Updates from: 01/22/2021 04:22:17
Category Microsoft Docs article Related commit history on GitHub Change details
admin https://docs.microsoft.com/en-us/microsoft-365/admin/activity-reports/email-activity-ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/email-activity-ww.md
@@ -55,4 +55,5 @@ You can get a view into your user's email activity by looking at the **Activity*
|9. <br/> |You can also export the report data into an Excel .csv file, by selecting the **Export** link. This exports data of all users and enables you to do simple sorting and filtering for further analysis. If you have less than 2000 users, you can sort and filter within the table in the report itself. If you have more than 2000 users, in order to filter and sort, you will need to export the data. <br/> | |||
-Note: The Email activity report is only available for mailboxes that are associated with users who have licenses.
+> [!NOTE]
+> The Email activity report is only available for mailboxes that are associated with users who have licenses.
admin https://docs.microsoft.com/en-us/microsoft-365/admin/activity-reports/email-apps-usage-ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/email-apps-usage-ww.md
@@ -1,3 +1,4 @@
+---
title: "Microsoft 365 Reports in the admin center - Email apps usage" ms.author: kwekua author: kwekua
admin https://docs.microsoft.com/en-us/microsoft-365/admin/add-users/add-new-employee https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/add-new-employee.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - MSStore_Link - AdminSurgePortfolio
+- okr_smb
search.appverid: - MET150 - MOE150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/add-users/give-mailbox-permissions-to-another-user https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/give-mailbox-permissions-to-another-user.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - MSStore_Link - AdminSurgePortfolio
+- okr_smb
search.appverid: - BCS160 - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/add-users/let-users-reset-passwords https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/let-users-reset-passwords.md
@@ -18,6 +18,7 @@ ms.custom:
- TRN_M365B - OKR_SMB_Videos - AdminSurgePortfolio
+- okr_smb
search.appverid: - BCS160 - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/admin-overview/admin-mobile-app https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/admin-mobile-app.md
@@ -17,6 +17,7 @@ ms.custom:
- TRN_M365B - OKR_SMB_Videos - AdminSurgePortfolio
+- okr_smb
search.appverid: - BCS160 - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/admin-overview/what-subscription-do-i-have https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/what-subscription-do-i-have.md
@@ -15,7 +15,7 @@ ms.collection:
- Adm_O365_Setup - Adm_TOC ms.custom: -- okr_SMB
+- okr_smb
- AdminSurgePortfolio search.appverid: - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/contact-support-for-business-products https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/contact-support-for-business-products.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - MSStore_Link - AdminSurgePortfolio
+- okr_smb
search.appverid: - MET150 description: "Get technical and billing support by using phone numbers listed for your country or region, or submitting your service request online."
admin https://docs.microsoft.com/en-us/microsoft-365/admin/create-groups/compare-groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/compare-groups.md
@@ -13,7 +13,9 @@ ms.collection:
- M365-subscription-management - Adm_O365 - Adm_TOC
-ms.custom: AdminSurgePortfolio
+ms.custom:
+- AdminSurgePortfolio
+- okr_smb
search.appverid: - BCS160 - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/create-groups/create-groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/create-groups.md
@@ -13,7 +13,9 @@ ms.collection:
- M365-subscription-management - Adm_O365 - Adm_TOC
-ms.custom: AdminSurgePortfolio
+ms.custom:
+- AdminSurgePortfolio
+- okr_smb
search.appverid: - BCS160 - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/create-groups/office-365-groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/office-365-groups.md
@@ -13,7 +13,9 @@ ms.collection:
- M365-subscription-management - Adm_O365 - Adm_TOC
-ms.custom: AdminSurgePortfolio
+ms.custom:
+- AdminSurgePortfolio
+- okr_smb
search.appverid: - BCS160 - MET150
@@ -23,7 +25,7 @@ description: "Learn about Microsoft 365 Groups."
# Overview of Microsoft 365 Groups for administrators
-Microsoft 365 Groups is the foundational membership service that drives all teamwork across Microsoft 365. With Microsoft 365 Groups, you can give a group of people access to a collection of collaboration resources for those people to share. These resources include:
+Microsoft 365 Groups is the foundational membership service that drives all teamwork across Microsoft 365. With Microsoft 365 Groups, you can give a group of people access to a collection of shared resources. These resources include:
- A shared Outlook inbox - A shared calendar
@@ -35,9 +37,9 @@ Microsoft 365 Groups is the foundational membership service that drives all team
- A Team (if the group was created from Teams) - Roadmap (if you have Project for the web)
-With a Microsoft 365 group, you don't have to manually assign permissions to each of these resources, because adding people to the group automatically gives them the permissions they need to the tools that the group provides.
+With a Microsoft 365 group, you don't have to manually assign permissions to each of these resources. Adding people to the group automatically gives them the permissions they need.
-Any user can create a group unless you [limit group creation to a specific set of people](manage-creation-of-groups.md). Note that if you limit group creation, users who cannot create groups will not be able to create SharePoint sites, Planners, or teams. These services require the people creating them to be able to create a group. Users can still participate in group activities, such as creating tasks in Planner or using Teams chat, provided they are a member of the group.
+Any user can create a group unless you [limit group creation to a specific set of people](manage-creation-of-groups.md). If you limit group creation, users who cannot create groups will not be able to create SharePoint sites, Planners, or teams. These services require the people creating them to be able to create a group. Users can still participate in group activities, such as creating tasks in Planner or using Teams chat, provided they are a member of the group.
Groups have the following roles:
@@ -55,11 +57,11 @@ As an administrator, you can:
- [Manage guest access to groups](manage-guest-access-in-groups.md) - [Recover a deleted group](restore-deleted-group.md) (within 30 days of deletion)
-If you prefer a more automated way to manage the lifecycle of your Microsoft 365 groups, you can use expiration policies to expire groups at a specific time interval. The group's owners will get an email 30, 15 and 1 day before the group expiration that allows them to easily renew the group if it's still needed. See: [Microsoft 365 group Expiration Policy](office-365-groups-expiration-policy.md).
+If you prefer a more automated way to manage the lifecycle of your Microsoft 365 groups, you can use expiration policies to expire groups at a specific time interval. The group's owners will get an email 30, 15, and 1 day before the group expiration that allows them to renew the group if it's still needed. See: [Microsoft 365 group Expiration Policy](office-365-groups-expiration-policy.md).
You can administer your groups from the Microsoft 365 admin center or [by using PowerShell](https://docs.microsoft.com/microsoft-365/enterprise/manage-microsoft-365-groups-with-powershel).
-If you have a lot of users, such as in a large corporation or enterprise, you may have many users who create groups for various purposes. We highly recommend that you review [Plan for governance in Microsoft 365 groups](plan-for-groups-governance.md) for best practices.
+If you have many users, such as in a large corporation or enterprise, you may have many users who create groups for various purposes. We highly recommend that you review [Plan for governance in Microsoft 365 groups](plan-for-groups-governance.md) for best practices.
## Group limits
@@ -69,25 +71,25 @@ The following limits apply to Microsoft 365 Groups:
|:---------|:----| |Owners per group|100| |Groups a user can create|250|
-|Groups an admin can create|Up to default tenant limit of 500K|
-|Number of members|More than 1,000, though only 1,000 can access the Group conversations concurrently. <br>Users might notice delays when accessing the calendar and conversations in very large groups in Outlook.|
+|Groups an admin can create|Up to default tenant limit of 500 K|
+|Number of members|More than 1,000, though only 1,000 can access the Group conversations concurrently. <br>Users might notice delays when accessing the calendar and conversations in large groups in Outlook.|
|Number of Groups a user can be a member of|7,000|
-|File storage|1 Terabyte + 10 GB per subscribed user + any additional storage purchased. You can purchase an unlimited amount of additional storage.|
+|File storage|1 Terabyte + 10 GB per subscribed user + any other storage purchased. You can purchase an unlimited amount of extra storage.|
|Group Mailbox size|50 GB| The default maximum number of Microsoft 365 groups that an organization can have is 500,000. To go beyond the default limit, you must contact Microsoft Support. For more information on Microsoft 365 Groups limits, see [Microsoft 365 Groups - Admin help](https://support.microsoft.com/office/b565caa1-5c40-40ef-9915-60fdb2d97fa2).
-Managing your Microsoft 365 groups is more effective when you have actionable information about groups usage. The Microsoft 365 admin center has a reporting tool that can let you see things such as storage use, how many active groups you have and even how your users are using the groups. See: [Microsoft 365 Reports in the admin center](../activity-reports/office-365-groups.md) for more information.
+Managing your Microsoft 365 groups is more effective when you have actionable information about groups usage. The Microsoft 365 admin center has a reporting tool that lets you see storage use, how many active groups you have, and how users are using the groups. See: [Microsoft 365 Reports in the admin center](../activity-reports/office-365-groups.md) for more information.
## Sensitivity labels
-You can create sensitivity labels that the users in your organization can set when they create an Microsoft 365 group. With sensitivity labels, you can configure:
+You can create sensitivity labels that the users in your organization can set when they create a Microsoft 365 group. With sensitivity labels, you can configure:
- Privacy (public or private) - External users access - Unmanaged device access
-For example, you can create a label called *Highly Confidential* and specify that any group created with this label will be private and not allow external users. When users in your organization select this label during group creation, the group will be set to private and group members will be not be allowed to add external users to the group.
+For example, you can create a label called *Highly Confidential* and specify that any group created with this label will be private and not allow external users. When users in your organization select this label during group creation, the group will be set to private and group members will not be allowed to add external users to the group.
> [!IMPORTANT] > If you are currently using classification labels, they will no longer be available to users who create groups once sensitivity labels are enabled.
@@ -96,14 +98,14 @@ For information about creating, managing, and using sensitivity labels, see [Use
## Which Microsoft 365 plans include groups?
-Any Microsoft 365 subscription that has Exchange Online and SharePoint Online will support groups. That includes the Business Essentials and Business Premium plans, and the Enterprise E1, E3 and E5 plans. The group takes on the licensing of the person who creates the group (also known as the "organizer" of the group). As long as the organizer has the proper license for whatever features you want the group to have, that license will convey to the group.
+Any Microsoft 365 subscription that has Exchange Online and SharePoint Online will support groups. That includes the Business Essentials and Business Premium plans, and the Enterprise E1, E3, and E5 plans. The group takes on the licensing of the person who creates the group (also known as the "organizer" of the group). As long as the organizer has the proper license for whatever features you want the group to have, that license will convey to the group.
> [!NOTE] > For more details about Microsoft 365 service families and plans, see [Microsoft 365 plan options](https://docs.microsoft.com/office365/servicedescriptions/office-365-platform-service-description/office-365-plan-options). If you have an Exchange-only plan you can still get the shared inbox and shared calendar features of groups in Outlook but you won't get the document library, Planner or any of the other capabilities.
-Microsoft 365 groups work with Azure Active Directory. The groups features you get depends on which Azure Active Directory subscription you have, and what license(s) is assigned to the organizer of the group.
+Microsoft 365 groups work with Azure Active Directory. The groups features you get depends on which Azure Active Directory subscription you have, and what licenses are assigned to the organizer of the group.
> [!IMPORTANT] > For all the groups features, if you have an Azure AD Premium subscription, users can join the group whether or not they have an AAD P1 license assigned to them. Licensing isn't enforced.
admin https://docs.microsoft.com/en-us/microsoft-365/admin/dns/create-dns-records-at-cloudflare https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/dns/create-dns-records-at-cloudflare.md
@@ -164,7 +164,7 @@ When Microsoft finds the correct TXT record, your domain is verified.
|CNAME <br/> |msoid <br/> |clientconfig.microsoftonline-p.net <br/> |30 minutes <br/> |
-5. Select the **DNS Traffic** icon (orange cloud) to bypass the Cloudflare servers.
+5. Select the **DNS Traffic** icon (change orange cloud to grey) to bypass the Cloudflare servers.
6. Select **Save**.
admin https://docs.microsoft.com/en-us/microsoft-365/admin/email/about-shared-mailboxes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/about-shared-mailboxes.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - MSStore_Link - AdminSurgePortfolio
+- okr_smb
search.appverid: - BCS160 - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/email/configure-a-shared-mailbox https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/configure-a-shared-mailbox.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - MSStore_Link - AdminSurgePortfolio
+- okr_smb
search.appverid: - BCS160 - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/email/configure-email-forwarding https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/configure-email-forwarding.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - MSStore_Link - AdminSurgePortfolio
+- okr_smb
search.appverid: - BCS160 - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/email/create-a-shared-mailbox https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/create-a-shared-mailbox.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - MSStore_Link - AdminSurgePortfolio
+- okr_smb
search.appverid: - BCS160 - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/email/resolve-issues-with-shared-mailboxes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/resolve-issues-with-shared-mailboxes.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - MSStore_Link - AdminSurgePortfolio
+- okr_smb
search.appverid: - BCS160 - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/get-help-with-domains/dns-basics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/dns-basics.md
@@ -13,7 +13,9 @@ ms.collection:
- M365-subscription-management - Adm_O365 - Adm_TOC
-ms.custom: AdminSurgePortfolio
+ms.custom:
+- AdminSurgePortfolio
+- okr_smb
search.appverid: - MET150 - MOE150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/get-help-with-domains/find-and-fix-issues https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/find-and-fix-issues.md
@@ -14,7 +14,9 @@ ms.collection:
- Adm_O365 - Adm_TOC - Adm_O365_Setup
-ms.custom: AdminSurgePortfolio
+ms.custom:
+- AdminSurgePortfolio
+- okr_smb
search.appverid: - BCS160 - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/manage/customize-the-app-launcher https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/customize-the-app-launcher.md
@@ -13,7 +13,9 @@ ms.collection:
- M365-subscription-management - Adm_O365 - Adm_TOC
-ms.custom: AdminSurgePortfolio
+ms.custom:
+- AdminSurgePortfolio
+- okr_smb
search.appverid: - BCS160 - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/manage/manage-deployment-of-add-ins https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-deployment-of-add-ins.md
@@ -13,7 +13,9 @@ ms.collection:
- M365-subscription-management - Adm_O365 - Adm_NonTOC
-ms.custom: AdminSurgePortfolio
+ms.custom:
+- AdminSurgePortfolio
+- okr_smb
search.appverid: - BCS160 - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/manage/message-center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/message-center.md
@@ -13,7 +13,9 @@ ms.collection:
- M365-subscription-management - Adm_O365 - Adm_TOC
-ms.custom: AdminSurgePortfolio
+ms.custom:
+- AdminSurgePortfolio
+- okr_smb
search.appverid: - BCS160 - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/manage/set-password-expiration-policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/set-password-expiration-policy.md
@@ -13,7 +13,9 @@ ms.collection:
- M365-subscription-management - Adm_O365 - Adm_TOC
-ms.custom: AdminSurgePortfolio
+ms.custom:
+- AdminSurgePortfolio
+- okr_smb
search.appverid: - BCS160 - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/password-policy-recommendations.md
@@ -12,7 +12,9 @@ localization_priority: Priority
ms.collection: - Adm_O365 - Adm_NonTOC
-ms.custom: AdminSurgePortfolio
+ms.custom:
+- AdminSurgePortfolio
+- okr_smb
search.appverid: - BCS160 - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/productivity/productivity-score https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/productivity/productivity-score.md
@@ -83,6 +83,9 @@ Productivity Score is only available in the Microsoft 365 Admin Center and can o
- Global Reader - Reports Reader
+> [!NOTE]
+> Only an IT professional with the Global Administrator role can sign up or opt in a tenant for Productivity Score.
+ Please note that the information is only intended to be used for furthering digital transformation using Microsoft 365, and should therefore be shared with discretion. Microsoft is committed to protecting individual privacy. This [privacy document](privacy.md) explains the controls we provide you, as your organizationΓÇÖs IT administrator, to ensure that the information is actionable while not compromising the trust you place in Microsoft .
admin https://docs.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/enable-modern-authentication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/enable-modern-authentication.md
@@ -13,7 +13,9 @@ ms.collection:
- M365-subscription-management - Adm_O365 - Adm_TOC
-ms.custom: AdminSurgePortfolio
+ms.custom:
+- AdminSurgePortfolio
+- okr_smb
search.appverid: - BCS160 - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/multi-factor-authentication-microsoft-365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/multi-factor-authentication-microsoft-365.md
@@ -13,7 +13,9 @@ ms.collection:
- M365-subscription-management - Adm_O365 - Adm_TOC
-ms.custom: AdminSurgePortfolio
+ms.custom:
+- AdminSurgePortfolio
+- okr_smb
search.appverid: - BCS160 - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/secure-your-business-data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/secure-your-business-data.md
@@ -15,6 +15,7 @@ ms.collection:
ms.custom: - MSStore_Link - AdminSurgePortfolio
+- okr_smb
search.appverid: - BCS160 - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/setup/create-distribution-lists https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/create-distribution-lists.md
@@ -21,6 +21,7 @@ ms.assetid: b1ffe755-59e5-4369-826d-825f145a8400
ms.custom: - seo-marvel-may2020 - AdminSurgePortfolio
+- okr_smb
description: Learn how to create distribution groups or lists in the Microsoft 365 admin center so you can send emails to a group without having to type each recipient's name. ---
admin https://docs.microsoft.com/en-us/microsoft-365/admin/setup/create-signatures-and-disclaimers https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/create-signatures-and-disclaimers.md
@@ -18,6 +18,7 @@ ms.custom:
- OKR_SMB_Videos - seo-marvel-may2020 - AdminSurgePortfolio
+- okr_smb
search.appverid: - BCS160 - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/setup/customize-sign-in-page https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/customize-sign-in-page.md
@@ -13,7 +13,9 @@ ms.collection:
- M365-subscription-management - Adm_O365 - Adm_TOC
-ms.custom: AdminSurgePortfolio
+ms.custom:
+- AdminSurgePortfolio
+- okr_smb
search.appverid: - BCS160 - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/setup/customize-your-organization-theme https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/customize-your-organization-theme.md
@@ -13,7 +13,9 @@ ms.collection:
- M365-subscription-management - Adm_O365 - Adm_TOC
-ms.custom: AdminSurgePortfolio
+ms.custom:
+- AdminSurgePortfolio
+- okr_smb
search.appverid: - BCS160 - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/setup/install-applications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/install-applications.md
@@ -20,6 +20,7 @@ ms.assetid: d0653266-31db-4f6a-a804-d34b667c16bf
ms.custom: - seo-marvel-may2020 - AdminSurgePortfolio
+- okr_smb
description: Now that you've set up Microsoft 365, learn how to install individual Office applications on your Mac, PC, or mobile devices and set up email in Outlook. ---
admin https://docs.microsoft.com/en-us/microsoft-365/admin/setup/plan-your-setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/plan-your-setup.md
@@ -14,7 +14,9 @@ ms.collection:
- Adm_O365 - Adm_TOC - Adm_O365_Setup
-ms.custom: AdminSurgePortfolio
+ms.custom:
+- AdminSurgePortfolio
+- okr_smb
search.appverid: - MET150 - MOE150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/act-on-report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/act-on-report.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/add-admin https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/add-admin.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/add-domain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/add-domain.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/add-user https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/add-user.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/admin-center-overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/admin-center-overview.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/admin-mobile https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/admin-mobile.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/anti-malware https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/anti-malware.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/business-voice https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/business-voice.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/buy-business-voice https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/buy-business-voice.md
@@ -17,6 +17,7 @@ monikerRange: 'o365-worldwide'
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/buy-licenses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/buy-licenses.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/change-subscription https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/change-subscription.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/change-user-name-email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/change-user-name-email.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/choose-subscription https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/choose-subscription.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/collab-outlook-teams https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/collab-outlook-teams.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/company-wide-signature https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/company-wide-signature.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/connect https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/connect.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/create-sensitivity-labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/create-sensitivity-labels.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/create-web-site https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/create-web-site.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/delete-user https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/delete-user.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/employee-quick-setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/employee-quick-setup.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/files-to-onedrive https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/files-to-onedrive.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/files-to-sharepoint https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/files-to-sharepoint.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/find-help-answers https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/find-help-answers.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/get-help-support https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/get-help-support.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/group-email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/group-email.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/import-email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/import-email.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/install-apps-android https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/install-apps-android.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/install-apps-ios https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/install-apps-ios.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/install-office https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/install-office.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/join-guest-meeting https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/join-guest-meeting.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/join-team-guest https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/join-team-guest.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/moveto-microsoft-365/add-google-domain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/moveto-microsoft-365/add-google-domain.md
@@ -15,6 +15,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/moveto-microsoft-365/cancel-google https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/moveto-microsoft-365/cancel-google.md
@@ -15,6 +15,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/moveto-microsoft-365/connect-domain-tom365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/moveto-microsoft-365/connect-domain-tom365.md
@@ -15,6 +15,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/moveto-microsoft-365/migrate-email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/moveto-microsoft-365/migrate-email.md
@@ -15,6 +15,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/moveto-microsoft-365/move-from-google-workspace-overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/moveto-microsoft-365/move-from-google-workspace-overview.md
@@ -15,6 +15,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/moveto-microsoft-365/mover-migrate-files https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/moveto-microsoft-365/mover-migrate-files.md
@@ -15,6 +15,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/moveto-microsoft-365/set-up-microsoft-365-forgoogle https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/moveto-microsoft-365/set-up-microsoft-365-forgoogle.md
@@ -15,6 +15,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/org-wide-team https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/org-wide-team.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/overview-bookings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/overview-bookings.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/overview-file-sharing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/overview-file-sharing.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/overview-m365-security https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/overview-m365-security.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/overview-online-meetings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/overview-online-meetings.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/plan-event https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/plan-event.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/prevent-ransom-in-email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/prevent-ransom-in-email.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/reset-user-passwords https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/reset-user-passwords.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/safe-attachments https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/safe-attachments.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/safe-links https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/safe-links.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/schedule-guest-meeting https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/schedule-guest-meeting.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/secure-office-on-ios https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/secure-office-on-ios.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/secure-win-10-pro-devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/secure-win-10-pro-devices.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/secure-win10-pcs https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/secure-win10-pcs.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/securely-share-files-externally https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/securely-share-files-externally.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/set-up-dlp https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/set-up-dlp.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/set-up-mfa https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/set-up-mfa.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/set-up-self-serve-password-reset https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/set-up-self-serve-password-reset.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/set-up https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/set-up.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/setup-anti-phishing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/setup-anti-phishing.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/setup-outlook https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/setup-outlook.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/setup-overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/setup-overview.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/share-files-externally https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/share-files-externally.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/shared-calendar https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/shared-calendar.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/sign-up https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/sign-up.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/start-and-pin-chats https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/start-and-pin-chats.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/stop-email-auto-forward https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/stop-email-auto-forward.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/store-files https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/store-files.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/team-with-guests https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/team-with-guests.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/turn-on-mfa https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/turn-on-mfa.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/update-payment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/update-payment.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/upgrade https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/upgrade.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/view-bill https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/view-bill.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/what-is-admin https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/what-is-admin.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/what-is-microsoft-365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/what-is-microsoft-365.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - MET150 description: "Learn about Microsoft 365 Business Premium features."
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/work-from-anywhere https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/work-from-anywhere.md
@@ -16,6 +16,7 @@ ms.collection:
ms.custom: - AdminSurgePortfolio - adminvideo
+- okr_smb
search.appverid: - BCS160 - MET150
business https://docs.microsoft.com/en-us/microsoft-365/business/set-up-mobile-devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business/set-up-mobile-devices.md
@@ -20,6 +20,7 @@ ms.custom:
- TRN_M365B - OKR_SMB_Videos - AdminSurgePortfolio
+- okr_smb
search.appverid: - BCS160 - MET150
business https://docs.microsoft.com/en-us/microsoft-365/business/set-up-windows-devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business/set-up-windows-devices.md
@@ -21,6 +21,7 @@ ms.custom:
- OKR_SMB_Videos - seo-marvel-mar - AdminSurgePortfolio
+- okr_smb
search.appverid: - BCS160 - MET150
commerce https://docs.microsoft.com/en-us/microsoft-365/commerce/billing-and-payments/understand-your-invoice https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/understand-your-invoice.md
@@ -13,7 +13,9 @@ ms.service: o365-administration
localization_priority: Normal ms.collection: - commerce
-ms.custom: AdminSurgePortfolio
+ms.custom:
+- AdminSurgePortfolio
+- okr_smb
search.appverid: - MET150 description: "Learn how to read and understand your bill or invoice for Microsoft business products."
commerce https://docs.microsoft.com/en-us/microsoft-365/commerce/billing-and-payments/view-your-bill-or-invoice https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/view-your-bill-or-invoice.md
@@ -18,7 +18,7 @@ ms.collection:
- commerce ms.custom: - TopSMBIssues-- okr_SMB
+- okr_smb
- BCS160 - MET150 - MOE150
commerce https://docs.microsoft.com/en-us/microsoft-365/commerce/licenses/subscriptions-and-licenses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/licenses/subscriptions-and-licenses.md
@@ -14,7 +14,7 @@ ms.collection:
- Adm_TOC - commerce ms.custom: -- okr_SMB
+- okr_smb
- AdminSurgePortfolio - manage_licenses search.appverid:
commerce https://docs.microsoft.com/en-us/microsoft-365/commerce/product-key-errors-and-solutions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/product-key-errors-and-solutions.md
@@ -23,7 +23,7 @@ ms.assetid: 88d337ab-e7b1-43eb-a25e-7d6204e91099
ROBOTS: NOINDEX description: "Learn how to resolve the issues that you face when you enter your product key for Microsoft 365 for business. " ms.custom: -- okr_SMB
+- okr_smb
- AdminSurgePortfolio ---
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/apply-sensitivity-label-automatically.md
@@ -205,7 +205,7 @@ Make sure you're aware of the prerequisites before you configure auto-labeling p
- You have [enabled sensitivity labels for Office files in SharePoint and OneDrive](sensitivity-labels-sharepoint-onedrive-files.md). - At the time the auto-labeling policy runs, the file mustn't be open by another process or user. A file that's checked out for editing falls into this category. -- If you plan to use [custom sensitive information types](custom-sensitive-info-types.md) rather than the built-in sensitivity types:
+- If you plan to use [custom sensitive information types](sensitive-information-type-learn-about.md) rather than the built-in sensitivity types:
- Custom sensitivity information types are evaluated for content that is added to SharePoint or OneDrive after the custom sensitivity information types are saved. - To test new custom sensitive information types, create them before you create your auto-labeling policy, and then create new documents with sample data for testing.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/communication-compliance-feature-reference https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-feature-reference.md
@@ -196,7 +196,7 @@ The following table explains more about each condition.
|**Condition**|**How to use this condition**| |:-----|:-----| | **Content matches any of these classifiers** | Apply to the policy when any classifiers are included or excluded in a message. Some classifiers are pre-defined in your tenant, and custom classifiers must be configured separately before they're available for this condition. Only one classifier can be defined as a condition in a policy. For more information about configuring classifiers, see [Learn about trainable classifiers (preview)](classifier-learn-about.md). |
-| **Content contains any of these sensitive info types** | Apply to the policy when any sensitive information types are included or excluded in a message. Some classifiers are pre-defined in your tenant, and custom classifiers can be configured separately or as part of the condition assignment process. Each sensitive information type you choose is applied separately and only one of these sensitive information types must apply for the policy to apply to the message. For more information about custom sensitive information types, see [Custom sensitive information types](custom-sensitive-info-types.md). |
+| **Content contains any of these sensitive info types** | Apply to the policy when any sensitive information types are included or excluded in a message. Some classifiers are pre-defined in your tenant, and custom classifiers can be configured separately or as part of the condition assignment process. Each sensitive information type you choose is applied separately and only one of these sensitive information types must apply for the policy to apply to the message. For more information about custom sensitive information types, see [Learn about sensitive information types](sensitive-information-type-learn-about.md). |
| **Message is received from any of these domains** <br><br> **Message is not received from any of these domains** | Apply the policy to include or exclude specific domains or email addresses in received messages. Enter each domain or email address and separate multiple domains or email addresses with a comma. Each domain or email address entered is applied separately, only one domain or email address must apply for the policy to apply to the message. <br><br> If you want to scan all email from a specific domain, but want to exclude messages that don't need review (newsletters, announcements, and so on), you must configure a **Message is not received from any of these domains** condition that excludes the email address (example "newsletter@contoso.com"). | | **Message is sent to any of these domains** <br><br> **Message is not sent to any of these domains** | Apply the policy to include or exclude specific domains or email addresses in sent messages. Enter each domain or email address and separate multiple domains or email addresses with a comma. Each domain or email address is applied separately, only one domain or email address must apply for the policy to apply to the message. <br><br> If you want to scan all email sent to a specific domain, but want to exclude sent messages that don't need review, you must configure two conditions: <br> - A **Message is sent to any of these domains** condition that defines the domain ("contoso.com"), AND <br> - A **Message is not sent to any of these domains** condition that excludes the email address ("subscriptions@contoso.com"). | | **Message is classified with any of these labels** <br><br> **Message is not classified with any of these labels** | To apply the policy when certain retention labels are included or excluded in a message. Retention labels must be configured separately and configured labels are chosen as part of this condition. Each label you choose is applied separately (only one of these labels must apply for the policy to apply to the message). For more information about retention labels, see [Learn about retention policies and retention labels](retention.md).|
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-quick-tasks https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-quick-tasks.md
@@ -137,7 +137,7 @@ To get started with records management, see [Get started with records management
### Identify and define sensitive information types
-Define sensitive information types based on the pattern contained in information in your organizationΓÇÖs data. Use [built-in sensitive information types](what-the-sensitive-information-types-look-for.md) help identify and protect credit card numbers, bank account numbers, passport numbers, and more. Or create your own [custom sensitivity information types](custom-sensitive-info-types.md) specific to your organization.
+Define sensitive information types based on the pattern contained in information in your organizationΓÇÖs data. Use [built-in sensitive information types](what-the-sensitive-information-types-look-for.md) help identify and protect credit card numbers, bank account numbers, passport numbers, and more. Or create your own [custom sensitivity information types](create-a-custom-sensitive-information-type.md) specific to your organization.
For step-by-step guidance to define custom sensitive information types, see [Create a custom sensitive information type in the Security & Compliance Center](https://docs.microsoft.com/microsoft-365/compliance/create-a-custom-sensitive-information-type).
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/create-a-custom-sensitive-information-type-in-scc-powershell https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-custom-sensitive-information-type-in-scc-powershell.md
@@ -1,5 +1,5 @@
---
-title: "Create a custom sensitive information type in Security & Compliance Center PowerShell"
+title: "Create a custom sensitive information type using PowerShell"
f1.keywords: - NOCSH ms.author: chrfox
@@ -14,24 +14,20 @@ ms.collection:
search.appverid: - MOE150 - MET150
-description: "Learn how to create and import a custom sensitive information type for DLP in the Security & Compliance Center."
+description: "Learn how to create and import a custom sensitive information type for policies in the Compliance center."
---
-# Create a custom sensitive information type in Security & Compliance Center PowerShell
+# Create a custom sensitive information type using PowerShell
-Data loss prevention (DLP) in Microsoft 365 includes many built-in [Sensitive information type entity definitions](sensitive-information-type-entity-definitions.md) that are ready for you to use in your DLP policies. These built-in types can help identify and protect credit card numbers, bank account numbers, passport numbers, and more.
-
-But what if you need to identify and protect a different type of sensitive information (for example, an employee ID that uses a format specific to your organization)? To do this, you can create a custom sensitive information type that is defined in an XML file called a *rule package*.
-
-This topic shows you how to create an XML file that defines your own custom sensitive information type. You need to know how to create a regular expression. As an example, this topic creates a custom sensitive information type that identifies an employee ID. You can use this example XML as a starting point for your own XML file.
-
-After you've created a well-formed XML file, you can upload it to Microsoft 365 by using Microsoft 365 PowerShell. Then you're ready to use your custom sensitive information type in your DLP policies and test that it's detecting the sensitive information as you intended.
+This topic shows you how to use PowerShell to create an XML *rule package* file that defines your own custom [sensitive information types](sensitive-information-type-entity-definitions.md). You need to know how to create a regular expression. As an example, this topic creates a custom sensitive information type that identifies an employee ID. You can use this example XML as a starting point for your own XML file. If you are new to sensitive information types, see [Learn about sensitive information types](sensitive-information-type-learn-about.md).
+
+After you've created a well-formed XML file, you can upload it to Microsoft 365 by using Microsoft 365 PowerShell. Then you're ready to use your custom sensitive information type in your policies and test that it's detecting the sensitive information as you intended.
> [!NOTE]
-> You can also create less complex custom sensitive information types in the Security & Compliance Center UI. For more information, see [Create a custom sensitive information type](create-a-custom-sensitive-information-type.md).
+> If you don't need the fine grained control that PowerShell provides, you can create custom sensitive information types in the Compliance center. For more information, see [Create a custom sensitive information type](create-a-custom-sensitive-information-type.md).
## Important disclaimer
-<!-- this is worded much better than the previous one is -->
+ Due to the variances in customer environments and content match requirements, Microsoft Support cannot assist in providing custom content-matching definitions; e.g., defining custom classifications or regular expression (also known as RegEx) patterns. For custom content-matching development, testing, and debugging, Microsoft 365 customers will need to rely upon internal IT resources, or use an external consulting resource such as Microsoft Consulting Services (MCS). Support engineers can provide limited support for the feature, but cannot provide assurances that any custom content-matching development will fulfill the customer's requirements or obligations. As an example of the type of support that can be provided, sample regular expression patterns may be provided for testing purposes. Or, support can assist with troubleshooting an existing RegEx pattern which is not triggering as expected with a single specific content example. See [Potential validation issues to be aware of](#potential-validation-issues-to-be-aware-of) in this topic.
@@ -127,13 +123,13 @@ Here's the sample XML of the rule package that we'll create in this topic. Eleme
Before you get started, it's helpful to understand the basic structure of the XML schema for a rule, and how you can use this structure to define your custom sensitive information type so that it will identify the right content.
-A rule defines one or more entities (sensitive information types), and each entity defines one or more patterns. A pattern is what DLP looks for when it evaluates content such as email and documents.
- <!-- ok then this is going to be really confusing since the terminology changes.... -->
-(A quick note on terminology - if you're familiar with DLP policies, you know that a policy contains one or more rules comprised of conditions and actions. However, in this topic, the XML markup uses rule to mean the patterns that define an entity, also known as a sensitive information type. So in this topic, when you see rule, think entity or sensitive information type, not conditions and actions.)
+A rule defines one or more entities (sensitive information types), and each entity defines one or more patterns. A pattern is what a policy looks for when it evaluates content such as email and documents.
+
+In this topic, the XML markup uses rule to mean the patterns that define an entity, also known as a sensitive information type. So in this topic, when you see rule, think entity or sensitive information type, not conditions and actions.
### Simplest scenario: entity with one pattern
-Here's the simplest scenario. You want your DLP policy to identify content that contains your organization's employee ID, which is formatted as a nine-digit number. So the pattern refers to a regular expression contained in the rule that identifies nine-digit numbers. Any content containing a nine-digit number satisfies the pattern.
+Here's the simplest scenario. You want your policy to identify content that contains your organization's employee ID, which is formatted as a nine-digit number. So the pattern refers to a regular expression contained in the rule that identifies nine-digit numbers. Any content containing a nine-digit number satisfies the pattern.
![Diagram of entity with one pattern](../media/4cc82dcf-068f-43ff-99b2-bac3892e9819.png)
@@ -149,7 +145,7 @@ For example, to increase the likelihood of identifying content that contains an
Note a couple of important aspects of this structure: -- Patterns that require more evidence have a higher confidence level. This is useful because when you later use this sensitive information type in a DLP policy, you can use more restrictive actions (such as block content) with only the higher-confidence matches, and you can use less restrictive actions (such as send notification) with the lower-confidence matches.
+- Patterns that require more evidence have a higher confidence level. This is useful because when you later use this sensitive information type in a policy, you can use more restrictive actions (such as block content) with only the higher-confidence matches, and you can use less restrictive actions (such as send notification) with the lower-confidence matches.
- The supporting IdMatch and Match elements reference regexes and keywords that are actually children of the Rule element, not the Pattern. These supporting elements are referenced by the Pattern but included in the Rule. This means that a single definition of a supporting element, like a regular expression or a keyword list, can be referenced by multiple entities and patterns.
@@ -158,10 +154,10 @@ Note a couple of important aspects of this structure:
An entity is a sensitive information type, such as a credit card number, that has a well-defined pattern. Each entity has a unique GUID as its ID. ### Name the entity and generate its GUID
-<!-- why isn't the following in procedure format? -->
-Add the Rules and Entity elements. Then add a comment that contains the name of your custom entity - in this example, Employee ID. Later, you'll add the entity name to the localized strings section, and that name is what appears in the UI when you create a DLP policy.
-
-Next, generate a GUID for your entity. There are several ways to generate GUIDs, but you can do it easily in PowerShell by typing **[guid]::NewGuid()**. Later, you'll also add the entity GUID to the localized strings section.
+
+1. In your XML editor of choice, add the Rules and Entity elements.
+2. Add a comment that contains the name of your custom entity - in this example, Employee ID. Later, you'll add the entity name to the localized strings section, and that name is what appears in the UI when you create a policy.
+3. Generate a GUID for your entity. There are several ways to generate GUIDs, but you can do it easily in PowerShell by typing **[guid]::NewGuid()**. Later, you'll also add the entity GUID to the localized strings section.
