
+- Work with a Microsoft partner.
> [!TIP] > If you're looking for Microsoft 365 for Campaigns, see [How to get Microsoft 365 for Campaigns](get-microsoft-365-campaigns.md).
+# [Sign up on your own](#tab/getown)
+ ## Sign up for Microsoft 365 Business Premium on your own 1. Visit the [Microsoft 365 Business Premium product page](https://www.microsoft.com/en-us/microsoft-365/business/microsoft-365-business-premium?activetab=pivot%3aoverviewtab).
When you're ready to sign up for Microsoft 365 Business Premium, you have severa
3. After you have signed up for Microsoft 365 Business Premium, you'll receive an email with a link to sign in and get started. Proceed to [Set up Microsoft 365 Business Premium](m365bp-setup.md).
+# [Work with a partner](#tab/partner)
+ ## Work with a Microsoft partner to get Microsoft 365 Business Premium Microsoft has a list of solution providers who are authorized to sell offerings, including Microsoft 365 Business Premium. If you're not already working with a solution provider, you can find one by following these steps:
Microsoft has a list of solution providers who are authorized to sell offerings,
3. Review the list of results. Select a provider to learn more about their expertise and the services they provide. ++ ## Next steps [Set up Microsoft 365 Business Premium](m365bp-setup.md)
business-premium Get Microsoft 365 Campaigns https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/get-microsoft-365-campaigns.md
audience: Admin
Previously updated : 09/15/2022 Last updated : 01/18/2023 ms.localizationpriority: high - Adm_O365 - M365-subscription-management - M365-Campaigns - m365solution-smb-- highpri - tier1 - Adm_O365
business-premium Index https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/index.md
ms.audience: Admin
Previously updated : 10/24/2022 Last updated : 01/18/2023 ms.localizationpriority: high - M365-Campaigns
Microsoft 365 Business Premium with its world class productivity tools is a wise
The task before you is this: let Microsoft 365 Business Premium help secure your organizationΓÇÖs future! Approach this task by taking on the following six missions: | What to do | How to do it | |:|:|
business-premium M365 Campaigns Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365-campaigns-setup.md
audience: Admin
Previously updated : 10/18/2022 Last updated : 01/18/2023 ms.localizationpriority: high - M365-Campaigns - m365solution-smb-- highpri - tier1 - MiniMaven
Make sure that you meet the following requirements before you begin your setup p
| Permissions | To complete the initial setup process, you must be a Global Admin. [Learn more about admin roles](../admin/add-users/about-admin-roles.md). | | Browser requirements | Microsoft Edge, Safari, Chrome or Firefox. [Learn more about browser requirements](https://www.microsoft.com/microsoft-365/microsoft-365-and-office-resources#coreui-heading-uyetipy). | | Operating systems (client) | **Windows**: Windows 11, Windows 10, Windows 8.1<br/>**macOS**: One of the three most recent versions of macOS
-| Operating systems (servers) | Windows Server or Linux Server <br/>- Requires Microsoft Defender for Business servers (currently in preview)<br/>- See [How to get Microsoft Defender for Business servers (preview)](../security/defender-business/get-defender-business-servers.md). |
+| Operating systems (servers) | Windows Server or Linux Server <br/>(Requires an additional license, such as [Microsoft Defender for Business servers](../security/defender-business/get-defender-business-servers.md).) |
> [!TIP] > For more detailed information about Microsoft 365, Office, and system requirements, see [Microsoft 365 and Office Resources](https://www.microsoft.com/microsoft-365/microsoft-365-and-office-resources).
business-premium M365bp Collaborate Share Securely https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-collaborate-share-securely.md
audience: Admin
Previously updated : 09/15/2022 Last updated : 01/18/2023 ms.localizationpriority: high - M365-Campaigns - m365solution-smb-- highpri - m365-security - tier1
description: "An overview on how to collaborate and share files and communicate
# Collaborate and share securely
-Now that you're protected by the Microsoft 365 Business Premium Microsoft 365 apps, your next mission is to set up secure file sharing and communication. The best way to collaborate and share securely is to use Microsoft Teams. With Microsoft Teams, all your files and communications are in a protected environment and aren't being stored in unsafe ways outside of it. Your organization depends on protecting your data and information, which means that you want to protect your files by all means possible.
+Now that you're protected by the Microsoft 365 Apps, your next mission is to set up secure file sharing and communication. The best way to collaborate and share securely is to use Microsoft Teams. With Microsoft Teams, all your files and communications are in a protected environment and aren't being stored in unsafe ways outside of it. Your organization depends on protecting your data and information, which means that you want to protect your files by all means possible.
Your objectives are to:
business-premium M365bp Conditional Access https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-conditional-access.md
audience: Admin
Previously updated : 10/26/2022 Last updated : 01/18/2023 ms.localizationpriority: high - M365-Campaigns
search.appverid:
description: "Learn how security defaults can help protect your organization from identity-related attacks by providing preconfigured security settings for Microsoft 365 Business Premium."
-# Security defaults and multi-factor authentication
+# Multi-factor authentication
-Microsoft 365 Business Premium was designed to help protect your company's user accounts with preconfigured security settings. These settings include enabling multi-factor authentication (MFA) for all your admins and user accounts. For most organizations, security defaults offer a good level of sign-in security. For organizations who must meet more stringent requirements, Conditional Access can be used.
+Multi-factor authentication (MFA) is a very important first step in securing your organization. Microsoft 365 Business Premium includes the option to use security defaults or Conditional Access policies to turn on MFA for your admins and user accounts. For most organizations, security defaults offer a good level of sign-in security. But if your organization must meet more stringent requirements, you can use Conditional Access policies instead.
This article provides information about: -- **[Security defaults](#security-defaults)** (suitable for most businesses)-- **[Conditional Access](#conditional-access)** (for businesses with more stringent security requirements)
+- **Security defaults** (suitable for most businesses)
+- **Conditional Access** (for businesses with more stringent security requirements)
> [!NOTE] > You can use *either* security defaults *or* Conditional Access policies, but you can't use both at the same time.
+# [Security defaults](#tab/secdefaults)
+ ## Security defaults Security defaults were designed to help protect your company's user accounts from the start. When turned on, security defaults provide secure default settings that help keep your company safe by:
MFA is an important first step in securing your company, and security defaults m
6. In the right pane, you'll see the **Enable Security defaults** setting. If **Yes** is selected, then security defaults are already enabled and no further action is required. If security defaults are not currently enabled, then select **Yes** to enable them, and then select **Save**.
-## Conditional Access
+# [Conditional Access](#tab/condit)
-> [!NOTE]
-> If you've been using security defaults, you'll need to turn them off before using Conditional Access. You can use either security defaults or Conditional Access policies, but you can't use both at the same time.
+## Conditional Access
If your company or business has complex security requirements or you need more granular control over your security policies, then you should consider using Conditional Access instead of security defaults to achieve a similar or higher security posture.
To learn more about Conditional Access, see [What is Conditional Access?](/azure
> [!NOTE] > If you have a plan or license that provides Conditional Access but haven't yet created any Conditional Access policies, you're welcome to use security defaults. However, you'll need to turn off security defaults before you can use Conditional Access policies. ++ ## Next objective [Protect your administrator accounts in Microsoft 365 Business Premium](m365bp-protect-admin-accounts.md)
business-premium M365bp Device Groups Mdb https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-device-groups-mdb.md
Microsoft 365 Business Premium includes endpoint protection through Microsoft De
This article includes the following sections: - [Working with device groups](#working-with-device-groups)-- [How to create a new device group](#create-a-device-group-in-the-microsoft-365-defender-portal)
+- [How to create a new device group in the Microsoft 365 Defender portal](#create-a-device-group-in-the-microsoft-365-defender-portal)
- [How to create a new device category in Intune](#create-a-device-category-in-intune)
+- [How to create dynamic device groups in Azure Active Directory](#create-dynamic-device-groups-in-azure-active-directory)
+- [How categories are used when enrolling devices](#how-categories-are-used-when-enrolling-devices)
+- [How to view the categories of devices that you manage](#view-the-categories-of-devices-that-you-manage)
+- [How to change the category of a device](#change-the-category-of-a-device)
## Working with device groups
In the Azure AD portal, you can create dynamic groups based on the device catego
You can create a dynamic group for either devices or users, but not for both. You also can't create a device group based on the device owners' attributes. Device membership rules can only reference device attributions.
-## After device groups are created
+## How categories are used when enrolling devices
-Now that categories and device groups are established, users of iOS and Android devices enroll their devices, and as they do so, they must choose a category from the list of categories that were configured. Windows users can use the Company Portal website or the Company Portal app to select a category.
+After categories and device groups are established, people who have iOS and Android devices can enroll their devices in Intune. When they enroll their devices, they'll choose a category from the list of categories that were configured. People who have Windows devices can use either the Company Portal website or the Company Portal app to select a category.
1. After enrolling the device go to the [company portal](https://portal.microsoft.com) and choose **My Devices**.
business-premium M365bp Devices Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-devices-overview.md
audience: Admin
Previously updated : 09/15/2022 Last updated : 01/18/2023 ms.localizationpriority: high - M365-Campaigns - m365solution-smb-- highpri - m365-security - tier1
description: "An overview of how to set up all the bring-your-own devices (BYOD)
# Set up unmanaged (BYOD) devices Every device is a possible attack avenue into your network and must be monitored and managed properly, even those devices that are personally owned but used for work. In this critical mission, train everyone to protect their bring-your-own devices (BYODs). Unmanaged devices can pose a risk to your organization. It's important to help everyone get their devices protected as soon as possible.
business-premium M365bp Increase Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-increase-protection.md
Your subscription includes [preset security policies](../security/office-365-sec
:::image type="content" source="media/m365bp-presetsecuritypolicies.png" alt-text="Screenshot of preset security policies."::: > [!NOTE]
-> Preset security policies are not the same thing as [security defaults](m365bp-conditional-access.md#security-defaults). Typically, you'll be using *either* security defaults *or* [Conditional Access](m365bp-conditional-access.md#conditional-access) first, and then you'll add your security policies. [Preset security policies](#what-are-preset-security-policies) simplify the process of adding your security policies. You can also [add your own custom policies](#create-custom-security-policies).
+> Preset security policies are not the same thing as [security defaults](m365bp-conditional-access.md). Typically, you'll be using *either* security defaults *or* Conditional Access first, and then you'll add your security policies. [Preset security policies](#what-are-preset-security-policies) simplify the process of adding your security policies. You can also [add your own custom policies](#create-custom-security-policies).