![XML markup showing Rules and Entity elements](../media/c46c0209-0947-44e0-ac3a-8fd5209a81aa.png)
@@ -173,7 +169,7 @@ What all of the below patterns have in common is that they all reference the sam
![XML markup showing multiple Pattern elements referencing single Regex element](../media/8f3f497b-3b8b-4bad-9c6a-d9abf0520854.png)
-When satisfied, a pattern returns a count and confidence level, which you can use in the conditions in your DLP policy. When you add a condition for detecting a sensitive information type to a DLP policy, you can edit the count and confidence level as shown here. Confidence level (also called match accuracy) is explained later in this topic.
+When satisfied, a pattern returns a count and confidence level, which you can use in the conditions in your policy. When you add a condition for detecting a sensitive information type to a policy, you can edit the count and confidence level as shown here. Confidence level (also called match accuracy) is explained later in this topic.
![Instance count and match accuracy options](../media/11d0b51e-7c3f-4cc6-96d8-b29bcdae1aeb.png)
@@ -209,7 +205,7 @@ In this example, the employee ID entity already uses the IdMatch element to refe
### Additional patterns such as dates or addresses [built-in functions]
-In addition to the built-in sensitive information types, DLP also includes built-in functions that can identify corroborative evidence such as a US date, EU date, expiration date, or US address. DLP does not support uploading your own custom functions, but when you create a custom sensitive information type, your entity can reference the built-in functions.
+In addition to the built-in sensitive information types, sensitive information types can also use built-in functions that can identify corroborative evidence such as a US date, EU date, expiration date, or US address. Microsoft 365 does not support uploading your own custom functions, but when you create a custom sensitive information type, your entity can reference the built-in functions.
For example, an employee ID badge has a hire date on it, so this custom entity can use the built-in function `Func_us_date` to identify a date in the format commonly used in the US.
@@ -293,15 +289,15 @@ Note that for email, the message body and each attachment are treated as separat
The more evidence that a pattern requires, the more confidence you have that an actual entity (such as employee ID) has been identified when the pattern is matched. For example, you have more confidence in a pattern that requires a nine-digit ID number, hire date, and keyword in close proximity, than you do in a pattern that requires only a nine-digit ID number.
-The Pattern element has a required confidenceLevel attribute. You can think of the value of confidenceLevel (an integer between 1 and 100) as a unique ID for each pattern in an entity - the patterns in an entity must have different confidence levels that you assign. The precise value of the integer doesn't matter - simply pick numbers that make sense to your compliance team. After you upload your custom sensitive information type and then create a DLP policy, you can reference these confidence levels in the conditions of the rules that you create.
+The Pattern element has a required confidenceLevel attribute. You can think of the value of confidenceLevel (an integer between 1 and 100) as a unique ID for each pattern in an entity - the patterns in an entity must have different confidence levels that you assign. The precise value of the integer doesn't matter - simply pick numbers that make sense to your compliance team. After you upload your custom sensitive information type and then create a policy, you can reference these confidence levels in the conditions of the rules that you create.
![XML markup showing Pattern elements with different values for confidenceLevel attribute](../media/301e0ba1-2deb-4add-977b-f6e9e18fba8b.png)
-In addition to confidenceLevel for each Pattern, the Entity has a recommendedConfidence attribute. The recommended confidence attribute can be thought of as the default confidence level for the rule. When you create a rule in a DLP policy, if you don't specify a confidence level for the rule to use, that rule will match based on the recommended confidence level for the entity. Please note that the recommendedConfidence attribute is mandatory for each Entity ID in the Rule Package, if missing you won't be able to save policies that use the Sensitive Information Type.
+In addition to confidenceLevel for each Pattern, the Entity has a recommendedConfidence attribute. The recommended confidence attribute can be thought of as the default confidence level for the rule. When you create a rule in a policy, if you don't specify a confidence level for the rule to use, that rule will match based on the recommended confidence level for the entity. Please note that the recommendedConfidence attribute is mandatory for each Entity ID in the Rule Package, if missing you won't be able to save policies that use the Sensitive Information Type.
-## Do you want to support other languages in the UI of the Security &amp; Compliance Center? [LocalizedStrings element]
+## Do you want to support other languages in the UI of the Compliance center? [LocalizedStrings element]
-If your compliance team uses the Microsoft 365 Security &amp; Compliance Center to create DLP policies in different locales and in different languages, you can provide localized versions of the name and description of your custom sensitive information type. When your compliance team uses Microsoft 365 in a language that you support, they'll see the localized name in the UI.
+If your compliance team uses the Microsoft 365 Compliance center to create polices policies in different locales and in different languages, you can provide localized versions of the name and description of your custom sensitive information type. When your compliance team uses Microsoft 365 in a language that you support, they'll see the localized name in the UI.
![Instance count and match accuracy options](../media/11d0b51e-7c3f-4cc6-96d8-b29bcdae1aeb.png)
@@ -309,7 +305,7 @@ The Rules element must contain a LocalizedStrings element, which contains a Reso
![XML markup showing contents of LocalizedStrings element](../media/a96fc34a-b93d-498f-8b92-285b16a7bbe6.png)
-Note that you use localized strings only for how your custom sensitive information type appears in the UI of the Security &amp; Compliance Center. You can't use localized strings to provide different localized versions of a keyword list or regular expression.
+Note that you use localized strings only for how your custom sensitive information type appears in the UI of the Compliance center. You can't use localized strings to provide different localized versions of a keyword list or regular expression.
## Other rule package markup [RulePack GUID]
@@ -347,9 +343,9 @@ When complete, your RulePack element should look like this.
## Changes for Exchange Online
-Previously, you might have used Exchange Online PowerShell to import your custom sensitive information types for DLP. Now your custom sensitive information types can be used in both the Exchange admin center and the Security &amp; Compliance Center. As part of this improvement, you should use Security &amp; Compliance Center PowerShell to import your custom sensitive information types - you can't import them from the Exchange PowerShell anymore. Your custom sensitive information types will continue to work just like before; however, it may take up to one hour for changes made to custom sensitive information types in the Security &amp; Compliance Center to appear in the Exchange admin center.
+Previously, you might have used Exchange Online PowerShell to import your custom sensitive information types for DLP. Now your custom sensitive information types can be used in both the Exchange admin center and the Compliance center. As part of this improvement, you should use Compliance center PowerShell to import your custom sensitive information types - you can't import them from the Exchange PowerShell anymore. Your custom sensitive information types will continue to work just like before; however, it may take up to one hour for changes made to custom sensitive information types in the Compliance center to appear in the Exchange admin center.
-Note that in the Security &amp; Compliance Center, you use the **[New-DlpSensitiveInformationTypeRulePackage](https://docs.microsoft.com/powershell/module/exchange/new-dlpsensitiveinformationtyperulepackage)** cmdlet to upload a rule package. (Previously, in the Exchange admin center, you used the **ClassificationRuleCollection**` cmdlet.)
+Note that in the Compliance center, you use the **[New-DlpSensitiveInformationTypeRulePackage](https://docs.microsoft.com/powershell/module/exchange/new-dlpsensitiveinformationtyperulepackage)** cmdlet to upload a rule package. (Previously, in the Exchange admin center, you used the **ClassificationRuleCollection**` cmdlet.)
## Upload your rule package
@@ -359,7 +355,7 @@ To upload your rule package, do the following steps:
1. Save it as an .xml file with Unicode encoding.
-2. [Connect to Security & Compliance Center PowerShell](https://go.microsoft.com/fwlink/p/?LinkID=799771)
+2. [Connect to Compliance center PowerShell](https://go.microsoft.com/fwlink/p/?LinkID=799771)
3. Use the following syntax:
@@ -438,7 +434,7 @@ If a custom sensitive information type contains an issue that may affect perform
## Recrawl your content to identify the sensitive information
-DLP uses the search crawler to identify and classify sensitive information in site content. Content in SharePoint Online and OneDrive for Business sites is recrawled automatically whenever it's updated. But to identify your new custom type of sensitive information in all existing content, that content must be recrawled.
+Microsoft 365 uses the search crawler to identify and classify sensitive information in site content. Content in SharePoint Online and OneDrive for Business sites is recrawled automatically whenever it's updated. But to identify your new custom type of sensitive information in all existing content, that content must be recrawled.
In Microsoft 365, you can't manually request a recrawl of an entire tenant, but you can do this for a site collection, list, or library - see [Manually request crawling and re-indexing of a site, a library or a list](https://docs.microsoft.com/sharepoint/crawl-site-content).
@@ -447,13 +443,13 @@ In Microsoft 365, you can't manually request a recrawl of an entire tenant, but
> [!NOTE] > Before your remove a custom sensitive information type, verify that no DLP policies or Exchange mail flow rules (also known as transport rules) still reference the sensitive information type.
-In Security & Compliance Center PowerShell, there are two methods to remove custom sensitive information types:
+In Compliance center PowerShell, there are two methods to remove custom sensitive information types:
- **Remove individual custom sensitive information types**: Use the method documented in [Modify a custom sensitive information type](#modify-a-custom-sensitive-information-type). You export the custom rule package that contains the custom sensitive information type, remove the sensitive information type from the XML file, and import the updated XML file back into the existing custom rule package. - **Remove a custom rule package and all custom sensitive information types that it contains**: This method is documented in this section.
-1. [Connect to Security & Compliance Center PowerShell](https://go.microsoft.com/fwlink/p/?LinkID=799771)
+1. [Connect to Compliance center PowerShell](https://go.microsoft.com/fwlink/p/?LinkID=799771)
2. To remove a custom rule package, use the [Remove-DlpSensitiveInformationTypeRulePackage](https://docs.microsoft.com/powershell/module/exchange/remove-dlpsensitiveinformationtyperulepackage) cmdlet:
@@ -495,7 +491,7 @@ In Security & Compliance Center PowerShell, there are two methods to remove cust
## Modify a custom sensitive information type
-In Security & Compliance Center PowerShell, modifying a custom sensitive information type requires you to:
+In Compliance center PowerShell, modifying a custom sensitive information type requires you to:
1. Export the existing rule package that contains the custom sensitive information type to an XML file (or use the existing XML file if you have it).
@@ -503,7 +499,7 @@ In Security & Compliance Center PowerShell, modifying a custom sensitive informa
3. Import the updated XML file back into the existing rule package.
-To connect to Security & Compliance Center PowerShell, see [Connect to Security & Compliance Center PowerShell](https://go.microsoft.com/fwlink/p/?LinkID=799771).
+To connect to Compliance Center PowerShell, see [Connect to Compliance Center PowerShell](https://go.microsoft.com/fwlink/p/?LinkID=799771).
### Step 1: Export the existing rule package to an XML file
@@ -517,7 +513,7 @@ To connect to Security & Compliance Center PowerShell, see [Connect to Security
``` > [!NOTE]
- > The built-in rule package that contains the built-in sensitive information types is named Microsoft Rule Package. The rule package that contains the custom sensitive information types that you created in the Security & Compliance Center UI is named Microsoft.SCCManaged.CustomRulePack.
+ > The built-in rule package that contains the built-in sensitive information types is named Microsoft Rule Package. The rule package that contains the custom sensitive information types that you created in the Compliance center UI is named Microsoft.SCCManaged.CustomRulePack.
2. Use the [Get-DlpSensitiveInformationTypeRulePackage](https://docs.microsoft.com/powershell/module/exchange/get-dlpsensitiveinformationtyperulepackage) cmdlet to store the custom rule package to a variable:
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/create-a-custom-sensitive-information-type https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-custom-sensitive-information-type.md
@@ -1,5 +1,5 @@
---
-title: "Create a custom sensitive information type in the Security & Compliance Center"
+title: "Get started with custom sensitive information types"
f1.keywords: - NOCSH ms.author: chrfox
@@ -18,167 +18,110 @@ search.appverid:
description: "Learn how to create, modify, remove, and test custom sensitive information types for DLP in the graphical user interface in Security & Compliance Center." ms.custom: seo-marvel-apr2020 ---
-<!-- rename md file to match the display name -->
-# Create a custom sensitive information type in the Security & Compliance Center
+# Get started with custom sensitive information types
-Read this article to create a custom sensitive information type in the Security & Compliance Center ([https://protection.office.com](https://protection.office.com)). The custom sensitive information types that you create by using this method are added to the rule package named `Microsoft.SCCManaged.CustomRulePack`.
+If the pre-configured sensitive information types don't meet your needs, you can create your own custom sensitive information types that you fully define or you can copy one of the pre-configured ones and modify it.
-You can also create custom sensitive information types by using PowerShell and Exact Data Match capabilities. To learn more about those methods, see:
-- [Create a custom sensitive information type in Security & Compliance Center PowerShell](create-a-custom-sensitive-information-type-in-scc-powershell.md)-- [Create a custom sensitive information type for DLP with Exact Data Match (EDM)](create-custom-sensitive-information-types-with-exact-data-match-based-classification.md)-
-> [!NOTE]
-> Microsoft 365 Information Protection now supports in preview double byte character set languages for:
-> - Chinese (simplified)
-> - Chinese (traditional)
-> - Korean
-> - Japanese
->
->This support is available for sensitive information types. See, [Information protection support for double byte character sets release notes (preview)](mip-dbcs-relnotes.md) for more information.
-
-## Before you begin
-
-> [!NOTE]
-> You should have Global admin or Compliance admin permissions to create, test, and deploy a custom sensitive information type through the UI. See [About admin roles](https://docs.microsoft.com/office365/admin/add-users/about-admin-roles?view=o365-worldwide) in Office 365.
--- Your organization must have a subscription, such as Office 365 Enterprise, that includes Data Loss Prevention (DLP). See [Messaging Policy and Compliance ServiceDescription](https://docs.microsoft.com/office365/servicedescriptions/exchange-online-protection-service-description/messaging-policy-and-compliance-servicedesc). --- Custom sensitive information types require familiarity with regular expressions (RegEx). For more information about the Boost.RegEx (formerly known as RegEx++) engine that's used for processing the text, see [Boost.Regex 5.1.3](https://www.boost.org/doc/libs/1_68_0/libs/regex/doc/html/).-
- Microsoft Customer Service & Support can't assist with creating custom classifications or regular expression patterns. Support engineers can provide limited support for the feature, such as, providing sample regular expression patterns for testing purposes, or assisting with troubleshooting an existing regular expression pattern that's not triggering as expected, but can't provide assurances that any custom content-matching development will fulfill your requirements or obligations.
+The custom sensitive information types that you create by using this method are added to the rule package named `Microsoft.SCCManaged.CustomRulePack`.
-- DLP uses the search crawler to identify and classify sensitive information in SharePoint Online and OneDrive for Business sites. To identify your new custom sensitive information type in existing content, the content must be re-crawled. Content is crawled based on a schedule, but you can manually re-crawl content for a site collection, list, or library. For more information, see [Manually request crawling and re-indexing of a site, a library or a list](https://docs.microsoft.com/sharepoint/crawl-site-content).
+There are two ways to create a new sensitive information type:
-## Create custom sensitive information types in the Security & Compliance Center
+- [from scratch where you fully define all elements](#create-a-custom-sensitive-information-type)
+- [copy and modify an existing sensitive information type](#copy-and-modify-a-sensitive-information-type)
-In the Security & Compliance Center, go to **Classifications** \> **Sensitive info types** and click **Create**.
-The settings are fairly self-evident, and are explained on the associate page of the wizard:
--- **Name**--- **Description**--- **Proximity**--- **Confidence level**--- **Primary pattern element** (keywords, regular expression, or dictionary)--- Optional **Supporting pattern elements** (keywords, regular expression, or dictionary) and a corresponding **Minimum cost** value.-
-Here's a scenario: You want a custom sensitive information type that detects 9-digit employee numbers in content, along with the keywords "employee" "ID" and "badge". To create this custom sensitive information type, do the following steps:
-
-1. In the Security & Compliance Center, go to **Classifications** \> **Sensitive info types** and click **Create**.
-
- ![Location of Sensitive info types and Create button](../media/scc-cust-sens-info-type-new.png)
-
-2. In the **Choose a name and description** page that opens, enter the following values:
-
- - **Name**: Employee ID.
-
- - **Description**: Detect nine-digit Contoso employee ID numbers.
-
- ![Name and description page](../media/scc-cust-sens-info-type-new-name-desc.png)
-
- When you're finished, click **Next**.
-
-3. In the **Requirements for matching** page that opens, click **Add an element** configure the following settings:
+## Before you begin
- - **Detect content containing**:
+- You should be familiar with sensitive information types and what they are composed of. See, [Learn about sensitive information types](sensitive-information-type-learn-about.md). It is critical to understand the roles of:
+ - [regular expressions](https://www.boost.org/doc/libs/1_68_0/libs/regex/doc/html/) - Microsoft 365 sensitive information types uses the Boost.RegEx 5.1.3 engine
+ - keyword lists - you can create your own as you define your sensitive information type or choose from existing keyword lists
+ - [keyword dictionary](create-a-keyword-dictionary.md)
+ - [functions](what-the-dlp-functions-look-for.md)
+ - [confidence levels](sensitive-information-type-learn-about.md#more-on-confidence-levels)
- a. Click **Any of these** and select **Regular expression**.
-
- b. In the regular expression box, enter `(\s)(\d{9})(\s)` (nine-digit numbers surrounded by white space).
-
- - **Supporting elements**: Click **Add supporting elements** and select **Contains this keyword list**.
+- You must have Global admin or Compliance admin permissions to create, test, and deploy a custom sensitive information type through the UI. See [About admin roles](https://docs.microsoft.com/office365/admin/add-users/about-admin-roles?view=o365-worldwide) in Office 365.
- - In the **Contains this keyword list** area that appears, configure the following settings:
-
- - **Keyword list**: Enter the following value: employee,ID,badge.
-
- - **Minimum count**: Leave the default value 1.
-
- - Leave the default **Confidence level** value 60.
-
- - Leave the default **Character proximity** value 300.
-
- ![Requirements for matching page](../media/scc-cust-sens-info-type-new-reqs.png)
-
- When you're finished, click **Next**.
-
-4. On the **Review and finalize** page that opens, review the settings and click **Finish**.
-
- ![Review and finalize page](../media/scc-cust-sens-info-type-new-review.png)
-
-5. The next page encourages you to test the new custom sensitive information type by clicking **Yes**. For more information, see [Test custom sensitive information types in the Security & Compliance Center](#test-custom-sensitive-information-types-in-the-security--compliance-center). To test the rule later, click **No**.
-
- ![Test recommendation page](../media/scc-cust-sens-info-type-new-test.png)
-
-### How do you know this worked?
-
-To verify that you've successfully created a new sensitive information type, do any of the following steps:
-
- - Go to **Classifications** \> **Sensitive info types** and verify the new custom sensitive information type is listed.
-
- - Test the new custom sensitive information type. For more information, see [Test custom sensitive information types in the Security & Compliance Center](#test-custom-sensitive-information-types-in-the-security--compliance-center).
-
-## Modify custom sensitive information types in the Security & Compliance Center
-
-**Notes**:
-<!-- check to see if this note contradicts the guidance in "customize a built in sensitive information type customize-a-built-in-sensitive-information-type it sure seems like it does-->
-- You can only modify custom sensitive information types; you can't modify built-in sensitive information types. But you can use PowerShell to export built-in custom sensitive information types, customize them, and import them as custom sensitive information types. For more information, see [Customize a built-in sensitive information type](customize-a-built-in-sensitive-information-type.md).--- You can only modify custom sensitive information types that you created in the UI. If you used the [PowerShell procedure](create-a-custom-sensitive-information-type-in-scc-powershell.md) to import a custom sensitive information type rule package, you'll get an error.-
-In the Security & Compliance Center, go to **Classifications** \> **Sensitive info types**, select the custom sensitive information type that you want to modify, and then click **Edit**.
-
- ![Location of Sensitive info types and Edit button](../media/scc-cust-sens-info-type-edit.png)
-
-The same options are available here as when you created the custom sensitive information type in the Security & Compliance Center. For more information, see [Create custom sensitive information types in the Security & Compliance Center](#create-custom-sensitive-information-types-in-the-security--compliance-center).
-
-### How do you know this worked?
-
-To verify that you've successfully modified a sensitive information type, do any of the following steps:
-
- - Go to **Classifications** \> **Sensitive info types** to verify the properties of the modified custom sensitive information type.
+- Your organization must have a subscription, such as Office 365 Enterprise, that includes Data Loss Prevention (DLP). See [Messaging Policy and Compliance ServiceDescription](https://docs.microsoft.com/office365/servicedescriptions/exchange-online-protection-service-description/messaging-policy-and-compliance-servicedesc).
- - Test the modified custom sensitive information type. For more information, see [Test custom sensitive information types in the Security & Compliance Center](#test-custom-sensitive-information-types-in-the-security--compliance-center).
-## Remove custom sensitive information types in the Security & Compliance Center
+> [!IMPORTANT]
+> Microsoft Customer Service & Support can't assist with creating custom classifications or regular expression patterns. Support engineers can provide limited support for the feature, such as, providing sample regular expression patterns for testing purposes, or assisting with troubleshooting an existing regular expression pattern that's not triggering as expected, but can't provide assurances that any custom content-matching development will fulfill your requirements or obligations.
-**Notes**:
+## Create a custom sensitive information type
-- You can only remove custom sensitive information types; you can't remove built-in sensitive information types.
+Use this procedure to create a new sensitive information type that you fully define.
-- Before your remove a custom sensitive information type, verify that no DLP policies or Exchange mail flow rules (also known as transport rules) still reference the sensitive information type.
+1. In the Compliance Center, go to **Data classification** \> **Sensitive info types** and choose **Create info type**.
+2. Fill in values for **Name** and **Description** and choose **Next**.
+3. Choose **Create pattern**. You can create multiple patterns, each with different elements and confidence levels, as you define your new sensitive information type.
+4. Choose the default confidence level for the pattern. The values are **Low confidence**, **Medium confidence**, and **High confidence**.
+5. Choose and define **Primary element**. The primary element can be a **Regular expression** with an optional validator, a **Keyword list**, a **Keyword dictionary**, or one of the pre-configured **Functions**. For more information on DLP functions, see [What the DLP functions look for](what-the-dlp-functions-look-for.md).
+6. Fill in a value for **Character proximity**.
+7. (Optional) Add supporting elements if you have any. Supporting elements can be a regular expression with an optional validator, a keyword list, a keyword dictionary or one of the pre-defined functions.
+8. (Optional) Add additional checks from the list of available checks
+9. Choose **Create**.
+10. Choose **Next**.
+11. Choose the **recommended confidence level** for this sensitive information type.
+12. Check your setting and choose **Submit**.
-1. In the Security & Compliance Center, go to **Classifications** \> **Sensitive info types** and select one or more custom sensitive information types that you want to remove.
+> [!IMPORTANT]
+> Microsoft 365 uses the search crawler to identify and classify sensitive information in SharePoint Online and OneDrive for Business sites. To identify your new custom sensitive information type in existing content, the content must be re-crawled. Content is crawled based on a schedule, but you can manually re-crawl content for a site collection, list, or library. For more information, see [Manually request crawling and re-indexing of a site, a library or a list](https://docs.microsoft.com/sharepoint/crawl-site-content).
-2. In the fly-out that opens, click **Delete** (or **Delete sensitive info types** if you selected more than one).
+13. On the **Data classification** page, you'll see all the sensitive information types listed. Choose **Refresh** and then browse for or use the search tool to find the sensitive information type you just created.
- ![Location of Sensitive info types and Delete button](../media/scc-cust-sens-info-type-delete.png)
+## Test a sensitive information type
-3. In the warning message that appears, click **Yes**.
+You can test any sensitive information type in the list. We suggest that you test every sensitive information type that you create before using it in a policy.
-### How do you know this worked?
+1. Prepare two files, like a Word document. One with content that matches the elements you specified in your sensitive information type and one that doesn't match.
+2. In the Compliance Center, go to **Data classification** \> **Sensitive info types** and choose the sensitive information type from the list to open the details pane and choose **Test**.
+3. Upload a file and choose **Test**.
+4. On the **Matches results** page, review the results and choose **Finish**.
-To verify that you've successfully removed a custom sensitive information type, go to **Classifications** \> **Sensitive info types** to verify the custom sensitive information type is no longer listed.
+## Modify custom sensitive information types in the Compliance Center
-## Test custom sensitive information types in the Security & Compliance Center
+1. In the Compliance Center, go to **Data classification** \> **Sensitive info types** and choose the sensitive information type from the list that you want to modify choose **Edit**.
+2. You can add other patterns, with unique primary and supporting elements, confidence levels, character proximity, and additional checks or edit/remove the existing ones. For more information, see [Create a custom sensitive information type](#create-a-custom-sensitive-information-type).
-1. In the Security & Compliance Center, go to **Classifications** \> **Sensitive info types**.
+## Remove custom sensitive information types in the Compliance Center
-2. Select one or more custom sensitive information types to test. In the fly-out that opens, click **Test type** (or **Test sensitive info types** if you selected more than one).
+> [!NOTE]
+> You can only remove custom sensitive information types; you can't remove built-in sensitive information types.
- ![Location of Sensitive info types and Test type button](../media/scc-cust-sens-info-type-test.png)
+> [!IMPORTANT]
+> Before your remove a custom sensitive information type, verify that no DLP policies or Exchange mail flow rules (also known as transport rules) still reference the sensitive information type.
-3. On the **Upload file to test** page that opens, upload a document to test by dragging and dropping a file or by clicking **Browse** and selecting a file.
+1. In the Compliance Center, go to **Data classification** \> **Sensitive info types** and choose the sensitive information type from the list that you want to remove.
+2. In the fly-out that opens, choose **Delete**.
- ![Upload file to test page](../media/scc-cust-sens-info-type-test-upload.png)
+## Copy and modify a sensitive information type
-4. Click the **Test** button to test the document for pattern matches in the file.
+Use this procedure to create a new sensitive information type that is based on an existing sensitive information type.
-5. On the **Match results** page, click **Finish**.
+1. In the Compliance Center, go to **Data classification** \> **Sensitive info types** and choose the sensitive information type that you want to copy.
+2. In the flyout, choose **Copy**.
+3. Choose **Refresh** in the list of sensitive information types and either browse or search for the copy you just made. Partial sting searches work, so you could just search for `copy` and search would return all the sensitive information types with the word `copy` in the name.
+4. Fill in values for **Name** and **Description** and choose **Next**.
+5. Choose your sensitive information type copy and choose **Edit**.
+6. Give your new sensitive information type a new **Name** and **Description**.
+7. You can choose to edit or remove the existing patterns and add new ones. Choose the default confidence level for the new pattern. The values are **Low confidence**, **Medium confidence**, and **High confidence**.
+8. Choose and define **Primary element**. The primary element can be a **Regular expression**, a **Keyword list**, a **Keyword dictionary**, or one of the pre-configured **Functions**. See, [What the DLP functions look for](what-the-dlp-functions-look-for.md).
+9. Fill in a value for **Character proximity**.
+10. (Optional) If you have **Supporting elements** or any **Additional checks** add them. If needed you can group your **Supporting elements**.
+11. Choose **Create**.
+12. Choose **Next**.
+13. Choose the **recommended confidence level** for this sensitive information type.
+14. Check your setting and choose **Submit**.
- ![Match results](../media/scc-cust-sens-info-type-test-results.png)
+You can also create custom sensitive information types by using PowerShell and Exact Data Match capabilities. To learn more about those methods, see:
+- [Create a custom sensitive information type in Security & Compliance Center PowerShell](create-a-custom-sensitive-information-type-in-scc-powershell.md)
+- [Create a custom sensitive information type for DLP with Exact Data Match (EDM)](create-custom-sensitive-information-types-with-exact-data-match-based-classification.md)
+
+> [!NOTE]
+> Microsoft 365 Information Protection supports, in preview, double byte character set languages for:
+> - Chinese (simplified)
+> - Chinese (traditional)
+> - Korean
+> - Japanese
+>
+>This support is available for sensitive information types. See, [Information protection support for double byte character sets release notes (preview)](mip-dbcs-relnotes.md) for more information.
\ No newline at end of file
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/create-custom-sensitive-information-types-with-exact-data-match-based-classification https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-custom-sensitive-information-types-with-exact-data-match-based-classification.md
@@ -20,7 +20,7 @@ ms.custom: seo-marvel-apr2020
--- # Create custom sensitive information types with Exact Data Match based classification
-[Custom sensitive information types](custom-sensitive-info-types.md) are used to help identify sensitive items so that you can help prevent them from being inadvertently or inappropriately shared. You define a custom sensitive information type based on:
+[Custom sensitive information types](sensitive-information-type-learn-about.md) are used to help identify sensitive items so that you can prevent them from being inadvertently or inappropriately shared. You define a custom sensitive information type based on:
- patterns - keyword evidence such as *employee*, *badge*, or *ID*
@@ -643,7 +643,7 @@ EDM sensitive information types for following scenarios are currently in develop
## Related articles - [Sensitive information type-entity definitions](sensitive-information-type-entity-definitions.md)-- [Custom sensitive information types](custom-sensitive-info-types.md)
+- [Learn about sensitive information types](sensitive-information-type-learn-about.md)
- [Overview of DLP policies](data-loss-prevention-policies.md) - [Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security) - [New-DlpEdmSchema](https://docs.microsoft.com/powershell/module/exchange/new-dlpedmschema)
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/custom-sensitive-info-types https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/custom-sensitive-info-types.md deleted file mode 100644
@@ -1,64 +0,0 @@
-title: "Custom sensitive information types for DLP"
-f1.keywords:
-- NOCSH
-ms.author: chrfox
-author: chrfox
-manager: laurawi
-audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-ms.date: 04/23/2019
-localization_priority: Priority
-ms.collection:
-- M365-security-compliance-- m365solution-mip-- m365initiative-compliance
-search.appverid:
-- MOE150-- MET150
-description: Get an overview of custom sensitive information types for Data Loss Prevention (DLP), such as primary pattern, character proximity, and confidence level.
-ms.custom: seo-marvel-apr2020
-
-# Custom sensitive information types
-
-Microsoft 365 includes many built-in sensitive information types that are ready for you to use in your organization, such as for [data loss prevention](data-loss-prevention-policies.md) (DLP), or with [Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security). Built-in sensitive information types can help identify and protect credit card numbers, bank account numbers, passport numbers, and more, based on patterns that are defined by a regular expression (regex) or a function. To learn more, see [What the sensitive information types look for](what-the-sensitive-information-types-look-for.md).
-
-But what if you need to identify and protect a different type of sensitive information, such as for employee IDs or project numbers, using a format that's specific to your organization? To do this, you can create a custom sensitive information type.
-
-The fundamental parts of a custom sensitive information type are:
--- **Primary pattern**: employee ID numbers, project numbers, etc. This is typically identified by a regular expression (RegEx), but it can also be a list of keywords.--- **Additional evidence**: Suppose you're looking for a nine-digit employee ID number. Not all nine-digit numbers are employee ID numbers, so you can look for additional text: keywords like "employee", "badge", "ID", or other text patterns based on additional regular expressions. This supporting evidence (also known as _supporting_ or _corroborative_ evidence) increases the likelihood that nine-digit number found in content is really an employee ID number.--- **Character proximity**: It makes sense that the closer the primary pattern and the supporting evidence are to each other, the more likely the detected content is going to be what you're looking for. You can specify the character distance between the primary pattern and the supporting evidence (also known as the _proximity window_) as shown in the following diagram:-
- ![Diagram of corroborative evidence and proximity window](../media/dc68e38e-dfa1-45b8-b204-89c8ba121f96.png)
--- **Confidence level**: The more supporting evidence you have, the higher the likelihood that a match contains the sensitive information you're looking for. You can assign higher levels of confidence for matches that are detected by using more evidence.-
- When satisfied, a pattern returns a count and confidence level, which you can use in the conditions in your DLP policies. When you add a condition for detecting a sensitive information type to a DLP policy, you can edit the count and confidence level as shown in the following diagram:
-
- ![Instance count and match accuracy options](../media/11d0b51e-7c3f-4cc6-96d8-b29bcdae1aeb.png)
-
-## Creating custom sensitive information types
-
-To create custom sensitive information types in the Security & Compliance Center, you can choose from several options:
--- **Use EDM** You can set up custom sensitive information types using Exact Data Match (EDM)-based classification. This method enables you to create a dynamic sensitive information type using a secure database that you can refresh periodically. See [Create a custom sensitive information type with Exact Data Match based classification](create-custom-sensitive-information-types-with-exact-data-match-based-classification.md).--- **Use PowerShell** You can set up custom sensitive information types using PowerShell. Although this method is more complex than using the UI, you have more configuration options. See [Create a custom sensitive information type in Security & Compliance Center PowerShell](create-a-custom-sensitive-information-type-in-scc-powershell.md).--- **Use the UI** You can set up a custom sensitive information type using the Security & Compliance Center UI. With this method, you can use regular expressions, keywords, and keyword dictionaries. To learn more, see [Create a custom sensitive information type](create-a-custom-sensitive-information-type.md).-
-> [!NOTE]
-> Microsoft 365 Information Protection now supports in preview double byte character set languages for:
-> - Chinese (simplified)
-> - Chinese (traditional)
-> - Korean
-> - Japanese
-
->This support is available for sensitive information types. See, [Information protection support for double byte character sets release notes (preview)](mip-dbcs-relnotes.md) for more information.
-
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-sensitivity-labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/get-started-with-sensitivity-labels.md
@@ -49,7 +49,7 @@ The basic flow for deploying and applying sensitivity labels:
A number of different subscriptions support sensitivity labels and the licensing requirements for users depend on the features you use.
-To see the options for licensing your users to benefit from Microsoft 365 compliance features as of April 1, 2020, see the [Microsoft 365 licensing guidance for security & compliance](https://aka.ms/ComplianceSD). For sensitivity labels, see the [Information Protection](https://docs.microsoft.com/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#information-protection) section and related PDF or Excel download.
+To see the options for licensing your users to benefit from Microsoft 365 compliance features, see the [Microsoft 365 licensing guidance for security & compliance](https://aka.ms/ComplianceSD). For sensitivity labels, see the [Information Protection](https://docs.microsoft.com/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#information-protection) section and related PDF or Excel download.
## Permissions required to create and manage sensitivity labels
@@ -68,7 +68,7 @@ A successful strategy to deploy sensitivity labels for an organization is to cre
Using the table in the next section, we recommend identifying your top one or two scenarios that map to your most impactful business requirements. After these scenarios are deployed, return to the list to identify the next one or two priorities for deployment.
-You'll find additional general deployment guidance in the downloadable Microsoft 365 Information Protection & Compliance deployment acceleration guide. For more information, see the blog post, [Microsoft Information Protection and Compliance Deployment Acceleration Guide](https://techcommunity.microsoft.com/t5/microsoft-security-and/microsoft-information-protection-and-compliance-deployment/ba-p/1403493).
+You'll find additional general deployment guidance in the downloadable Data Loss Prevention and Microsoft Information Protection Deployment Acceleration Guide. For more information, see the blog post, [Microsoft 365 Information Protection and Compliance Deployment Acceleration Guides](https://techcommunity.microsoft.com/t5/microsoft-security-and/microsoft-365-information-protection-and-compliance-deployment/ba-p/2076404).
## Common scenarios for sensitivity labels
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/office-365-customer-managed-encryption-features https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/office-365-customer-managed-encryption-features.md
@@ -37,7 +37,7 @@ For additional information about these technologies, see the [Microsoft 365 serv
Azure RMS is integrated with Microsoft 365 and available to all customers. To configure Microsoft 365 to use Azure RMS, see [Configure IRM to use Azure Rights Management and Set up Information Rights Management (IRM) in SharePoint admin center](https://technet.microsoft.com/library/dn151475(v=exchg.150).aspx). If you operate on-premises Active Directory (AD) RMS server then you can also [configure IRM to use an on-premises AD RMS server](https://docs.microsoft.com/office365/SecurityCompliance/configure-irm-to-use-an-on-premises-ad-rms-server), but we strongly recommend you to [migrate to Azure RMS](https://docs.microsoft.com/azure/information-protection/migrate-from-ad-rms-to-azure-rms) to use new features like secure collaboration with other organizations.
-When you protect customer data with Azure RMS, Azure RMS uses a 2048-bit RSA asymmetric key with SHA-256 hash algorithm for integrity to encrypt the data. The symmetric key for Office documents and email is AES 128-bit (CBC mode with PKCS#7 padding). For each document or email that is protected by Azure RMS, Azure RMS creates a single AES key (the "content key"), and that key is embedded in the document, and persists through editions of the document. The content key is protected with the organization's RSA key (the "Azure Information Protection tenant key") as part of the policy in the document, and the policy is also signed by the author of the document. This tenant key is common to all documents and emails that are protected by Azure RMS for the organization and this key can only be changed by an Azure Information Protection administrator if the organization is using a tenant key that is customer-managed. For more information about the cryptographic controls used by Azure RMS, see [How does Azure RMS work? Under the hood](https://docs.microsoft.com/information-protection/understand-explore/how-does-it-work).
+When you protect customer data with Azure RMS, Azure RMS uses a 2048-bit RSA asymmetric key with SHA-256 hash algorithm for integrity to encrypt the data. The symmetric key for Office documents and email is AES 128-bit. For each document or email that is protected by Azure RMS, Azure RMS creates a single AES key (the "content key"), and that key is embedded in the document, and persists through editions of the document. The content key is protected with the organization's RSA key (the "Azure Information Protection tenant key") as part of the policy in the document, and the policy is also signed by the author of the document. This tenant key is common to all documents and emails that are protected by Azure RMS for the organization and this key can only be changed by an Azure Information Protection administrator if the organization is using a tenant key that is customer-managed. For more information about the cryptographic controls used by Azure RMS, see [How does Azure RMS work? Under the hood](https://docs.microsoft.com/information-protection/understand-explore/how-does-it-work).
In a default Azure RMS implementation, Microsoft generates and manages the root key that is unique for each tenant. Customers can manage the lifecycle of their root key in Azure RMS with Azure Key Vault Services by using a key management method called [Bring Your Own Key (BYOK)](https://docs.microsoft.com/azure/information-protection/plan-implement-tenant-key) that allows you to generate your key in on-premises HSMs (hardware security modules), and stay in control of this key after transfer to Microsoft's FIPS 140-2 Level 2-validated HSMs. Access to the root key is not given to any personnel as the keys cannot be exported or extracted from the HSMs protecting them. In addition, you can access a near real-time log showing all access to the root key at any time. For more information, see [Logging and Analyzing Azure Rights Management Usage](https://docs.microsoft.com/azure/information-protection/log-analyze-usage).
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitive-information-type-entity-definitions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitive-information-type-entity-definitions.md
@@ -22,12 +22,20 @@ description: "Data loss prevention (DLP) in the Security &amp; Compliance Center
# Sensitive information type entity definitions
-Data loss prevention (DLP) in the Compliance Center includes many sensitive information types that are ready for you to use in your DLP policies. This topic lists all of these sensitive information types and shows what a DLP policy looks for when it detects each type. A sensitive information type is defined by a pattern that can be identified by a regular expression or a function. In addition, corroborative evidence such as keywords and checksums can be used to identify a sensitive information type. Confidence level and proximity are also used in the evaluation process.
+A sensitive information type is defined by a pattern that can be identified by a regular expression or a function. In addition, corroborative evidence such as keywords and checksums can be used to identify a sensitive information type. Confidence level and proximity are also used in the evaluation process.
Sensitive information types require one of these subscriptions: - Microsoft 365 E3 - Microsoft 365 E5
+Sensitive information types are used in:
+
+- [Data loss prevention policies](data-loss-prevention-policies.md)
+- [Sensitivity labels](sensitivity-labels.md)
+- [Retention labels](retention.md)
+- [Communication compliance](communication-compliance.md)
+- [Auto-labelling policies](apply-sensitivity-label-automatically.md#how-to-configure-auto-labeling-for-office-apps)
+ ## ABA routing number ### Format
@@ -52,11 +60,11 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_aba_routing finds content that matches the pattern. - A keyword from Keyword_ABA_Routing is found.
-A DLP policy is 65% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_aba_routing finds content that matches the pattern. ```xml
@@ -115,7 +123,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_argentina_national_id finds content that matches the pattern. - A keyword from Keyword_argentina_national_id is found.
@@ -164,12 +172,12 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_australia_bank_account_number finds content that matches the pattern.. - A keyword from Keyword_australia_bank_account_number is found. - The regular expression Regex_australia_bank_account_number_bsb finds content that matches the pattern.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_australia_bank_account_number finds content that matches the pattern.. - A keyword from Keyword_australia_bank_account_number is found.
@@ -237,11 +245,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_australian_business_number finds content that matches the pattern. - A keyword from Keywords_australian_business_number is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_australian_business_number finds content that matches the pattern. ```xml
@@ -297,11 +305,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_Australian_Company_Number finds content that matches the pattern. - A keyword from Keyword_Australian_Company_Number is found.
-A DLP policy is 65% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_Australian_Company_Number finds content that matches the pattern. ```xml
@@ -357,7 +365,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_australia_drivers_license_number finds content that matches the pattern. - A keyword from Keyword_australia_drivers_license_number is found. - No keyword from Keyword_australia_drivers_license_number_exclusions is found.
@@ -499,7 +507,7 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_australian_medical_account_number finds content that matches the pattern. - A keyword from Keyword_Australia_Medical_Account_Number is found. - The checksum passes.
@@ -546,7 +554,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_australia_passport_number finds content that matches the pattern. - A keyword from Keyword_passport or Keyword_australia_passport_number is found.
@@ -622,7 +630,7 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_australian_tax_file_number finds content that matches the pattern. - No keyword from Keyword_Australia_Tax_File_Number or Keyword_number_exclusions is found. - The checksum passes.
@@ -667,7 +675,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_austria_eu_driver's_license_number` finds content that matches the pattern. - A keyword from `Keywords_eu_driver's_license_number` or `Keywords_austria_eu_driver's_license_number` is found.
@@ -843,7 +851,7 @@ Not applicable
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_austria_eu_national_id_card` finds content that matches the pattern. - A keyword from `Keywords_austria_eu_national_id_card` is found.
@@ -886,12 +894,12 @@ not applicable
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_austria_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_austria_eu_passport_number` is found. - The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_austria_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_austria_eu_passport_number` is found.
@@ -965,11 +973,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy is has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_austria_eu_ssn_or_equivalent` finds content that matches the pattern. - a keyword from `Keywords_austria_eu_ssn_or_equivalent` is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_austria_eu_ssn_or_equivalent` finds content that matches the pattern. ```xml
@@ -1039,11 +1047,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_austria_eu_tax_file_number` finds content that matches the pattern. - A keyword from `Keywords_austria_eu_tax_file_number` is found.
-A DLP policy is 65% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_austria_eu_tax_file_number` finds content that matches the pattern. ```xml
@@ -1117,11 +1125,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_Austria_Value_Added_Tax finds content that matches the pattern. - A keyword from Keyword_Austria_Value_Added_Tax is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_Austria_Value_Added_Tax finds content that matches the pattern. ```xml
@@ -1177,7 +1185,7 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression CEP_Regex_AzureDocumentDBAuthKey finds content that matches the pattern. - The regular expression CEP_CommonExampleKeywords does **not** find content that matches the pattern.
@@ -1237,7 +1245,7 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression CEP_Regex_AzureConnectionString finds content that matches the pattern. - The regular expression CEP_CommonExampleKeywords does **not** find content that matches the pattern.
@@ -1297,7 +1305,7 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression CEP_Regex_AzureIoTConnectionString finds content that matches the pattern. - The regular expression CEP_CommonExampleKeywords does **not** find content that matches the pattern.
@@ -1347,7 +1355,7 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression CEP_Regex_AzurePublishSettingPasswords finds content that matches the pattern. - The regular expression CEP_CommonExampleKeywords does **not** find content that matches the pattern.
@@ -1403,7 +1411,7 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression CEP_Regex_AzureRedisCacheConnectionString finds content that matches the pattern.. - The regular expression CEP_CommonExampleKeywords does **not** find content that matches the pattern.
@@ -1457,7 +1465,7 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression CEP_Regex_AzureSAS finds content that matches the pattern. ```xml
@@ -1497,7 +1505,7 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression CEP_Regex_AzureServiceBusConnectionString finds content that matches the pattern.. - The regular expression CEP_CommonExampleKeywords does **not** find content that matches the pattern.
@@ -1555,7 +1563,7 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression CEP_Regex_AzureStorageAccountKey finds content that matches the pattern. - The regular expression CEP_AzureEmulatorStorageAccountFilter does **not** find content that matches the pattern. - The regular expression CEP_CommonExampleKeywords does **not** find content that matches the pattern.
@@ -1613,7 +1621,7 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression CEP_Regex_AzureStorageAccountKeyGeneric finds content that matches the pattern. ```xml
@@ -1640,7 +1648,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_belgium_eu_driver's_license_number` finds content that matches the pattern. - A keyword from `Keywords_eu_driver's_license_number` or `Keywords_belgium_eu_driver's_license_number` is found.
@@ -1817,12 +1825,12 @@ Yes
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_belgium_national_number finds content that matches the pattern. - A keyword from Keyword_belgium_national_number is found. - The checksum passes.
-A DLP policy is 65% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_belgium_national_number finds content that matches the pattern. - The checksum passes.
@@ -1916,12 +1924,12 @@ not applicable
### Definition
- A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+ A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_belgium_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_belgium_eu_passport_number` is found. - The regular expression `Regex_eu_passport_date2` finds date in the format DD MM YY or a keyword from `Keywords_eu_passport_date` or `Keywords_belgium_eu_passport_number` is found
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_belgium_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_belgium_eu_passport_number` is found.
@@ -2013,11 +2021,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_belgium_value_added_tax_number finds content that matches the pattern. - A keyword from Keywords_belgium_value_added_tax_number is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_belgium_value_added_tax_number finds content that matches the pattern. ```xml
@@ -2074,12 +2082,12 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_brazil_cpf finds content that matches the pattern. - A keyword from Keyword_brazil_cpf is found. - The checksum passes.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_brazil_cpf finds content that matches the pattern. - The checksum passes.
@@ -2137,12 +2145,12 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_brazil_cnpj finds content that matches the pattern. - A keyword from Keyword_brazil_cnpj is found. - The checksum passes.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_brazil_cnpj finds content that matches the pattern. - The checksum passes.
@@ -2214,12 +2222,12 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_brazil_rg finds content that matches the pattern. - A keyword from Keyword_brazil_rg is found. - The checksum passes.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_brazil_rg finds content that matches the pattern. - The checksum passes.
@@ -2266,7 +2274,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_bulgaria_eu_driver's_license_number` finds content that matches the pattern. - A keyword from `Keywords_eu_driver's_license_number` or `Keywords_bulgaria_eu_driver's_license_number` is found.
@@ -2442,11 +2450,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_bulgaria_eu_national_id_card` finds content that matches the pattern. - A keyword from `Keywords_bulgaria_eu_national_id_card` is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_bulgaria_eu_national_id_card` finds content that matches the pattern. ```xml
@@ -2530,12 +2538,12 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_bulgaria_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_bulgaria_eu_passport_number` is found. - The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_bulgaria_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_bulgaria_eu_passport_number` is found.
@@ -2612,12 +2620,12 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_canada_bank_account_number finds content that matches the pattern. - A keyword from Keyword_canada_bank_account_number is found. - The regular expression Regex_canada_bank_account_transit_number finds content that matches the pattern.
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_canada_bank_account_number finds content that matches the pattern. - A keyword from Keyword_canada_bank_account_number is found.
@@ -2679,7 +2687,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_[province_name]_drivers_license_number finds content that matches the pattern. - A keyword from Keyword_[province_name]_drivers_license_name is found. - A keyword from Keyword_canada_drivers_license is found.
@@ -2897,7 +2905,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_canada_health_service_number finds content that matches the pattern. - A keyword from Keyword_canada_health_service_number is found.
@@ -2944,7 +2952,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_canada_passport_number finds content that matches the pattern. - A keyword from Keyword_canada_passport_number or Keyword_passport is found.
@@ -3012,7 +3020,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_canada_phin finds content that matches the pattern. - At least two keywords from Keyword_canada_phin or Keyword_canada_provinces are found.
@@ -3090,7 +3098,7 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_canadian_sin finds content that matches the pattern. - At least two of any combination of the following: - A keyword from Keyword_sin is found.
@@ -3098,7 +3106,7 @@ A DLP policy is 85% confident that it's detected this type of sensitive informat
- The function Func_eu_date finds a date in the right date format. - The checksum passes.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_unformatted_canadian_sin finds content that matches the pattern. - A keyword from Keyword_sin is found. - The checksum passes.
@@ -3174,12 +3182,12 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_chile_id_card finds content that matches the pattern. - A keyword from Keyword_chile_id_card is found. - The checksum passes.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_chile_id_card finds content that matches the pattern. - The checksum passes.
@@ -3256,12 +3264,12 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_china_resident_id finds content that matches the pattern. - A keyword from Keyword_china_resident_id is found. - The checksum passes.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_china_resident_id finds content that matches the pattern. - The checksum passes.
@@ -3310,7 +3318,7 @@ Yes, the Luhn checksum
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_credit_card finds content that matches the pattern. - One of the following is true: - A keyword from Keyword_cc_verification is found.
@@ -3318,7 +3326,7 @@ A DLP policy is 85% confident that it's detected this type of sensitive informat
- The function Func_expiration_date finds a date in the right date format. - The checksum passes.
-A DLP policy is 65% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_credit_card finds content that matches the pattern. - The checksum passes.
@@ -3608,7 +3616,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_croatia_eu_driver's_license_number` finds content that matches the pattern. - A keyword from `Keywords_eu_driver's_license_number` or `Keywords_croatia_eu_driver's_license_number` is found.
@@ -3773,7 +3781,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_croatia_id_card finds content that matches the pattern. - A keyword from Keyword_croatia_id_card is found.
@@ -3837,12 +3845,12 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_croatia_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_croatia_eu_passport_number` is found. - The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_croatia_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_croatia_eu_passport_number` is found.
@@ -3908,12 +3916,12 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_croatia_oib_number finds content that matches the pattern. - A keyword from Keywords_croatia_eu_tax_file_number is found. - The checksum passes.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_croatia_oib_number finds content that matches the pattern. - The checksum passes.
@@ -3980,7 +3988,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_cyprus_eu_driver's_license_number` finds content that matches the pattern. - A keyword from `Keywords_eu_driver's_license_number` or `Keywords_cyprus_eu_driver's_license_number` is found.
@@ -4149,7 +4157,7 @@ not applicable
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_cyprus_eu_national_id_card` finds content that matches the pattern. - A keyword from `Keywords_cyprus_eu_national_id_card` is found.
@@ -4191,12 +4199,12 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_cyprus_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_cyprus_eu_passport_number` is found. - The regular expression `Regex_cyprus_eu_passport_date` finds date in the format DD/MM/YYYY or a keyword from `Keywords_cyprus_eu_passport_date` is found
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_cyprus_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_cyprus_eu_passport_number` is found.
@@ -4285,11 +4293,11 @@ not applicable
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_cyprus_eu_tax_file_number` finds content that matches the pattern. - A keyword from `Keywords_cyprus_eu_tax_file_number` is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_cyprus_eu_tax_file_number` finds content that matches the pattern. ```xml
@@ -4357,7 +4365,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_czech_republic_eu_driver's_license_number` finds content that matches the pattern. - A keyword from `Keywords_eu_driver's_license_number` or `Keywords_czech_republic_eu_driver's_license_number` is found.
@@ -4521,12 +4529,12 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_czech_republic_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_czech_republic_eu_passport_number` is found. - The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_czech_republic_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_czech_republic_eu_passport_number` is found.
@@ -4608,13 +4616,13 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_czech_id_card finds content that matches the pattern. - A keyword from Keyword_czech_id_card is found. - The checksum passes.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_czech_id_card_new_format finds content that matches the pattern. - The checksum passes.
@@ -4700,7 +4708,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_denmark_eu_driver's_license_number` finds content that matches the pattern. - A keyword from `Keywords_eu_driver's_license_number` or `Keywords_denmark_eu_driver's_license_number` is found.
@@ -4862,12 +4870,12 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_denmark_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_denmark_eu_passport_number` is found. - The regular expression `Regex_eu_passport_date2` finds date in the format DD MM YY or a keyword from `Keywords_eu_passport_date` is found
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_denmark_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_denmark_eu_passport_number` is found.
@@ -4942,12 +4950,12 @@ Yes
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Func_denmark_eu_tax_file_number finds content that matches the pattern. - A keyword from Keyword_denmark_id is found. - The checksum passes.
-A DLP policy is 65% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Func_denmark_eu_tax_file_number finds content that matches the pattern. - The checksum passes.
@@ -5059,12 +5067,12 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_dea_number finds content that matches the pattern. - A keyword from `Keyword_dea_number` is found - The checksum passes.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_dea_number finds content that matches the pattern. - The checksum passes.
@@ -5117,7 +5125,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_estonia_eu_driver's_license_number` finds content that matches the pattern. - A keyword from `Keywords_eu_driver's_license_number` or `Keywords_estonia_eu_driver's_license_number` is found.
@@ -5292,11 +5300,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_estonia_eu_national_id_card` finds content that matches the pattern. - A keyword from `Keywords_estonia_eu_national_id_card` is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_estonia_eu_national_id_card` finds content that matches the pattern. ```xml
@@ -5368,12 +5376,12 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_estonia_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_estonia_eu_passport_number` is found. - The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_estonia_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_estonia_eu_passport_number` is found.
@@ -5447,7 +5455,7 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_eu_debit_card finds content that matches the pattern. - At least one of the following is true: - A keyword from Keyword_eu_debit_card is found.
@@ -5956,7 +5964,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_finland_eu_driver's_license_number` finds content that matches the pattern. - A keyword from `Keywords_eu_driver's_license_number` or `Keywords_finland_eu_driver's_license_number` is found.
@@ -6136,7 +6144,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regex Regex_Finland_European_Health_Insurance_Number finds content that matches the pattern. - A keyword from Keyword_Finland_European_Health_Insurance_Number is found.
@@ -6190,12 +6198,12 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- the function Func_finnish_national_id finds content that matches the pattern - a keyword from Keyword_finnish_national_id is found - the checksum passes
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- the function Func_finnish_national_id finds content that matches the pattern - the checksum passes
@@ -6279,7 +6287,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_finland_passport_number finds content that matches the pattern. - A keyword from Keywords_eu_passport_number_common or Keyword_finland_passport_number is found.
@@ -6337,7 +6345,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- the function Func_french_drivers_license finds content that matches the pattern. - a keyword from Keyword_french_drivers_license is found.
@@ -6510,7 +6518,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- the regex Regex_France_Health_Insurance_Number finds content that matches the pattern. - a keyword from Keyword_France_Health_Insurance_Number is found.
@@ -6548,7 +6556,7 @@ No
### Definition
-A DLP policy is 65% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_france_cni finds content that matches the pattern. - A keyword from Keywords_france_eu_national_id_card is found.
@@ -6599,7 +6607,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_fr_passport finds content that matches the pattern. - A keyword from Keyword_passport is found.
@@ -6662,7 +6670,7 @@ A DLP policy is 95% confident that it's detected this type of sensitive informat
- A keyword from Keyword_fr_insee is found. - The checksum passes.
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_french_insee or Func_fr_insee finds content that matches the pattern. - No keyword from Keyword_fr_insee is found. - The checksum passes.
@@ -6741,11 +6749,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_france_eu_tax_file_number` finds content that matches the pattern. - A keyword from `Keywords_france_eu_tax_file_number` is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_france_eu_tax_file_number` finds content that matches the pattern. ```xml
@@ -6821,11 +6829,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_france_value_added_tax_number finds content that matches the pattern. - A keyword from Keywords_france_value_added_tax_number is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_france_value_added_tax_number finds content that matches the pattern. ```xml
@@ -6877,7 +6885,7 @@ Yes
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_german_drivers_license finds content that matches the pattern. - A keyword from Keyword_german_drivers_license_number is found. - The checksum passes.
@@ -7067,7 +7075,7 @@ No
### Definition
-A DLP policy is 65% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_germany_id_card finds content that matches the pattern. - A keyword from Keyword_germany_id_card is found.
@@ -7120,12 +7128,12 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_german_passport finds content that matches the pattern. - A keyword from `Keyword_german_passport` or `Keywords_eu_passport_number_common` is found. - The checksum passes.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_german_passport_data finds content that matches the pattern. - A keyword from `Keyword_german_passport` or `Keywords_eu_passport_number_common` is found. - The checksum passes.
@@ -7203,11 +7211,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_germany_eu_tax_file_number` finds content that matches the pattern. - A keyword from `Keywords_germany_eu_tax_file_number` is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_germany_eu_tax_file_number` finds content that matches the pattern. ```xml
@@ -7283,11 +7291,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_germany_value_added_tax_number finds content that matches the pattern. - A keyword from Keywords_germany_value_added_tax_number is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_germany_value_added_tax_number finds content that matches the pattern. ```xml
@@ -7331,7 +7339,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_greece_eu_driver's_license_number` finds content that matches the pattern. - A keyword from `Keywords_eu_driver's_license_number` or `Keywords_greece_eu_driver's_license_number` is found.
@@ -7504,11 +7512,11 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_greece_id_card finds content that matches the pattern. - A keyword from Keyword_greece_id_card is found.
-A DLP policy is 65% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_greece_id_card finds content that matches the pattern. ```xml
@@ -7554,12 +7562,12 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_greece_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_greece_eu_passport_number` is found. - The regular expression `Regex_greece_eu_passport_date` finds date in the format DD MMM YY (Example - 28 Aug 19) or a keyword from `Keywords_greece_eu_passport_date` is found
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_greece_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_greece_eu_passport_number` is found.
@@ -7633,11 +7641,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_greece_eu_ssn` finds content that matches the pattern. - A keyword from `Keywords_greece_eu_ssn_or_equivalent` is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_greece_eu_ssn` finds content that matches the pattern. ```xml
@@ -7689,7 +7697,7 @@ Not applicable
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_greece_eu_tax_file_number` finds content that matches the pattern. - A keyword from `Keywords_greece_eu_tax_file_number` is found.
@@ -7755,12 +7763,12 @@ Yes
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_hong_kong_id_card finds content that matches the pattern. - A keyword from Keyword_hong_kong_id_card is found. - The checksum passes.
-A DLP policy is 65% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_hong_kong_id_card finds content that matches the pattern. - The checksum passes.
@@ -7839,7 +7847,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_hungary_eu_driver's_license_number` finds content that matches the pattern. - A keyword from `Keywords_eu_driver's_license_number` or `Keywords_hungary_eu_driver's_license_number` is found.
@@ -8014,12 +8022,12 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_hungary_eu_national_id_card` finds content that matches the pattern. - A keyword from `Keywords_hungary_eu_national_id_card` is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_hungary_eu_national_id_card` finds content that matches the pattern.
@@ -8069,12 +8077,12 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_hungary_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_hungary_eu_passport_number` is found. - The regular expression `Regex_hungary_eu_passport_date` finds date in the format DD MMM/MMM YY (Example - 01 MÁR/MAR 12) or a keyword from `Keywords_eu_passport_date` is found
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_hungary_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_hungary_eu_passport_number` is found.
@@ -8139,12 +8147,12 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_hungary_eu_ssn_or_equivalent` finds content that matches the pattern. - A keyword from `Keywords_hungary_eu_ssn_or_equivalent` is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_hungary_eu_ssn_or_equivalent` finds content that matches the pattern.
@@ -8210,12 +8218,12 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_hungary_eu_tax_file_number` finds content that matches the pattern. - A keyword from `Keywords_hungary_eu_tax_file_number` is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_hungary_eu_tax_file_number` finds content that matches the pattern.
@@ -8291,12 +8299,12 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_hungarian_value_added_tax_number finds content that matches the pattern. - A keyword from Keywords_hungarian_value_added_tax_number is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_hungarian_value_added_tax_number finds content that matches the pattern.
@@ -8351,11 +8359,11 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_india_permanent_account_number finds content that matches the pattern. - A keyword from Keyword_india_permanent_account_number is found.
-A DLP policy is 65% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_india_permanent_account_number finds content that matches the pattern.
@@ -8403,12 +8411,12 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_india_aadhaar finds content that matches the pattern. - A keyword from Keyword_india_aadhar is found. - The checksum passes. -
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_india_aadhaar finds content that matches the pattern. - The checksum passes.
@@ -8459,7 +8467,7 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_indonesia_id_card finds content that matches the pattern. - A keyword from Keyword_indonesia_id_card is found.
@@ -8506,7 +8514,7 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_iban finds content that matches the pattern. - The checksum passes.
@@ -8540,11 +8548,11 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- A keyword from Dictionary_icd_10_updated is found. - A keyword from Dictionary_icd_10_codes is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- A keyword from Dictionary_icd_10_ updated is found. ```xml
@@ -8582,11 +8590,11 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- A keyword from Dictionary_icd_9_updated is found. - A keyword from Dictionary_icd_9_codes is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- A keyword from Dictionary_icd_9_updated is found. ```xml
@@ -8625,7 +8633,7 @@ No
### Definition
-For IPv6, a DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+For IPv6, a DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_ipv6_address finds content that matches the pattern. - No keyword from Keyword_ipaddress is found.
@@ -8690,7 +8698,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_ireland_eu_driver's_license_number` finds content that matches the pattern. - A keyword from `Keywords_eu_driver's_license_number` or `Keywords_ireland_eu_driver's_license_number` is found.
@@ -8856,12 +8864,12 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_ireland_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_ireland_eu_passport_number` is found. - The regular expression `Regex_ireland_eu_passport_date` finds date in the format DD MMM/MMM YYYY (Example - 01 BEA/MAY 1988) or a keyword from `Keywords_eu_passport_date` is found
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_ireland_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_ireland_eu_passport_number` is found.
@@ -8947,12 +8955,12 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_ireland_pps finds content that matches the pattern. - A keyword from Keywords_ireland_eu_national_id_card is found. - The checksum passes.
-A DLP policy is 65% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_ireland_pps finds content that matches the pattern. - The checksum passes.
@@ -9041,7 +9049,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_israel_bank_account_number finds content that matches the pattern. - A keyword from Keyword_israel_bank_account_number is found.
@@ -9082,7 +9090,7 @@ Yes
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_israeli_national_id_number finds content that matches the pattern. - A keyword from Keyword_Israel_National_ID is found. - The checksum passes.
@@ -9141,7 +9149,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_italy_drivers_license_number finds content that matches the pattern. - A keyword from Keyword_italy_drivers_license_number is found.
@@ -9196,11 +9204,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_italy_eu_national_id_card` finds content that matches the pattern. - A keyword from `Keywords_italy_eu_national_id_card` is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_italy_eu_national_id_card` finds content that matches the pattern. ```xml
@@ -9273,12 +9281,12 @@ not applicable
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_italy_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_italy_eu_passport_number` is found. - The regular expression `Regex_italy_eu_passport_date` finds date in the format DD MMM/MMM YYYY (Example - 01 GEN/JAN 1988) or a keyword from `Keywords_eu_passport_date` is found
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_italy_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_italy_eu_passport_number` is found.
@@ -9364,11 +9372,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_italy_value_added_tax_number finds content that matches the pattern. - A keyword from Keywords_italy_value_added_tax_number is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_italy_value_added_tax_number finds content that matches the pattern. ```xml
@@ -9416,14 +9424,14 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_jp_bank_account finds content that matches the pattern. - A keyword from Keyword_jp_bank_account is found. - One of the following is true: - The function Func_jp_bank_account_branch_code finds content that matches the pattern. - A keyword from Keyword_jp_bank_branch_code is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_jp_bank_account finds content that matches the pattern. - A keyword from Keyword_jp_bank_account is found.
@@ -9514,7 +9522,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_jp_drivers_license_number finds content that matches the pattern. - A keyword from Keyword_jp_drivers_license_number is found.
@@ -9594,11 +9602,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_japanese_my_number_corporate finds content that matches the pattern. - A keyword from Keywords_japanese_my_number_corporate is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_japanese_my_number_corporate finds content that matches the pattern. ```xml
@@ -9658,11 +9666,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_japanese_my_number_personal finds content that matches the pattern. - A keyword from Keywords_japanese_my_number_personal is found.
-A DLP policy is 65% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_japanese_my_number_personal finds content that matches the pattern. ```xml
@@ -9710,7 +9718,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_jp_passport finds content that matches the pattern. - A keyword from Keyword_jp_passport is found.
@@ -9763,7 +9771,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_jp_residence_card_number finds content that matches the pattern. - A keyword from Keyword_jp_residence_card_number is found.
@@ -9804,7 +9812,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_jp_resident_registration_number finds content that matches the pattern. - A keyword from Keyword_jp_resident_registration_number is found.
@@ -9855,11 +9863,11 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_jp_sin finds content that matches the pattern. - A keyword from Keyword_jp_sin is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_jp_sin_pre_1997 finds content that matches the pattern. - A keyword from Keyword_jp_sin is found.
@@ -9920,7 +9928,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_latvia_eu_driver's_license_number` finds content that matches the pattern. - A keyword from `Keywords_eu_driver's_license_number` or `Keywords_latvia_eu_driver's_license_number` is found.
@@ -10097,11 +10105,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_latvia_eu_national_id_card` or the regex `Regex_latvia_eu_national_id_card_new_format` finds content that matches the pattern. - A keyword from `Keywords_latvia_eu_national_id_card` is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_latvia_eu_national_id_card` or the regex `Regex_latvia_eu_national_id_card_new_format` finds content that matches the pattern. ```xml
@@ -10217,12 +10225,12 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_latvia_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_latvia_eu_passport_number` is found. - The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_latvia_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_latvia_eu_passport_number` is found.
@@ -10296,7 +10304,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_lithuania_eu_driver's_license_number` finds content that matches the pattern. - A keyword from `Keywords_eu_driver's_license_number` or `Keywords_lithuania_eu_driver's_license_number` is found.
@@ -10470,11 +10478,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_lithuania_eu_tax_file_number` finds content that matches the pattern. - A keyword from `Keywords_lithuania_eu_tax_file_number` is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_lithuania_eu_tax_file_number` finds content that matches the pattern. ```xml
@@ -10547,12 +10555,12 @@ not applicable
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_lithuania_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_lithuania_eu_passport_number` is found. - The regular expression `Regex_eu_passport_date3` finds date in the format DD MM YYYY or a keyword from `Keywords_eu_passport_date` is found
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_lithuania_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_lithuania_eu_passport_number` is found.
@@ -10623,7 +10631,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_luxemburg_eu_driver's_license_number` finds content that matches the pattern. - A keyword from `Keywords_eu_driver's_license_number` or `Keywords_luxemburg_eu_driver's_license_number` is found.
@@ -10794,11 +10802,11 @@ yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_luxemburg_eu_tax_file_number` finds content that matches the pattern. - A keyword from `Keywords_luxemburg_eu_national_id_card` is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_luxemburg_eu_tax_file_number` finds content that matches the pattern.
@@ -10860,12 +10868,12 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_luxemburg_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_luxemburg_eu_passport_number` is found. - The regular expression `Regex_eu_passport_date3` finds date in the format DD MM YYYY or a keyword from `Keywords_eu_passport_date` is found
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_luxemburg_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_luxemburg_eu_passport_number` is found.
@@ -10956,11 +10964,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_luxemburg_eu_tax_file_number_non_natural` finds content that matches the pattern. - A keyword from `Keywords_luxemburg_eu_tax_file_number` is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_luxemburg_eu_tax_file_number_non_natural` finds content that matches the pattern. ```xml
@@ -11045,7 +11053,7 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_malaysia_id_card_number finds content that matches the pattern. - A keyword from Keyword_malaysia_id_card_number is found.
@@ -11111,7 +11119,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_malta_eu_driver's_license_number` finds content that matches the pattern. - A keyword from `Keywords_eu_driver's_license_number` or `Keywords_malta_eu_driver's_license_number` is found.
@@ -11283,11 +11291,11 @@ Not applicable
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_malta_eu_national_id_card` finds content that matches the pattern. - A keyword from `Keywords_malta_eu_national_id_card` is found.
-A DLP policy is 65% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_malta_eu_national_id_card` finds content that matches the pattern. ```xml
@@ -11339,12 +11347,12 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_malta_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_malta_eu_passport_number` is found. - A keyword from `Keywords_eu_passport_date` is found
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_malta_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_malta_eu_passport_number` is found.
@@ -11423,11 +11431,11 @@ Not applicable
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regex `Regex_malta_eu_tax_file_number` or `Regex_malta_eu_tax_file_number_non_maltese_national` finds content that matches the pattern. - A keyword from `Keywords_malta_eu_tax_file_number` is found.
-A DLP policy is 65% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regex `Regex_malta_eu_tax_file_number` or `Regex_malta_eu_tax_file_number_non_maltese_national` finds content that matches the pattern. ```xml
@@ -11506,7 +11514,7 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_netherlands_bsn finds content that matches the pattern. - A keyword from Keyword_netherlands_bsn is found. - The checksum passes.
@@ -11563,7 +11571,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_netherlands_eu_driver's_license_number` finds content that matches the pattern. - A keyword from `Keywords_eu_driver's_license_number` or `Keywords_netherlands_eu_driver's_license_number` is found.
@@ -11730,12 +11738,12 @@ not applicable
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_netherlands_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_netherlands_eu_passport_number` is found. - The regular expression `Regex_netherlands_eu_passport_date` finds date in the format DD MMM/MMM YYYY (Example - 26 MAA/MAR 2012)
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_netherlands_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_netherlands_eu_passport_number` is found.
@@ -11804,11 +11812,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_netherlands_eu_tax_file_number` finds content that matches the pattern. - A keyword from `Keywords_netherlands_eu_tax_file_number` is found.
-A DLP policy is 65% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_netherlands_eu_tax_file_number` finds content that matches the pattern. ```xml
@@ -11895,11 +11903,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_netherlands_value_added_tax_number finds content that matches the pattern. - A keyword from Keywords_netherlands_value_added_tax_number is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_netherlands_value_added_tax_number finds content that matches the pattern. ```xml
@@ -11958,11 +11966,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_new_zealand_bank_account_number finds content that matches the pattern. - A keyword from Keywords_new_zealand_bank_account_number is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_new_zealand_bank_account_number finds content that matches the pattern. ```xml
@@ -12014,11 +12022,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_newzealand_driver_license_number finds content that matches the pattern. - A keyword from Keywords_newzealand_driver_license_number is found.
-A DLP policy is 65% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_newzealand_driver_license_number finds content that matches the pattern. ```xml
@@ -12132,11 +12140,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_new_zealand_inland_revenue_number finds content that matches the pattern. - A keyword from Keywords_new_zealand_inland_revenue_number is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_new_zealand_inland_revenue_number finds content that matches the pattern. ```xml
@@ -12182,12 +12190,12 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_new_zealand_ministry_of_health_number finds content that matches the pattern. - A keyword from Keyword_nz_terms is found. - The checksum passes.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_new_zealand_ministry_of_health_number finds content that matches the pattern. - The checksum passes.
@@ -12249,11 +12257,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_newzealand_social_welfare_number finds content that matches the pattern. - A keyword from Keywords_newzealand_social_welfare_number is found.
-A DLP policy is 65% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_newzealand_social_welfare_number finds content that matches the pattern. ```xml
@@ -12300,12 +12308,12 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_norway_id_number finds content that matches the pattern. - A keyword from Keyword_norway_id_number is found. - The checksum passes.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_norway_id_numbe finds content that matches the pattern. - The checksum passes.
@@ -12355,7 +12363,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_philippines_unified_id finds content that matches the pattern. - A keyword from Keyword_philippines_id is found.
@@ -12400,7 +12408,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_poland_eu_driver's_license_number` finds content that matches the pattern. - A keyword from `Keywords_eu_driver's_license_number` or `Keywords_poland_eu_driver's_license_number` is found.
@@ -12562,7 +12570,7 @@ Yes
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_polish_national_id finds content that matches the pattern. - A keyword from Keyword_polish_national_id_passport_number is found. - The checksum passes.
@@ -12608,12 +12616,12 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_pesel_identification_number finds content that matches the pattern. - A keyword from Keyword_pesel_identification_number is found. - The checksum passes.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_pesel_identification_number finds content that matches the pattern. - The checksum passes.
@@ -12662,7 +12670,7 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_polish_passport_number finds content that matches the pattern. - A keyword from Keyword_polish_national_id_passport_number is found. - The checksum passes.
@@ -12714,11 +12722,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_polish_regon_number finds content that matches the pattern. - A keyword from Keywords_polish_regon_number is found.
-A DLP policy is 65% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_polish_regon_number finds content that matches the pattern. ```xml
@@ -12775,7 +12783,7 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_poland_eu_tax_file_number` finds content that matches the pattern. - A keyword from `Keywords_poland_eu_tax_file_number` is found.
@@ -12839,7 +12847,7 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_portugal_citizen_card finds content that matches the pattern. - A keyword from Keyword_portugal_citizen_card is found.
@@ -12907,7 +12915,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_portugal_eu_driver's_license_number` finds content that matches the pattern. - A keyword from `Keywords_eu_driver's_license_number` or `Keywords_portugal_eu_driver's_license_number` is found.
@@ -13080,12 +13088,12 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_portugal_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_portugal_eu_passport_number` is found. - The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_portugal_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_portugal_eu_passport_number` is found.
@@ -13167,11 +13175,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_portugal_eu_tax_file_number` finds content that matches the pattern. - A keyword from `Keywords_portugal_eu_tax_file_number` is found.
-A DLP policy is 65% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_portugal_eu_tax_file_number` finds content that matches the pattern. ```xml
@@ -13233,7 +13241,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_romania_eu_driver's_license_number` finds content that matches the pattern. - A keyword from `Keywords_eu_driver's_license_number` or `Keywords_romania_eu_driver's_license_number` is found.
@@ -13408,11 +13416,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_romania_eu_national_id_card` finds content that matches the pattern. - A keyword from `Keywords_romania_eu_national_id_card` is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_romania_eu_national_id_card` finds content that matches the pattern. ```xml
@@ -13497,12 +13505,12 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_romania_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_romania_eu_passport_number` is found. - The regular expression `Regex_romania_eu_passport_date` finds date in the format DD MMM/MMM YY (Example- 01 FEB/FEB 10) or a keyword from `Keywords_eu_passport_date` is found
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_romania_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_romania_eu_passport_number` is found.