### What are preset security policies?
business-premium M365bp Install Office Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-install-office-apps.md
ms.localizationpriority: high
- M365-Campaigns - m365solution-smb-- highpri - tier1 - MiniMaven
business-premium M365bp Onboard Devices Mdb https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-onboard-devices-mdb.md
audience: Admin
Previously updated : 09/15/2022 Last updated : 01/18/2023 ms.localizationpriority: high-+ f1.keywords: NOCSH - SMB
See [Device enrollment in Microsoft Intune](/mem/intune/enrollment/device-enroll
## What about servers?
-By default, servers are not supported in Microsoft 365 Business Premium and the standalone version of Defender for Business. However, **the ability to onboard a server, such as an endpoint running Windows Server or Linux Server, is now in preview**!
-
-See [How to get Microsoft Defender for Business servers (preview)](../security/defender-business/get-defender-business-servers.md).
+To onboard servers, an additional license, such as Microsoft Defender for Business servers, is required. See [How to get Microsoft Defender for Business servers](../security/defender-business/get-defender-business-servers.md).
## Run a detection test on a Windows device
business-premium M365bp Protect Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-protect-devices.md
ms.localizationpriority: high
- M365-Campaigns - m365solution-smb-- highpri - m365-security - tier1
description: "An overview for how to set up and secure managed devices from secu
# Set up and secure managed devices **Welcome to your final critical mission**! Here, you'll onboard and implement protection for all the managed devices in your organization. Microsoft Defender for Business capabilities now included in Microsoft 365 Business Premium can help ensure that your organization's devices are protected from ransomware, malware, phishing, and other threats. When you're done completing your objectives, you can rest assured, knowing you've done your part to protect your organization!
business-premium M365bp Protect Email Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-protect-email-overview.md
audience: Admin
Previously updated : 09/15/2022 Last updated : 01/18/2023 ms.localizationpriority: high - M365-Campaigns - m365solution-smb-- highpri - m365-security - tier1
description: "Know what to watch for in email. Train your team to guard against
# Protect all email As you probably already know, email can contain malicious attacks cloaked as harmless communications. Additionally, email systems are especially vulnerable, because email is handled by everyone in the organization, and safety relies on humans making consistently good decisions with those communications. In this mission, learn how members of the organizations can all help to keep the system safe from attackers.
business-premium M365bp Secure Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-secure-users.md
ms.localizationpriority: high
- M365-Campaigns - m365solution-smb-- highpri - tier1 - MiniMaven
business-premium M365bp Security Incident Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-security-incident-management.md
ms.localizationpriority: high
- M365-Campaigns - m365solution-smb-- highpri - m365-security - tier1
business-premium M365bp Security Incident Quick Start https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-security-incident-quick-start.md
audience: Admin
Previously updated : 09/15/2022 Last updated : 01/18/2023 ms.localizationpriority: high - m365solution-smb
The following table summarizes remediation actions that are available in Microso
| Source | Actions | ||| | Automated investigations | <ul><li>Quarantine a file</li><li>Remove a registry key</li><li>Kill a process</li><li>Stop a service</li><li>Disable a driver</li><li>Remove a scheduled task </li></ul> |
-| Manual response actions | <ul><li>Run antivirus scan</li><li>Isolate device</li><li>Stop and quarantine</li><li>Add an indicator to block or allow a file </li></ul> |
+| Manual response actions | <ul><li>Run antivirus scan</li><li>Isolate device</li><li>Add an indicator to block or allow a file </li></ul> |
| Live response | <ul><li>Collect forensic data</li><li>Analyze a file</li><li>Run a script</li><li>Send a suspicious entity to Microsoft for analysis</li><li>Remediate a file</li><li>Proactively hunt for threats</li></ul> |
business-premium M365bp Security Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-security-overview.md
audience: Admin
Previously updated : 09/15/2022 Last updated : 01/18/2023 ms.localizationpriority: high - M365-Campaigns - m365solution-smb-- highpri - m365-security - tier1
description: "Security overview for Microsoft 365 Business Premium which provide
# Bump up security In this mission, you boost your security defenses. You begin by enforcing multifactor authentication (MFA) requirements by using either security defaults or Conditional Access. You'll set up the different admin roles and specific levels of security for them. Admin account access is a high-value target for the enemy hackers, and protecting those accounts is critical because the access and control they provide can impact the entire system. And, you'll protect your email content and devices.
Stay vigilant - the safety and reliability of the system relies upon you.
Your objectives are to: -- [Turn on security defaults (MFA)](m365bp-conditional-access.md).
+- [Turn on MFA](m365bp-conditional-access.md).
- [Protect your admin accounts](m365bp-protect-admin-accounts.md). - [Protect against malware and other threats](m365bp-increase-protection.md).
business-premium M365bp Setup Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-setup-overview.md
audience: Admin
Previously updated : 09/15/2022 Last updated : 01/18/2023 ms.localizationpriority: high - M365-Campaigns - m365solution-smb-- highpri - m365-security - tier1
description: "Start the setup process of Microsoft 365 Business Premium or Micro
Now that you have Microsoft 365 Business Premium, your first critical mission is to complete your initial setup process right away. Let's get you going! Your objective is to:
business-premium M365bp Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-setup.md
Make sure that you meet the following requirements before you begin your setup p
| Permissions | To complete the initial setup process, you must be a Global Admin. [Learn more about admin roles](../admin/add-users/about-admin-roles.md). | | Browser requirements | Microsoft Edge, Safari, Chrome or Firefox. [Learn more about browser requirements](https://www.microsoft.com/microsoft-365/microsoft-365-and-office-resources#coreui-heading-uyetipy). | | Operating systems (client) | **Windows**: Windows 11, Windows 10, Windows 8.1<br/>**macOS**: One of the three most recent versions of macOS
-| Operating systems (servers) | Windows Server or Linux Server <br/>(Requires [Microsoft Defender for Business servers](../security/defender-business/get-defender-business-servers.md).) |
+| Operating systems (servers) | Windows Server or Linux Server <br/>(Requires an additional license, such as [Microsoft Defender for Business servers](../security/defender-business/get-defender-business-servers.md).) |
> [!NOTE] > For more detailed information about Microsoft 365, Office, and system requirements, see [Microsoft 365 and Office Resources](https://www.microsoft.com/microsoft-365/microsoft-365-and-office-resources).
business-premium M365bp Upgrade Windows 10 Pro https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-upgrade-windows-10-pro.md
Title: "Upgrade Windows devices to Windows 10 Pro"
+ Title: "Upgrade Windows devices to Windows 10 or 11 Pro"
f1.keywords: - NOCSH
localization_priority: Normal
search.appverid: - MET150 - MOE150
-description: "Learn how to upgrade your Windows devices to Windows 10 Pro with Microsoft 365 Business Premium."
+description: "Learn how to upgrade your Windows devices to Windows 10 or 11 Pro with Microsoft 365 Business Premium."
-# Upgrade Windows devices to Windows 10 Pro
+# Upgrade Windows devices to Windows 10 or 11 Pro
If you have Windows devices running Windows 7 Pro, Windows 8 Pro, or Windows 8.1 Pro, your Microsoft 365 Business Premium subscription entitles you to upgrade those devices to Windows 10 or 11 Pro.
business-premium Send Encrypted Email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/send-encrypted-email.md
ms.localizationpriority: high
- M365-Campaigns - m365solution-smb-- highpri - tier1 - MiniMaven
business-premium Set Up Meetings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/set-up-meetings.md
ms.localizationpriority: high
- M365-Campaigns - m365solution-smb-- highpri - tier1 - MiniMaven
business-premium Share Files And Videos https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/share-files-and-videos.md
ms.localizationpriority: high
- M365-Campaigns - m365solution-smb-- highpri - tier1 search.appverid:
commerce Add Storage Space https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/add-storage-space.md
For information about setting site collection storage limits, see [Manage site c
If you haven't yet bought extra storage for your subscription, you can do that. 1. In the admin center, go to the **Billing** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=868433" target="_blank">Purchase services</a> page.
-2. At the bottom of the **Purchase services** page, in the **Add-ons** section, find **Office 365 Extra File Storage**, and select **Details**.
-3. On the product details page, select **Next**.
-4. If needed, choose the base subscription, then enter the number of gigabytes of storage you want to add.
-5. Select **Check out now**.
-6. On the **How does this look?** page, verify the number of gigabytes of storage you selected, review the pricing information, and then select **Next**.
-7. On the **Complete order** page, verify the total. If you need to make any changes, select **Edit order**. If the order requires a credit check, select the check box. When you're finished, select **Place order** \> **Go to Admin Home**.
+2. On the **Your Products** page, select the subscription that contains **Sharepoint Online Plan 1** or **Sharepoint Online Plan 2**.
+3. In the **Product details and upgrade** section, select **View apps and services included with this subscription**.
+4. Select the **Add-ons** tab, find **Office 365 Extra File Storage**, and select **Details**.
+5. On the product details page, select **Next** and **Enter the number of gigabytes of storage** you want to add.
+6. Select **Check out now**.
+7. On the **How does this look?** page, verify the number of gigabytes of storage you selected, review the pricing information, and then select **Next**.
+8. On the **Complete order** page, verify the total. If you need to make any changes, select **Edit order**. If the order requires a credit check, select the check box. When you're finished, select **Place order** > **Go to Admin Home**.
## Increase or decrease your extra storage
commerce Allowselfservicepurchase Powershell https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/allowselfservicepurchase-powershell.md
The following table lists the available products and their **ProductId**. It als
| Project Plan 3* | CFQ7TTC0HDB0 | No | | Visio Plan 1* | CFQ7TTC0HD33 | No | | Visio Plan 2* | CFQ7TTC0HD32 | No |
+| Viva Goals | CFQ7TTC0PW0V | Yes |
| Windows 365 Enterprise | CFQ7TTC0HHS9 | No | | Windows 365 Business | CFQ7TTC0J203 | No | | Windows 365 Business with Windows Hybrid Benefit | CFQ7TTC0HX99 | No |
compliance Communication Compliance Case Study https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-case-study.md
search.appverid:
# Case study - Contoso configures a communication compliance policy to identify potentially inappropriate text for Microsoft Teams, Exchange, and Yammer communications > [!IMPORTANT]
-> Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance violations (for example SEC or FINRA), such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy.
+> Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance (for example, SEC or FINRA) and business conduct violations such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy.
[Microsoft Purview Communication Compliance](/microsoft-365/compliance/communication-compliance) helps minimize communication risks by helping you detect, capture, and act on messages with potentially inappropriate text in your organization. Potentially inappropriate text may include profanity, threats, harassment, and adult content. Pre-defined and custom [policies](/microsoft-365/compliance/communication-compliance-policies) allow you to review internal and external communications for policy matches, so they can be examined by designated reviewers. Reviewers can [investigate alerts](/microsoft-365/compliance/communication-compliance-investigate-remediate#investigate-alerts) for email, Microsoft Teams, Yammer, or third-party communications throughout your organization and take appropriate [remediation actions](/microsoft-365/compliance/communication-compliance-investigate-remediate#remediate-alerts) to make sure they're compliant with your organization's message standards.
compliance Communication Compliance Channels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-channels.md
search.appverid:
# Detect channel signals with communication compliance > [!IMPORTANT]
-> Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance violations (for example SEC or FINRA), such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy.
+> Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance (for example, SEC or FINRA) and business conduct violations such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy.
With communication compliance policies, you can choose to analyze messages in one or more of the following communication platforms as a group or as standalone sources. Original messages captured across these platforms are retained in the original platform location in accordance with your organization's [retention and hold policies](/microsoft-365/compliance/information-governance). Copies of messages used by communication compliance policies for analysis and investigation are retained for as long as policy is in place, even if users leave your organization and their mailboxes are deleted. When a communication policy is deleted, copies of messages associated with the policy are also deleted.
compliance Communication Compliance Configure https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-configure.md
search.appverid:
# Get started with communication compliance > [!IMPORTANT]
-> Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance violations (for example SEC or FINRA), such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy.
+> Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance (for example, SEC or FINRA) and business conduct violations such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy.
Use communication compliance policies to identify user communications for analysis by internal or external reviewers. For more information about how communication compliance policies can help you detect communications in your organization, see [communication compliance policies](/microsoft-365/compliance/communication-compliance-policies). If you'd like to review how Contoso quickly configured a communication compliance policy to detect potentially inappropriate content in Microsoft Teams, Exchange Online, and Yammer communications, check out this [case study](/microsoft-365/compliance/communication-compliance-case-study).
compliance Communication Compliance Investigate Remediate https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-investigate-remediate.md
search.appverid:
# Investigate and remediate communication compliance alerts > [!IMPORTANT]
-> Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance violations (for example SEC or FINRA), such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy.
+> Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance (for example, SEC or FINRA) and business conduct violations such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy.
After you've configured your [communication compliance policies](/microsoft-365/compliance/communication-compliance-policies), you'll begin receiving alerts in the [Microsoft Purview compliance portal](https://compliance.microsoft.com) for message issues that match your policy conditions. To view and act on alerts, users must be assigned to the following permissions:
compliance Communication Compliance Plan https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-plan.md
search.appverid:
# Plan for communication compliance > [!IMPORTANT]
-> Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance violations (for example SEC or FINRA), such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy.
+> Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance (for example, SEC or FINRA) and business conduct violations such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy.
Before getting started with [communication compliance](/microsoft-365/compliance/communication-compliance) in your organization, there are important planning activities and considerations that should be reviewed by your information technology and compliance management teams. Thoroughly understanding and planning for deployment in the following areas will help ensure that your implementation and use of communication compliance features goes smoothly and is aligned with the best practices for the solution.
compliance Communication Compliance Reports Audits https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-reports-audits.md
search.appverid:
# Use communication compliance reports and audits > [!IMPORTANT]
-> Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance violations (for example SEC or FINRA), such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy.
+> Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance (for example, SEC or FINRA) and business conduct violations such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy.
[!INCLUDE [purview-preview](../includes/purview-preview.md)]
compliance Communication Compliance Siem https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-siem.md
search.appverid:
# Use communication compliance with SIEM solutions > [!IMPORTANT]
-> Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance violations (for example SEC or FINRA), such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy.
+> Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance (for example, SEC or FINRA) and business conduct violations such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy.
[Communication compliance](/microsoft-365/compliance/communication-compliance) is an insider risk solution in Microsoft Purview that helps minimize communication risks by helping you detect, capture, and act on potentially inappropriate messages in your organization. Security information and event management (SIEM) solutions such as [Microsoft Sentinel](https://azure.microsoft.com/services/azure-sentinel) or [Splunk](https://www.splunk.com/) are commonly used to aggregate and track threats within an organization.
compliance Communication Compliance Solution Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-solution-overview.md
# Communication compliance > [!IMPORTANT]
-> Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance violations (for example SEC or FINRA), such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy.
+> Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance (for example, SEC or FINRA) and business conduct violations such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy.
Protecting sensitive information and detecting and acting on workplace harassment incidents is an important part of compliance with internal policies and standards. Microsoft Purview Communication Compliance helps minimize these risks by helping you quickly detect, capture, and take remediation actions for email and Microsoft Teams communications. These include potentially inappropriate communications containing profanity, threats, and harassment and communications that share sensitive information inside and outside of your organization.
compliance Communication Compliance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance.md
search.appverid:
# Learn about communication compliance > [!IMPORTANT]
-> Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance violations (for example SEC or FINRA), such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy.
+> Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance (for example, SEC or FINRA) and business conduct violations such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy.
Microsoft Purview Communication Compliance is an insider risk solution that helps minimize communication risks by helping you detect, capture, and act on potentially inappropriate messages in your organization. Pre-defined and custom policies allow you to check internal and external communications for policy matches so they can be examined by designated reviewers. Reviewers can investigate email, Microsoft Teams, Yammer, or third-party communications in your organization and take appropriate actions to make sure they're compliant with your organization's message standards.
compliance Compliance Easy Trials https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-easy-trials.md
Wondering what you can experience in your free trial? The Purview solutions tria
- **Data Lifecycle Management**
- Automate your retention coverage by using adaptive policy scopes. This feature allows you to dynamically target policies for retention to specific users, groups, or sites. These policies automatically update when changes occur in your organization. In addition, policies that use adaptive scopes aren't subject to location limits. Learn more about [adaptive policy scopes](retention.md#adaptive-or-static-policy-scopes-for-retention).
+ Microsoft Purview Data Lifecycle Management premium capabilities give you more automation and deeper customizations for how you manage the lifecycle of data ΓÇô keeping what you need and getting rid of what you donΓÇÖt need across the broad scale of your organization with:
+
+ - Adaptive policy scopes ΓÇô govern data dynamically across your org by deploying retention policies and labels to groups of users, SharePoint sites, and Microsoft 365 Groups (including Microsoft Teams) using scopes that target policies to locations against attributes and properties that you define.
+ - Auto-apply retention labels ΓÇô reduce manual processes by using retention labels that automatically apply to items matching your specified criteria.
+ Learn more about [Microsoft Purview Data Lifecycle Management](data-lifecycle-management.md).
+
- **Data Loss Prevention** Microsoft Purview Data Loss Prevention (DLP) helps you control sharing and use of sensitive info on devices, apps, and services. With trials, you can extend coverage of DLP policies to Teams and devices, protect even more sensitive content using trainable classifiers and exact data match (EDM), and get started quickly with our recommended DLP policies. [Learn more about Data Loss Prevention](dlp-learn-about-dlp.md)
Wondering what you can experience in your free trial? The Purview solutions tria
- **Records Management**
- Use integrated Microsoft Purview Records Management features to:
+ Use integrated Microsoft Purview Records Management features to automate the retention schedule for organizational regulatory, legal, and business-critical records. Get full content lifecycle support, from creation to collaboration, record declaration, retention, and disposition:
- Classify content as a record to prevent users from editing, as required by regulations, laws, or organizational policy - Apply retention labels to content automatically when it matches criteria you specify, using auto-apply label policies - Use adaptive scope policies to dynamically target your retention label policies to locations, with no limit on how many locations are included - Get full content lifecycle support, including the ability to perform disposition review on contents before they're permanently deleted at the end
- For more information on the full range of feature for Microsoft Records Management, learn more about [Records Management](records-management.md)
+ For more information on the full range of features for Microsoft Purview Records Management, learn more about [Records Management](records-management.md)
## Terms and conditions
-See the [terms and conditions](/legal/microsoft-365/microsoft-365-trial) for Microsoft 365 trials.
+See the [terms and conditions](/legal/microsoft-365/microsoft-365-trial) for Microsoft 365 trials.
compliance Compliance Manager Templates Create https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-templates-create.md
search.appverid: - MOE150 - MET150
-description: "Understand how to create templates for assessments in Microsoft Purview Compliance Manager. Create and modify templates using a formatted Excel file."
+description: "Learn how to create a custom assessment template in Microsoft Purview Compliance Manager using a formatted Excel file."
-# Create an assessment template in Microsoft Purview Compliance Manager
+# Create a custom assessment template
To create your own new template for custom assessments in Compliance Manager, you'll use a specially formatted Excel spreadsheet to assemble the necessary control data. After completing the spreadsheet, you will import it into Compliance Manager.
-To learn about formatting your spreadsheet, see [Format assessment template data with Excel](compliance-manager-templates-format-excel.md).
- [!INCLUDE [purview-preview](../includes/purview-preview.md)] ## Required roles
Only users who hold a Global Administrator or Compliance Manager Administration
## Create new template in Compliance Manager
-1. Go to your **assessment templates** page in Compliance Manager.
-2. Select **Create new template**. A template creation wizard will open.
-3. Choose the type of template you want to create. In this case, select **Create a custom template**, then select **Next**.
-4. At the **Upload file** screen, select **Browse** to find and upload your formatted Excel file containing all the required template data.
-5. If there are no problems with your file, the name of the file uploaded will be displayed. Select **Next** to continue. (If you need to change the file, select **Upload a different file**).
+1. Start by creating a formatted Excel file that contains your template's data. Get detailed instructions at [Format assessment template data with Excel](compliance-manager-templates-format-excel.md).
+1. When your Excel file is ready, go to your **assessment templates** page in Compliance Manager and select **Create new template**. A template creation wizard will open.
+1. Choose the type of template you want to create. In this case, select **Create a custom template**, then select **Next**.
+1. At the **Upload file** screen, select **Browse** to find and upload your formatted Excel file containing all the required template data.