@@ -13586,7 +13594,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regex Regex_Russian_Passport_Number_Domestic finds content that matches the pattern. - A keyword from Keyword_Russian_Passport_Number is found.
@@ -13646,7 +13654,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regex Regex_Russian_Passport_Number_International finds content that matches the pattern. - A keyword from Keyword_Russian_Passport_Number is found.
@@ -13696,7 +13704,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_saudi_arabia_national_id finds content that matches the pattern. - A keyword from Keyword_saudi_arabia_national_id is found.
@@ -13741,12 +13749,12 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_singapore_nric finds content that matches the pattern. - A keyword from Keyword_singapore_nric is found. - The checksum passes.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_singapore_nric finds content that matches the pattern. - The checksum passes.
@@ -13795,7 +13803,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_slovakia_eu_driver's_license_number` finds content that matches the pattern. - A keyword from `Keywords_eu_driver's_license_number` or `Keywords_slovakia_eu_driver's_license_number` is found.
@@ -13968,11 +13976,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_slovakia_eu_national_id_card` finds content that matches the pattern. - A keyword from `Keywords_slovakia_eu_national_id_card` is found.
-A DLP policy is 65% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_slovakia_eu_national_id_card` finds content that matches the pattern. ```xml
@@ -14054,12 +14062,12 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_slovakia_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_slovakia_eu_passport_number` is found. - The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_slovakia_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_slovakia_eu_passport_number` is found.
@@ -14132,7 +14140,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_slovenia_eu_driver's_license_number` finds content that matches the pattern. - A keyword from `Keywords_eu_driver's_license_number` or `Keywords_slovenia_eu_driver's_license_number` is found.
@@ -14308,11 +14316,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_slovenia_eu_national_id_card` finds content that matches the pattern. - A keyword from `Keywords_slovenia_eu_national_id_card` is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_slovenia_eu_national_id_card` finds content that matches the pattern. ```xml
@@ -14378,12 +14386,12 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_slovenia_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_slovenia_eu_passport_number` is found. - The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_slovenia_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_slovenia_eu_passport_number` is found.
@@ -14465,11 +14473,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_slovenia_eu_tax_file_number` finds content that matches the pattern. - A keyword from `Keywords_slovenia_eu_tax_file_number` is found.
-A DLP policy is 65% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_slovenia_eu_tax_file_number` finds content that matches the pattern. ```xml
@@ -14533,7 +14541,7 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_south_africa_identification_number finds content that matches the pattern. - A keyword from Keyword_south_africa_identification_number is found. - The checksum passes.
@@ -14578,12 +14586,12 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_south_korea_resident_number finds content that matches the pattern. - A keyword from Keyword_south_korea_resident_number is found. - The checksum passes.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_south_korea_resident_number finds content that matches the pattern. - The checksum passes.
@@ -14629,11 +14637,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_spain_eu_DL_and_NI_number_citizen` or `Func_spain_eu_DL_and_NI_number_foreigner` finds content that matches the pattern. - A keyword from `Keywords_eu_driver's_license_number` or `Keywords_spain_eu_driver's_license_number` is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_spain_eu_DL_and_NI_number_citizen` or `Func_spain_eu_DL_and_NI_number_foreigner` finds content that matches the pattern. ```xml
@@ -14827,11 +14835,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_spain_eu_DL_and_NI_number_citizen` or `Func_spain_eu_DL_and_NI_number_foreigner` finds content that matches the pattern. - A keyword from `Keywords_spain_eu_national_id_card"` is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_spain_eu_DL_and_NI_number_citizen` or `Func_spain_eu_DL_and_NI_number_foreigner` finds content that matches the pattern.
@@ -14901,12 +14909,12 @@ Not applicable
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_spain_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_spain_eu_passport_number` is found. - The regular expression `Regex_spain_eu_passport_date` finds date in the format DD-MM-YYYY or a keyword from `Keywords_eu_passport_date` is found
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_spain_eu_passport_number` finds content that matches the pattern. - A keyword from `Keywords_eu_passport_number` or `Keywords_spain_eu_passport_number` is found.
@@ -14991,7 +14999,7 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_spanish_social_security_number finds content that matches the pattern. - The checksum passes.
@@ -15057,11 +15065,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_spain_eu_tax_file_number` or `Func_spain_eu_DL_and_NI_number_citizen` finds content that matches the pattern. - A keyword from `Keywords_spain_eu_tax_file_number` is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_spain_eu_tax_file_number` or `Func_spain_eu_DL_and_NI_number_citizen` finds content that matches the pattern. ```xml
@@ -15140,7 +15148,7 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression CEP_Regex_SQLServerConnectionString finds content that matches the pattern. - A keyword from CEP_GlobalFilter is **not** found. - The regular expression CEP_PasswordPlaceHolder does **not** find content that matches the pattern.
@@ -15215,7 +15223,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression `Regex_sweden_eu_driver's_license_number` finds content that matches the pattern. - A keyword from `Keywords_eu_driver's_license_number` or `Keywords_sweden_eu_driver's_license_number` is found.
@@ -15390,12 +15398,12 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_swedish_national_identifier` finds content that matches the pattern. - A keyword from `Keywords_swedish_national_identifier` is found - The checksum passes.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_swedish_national_identifier` finds content that matches the pattern. - The checksum passes.
@@ -15451,7 +15459,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- the regular expression Regex_sweden_passport_number finds content that matches the pattern. - one of the following is true: - a keyword from Keyword_passport is found.
@@ -15535,11 +15543,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_sweden_eu_tax_file_number` finds content that matches the pattern. - A keyword from `Keywords_sweden_eu_tax_file_number` is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_sweden_eu_tax_file_number` finds content that matches the pattern. ```xml
@@ -15609,7 +15617,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_swift finds content that matches the pattern. - A keyword from Keyword_swift is found.
@@ -15691,11 +15699,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_swiss_social_security_number_ahv finds content that matches the pattern. - A keyword from Keywords_swiss_social_security_number_ahv is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_swiss_social_security_number_ahv finds content that matches the pattern. ```xml
@@ -15754,12 +15762,12 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_taiwanese_national_id finds content that matches the pattern. - A keyword from Keyword_taiwanese_national_id is found. - The checksum passes.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_taiwanese_national_id finds content that matches the pattern. - The checksum passes.
@@ -15816,7 +15824,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_taiwan_passport finds content that matches the pattern. - A keyword from Keyword_taiwan_passport is found.
@@ -15861,7 +15869,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_taiwan_resident_certificate finds content that matches the pattern. - A keyword from Keyword_taiwan_resident_certificate is found.
@@ -15909,11 +15917,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_Thai_Citizen_Id finds content that matches the pattern. - A keyword from Keyword_Thai_Citizen_Id is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_Thai_Citizen_Id finds content that matches the pattern. ```xml
@@ -15956,11 +15964,11 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_Turkish_National_Id finds content that matches the pattern. - A keyword from Keyword_Turkish_National_Id is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_Turkish_National_Id finds content that matches the pattern. ```xml
@@ -16007,7 +16015,7 @@ Yes
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_uk_drivers_license finds content that matches the pattern. - A keyword from Keyword_uk_drivers_license is found. - The checksum passes.
@@ -16058,7 +16066,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_uk_electoral finds content that matches the pattern. - A keyword from Keyword_uk_electoral is found.
@@ -16105,7 +16113,7 @@ Yes
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_uk_nhs_number finds content that matches the pattern. - One of the following is true: - A keyword from Keyword_uk_nhs_number is found.
@@ -16184,11 +16192,11 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_uk_nino finds content that matches the pattern. - A keyword from Keyword_uk_nino is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_uk_nino finds content that matches the pattern. ```xml
@@ -16252,7 +16260,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_uk_eu_tax_file_number` finds content that matches the pattern. - A keyword from `Keywords_uk_eu_tax_file_number` is found.
@@ -16304,7 +16312,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regular expression Regex_usa_bank_account_number finds content that matches the pattern. - A keyword from Keyword_usa_Bank_Account is found.
@@ -16368,12 +16376,12 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_new_york_drivers_license_number finds content that matches the pattern. - A keyword from Keyword_[state_name]_drivers_license_name is found. - A keyword from Keyword_us_drivers_license is found.
-A DLP policy is 65% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_new_york_drivers_license_number finds content that matches the pattern. - A keyword from Keyword_[state_name]_drivers_license_name is found. - A keyword from Keyword_us_drivers_license_abbreviations is found.
@@ -16531,15 +16539,15 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_formatted_itin finds content that matches the pattern. - A keyword from Keyword_itin is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_unformatted_itin finds content that matches the pattern. - A keyword from Keyword_itin is found.
-A DLP policy is 65% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_formatted_itin or Func_unformatted_itin finds content that matches the pattern. ```xml
@@ -16604,15 +16612,15 @@ No
### Definition
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_ssn finds content that matches the pattern. - A keyword from Keyword_ssn is found.
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_unformatted_ssn finds content that matches the pattern. - A keyword from Keyword_ssn is found.
-A DLP policy is 65% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_randomized_formatted_ssn finds content that matches the pattern. - A keyword from Keyword_ssn is found.
@@ -16677,7 +16685,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function Func_usa_uk_passport finds content that matches the pattern. - A keyword from Keyword_passport is found.
@@ -16735,7 +16743,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regex Regex_Ukraine_Passport_Domestic finds content that matches the pattern. - A keyword from Keyword_Ukraine_Passport_Domestic is found.
@@ -16785,7 +16793,7 @@ No
### Definition
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The regex Regex_Ukraine_Passport_International finds content that matches the pattern. - A keyword from Keyword_Ukraine_Passport_International is found.
@@ -16807,4 +16815,4 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- passport number - passport no - паспорт України-- номер паспорта
+- номер паспорта
\ No newline at end of file
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitive-information-type-learn-about https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitive-information-type-learn-about.md new file mode 100644
@@ -0,0 +1,148 @@
+---
+title: "Learn about sensitive information types"
+f1.keywords:
+- CSH
+ms.author: chrfox
+author: chrfox
+manager: laurawi
+ms.date:
+audience: Admin
+search.appverid: MET150
+ms.topic: conceptual
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+ms.service: O365-seccomp
+localization_priority: Normal
+ms.collection:
+- M365-security-compliance
+description: ""
+---
+
+# Learn about sensitive information types
+
+Identifying and classifying sensitive items that are under your organizations control is the first step in the [Information Protection discipline](protect-information.md). Microsoft 365 provides three ways of identifying items so that they can be classified:
+
+- manually by users
+- automated pattern recognition, like sensitive information types
+- [machine learning](classifier-learn-about.md)
+
+Sensitive information types are pattern-based classifiers. They detect sensitive information like social security, credit card, or bank account numbers to identify sensitive items, see [Sensitive information types entity definitions](sensitive-information-type-entity-definitions.md)
+
+## Sensitive information types are used in
+
+- [Data loss prevention policies](data-loss-prevention-policies.md)
+- [Sensitivity labels](sensitivity-labels.md)
+- [Retention labels](retention.md)
+- [Communication compliance](communication-compliance.md)
+- [Auto-labelling policies](apply-sensitivity-label-automatically.md#how-to-configure-auto-labeling-for-office-apps)
+
+## Fundamental parts of a sensitive information type
+
+Every sensitive information type entity is defined by these fields:
+
+- name: how the sensitive information type is referred to
+- description: describes what the sensitive information type is looking for
+- pattern: A pattern defines what a sensitive information type detects. It consists of the following components
+ - Primary element ΓÇô the main element that the sensitive information type is looking for. It can be a **regular expression** with or without a checksum validation, a **keyword list**, a **keyword dictionary**, or a **function**.
+ - Supporting element ΓÇô elements that act as supporting evidence that help in increasing the confidence of the match. For example, keyword ΓÇ£SSNΓÇ¥ in proximity of an SSN number. It can be a regular expression with or without a checksum validation, keyword list, keyword dictionary.
+ - Confidence Level - Confidence levels (high, medium, low) reflect how much supporting evidence was detected along with the primary element. The more supporting evidence an item contains, the higher the confidence that a matched item contains the sensitive info you're looking for.
+ - Proximity ΓÇô Number of characters between primary and supporting element
+
+![Diagram of corroborative evidence and proximity window](../media/dc68e38e-dfa1-45b8-b204-89c8ba121f96.png)
+
+Learn more about confidence levels in this video
++
+ > [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4Hx60]
+
+### Example sensitive information type
++
+## Argentina national identity (DNI) number
+
+### Format
+
+Eight digits separated by periods
+
+### Pattern
+
+Eight digits:
+- two digits
+- a period
+- three digits
+- a period
+- three digits
+
+### Checksum
+
+No
+
+### Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression Regex_argentina_national_id finds content that matches the pattern.
+- A keyword from Keyword_argentina_national_id is found.
+
+```xml
+<!-- Argentina National Identity (DNI) Number -->
+<Entity id="eefbb00e-8282-433c-8620-8f1da3bffdb2" recommendedConfidence="75" patternsProximity="300">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_argentina_national_id"/>
+ <Match idRef="Keyword_argentina_national_id"/>
+ </Pattern>
+</Entity>
+```
+
+### Keywords
+
+#### Keyword_argentina_national_id
+
+- Argentina National Identity number
+- Identity
+- Identification National Identity Card
+- DNI
+- NIC National Registry of Persons
+- Documento Nacional de Identidad
+- Registro Nacional de las Personas
+- Identidad
+- Identificaci├│n
+
+### More on confidence levels
+
+In a sensitive information type entity definition, **confidence level** reflects how much supporting evidence is detected in addition to the primary element. The more supporting evidence an item contains, the higher the confidence that a matched item contains the sensitive info you're looking for. For example, matches with a high confidence level will contain more supporting evidence in close proximity of the primary element, whereas matches with a low confidence level would contain little to no supporting evidence in close proximity.
+
+A high confidence level returns the fewest false positives but might result in more false negatives. Low or medium confidence levels returns more false positives but few to zero false negatives.
+
+- **low confidence**: value of 65, matched items will contain the fewest false negatives but the most false positives.
+- **medium confidence**: value of 75, matched items will contain an average amount of false positives and false negatives.
+- **high confidence**: value of 85, matched items will contain the fewest false positives but the most false negatives.
+
+You should use high confidence level patterns with low counts, say five to ten, and low confidence patterns with higher counts, say 20 or more.
+
+## Creating custom sensitive information types
+
+To create custom sensitive information types in the Security & Compliance Center, you can choose from several options:
+
+- **Use the UI** You can set up a custom sensitive information type using the Security & Compliance Center UI. With this method, you can use regular expressions, keywords, and keyword dictionaries. To learn more, see [Create a custom sensitive information type](create-a-custom-sensitive-information-type.md).
+
+- **Use EDM** You can set up custom sensitive information types using Exact Data Match (EDM)-based classification. This method enables you to create a dynamic sensitive information type using a secure database that you can refresh periodically. See [Create a custom sensitive information type with Exact Data Match based classification](create-custom-sensitive-information-types-with-exact-data-match-based-classification.md).
+
+- **Use PowerShell** You can set up custom sensitive information types using PowerShell. Although this method is more complex than using the UI, you have more configuration options. See [Create a custom sensitive information type in Security & Compliance Center PowerShell](create-a-custom-sensitive-information-type-in-scc-powershell.md).
+++
+> [!NOTE]
+> Microsoft 365 Information Protection now supports in preview double byte character set languages for:
+> - Chinese (simplified)
+> - Chinese (traditional)
+> - Korean
+> - Japanese
+
+>This support is available for sensitive information types. See, [Information protection support for double byte character sets release notes (preview)](mip-dbcs-relnotes.md) for more information.
+
+## For further information
+- [Sensitive information type entity definitions](sensitive-information-type-entity-definitions.md)
+- [Create a custom sensitive information type](create-a-custom-sensitive-information-type.md)
+- [Create a custom sensitive information type in PowerShell](create-a-custom-sensitive-information-type-in-scc-powershell.md)
+
+<!-- fwlink for this topic https://go.microsoft.com/fwlink/?linkid=2135644-->
\ No newline at end of file
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-office-apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-office-apps.md
@@ -84,7 +84,7 @@ The numbers listed are the minimum Office application version required for each
|[Dynamic markings with variables](#dynamic-markings-with-variables) | Under review | Under review | Under review | Under review | Under review | |[Assign permissions now](encryption-sensitivity-labels.md#assign-permissions-now) | 1910+ | 16.21+ | 4.7.1+ | 4.0.39+ | Yes | |[Let users assign permissions](encryption-sensitivity-labels.md#let-users-assign-permissions) | 1910+ | 16.21+ | 4.7.1+ | 4.0.39+ | Yes |
-|[Require users to apply a label to their email and documents](#require-users-to-apply-a-label-to-their-email-and-documents) | Preview: [Current Channel (Preview)](https://office.com/insider)) | 16.43+ | 4.57.0+ | 4.2037.4+ | Yes |
+|[Require users to apply a label to their email and documents](#require-users-to-apply-a-label-to-their-email-and-documents) | Preview: [Current Channel (Preview)](https://office.com/insider)) | 16.43+ | Under review | Under review | Yes |
|[View label usage with label analytics](label-analytics.md) and send data for administrators | Preview: [Current Channel (Preview)](https://office.com/insider) | Preview: [Current Channel (Preview)](https://office.com/insider) | Under review | Under review | Yes | |[Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md) | 2009+ | 16.44+ | Under review | Under review | Yes | |
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels.md
@@ -38,11 +38,6 @@ Example showing available sensitivity labels in Excel, from the **Home** tab on
To apply sensitivity labels, users must be signed in with their Microsoft 365 work or school account.
-> [!NOTE]
-> For US Government tenants (GCC, GCC-H, and DoD), sensitivity labels are currently supported only for the Azure Information Protection unified labeling client and scanner.
->
-> For more information, see [Azure Information Protection Premium Government Service Description](https://docs.microsoft.com/enterprise-mobility-security/solutions/ems-aip-premium-govt-service-description).
- You can use sensitivity labels to: - **Provide protection settings that include encryption and content markings.** For example, apply a "Confidential" label to a document or email, and that label encrypts the content and applies a "Confidential" watermark. Content markings include headers and footers as well as watermarks, and encryption can also restrict what actions authorized people can take on the content.
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/ms-cloud-germany-transition-add-experience https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/ms-cloud-germany-transition-add-experience.md
@@ -22,11 +22,15 @@ description: "Summary: Additional customer experience information when moving fr
# Migration phases actions and impacts for the migration from Microsoft Cloud Deutschland (advanced)
+Tenant migrations from Microsoft Cloud Deutschland to the Germany region of Microsoft's Office 365 services are executed as a set of phases and their configured actions for each workload. This figure shows the nine phases of migration to the new German datacenters.
+
+![The nine phases of migration to the new Germany datacenters](../media/ms-cloud-germany-migration-opt-in/migration-organization.png)
+ The following sections provide additional information on customer experiences when moving from Microsoft Cloud Germany (Microsoft Cloud Deutschland) to Office 365 services in the new German datacenter region. ## Services
-### Azure AD
+### Azure AD (Phase 2 of 9)
| Step(s) | Description | Applies to | Impact | |:-------|:-----|:-------|:-------|
@@ -35,7 +39,7 @@ The following sections provide additional information on customer experiences wh
| Migration of Azure resources. | Customers who use Office 365 and Azure resources (for example, networking, compute, and storage) will perform the migration of resources to the Office 365 services instance. This migration is a responsibility for customers. Message Center posts will signal the start. Migration must be completed before finalization of the Azure AD organization in the Office 365 services environment. | Azure Customers | For Azure migrations, see the Azure migration playbook, [Overview of migration guidance for Azure Germany](https://docs.microsoft.com/azure/germany/germany-migration-main). | |||||
-### Exchange Online
+### Exchange Online (Phase 5 of 9)
If you're using **Set-UserPhoto**:
@@ -51,7 +55,7 @@ If you're using a hybrid, on-premises deployment:
|Stop or delete any onboarding or offboarding moves of mailboxes. | This ensures the move requests don't fail with an error. | Exchange Online customers with hybrid (on-premises) deployments | Required action. Failure to do so may result in failure of the service or of software clients. | |||||
-### Dynamics
+### Dynamics (Phase 8 of 9)
| Step(s) | Description | Applies to | Impact | |:-------|:-----|:-------|:-------|
@@ -61,7 +65,7 @@ If you're using a hybrid, on-premises deployment:
\* (i) Customers with Microsoft Dynamics 365 must take action in this migration scenario as defined by the migration process provided. (ii) Failure by the customer to take action will mean that Microsoft will be unable to complete the migration. (iii) When Microsoft is unable to complete the migration due to the customer's inaction, then the customer's subscription will expire on October 29, 2021.
-### Power BI
+### Power BI (Phase 8 of 9)
| Step(s) | Description | Applies to | Impact | |:-------|:-----|:-------|:-------|
@@ -72,34 +76,34 @@ If you're using a hybrid, on-premises deployment:
(i) Customers with Microsoft Power BI must take action in this migration scenario as defined by the Migration process provided. (ii) Failure by the customer to take action will mean that Microsoft will be unable to complete the migration. (iii) When Microsoft is unable to complete the migration due to the customer's inaction, then the customer's subscription will expire on October 29, 2021.
-### Office Apps
+### Office Apps (Phase 9 of 9)
| Step(s) | Description | Applies to | Impact | |:-------|:-----|:-------|:-------|
-| Clients, Office Online during Office client cutover, Azure AD finalizes the tenant scope to point to the Office 365 services. | This configuration change enables Office clients to update and point to the Office 365 services endpoints. | All Office customers | - Remove MSOID CName from customer-owned DNS, if it exists. <br><br> - Notify users to close _all_ Office apps and then sign back in (or force clients to restart and users to sign in) to enable Office clients to pick up the change. <br><br> - Notify users and help desk staff that users *may* see an Office banner that prompts them to reactivate Office apps within 72 hours of the cutover. <br><br> - All Office applications on personal machines must be closed, and users must sign out then sign in again. In the Yellow activation bar, sign in to reactivate against Office 365 services. <br><br> - Shared machines will require actions that are similar to personal machines, and won't require a special procedure. <br><br> - On mobile devices, users must sign out of apps, close them, and then sign in again. |
+| Clients, Office Online during Office client cutover, Azure AD finalizes the tenant scope to point to the Office 365 services. | This configuration change enables Office clients to update and point to the Office 365 services endpoints. | All Office customers | - Notify users to close _all_ Office apps and then sign back in (or force clients to restart and users to sign in) to enable Office clients to pick up the change. <br><br> - Notify users and help desk staff that users *may* see an Office banner that prompts them to reactivate Office apps within 72 hours of the cutover. <br><br> - All Office applications on personal machines must be closed, and users must sign out then sign in again. In the Yellow activation bar, sign in to reactivate against Office 365 services. <br><br> - Shared machines will require actions that are similar to personal machines, and won't require a special procedure. <br><br> - On mobile devices, users must sign out of apps, close them, and then sign in again. |
||||| ## During migration -
-### Exchange Online
-
-For eDiscovery:
+### SharePoint Online (Phase 4 of 9)
| Step(s) | Description | Applies to | Impact | |:-------|:-----|:-------|:-------|
-| During migration, eDiscovery searches will fail or return 0 results for SharePoint Online, OneDrive for Business, and Exchange Online locations that have been migrated. | During migration, customers can continue to create cases, holds, searches, and exports in the [Security & Compliance Center](https://docs.microsoft.com/microsoft-365/compliance/manage-legal-investigations), including [Content Search](https://docs.microsoft.com/microsoft-365/compliance/search-for-content). However, searches against SharePoint Online, OneDrive for Business, and Exchange Online locations that have been migrated will either return 0 results or produce an error. For remediation, see the _Impact_ column. | All customers using eDiscovery | In the event that a search returns 0 results or an error during migration, please take the following action for SharePoint Online: <br><br> Download sites directly from SharePoint Online/ OneDrive for Business site by following the instructions in [Download files and folders from OneDrive or SharePoint](https://support.office.com/article/download-files-and-folders-from-onedrive-or-sharepoint-5c7397b7-19c7-4893-84fe-d02e8fa5df05). This method will require SharePoint Online administrator permissions or read-only permissions on the site. <br><br> If limits are exceeded, as explained in [Download files and folders from OneDrive or SharePoint](https://support.office.com/article/download-files-and-folders-from-onedrive-or-sharepoint-5c7397b7-19c7-4893-84fe-d02e8fa5df05), customers can use the OneDrive for Business sync client by following the guidance in [Sync SharePoint and Teams files with your computer](https://support.office.com/article/sync-sharepoint-files-with-the-new-onedrive-sync-app-6de9ede8-5b6e-4503-80b2-6190f3354a88). <br><br> - Exchange Online <br><br> - [In-Place eDiscovery in Exchange Server](https://docs.microsoft.com/Exchange/policy-and-compliance/ediscovery/ediscovery) |
+| SharePoint and OneDrive are transitioned. | SharePoint and OneDrive are migrated from Microsoft Cloud Deutschland to Office 365 services in this phase. Existing Microsoft Cloud Deutschland URLs are preserved (`contoso.sharepoint.de`). Tokens issued by Microsoft Cloud Deutschland or Office 365 services are valid during the transition. | SharePoint customers | Inflight SharePoint 2013 workflows will be broken during migration and must be republished after migration. |
|||||
-### SharePoint Online
+### Exchange Online (Phase 5 of 9)
+
+For eDiscovery:
| Step(s) | Description | Applies to | Impact | |:-------|:-----|:-------|:-------|
-| SharePoint and OneDrive are transitioned. | SharePoint and OneDrive are migrated from Microsoft Cloud Deutschland to Office 365 services in this phase. Existing Microsoft Cloud Deutschland URLs are preserved (`contoso.sharepoint.de`). Tokens issued by Microsoft Cloud Deutschland or Office 365 services are valid during the transition. | SharePoint customers | Inflight SharePoint 2013 workflows will be broken during migration and must be republished after migration. |
+| During migration, eDiscovery searches will fail or return 0 results for SharePoint Online, OneDrive for Business, and Exchange Online locations that have been migrated. | During migration, customers can continue to create cases, holds, searches, and exports in the [Security & Compliance Center](https://docs.microsoft.com/microsoft-365/compliance/manage-legal-investigations), including [Content Search](https://docs.microsoft.com/microsoft-365/compliance/search-for-content). However, searches against SharePoint Online, OneDrive for Business, and Exchange Online locations that have been migrated will either return 0 results or produce an error. For remediation, see the _Impact_ column. | All customers using eDiscovery | In the event that a search returns 0 results or an error during migration, please take the following action for SharePoint Online: <br><br> Download sites directly from SharePoint Online/ OneDrive for Business site by following the instructions in [Download files and folders from OneDrive or SharePoint](https://support.office.com/article/download-files-and-folders-from-onedrive-or-sharepoint-5c7397b7-19c7-4893-84fe-d02e8fa5df05). This method will require SharePoint Online administrator permissions or read-only permissions on the site. <br><br> If limits are exceeded, as explained in [Download files and folders from OneDrive or SharePoint](https://support.office.com/article/download-files-and-folders-from-onedrive-or-sharepoint-5c7397b7-19c7-4893-84fe-d02e8fa5df05), customers can use the OneDrive for Business sync client by following the guidance in [Sync SharePoint and Teams files with your computer](https://support.office.com/article/sync-sharepoint-files-with-the-new-onedrive-sync-app-6de9ede8-5b6e-4503-80b2-6190f3354a88). <br><br> - Exchange Online <br><br> - [In-Place eDiscovery in Exchange Server](https://docs.microsoft.com/Exchange/policy-and-compliance/ediscovery/ediscovery) |
|||||
-### Skype for Business Online
+
+### Skype for Business Online (Phase 7 of 9)
| Step(s) | Description | Applies to | Impact | |:-------|:-----|:-------|:-------|
@@ -109,7 +113,7 @@ For eDiscovery:
## Post-migration
-### Azure AD
+### Azure AD (Phase 9 of 9)
For hybrid:
@@ -146,7 +150,15 @@ For third-party services for Office 365 services endpoints:
| Update partners and third-party services for Office 365 services endpoints. | - Third-party services and partners that point to Office 365 Germany need to be updated to point to the Office 365 services endpoints. Example: Re-register, in alignment with your vendors and partners, the gallery app version of applications, if available. <br><br> - Point all custom applications that leverage Graph API from `graph.microsoft.de` to `graph.microsoft.com`. Other APIs with changed endpoints also need to be updated, if leveraged. <br><br> - Change all non-first-party enterprise applications to redirect to the worldwide endpoints. | All Office customers | Required action. Failure to do so may result in failure of the service or of software clients. | |||||
-### Exchange Online
+### SharePoint Online (Phase 4 of 9)
+
+| Step(s) | Description | Applies to | Impact |
+|:-------|:-----|:-------|:-------|
+| Republish SharePoint 2013 workflows. | In the pre-migration work, we reduced the number of SharePoint 2013 workflows. Now with migration complete, the customer can republish the workflows. | All Office customers | This is a required action. Failure to do so may result in user confusion and help desk calls. |
+| Share items via Outlook | Sharing items via Outlook no longer works after tenant cutover. | SharePoint Online and OneDrive for Business | - In SharePoint Online and OneDrive for Business, you can share items via Outlook. After pressing the Outlook button, a shareable link is created and pushed into a new message in the Outlook Web App. <br><br> - After tenant cutover, this method of sharing won't work. We recognize this is a known issue. However, since this Outlook feature is in the path of deprecation, fixing the issue is not planned until the deprecation is rolled out. |
++
+### Exchange Online (Phase 5 of 9)
If you're using a hybrid Exchange configuration:
@@ -162,12 +174,7 @@ For eDiscovery:
| Remove organization-wide retention policies that were created during pre-migration steps | Customers can remove the organization-wide retention policies that were created during the customers' pre-migration work. | All customers who applied a retention policy as part of pre-migration steps. | None. | |||||
-### SharePoint Online
-| Step(s) | Description | Applies to | Impact |
-|:-------|:-----|:-------|:-------|
-| Republish SharePoint 2013 workflows. | In the pre-migration work, we reduced the number of SharePoint 2013 workflows. Now with migration complete, the customer can republish the workflows. | All Office customers | This is a required action. Failure to do so may result in user confusion and help desk calls. |
-| Share items via Outlook | Sharing items via Outlook no longer works after tenant cutover. | SharePoint Online and OneDrive for Business | - In SharePoint Online and OneDrive for Business, you can share items via Outlook. After pressing the Outlook button, a shareable link is created and pushed into a new message in the Outlook Web App. <br><br> - After tenant cutover, this method of sharing won't work. We recognize this is a known issue. However, since this Outlook feature is in the path of deprecation, fixing the issue is not planned until the deprecation is rolled out. |
## Next step
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/ms-cloud-germany-transition-add-pre-work https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/ms-cloud-germany-transition-add-pre-work.md
@@ -22,6 +22,22 @@ description: "Summary: Pre-work when moving from Microsoft Cloud Germany (Micros
# Pre-work for the migration from Microsoft Cloud Deutschland +
+Use these links to get to the pre-work steps relevant to your organization:
+
+- For all subscriptions, do [these steps](#applies-to-everyone).
+- If you're using Exchange Online or Exchange hybrid, do [this step](#exchange-online).
+- If you're using SharePoint Online, do [this step](#sharepoint-online).
+- If you're using a third-party mobile device management (MDM) solution, do [this step](#mobile).
+- If you're using third-party service or line-of-business (LOB) apps that are integrated with Office 365, do [this step](#line-of-business-apps).
+- If you're also using Azure services beyond those included with your Office 365 subscription, do [this step](#azure).
+- If you're also using Dynamics 365, do [this step](#dynamics365).
+- If you're also using Power BI, do [this step](#power-bi).
+- For DNS changes, do [this step](#dns).
+- If you're using federated identity, do [these steps](#federated-identity).
+
+## Applies to everyone
+ | Step(s) | Description | Applies to | Impact | |:-------|:-----|:-------|:-------| | Ensure network connectivity to [Office 365 services URLs and IP addresses](https://aka.ms/o365urls). | All clients and services hosted by the customer that are used to access Office 365 service must be able to access the Office 365 services endpoints. | All transitioning customers, and customers with network access restricted to Microsoft Cloud Deutschland. | Required action. Inaction may result in failures of the service or client software. |
@@ -44,13 +60,48 @@ description: "Summary: Pre-work when moving from Microsoft Cloud Germany (Micros
| Notify external partners of the upcoming transition to Office 365 services. | Availability address space configurations allow sharing of free/busy information with Office 365. | Exchange Online customers who have enabled sharing calendar and availability address space. | Required action. Failure to do so may result in service or client failure at a later phase of customer migration. | |||||
-If you have hybrid Exchange:
+<!--
+Reworked as text:
+
+**Step:** Notify external partners of the upcoming transition to Office 365 services.
+
+**Description:** Availability address space configurations allow sharing of free/busy information with Office 365. | Exchange Online customers who have enabled sharing calendar and availability address space.
+
+**Applies to:** Exchange Online customers who have enabled sharing calendar and availability address space.
+
+**Impact:** Required action. Failure to do so may result in service or client failure at a later phase of customer migration.
+
+- **Step:** Notify external partners of the upcoming transition to Office 365 services.
+
+- **Description:** Availability address space configurations allow sharing of free/busy information with Office 365. | Exchange Online customers who have enabled sharing calendar and availability address space.
+
+- **Applies to:** Exchange Online customers who have enabled sharing calendar and availability address space.
+
+- **Impact:** Required action. Failure to do so may result in service or client failure at a later phase of customer migration.
+
+-->
++
+### For hybrid Exchange
| Step(s) | Description | Applies to | Impact | |:-------|:-----|:-------|:-------| | Uninstall previous versions of Hybrid Configuration wizard (HCW), and then install and execute the latest version, 17.0.5378.0, from [https://aka.ms/hybridwizard](https://aka.ms/hybridwizard). | The latest version of the HCW includes necessary updates to support customers who are transitioning from Microsoft Cloud Deutschland to Office 365 Services. <br><br> Updates include changes to on-premises certificate settings for Send connector and Receive connector. | Exchange Online customers running Hybrid deployment | Required action. Failure to do so may result in service or client failure. | |||||
+<!--
+Reworked as text:
+
+**Step:** Uninstall previous versions of Hybrid Configuration wizard (HCW), and then install and execute the latest version, 17.0.5378.0, from [https://aka.ms/hybridwizard](https://aka.ms/hybridwizard).
+
+**Description:** The latest version of the HCW includes necessary updates to support customers who are transitioning from Microsoft Cloud Deutschland to Office 365 Services. <br><br> Updates include changes to on-premises certificate settings for Send connector and Receive connector.
+
+**Applies to:** Exchange Online customers running Hybrid deployment
+
+**Impact:** Required action. Failure to do so may result in service or client failure.
+-->
++ ## SharePoint Online If you have SharePoint 2013:
@@ -85,6 +136,26 @@ If you're using a third-party service or line-of-business (LOB) apps that are in
| Determine which Azure services are in use and prepare for future migration from Germany to the Office 365 services tenant by working with your partners. Follow the steps described in the [Azure migration playbook](https://docs.microsoft.com/azure/germany/germany-migration-main). | Migration of Azure resources is a customer responsibility and requires manual effort following prescribed steps. Understanding what services are in use in the organization is key to successful migration of Azure services. <br><br> Office 365 Germany customers who have Azure subscriptions under the same identity partition (organization) must follow the Microsoft-prescribed order when they can begin subscription and services migration. | Azure Customers | - Customers may have multiple Azure subscriptions, each subscription containing infrastructure, services, and platform components. <br><br> - Administrators should identify subscriptions and stakeholders to ensure prompt migration and validation is possible as part of this migration event. <br><br> Failing to successfully complete migration of these subscriptions and Azure components within the prescribed timeline will affect completion of the Office and Azure AD transition to Office 365 services and may result in data loss. <br><br> - A Message center notification will signal the point at which customer-led migration can begin. | |||||
+<!--
+Reworked as text:
+
+**Step:** Determine which Azure services are in use and prepare for future migration from Germany to the Office 365 services tenant by working with your partners. Follow the steps described in the [Azure migration playbook](https://docs.microsoft.com/azure/germany/germany-migration-main).
+
+**Description:** Migration of Azure resources is a customer responsibility and requires manual effort following prescribed steps. Understanding what services are in use in the organization is key to successful migration of Azure services.
+
+Office 365 Germany customers who have Azure subscriptions under the same identity partition (organization) must follow the Microsoft-prescribed order when they can begin subscription and services migration.
+
+**Applies to:** Azure Customers
+
+**Impact:**
+
+- Customers may have multiple Azure subscriptions, each subscription containing infrastructure, services, and platform components.
+- Administrators should identify subscriptions and stakeholders to ensure prompt migration and validation is possible as part of this migration event.
+
+ Failing to successfully complete migration of these subscriptions and Azure components within the prescribed timeline will affect completion of the Office and Azure AD transition to Office 365 services and may result in data loss.
+- A Message center notification will signal the point at which customer-led migration can begin.