+1. If there are no problems with your file, the name of the file uploaded will be displayed. Select **Next** to continue. (If you need to change the file, select **Upload a different file**).
- If thereΓÇÖs an error with your file, an error message at the top explains whatΓÇÖs wrong. YouΓÇÖll need to fix your file and upload it again. Errors will result if your spreadsheet is formatted improperly, or if thereΓÇÖs invalid information in certain fields.
-6. The **Review and finish** screen shows the number of improvement actions and controls and the maximum score for the template. When ready to approve, select **Create template.** (If you need to make changes, select **Back**.)
-7. The last screen confirms a new template has been created. Select **Done** to exit the wizard.
-8. YouΓÇÖll arrive at your new templateΓÇÖs details page, where you can [create your assessment](compliance-manager-assessments.md#create-assessments).
+1. The **Review and finish** screen shows the number of improvement actions and controls and the maximum score for the template. When ready to approve, select **Create template.** (If you need to make changes, select **Back**.)
+1. The last screen confirms a new template has been created. Select **Done** to exit the wizard.
+1. YouΓÇÖll arrive at your new templateΓÇÖs details page, where you can [create your assessment](compliance-manager-assessments.md#create-assessments).
+
+### Modifying your templates
+
+You can make changes to a template after you create it; for example, to add or remove an improvement action, or to change an action's name or other information. Visit [Modify assessment templates](compliance-manager-templates-modify.md) for detailed instructions.
compliance Compliance Manager Templates Extend https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-templates-extend.md
search.appverid: - MOE150 - MET150
-description: "Understand how to extend assessment templates in Microsoft Purview Compliance Manager to add and modify controls."
+description: "Understand how to extend a Microsoft template in Microsoft Purview Compliance Manager to add and modify controls."
-# Extend assessment templates in Microsoft Purview Compliance Manager
+# Extend assessment templates built by Microsoft
-Compliance Manager offers the option to add your own controls and improvement actions to an existing template. This process is called extending a template.
-
-To extend a template, you will use special instructions for modifying template data, depending on whether youΓÇÖre extending Microsoft assessment templates or universal assessment templates.
+Compliance Manager offers the option to add your own controls and improvement actions to an existing template created by Microsoft. This process is called **extending** a template. To extend a template, you'll use specific instructions listed on this page for modifying template data, depending on whether youΓÇÖre extending Microsoft assessment templates or universal assessment templates.
[!INCLUDE [purview-preview](../includes/purview-preview.md)]
compliance Compliance Manager Templates Modify https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-templates-modify.md
search.appverid:
description: "Understand how to modify assessment templates in Microsoft Purview Compliance Manager."
-# Modify assessment templates in Microsoft Purview Compliance Manager
+# Modify a custom assessment template
-When working with assessments in Compliance Manager, you may want to modify an assessment template that you've created. The process is similar to the [template creation](compliance-manager-templates-create.md) process in that you'll upload a formatted Excel file with your template data.
+If you want to modify a custom template you created, you'll follow a process similar to the [template creation](compliance-manager-templates-create.md) process of uploading a [formatted Excel file](compliance-manager-templates-format-excel.md) containing your template data. However, there are key details to know as you format your Excel file to change to existing template data. **We recommend you review these instructions carefully to ensure you don't overwrite any existing data that you want to retain.**
-However, there are details to be aware of as you format your file with changes to existing template data. **We recommend you review these instructions carefully to ensure you don't overwrite any existing data that you want to retain.**
-
-To learn more about the format of this spreadsheet, see [Format your template data with Excel](compliance-manager-templates-format-excel.md).
+> [!NOTE]
+> This template modification process can only be used for a custom template you have created. If you want to add controls or actions to a Compliance Manager template that Microsoft created, follow the instructions to [extend a Microsoft template](compliance-manager-templates-extend.md).
[!INCLUDE [purview-preview](../includes/purview-preview.md)]
-## Format your Excel file to modify an existing template
+## Steps to modify a template
-From your **assessment templates** page, select the template you want to modify, which will bring up its details page. Then select **Export to Excel**. An Excel file with all your template data will download. Save the file to your local machine.
-
-To work with this file, jump to a section below to quickly find the instructions you need:
+1. In Compliance Manager, go to the **Assessment templates** page. Select the template you want to modify, which will bring up its details page.
+2. Select **Export to Excel** in the upper right corner. An Excel file with all your template data will download. Save the file to your local machine.
+3. Edit your Excel file. Depending on which data you need to modify, jump to a section below for the instructions you need:
- [Edit the main template attributes](#edit-the-main-template-attributes) - [Add an improvement action](#add-an-improvement-action)
To work with this file, jump to a section below to quickly find the instructions
- [Remove an improvement action](#remove-an-improvement-action) - [Remove a control](#remove-a-control)
+4. When you're done editing your Excel file, save it to your local machine. You'll complete the process by re-uploading the Excel file using the [upload modified template information instructions](#modify-template-info-in-compliance-manager) below.
+ ### Edit the main template attributes On the **Templates** tab, you can edit anything in the **title** column, the **inScopeServices** column, and in any other column you may have added. However, you can't edit anything in the **product** or **certification** columns.
compliance Endpoint Dlp Learn About https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/endpoint-dlp-learn-about.md
Say you want to block all items that contain credit card numbers from leaving en
- Create a rule in the policy that detects the type of information that you want to protect. In this case, **content contains** set to *Sensitive information type**, and select **Credit Card**. - Set the actions for each activity to **Block**.
-See, [Design a data loss prevention policy](dlp-policy-design.md) for more guidance on designing your DLP policies.
+See [Design a data loss prevention policy](dlp-policy-design.md) for more guidance on designing your DLP policies.
## Monitored files
compliance Get Started With Service Trust Portal https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/get-started-with-service-trust-portal.md
When you sign up for either a free trial, or a subscription, you must enable Azu
## Using the Service Trust Portal
-The Service Trust Portal features and content are accessible from the main menu.
+The Service Trust Portal features and content are accessible from the main menu. The following sections describe each item in the main menu.
-![Service Trust Portal - Service Trust Portal main menu.](../media/86b754e1-c63c-4514-89ac-d014bf334140-2.png)
-
-The following sections describe each item in the main menu.
+![Service Trust Portal - main menu](../media/stp-menu.png)
### Service Trust Portal The **Service Trust Portal** link displays the home page. It provides a quick way to get back to the home page.
-### Certifications, Regulations and Standards
+#### Certifications, Regulations and Standards
Provides a wealth of security implementation and design information with the goal of making it easier for you to meet regulatory compliance objectives by understanding how Microsoft Cloud services keep your data secure. To review content, select one of the following tiles.
Provides a wealth of security implementation and design information with the goa
- **Singapore MTCS** - Multi-Tier Cloud Security (MTCS) Singapore Standard - **Spain ENS** - Spain Esquema Nacional de Seguridad (ENS)
-### Reports, Whitepapers, and Artifacts
+#### Reports, Whitepapers, and Artifacts
General documents relating to the following categories:
General documents relating to the following categories:
- **Privacy and Data Protection** - Privacy and Data Protection Resources - **FAQ and Whitepapers** - Whitepapers and answers to frequently asked questions
-### Industry and Regional Resources
+#### Industry and Regional Resources
Documents the apply to the following industries and regions:
Documents the apply to the following industries and regions:
- **United States Government** - Resources exclusively for US Government customers - **Regional Resources** - Documents describing compliance of Microsoft's online services with various regional policies and regulations
-### Resources for your Organization
+#### Resources for your Organization
Documents applying to your organization (restricted by tenant).
Document download view - When viewing the available documents, you can filter th
> [!NOTE] > Many of the files on the STP require acceptance of a license agreement. Some browser-based PDF viewers do not allow Javascript to run, which prevents the license agreement from being displayed and the file from opening.
-### All Documents
+##### All Documents
This section displays all available documents. Select the documents to save into your My Library section. Documents are sorted under the same categories shown under Certifications, Standards, Regulations, and Industry Resources. To view all resources for a particular cloud service use the **Cloud Service** filter.
-### Search
+##### Search
Click the magnifying glass in the upper right-hand corner of the Service Trust Portal page to expand the box, enter your search terms, and press **Enter**. The **Search** page is displayed, with the search term displayed in the search box and the search results listed below.
If a document is part of a series, you will be subscribed to the series and will
## My Download History
-On the My Download History tab, you can view and export a download history of documents downloaded within the last 18 months. The history includes document title, download date, and document status.
+On the My Download History tab, you can view and export a download history of documents downloaded from the Service Trust Portal within the last 18 months. The history includes the document title and download date, and the document status, such as whether it is live, has a newer version, or has been deleted. The full download history can be exported to a CSV file.
## Localization support
compliance Sensitivity Labels Versions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-versions.md
The numbers listed are the minimum Office application versions required for each
|[Apply a sensitivity label to files automatically](apply-sensitivity-label-automatically.md) <br /> - Using trainable classifiers | Current Channel: 2105+ <br /><br> Monthly Enterprise Channel: 2105+ <br /><br> Semi-Annual Enterprise Channel: 2108+ | 16.49+ | Under review | Under review | Under review | |[Support co-authoring and AutoSave](sensitivity-labels-coauthoring.md) for labeled and encrypted documents | Current Channel: 2107+ <br /><br> Monthly Enterprise Channel: 2107+ <br /><br> Semi-Annual Enterprise Channel: 2202+ | 16.51+ | 2.58+ | 16.0.14931+ | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) | |[PDF support](sensitivity-labels-office-apps.md#pdf-support)| Current Channel: 2208+ <br /><br> Monthly Enterprise Channel: 2209+ <br /><br> Semi-Annual Enterprise Channel: 2302+ | Under review | Under review | Under review | Under review |
-|[Sensitivity bar](sensitivity-labels-office-apps.md#sensitivity-bar) and [display label color](sensitivity-labels-office-apps.md#label-colors) | Preview: [Current Channel (Preview)](https://office.com/insider) | Under review | Under review | Under review | Under review |
+|[Sensitivity bar](sensitivity-labels-office-apps.md#sensitivity-bar) and [display label color](sensitivity-labels-office-apps.md#label-colors) | Preview: [Current Channel (Preview)](https://office.com/insider) | Preview: Rolling out to [Current Channel (Preview)](https://office.com/insider) | Under review | Under review | Under review |
|[Default sublabel for parent label](sensitivity-labels-office-apps.md#specify-a-default-sublabel-for-a-parent-label)| Preview: Rolling out to [Beta Channel](https://office.com/insider) | Under review | Under review | Under review | Under review | ## Sensitivity label capabilities in Outlook
compliance Whats New https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/whats-new.md
Whether it be adding new solutions to the [Microsoft Purview compliance portal](
### Sensitivity labels - **Rolling out in preview**: As a parity feature for the AIP add-in, built-in labeling for Windows supports the configuration of a [default sublabel for a parent label](sensitivity-labels-office-apps.md#specify-a-default-sublabel-for-a-parent-label).
+- **Rolling out in preview**: Word, Excel, and PowerPoint in Office for Mac also supports the [sensitivity bar](sensitivity-labels-office-apps.md#sensitivity-bar) and [label colors](sensitivity-labels-office-apps.md#label-colors).
- The earliest version for the AIP add-in to be [disabled by default in Office apps](sensitivity-labels-aip.md#how-to-disable-the-aip-add-in-to-use-built-in-labeling-for-office-apps) for the Current Channel and Monthly Enterprise Channel is now version 2302. The minimum version for the Semi-Annual Channel hasn't changed. ## December 2022
enterprise Microsoft 365 Vpn Implement Split Tunnel https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-vpn-implement-split-tunnel.md
In the above examples, **tenant** should be replaced with your Microsoft 365 ten
#### Optimize IP address ranges
-At the time of writing the IP address ranges that these endpoints correspond to are as follows. It's **very strongly** advised you use a [script such as this](https://github.com/microsoft/Office365NetworkTools/tree/master/Scripts/Display%20URL-IPs-Ports%20per%20Category) example, the [Microsoft 365 IP and URL web service](microsoft-365-ip-web-service.md) or the [URL/IP page](urls-and-ip-address-ranges.md) to check for any updates when applying the configuration, and put a policy in place to do so regularly.
+At the time of writing the IP address ranges that these endpoints correspond to are as follows. It's **very strongly** advised you use a [script such as this](https://github.com/microsoft/Office365NetworkTools/tree/master/Scripts/Display%20URL-IPs-Ports%20per%20Category) example, the [Microsoft 365 IP and URL web service](microsoft-365-ip-web-service.md) or the [URL/IP page](urls-and-ip-address-ranges.md) to check for any updates when applying the configuration and put a policy in place to do so regularly. If utilizing continuous access evaluation, refer to [Continuous access evaluation IP address variation](/azure/active-directory/conditional-access/concept-continuous-access-evaluation#ip-address-variation-and-networks-with-ip-address-shared-or-unknown-egress-ips). Routing optimized IPs through a trusted IP or VPN may be required to prevent blocks related to _insufficient_claims_ or _Instant IP Enforcement check failed_ in certain scenarios.
```markdown 104.146.128.0/17
security Deploy And Manage Using Intune https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/deploy-and-manage-using-intune.md
Go to Microsoft Endpoint Manager admin center (<https://endpoint.microsoft.com/>
> [!NOTE] > This configuration controls both Removable storage access control [Microsoft Defender for Endpoint Device Control Removable Storage Access Control](device-control-removable-storage-access-control.md) and Printer protection. If you only want to manage storage, make sure to create Allow policy for Printer. Otherwise, this Default Enforcement will be applied to Printer as well.
-3. Create one XML file for each group:
+3. Create one XML file for printer group(s):
You can create a removable storage group for each group as follows:
Go to Microsoft Endpoint Manager admin center (<https://endpoint.microsoft.com/>
- **Data Type** as **String (XML file)** - **Custom XML** as selected XML file
- Take a look at the **Overview** -> **Removable storage group**, you can create different group types. Here's a [XML file for any printer and USB Printer and file Printer](https://github.com/microsoft/mdatp-devicecontrol/blob/main/Removable%20Storage%20Access%20Control%20Samples/Intune%20OMA-URI/Any%20Removable%20Storage%20and%20CD-DVD%20and%20WPD%20Group.xml).
+ Take a look at the **Overview** > **Group**. You can create different group types. Here's one group example XML file for any network printer and USB printer and PDF/XPS printer group: [XML file](https://github.com/microsoft/mdatp-devicecontrol/blob/main/Printer%20Protection%20Samples/Intune%20OMA-URI/Any%20printer%20group.xml).
:::image type="content" source="media/any-removable-storage-group.png" alt-text="Screenshot of creating any Removable Storage Group." lightbox="media/any-removable-storage-group.png"::: > [!NOTE] > Comments using XML comment notation `<!-- COMMENT -->` can be used in the Rule and Group XML files, but they must be inside the first XML tag, not the first line of the XML file.
-4. Create one XML file for each access control or policy rule:
+4. Create one XML file for access policy rule(s):
You can create a policy and apply it to related removable storage group as follows:
Go to Microsoft Endpoint Manager admin center (<https://endpoint.microsoft.com/>
- **Data Type** as **String (XML file)** - **Custom XML** as selected XML file
- Take a look at the **Overview** -> **Access policy rule**, you can use **Parameters** to set condition for specific Entry. Here's a [group example XML file for Allow Read access for each removable storage](https://github.com/microsoft/mdatp-devicecontrol/blob/main/Removable%20Storage%20Access%20Control%20Samples/Intune%20OMA-URI/Allow%20Read.xml).
+ Take a look at the **Overview** -> **Access policy rule**, you can use **Parameters** to set condition for specific Entry. Here's one [example XML file](https://github.com/microsoft/mdatp-devicecontrol/blob/main/Printer%20Protection%20Samples/Intune%20OMA-URI/Allow%20Authorized%20USB%20Printer.xml).
:::image type="content" source="media/allow-read-activity.png" alt-text="Screenshot of Allow Read Activity policy." lightbox= "media/allow-read-activity.png":::
Go to Microsoft Endpoint Manager admin center (<https://endpoint.microsoft.com/>
5. Set location for a copy of the file (Optional):
- If you want to have a copy of the file (evidence) when Write access happens, set right **Options** in your removable storage access policy rule in the XML file, and then specify the location where system can save the copy.
+ If you want to have a copy of the file (evidence) when Print access happens, set right **Options** in your Printer protection policy rule in the XML file, and then specify the location where system can save the copy.
- In the **Add Row** pane, enter: - **Name** as **Evidence folder location**
Here are some common scenarios to help you familiarize with Microsoft Defender f
### Scenario 1: Prevent print to all but allow print through specific approved USB printer when the machine is Corporate Network OR VPN connected or print through PDF/XPS file
-Allows to print only through approved the USB when machine is in Corporate Network OR VPN connected, or print through PDF/XPS file.
+Allows to print only through approved USB printer when machine is in corporate network, VPN connected, or print through PDF/XPS file.
-You can download the files [Printer Protection Samples](https://github.com/microsoft/mdatp-devicecontrol/tree/main/Printer%20Protection%20Samples/Intune%20OMA-URI).
+You can download the files here, [Printer Protection Samples](https://github.com/microsoft/mdatp-devicecontrol/tree/main/Printer%20Protection%20Samples/Intune%20OMA-URI).
-1. Create groups.
+1. Create any printer group and allowed-USB printer group and allowed-file printer group.
1. Group 1: Any printer group :::image type="content" source="media/188234308-4db09787-b14e-446a-b9e0-93c99b08748f.png" alt-text="A screenshot showing removable storage." lightbox= "media/188234308-4db09787-b14e-446a-b9e0-93c99b08748f.png":::
- Here's the [sample file](https://github.com/microsoft/mdatp-devicecontrol/blob/main/Removable%20Storage%20Access%20Control%20Samples/Intune%20OMA-URI/Any%20Removable%20Storage%20and%20CD-DVD%20and%20WPD%20Group.xml). See step 3 from the [Deploy Printer Protection](deploy-and-manage-using-intune.md) section to deploy the configuration.
+ Here's the [sample file](https://github.com/microsoft/mdatp-devicecontrol/blob/main/Printer%20Protection%20Samples/Intune%20OMA-URI/Any%20printer%20group.xml). See step 3 from the [Deploy Printer Protection](deploy-and-manage-using-intune.md) section to deploy the configuration.
2. Group 2: Allowed-USB printer group :::image type="content" source="media/188234372-526d20b3-cfea-4f1d-8d63-b513497ada52.png" alt-text="A screenshot of approved USBs." lightbox= "media/188234372-526d20b3-cfea-4f1d-8d63-b513497ada52.png":::
- Here's the [sample file](https://github.com/microsoft/mdatp-devicecontrol/blob/main/Removable%20Storage%20Access%20Control%20Samples/Intune%20OMA-URI/Any%20Removable%20Storage%20and%20CD-DVD%20and%20WPD%20Group.xml). See step 3 from the [Deploy Printer Protection](deploy-and-manage-using-intune.md) section to deploy the configuration.
+ Here's the [sample file](https://github.com/microsoft/mdatp-devicecontrol/blob/main/Printer%20Protection%20Samples/Intune%20OMA-URI/Authorized%20USB%20Printer.xml). See step 3 from the [Deploy Printer Protection](deploy-and-manage-using-intune.md) section to deploy the configuration.
3. Group 3: Allowed PDF/XPS file printer group: following PrinterConnectionId is used, but if you want to only allow PDF, FriendlyNameId with 'Microsoft Print to PDF' is recommended. :::image type="content" source="images/allowed-pdf.png" alt-text="This is allowed pdf."lightbox="images/allowed-pdf.png":::
- Here's the [sample file](https://github.com/microsoft/mdatp-devicecontrol/blob/main/Removable%20Storage%20Access%20Control%20Samples/Intune%20OMA-URI/Any%20Removable%20Storage%20and%20CD-DVD%20and%20WPD%20Group.xml). See step 3 from the [Deploy Printer Protection](deploy-and-manage-using-intune.md) section to deploy the configuration.
+ Here's the [sample file](https://github.com/microsoft/mdatp-devicecontrol/blob/main/Printer%20Protection%20Samples/Intune%20OMA-URI/PDF_XPS%20Printer.xml). See step 3 from the [Deploy Printer Protection](deploy-and-manage-using-intune.md) section to deploy the configuration.
> [!TIP] > Replace `&` with `&amp;` in the value.