+-->
+ ## Dynamics 365 | Step(s) | Description | Applies to | Impact |
@@ -103,7 +174,7 @@ If you're using a third-party service or line-of-business (LOB) apps that are in
| Step(s) | Description | Applies to | Impact | |:-------|:-----|:-------|:-------|
-| Review and prepare for DNS change if the current DNS has an MSOID CName entry. | Customer-owned DNS zone changes | Office client services customers | Update the Time to Live (TTL) for customer-owned DNS records to 5 minutes if an MSOID CName exists. |
+| Remove MSOID, CName from customer-owned DNS if it exists anytime before Azure AD cut-over. A TTL of 5 minutes can be set so that the change can take effect quickly. | Customer-owned DNS zone changes | Office client services customers |
||||| ## Federated identity
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/ms-cloud-germany-transition-phases https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/ms-cloud-germany-transition-phases.md
@@ -22,7 +22,11 @@ description: "Summary: Understand the migration phases actions and impacts of mo
# Migration phases actions and impacts for the migration from Microsoft Cloud Deutschland (general)
-Tenant migrations from Microsoft Cloud Deutschland to the Germany region of Microsoft's Office 365 services are executed as a set of configured actions for each workload. These actions ensure that critical data and experiences are migrated to the Office 365 services. After your tenant is added to the migration queue, each workload will be completed as a set of steps that are executed on the backend service. Some workloads may require actions by the administrator (or user), or the migration may affect usage for the phases that are executed and discussed in [How is the migration organized?](ms-cloud-germany-transition.md#how-is-the-migration-organized)
+Tenant migrations from Microsoft Cloud Deutschland to the Germany region of Microsoft's Office 365 services are executed as a set of phases and their configured actions for each workload. This figure shows the nine phases of migration to the new German datacenters.
+
+![The nine phases of migration to the new Germany datacenters](../media/ms-cloud-germany-migration-opt-in/migration-organization.png)
+
+The phases and their actions ensure that critical data and experiences are migrated to the Office 365 services. After your tenant is added to the migration queue, each workload will be completed as a set of steps that are executed on the backend service. Some workloads may require actions by the administrator (or user), or the migration may affect usage for the phases that are executed and discussed in [How is the migration organized?](ms-cloud-germany-transition.md#how-is-the-migration-organized)
The following sections contain actions and effects for workloads as they progress through various phases of the migration. Review the tables and determine which actions or effects are applicable to your organization. Ensure that you're prepared to execute the steps in the respective phases as required. Failure to complete necessary steps may result in service outage and might delay completion of the migration to the Office 365 services.
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/ms-cloud-germany-transition https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/ms-cloud-germany-transition.md
@@ -58,11 +58,11 @@ Office 365 Video is being retired on March 1, 2021. If you choose to migrate you
## How is the migration organized?
-This figure represents the various components of Office 365 and Dynamics 365 in the migration to the new German datacenters.
+This figure shows the nine phases of migration to the new German datacenters.
-![Components of Office 365 and Dynamics 365 in the migration to the new Germany datacenters](../media/ms-cloud-germany-migration-opt-in/migration-organization.png)
+![The nine phases of migration to the new Germany datacenters](../media/ms-cloud-germany-migration-opt-in/migration-organization.png)
-Migration is executed in phases that all start when you [opt-in for migration](https://aka.ms/office365germanymoveoptin). Most of the migration phases are executed as back-end service operations with minimal customer interaction required and are executed one phase after the other. The start for additional customer-led tasks and overall migration status will be communicated through the Message center of the Microsoft 365 admin center during the migration process. Example of tasks may include customer-managed DNS updates, reconfiguration of hybrid setup for Exchange hybrid customers, or Azure migration.
+These phases start when you [opt-in for migration](https://aka.ms/office365germanymoveoptin). Most of the migration phases are executed as back-end service operations with minimal customer interaction required and are executed one phase after the other. The start for additional customer-led tasks and overall migration status will be communicated through the Message center of the Microsoft 365 admin center during the migration process. Example of tasks may include customer-managed DNS updates, reconfiguration of hybrid setup for Exchange hybrid customers, or Azure migration.
Migration does not immediately begin when opt-in occurs. Your organization is added to the list of tenants that are scheduled for later migration. You can begin the pre-work phases now as these are critical to ensure successful migration and usage upon completion:
managed-desktop https://docs.microsoft.com/en-us/microsoft-365/managed-desktop/get-ready/readiness-assessment-downloadable https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/get-ready/readiness-assessment-downloadable.md new file mode 100644
@@ -0,0 +1,86 @@
+---
+title: Downloadable readiness assessment checker
+description: Checks device and network settings, including required endpoints
+keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation
+ms.service: m365-md
+author: jaimeo
+ms.localizationpriority: normal
+ms.collection: M365-modern-desktop
+ms.author: jaimeo
+manager: laurawi
+ms.topic: article
+---
++
+# Downloadable readiness assessment checker
+
+To work well with Microsoft Managed Desktop, devices must meet certain requirements for hardware and settings. Also, each device must be able to reach key endpoints. Download and run this tool to obtain an HTML report, view results, and then take action. You will need to download the tool and supporting files, and then run it manually on each device you want to enroll in Microsoft Managed Desktop.
+
+For each check, the tool will report one of three possible results:
++
+|Result |Meaning |
+|---------|---------|
+|Ready | No action is required before you complete enrollment. |
+|Advisory | Follow the steps in the tool for the best experience with enrollment and for users. You *can* complete enrollment, but you must fix these issues before you deploy your first device. |
+|Not ready | *Enrollment will fail* if you don't fix these issues. Follow the steps in the tool to resolve them. |
+
+## Obtain the checker
+
+Download the .zip file from https://aka.ms/mmddratoolv0.
+
+> [!NOTE]
+> The user running the tool must have local Administrator rights on the device where they're running it.
+
+ Then run the tool by following these steps:
+
+1. Copy the downloaded .zip file to each device you want to check.
+2. Extract all files in the compressed download.
+3. Run **Microsoft.MMD.DeviceReadinessAssessmentTool.exe**.
+4. When the User Access Control prompt appears, select **Yes**. The tool runs and opens a report in your default browser.
+
+You could also download and extract the .zip archive to a shared location, access **Microsoft.MMD.DeviceReadinessAssessmentTool.exe** from each device, and then run it locally.
++
+## Checks
+
+The downloadable tool checks these device- and network-related items:
+
+### Hardware
+
+Devices must meet specific hardware requirements to work with Microsoft Managed Desktop. Currently, only specific [approved devices](../service-description/device-list.md) are allowed to enroll.
+
+If your device fails any of the checks, it's not compatible with Microsoft Managed Desktop.
+
+### Network endpoints
+
+Devices much be able to reach several [key endpoints](network.md) to work with Microsoft Managed Desktop.
+
+If the tool reports a **Not ready** result, see the detailed report to find out which endpoints weren't reachable. Then adjust your firewall or other network settings to ensure those endpoints can be reached.
+
+### Other settings
+
+#### Enterprise wi-fi profiles
+
+An **Advisory** result means that you are using some wi-fi profiles that need certificates and profiles to work properly. For more information, see [Deploy certificates and Wi-Fi/VPN profile](certs-wifi-lan.md#deploy-certificates-and-wi-fivpn-profile).
+
+#### LAN profiles
+
+An **Advisory** result means that you have LANs that need certificates and profiles to work properly. For more information, see [Prepare certificates and network profiles for Microsoft Managed Desktop](certs-wifi-lan.md).
+
+#### VPN profiles
+
+An **Advisory** result means that you're using a virtual private network (VPN). Create a VPN profile that deploys certificates integrated with Microsoft Intune. For more information, see [Prepare certificates and network profiles for Microsoft Managed Desktop](certs-wifi-lan.md).
+
+#### Mapped drives
+
+An **Advisory** result means that you have some mapped drives, which aren't recommended. For more information, see [Prepare mapped drives for Microsoft Managed Desktop](mapped-drives.md).
+
+#### Print queues
+
+An **Advisory** result means that you have some outstanding print queues, which aren't recommended. One solution is to use cloud printing. For more information, see [Prepare printing resources for Microsoft Managed Desktop](printing.md).
+
+#### Proxies
+
+An **Advisory** result means that you have a proxy server in use. For more information, see [Network configuration for Microsoft Managed Desktop](network.md).
+
managed-desktop https://docs.microsoft.com/en-us/microsoft-365/managed-desktop/get-ready/readiness-assessment-fix https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/get-ready/readiness-assessment-fix.md
@@ -32,7 +32,7 @@ You can access Intune settings at the Microsoft Endpoint Manager [admin center](
### Autopilot deployment profile
-You shouldn't have any existing Autopilot profiles that target assigned or dynamic groups used by Microsoft Managed Desktop. Microsoft Managed Desktop uses Autopilot to provision new devices.
+You shouldn't have any existing Autopilot profiles that target assigned or dynamic groups with Microsoft Managed Desktop devices. Microsoft Managed Desktop uses Autopilot to provision new devices.
**Not ready**
@@ -41,35 +41,35 @@ You have an Autopilot profile that is assigned to all devices. For steps, see
**Advisory**
-Make sure that your Autopilot profiles target an assigned or dynamic Azure AD group that doesn't include Microsoft Managed Desktop devices that will be created at enrollment. For steps, see
-[Enroll Windows devices in Intune by using Windows Autopilot](https://docs.microsoft.com/mem/autopilot/enrollment-autopilot). After Microsoft Managed Desktop enrollment, set your Autopilot policy to exclude the **Modern Workplace Devices -All** Azure AD group.
+Make sure that your Autopilot profiles target an assigned or dynamic Azure AD group that doesn't include Microsoft Managed Desktop devices. For steps, see
+[Enroll Windows devices in Intune by using Windows Autopilot](https://docs.microsoft.com/mem/autopilot/enrollment-autopilot). After Microsoft Managed Desktop enrollment, set your Autopilot profiles to exclude the **Modern Workplace Devices -All** Azure AD group.
### Certificate connectors
-If you have any certificate connectors used by the devices you want to enroll in Microsoft Managed Desktop, the connectors cannot have any errors. Only one of the following advisories will apply to your situation, so check them carefully.
+If you have any certificate connectors that will be used by the devices you want to enroll in Microsoft Managed Desktop, the connectors should not have any errors. Only one of the following advisories will apply to your situation, so check them carefully.
**Advisory**
-No certificate connectors are present. It's possible you don't need any connectors, but you should evaluate whether you might need some for network connectivity to Microsoft Managed Desktop devices. For more information, see [Prepare certificates and network profiles for Microsoft Managed Desktop](certs-wifi-lan.md).
+No certificate connectors are present. It's possible you don't need any connectors, but you should evaluate whether you might need some for network connectivity on your Microsoft Managed Desktop devices. For more information, see [Prepare certificates and network profiles for Microsoft Managed Desktop](certs-wifi-lan.md).
**Advisory**
-At least one certificate connector has an error. If you need this connector for connectivity to Microsoft Managed Desktop devices, you must resolve the error. For more information, see [Prepare certificates and network profiles for Microsoft Managed Desktop](certs-wifi-lan.md).
+At least one certificate connector has an error. If you need this connector for providing certificates to Microsoft Managed Desktop devices, you must resolve the error. For more information, see [Prepare certificates and network profiles for Microsoft Managed Desktop](certs-wifi-lan.md).
**Advisory**
-You have at least one certificate connector and no errors are reported. However, you might need to create a profile to reuse the connector for Microsoft Managed Desktop devices. For more information, see [Prepare certificates and network profiles for Microsoft Managed Desktop](certs-wifi-lan.md).
+You have at least one certificate connector and no errors are reported. However, in preparation for deployment, you might need to create a profile to reuse the connector for Microsoft Managed Desktop devices. For more information, see [Prepare certificates and network profiles for Microsoft Managed Desktop](certs-wifi-lan.md).
### Conditional access policies
-Conditional access policies in your Azure AD organization must not target any Microsoft Manage Desktop users.
+Conditional access policies in your Azure AD organization must not target any Microsoft Manage Desktop service accounts.
**Not ready**
-You have at least one conditional access policy that targets all users. Reset the policy to target a specific Azure AD group that does not include the Azure AD group of Microsoft Managed Desktop service accounts that will be created at enrollment. For steps, see [Conditional Access: Users and groups](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-conditional-access-users-groups).
+You have at least one conditional access policy that targets all users. Modify the policy to target a specific Azure AD group that does not include the Azure AD group of Microsoft Managed Desktop service accounts that will be created at enrollment. For steps, see [Conditional Access: Users and groups](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-conditional-access-users-groups).
**Advisory**
@@ -88,29 +88,29 @@ The Intune Administrator role doesn't have sufficient permissions for this check
### Device Compliance policies
-Intune Device Compliance policies in your Azure AD organization must not target any Microsoft Managed Desktop users.
+Intune Device Compliance policies in your Azure AD organization might impact Microsoft Managed Desktop devices.
**Not ready**
-You have at least one compliance policy that targets all users. Reset the policy to target a specific Azure AD group that does not include any Microsoft Managed Desktop users. For steps, see [Create a compliance policy in Microsoft Intune](https://docs.microsoft.com/mem/intune/protect/create-compliance-policy).
+You have at least one compliance policy that targets all users. Microsoft Managed Desktop includes compliance policies that will target your Microsoft Managed Desktop devices. Change the policy to target a specific Azure AD group that does not include any Microsoft Managed Desktop users or devices. For steps, see [Create a compliance policy in Microsoft Intune](https://docs.microsoft.com/mem/intune/protect/create-compliance-policy).
**Advisory**
-Make sure that any compliance policies you have don't include any Microsoft Managed Desktop users. For steps, see [Create a compliance policy in Microsoft Intune](https://docs.microsoft.com/mem/intune/protect/create-compliance-policy).
+Make sure that any compliance policies you have don't target any Microsoft Managed Desktop users. For steps, see [Create a compliance policy in Microsoft Intune](https://docs.microsoft.com/mem/intune/protect/create-compliance-policy).
-### Device Configuration policies
+### Device Configuration profiles
-Intune Device Configuration policies in your Azure AD organization must not target any Microsoft Manage Desktop devices or users.
+Intune Device Configuration profiles in your Azure AD organization must not target any Microsoft Manage Desktop devices or users.
**Not ready**
-You have at least one configuration policy that targets all users, all devices, or both. Reset the policy to target a specific Azure AD group that does not include any Microsoft Managed Desktop devices. For steps, see [Create a compliance policy in Microsoft Intune](https://docs.microsoft.com/mem/intune/configuration/custom-settings-configure).
+You have at least one configuration profile that targets all users, all devices, or both. Reset the profile to target a specific Azure AD group that does not include any Microsoft Managed Desktop devices. For steps, see [Create a profile with custom settings in Microsoft Intune](https://docs.microsoft.com/mem/intune/configuration/custom-settings-configure).
**Advisory**
-Make sure that any compliance policies you have don't include any Microsoft Managed Desktop devices or users. For steps, see [Create a compliance policy in Microsoft Intune](https://docs.microsoft.com/mem/intune/configuration/custom-settings-configure).
+Make sure that any configuration policies you have don't include any Microsoft Managed Desktop devices or users. For steps, see [Create a profile with custom settings in Microsoft Intune](https://docs.microsoft.com/mem/intune/configuration/custom-settings-configure).
@@ -120,12 +120,12 @@ Microsoft Managed Desktop devices must be allowed to enroll in Intune.
**Not ready**
-Follow the steps in [Set enrollment restrictions](https://docs.microsoft.com/mem/intune/enrollment/enrollment-restrictions-set) to change the setting to **Allow**.
+You currently have at least one enrollment restriction policy configured to prevent Windows devices from enrollment in Intune. Follow the steps in [Set enrollment restrictions](https://docs.microsoft.com/mem/intune/enrollment/enrollment-restrictions-set) for each enrollment restriction policy that targets Microsoft Managed Desktop users and change the **Windows (MDM)** setting to **Allow**. You can, however, set any **personally owned** **Windows (MDM)** devices to **Block**.
### Enrollment Status Page
-You currently have the Enrollment Status Page (ESP) enabled. If you are participating in the public preview of this feature, you can ignore this item. For more information, see [First-run experience with Autopilot and the Enrollment Status Page](../get-started/esp-first-run.md).
+You currently have the Enrollment Status Page (ESP) enabled. If you intend to participate in the Microsoft Managed Desktop public preview of this feature, you can ignore this item. For more information, see [First-run experience with Autopilot and the Enrollment Status Page](../get-started/esp-first-run.md).
**Not ready**
@@ -135,35 +135,26 @@ You have the ESP default profile set to **Show app and profile configuration pro
Make sure that any profiles that have the **Show app and profile configuration progress** setting are not assigned to any Azure AD group that includes Microsoft Managed Desktop devices. For more information, see [Set up the Enrollment Status Page](https://docs.microsoft.com/mem/intune/enrollment/windows-enrollment-status).
-### Intune enrollment
-
-Windows 10 devices in your Azure AD organization must be automatically enrolled in Intune.
-
-**Advisory**
-
-Make sure the MDM User scope is set to **Some** or **All**, not **None**. If you choose **Some**, come back after enrollment and select the **Modern Workplace -All** Azure AD group for **Groups**.
-- ### Microsoft Store for Business
-We use Microsoft Store for Business so that you can download Company Portal to deploy some apps, such as Microsoft Project and Microsoft Visio.
+We use Microsoft Store for Business and deploy the Company Portal app on Microsoft Managed Desktop to allow users to optionally install some apps, such as Microsoft Project and Microsoft Visio (where permitted).
**Not ready**
-Microsoft Store for Business either isn't enabled or isn't synced with Intune. For more information, see [How to manage volume purchased apps from the Microsoft Store for Business with Microsoft Intune](https://docs.microsoft.com/mem/intune/apps/windows-store-for-business) and [Install Intune Company Portal on on devices](../get-started/company-portal.md).
+Microsoft Store for Business either isn't enabled or isn't synced with Intune. For more information, see [How to manage volume purchased apps from the Microsoft Store for Business with Microsoft Intune](https://docs.microsoft.com/mem/intune/apps/windows-store-for-business) and [Install Intune Company Portal on devices](../get-started/company-portal.md).
### Multifactor authentication
-Multifactor authentication must not accidentally be applied to Microsoft Managed Desktop service accounts.
+Multifactor authentication must not be applied to Microsoft Managed Desktop service accounts.
**Not ready**
-You have some multifactor authentication (MFA) policies set as "required" for conditional access policies that are assigned to all users. Change the policy to use an Assignment that targets a specific Azure AD group that doesn't include any Microsoft Managed Desktop devices. For more information, see [Conditional access policies](#conditional-access-policies) and [Conditional Access: Require MFA for all users](https://docs.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa).
+You have some multifactor authentication policies set as **required** for conditional access policies that are assigned to all users. Change the policy to use an assignment that targets a specific Azure AD group that doesn't include any Microsoft Managed Desktop service accounts. For more information, see [Conditional access policies](#conditional-access-policies) and [Conditional Access: Require MFA for all users](https://docs.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa).
**Advisory**
-Make sure that any conditional access policies that require MFA exclude the **Modern Workplace -All** Azure AD group. For more information, see [Conditional access policies](#conditional-access-policies) and [Conditional Access: Require MFA for all users](https://docs.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa). The **Modern Workplace -All** Azure AD group is a dynamic group that we create when you enroll in Microsoft Managed Desktop, so you'll have to come back to exclude this group after enrollment.
+Make sure that any conditional access policies that require multifactor authentication exclude the **Modern Workplace -All** Azure AD group. For more information, see [Conditional access policies](#conditional-access-policies) and [Conditional Access: Require MFA for all users](https://docs.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa). The **Modern Workplace -All** Azure AD group is a dynamic group that we create when you enroll in Microsoft Managed Desktop, so you'll have to come back to exclude this group after enrollment.
**Error**
@@ -182,7 +173,7 @@ Windows PowerShell scripts can't be assigned in a way that would target Microsof
**Advisory**
-Make sure that Windows PowerShell scripts in your Azure AD organization don't target any Microsoft Manage Desktop devices or users. Do not assign a PowerShell script to target all users, all devices, or both. Change the policy to use an Assignment that targets a specific Azure AD group that doesn't include any Microsoft Managed Desktop devices. For more information, see [Use PowerShell scripts on Windows 10 devices in Intune](https://docs.microsoft.com/mem/intune/apps/intune-management-extension).
+Make sure that Windows PowerShell scripts in your Azure AD organization don't target any Microsoft Manage Desktop devices or users. Do not assign a PowerShell script to target all users, all devices, or both. Change the policy to use an Assignment that targets a specific Azure AD group that doesn't include any Microsoft Managed Desktop devices or users. For more information, see [Use PowerShell scripts on Windows 10 devices in Intune](https://docs.microsoft.com/mem/intune/apps/intune-management-extension).
### Region
@@ -244,13 +235,22 @@ You have an "update ring" policy that targets all devices, all users, or both. C
**Advisory**
-Make sure that any update ring policies you have exclude the **Modern Workplace Devices -All** Azure AD group. If you have assigned Azure AD user group to these policies, make sure that any update ring policies you have also excluded the **Modern Workplace -All** Azure AD group that includes your Microsoft Managed Desktop users. For steps, see [Manage Windows 10 software updates in Intune](https://docs.microsoft.com/mem/intune/protect/windows-update-for-business-configure). Both the **Modern Workplace Devices -All** and **Modern Workplace -All** Azure AD groups are assigned groups that we create when you enroll in Microsoft Managed Desktop, so you'll have to come back to exclude this group after enrollment.
+Make sure that any update ring policies you have exclude the **Modern Workplace Devices -All** Azure AD group. If you have assigned Azure AD user groups to these policies, make sure that any update ring policies you have also excluded the **Modern Workplace -All** Azure AD group that you add your Microsoft Managed Desktop users to (or an equivalent group). For steps, see [Manage Windows 10 software updates in Intune](https://docs.microsoft.com/mem/intune/protect/windows-update-for-business-configure). Both the **Modern Workplace Devices -All** and **Modern Workplace -All** Azure AD groups are groups that we create when you enroll in Microsoft Managed Desktop, so you'll have to come back to exclude this group after enrollment.
## Azure Active Directory settings You can access Azure Active Directory settings at the [Azure portal](https://portal.azure.com).
+### Intune enrollment
+
+Windows 10 devices in your Azure AD organization must be able to automatically enroll in Intune.
+
+**Advisory**
+
+Make sure the **MDM User scope** is set to **Some** or **All**, not **None**. If you choose **Some**, come back after enrollment and select the **Modern Workplace -All** Azure AD group for **Groups** or an equivalent group targeting all of your Microsoft Managed Desktop users. See [Set up enrollment for Windows devices by using Microsoft Intune](https://docs.microsoft.com/mem/intune/enrollment/windows-enroll#enable-windows-10-automatic-enrollment).
++ ### Ad hoc subscriptions Advises how to check a setting that (if set to "false") might prevent Enterprise State Roaming from working correctly.
@@ -310,11 +310,11 @@ You have Security defaults turned on. Turn off Security defaults and set up cond
### Self-service Password Reset
-Self-service Password Reset (SSPR) should be enabled for all Microsoft Managed Desktop users excluding Microsoft Managed Desktop service accounts. For more information, see [Tutorial: Enable users to unlock their account or reset passwords using Azure Active Directory self-service password reset](https://docs.microsoft.com/azure/active-directory/authentication/tutorial-enable-sspr).
+Self-service Password Reset (SSPR) can be enabled for all Microsoft Managed Desktop users excluding Microsoft Managed Desktop service accounts. For more information, see [Tutorial: Enable users to unlock their account or reset passwords using Azure Active Directory self-service password reset](https://docs.microsoft.com/azure/active-directory/authentication/tutorial-enable-sspr).
**Advisory**
-Make sure that the SSPR **Selected** setting includes Microsoft Managed Desktop devices but excludes Microsoft Managed Desktop service accounts. Microsoft Managed Desktop service accounts cannot work as expected when SSPR is enabled.
+Make sure that the SSPR **Selected** setting includes Microsoft Managed Desktop users but excludes Microsoft Managed Desktop service accounts. Microsoft Managed Desktop service accounts cannot work as expected when SSPR is enabled.
### Standard user role
managed-desktop https://docs.microsoft.com/en-us/microsoft-365/managed-desktop/get-ready/readiness-assessment-tool https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/get-ready/readiness-assessment-tool.md
@@ -1,6 +1,6 @@
---
-title: Readiness assessment tool
-description: Explains the checks the tool runs and the meaning of the results
+title: Readiness assessment tools
+description: Explains the two tools, the checks they run, and the meaning of the results
keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation ms.service: m365-md author: jaimeo
@@ -11,13 +11,19 @@ manager: laurawi
ms.topic: article ---
-# Readiness assessment tool
+# Readiness assessment tools
-For the smoothest possible experience when you enroll in Microsoft Managed Desktop, there are important settings and other parameters you must set ahead of time. You can use this tool to check those settings and receive detailed steps for fixing any that aren't right.
+For the smoothest possible experience when you enroll in Microsoft Managed Desktop, there are settings and other parameters you must set ahead of time, and certain device and network requirements to meet. One tool, accessed through the Microsoft Managed Desktop Admin portal, checks management-related settings. Another tool, which is downloadable, checks individual device requirements and network settings. You can use these tools to check those settings and receive detailed steps for fixing any that aren't right.
-The tool checks settings in Microsoft Endpoint Manager (specifically, Microsoft Intune), Azure Active Directory (Azure AD), and Microsoft 365 to ensure they will work with Microsoft Managed Desktop. Microsoft Managed Desktop retains the data associated with these checks for 12 months after the last time you run a check in your Azure AD organization (tenant). After 12 months, we retain it in de-identified form. You can choose to delete the data we collect.
+## Downloadable readiness assessment checker for devices and network
-Anyone with at least the Intune Administrator role will be able to run this tool, but two of the checks ([Conditional access policies](readiness-assessment-fix.md#conditional-access-policies) and [Multifactor authentication](readiness-assessment-fix.md#multifactor-authentication) require more permissions.
+For details about using the downloadable readiness assessment checker, see [Downloadable readiness assessment checker](readiness-assessment-downloadable.md).
+
+## Online readiness assessment tool for management settings
+
+The online tool checks settings in Microsoft Endpoint Manager (specifically, Microsoft Intune), Azure Active Directory (Azure AD), and Microsoft 365 to ensure they will work with Microsoft Managed Desktop. Microsoft Managed Desktop retains the data associated with these checks for 12 months after the last time you run a check in your Azure AD organization (tenant). After 12 months, we retain it in de-identified form. You can choose to delete the data we collect.
+
+Anyone with at least the Intune Administrator role will be able to run this tool, but two of the checks ([Conditional access policies](readiness-assessment-fix.md#conditional-access-policies) and [Multifactor authentication](readiness-assessment-fix.md#multifactor-authentication) require additional permissions.
The assessment tool checks these items:
managed-desktop https://docs.microsoft.com/en-us/microsoft-365/managed-desktop/working-with-managed-desktop/reports https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/working-with-managed-desktop/reports.md
@@ -19,11 +19,15 @@ Microsoft Managed Desktop provides several reports and dashboards that IT admins
The Microsoft Endpoint Manager console brings together reporting from several products into a single location to help you monitor and investigate issues with your Azure AD organization ("tenant") configuration and devices. Microsoft Managed desktop has a section under **Reports** in the main menu where you can find reports specific to Microsoft Managed Desktop's management of the devices you’ve registered.
+These reports include:
+- **Managed devices** > **Feature updates**: This view shows the overall status of feature updates across your Microsoft Managed Desktop devices.
+- **Managed devices** > **Office updates**: This view shows the overall status of Office updates across your Microsoft Managed Desktop devices.
+ Additionally, in several locations throughout Microsoft Endpoint Manager you can filter reports from other product groups to specifically include or exclude your devices that are managed by Microsoft Managed Desktop. These reports have integrated this filtering capability: -- **All devices**-- **Device compliance**-- **Noncompliant devices**
+- [All devices](https://docs.microsoft.com/mem/intune/remote-actions/device-management#get-to-your-devices)
+- [Device compliance](https://docs.microsoft.com/mem/intune/fundamentals/reports#device-compliance-report-organizational)
+- [Noncompliant devices](https://docs.microsoft.com/mem/intune/fundamentals/reports#noncompliant-devices-report-operational)
> [!NOTE] > Custom Microsoft Managed Desktop roles guarantee access only to the Microsoft Managed Desktop reports. To access other parts of Microsoft Endpoint Manager, such as **All devices**, see [Role-based access control with Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control).
@@ -41,4 +45,4 @@ These reports include:
## Inventory data
-In addition to the other reports, you can export information about the devices managed by Microsoft Managed Desktop. In the **Devices** view of the **Devices** area of Microsoft Endpoint Manager, use the **Export all** tab to [download a detailed inventory report](device-inventory-report.md).
\ No newline at end of file
+In addition to the other reports, you can export information about the devices managed by Microsoft Managed Desktop. In the **Devices** view of the **Devices** area of Microsoft Endpoint Manager, use the **Export all** tab to [download a detailed inventory report](device-inventory-report.md).
security https://docs.microsoft.com/en-us/microsoft-365/security/includes/microsoft-defender-for-office https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/includes/microsoft-defender-for-office.md
@@ -2,7 +2,7 @@
manager: dansimp ms.author: dansimp author: dansimp
-ms.prod: w10
+ms.prod: m365-security
ms.topic: include ---
security https://docs.microsoft.com/en-us/microsoft-365/security/includes/microsoft-defender https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/includes/microsoft-defender.md
@@ -2,7 +2,7 @@
manager: dansimp ms.author: dansimp author: dansimp
-ms.prod: w10
+ms.prod: m365-security
ms.topic: include ---
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-aadsignineventsbeta-table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-aadsignineventsbeta-table.md
@@ -4,21 +4,22 @@ description: Learn about information associated with Azure Active Directory sign
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, file, IP address, device, machine, user, account, identity, AAD search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: maccruz author: schmurky ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # AADSignInEventsBeta
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-aadspnsignineventsbeta-table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-aadspnsignineventsbeta-table.md
@@ -4,21 +4,22 @@ description: Learn about information associated with Azure Active Directory serv
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, AlertInfo, alert, entities, evidence, file, IP address, device, machine, user, account, identity, AAD search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: maccruz author: schmurky ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # AADSpnSignInEventsBeta
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-alertevidence-table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-alertevidence-table.md
@@ -4,21 +4,22 @@ description: Learn about information associated with alerts in the AlertEvidence
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, AlertInfo, alert, entities, evidence, file, IP address, device, machine, user, account search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # AlertEvidence
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-alertinfo-table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-alertinfo-table.md
@@ -4,21 +4,22 @@ description: Learn about alert generation events in the AlertInfo table of the a
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, AlertInfo, alert, severity, category, MITRE, ATT&CK, Microsoft Defender ATP, MDATP, Office 365 ATP, Microsoft Cloud App Security, MCAS, and Azure ATP search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # AlertInfo
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-appfileevents-table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-appfileevents-table.md
@@ -4,21 +4,22 @@ description: Learn about file-related events associated with cloud apps and serv
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, AppFileEvents, Cloud App Security, MCAS search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # AppFileEvents
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-assignedipaddresses-function https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-assignedipaddresses-function.md
@@ -1,24 +1,25 @@
--- title: AssignedIPAddresses() function in advanced hunting for Microsoft 365 Defender
-description: Learn how to use the AssignedIPAddresses() function to get the latest IP addresses assigned to a device
+description: Learn how to use the AssignedIPAddresses() function to get the latest IP addresses assigned to a device
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, FileProfile, file profile, function, enrichment search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # AssignedIPAddresses()
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-best-practices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-best-practices.md
@@ -4,21 +4,22 @@ description: Learn how to construct fast, efficient, and error-free threat hunti
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema, kusto, avoid timeout, command lines, process id, optimize, best practice, parse, join, summarize search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # Advanced hunting query best practices
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-cloudappevents-table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-cloudappevents-table.md
@@ -4,21 +4,22 @@ description: Learn about events from cloud apps and services in the CloudAppEven
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, CloudAppEvents, Cloud App Security, MCAS search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # CloudAppEvents
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-deviceevents-table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-deviceevents-table.md
@@ -4,21 +4,22 @@ description: Learn about antivirus, firewall, and other event types in the misce
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, table, column, data type, security events, antivirus, firewall, exploit guard, DeviceEvents search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # DeviceEvents
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-devicefilecertificateinfo-table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-devicefilecertificateinfo-table.md
@@ -4,21 +4,22 @@ description: Learn about file signing information in the DeviceFileCertificateIn
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, table, column, data type, digital signature, certificate, file signing, DeviceFileCertificateInfo search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # DeviceFileCertificateInfo
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-devicefileevents-table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-devicefileevents-table.md
@@ -4,21 +4,22 @@ description: Learn about file-related events in the DeviceFileEvents table of th
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, filecreationevents, DeviceFileEvents, files, path, hash, sha1, sha256, md5 search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # DeviceFileEvents
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-devicefromip-function https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-devicefromip-function.md
@@ -1,24 +1,25 @@
--- title: DeviceFromIP() function in advanced hunting for Microsoft 365 Defender
-description: Learn how to use the DeviceFromIP() function to get the devices that have been assigned a specific IP address
+description: Learn how to use the DeviceFromIP() function to get the devices that have been assigned a specific IP address
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, device, devicefromIP, function, enrichment search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: maccruz author: schmurky ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # DeviceFromIP()
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-deviceimageloadevents-table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-deviceimageloadevents-table.md
@@ -4,21 +4,22 @@ description: Learn about DLL loading events in the DeviceImageLoadEvents table o
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, imageloadevents, DeviceImageLoadEvents, DLL loading, library, file image search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # DeviceImageLoadEvents
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-deviceinfo-table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-deviceinfo-table.md
@@ -4,21 +4,22 @@ description: Learn about OS, computer name, and other machine information in the
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, machineinfo, DeviceInfo, device, machine, OS, platform, users search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # DeviceInfo
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-devicelogonevents-table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-devicelogonevents-table.md
@@ -4,21 +4,22 @@ description: Learn about authentication or sign-in events in the DeviceLogonEven
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, logonevents, DeviceLogonEvents, authentication, logon, sign in search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # DeviceLogonEvents
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-devicenetworkevents-table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-devicenetworkevents-table.md
@@ -1,24 +1,25 @@
---
-title: DeviceNetworkEvents table in the advanced hunting schema
+title: DeviceNetworkEvents table in the advanced hunting schema
description: Learn about network connection events you can query from the DeviceNetworkEvents table of the advanced hunting schema keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, table, column, data type, devicenetworkevents, NetworkCommunicationEvents, network connection, remote ip, local ip search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # DeviceNetworkEvents
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-devicenetworkinfo-table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-devicenetworkinfo-table.md
@@ -4,21 +4,22 @@ description: Learn about network configuration information in the DeviceNetworkI
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, machinenetworkinfo, DeviceNetworkInfo, device, machine, mac, ip, adapter, dns, dhcp, gateway, tunnel search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # DeviceNetworkInfo
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-deviceprocessevents-table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-deviceprocessevents-table.md
@@ -1,24 +1,25 @@
---
-title: DeviceProcessEvents table in the advanced hunting schema
+title: DeviceProcessEvents table in the advanced hunting schema
description: Learn about the process spawning or creation events in the DeviceProcessEventstable of the advanced hunting schema keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, table, column, data type, processcreationevents, DeviceProcessEvents, process id, command line, DeviceProcessEvents search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # DeviceProcessEvents
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-deviceregistryevents-table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-deviceregistryevents-table.md
@@ -4,21 +4,22 @@ description: Learn about registry events you can query from the DeviceRegistryEv
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, table, column, data type, registryevents, registry, DeviceRegistryEvents, key, subkey, value search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # DeviceRegistryEvents
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-devicetvmsecureconfigurationassessment-table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-devicetvmsecureconfigurationassessment-table.md
@@ -1,24 +1,25 @@
--- title: DeviceTvmSecureConfigurationAssessment table in the advanced hunting schema
-description: Learn about security assessment events in the DeviceTvmSecureConfigurationAssessment table of the advanced hunting schema. These threat & vulnerability management events provide device information as well as security configuration details, impact, and compliance information.
-keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, security configuration, DeviceTvmSecureConfigurationAssessment
+description: Learn about security assessment events in the DeviceTvmSecureConfigurationAssessment table of the advanced hunting schema. These threat & vulnerability management events provide device information as well as security configuration details, impact, and compliance information.
+keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, security configuration, DeviceTvmSecureConfigurationAssessment
search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # DeviceTvmSecureConfigurationAssessment
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md
@@ -1,24 +1,25 @@
--- title: DeviceTvmSecureConfigurationAssessmentKB table in the advanced hunting schema
-description: Learn about the various secure configurations assessed by Threat & Vulnerability Management in the DeviceTvmSecureConfigurationAssessmentKB table of the advanced hunting schema.
+description: Learn about the various secure configurations assessed by Threat & Vulnerability Management in the DeviceTvmSecureConfigurationAssessmentKB table of the advanced hunting schema.
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, security configuration, MITRE ATT&CK framework, knowledge base, KB, DeviceTvmSecureConfigurationAssessmentKB search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # DeviceTvmSecureConfigurationAssessmentKB
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md
@@ -4,21 +4,22 @@ description: Learn about the inventory of software in your devices and their vul
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, OS DeviceTvmSoftwareInventoryVulnerabilities search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # DeviceTvmSoftwareInventoryVulnerabilities
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md
@@ -1,24 +1,25 @@
--- title: DeviceTvmSoftwareVulnerabilitiesKB table in the advanced hunting schema
-description: Learn about the software vulnerabilities tracked by Threat & Vulnerability Management in the DeviceTvmSoftwareVulnerabilitiesKB table of the advanced hunting schema.
-keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema, reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, CVSS, DeviceTvmSoftwareVulnerabilitiesKB
+description: Learn about the software vulnerabilities tracked by Threat & Vulnerability Management in the DeviceTvmSoftwareVulnerabilitiesKB table of the advanced hunting schema.
+keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema, reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, CVSS, DeviceTvmSoftwareVulnerabilitiesKB
search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # DeviceTvmSoftwareVulnerabilitiesKB
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-emailattachmentinfo-table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-emailattachmentinfo-table.md
@@ -4,21 +4,22 @@ description: Learn about email attachment information in the EmailAttachmentInfo
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, EmailAttachmentInfo, network message id, sender, recipient, attachment id, attachment name, malware verdict search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro mms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # EmailAttachmentInfo
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-emailevents-table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-emailevents-table.md
@@ -4,21 +4,22 @@ description: Learn about events associated with Microsoft 365 emails in the Emai
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, EmailEvents, network message id, sender, recipient, attachment id, attachment name, malware verdict, phishing verdict, attachment count, link count, url count search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # EmailEvents
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-emailpostdeliveryevents-table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-emailpostdeliveryevents-table.md
@@ -4,21 +4,22 @@ description: Learn about post-delivery actions taken on Microsoft 365 emails in
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, EmailPostDeliveryEvents, network message id, sender, recipient, attachment id, attachment name, malware verdict, phishing verdict, attachment count, link count, url count search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # EmailPostDeliveryEvents
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-emailurlinfo-table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-emailurlinfo-table.md
@@ -4,21 +4,22 @@ description: Learn about URL or link information in the EmailUrlInfo table of th
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, EmailUrlInfo, network message id, url, link search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # EmailUrlInfo
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-errors https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-errors.md
@@ -4,21 +4,22 @@ description: Understand errors displayed when using advanced hunting
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema, kusto, timeout, resources, errors, unknown error, limits, quota, parameter, allocation search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # Handle advanced hunting errors
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-expert-training https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-expert-training.md
@@ -1,24 +1,25 @@
--- title: Get expert training on advanced hunting description: Free training and guidance from advanced hunting experts
-keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, language, training, scenarios, basic to advanced, videos, step-by-step
+keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, language, training, scenarios, basic to advanced, videos, step-by-step
search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # Get expert training on advanced hunting
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-extend-data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-extend-data.md
@@ -1,24 +1,25 @@
---
-title: Extend advanced hunting coverage with the right settings
-description: Check auditing settings on Windows devices and other settings to help ensure that you get the most comprehensive data in advanced hunting
+title: Extend advanced hunting coverage with the right settings
+description: Check auditing settings on Windows devices and other settings to help ensure that you get the most comprehensive data in advanced hunting
keywords: advanced hunting, incident, pivot, entity, audit settings, user account management, security group management, threat hunting, cyber threat hunting, search, query, telemetry, Microsoft 365, Microsoft Threat Protection search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # Extend advanced hunting coverage with the right settings
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-fileprofile-function https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-fileprofile-function.md
@@ -1,24 +1,25 @@
--- title: FileProfile() function in advanced hunting for Microsoft 365 Defender
-description: Learn how to use the FileProfile() to enrich information about files in your advanced hunting query results
+description: Learn how to use the FileProfile() to enrich information about files in your advanced hunting query results
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, FileProfile, file profile, function, enrichment search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # FileProfile()
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-find-ransomware https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-find-ransomware.md
@@ -4,21 +4,22 @@ description: Use advanced hunting to locate devices potentially affected by rans
keywords: advanced hunting, ransomware, threat hunting, cyber threat hunting, search, query, telemetry, Microsoft 365, Microsoft Threat Protection, Microsoft 365 Defender search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # Hunt for ransomware
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-go-hunt https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-go-hunt.md
@@ -1,24 +1,25 @@
---
-title: Get relevant info about an entity with go hunt
-description: Learn how to use the "go hunt" tool on to quickly query for relevant information about an entity or event using advanced hunting.
+title: Get relevant info about an entity with go hunt
+description: Learn how to use the go hunt tool on to quickly query for relevant information about an entity or event using advanced hunting.
keywords: advanced hunting, incident, pivot, entity, go hunt, relevant events, threat hunting, cyber threat hunting, search, query, telemetry, Microsoft 365, Microsoft Threat Protection search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # Quickly hunt for entity or event information with go hunt
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-identitydirectoryevents-table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-identitydirectoryevents-table.md
@@ -4,21 +4,22 @@ description: Learn about domain controller and Active Directory events in the Id
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, IdentityDirectoryEvents, domain controller, Active Directory, Azure ATP, identities search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # IdentityDirectoryEvents
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-identityinfo-table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-identityinfo-table.md
@@ -4,21 +4,22 @@ description: Learn about user account information in the IdentityInfo table of t
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, AccountInfo, IdentityInfo, account search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # IdentityInfo
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-identitylogonevents-table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-identitylogonevents-table.md
@@ -4,21 +4,22 @@ description: Learn about authentication events recorded by Active Directory in t
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, IdentityLogonEvents, Azure AD, Active Directory, Azure ATP, identities search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # IdentityLogonEvents
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-identityqueryevents-table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-identityqueryevents-table.md
@@ -4,21 +4,22 @@ description: Learn about Active Directory query events in the IdentityQueryEvent
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, IdentityQueryEvents, Azure AD, Active Directory, Azure ATP, identities, LDAP queries search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # IdentityQueryEvents
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-limits https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-limits.md
@@ -4,21 +4,22 @@ description: Understand various quotas and usage parameters (service limits) tha
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema, kusto, CPU limit, query limit, resources, maximum results, quota, parameters, allocation search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # Advanced hunting quotas and usage parameters
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-migrate-from-mdatp https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-migrate-from-mdatp.md
@@ -4,22 +4,23 @@ description: Learn how to adjust your Microsoft Defender for Endpoint queries so
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, microsoft defender atp, mdatp, search, query, telemetry, custom detections, schema, kusto, microsoft 365, mapping search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article ms.custom: seo-marvel-apr2020
+ms.technology: m365d
--- # Migrate advanced hunting queries from Microsoft Defender for Endpoint
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-overview.md
@@ -4,22 +4,23 @@ description: Learn about advanced hunting queries in Microsoft 365 and how to us
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, custom detections, schema, kusto, microsoft 365, Microsoft Threat Protection search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article ms.custom: seo-marvel-apr2020
+ms.technology: m365d
--- # Proactively hunt for threats with advanced hunting in Microsoft 365 Defender
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-query-emails-devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-query-emails-devices.md
@@ -4,21 +4,22 @@ description: Study common hunting scenarios and sample queries that cover device
keywords: advanced hunting, Office365 data, Windows devices, Office365 emails normalize, emails, apps, identities, threat hunting, cyber threat hunting, search, query, telemetry, Microsoft 365, Microsoft Threat Protection search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # Hunt for threats across devices, emails, apps, and identities
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-query-language https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-query-language.md
@@ -4,21 +4,22 @@ description: Create your first threat hunting query and learn about common opera
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, language, learn, first query, telemetry, events, telemetry, custom detections, schema, kusto, operators, data types, powershell download, query example search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # Learn the advanced hunting query language
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-query-results https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-query-results.md
@@ -4,21 +4,22 @@ description: Make the most of the query results returned by advanced hunting in
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, custom detections, schema, kusto, microsoft 365, Microsoft Threat Protection, visualization, chart, filters, drill-down search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # Work with advanced hunting query results
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-schema-changes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-schema-changes.md
@@ -4,21 +4,22 @@ description: Track and review naming changes tables and columns in the advanced
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, table, data, naming changes, rename, Microsoft Threat Protection search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # Advanced hunting schema - Naming changes
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-schema-tables https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-schema-tables.md
@@ -4,21 +4,22 @@ description: Learn about the tables in the advanced hunting schema to understand
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, schema reference, kusto, table, data search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # Understand the advanced hunting schema
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-shared-queries https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-shared-queries.md
@@ -4,21 +4,22 @@ description: Start threat hunting immediately with predefined and shared queries
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, custom detections, schema, kusto, github repo, my queries, shared queries search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # Use shared queries in advanced hunting
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-take-action https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-take-action.md
@@ -4,21 +4,22 @@ description: Quickly address threats and affected assets in your advanced huntin
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, take action search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # Take action on advanced hunting query results
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/api-access https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/api-access.md
@@ -3,22 +3,23 @@ title: Access the Microsoft 365 Defender APIs
description: Learn how to access the Microsoft 365 Defender APIs keywords: access, apis, application context, user context, aad application, access token search.product: eADQiWindows 10XVcnh
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: macapara author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance
ms.topic: conceptual search.appverid: -- MOE150-- MET150
+ - MOE150
+ - MET150
+ms.technology: m365d
--- # Access the Microsoft 365 Defender APIs
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/api-advanced-hunting https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/api-advanced-hunting.md
@@ -3,22 +3,23 @@ title: Microsoft 365 Defender advanced hunting API
description: Learn how to run advanced hunting queries using Microsoft 365 Defender's advanced hunting API keywords: Advanced Hunting, APIs, api, MTP, M365 Defender, Microsoft 365 Defender search.product: eADQiWindows 10XVcnh
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: macapara author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance
ms.topic: conceptual search.appverid: -- MOE150-- MET150
+ - MOE150
+ - MET150
+ms.technology: m365d
--- # Microsoft 365 Defender Advanced hunting API
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/api-articles https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/api-articles.md
@@ -3,22 +3,23 @@ title: Other security and threat protection APIs
description: View a list of APIs related to Microsoft security and threat protection products. keywords: api, security, threat protection, mde, microsoft defender for endpoint, microsoft defender atp, office 365 advanced threat protection, microsoft defender advanced threat protection, cloud app security search.product: eADQiWindows 10XVcnh
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: macapara author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance
ms.topic: conceptual search.appverid: -- MOE150-- MET150
+ - MOE150
+ - MET150
+ms.technology: m365d
--- # Other security and threat protection APIs
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/api-create-app-user-context https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/api-create-app-user-context.md
@@ -1,24 +1,25 @@
--- title: Create an app to access Microsoft 365 Defender APIs on behalf of a user description: Learn how to access Microsoft 365 Defender APIs on behalf of a user.
-keywords: access, on behalf of user, api, application, user, access token, token,
+keywords: access, on behalf of user, api, application, user, access token, token,
search.product: eADQiWindows 10XVcnh
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: macapara author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance
ms.topic: conceptual search.appverid: -- MOE150-- MET150
+ - MOE150
+ - MET150
+ms.technology: m365d
--- # Create an app to access Microsoft 365 Defender APIs on behalf of a user
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/api-create-app-web https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/api-create-app-web.md
@@ -3,22 +3,23 @@ title: Create an app to access Microsoft 365 Defender without a user
description: Learn how to create an app to access Microsoft 365 Defender without a user. keywords: app, access, api, create search.product: eADQiWindows 10XVcnh
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: macapara author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance
ms.topic: conceptual search.appverid: -- MOE150-- MET150
+ - MOE150
+ - MET150
+ms.technology: m365d
--- # Create an app to access Microsoft 365 Defender without a user
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/api-error-codes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/api-error-codes.md
@@ -3,22 +3,23 @@ title: Common Microsoft 365 Defender REST API error codes
description: Learn about the common Microsoft 365 Defender REST API error codes keywords: api, error, codes, common errors, mtp, api error codes search.product: eADQiWindows 10XVcnh
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: macapara author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance
ms.topic: conceptual search.appverid: -- MOE150-- MET150
+ - MOE150
+ - MET150
+ms.technology: m365d
--- # Common Microsoft 365 Defender REST API error codes
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/api-hello-world https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/api-hello-world.md
@@ -1,24 +1,25 @@
---
-title: Hello World for Microsoft 365 Defender REST API
+title: Hello World for Microsoft 365 Defender REST API
description: Learn how to create an app and use a token to access the Microsoft 365 Defender APIs keywords: app, token, access, aad, app, application registration, powershell, script, global administrator, permission, microsoft 365 defender search.product: eADQiWindows 10XVcnh
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: macapara author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance
ms.topic: conceptual search.appverid: -- MOE150-- MET150
+ - MOE150
+ - MET150
+ms.technology: m365d
--- # Hello World for Microsoft 365 Defender REST API
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/api-incident https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/api-incident.md
@@ -3,22 +3,23 @@ title: Microsoft 365 Defender incidents APIs and the incident resource type
description: Learn about the methods and properties of the Incident resource type in Microsoft 365 Defender keywords: incident, incidents, api search.product: eADQiWindows 10XVcnh
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: macapara author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance
ms.topic: conceptual search.appverid: -- MOE150-- MET150
+ - MOE150
+ - MET150
+ms.technology: m365d
--- # Microsoft 365 Defender incidents API and the incident resource type
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/api-list-incidents https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/api-list-incidents.md
@@ -3,22 +3,23 @@ title: List incidents API in Microsoft 365 Defender
description: Learn how to list incidents API in Microsoft 365 Defender keywords: list, incident, incidents, api search.product: eADQiWindows 10XVcnh
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: macapara author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance
ms.topic: conceptual search.appverid: -- MOE150-- MET150
+ - MOE150
+ - MET150
+ms.technology: m365d
--- # List incidents API in Microsoft 365 Defender
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/api-overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/api-overview.md
@@ -3,22 +3,23 @@ title: Overview of Microsoft 365 Defender APIs
description: Learn about the available APIs in Microsoft 365 Defender keywords: api, apis, overview, incident, incidents, threat hunting, microsoft 365 defender search.product: eADQiWindows 10XVcnh
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: macapara author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance
ms.topic: conceptual search.appverid: -- MOE150-- MET150
+ - MOE150
+ - MET150
+ms.technology: m365d
--- # Overview of Microsoft 365 Defender APIs
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/api-partner-access https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/api-partner-access.md
@@ -1,24 +1,25 @@
--- title: Partner access through Microsoft 365 Defender APIs description: Learn how to create an app to get programmatic access to Microsoft 365 Defender on behalf of your users.
-keywords: partner, access, api, multi tenant, consent, access token, app
+keywords: partner, access, api, multi tenant, consent, access token, app
search.product: eADQiWindows 10XVcnh
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: macapara author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance
ms.topic: conceptual search.appverid: -- MOE150-- MET150
+ - MOE150
+ - MET150
+ms.technology: m365d
--- # Create an app with partner access to Microsoft 365 Defender APIs
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/api-supported https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/api-supported.md
@@ -3,22 +3,23 @@ title: Supported Microsoft 365 Defender APIs
description: Supported Microsoft 365 Defender APIs keywords: MTP, APIs, api search.product: eADQiWindows 10XVcnh
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: macapara author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance
ms.topic: conceptual search.appverid: -- MOE150-- MET150
+ - MOE150
+ - MET150
+ms.technology: m365d
--- # Supported Microsoft 365 Defender APIs
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/api-terms https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/api-terms.md
@@ -3,22 +3,23 @@ title: Microsoft 365 Defender APIs license and terms of use
description: Description of the license and terms of use for APIs in Microsoft 365 Defender keywords: api, apis, license, terms, apis, legal, notices, code of conduct search.product: eADQiWindows 10XVcnh
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: macapara author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance
ms.topic: conceptual search.appverid: -- MOE150-- MET150
+ - MOE150
+ - MET150
+ms.technology: m365d
--- # Microsoft 365 Defender APIs license and terms of use
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/api-update-incidents https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/api-update-incidents.md
@@ -3,22 +3,23 @@ title: Update incidents API
description: Learn how to update incidents using Microsoft 365 Defender API keywords: update, api, incident search.product: eADQiWindows 10XVcnh
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: macapara author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance
ms.topic: conceptual search.appverid: -- MOE150-- MET150
+ - MOE150
+ - MET150
+ms.technology: m365d
--- # Update incidents API
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/config-mtpeval https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/config-mtpeval.md
@@ -1,25 +1,26 @@
--- title: Configure Microsoft 365 Defender pillars for the trial lab or pilot environment description: Configure Microsoft 365 Defender pillars, such as Microsoft Defender for Office 365 , Microsoft Defender for Identity, Microsoft Cloud App Security, and Microsoft Defender for Endpoint, for your trial lab or pilot environment.
-keywords: configure Microsoft Threat Protection trial, Microsoft Threat Protection trial configuration, configure Microsoft Threat Protection pilot project, configure Microsoft Threat Protection pillars, Microsoft Threat Protection pillars
+keywords: configure Microsoft Threat Protection trial, Microsoft Threat Protection trial configuration, configure Microsoft Threat Protection pilot project, configure Microsoft Threat Protection pillars, Microsoft Threat Protection pillars
search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
-ms.author: dolmont
+f1.keywords:
+ - NOCSH
+ms.author: dolmont
author: DulceMontemayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance-- m365solution-scenario-- m365solution-evalutatemtp
-ms.topic: article
+ - M365-security-compliance
+ - m365solution-scenario
+ - m365solution-evalutatemtp
+ms.topic: article
+ms.technology: m365d
--- # Configure Microsoft 365 Defender pillars for your trial lab or pilot environment
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/custom-detection-rules https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/custom-detection-rules.md
@@ -4,21 +4,22 @@ description: Learn how to create and manage custom detections rules based on adv
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, custom detections, rules, schema, kusto, microsoft 365, Microsoft Threat Protection, RBAC, permissions, Microsoft Defender ATP search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article
+ms.technology: m365d
--- # Create and manage custom detections rules
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/custom-detections-overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/custom-detections-overview.md
@@ -4,19 +4,20 @@ description: Understand how you can use advanced hunting to create custom detect
keywords: advanced hunting, threat hunting, cyber threat hunting, microsoft threat protection, microsoft 365, mtp, m365, search, query, telemetry, custom detections, schema, kusto, microsoft 365, Microsoft Threat Protection search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance
ms.topic: article
+ms.technology: m365d
--- # Custom detections overview
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/data-privacy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/data-privacy.md
@@ -3,22 +3,23 @@ title: Microsoft 365 Defender data security and privacy
description: Describes the privacy and data security of the service. keywords: privacy, data, security, trust center, information collection search.product: eADQiWindows 10XVcnh
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: macapara author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance
ms.topic: conceptual search.appverid: -- MOE150-- MET150
+ - MOE150
+ - MET150
+ms.technology: m365d
--- # Microsoft 365 Defender data security and privacy
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/deploy-supported-services https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/deploy-supported-services.md
@@ -1,26 +1,27 @@
--- title: Deploy services supported by Microsoft 365 Defender
-description: Learn about the Microsoft security services that can be integrated by Microsoft 365 Defender, their licensing requirements, and deployment procedures
+description: Learn about the Microsoft security services that can be integrated by Microsoft 365 Defender, their licensing requirements, and deployment procedures
keywords: deploy, licenses, supported services, provisioning, configuration Microsoft Threat Protection, M365, license eligibility, Microsoft Defender ATP, MDATP, Office 365 ATP, Azure ATP, Microsoft Cloud App Security, MCAS, advanced threat protection, E5, A5, EMS search.product: eADQiWindows 10XVcnh
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: conceptual search.appverid: -- MOE150-- MET150
+ - MOE150
+ - MET150
+ms.technology: m365d
--- # Deploy supported services
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/device-profile https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/device-profile.md
@@ -2,7 +2,7 @@
title: Device profile in Microsoft 365 security portal description: View risk and exposure levels for a device in your organization. Analyze past and present threats, and protect the device with the latest updates. keywords: security, malware, Microsoft 365, M365, Microsoft Threat Protection, MTP, security center, Microsoft Defender ATP, Office 365 ATP, Azure ATP, device page, device profile, machine page, machine profile
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.localizationpriority: medium ms.author: v-maave
@@ -12,6 +12,7 @@ audience: ITPro
ms.collection: M365-security-compliance ms.topic: article search.appverid: met150
+ms.technology: m365d
--- # Device profile page
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/feedback https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/feedback.md
@@ -1,24 +1,25 @@
--- title: Provide feedback on Microsoft 365 Defender
-description: Provide product feedback on Microsoft 365 Defender
+description: Provide product feedback on Microsoft 365 Defender
keywords: feedback, m365 security, security, 365, capabilities search.product: eADQiWindows 10XVcnh
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: macapara author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance
ms.topic: conceptual search.appverid: -- MOE150-- MET150
+ - MOE150
+ - MET150
+ms.technology: m365d
--- # Provide feedback on Microsoft 365 Defender
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/generate-test-alert https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/generate-test-alert.md
@@ -1,24 +1,25 @@
---
-title: Generate a test Microsoft 365 Defender alert
+title: Generate a test Microsoft 365 Defender alert
description: Generate a test alert to try how your Microsoft 365 Defender lab environment works keywords: Microsoft Threat Protection simulation, try Microsoft Threat Protection, generate test alert in Microsoft Threat Protection, test alert in Microsoft Threat Protection evaluation lab search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: dolmont author: DulceMontemayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance-- m365solution-evalutatemtp
+ - M365-security-compliance
+ - m365solution-evalutatemtp
ms.topic: conceptual
+ms.technology: m365d
--- # Generate a test alert in your Microsoft 365 Defender evaluation lab
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/get-incident-notifications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/get-incident-notifications.md
@@ -3,24 +3,25 @@ title: Get incident notifications in Microsoft 365 Defender
description: Learn how to create rules to get email notifications for incidents in Microsoft 365 Defender keywords: incident, email, email notfications, configure, users, mailbox, email, incidents search.product: eADQiWindows 10XVcnh
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: maccruz author: schmurky ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: conceptual search.appverid: -- MOE150-- MET150
+ - MOE150
+ - MET150
+ms.technology: m365d
--- # Get incident notifications by email
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/incident-queue https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/incident-queue.md
@@ -3,24 +3,25 @@ title: Prioritize incidents in Microsoft 365 Defender
description: Learn how to filter incidents from the incident queue in Microsoft 365 Defender keywords: incident, queue, overview, devices, identities, users, mailbox, email, incidents search.product: eADQiWindows 10XVcnh
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: macapara author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: conceptual search.appverid: -- MOE150-- MET150
+ - MOE150
+ - MET150
+ms.technology: m365d
--- # Prioritize incidents in Microsoft 365 Defender
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/incidents-overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/incidents-overview.md
@@ -3,24 +3,25 @@ title: Incidents overview in Microsoft 365 Defender
description: Investigate incidents seen across devices, users, and mailboxes. keywords: incidents, alerts, investigate, correlation, attack, machines, devices, users, identities, identity, mailbox, email, 365, microsoft, m365 search.product: eADQiWindows 10XVcnh
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: macapara author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: conceptual search.appverid: -- MOE150-- MET150
+ - MOE150
+ - MET150
+ms.technology: m365d
--- # Incidents overview in Microsoft 365 Defender
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/investigate-incidents https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/investigate-incidents.md
@@ -3,24 +3,25 @@ title: Investigate incidents in Microsoft 365 Defender
description: Analyze incidents related to devices, users, and mailboxes. keywords: incident, incidents, machines, devices, users, identities, mail, email, mailbox, investigation, graph, evidence search.product: eADQiWindows 10XVcnh
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: macapara author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: conceptual search.appverid: -- MOE150-- MET150
+ - MOE150
+ - MET150
+ms.technology: m365d
--- # Investigate incidents in Microsoft 365 Defender
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/latest-attack-campaigns https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/latest-attack-campaigns.md
@@ -2,19 +2,20 @@
title: Understand the latest attack campaigns and techniques with threat analytics description: Use threat analytics interactive reports in Microsoft 365 to assess the security posture and resilience of your organization against emerging threats. keywords: security, malware, Microsoft 365, M365, security center, threat analytics, Microsoft Defender ATP, cyber, security posture, emerging threats
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.localizationpriority: medium
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: ellevin author: levinec manager: dansimp audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance
ms.topic: article search.appverid: met150 ms.custom: seo-marvel-apr2020
+ms.technology: m365d
--- # Understand the latest attack campaigns and techniques with threat analytics
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/manage-incidents https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/manage-incidents.md
@@ -1,26 +1,27 @@
--- title: Manage incidents in Microsoft 365 Defender
-description: Learn how to assign, update the status,
+description: Learn how to assign, update the status,
keywords: incident, incidents, alerts, correlated alerts, assign, update, status, manage, classification, microsoft, 365, m365 search.product: eADQiWindows 10XVcnh
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: macapara author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: conceptual search.appverid: -- MOE150-- MET150
+ - MOE150
+ - MET150
+ms.technology: m365d
--- # Manage incidents in Microsoft 365 Defender
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/microsoft-secure-score-history-metrics-trends https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/microsoft-secure-score-history-metrics-trends.md
@@ -2,24 +2,25 @@
title: Track your Microsoft Secure Score history and meet goals description: Gain insights into activity that has affected your Microsoft Secure Score. Discover trends and set goals. keywords: microsoft secure score, secure score, office 365 secure score, microsoft security score, microsoft 365 security center, improvement actions
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.localizationpriority: medium
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: ellevin author: levinec manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance
+ - M365-security-compliance
ms.topic: article search.appverid: -- MOE150-- MET150
-ms.custom:
-- seo-marvel-apr2020-- seo-marvel-jun2020
+ - MOE150
+ - MET150
+ms.custom:
+ - seo-marvel-apr2020
+ - seo-marvel-jun2020
+ms.technology: m365d
--- # Track your Microsoft Secure Score history and meet goals
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/microsoft-secure-score-improvement-actions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/microsoft-secure-score-improvement-actions.md
@@ -2,24 +2,25 @@
title: Assess your security posture through Microsoft Secure Score description: Describes how to take action to improve your Microsoft Secure Score in the Microsoft 365 security center. keywords: microsoft secure score, secure score, office 365 secure score, microsoft security score, microsoft 365 security center, improvement actions
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.localizationpriority: medium
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: ellevin author: levinec manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance
+ - M365-security-compliance
ms.topic: article search.appverid: -- MOE150-- MET150
-ms.custom:
-- seo-marvel-apr2020-- seo-marvel-jun2020
+ - MOE150
+ - MET150
+ms.custom:
+ - seo-marvel-apr2020
+ - seo-marvel-jun2020
+ms.technology: m365d
--- # Assess your security posture with Microsoft Secure Score
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/microsoft-secure-score-whats-coming https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/microsoft-secure-score-whats-coming.md
@@ -2,21 +2,22 @@
title: What's coming to Microsoft Secure Score description: Describes what new changes are coming to Microsoft Secure Score in the Microsoft 365 security center. keywords: microsoft secure score, secure score, office 365 secure score, microsoft security score, microsoft 365 security center, improvement actions
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.localizationpriority: medium
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: ellevin author: levinec manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance
+ - M365-security-compliance
ms.topic: article search.appverid: -- MOE150-- MET150
+ - MOE150
+ - MET150
+ms.technology: m365d
--- # What's coming to Microsoft Secure Score
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/microsoft-secure-score-whats-new https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/microsoft-secure-score-whats-new.md
@@ -1,25 +1,26 @@
--- title: What's new in Microsoft Secure Score
-description: Describes what new changes have happened to Microsoft Secure Score in the Microsoft 365 security center.
+description: Describes what new changes have happened to Microsoft Secure Score in the Microsoft 365 security center.
keywords: microsoft secure score, secure score, office 365 secure score, microsoft security score, microsoft 365 security center
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.localizationpriority: medium
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: ellevin author: levinec manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance
+ - M365-security-compliance
ms.topic: article search.appverid: -- MOE150-- MET150
-ms.custom:
-- seo-marvel-apr2020-- seo-marvel-jun2020
+ - MOE150
+ - MET150
+ms.custom:
+ - seo-marvel-apr2020
+ - seo-marvel-jun2020
+ms.technology: m365d
--- # What's new in Microsoft Secure Score
@@ -34,7 +35,7 @@ Microsoft Secure Score can be found at https://security.microsoft.com/securescor
### Added our first security recommendation for Microsoft Teams
-Microsoft Teams customers will see "Restrict Anonymous user joins during meetings" as a new improvement action in Secure Score.
+Microsoft Teams customers will see "Restrict anonymous users from joining meetings" as a new improvement action in Secure Score.
## December 2020
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/microsoft-secure-score https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/microsoft-secure-score.md
@@ -2,24 +2,25 @@
title: Microsoft Secure Score description: Describes Microsoft Secure Score in the Microsoft 365 security center, how to improve your security posture, and what security admins can expect. keywords: microsoft secure score, secure score, office 365 secure score, microsoft security score, microsoft 365 security center, improvement actions
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.localizationpriority: medium
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: ellevin author: levinec manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance
+ - M365-security-compliance
ms.topic: article search.appverid: -- MOE150-- MET150
-ms.custom:
-- seo-marvel-apr2020-- seo-marvel-jun2020
+ - MOE150
+ - MET150
+ms.custom:
+ - seo-marvel-apr2020
+ - seo-marvel-jun2020
+ms.technology: m365d
--- # Microsoft Secure Score
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/microsoft-threat-protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/microsoft-threat-protection.md
@@ -4,21 +4,22 @@ description: Microsoft 365 Defender is a coordinated threat protection solution
keywords: introduction to Microsoft Threat Protection, cyber security, advanced persistent threat, enterprise security, devices, device, identity, users, data, applications, incidents, automated investigation and remediation, advanced hunting search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: macapara author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: conceptual
+ms.technology: m365d
--- # Microsoft 365 Defender
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/monitor-and-report-identities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/monitor-and-report-identities.md
@@ -2,21 +2,22 @@
title: Identity monitoring and reporting - Security center description: Describes how you can monitor the users in your organization and keep track of suspicious or risky behaviors. keywords: security, malware, Microsoft 365, M365, security center, monitor, report, identity, users
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.localizationpriority: medium
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: ellevin author: levinec manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article search.appverid: met150 ms.custom: seo-marvel-apr2020
+ms.technology: m365d
--- # Identity monitoring and reporting in the Microsoft 365 security center
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/monitor-apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/monitor-apps.md
@@ -2,21 +2,22 @@
title: App monitoring & reporting - Security center description: Learn how to gain more insight into cloud app use in your organization. Includes different kinds of apps, their level of risk, and alerts. keywords: security, malware, Microsoft 365, M365, security center, monitor, report, apps
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.localizationpriority: medium
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: ellevin author: levinec manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article search.appverid: met150 ms.custom: seo-marvel-apr2020
+ms.technology: m365d
--- # App monitoring and reporting in the Microsoft 365 security center
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/monitor-data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/monitor-data.md
@@ -2,21 +2,22 @@
title: Data monitoring & reporting - Security center description: Learn how you can track user activity that could lead to unauthorized data disclosure in Microsoft 365 security center. keywords: security, malware, Microsoft 365, M365, security center, monitor, report, data
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.localizationpriority: medium
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: ellevin author: levinec manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article search.appverid: met150 ms.custom: seo-marvel-apr2020
+ms.technology: m365d
--- # Data monitoring and reporting in the Microsoft 365 security center
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/monitor-devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/monitor-devices.md
@@ -2,21 +2,22 @@
title: Device monitoring & reporting - Security center description: Describes how you can keep your devices secure, up-to-date, and spot potential threats in your organization keywords: security, malware, Microsoft 365, M365, security center, monitor, report, devices
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.localizationpriority: medium
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: ellevin author: levinec manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article search.appverid: met150 ms.custom: seo-marvel-apr2020
+ms.technology: m365d
--- # Device monitoring and reporting in the Microsoft 365 security center
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/monitoring-and-reporting https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/monitoring-and-reporting.md
@@ -2,21 +2,22 @@
title: Monitor and view reports - Security center description: Describes how Microsoft 365 security center provides at a glance summary of protection and security status. keywords: security, malware, Microsoft 365, M365, security center, monitor, report, status
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.localizationpriority: medium
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: ellevin author: levinec manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article search.appverid: met150 ms.custom: seo-marvel-apr2020
+ms.technology: m365d
--- # Monitor and view reports in the Microsoft 365 security center
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/mtp-action-center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/mtp-action-center.md
@@ -3,24 +3,25 @@ title: Go to the Action center to view and approve your automated investigation
description: Use the Action Center to view details about automated investigation and approve pending actions keywords: Action Center, threat protection, investigation, alert, pending, automated, detection search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: deniseb author: denisebmsft ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: conceptual ms.custom: autoir ms.reviewer: evaldm, isco ms.date: 12/09/2020
+ms.technology: m365d
--- # The Action center
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/mtp-autoir-actions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/mtp-autoir-actions.md
@@ -1,26 +1,27 @@
---
-title: Approve or reject pending actions following an automated investigation
+title: Approve or reject pending actions following an automated investigation
description: Use the Action Center to manage actions related to automated investigation and response keywords: action, center, autoair, automated, investigation, response, remediation search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: deniseb author: denisebmsft ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: conceptual ms.custom: autoir ms.reviewer: evaldm, isco ms.date: 12/09/2020
+ms.technology: m365d
--- # Approve or reject pending actions following an automated investigation
@@ -61,6 +62,30 @@ Pending actions can be reviewed and approved by using the [Action center](#revie
2. Select an item in the list, and then choose **Approve** or **Reject**.
+## Undo completed actions
+
+If youΓÇÖve determined that a device or a file is not a threat, you can undo remediation actions that were taken, whether those actions were taken automatically or manually. In the Action center, on the **History** tab, you can undo any of the following actions:
+
+| Action source | Supported Actions |
+|:---|:---|
+| - Automated investigation <br/>- Microsoft Defender Antivirus <br/>- Manual response actions | - Isolate device <br/>- Restrict code execution <br/>- Quarantine a file <br/>- Remove a registry key <br/>- Stop a service <br/>- Disable a driver <br/>- Remove a scheduled task |
+
+### To undo a remediation action
+
+1. Go to the Action center ([https://security.microsoft.com/action-center](https://security.microsoft.com/action-center)) and sign in.
+
+2. On the **History** tab, select an action that you want to undo.
+
+3. In the pane on the right side of the screen, select **Undo**.
+
+### To remove a file from quarantine across multiple devices
+
+1. Go to the Action center ([https://security.microsoft.com/action-center](https://security.microsoft.com/action-center)) and sign in.
+
+2. On the **History** tab, select a file that has the Action type **Quarantine file**.
+
+3. In the pane on the right side of the screen, select **Apply to X more instances of this file**, and then select **Undo**.
+ ## Next steps - [View the details and results of an automated investigation](mtp-autoir-results.md)
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/mtp-autoir-report-false-positives-negatives https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/mtp-autoir-report-false-positives-negatives.md
@@ -1,14 +1,14 @@
---
-title: Handle false positives or false negatives in AIR in Microsoft 365 Defender
+title: Handle false positives or false negatives in AIR in Microsoft 365 Defender
description: Was something missed or wrongly detected by AIR in Microsoft 365 Defender? Learn how to submit false positives or false negatives to Microsoft for analysis. keywords: automated, investigation, alert, trigger, action, remediation, false positive, false negative search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: deniseb author: denisebmsft ms.date: 09/16/2020
@@ -16,11 +16,12 @@ ms.localizationpriority: medium
manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: conceptual ms.custom: autoir ms.reviewer: evaldm, isco
+ms.technology: m365d
--- # Handle false positives/negatives in automated investigation and response capabilities
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/mtp-autoir-results https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/mtp-autoir-results.md
@@ -3,24 +3,25 @@ title: Details and results of an automated investigation
description: During and after an automated investigation, you can view the results and key findings keywords: automated, investigation, results, analyze, details, remediation, autoair search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: deniseb author: denisebmsft ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: conceptual ms.custom: autoir ms.reviewer: evaldm, isco ms.date: 09/16/2020
+ms.technology: m365d
--- # Details and results of an automated investigation
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/mtp-autoir https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/mtp-autoir.md
@@ -1,26 +1,27 @@
---
-title: Automated investigation and response in Microsoft 365 Defender
+title: Automated investigation and response in Microsoft 365 Defender
description: Get an overview of automated investigation and response capabilities, also called self-healing, in Microsoft 365 Defender keywords: automated, investigation, alert, trigger, action, remediation, self-healing search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: deniseb author: denisebmsft ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: conceptual ms.custom: autoir
-ms.date: 12/09/2020
+ms.date: 12/09/2020
ms.reviewer: evaldm, isco
+ms.technology: m365d
--- # Automated investigation and response in Microsoft 365 Defender
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/mtp-configure-auto-investigation-response https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/mtp-configure-auto-investigation-response.md
@@ -7,14 +7,15 @@ ms.author: deniseb
manager: dansimp audience: ITPro ms.topic: article
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
localization_priority: Normal ms.collection: -- M365-security-compliance-- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.custom: autoir ms.reviewer: evaldm, isco f1.keywords: CSH
+ms.technology: m365d
--- # Configure automated investigation and response capabilities in Microsoft 365 Defender
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/mtp-enable-faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/mtp-enable-faq.md
@@ -1,24 +1,25 @@
--- title: Frequently asked questions when turning on Microsoft 365 Defender
-description: Get answers to the most commonly asked questions about licensing, permissions, initial settings, and other products and services related to enabling Microsoft 365 Defender
+description: Get answers to the most commonly asked questions about licensing, permissions, initial settings, and other products and services related to enabling Microsoft 365 Defender
keywords: frequently asked questions, FAQ, GCC, get started, enable MTP, Microsoft Threat Protection, M365, security, data location, required permissions, license eligibility, settings page search.product: eADQiWindows 10XVcnh
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance
ms.topic: conceptual search.appverid: -- MOE150-- MET150
+ - MOE150
+ - MET150
+ms.technology: m365d
--- # Frequently asked questions when turning on Microsoft 365 Defender
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/mtp-enable https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/mtp-enable.md
@@ -1,14 +1,14 @@
--- title: Turn on Microsoft 365 Defender in the Microsoft 365 security center
-description: Learn how to enable Microsoft 365 Defender and start integrating your security incident and response.