You can download the files [Printer Protection Samples](https://github.com/micr
:::image type="content" source="media/188243425-c0772ed4-6537-4c6a-9a1d-1dbb48018578.png" alt-text="A screenshot of policy 1." lightbox= "media/188243425-c0772ed4-6537-4c6a-9a1d-1dbb48018578.png":::
- Here's the [sample file](https://github.com/microsoft/mdatp-devicecontrol/blob/main/Removable%20Storage%20Access%20Control%20Samples/Intune%20OMA-URI/Scenario%201%20Block%20Write%20and%20Execute%20Access%20but%20allow%20approved%20USBs.xml). See step 4 from the [Deploy Printer Protection](deploy-and-manage-using-intune.md) section to deploy the configuration.
+ Here's the [sample file](https://github.com/microsoft/mdatp-devicecontrol/blob/main/Printer%20Protection%20Samples/Intune%20OMA-URI/Allow%20PDF_XPS%20Printer.xml). See step 4 from the [Deploy Printer Protection](deploy-and-manage-using-intune.md) section to deploy the configuration.
- 2. Create policy to allow authorized USB printer only when the machine is in Corporate Network or connected to the VPN.
+ 2. Create policy to allow authorized USB printer only when the machine is Corporate Network OR VPN connected.
:::image type="content" source="media/188243552-5d2a90ab-dba6-450f-ad8f-86a862f6e739.png" alt-text="A screenshot of policy 2." lightbox= "media/188243552-5d2a90ab-dba6-450f-ad8f-86a862f6e739.png":::
- Here's the [sample file](https://github.com/microsoft/mdatp-devicecontrol/blob/main/Removable%20Storage%20Access%20Control%20Samples/Intune%20OMA-URI/Scenario%201%20Block%20Write%20and%20Execute%20Access%20but%20allow%20approved%20USBs.xml). See step 4 from the [Deploy Printer Protection](deploy-and-manage-using-intune.md) section to deploy the configuration.
+ Here's the [sample file](https://github.com/microsoft/mdatp-devicecontrol/blob/main/Printer%20Protection%20Samples/Intune%20OMA-URI/Allow%20Authorized%20USB%20Printer.xml). See step 4 from the [Deploy Printer Protection](deploy-and-manage-using-intune.md) section to deploy the configuration.
3. Create Default Deny custom policy for any other printers.
- :::image type="content" source="media/188243552-5d2a90ab-dba6-450f-ad8f-86a862f6e739.png" alt-text="A screenshot of policy 2." lightbox= "media/188243552-5d2a90ab-dba6-450f-ad8f-86a862f6e739.png":::
+ :::image type="content" source="media/188243552-5d2a90ab-dba6-450f-ad8f-86a862f6e739.png" alt-text="A screenshot of policy 3." lightbox= "media/188243552-5d2a90ab-dba6-450f-ad8f-86a862f6e739.png":::
- Here's the [sample file](https://github.com/microsoft/mdatp-devicecontrol/blob/main/Removable%20Storage%20Access%20Control%20Samples/Intune%20OMA-URI/Scenario%201%20Block%20Write%20and%20Execute%20Access%20but%20allow%20approved%20USBs.xml). See step 4 from the [Deploy Printer Protection](deploy-and-manage-using-intune.md) section to deploy the configuration.
+ Here's the [sample file](https://github.com/microsoft/mdatp-devicecontrol/blob/main/Printer%20Protection%20Samples/Intune%20OMA-URI/Default%20Deny%20-%20custom%20policy.xml). See step 4 from the [Deploy Printer Protection](deploy-and-manage-using-intune.md) section to deploy the configuration.
security Device Health Microsoft Defender Antivirus Health https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-health-microsoft-defender-antivirus-health.md
-<!-- v-jweston/jweston-1 is scheduled to resume authorship Apr/May 2023.-->
- # Device health, Microsoft Defender Antivirus health report **Applies to:**
Up-to-date reporting generates information for devices that meet the following c
- Engine version: 1.1.19300.2+ - Platform version: 4.18.2202.1+ - Cloud protection enabled-- Windows OS
+- MsSense.exe version 10.8210.x or later
+- Windows OS - Windows 10 1809 or later
>[!Note] >Currently up to date reporting is only available for Windows devices. Cross platform devices such as Mac and Linux are listed under "No data available"/Unknown.
security Linux Support Install https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-support-install.md
If the Microsoft Defender for Endpoint installation fails due to missing depende
The following external package dependencies exist for the mdatp package: -- The mdatp RPM package requires "glibc >= 2.17", "audit", "policycoreutils", "selinux-policy-targeted", "mde-netfilter"
+- The mdatp RPM package requires "glibc >= 2.17", "audit", "policycoreutils", "semanage", "selinux-policy-targeted", "mde-netfilter"
- For RHEL6 the mdatp RPM package requires "audit", "policycoreutils", "libselinux", "mde-netfilter" - For DEBIAN the mdatp package requires "libc6 >= 2.23", "uuid-runtime", "auditd", "mde-netfilter" - The mde-netfilter package also has the following package dependencies: - For DEBIAN the mde-netfilter package requires "libnetfilter-queue1", "libglib2.0-0"
security Mac Whatsnew https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-whatsnew.md
Apple has fixed an issue on macOS [Ventura upgrade](<https://developer.apple.com
The issue impacts Microsoft Defender for endpoint security extensions, and might result in losing Full Disk Access Authorization, impacting its ability to function properly. <details>
- <summary>Jan-2023 (Build: 101.94.13 | Release version: 20.122112.19413.0)</summary>
+ <summary>Jan-2023 (Build: 101.96.85 | Release version: 20.122112.19413.0)</summary>
-&ensp;Build: **101.94.13**<br/>
+&ensp;Build: **101.96.85**<br/>
&ensp;Release version: **20.122112.19413.0**<br/> &ensp;Engine version: **1.1.19900.2**<br/> &ensp;Signature version: **1.381.2029.0**<br/>
security Printer Protection Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/printer-protection-overview.md
Microsoft Defender for Endpoint Device Control Printer Protection feature enable
Ensure that the Windows devices that you need to onboard should meet the following requirements: 1. Install the right OS KB:-
- - [KB5020030 (OS Builds 19042.2311, 19043.2311, 19044.2311, and 19045.2311) Preview Microsoft Support](https://support.microsoft.com/topic/november-15-2022-kb5020030-os-builds-19042-2311-19043-2311-19044-2311-and-19045-2311-preview-237a9048-f853-4e29-a3a2-62efdbea95e2)
- - [KB5019157 (OS Build 22000.1281) Preview - Microsoft Support](https://support.microsoft.com/topic/november-15-2022-kb5019157-os-build-22000-1281-preview-d64fb317-3435-49ff-b2c4-d0356a51a6b0)
+ - Windows 10 and later (20H2, 21H1, 21H2, and later) - [KB5020030](https://support.microsoft.com/en-us/topic/november-15-2022-kb5020030-os-builds-19042-2311-19043-2311-19044-2311-and-19045-2311-preview-237a9048-f853-4e29-a3a2-62efdbea95e2)
+ - Win 11 21H2 - [KB5019157](https://support.microsoft.com/en-us/topic/november-15-2022-kb5019157-os-build-22000-1281-preview-d64fb317-3435-49ff-b2c4-d0356a51a6b0)
+ - Win 11 22H2 - [KB5020044](https://support.microsoft.com/en-us/topic/november-29-2022-kb5020044-os-build-22621-900-preview-43f0bdf9-0b75-4110-bab3-3bd2433d84b3)
+- Windows Server 2022 - [KB5020032](https://support.microsoft.com/en-us/topic/november-22-2022-kb5020032-os-build-20348-1311-preview-7ca1be57-3555-4377-9eb1-0e4d714d9c68)
2. MOCAMP:4.18.2205 or later, you can run the command `Get-MpComputerStatus` in PowerShell to check the version.
security Tamperprotection Macos https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/tamperprotection-macos.md
Configure tamper protection mode in Microsoft Defender for Endpoint [configurati
``` > [!NOTE]
-> If you already have a configuration profile for Microsoft Defender for Endpoint then you need to *add* settings to it. You don't need to create a second configuration profile.
+> If you already have a configuration profile for Microsoft Defender for Endpoint then you need to *add* settings to it. You should not create a second configuration profile.
### Intune
security Advanced Hunting Deviceevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-deviceevents-table.md
The miscellaneous device events or `DeviceEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about various event types, including events triggered by security controls, such as Microsoft Defender Antivirus and exploit protection. Use this reference to construct queries that return information from this table. >[!TIP]
-> For detailed information about the events types (`ActionType` values) supported by a table, use the built-in schema reference available in the Defender for Cloud.
+> For detailed information about the events types (`ActionType` values) supported by a table, use the built-in schema reference available in Microsoft 365 Defender.
For information on other tables in the advanced hunting schema, [see the advanced hunting reference](advanced-hunting-schema-tables.md).
security Advanced Hunting Devicefileevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicefileevents-table.md
The `DeviceFileEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about file creation, modification, and other file system events. Use this reference to construct queries that return information from this table. >[!TIP]
-> For detailed information about the events types (`ActionType` values) supported by a table, use the built-in schema reference available in the Defender for Cloud.
+> For detailed information about the events types (`ActionType` values) supported by a table, use the built-in schema reference available in Microsoft 365 Defender.
For information on other tables in the advanced hunting schema, [see the advanced hunting reference](advanced-hunting-schema-tables.md).
security Advanced Hunting Deviceimageloadevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-deviceimageloadevents-table.md
The `DeviceImageLoadEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about DLL loading events. Use this reference to construct queries that return information from this table. >[!TIP]
-> For detailed information about the events types (`ActionType` values) supported by a table, use the built-in schema reference available in the Defender for Cloud.
+> For detailed information about the events types (`ActionType` values) supported by a table, use the built-in schema reference available in Microsoft 365 Defender.
For information on other tables in the advanced hunting schema, [see the advanced hunting reference](advanced-hunting-schema-tables.md).
security Advanced Hunting Devicelogonevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicelogonevents-table.md
The `DeviceLogonEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about user logons and other authentication events on devices. Use this reference to construct queries that return information from this table. >[!TIP]
-> For detailed information about the events types (`ActionType` values) supported by a table, use the built-in schema reference available in the Defender for Cloud.
+> For detailed information about the events types (`ActionType` values) supported by a table, use the built-in schema reference available in Microsoft 365 Defender.
For information on other tables in the advanced hunting schema, [see the advanced hunting reference](advanced-hunting-schema-tables.md).
security Advanced Hunting Devicenetworkevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicenetworkevents-table.md
The `DeviceNetworkEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about network connections and related events. Use this reference to construct queries that return information from this table. >[!TIP]
-> For detailed information about the events types (`ActionType` values) supported by a table, use the built-in schema reference available in the Defender for Cloud.
+> For detailed information about the events types (`ActionType` values) supported by a table, use the built-in schema reference available in Microsoft 365 Defender.
For information on other tables in the advanced hunting schema, [see the advanced hunting reference](advanced-hunting-schema-tables.md).
security Advanced Hunting Deviceprocessevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-deviceprocessevents-table.md
The `DeviceProcessEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about process creation and related events. Use this reference to construct queries that return information from this table. >[!TIP]
-> For detailed information about the events types (`ActionType` values) supported by a table, use the built-in schema reference available in the Defender for Cloud.
+> For detailed information about the events types (`ActionType` values) supported by a table, use the built-in schema reference available in Microsoft 365 Defender.
For information on other tables in the advanced hunting schema, [see the advanced hunting reference](advanced-hunting-schema-tables.md).
security Advanced Hunting Deviceregistryevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-deviceregistryevents-table.md
The `DeviceRegistryEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about the creation and modification of registry entries. Use this reference to construct queries that return information from this table. >[!TIP]
-> For detailed information about the events types (`ActionType` values) supported by a table, use the built-in schema reference available in the Defender for Cloud.
+> For detailed information about the events types (`ActionType` values) supported by a table, use the built-in schema reference available in Microsoft 365 Defender.
For information on other tables in the advanced hunting schema, [see the advanced hunting reference](advanced-hunting-schema-tables.md).
security Advanced Hunting Emailevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-emailevents-table.md
The `EmailEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about events involving the processing of emails on Microsoft Defender for Office 365. Use this reference to construct queries that return information from this table. > [!TIP]
-> For detailed information about the events types (`ActionType` values) supported by a table, use the built-in schema reference available in the Defender for Cloud.
+> For detailed information about the events types (`ActionType` values) supported by a table, use the built-in schema reference available in Microsoft 365 Defender.
For information on other tables in the advanced hunting schema, [see the advanced hunting reference](advanced-hunting-schema-tables.md).
security Advanced Hunting Emailpostdeliveryevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-emailpostdeliveryevents-table.md
The `EmailPostDeliveryEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about post-delivery actions taken on email messages processed by Microsoft 365. Use this reference to construct queries that return information from this table. >[!TIP]
-> For detailed information about the events types (`ActionType` values) supported by a table, use the built-in schema reference available in the Defender for Cloud.
+> For detailed information about the events types (`ActionType` values) supported by a table, use the built-in schema reference available in Microsoft 365 Defender.
To get more information about individual email messages, you can also use the [`EmailEvents`](advanced-hunting-emailevents-table.md), [`EmailAttachmentInfo`](advanced-hunting-emailattachmentinfo-table.md), and the [`EmailUrlInfo`](advanced-hunting-emailurlinfo-table.md) tables. For information on other tables in the advanced hunting schema, [see the advanced hunting reference](advanced-hunting-schema-tables.md).
security Advanced Hunting Go Hunt https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-go-hunt.md
With the *go hunt* action, you can quickly investigate events and various entity types using powerful query-based [advanced hunting](advanced-hunting-overview.md) capabilities. This action automatically runs an advanced hunting query to find relevant information about the selected event or entity.
-The *go hunt* action is available in various sections of the Defender for Cloud. This action is available to view once event or entity details are displayed. For example, you can use the *go hunt* option from the following sections:
+The *go hunt* action is available in various sections of Microsoft 365 Defender. This action is available to view once event or entity details are displayed. For example, you can use the *go hunt* option from the following sections:
- In the [incident page](investigate-incidents.md#summary), you can review details about users, devices, and many other entities associated with an incident. As you select an entity, you get additional information and the various actions you could take on that entity. In the example below, a mailbox is selected, showing details about the mailbox and the option to hunt for more information about the mailbox.
security Advanced Hunting Identitydirectoryevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-identitydirectoryevents-table.md
The `IdentityDirectoryEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains events involving an on-premises domain controller running Active Directory (AD). This table captures various identity-related events, like password changes, password expiration, and user principal name (UPN) changes. It also captures system events on the domain controller, like scheduling of tasks and PowerShell activity. Use this reference to construct queries that return information from this table. >[!TIP]
-> For detailed information about the events types (`ActionType` values) supported by a table, use the built-in schema reference available in the Defender for Cloud.
+> For detailed information about the events types (`ActionType` values) supported by a table, use the built-in schema reference available in Microsoft 365 Defender.
For information on other tables in the advanced hunting schema, [see the advanced hunting reference](advanced-hunting-schema-tables.md).
security Advanced Hunting Identitylogonevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-identitylogonevents-table.md
The `IdentityLogonEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about authentication activities made through your on-premises Active Directory captured by Microsoft Defender for Identity and authentication activities related to Microsoft online services captured by Microsoft Defender for Cloud Apps. Use this reference to construct queries that return information from this table. >[!TIP]
-> For detailed information about the events types (`ActionType` values) supported by a table, use the built-in schema reference available in the Defender for Cloud.
+> For detailed information about the events types (`ActionType` values) supported by a table, use the built-in schema reference available in Microsoft 365 Defender.
>[!NOTE] >This table covers Azure Active Directory (Azure AD) logon activities tracked by Defender for Cloud Apps, specifically interactive sign-ins and authentication activities using ActiveSync and other legacy protocols. Non-interactive logons that are not available in this table can be viewed in the Azure AD audit log. [Learn more about connecting Defender for Cloud Apps to Microsoft 365](/cloud-app-security/connect-office-365-to-microsoft-cloud-app-security)
security Advanced Hunting Identityqueryevents Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-identityqueryevents-table.md
The `IdentityQueryEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about queries performed against Active Directory objects, such as users, groups, devices, and domains. Use this reference to construct queries that return information from this table. >[!TIP]
-> For detailed information about the events types (`ActionType` values) supported by a table, use the built-in schema reference available in the Defender for Cloud.
+> For detailed information about the events types (`ActionType` values) supported by a table, use the built-in schema reference available in Microsoft 365 Defender.
For information on other tables in the advanced hunting schema, [see the advanced hunting reference](advanced-hunting-schema-tables.md).
security Advanced Hunting Schema Changes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-schema-changes.md
The [advanced hunting schema](advanced-hunting-schema-tables.md) is updated regularly to add new tables and columns. In some cases, existing columns names are renamed or replaced to improve the user experience. Refer to this article to review naming changes that could impact your queries.
-Naming changes are automatically applied to queries that are saved in the Defender for Cloud, including queries used by custom detection rules. You don't need to update these queries manually. However, you will need to update the following queries:
+Naming changes are automatically applied to queries that are saved in Microsoft 365 Defender, including queries used by custom detection rules. You don't need to update these queries manually. However, you will need to update the following queries:
- Queries that are run using the API-- Queries that are saved elsewhere outside the Defender for Cloud
+- Queries that are saved elsewhere outside Microsoft 365 Defender
## December 2020
security Advanced Hunting Schema Tables https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-schema-tables.md
To quickly access the schema reference, select the **View reference** action nex
:::image type="content" source="../../media/understand-schema-1.png" alt-text="The Schema Reference page on the Advanced Hunting page in the Microsoft 365 Defender portal" lightbox="../../media/understand-schema-1.png"::: ## Learn the schema tables
-The following reference lists all the tables in the schema. Each table name links to a page describing the column names for that table. Table and column names are also listed in the Defender for Cloud as part of the schema representation on the advanced hunting screen.
+The following reference lists all the tables in the schema. Each table name links to a page describing the column names for that table. Table and column names are also listed in Microsoft 365 Defender as part of the schema representation on the advanced hunting screen.
| Table name | Description | ||-|
security Reducing Attack Surface In Microsoft Teams https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/reducing-attack-surface-in-microsoft-teams.md
Microsoft Teams is a widely used collaboration tool, where many users are now sp
> [!IMPORTANT] > There is a balance to strike between security and productivity, and not all these steps may be relevant for your organizational risk profile.+ ## What you'll need - Microsoft Teams
Microsoft Teams is a widely used collaboration tool, where many users are now sp
- 5-10 minutes to perform the steps below. > [!NOTE]
-> Not all these options will be available for government specific clouds such as GCC.
+> Not all these options will be available for government specific clouds such as Microsoft 365 GCC.
+ ## Turn on Microsoft Defender for Office 365 in Teams If licensed for Microsoft Defender for Office 365 (free 90-day evaluation available at aka.ms/trymdo) you can ensure seamless protection from zero-day malware and time of click protection within Microsoft Teams.
-[Learn More (SafeLinks)](https://docs.microsoft.com/microsoft-365/security/office-365-security/safe-links#safe-links-settings-for-microsoft-teams) & [Learn More (Safe Attachments)](https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/turn-on-mdo-for-spo-odb-and-teams?view=o365-worldwide#step-1-use-the-microsoft-365-defender-portal-to-turn-on-safe-attachments-for-sharepoint-onedrive-and-microsoft-teams) (Detailed Documentation)
+[Learn More (SafeLinks)](/microsoft-365/security/office-365-security/safe-links#safe-links-settings-for-microsoft-teams) & [Learn More (Safe Attachments)](/microsoft-365/security/office-365-security/turn-on-mdo-for-spo-odb-and-teams) (Detailed Documentation)
-1. **Login** to the security center's safe attachments configuration page at [https://security.microsoft.com/safeattachmentv2](https://security.microsoft.com/safeattachmentv2)
-2. Press **Global settings**
+1. **Login** to the security center's safe attachments configuration page at <https://security.microsoft.com/safeattachmentv2>.
+2. Press **Global settings**.
3. Ensure **Turn on Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams** is set to on.
-4. Navigate to the security center's Safe links configuration page at: [https://security.microsoft.com/safelinksv2](https://security.microsoft.com/safelinksv2)
-5. If you have multiple policies, you will need to complete this step for each policy (excluding built-in, standard and strict preset policies)
-6. **Select** a policy, a flyout will appear on the left-hand side
-7. Press **Edit protection settings**
-8. Ensure **Safe Links checks a list of known, malicious links when users click links in Microsoft Teams** is checked
-9. Press **Save**
+4. Navigate to the security center's Safe links configuration page at: <https://security.microsoft.com/safelinksv2>.
+5. If you have multiple policies, you will need to complete this step for each policy (excluding built-in, standard and strict preset policies).