+description: Learn how to enable Microsoft 365 Defender and start integrating your security incident and response.
keywords: get started, enable MTP, Microsoft Threat Protection, M365, security, data location, required permissions, license eligibility, settings page search.product: eADQiWindows 10XVcnh
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium
@@ -17,8 +17,9 @@ audience: ITPro
ms.collection: M365-security-compliance ms.topic: conceptual search.appverid: -- MOE150-- MET150
+ - MOE150
+ - MET150
+ms.technology: m365d
--- # Turn on Microsoft 365 Defender
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/mtp-evaluation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/mtp-evaluation.md
@@ -1,25 +1,26 @@
---
-title: Evaluate Microsoft 365 Defender
+title: Evaluate Microsoft 365 Defender
description: Set up your Microsoft 365 Defender trial lab or pilot environment to try out and experience the security solution designed to protect devices, identity, data, and applications in your organization. keywords: Microsoft Threat Protection trial, try Microsoft Threat Protection, evaluate Microsoft Threat Protection, Microsoft Threat Protection evaluation lab, Microsoft Threat Protection pilot, cyber security, advanced persistent threat, enterprise security, devices, device, identity, users, data, applications, incidents, automated investigation and remediation, advanced hunting search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: dolmont author: DulceMontemayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance-- m365solution-overview-- m365solution-evalutatemtp
+ - M365-security-compliance
+ - m365solution-overview
+ - m365solution-evalutatemtp
ms.topic: conceptual
+ms.technology: m365d
--- # Create a Microsoft 365 Defender trial lab or pilot environment
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/mtp-permissions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/mtp-permissions.md
@@ -1,24 +1,25 @@
--- title: Manage access to Microsoft 365 Defender data in the Microsoft 365 security center
-description: Learn how to manage permissions to data in Microsoft 365 Defender
+description: Learn how to manage permissions to data in Microsoft 365 Defender
keywords: access, permissions, MTP, Microsoft Threat Protection, M365, security, MCAS, MDATP, Cloud App Security, Microsoft Defender Advanced Threat Protection, scope, scoping, RBAC search.product: eADQiWindows 10XVcnh
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance
ms.topic: conceptual search.appverid: -- MOE150-- MET150
+ - MOE150
+ - MET150
+ms.technology: m365d
--- # Manage access to Microsoft 365 Defender
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/mtp-pilot-close https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/mtp-pilot-close.md
@@ -1,25 +1,26 @@
---
-title: Summarizing your pilot Microsoft 365 Defender project results
+title: Summarizing your pilot Microsoft 365 Defender project results
description: Conclude your pilot Microsoft 365 Defender project by completing your scorecard, analyzing your report findings, and deciding how to move forward. keywords: Microsoft Threat Protection pilot, decide what to do next after pilot Microsoft Threat Protection project, what to do after evaluating Microsoft Threat Protection in production, transition from Microsoft Threat Protection pilot to deployment, cyber security, advanced persistent threat, enterprise security, devices, device, identity, users, data, applications, incidents, automated investigation and remediation, advanced hunting search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: dolmont author: DulceMontemayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance-- m365solution-scenario-- m365solution-pilotmtpproject
+ - M365-security-compliance
+ - m365solution-scenario
+ - m365solution-pilotmtpproject
ms.topic: conceptual
+ms.technology: m365d
--- # Closing and summarizing your Microsoft 365 Defender pilot
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/mtp-pilot-plan https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/mtp-pilot-plan.md
@@ -1,25 +1,26 @@
---
-title: Planning your pilot Microsoft 365 Defender project
+title: Planning your pilot Microsoft 365 Defender project
description: Plan your pilot Microsoft 365 Defender project with stakeholders to manage expectations and ensure successful outcome. keywords: Microsoft Threat Protection pilot, plan pilot Microsoft Threat Protection project, evaluate Microsoft Threat Protection in production, Microsoft Threat Protection pilot project, cyber security, advanced persistent threat, enterprise security, devices, device, identity, users, data, applications, incidents, automated investigation and remediation, advanced hunting search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: dolmont author: DulceMontemayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance-- m365solution-scenario-- m365solution-pilotmtpproject
+ - M365-security-compliance
+ - m365solution-scenario
+ - m365solution-pilotmtpproject
ms.topic: conceptual
+ms.technology: m365d
--- # Planning your pilot Microsoft 365 Defender project
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/mtp-pilot-simulate https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/mtp-pilot-simulate.md
@@ -4,22 +4,23 @@ description: Run attack simulations for your Microsoft 365 Defender pilot projec
keywords: Microsoft Threat Protection pilot attack simulation, run Microsoft Threat Protection pilot attack simulation, simulate attack in Microsoft Threat Protection, Microsoft Threat Protection pilot project, cyber security, advanced persistent threat, enterprise security, devices, device, identity, users, data, applications, incidents, automated investigation and remediation, advanced hunting search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: dolmont author: DulceMontemayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance-- m365solution-scenario-- m365solution-pilotmtpproject
+ - M365-security-compliance
+ - m365solution-scenario
+ - m365solution-pilotmtpproject
ms.topic: conceptual
+ms.technology: m365d
--- # Run your Microsoft 365 Defender attack simulations
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/mtp-pilot https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/mtp-pilot.md
@@ -1,25 +1,26 @@
---
-title: Run your pilot Microsoft 365 Defender project
+title: Run your pilot Microsoft 365 Defender project
description: Run your pilot Microsoft 365 Defender project in production to effectively determine the benefits and adoption of Microsoft 365 Defender. keywords: Microsoft Threat Protection pilot, run pilot Microsoft Threat Protection project, evaluate Microsoft Threat Protection in production, Microsoft Threat Protection pilot project, cyber security, advanced persistent threat, enterprise security, devices, device, identity, users, data, applications, incidents, automated investigation and remediation, advanced hunting search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: dolmont author: DulceMontemayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance-- m365solution-overview-- m365solution-pilotmtpproject
+ - M365-security-compliance
+ - m365solution-overview
+ - m365solution-pilotmtpproject
ms.topic: conceptual
+ms.technology: m365d
--- # Run your pilot Microsoft 365 Defender project
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/mtp-remediation-actions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/mtp-remediation-actions.md
@@ -1,26 +1,27 @@
---
-title: Remediation actions in Microsoft 365 Defender
+title: Remediation actions in Microsoft 365 Defender
description: Get an overview of remediation actions that follow automated investigations in Microsoft 365 Defender keywords: automated, investigation, alert, trigger, action, remediation search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: deniseb author: denisebmsft ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: conceptual ms.custom: autoir
-ms.date: 12/09/2020
+ms.date: 12/09/2020
ms.reviewer: evaldm, isco
+ms.technology: m365d
--- # Remediation actions in Microsoft 365 Defender
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/mtp-time-zone https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/mtp-time-zone.md
@@ -1,24 +1,25 @@
--- title: Set the time zone for Microsoft 365 Defender features
-description: Learn how to choose the time zone for date and time information associated with incidents, automated investigation and remediation, and advanced hunting
+description: Learn how to choose the time zone for date and time information associated with incidents, automated investigation and remediation, and advanced hunting
keywords: time zone, date, time, MTP, Microsoft Threat Protection, M365, security, incidents, automated investigation and response, AIR, advanced hunting search.product: eADQiWindows 10XVcnh
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance
ms.topic: conceptual search.appverid: -- MOE150-- MET150
+ - MOE150
+ - MET150
+ms.technology: m365d
--- # Set the time zone for Microsoft 365 Defender
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/mtp-whats-new https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/mtp-whats-new.md
@@ -1,24 +1,25 @@
---
-title: What's new in Microsoft 365 security
-description: Learn about new capabilities in Microsoft 365 security
+title: What's new in Microsoft 365 security
+description: Learn about new capabilities in Microsoft 365 security
keywords: new, m365 security, security, 365, capabilities search.product: eADQiWindows 10XVcnh
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: macapara author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance
ms.topic: conceptual search.appverid: -- MOE150-- MET150
+ - MOE150
+ - MET150
+ms.technology: m365d
--- # What's new in Microsoft 365 Security
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/onboard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/onboard.md
@@ -5,7 +5,7 @@ description: Configure and manage Microsoft Defender for Endpoint capabilities s
keywords: configure, manage, capabilities, attack surface reduction, next generation protection, security controls, endpoint detection and response, auto investigation and remediation, security controls, controls search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
@@ -15,9 +15,10 @@ ms.localizationpriority: medium
manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: conceptual
+ms.technology: m365d
--- # Configure and manage Microsoft Defender for Endpoint capabilities
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/overview-security-center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/overview-security-center.md
@@ -2,21 +2,22 @@
title: Overview - Microsoft 365 security center description: Describes monitoring and managing security across your Microsoft identities, data, devices, and apps with Microsoft 365 security. keywords: security, malware, Microsoft 365, M365, security center, monitor, report, identities, data, devices, apps
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.localizationpriority: medium
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: ellevin author: levinec manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article search.appverid: met150 ms.custom: seo-marvel-jun2020
+ms.technology: m365d
--- # Overview of the Microsoft 365 security center
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/portals https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/portals.md
@@ -2,20 +2,21 @@
title: Microsoft security portals and admin centers description: Find the right Microsoft admin center or portal for managing various services related to Microsoft 365 security keywords: security, portals, Microsoft 365, M365, security center, admin center, URL, link, MTP, Microsoft Defender ATP, Microsoft Defender Security Center, Azure ATP, Office 365 ATP, MCAS, WDSI, SCC, Intune, MDM, MEM, ASC, OATP, AATP, Cloud App Security , Azure AD, security & compliance center
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.localizationpriority: medium
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: lomayor author: lomayor manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: article search.appverid: met150
+ms.technology: m365d
--- # Microsoft security portals and admin centers
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/prepare-mtpeval https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/prepare-mtpeval.md
@@ -4,7 +4,7 @@ description: Prepare stakeholder sign-off, timelines, environment considerations
keywords: MTP trial prep, MTP pilot prep, prep for running an MTP pilot project, run a pilot MTP project, deploy, prepare, stakeholder, timeline, environment, endpoint, server, management, adoption search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
@@ -14,10 +14,11 @@ ms.localizationpriority: medium
manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance-- m365solution-scenario-- m365solution-evalutatemtp
-ms.topic: article
+ - M365-security-compliance
+ - m365solution-scenario
+ - m365solution-evalutatemtp
+ms.topic: article
+ms.technology: m365d
--- # Prepare your Microsoft 365 Defender trial lab or pilot environment
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/prerequisites https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/prerequisites.md
@@ -1,24 +1,25 @@
--- title: Microsoft 365 Defender prerequisites
-description: Learn about the licensing, hardware and software requirements, and other configuration settings for Microsoft 365 Defender
-keywords: requirements, prerequisites, hardware, software, browser, MTP, M365, license, E5, A5, EMS, purchase
+description: Learn about the licensing, hardware and software requirements, and other configuration settings for Microsoft 365 Defender
+keywords: requirements, prerequisites, hardware, software, browser, MTP, M365, license, E5, A5, EMS, purchase
search.product: eADQiWindows 10XVcnh
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: macapara author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance
ms.topic: conceptual search.appverid: -- MOE150-- MET150
+ - MOE150
+ - MET150
+ms.technology: m365d
--- # Microsoft 365 Defender prerequisites
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/preview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/preview.md
@@ -1,24 +1,25 @@
--- title: Preview features in Microsoft 365 Defender
-description: Learn about new features in Microsoft 365 security
+description: Learn about new features in Microsoft 365 security
keywords: preview, new, m365 security, security, 365, capabilities search.product: eADQiWindows 10XVcnh
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: macapara author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance
ms.topic: conceptual search.appverid: -- MOE150-- MET150
+ - MOE150
+ - MET150
+ms.technology: m365d
--- # Microsoft 365 Defender preview features
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/setup-mtpeval https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/setup-mtpeval.md
@@ -1,10 +1,10 @@
---
-title: Set up your Microsoft 365 Defender trial lab or pilot environment
+title: Set up your Microsoft 365 Defender trial lab or pilot environment
description: Access Microsoft 365 Security Center then set up your Microsoft 365 Defender trial lab environment
-keywords: Microsoft Threat Protection trial setup, Microsoft Threat Protection pilot setup, try Microsoft Threat Protection, Microsoft Threat Protection evaluation lab setup
+keywords: Microsoft Threat Protection trial setup, Microsoft Threat Protection pilot setup, try Microsoft Threat Protection, Microsoft Threat Protection evaluation lab setup
search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
@@ -14,10 +14,11 @@ ms.localizationpriority: medium
manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance-- m365solution-scenario-- m365solution-evalutatemtp
-ms.topic: article
+ - M365-security-compliance
+ - m365solution-scenario
+ - m365solution-evalutatemtp
+ms.topic: article
+ms.technology: m365d
--- # Set up your Microsoft 365 Defender trial lab environment
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/tickets-security-center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/tickets-security-center.md
@@ -2,23 +2,24 @@
title: Create and track ServiceNow tickets in the Microsoft 365 security center description: Learn how to create and track tickets in ServiceNow from Microsoft 365 security center. keywords: security, Microsoft 365, M365, secure score, security center, ServiceNow, tickets, tasks
-ms.prod: w10
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.localizationpriority: medium
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: ellevin author: levinec manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance
+ - M365-security-compliance
ms.topic: article search.appverid: -- MOE150-- MET150
-ms.custom:
-- seo-marvel-apr2020
+ - MOE150
+ - MET150
+ms.custom:
+ - seo-marvel-apr2020
+ms.technology: m365d
--- # Create and track ServiceNow tickets in the Microsoft 365 security center
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/tickets https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/tickets.md
@@ -2,23 +2,24 @@
title: Integrate ServiceNow tickets into the Microsoft 365 security center and compliance center description: Learn how to create and track tickets in ServiceNow from the Microsoft 365 security center and compliance center. keywords: security, Microsoft 365, M365, compliance, compliance center, security center, ServiceNow, tickets, tasks, SNOW, connection
-ms.prod: w10
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.localizationpriority: medium
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: ellevin author: levinec manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance
+ - M365-security-compliance
ms.topic: article search.appverid: -- MOE150-- MET150
-ms.custom:
-- seo-marvel-apr2020
+ - MOE150
+ - MET150
+ms.custom:
+ - seo-marvel-apr2020
+ms.technology: m365d
--- # Integrate ServiceNow tickets into the Microsoft 365 security center and compliance center
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/top-scoring-industry-tests https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/top-scoring-industry-tests.md
@@ -3,7 +3,7 @@ title: Top scoring in industry tests - Microsoft 365 Defender
ms.reviewer: description: View the latest scores and analysis of Microsoft 365 Defender. It consistently achieves high scores in independent tests (AV-TEST, AV Comparatives, SE Labs, MITRE ATT&CK). View the latest scores and analysis. keywords: Microsoft Defender Antivirus, Windows Defender Antivirus, av reviews, antivirus test, av testing, latest av scores, detection scores, security product testing, security industry tests, industry antivirus tests, best antivirus, av-test, av-comparatives, SE labs, MITRE ATT&CK, endpoint protection platform, EPP, endpoint detection and response, EDR, Windows 10, Microsoft Defender Antivirus, WDAV, MDATP, Microsoft Threat Protection, security, malware, av, antivirus, scores, scoring, next generation protection, ranking, success
-ms.prod: w10
+ms.prod: m365-security
ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: high
@@ -11,9 +11,10 @@ ms.author: ellevin
author: levinec manager: dansimp audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance
ms.topic: article search.appverid: met150
+ms.technology: m365d
--- # Top scoring in industry tests
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/troubleshoot https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/troubleshoot.md
@@ -1,14 +1,14 @@
---
-title: Troubleshoot Microsoft 365 Defender service issues
+title: Troubleshoot Microsoft 365 Defender service issues
description: Find solutions and work arounds to known Microsoft 365 Defender issues keywords: troubleshoot Microsoft Threat Protection, troubleshoot, Azure ATP, issues, add-on, settings page search.product: eADQiWindows 10XVcnh
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: macapara author: mjcaparas ms.localizationpriority: medium
@@ -17,8 +17,9 @@ audience: ITPro
ms.collection: M365-security-compliance ms.topic: conceptual search.appverid: -- MOE150-- MET150
+ - MOE150
+ - MET150
+ms.technology: m365d
--- # Troubleshoot Microsoft 365 Defender service issues
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/whats-new https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/whats-new.md
@@ -4,7 +4,7 @@ description: Lists the new features and functionality in Microsoft 365 Defender
keywords: what's new in microsoft threat protection, ga, generally available, capabilities, available, new search.product: eADQiWindows 10XVcnh search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
ms.mktglfcycl: secure ms.sitesec: library ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance -- m365initiative-m365-defender
+ - M365-security-compliance
+ - m365initiative-m365-defender
ms.topic: conceptual
+ms.technology: m365d
--- # What's new in Microsoft 365 Defender
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/address-compromised-users-quickly https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/address-compromised-users-quickly.md
@@ -1,19 +1,20 @@
---
-title: "Address compromised user accounts with automated investigation and response"
+title: Address compromised user accounts with automated investigation and response
keywords: AIR, autoIR, ATP, automated, investigation, response, remediation, threats, advanced, threat, protection, compromised ms.author: deniseb author: denisebmsft manager: dansimp audience: ITPro ms.topic: article
-ms.service: O365-seccomp
localization_priority: Normal
-search.appverid:
-- MET150-- MOE150
+search.appverid:
+ - MET150
+ - MOE150
ms.collection: M365-security-compliance ms.date: 02/25/2020
-description: "Learn how to speed up the process of detecting and addressing compromised user accounts with automated investigation and response capabilities in Microsoft Defender for Office 365 Plan 2."
+description: Learn how to speed up the process of detecting and addressing compromised user accounts with automated investigation and response capabilities in Microsoft Defender for Office 365 Plan 2.
+ms.technology: mdo
+ms.prod: m365-security
--- # Address compromised user accounts with automated investigation and response
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/admin-submission https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/admin-submission.md
@@ -1,23 +1,24 @@
--- title: Admin submissions
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: siosulli author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: how-to
-ms.service: O365-seccomp
localization_priority: Normal
-search.appverid:
-- MET150
+search.appverid:
+ - MET150
ms.collection: -- M365-security-compliance-- m365initiative-defender-office365
-ms.custom:
-- seo-marvel-apr2020
-description: "Admins can learn how to use the Submissions portal in the Security & Compliance Center to submit suspicious emails, suspected phishing mails, spam, and other potentially harmful messages, URLs, and files to Microsoft for scanning."
+ - M365-security-compliance
+ - m365initiative-defender-office365
+ms.custom:
+ - seo-marvel-apr2020
+description: Admins can learn how to use the Submissions portal in the Security & Compliance Center to submit suspicious emails, suspected phishing mails, spam, and other potentially harmful messages, URLs, and files to Microsoft for scanning.
+ms.technology: mdo
+ms.prod: m365-security
--- # Use Admin Submission to submit suspected spam, phish, URLs, and files to Microsoft
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/advanced-spam-filtering-asf-options https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/advanced-spam-filtering-asf-options.md
@@ -1,23 +1,24 @@
---
-title: "ASF settings in EOP"
-f1.keywords:
-- NOCSH
+title: ASF settings in EOP
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: conceptual
-ms.service: O365-seccomp
localization_priority: Normal
-search.appverid:
-- MET150
+search.appverid:
+ - MET150
ms.assetid: b286f853-b484-4af0-b01f-281fffd85e7a
-ms.collection:
-- M365-security-compliance
-ms.custom:
-- seo-marvel-apr2020
-description: "Admins can learn about the Advanced Spam Filter (ASF) settings that are available in anti-spam policies in Exchange Online Protection (EOP)."
+ms.collection:
+ - M365-security-compliance
+ms.custom:
+ - seo-marvel-apr2020
+description: Admins can learn about the Advanced Spam Filter (ASF) settings that are available in anti-spam policies in Exchange Online Protection (EOP).
+ms.technology: mdo
+ms.prod: m365-security
--- # Advanced Spam Filter (ASF) settings in EOP
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/air-custom-reporting https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/air-custom-reporting.md
@@ -1,25 +1,26 @@
---
-title: "Using custom reporting solutions with automated investigation and response"
+title: Using custom reporting solutions with automated investigation and response
keywords: SIEM, API, AIR, autoIR, ATP, automated investigation, integration, custom report
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: deniseb author: denisebmsft manager: dansimp audience: ITPro ms.topic: article
-ms.service: O365-seccomp
localization_priority: Normal
-search.appverid:
-- MET150-- MOE150
+search.appverid:
+ - MET150
+ - MOE150
ms.collection: -- M365-security-compliance -- m365initiative-defender-office365
-description: "Learn how to integrate automated investigation and response with a custom or third-party reporting solution."
+ - M365-security-compliance
+ - m365initiative-defender-office365
+description: Learn how to integrate automated investigation and response with a custom or third-party reporting solution.
ms.date: 09/29/2020 ms.custom: -- air
+ - air
+ms.technology: mdo
+ms.prod: m365-security
--- # Use the Management Activity API for custom or third-party reporting solutions
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/air-remediation-actions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/air-remediation-actions.md
@@ -1,25 +1,26 @@
---
-title: "Remediation actions following automated investigation in Microsoft Defender for Office 365"
+title: Remediation actions following automated investigation in Microsoft Defender for Office 365
keywords: AIR, autoIR, ATP, automated, investigation, response, remediation, threats, advanced, threat, protection
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: deniseb author: denisebmsft manager: dansimp audience: ITPro ms.topic: article
-ms.service: O365-seccomp
localization_priority: Normal
-search.appverid:
-- MET150-- MOE150
+search.appverid:
+ - MET150
+ - MOE150
ms.collection: -- M365-security-compliance-- m365initiative-defender-office365
-description: "Learn about remediation actions following automated investigation in Microsoft Defender for Office 365."
+ - M365-security-compliance
+ - m365initiative-defender-office365
+description: Learn about remediation actions following automated investigation in Microsoft Defender for Office 365.
ms.date: 09/29/2020 ms.custom: -- air
+ - air
+ms.technology: mdo
+ms.prod: m365-security
--- # Remediation actions following automated investigation in Microsoft Defender for Office 365
@@ -29,7 +30,7 @@ ms.custom:
## Remediation actions
-[Automated investigation and response capabilities](office-365-air.md) (AIR) in [Microsoft Defender for Office 365](office-365-atp.md) include certain remediation actions. Whenever an automated investigation is running or has completed, you'll typically see one or more remediation actions that require approval by your security operations team to proceed. Such remediation actions can include the following:
+[Automated investigation and response capabilities](office-365-air.md) (AIR) in [Microsoft Defender for Office 365](office-365-atp.md) include certain remediation actions. Whenever an automated investigation is running or has completed, you'll typically see one or more remediation actions that require approval by your security operations team to proceed. Such remediation actions can include:
- Soft delete email messages or clusters - Block URL (time-of-click)
@@ -41,25 +42,23 @@ ms.custom:
## Threats and remediation actions
-The following table summarizes threats and appropriate remediation actions in Microsoft Defender for Office 365. In some cases, an automated investigation does not result in a specific remediation action. Your security operations team can further investigate and take appropriate actions as described in the table below.
-
-****
+The table in this section summarizes threats and appropriate remediation actions in Microsoft Defender for Office 365. In some cases, an automated investigation does not result in a specific remediation action. Your security operations team can further investigate and take appropriate actions as described in the table below.
|Category|Threat/risk|Remediation action(s)|
-|---|---|---|
+|:---|:---|:---|
|Email|Malware|Soft delete email/clusterΓÇï <br> If more than a handful of email messages in a cluster contain malware, the cluster is considered to be malicious.ΓÇï| |Email|Malicious URLΓÇï <br> (A malicious URL was detected by [Safe Links in Microsoft Defender for Office 365](atp-safe-links.md)).|Soft delete email/clusterΓÇï <p> Email that contains a malicious URL is considered to be maliciousΓÇï.|
-|Email|Phish|Soft delete email/clusterΓÇï <br> If more than a handful of email messages in a cluster contain phishing attempts, the cluster is considered to be phish.ΓÇï|
+|Email|Phish|Soft delete email/clusterΓÇï <br> If more than a handful of email messages in a cluster contain phishing attempts, the cluster is considered phish.ΓÇï|
|Email|Zapped phishΓÇï <br> (Email messages were delivered and [zappedΓÇï](zero-hour-auto-purge.md).)|Soft delete email/clusterΓÇï <p> Reports are available to view zapped messages. [See if ZAP moved a message and FAQs](zero-hour-auto-purge.md#how-to-see-if-zap-moved-your-message).| |Email|Missed phish email [reported](enable-the-report-message-add-in.md) by a user|[Automated investigation triggered by the user's report](automated-investigation-response-office.md#example-a-user-reported-phish-message-launches-an-investigation-playbook)|
-|Email|Volume anomalyΓÇï <br> (Recent email quantities exceed the previous 7-10 days for matching criteria.ΓÇï)|Automated investigation does not result in a specific pending action. <p> Volume anomaly is not a clear threat, but is merely an indication of larger email volumes in recent days compared to the last 7-10 days. Although this can indicate potential issues, confirmation is needed in terms of either malicious verdicts or a manual review of email messages/clusters. See [Find suspicious email that was delivered](investigate-malicious-email-that-was-delivered.md#find-suspicious-email-that-was-delivered).|
+|Email|Volume anomalyΓÇï <br> (Recent email quantities exceed the previous 7-10 days for matching criteria.ΓÇï)|Automated investigation does not result in a specific pending action. <p> Volume anomaly is not a clear threat, but is merely an indication of larger email volumes in recent days compared to the last 7-10 days. Although volume anomaly can indicate potential issues, confirmation is needed in terms of either malicious verdicts or a manual review of email messages/clusters. See [Find suspicious email that was delivered](investigate-malicious-email-that-was-delivered.md#find-suspicious-email-that-was-delivered).|
|Email|No threats found <br> (The system did not find any threats based on files, urls, or analysis of email cluster verdicts.ΓÇï)|Automated investigation does not result in a specific pending action. <p> Threats found and [zapped](zero-hour-auto-purge.md) after an investigation is complete are not reflected in an investigation's numerical findings, but such threats are viewable in [Threat Explorer](threat-explorer.md).ΓÇï| |User|A user clicked a malicious URL <br> (A user navigated to a page that was later found to be malicious, or a user bypassed a [Safe Links warning page](atp-safe-links.md#warning-pages-from-safe-links) to get to a malicious page.ΓÇï)|Automated investigation does not result in a specific pending action. <p> Use Threat Explorer to [view data about URLs and click verdicts](threat-explorer.md#view-phishing-url-and-click-verdict-data). <p> If your organization is using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/), consider [investigating the user](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/investigate-user) to determine if their account is compromised.| |User|A user is sending malware/phish|Automated investigation does not result in a specific pending action. <p> The user might be reporting malware/phish, or someone could be [spoofing the user](anti-spoofing-protection.md) as part of an attack. Use [Threat Explorer](threat-explorer.md) to view and handle email containing [malware](threat-explorer-views.md#email--malware) or [phish](threat-explorer-views.md#email--phish).|
-|User|Email forwarding <br> (Mailbox forwarding rules are configured, which could be used for data exfiltrationΓÇï.)|Remove forwarding ruleΓÇï <p> Use [mail flow insights](mail-flow-insights-v2.md), including the [Auto-forwarded messages report](mfi-auto-forwarded-messages-report.md), to view more specific details about forwarded email.|
+|User|Email forwarding <br> (Mailbox forwarding rules are configured, which could be used for data exfiltrationΓÇï.)|Remove forwarding ruleΓÇï <p> Use [mail flow insights](mail-flow-insights-v2.md), including the [Autoforwarded messages report](mfi-auto-forwarded-messages-report.md), to view more specific details about forwarded email.|
|User|Email delegation rulesΓÇï <br> (A user's account has delegation set up.)|Remove delegation ruleΓÇï <p> If your organization is using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/), consider [investigating the user](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/investigate-user) who's getting the delegation permission.ΓÇï| |User|Data exfiltration <br> (A user violated email or file-sharing [DLP policies](https://docs.microsoft.com/microsoft-365/compliance/data-loss-prevention-policies).)|Automated investigation does not result in a specific pending action. <p> [View DLP reports and take action](https://docs.microsoft.com/microsoft-365/compliance/view-the-dlp-reports).|
-|User|Anomalous email sending <br> (A user recently sent more email than during the previous 7-10 days.)|Automated investigation does not result in a specific pending action. <p> Sending a lot of email isn't malicious by itself; the user might just have sent email to a large group of recipients for an event. To investigate, use [mail flow insights](mail-flow-insights-v2.md), including the [mail flow map report](mfi-mail-flow-map-report.md) to determine what's going on and take action.|
+|User|Anomalous email sending <br> (A user recently sent more email than during the previous 7-10 days.)|Automated investigation does not result in a specific pending action. <p> Sending a large volume of email isn't malicious by itself; the user might just have sent email to a large group of recipients for an event. To investigate, use [mail flow insights](mail-flow-insights-v2.md), including the [mail flow map report](mfi-mail-flow-map-report.md) to determine what's going on and take action.|
| ## Next steps
@@ -72,4 +71,4 @@ The following table summarizes threats and appropriate remediation actions in Mi
- [Learn about automated investigation in Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) -- [Learn about additional capabilities in Microsoft 365 Defender](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection)
+- [Learn about capabilities in Microsoft 365 Defender](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection)
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/air-report-false-positives-negatives https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/air-report-false-positives-negatives.md
@@ -3,12 +3,12 @@ title: How to report false positives or false negatives following automated inve
description: Was something missed or wrongly detected by AIR in Microsoft Defender for Office 365? Learn how to submit false positives or false negatives to Microsoft for analysis. keywords: automated, investigation, alert, trigger, action, remediation, false positive, false negative search.appverid: met150
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: deniseb author: denisebmsft ms.date: 09/29/2020
@@ -16,11 +16,12 @@ ms.localizationpriority: medium
manager: dansimp audience: ITPro ms.collection: -- M365-security-compliance-- m365initiative-defender-office365
+ - M365-security-compliance
+ - m365initiative-defender-office365
ms.topic: conceptual ms.custom: -- autoir
+ - autoir
+ms.technology: mdo
--- # How to report false positives/negatives in automated investigation and response capabilities
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/air-review-approve-pending-completed-actions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/air-review-approve-pending-completed-actions.md
@@ -1,22 +1,23 @@
---
-title: "Review and approve pending remediation actions in automated investigation and response"
+title: Review and approve pending remediation actions in automated investigation and response
keywords: AIR, autoIR, ATP, automated, investigation, response, remediation, threats, advanced, threat, protection
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: deniseb author: denisebmsft manager: dansimp audience: ITPro ms.topic: article
-ms.service: O365-seccomp
localization_priority: Normal
-search.appverid:
-- MET150-- MOE150
+search.appverid:
+ - MET150
+ - MOE150
ms.collection: -- M365-security-compliance-- m365initiative-defender-office365
-description: "Learn about remediation actions in automated investigation and response capabilities in Microsoft Defender for Office 365 Plan 2."
+ - M365-security-compliance
+ - m365initiative-defender-office365
+description: Learn about remediation actions in automated investigation and response capabilities in Microsoft Defender for Office 365 Plan 2.
+ms.technology: mdo
+ms.prod: m365-security
--- # View pending or completed remediation actions following an automated investigation in Office 365
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/air-view-investigation-results https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/air-view-investigation-results.md
@@ -1,23 +1,24 @@
---
-title: "View the results of an automated investigation in Microsoft 365"
+title: View the results of an automated investigation in Microsoft 365
keywords: AIR, autoIR, ATP, automated, investigation, response, remediation, threats, advanced, threat, protection
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: deniseb author: denisebmsft manager: dansimp audience: ITPro ms.topic: article
-ms.service: O365-seccomp
localization_priority: Normal
-search.appverid:
-- MET150-- MOE150
+search.appverid:
+ - MET150
+ - MOE150
ms.collection: -- M365-security-compliance-- m365initiative-defender-office365
-description: "During and after an automated investigation in Microsoft 365, you can view the results and key findings."
+ - M365-security-compliance
+ - m365initiative-defender-office365
+description: During and after an automated investigation in Microsoft 365, you can view the results and key findings.
ms.date: 11/05/2020
+ms.technology: mdo
+ms.prod: m365-security
--- # Details and results of an automated investigation in Microsoft 365
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/alerts.md
@@ -1,25 +1,26 @@
---
-title: "Alerts in the Security & Compliance Center"
-f1.keywords:
-- NOCSH
+title: Alerts in the Security & Compliance Center
+f1.keywords:
+ - NOCSH
ms.author: tracyp author: MSFTTracyP manager: dansimp
-ms.date:
+ms.date:
audience: Admin ms.topic: hub-page
-ms.service: O365-seccomp
localization_priority: Normal
-search.appverid:
-- MOE150-- MET150-- BCS160
+search.appverid:
+ - MOE150
+ - MET150
+ - BCS160
ms.assetid: 2bb4e7c0-5f7f-4144-b647-cc6a956aaa53 ms.collection: -- M365-security-compliance-- m365initiative-defender-office365
+ - M365-security-compliance
+ - m365initiative-defender-office365
description: Learn about how to use the alerts features in the Office 365 Security & Compliance Center to view and manage alerts, including managing advanced alerts. ms.custom: seo-marvel-apr2020
+ms.technology: mdo
+ms.prod: m365-security
--- # Alerts in the Security & Compliance Center
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-malware-protection-faq-eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-malware-protection-faq-eop.md
@@ -1,23 +1,25 @@
---
-title: "Anti-malware protection FAQ "
-f1.keywords:
-- NOCSH
+title: Anti-malware protection FAQ
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp audience: ITPro ms.topic: troubleshooting
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150
+search.appverid:
+ - MET150
ms.assetid: 013c8a5f-8990-40e4-bfa8-f92ff1042623 ms.collection: -- M365-security-compliance-- m365initiative-defender-office365
-ms.custom:
-- seo-marvel-apr2020
-description: "Admins can view frequently asked questions and answers about anti-malware protection in Exchange Online Protection (EOP)."
+ - M365-security-compliance
+ - m365initiative-defender-office365
+ms.custom:
+ - seo-marvel-apr2020
+description: Admins can view frequently asked questions and answers about anti-malware protection in Exchange Online Protection (EOP).
+ms.technology: mdo
+ms.prod: m365-security
--- # Anti-malware protection FAQ
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-malware-protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-malware-protection.md
@@ -1,23 +1,25 @@
---
-title: "Anti-malware protection"
-f1.keywords:
-- NOCSH
+title: Anti-malware protection
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: overview
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150
+search.appverid:
+ - MET150
ms.assetid: 0e39a0ce-ab8b-4820-8b5e-93fbe1cc11e8 ms.collection: -- M365-security-compliance-- m365initiative-defender-office365
-description: "Admins can learn about anti-malware protection and anti-malware policies that protect against viruses, spyware, and ransomware in Exchange Online Protection (EOP)."
+ - M365-security-compliance
+ - m365initiative-defender-office365
+description: Admins can learn about anti-malware protection and anti-malware policies that protect against viruses, spyware, and ransomware in Exchange Online Protection (EOP).
ms.custom: seo-marvel-apr2020
+ms.technology: mdo
+ms.prod: m365-security
--- # Anti-malware protection in EOP
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-phishing-protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-phishing-protection.md
@@ -1,25 +1,27 @@
---
-title: "Anti-phishing protection"
-f1.keywords:
-- NOCSH
+title: Anti-phishing protection
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: conceptual
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150
+search.appverid:
+ - MET150
ms.assetid: 75af74b2-c7ea-4556-a912-8c48e07271d3 ms.collection: -- M365-security-compliance-- m365initiative-defender-office365
-ms.custom:
-- TopSMBIssues-- seo-marvel-apr2020
-description: "Admins can learn about the anti-phishing protection features in Exchange Online Protection (EOP) and Microsoft Defender for Office 365."
+ - M365-security-compliance
+ - m365initiative-defender-office365
+ms.custom:
+ - TopSMBIssues
+ - seo-marvel-apr2020
+description: Admins can learn about the anti-phishing protection features in Exchange Online Protection (EOP) and Microsoft Defender for Office 365.
+ms.technology: mdo
+ms.prod: m365-security
--- # Anti-phishing protection in Microsoft 365
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spam-and-anti-malware-protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-spam-and-anti-malware-protection.md
@@ -1,22 +1,24 @@
---
-title: "Anti-spam and anti-malware protection"
-f1.keywords:
-- NOCSH
+title: Anti-spam and anti-malware protection
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: Admin ms.topic: overview
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150
+search.appverid:
+ - MET150
ms.assetid: 5ce5cf47-2120-4e51-a403-426a13358b7e ms.collection: -- M365-security-compliance-- m365initiative-defender-office365
-description: "Admins can learn about the built-in anti-spam and anti-malware protection that's available in Exchange Online Protection (EOP)."