+6. **Select** a policy, a flyout will appear on the left-hand side.
+7. Press **Edit protection settings**.
+8. Ensure **Safe Links checks a list of known, malicious links when users click links in Microsoft Teams** is checked.
+9. Press **Save**.
-## Restricting channel email messages to approved domains.
+## Restricting channel email messages to approved domains
An attacker could email channels directly if they discover the channel email address. The best practice is to have this only setup for known trusted domains rather than open to all (default).
-1. **Login** to the Teams admin center at: https://admin.teams.microsoft.com/
-2. On the left-hand navigation, expand **Teams** and then choose **Teams settings**
-3. Under the **Email integration** heading, choose to allow or disallow users to send emails to a channel email address by toggling **Users can send emails to a channel email address.**
-4. If you have allowed users to send emails to a channel email address in the previous step, enter the specific domains you wish to accept mail from in the **Accept channel email from these SMTP domains** box. (for example, an alert provider, or trusted supplier)
+1. **Login** to the Teams admin center at: <https://admin.teams.microsoft.com/>.
+2. On the left-hand navigation, expand **Teams** and then choose **Teams settings**.
+3. Under the **Email integration** heading, choose to allow or disallow users to send emails to a channel email address by toggling **Users can send emails to a channel email address**.
+4. If you have allowed users to send emails to a channel email address in the previous step, enter the specific domains you wish to accept mail from in the **Accept channel email from these SMTP domains** box. (for example, an alert provider, or trusted supplier).
5. Press **Save** at the bottom of the page. ## Managing third party storage options Users can store their files in potentially unsupported 3rd party storage providers. If you do not use these providers, you can disable this setting to reduce data leakage risk.
-1. **Login** to the Teams admin center at: https://admin.teams.microsoft.com/
-2. On the left-hand navigation, expand **Teams** and then choose **Teams settings**
+1. **Login** to the Teams admin center at: <https://admin.teams.microsoft.com/>.
+2. On the left-hand navigation, expand **Teams** and then choose **Teams settings**.
3. Under the **Files** heading, choose which storage providers you want to be available for use within the files tab. 4. Press **Save** at the bottom of the page.
Users can store their files in potentially unsupported 3rd party storage provide
Applications are a very useful part of Microsoft teams, but it is recommended to maintain a list of allowed apps rather than allowing all apps by default.
-1. **Login** to the Teams admin center at: https://admin.teams.microsoft.com/
-2. On the left-hand navigation, expand **Teams apps** and then choose **Permission Policies**
-3. If you have custom permission policies, you will need to do these steps for each of them if appropriate, otherwise select **Global (Org-wide default)**
+1. **Login** to the Teams admin center at: <https://admin.teams.microsoft.com/>.
+2. On the left-hand navigation, expand **Teams apps** and then choose **Permission Policies**.
+3. If you have custom permission policies, you will need to do these steps for each of them if appropriate, otherwise select **Global (Org-wide default)**.
4. Select the appropriate settings for your organization, a recommended starting point is:
- - Microsoft apps ΓÇô set to **Allow all apps** (default)
- - Third-party apps ΓÇô set to **Allow specific apps and block all others** (if you already have 3rd party apps to then select for allowing) otherwise select **Block all apps**
- - Custom apps ΓÇô set to **Allow specific apps and block all others** (if you already have custom apps to then select for allowing) otherwise select **Block all apps**
-5. Press **Save.**
-6. You'll need to change this setting for each policy (if you have multiple)
+ - Microsoft apps ΓÇô set to **Allow all apps** (default).
+ - Third-party apps ΓÇô set to **Allow specific apps and block all others** (if you already have 3rd party apps to then select for allowing) otherwise select **Block all apps**.
+ - Custom apps ΓÇô set to **Allow specific apps and block all others** (if you already have custom apps to then select for allowing) otherwise select **Block all apps**.
+5. Press **Save**.
+6. You'll need to change this setting for each policy (if you have multiple).
## Configure meeting settings You can reduce the attack surface by ensuring people outside your organization cannot request access to control presenter's screens and require dial in and all external people to be authenticated & admitted from a meeting lobby.
-[Learn more](https://docs.microsoft.com/en-US/microsoftteams/meeting-policies-participants-and-guests) (detailed documentation)
-
-1. **Login** to the Teams admin center at: https://admin.teams.microsoft.com/
-2. On the left-hand navigation, expand **Meetings** and then choose **Meeting Policies**
-3. If you have assigned any custom or built-in policies to users, you will need to do these steps for each of them if appropriate, otherwise select **Global (Org-wide default)**
-4. Under the **Content sharing** heading, ensure **External participants can give or request control** is set to **off.**
-5. Under the **Participants & guests** heading, ensure **Automatically admit people** is set to **Invited users only**
-6. Ensure **Dial-in users can bypass the lobby** is set to **off.**
-7. Ensure **Let anonymous people join a meeting** is set to **off.**
-8. Set **Chat in meetings** to **"Turn it on for everyone but anonymous users"**
-9. Press **Save.**
+[Learn more](/microsoftteams/meeting-policies-participants-and-guests) (detailed documentation).
+
+1. **Login** to the Teams admin center at: <https://admin.teams.microsoft.com/>.
+2. On the left-hand navigation, expand **Meetings** and then choose **Meeting Policies**.
+3. If you have assigned any custom or built-in policies to users, you will need to do these steps for each of them if appropriate, otherwise select **Global (Org-wide default)**.
+4. Under the **Content sharing** heading, ensure **External participants can give or request control** is set to **off**.
+5. Under the **Participants & guests** heading, ensure **Automatically admit people** is set to **Invited users only**.
+6. Ensure **Dial-in users can bypass the lobby** is set to **off**.
+7. Ensure **Let anonymous people join a meeting** is set to **off**.
+8. Set **Chat in meetings** to **"Turn it on for everyone but anonymous users"**.
+9. Press **Save**.
10. You'll need to change this setting for each policy. ## Configure meeting settings (Restrict presenters)+ You can reduce the risk of unwanted or inappropriate content being shared during meetings by restricting who can present to Organizers (everyone is allowed to present by default).
-1. **Login** to the Teams admin center at: https://admin.teams.microsoft.com/
-2. On the left-hand navigation, expand **Meetings** and then choose **Meeting Policies**
-3. If you have assigned any custom or built-in policies to users, you will need to do these steps for each of them if appropriate, otherwise select **Global (Org-wide default)**
+1. **Login** to the Teams admin center at: <https://admin.teams.microsoft.com/>.
+2. On the left-hand navigation, expand **Meetings** and then choose **Meeting Policies**.
+3. If you have assigned any custom or built-in policies to users, you will need to do these steps for each of them if appropriate, otherwise select **Global (Org-wide default)**.
4. Under the **Participants & guests** heading, toggle who can present in meetings to **Organizers, but users can override.**
-5. Press **Save.**
+5. Press **Save**.
6. You'll need to change this setting for each policy. ## Disable open federation Open federation allows your users to communicate externally in Microsoft teams, allowing external organizations to start a conversation with your users and vice versa, which is useful for collaboration, but also for attackers to directly communicate with your organization if they know a victims email address.
-[Learn more](https://docs.microsoft.com/microsoftteams/manage-external-access) (detailed documentation)
+[Learn more](/microsoftteams/manage-external-access) (detailed documentation)
-1. **Login** to the Teams admin center at: https://admin.teams.microsoft.com/
-2. On the left-hand navigation, expand **Users** and then choose **External access**
-3. Under the **Teams and Skype for Business users in external organizations** heading, select the **Choose which external domains your users have access to** dropdown and set this to **Allow only specific external domains**
+1. **Login** to the Teams admin center at: <https://admin.teams.microsoft.com/>.
+2. On the left-hand navigation, expand **Users** and then choose **External access**.
+3. Under the **Teams and Skype for Business users in external organizations** heading, select the **Choose which external domains your users have access to** dropdown and set this to **Allow only specific external domains**.
4. Enter any external domains users should be able to communicate with by pressing **Allow domains,** using the flyout, and pressing **Done** when finished.
-5. Press **Save.**
-
+5. Press **Save**.
## Learn More Consider configuring access policies to implement Zero Trust identity and device access policies to protect Microsoft Teams chats, groups, and content such as files and calendars.
-Learn more about teams access policies: [Recommended Teams policies - Microsoft 365 for enterprise - Office 365 | Microsoft Docs](https://docs.microsoft.com/microsoft-365/security/office-365-security/teams-access-policies)
+Learn more about teams access policies: [Recommended Teams policies - Microsoft 365 for enterprise - Office 365 | Microsoft Docs](/microsoft-365/security/office-365-security/teams-access-policies)
-Security in Microsoft Teams:[Overview of security and compliance - Microsoft Teams | Microsoft Docs](https://docs.microsoft.com/microsoftteams/security-compliance-overview)
+Security in Microsoft Teams:[Overview of security and compliance - Microsoft Teams | Microsoft Docs](/microsoftteams/security-compliance-overview)
security Tenant Allow Block List About https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/tenant-allow-block-list-about.md
For entry creation and configuration instructions, see the following topics:
These articles contain procedures in the Microsoft 365 Defender Portal and in PowerShell.
+> [!NOTE]
+> To allow phishing URLs that are part of third-party attack simulation training, use the [advanced delivery configuration](skip-filtering-phishing-simulations-sec-ops-mailboxes.md) to specify the URLs. Don't use the Tenant Allow/Block List.
+ ## Block entries in the Tenant Allow/Block List > [!NOTE]
security Tenant Allow Block List Urls Configure https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/tenant-allow-block-list-urls-configure.md
This article describes how to create and manage URL allow and block entries that
You manage allow and block entries for URLs in the Microsoft 365 Defender Portal or in Exchange Online PowerShell. Messages containing the blocked URLs are quarantined.
+> [!NOTE]
+> To allow phishing URLs that are part of third-party attack simulation training, use the [advanced delivery configuration](skip-filtering-phishing-simulations-sec-ops-mailboxes.md) to specify the URLs. Don't use the Tenant Allow/Block List.
+ ## What do you need to know before you begin? - You open the Microsoft 365 Defender portal at <https://security.microsoft.com>. To go directly to the **Tenant Allow/Block List** page, use <https://security.microsoft.com/tenantAllowBlockList>. To go directly to the **Submissions** page, use <https://security.microsoft.com/reportsubmission>.