+ - M365-security-compliance
+ - m365initiative-defender-office365
+description: Admins can learn about the built-in anti-spam and anti-malware protection that's available in Exchange Online Protection (EOP).
+ms.technology: mdo
+ms.prod: m365-security
--- # Anti-spam and anti-malware protection in EOP
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spam-message-headers https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-spam-message-headers.md
@@ -1,22 +1,24 @@
---
-title: "Anti-spam message headers"
-f1.keywords:
-- NOCSH
+title: Anti-spam message headers
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp audience: ITPro ms.topic: conceptual
-ms.service: O365-seccomp
+ localization_priority: Priority
-search.appverid:
-- MET150
+search.appverid:
+ - MET150
ms.assetid: 2e3fcfc5-5604-4b88-ac0a-c5c45c03f1db ms.collection: -- M365-security-compliance-- m365initiative-defender-office365
-description: "Admins can learn about the header fields that are added to messages by Exchange Online Protection (EOP). These header fields provide information about the message and how it was processed."
+ - M365-security-compliance
+ - m365initiative-defender-office365
+description: Admins can learn about the header fields that are added to messages by Exchange Online Protection (EOP). These header fields provide information about the message and how it was processed.
ms.custom: seo-marvel-apr2020
+ms.technology: mdo
+ms.prod: m365-security
--- # Anti-spam message headers in Microsoft 365
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spam-protection-faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-spam-protection-faq.md
@@ -1,23 +1,25 @@
---
-title: "Anti-spam protection FAQ"
-f1.keywords:
-- NOCSH
+title: Anti-spam protection FAQ
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp audience: ITPro ms.topic: troubleshooting
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150
+search.appverid:
+ - MET150
ms.assetid: c534a35d-b121-45da-9d0a-ce738ce51fce ms.collection: -- M365-security-compliance-- m365initiative-defender-office365
-ms.custom:
-- seo-marvel-apr2020
-description: "Admins can view frequently asked questions and answers about anti-spam protection in Exchange Online Protection (EOP)."
+ - M365-security-compliance
+ - m365initiative-defender-office365
+ms.custom:
+ - seo-marvel-apr2020
+description: Admins can view frequently asked questions and answers about anti-spam protection in Exchange Online Protection (EOP).
+ms.technology: mdo
+ms.prod: m365-security
--- # Anti-spam protection FAQ
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spam-protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-spam-protection.md
@@ -1,25 +1,27 @@
---
-title: "Anti-spam protection"
-f1.keywords:
-- NOCSH
+title: Anti-spam protection
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: Admin ms.topic: overview
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150-- MOE150
+search.appverid:
+ - MET150
+ - MOE150
ms.assetid: 6a601501-a6a8-4559-b2e7-56b59c96a586 ms.collection: -- M365-security-compliance-- m365initiative-defender-office365
-ms.custom:
-- seo-marvel-apr2020
-description: "Admins can learn about the anti-spam settings and filters that will help prevent spam in Exchange Online Protection (EOP)."
+ - M365-security-compliance
+ - m365initiative-defender-office365
+ms.custom:
+ - seo-marvel-apr2020
+description: Admins can learn about the anti-spam settings and filters that will help prevent spam in Exchange Online Protection (EOP).
+ms.technology: mdo
+ms.prod: m365-security
--- # Anti-spam protection in EOP
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spoofing-protection-faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-spoofing-protection-faq.md
@@ -1,22 +1,24 @@
---
-title: "Anti-spoofing protection FAQ"
-f1.keywords:
-- NOCSH
+title: Anti-spoofing protection FAQ
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: troubleshooting
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150
-ms.assetid:
+search.appverid:
+ - MET150
+ms.assetid:
ms.collection: -- M365-security-compliance-- m365initiative-defender-office365
-description: "Admins can view frequently asked questions and answers about anti-spoofing protection in Exchange Online Protection (EOP)."
+ - M365-security-compliance
+ - m365initiative-defender-office365
+description: Admins can view frequently asked questions and answers about anti-spoofing protection in Exchange Online Protection (EOP).
+ms.technology: mdo
+ms.prod: m365-security
--- # Anti-spoofing protection FAQ
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spoofing-protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-spoofing-protection.md
@@ -1,26 +1,28 @@
---
-title: "Anti-spoofing protection"
-f1.keywords:
-- NOCSH
+title: Anti-spoofing protection
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: overview
-ms.service: O365-seccomp
-search.appverid:
-- MET150+
+search.appverid:
+ - MET150
ms.assetid: d24bb387-c65d-486e-93e7-06a4f1a436c0
-ms.collection:
-- M365-security-compliance-- Strat_O365_IP-- m365initiative-defender-office365
+ms.collection:
+ - M365-security-compliance
+ - Strat_O365_IP
+ - m365initiative-defender-office365
ms.custom: -- TopSMBIssues-- seo-marvel-apr2020
+ - TopSMBIssues
+ - seo-marvel-apr2020
localization_priority: Priority
-description: "Admins can learn about the anti-spoofing features that are available in Exchange Online Protection (EOP), which can help mitigate against phishing attacks from spoofed senders and domains."
+description: Admins can learn about the anti-spoofing features that are available in Exchange Online Protection (EOP), which can help mitigate against phishing attacks from spoofed senders and domains.
+ms.technology: mdo
+ms.prod: m365-security
--- # Anti-spoofing protection in EOP
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/atp-for-spo-odb-and-teams https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/atp-for-spo-odb-and-teams.md
@@ -1,40 +1,42 @@
---
-title: "ATP for SharePoint, OneDrive, and Microsoft Teams"
-f1.keywords:
-- NOCSH
+title: Safe Attachments for SharePoint, OneDrive, and Microsoft Teams
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp audience: Admin
-ms.date:
+ms.date:
ms.topic: conceptual
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150-- MOE150
+search.appverid:
+ - MET150
+ - MOE150
ms.assetid: 26261670-db33-4c53-b125-af0662c34607
-ms.collection:
-- M365-security-compliance-- SPO_Content-- m365initiative-defender-office365
-ms.custom:
-- seo-marvel-apr2020-- seo-marvel-jun2020
-description: "Learn about Microsoft Defender for Office 365 for files in SharePoint Online, OneDrive for Business, and Microsoft Teams."
+ms.collection:
+ - M365-security-compliance
+ - SPO_Content
+ - m365initiative-defender-office365
+ms.custom:
+ - seo-marvel-apr2020
+ - seo-marvel-jun2020
+description: Learn about Microsoft Defender for Office 365 for files in SharePoint Online, OneDrive for Business, and Microsoft Teams.
+ms.technology: mdo
+ms.prod: m365-security
---
-# ATP for SharePoint, OneDrive, and Microsoft Teams
+# Safe Attachments for SharePoint, OneDrive, and Microsoft Teams
[!INCLUDE [Microsoft 365 Defender rebranding](../includes/microsoft-defender-for-office.md)]
-ATP for SharePoint, OneDrive, and Microsoft Teams in [Microsoft Defender for Office 365](office-365-atp.md) provides an additional layer of protection for files that have already been scanned at upload time by the [common virus detection engine in Microsoft 365](virus-detection-in-spo.md). ATP for SharePoint, OneDrive, and Microsoft Teams helps detect and block existing files that are identified as malicious in team sites and document libraries.
+Safe Attachments for SharePoint, OneDrive, and Microsoft Teams in [Microsoft Defender for Office 365](office-365-atp.md) provides an additional layer of protection for files that have already been scanned at upload time by the [common virus detection engine in Microsoft 365](virus-detection-in-spo.md). Safe Attachments for SharePoint, OneDrive, and Microsoft Teams helps detect and block existing files that are identified as malicious in team sites and document libraries.
-ATP for SharePoint, OneDrive, and Microsoft Teams is not enabled by default. To turn it on, see [Turn on ATP for SharePoint, OneDrive, and Microsoft Teams](turn-on-atp-for-spo-odb-and-teams.md).
+Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is not enabled by default. To turn it on, see [Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](turn-on-atp-for-spo-odb-and-teams.md).
-## How ATP for SharePoint, OneDrive, and Microsoft Teams works
+## How Safe Attachments for SharePoint, OneDrive, and Microsoft Teams works
-When ATP for SharePoint, OneDrive, and Microsoft Teams is enabled and identifies a file as malicious, the file is locked using direct integration with the file stores. The following image shows an example of a malicious file detected in a library.
+When Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is enabled and identifies a file as malicious, the file is locked using direct integration with the file stores. The following image shows an example of a malicious file detected in a library.
![Files in OneDrive for Business with one detected as malicious](../../media/2bba71cc-7ad1-4799-8b9d-d56f923db3a7.png)
@@ -52,7 +54,7 @@ SharePoint Online admins can prevent people from downloading malicious files. Fo
To learn more about the user experience when a file has been detected as malicious, see [What to do when a malicious file is found in SharePoint Online, OneDrive, or Microsoft Teams](https://support.microsoft.com/office/01e902ad-a903-4e0f-b093-1e1ac0c37ad2).
-## View information about malicious files detected by ATP for SharePoint, OneDrive, and Microsoft Teams
+## View information about malicious files detected by Safe Attachments for SharePoint, OneDrive, and Microsoft Teams
Files that are identified as malicious by Microsoft Defender for Office 365 will show up in [reports for Microsoft Defender for Office 365](view-reports-for-atp.md) and in [Explorer (and real-time detections)](threat-explorer.md).
@@ -64,4 +66,4 @@ As of May 2018, when a file is identified as malicious by Microsoft Defender for
- Make sure your SharePoint sites are configured to use the [Modern experience](https://docs.microsoft.com/sharepoint/guide-to-sharepoint-modern-experience). Defender for Office 365 protection applies whether the Modern experience or the Classic view is used; however, visual indicators that a file is blocked are available only in the Modern experience. -- ATP for SharePoint, OneDrive, and Microsoft Teams is part of your organization's overall threat protection strategy, which includes anti-spam and anti-malware protection in Exchange Online Protection (EOP), as well as Safe Links and Safe Attachments in Microsoft Defender for Office 365. To learn more, see [Protect against threats in Office 365](protect-against-threats.md).
+- Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is part of your organization's overall threat protection strategy, which includes anti-spam and anti-malware protection in Exchange Online Protection (EOP), as well as Safe Links and Safe Attachments in Microsoft Defender for Office 365. To learn more, see [Protect against threats in Office 365](protect-against-threats.md).
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/atp-safe-attachments https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/atp-safe-attachments.md
@@ -1,24 +1,26 @@
---
-title: "Safe Attachments"
-f1.keywords:
-- NOCSH
+title: Safe Attachments
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp audience: Admin
-ms.date:
+ms.date:
ms.topic: overview
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150-- MOE150
+search.appverid:
+ - MET150
+ - MOE150
ms.assetid: 6e13311e-92ae-495e-a619-56d770199170 ms.collection: -- M365-security-compliance-- m365initiative-defender-office365-- seo-marvel-apr2020
-description: "Admins can learn about the Safe Attachments feature in Microsoft Defender for Office 365."
+ - M365-security-compliance
+ - m365initiative-defender-office365
+ - seo-marvel-apr2020
+description: Admins can learn about the Safe Attachments feature in Microsoft Defender for Office 365.
+ms.technology: mdo
+ms.prod: m365-security
--- # Safe Attachments in Microsoft Defender for Office 365
@@ -46,7 +48,7 @@ Safe Attachments scanning takes place in the same region where your Microsoft 36
> [!NOTE] > The following features are located in the global settings are of Safe Attachments policies in the Security & Compliance Center, but these settings are enabled or disabled globally, and don't require Safe Attachments policies: >
-> - [ATP for SharePoint, OneDrive, and Microsoft Teams](atp-for-spo-odb-and-teams.md).
+> - [Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](atp-for-spo-odb-and-teams.md).
> > - [Safe Documents in Microsoft 365 E5](safe-docs.md)
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/atp-safe-links https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/atp-safe-links.md
@@ -1,31 +1,33 @@
---
-title: "Safe Links"
-f1.keywords:
-- NOCSH
+title: Safe Links
+f1.keywords:
+ - NOCSH
ms.author: tracyp author: MSFTTracyP manager: dansimp audience: Admin ms.article: overview
-f1_keywords:
-- '197503'
-ms.service: O365-seccomp
+f1_keywords:
+ - '197503'
+ localization_priority: Normal
-ms.collection:
-- Strat_O365_IP-- M365-security-compliance-- m365initiative-defender-office365
-ms.custom:
-- seo-marvel-apr2020
-search.appverid:
-- MET150-- MOE150-- ZVO160-- ZXL160-- ZPP160-- ZWD160
+ms.collection:
+ - Strat_O365_IP
+ - M365-security-compliance
+ - m365initiative-defender-office365
+ms.custom:
+ - seo-marvel-apr2020
+search.appverid:
+ - MET150
+ - MOE150
+ - ZVO160
+ - ZXL160
+ - ZPP160
+ - ZWD160
ms.assetid: dd6a1fef-ec4a-4cf4-a25a-bb591c5811e3
-description: "In this article, admins can learn about Safe Links protection in Defender for Office 365 to protect their organization from phishing and other attacks that use malicious URLs."
+description: In this article, admins can learn about Safe Links protection in Defender for Office 365 to protect their organization from phishing and other attacks that use malicious URLs.
+ms.technology: mdo
+ms.prod: m365-security
--- # Safe Links in Microsoft Defender for Office 365
@@ -246,7 +248,7 @@ You configure the list of URLs in the global settings for Safe Links. For instru
**Notes**: -- For a truly universal list of URLs that are blocked everywhere, see [Manage URLs in the Tenant Allow/Block List](tenant-allow-block-list.md).
+- For a truly universal list of URLs that are blocked everywhere, see [Manage the Tenant Allow/Block List](tenant-allow-block-list.md).
- Limits: - The maximum number of entries is 500.
@@ -291,7 +293,7 @@ To add entries to the list in new or existing Safe Links policies, see [Create S
- Microsoft Teams - Office web apps
- For a truly universal list of URLs that are allowed everywhere, see [Manage URLs in the Tenant Allow/Block List](tenant-allow-block-list.md).
+ For a truly universal list of URLs that are allowed everywhere, see [Manage the Tenant Allow/Block List](tenant-allow-block-list.md).
- Consider adding commonly used internal URLs to the list to improve the user experience. For example, if you have on-premises services, such as Skype for Business or SharePoint, you can add those URLs to exclude them from scanning.
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-get-started https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulation-training-get-started.md
@@ -1,24 +1,26 @@
---
-title: "Get started using Attack simulation training"
-f1.keywords:
-- NOCSH
+title: Get started using Attack simulation training
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp audience: ITPro ms.topic: how-to
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150-- MOE150
+search.appverid:
+ - MET150
+ - MOE150
ms.assetid: da5845db-c578-4a41-b2cb-5a09689a551b
-ms.collection:
-- M365-security-compliance-- m365initiative-m365-defender
-ms.custom:
-- seo-marvel-apr2020
-description: "Admins can learn how to use Attack simulation training to run simulated phishing and password attacks in their Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2 organizations."
+ms.collection:
+ - M365-security-compliance
+ - m365initiative-m365-defender
+ms.custom:
+ - seo-marvel-apr2020
+description: Admins can learn how to use Attack simulation training to run simulated phishing and password attacks in their Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2 organizations.
+ms.technology: mdo
+ms.prod: m365-security
--- # Get started using Attack simulation training
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-insights https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulation-training-insights.md
@@ -1,16 +1,17 @@
---
-title: "Gain insights through Attack simulation training"
+title: Gain insights through Attack simulation training
ms.author: chrisda author: chrisda manager: dansimp audience: ITPro ms.topic: conceptual
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
localization_priority: Normal ms.collection: -- M365-security-compliance-- m365initiative-defender-office365
-description: "Admins can learn how Attack simulation training in the Microsoft 365 security center affects employees and can gain insights from simulation and training outcomes."
+ - M365-security-compliance
+ - m365initiative-defender-office365
+description: Admins can learn how Attack simulation training in the Microsoft 365 security center affects employees and can gain insights from simulation and training outcomes.
+ms.technology: mdo
--- # Gain insights through Attack simulation training
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-payloads https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulation-training-payloads.md
@@ -1,16 +1,17 @@
---
-title: "Create a payload for Attack simulation training"
+title: Create a payload for Attack simulation training
ms.author: daniha author: danihalfin manager: dansimp audience: ITPro ms.topic: how-to
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
localization_priority: Normal ms.collection: -- M365-security-compliance-- m365initiative-defender-office365
-description: "Admins can learn how to create custom payloads for Attack simulation training in Microsoft Defender for Office 365."
+ - M365-security-compliance
+ - m365initiative-defender-office365
+description: Admins can learn how to create custom payloads for Attack simulation training in Microsoft Defender for Office 365.
+ms.technology: mdo
--- # Create a custom payload for Attack simulation training
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulation-training.md
@@ -1,16 +1,17 @@
---
-title: "Simulate a phishing attack with Microsoft Defender for Office 365"
+title: Simulate a phishing attack with Microsoft Defender for Office 365
ms.author: chrisda author: chrisda manager: dansimp audience: ITPro ms.topic: how-to
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
localization_priority: Normal ms.collection: -- M365-security-compliance-- m365initiative-defender-office365
-description: "Admins can learn how to simulate phishing attacks and train their users on phishing prevention using Attack simulation training in Microsoft Defender for Office 365."
+ - M365-security-compliance
+ - m365initiative-defender-office365
+description: Admins can learn how to simulate phishing attacks and train their users on phishing prevention using Attack simulation training in Microsoft Defender for Office 365.
+ms.technology: mdo
--- # Simulate a phishing attack
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulator https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulator.md
@@ -1,24 +1,26 @@
---
-title: "Attack Simulator in Microsoft Defender for Office 365"
-f1.keywords:
-- NOCSH
+title: Attack Simulator in Microsoft Defender for Office 365
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp audience: ITPro ms.topic: how-to
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150-- MOE150
+search.appverid:
+ - MET150
+ - MOE150
ms.assetid: da5845db-c578-4a41-b2cb-5a09689a551b ms.collection: -- M365-security-compliance-- m365initiative-defender-office365
-ms.custom:
-- seo-marvel-apr2020
-description: "Admins can learn how to use Attack Simulator to run simulated phishing and password attacks in their Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2 organizations."
+ - M365-security-compliance
+ - m365initiative-defender-office365
+ms.custom:
+ - seo-marvel-apr2020
+description: Admins can learn how to use Attack Simulator to run simulated phishing and password attacks in their Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2 organizations.
+ms.technology: mdo
+ms.prod: m365-security
--- # Attack Simulator in Microsoft Defender for Office 365
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/auditing-reports-in-eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/auditing-reports-in-eop.md
@@ -1,17 +1,19 @@
---
-title: "Auditing reports in standalone EOP"
-f1.keywords:
-- NOCSH
+title: Auditing reports in standalone EOP
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: overview
-ms.service: O365-seccomp
+ localization_priority: Normal ms.assetid: 003d7a74-3e16-4453-ae0c-9dbae51f66d1
-description: "Admins can learn about the administrator auditing reports that are available in Exchange Online Protection (EOP)"
+description: Admins can learn about the administrator auditing reports that are available in Exchange Online Protection (EOP)
+ms.technology: mdo
+ms.prod: m365-security
--- # Auditing reports in standalone EOP
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/automated-investigation-response-office https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/automated-investigation-response-office.md
@@ -1,26 +1,28 @@
---
-title: "How automated investigation and response works in Microsoft Defender for Office 365"
-f1.keywords:
-- NOCSH
+title: How automated investigation and response works in Microsoft Defender for Office 365
+f1.keywords:
+ - NOCSH
ms.author: deniseb author: denisebmsft manager: dansimp audience: ITPro ms.topic: article
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150-- MOE150
+search.appverid:
+ - MET150
+ - MOE150
ms.collection: -- M365-security-compliance-- m365initiative-defender-office365
+ - M365-security-compliance
+ - m365initiative-defender-office365
keywords: automated incident response, investigation, remediation, threat protection ms.date: 11/05/2020
-description: "See how automated investigation and response capabilities work in Microsoft Defender for Office 365"
+description: See how automated investigation and response capabilities work in Microsoft Defender for Office 365
ms.custom: -- air-- seo-marvel-mar2020
+ - air
+ - seo-marvel-mar2020
+ms.technology: mdo
+ms.prod: m365-security
--- # How automated investigation and response works in Microsoft Defender for Office 365
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/azure-ip-protection-features https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/azure-ip-protection-features.md
@@ -1,23 +1,25 @@
---
-title: "Protection features in Azure Information Protection rolling out to existing tenants"
-f1.keywords:
-- NOCSH
+title: Protection features in Azure Information Protection rolling out to existing tenants
+f1.keywords:
+ - NOCSH
ms.author: krowley author: kccross manager: laurawi ms.date: 6/29/2018 audience: ITPro ms.topic: article
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150
+search.appverid:
+ - MET150
ms.assetid: 7ad6f58e-65d7-4c82-8e65-0b773666634d
-ms.collection:
-- M365-security-compliance
-ms.custom:
-- seo-marvel-apr2020
-description: "This article explains the changes being rolled out to the protection features in Azure Information Protection"
+ms.collection:
+ - M365-security-compliance
+ms.custom:
+ - seo-marvel-apr2020
+description: This article explains the changes being rolled out to the protection features in Azure Information Protection
+ms.technology: mdo
+ms.prod: m365-security
--- # Protection features in Azure Information Protection rolling out to existing tenants
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/backscatter-messages-and-eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/backscatter-messages-and-eop.md
@@ -1,23 +1,25 @@
---
-title: "Backscatter in EOP"
-f1.keywords:
-- NOCSH
+title: Backscatter in EOP
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: conceptual
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150
+search.appverid:
+ - MET150
ms.assetid: 6f64f2de-d626-48ed-8084-03cc72301aa4
-ms.collection:
-- M365-security-compliance
-ms.custom:
-- seo-marvel-apr2020
-description: "In this article, you'll learn about Backscatter and Microsoft Exchange Online Protection (EOP)"
+ms.collection:
+ - M365-security-compliance
+ms.custom:
+ - seo-marvel-apr2020
+description: In this article, you'll learn about Backscatter and Microsoft Exchange Online Protection (EOP)
+ms.technology: mdo
+ms.prod: m365-security
--- # Backscatter in EOP
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/best-practices-for-configuring-eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/best-practices-for-configuring-eop.md
@@ -1,16 +1,18 @@
---
-title: "Best practices for configuring EOP"
-f1.keywords:
-- NOCSH
+title: Best practices for configuring EOP
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp audience: ITPro ms.topic: conceptual
-ms.service: O365-seccomp
+ localization_priority: Normal ms.assetid: faf1efd1-3b0c-411a-804d-17f37292eac0
-description: "Follow these best-practice recommendations for standalone Exchange Online Protection (EOP) in order to set yourself up for success and avoid common configuration errors."
+description: Follow these best-practice recommendations for standalone Exchange Online Protection (EOP) in order to set yourself up for success and avoid common configuration errors.
+ms.technology: mdo
+ms.prod: m365-security
--- # Best practices for configuring standalone EOP
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/bulk-complaint-level-values https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/bulk-complaint-level-values.md
@@ -1,21 +1,23 @@
--- title: Bulk complaint level values
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: conceptual
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150
+search.appverid:
+ - MET150
ms.assetid: a5b03b3c-37dd-429e-8e9b-2c1b25031794
-ms.collection:
-- M365-security-compliance
-description: "Admins can learn about bulk compliance level (BCL) values that are used in Exchange Online Protection (EOP)."
+ms.collection:
+ - M365-security-compliance
+description: Admins can learn about bulk compliance level (BCL) values that are used in Exchange Online Protection (EOP).
+ms.technology: mdo
+ms.prod: m365-security
--- # Bulk complaint level (BCL) in EOP
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/campaigns https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/campaigns.md
@@ -1,23 +1,25 @@
---
-title: "Campaign Views in Microsoft Defender for Office 365 Plan"
-f1.keywords:
-- NOCSH
+title: Campaign Views in Microsoft Defender for Office 365 Plan
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp ms.reviewer: mcostea
-ms.date:
+ms.date:
audience: ITPro ms.topic: conceptual
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150
-ms.assetid:
-ms.collection:
-- M365-security-compliance-- m365initiative-defender-office365
-description: "Learn about Campaign Views in Microsoft Defender for Office 365."
+search.appverid:
+ - MET150
+ms.assetid:
+ms.collection:
+ - M365-security-compliance
+ - m365initiative-defender-office365
+description: Learn about Campaign Views in Microsoft Defender for Office 365.
+ms.technology: mdo
+ms.prod: m365-security
--- # Campaign Views in Microsoft Defender for Office 365
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configuration-analyzer-for-security-policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configuration-analyzer-for-security-policies.md
@@ -1,22 +1,24 @@
---
-title: "Configuration analyzer for security policies"
-f1.keywords:
-- NOCSH
+title: Configuration analyzer for security policies
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.reviewer:
-ms.date:
+ms.reviewer:
+ms.date:
audience: ITPro ms.topic: how-to
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150
-ms.assetid:
-ms.collection:
-- M365-security-compliance
-description: "Admins can learn how to use the configuration analyzer to find and fix security policies that are below the Standard protection and Strict protection preset security policies."
+search.appverid:
+ - MET150
+ms.assetid:
+ms.collection:
+ - M365-security-compliance
+description: Admins can learn how to use the configuration analyzer to find and fix security policies that are below the Standard protection and Strict protection preset security policies.
+ms.technology: mdo
+ms.prod: m365-security
--- # Configuration analyzer for protection policies in EOP and Microsoft Defender for Office 365
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-anti-malware-policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-anti-malware-policies.md
@@ -1,23 +1,25 @@
---
-title: "Configure anti-malware policies"
-f1.keywords:
-- NOCSH
+title: Configure anti-malware policies
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: how-to
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150
+search.appverid:
+ - MET150
ms.assetid: b0cfc21f-e3c6-41b6-8670-feb2b2e252e5 ms.collection: -- M365-security-compliance-- m365initiative-defender-office365
-description: "Admins can learn how to view, create, modify, and remove anti-malware policies in Exchange Online Protection (EOP)."
+ - M365-security-compliance
+ - m365initiative-defender-office365
+description: Admins can learn how to view, create, modify, and remove anti-malware policies in Exchange Online Protection (EOP).
ms.custom: seo-marvel-apr2020
+ms.technology: mdo
+ms.prod: m365-security
--- # Configure anti-malware policies in EOP
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-anti-phishing-policies-eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-anti-phishing-policies-eop.md
@@ -1,19 +1,21 @@
---
-title: "Configure anti-phishing policies in EOP"
-f1.keywords:
-- NOCSH
+title: Configure anti-phishing policies in EOP
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp audience: ITPro ms.topic: how-to
-ms.date:
-ms.service: O365-seccomp
+ms.date:
+ localization_priority: Normal
-ms.assetid:
-ms.collection:
-- M365-security-compliance
-description: "Admins can learn how to create, modify, and delete the anti-phishing policies that are available in Exchange Online Protection (EOP) organizations with or without Exchange Online mailboxes."
+ms.assetid:
+ms.collection:
+ - M365-security-compliance
+description: Admins can learn how to create, modify, and delete the anti-phishing policies that are available in Exchange Online Protection (EOP) organizations with or without Exchange Online mailboxes.
+ms.technology: mdo
+ms.prod: m365-security
--- # Configure anti-phishing policies in EOP
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-atp-anti-phishing-policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-atp-anti-phishing-policies.md
@@ -1,19 +1,21 @@
---
-title: "Configure anti-phishing policies in Microsoft Defender for Office 365"
-f1.keywords:
-- NOCSH
+title: Configure anti-phishing policies in Microsoft Defender for Office 365
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp audience: ITPro ms.topic: how-to
-ms.date:
-ms.service: O365-seccomp
+ms.date:
+ localization_priority: Normal
-ms.assetid:
-ms.collection:
-- M365-security-compliance
-description: "Admins can learn how to create, modify, and delete the advanced anti-phishing policies that are available in organizations with Microsoft Defender for Office 365."
+ms.assetid:
+ms.collection:
+ - M365-security-compliance
+description: Admins can learn how to create, modify, and delete the advanced anti-phishing policies that are available in organizations with Microsoft Defender for Office 365.
+ms.technology: mdo
+ms.prod: m365-security
--- # Configure anti-phishing policies in Microsoft Defender for Office 365
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-global-settings-for-safe-links https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-global-settings-for-safe-links.md
@@ -1,22 +1,24 @@
---
-title: "Configure global settings for Safe Links settings in Defender for Office 365"
-f1.keywords:
-- NOCSH
+title: Configure global settings for Safe Links settings in Defender for Office 365
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp audience: Admin ms.topic: how-to
-ms.date:
-ms.service: O365-seccomp
+ms.date:
+ localization_priority: Normal
-search.appverid:
-- MET150-- MOE150
-ms.assetid:
-ms.collection:
-- M365-security-compliance
-description: "Admins can learn how to view and configure global settings (the 'Block the following URLs' list and protection for Office 365 apps) for Safe Links in Microsoft Defender for Office 365."
+search.appverid:
+ - MET150
+ - MOE150
+ms.assetid:
+ms.collection:
+ - M365-security-compliance
+description: Admins can learn how to view and configure global settings (the 'Block the following URLs' list and protection for Office 365 apps) for Safe Links in Microsoft Defender for Office 365.
+ms.technology: mdo
+ms.prod: m365-security
--- # Configure global settings for Safe Links in Microsoft Defender for Office 365
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-groups-and-users-for-a-political-campaign-dev-test-environment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-groups-and-users-for-a-political-campaign-dev-test-environment.md
@@ -1,23 +1,25 @@
--- title: Configure groups & users - Political campaign dev/test environment
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: josephd author: JoeDavies-MSFT manager: laurawi ms.date: 12/15/2017 audience: ITPro ms.topic: article
-ms.collection:
-- Ent_O365-- Strat_O365_Enterprise
-ms.service: O365-seccomp
+ms.collection:
+ - Ent_O365
+ - Strat_O365_Enterprise
+ localization_priority: Priority
-search.appverid:
-- MET150
+search.appverid:
+ - MET150
ms.assetid: 0e22bcf3-bad3-42a4-b44f-276e0cf4790f description: "Summary: Create Office 365 and Enterprise Mobility + Security (EMS) trial subscriptions with users and groups for a political campaign dev/test environment." ms.custom: seo-marvel-apr2020
+ms.technology: mdo
+ms.prod: m365-security
--- # Configure groups and users for a political campaign dev/test environment
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-junk-email-settings-on-exo-mailboxes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-junk-email-settings-on-exo-mailboxes.md
@@ -1,21 +1,23 @@
---
-title: "Configure junk email settings on Exchange Online mailboxes"
+title: Configure junk email settings on Exchange Online mailboxes
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: Admin ms.topic: how-to
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MOE150-- MED150-- MBS150-- MET150
-ms.collection:
-- M365-security-compliance
-description: "Admins can learn how to configure the junk email settings in Exchange Online mailboxes. Many of these settings are available to users in Outlook or Outlook on the web."
+search.appverid:
+ - MOE150
+ - MED150
+ - MBS150
+ - MET150
+ms.collection:
+ - M365-security-compliance
+description: Admins can learn how to configure the junk email settings in Exchange Online mailboxes. Many of these settings are available to users in Outlook or Outlook on the web.
+ms.technology: mdo
+ms.prod: m365-security
--- # Configure junk email settings on Exchange Online mailboxes
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-s-mime-settings-for-outlook-web-app https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-s-mime-settings-for-outlook-web-app.md
@@ -1,21 +1,23 @@
--- title: Configure S/MIME settings - Exchange Online for Outlook on web
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp audience: ITPro ms.topic: how-to
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150
+search.appverid:
+ - MET150
ms.assetid: c7dee22c-9b5b-425c-91a9-d093204ff84e
-ms.collection:
-- M365-security-compliance
-description: "A brief description of what Exchange Online admins need to do to view and configure the S/MIME settings in Outlook on the web in Exchange Online."
+ms.collection:
+ - M365-security-compliance
+description: A brief description of what Exchange Online admins need to do to view and configure the S/MIME settings in Outlook on the web in Exchange Online.
ms.custom: seo-marvel-apr2020
+ms.technology: mdo
+ms.prod: m365-security
--- # Configure S/MIME settings in Exchange Online for Outlook on the web
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-the-connection-filter-policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-the-connection-filter-policy.md
@@ -1,23 +1,25 @@
--- title: Configure the default connection filter policy
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: how-to
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150
+search.appverid:
+ - MET150
ms.assetid: 6ae78c12-7bbe-44fa-ab13-c3768387d0e3
-ms.collection:
-- M365-security-compliance
-ms.custom:
-- seo-marvel-apr2020
-description: "Admins can learn how to configure connection filtering in Exchange Online Protection (EOP) to allow or block emails from email servers."
+ms.collection:
+ - M365-security-compliance
+ms.custom:
+ - seo-marvel-apr2020
+description: Admins can learn how to configure connection filtering in Exchange Online Protection (EOP) to allow or block emails from email servers.
+ms.technology: mdo
+ms.prod: m365-security
--- # Configure connection filtering
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-the-outbound-spam-policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-the-outbound-spam-policy.md
@@ -1,23 +1,25 @@
---
-title: "Configure outbound spam filtering"
-f1.keywords:
-- NOCSH
+title: Configure outbound spam filtering
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: how-to
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150
+search.appverid:
+ - MET150
ms.assetid: a44764e9-a5d2-4c67-8888-e7fb871c17c7
-ms.collection:
-- M365-security-compliance
-ms.custom:
-- seo-marvel-apr2020
-description: "Admins can learn how to view, create, modify, and delete outbound spam policies in Exchange Online Protection (EOP)."
+ms.collection:
+ - M365-security-compliance
+ms.custom:
+ - seo-marvel-apr2020
+description: Admins can learn how to view, create, modify, and delete outbound spam policies in Exchange Online Protection (EOP).
+ms.technology: mdo
+ms.prod: m365-security
--- # Configure outbound spam filtering in EOP
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-your-spam-filter-policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-your-spam-filter-policies.md
@@ -1,21 +1,23 @@
---
-title: "Configure spam filter policies"
-f1.keywords:
-- NOCSH
+title: Configure spam filter policies
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: how-to
-ms.service: O365-seccomp
+ localization_priority: Priority
-search.appverid:
-- MET150
+search.appverid:
+ - MET150
ms.assetid: 316544cb-db1d-4c25-a5b9-c73bbcf53047
-ms.collection:
-- M365-security-compliance
-description: "Admins can learn how to view, create, modify, and delete anti-spam policies in Exchange Online Protection (EOP)."
+ms.collection:
+ - M365-security-compliance
+description: Admins can learn how to view, create, modify, and delete anti-spam policies in Exchange Online Protection (EOP).
+ms.technology: mdo
+ms.prod: m365-security
--- # Configure anti-spam policies in EOP
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/create-block-sender-lists-in-office-365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/create-block-sender-lists-in-office-365.md
@@ -1,18 +1,20 @@
---
-title: "Create blocked sender lists"
-f1.keywords:
-- NOCSH
+title: Create blocked sender lists
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: how-to
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150s
-description: "Admins can learn about the available and preferred options to block inbound messages in Exchange Online Protection (EOP)."
+search.appverid:
+ - MET150s
+description: Admins can learn about the available and preferred options to block inbound messages in Exchange Online Protection (EOP).
+ms.technology: mdo
+ms.prod: m365-security
--- # Create blocked sender lists in EOP
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/create-safe-sender-lists-in-office-365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/create-safe-sender-lists-in-office-365.md
@@ -1,21 +1,23 @@
---
-title: "Create safe sender lists"
-f1.keywords:
-- NOCSH
+title: Create safe sender lists
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: how-to
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150s
+search.appverid:
+ - MET150s
ms.assetid: 9721b46d-cbea-4121-be51-542395e6fd21
-ms.custom:
-- seo-marvel-apr2020
-description: "Admins can learn about the available and preferred options to allow inbound messages in Exchange Online Protection (EOP)."
+ms.custom:
+ - seo-marvel-apr2020
+description: Admins can learn about the available and preferred options to allow inbound messages in Exchange Online Protection (EOP).
+ms.technology: mdo
+ms.prod: m365-security
--- # Create safe sender lists in EOP
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/create-team-sites-in-a-political-campaign-dev-test-environment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/create-team-sites-in-a-political-campaign-dev-test-environment.md
@@ -1,7 +1,7 @@
--- title: Create team sites - Political campaign dev environment
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: josephd author: JoeDavies-MSFT manager: laurawi
@@ -9,15 +9,17 @@ ms.date: 05/21/2018
audience: ITPro ms.topic: article ms.collection: -- Ent_O365-- Strat_O365_Enterprise
-ms.service: O365-seccomp
+ - Ent_O365
+ - Strat_O365_Enterprise
+ localization_priority: Priority
-search.appverid:
-- MET150
+search.appverid:
+ - MET150
ms.custom: seo-marvel-apr2020 ms.assetid: c2112ce8-1c4b-424f-b200-59e161db2d21 description: "Summary: Create public, private, sensitive, and highly confidential SharePoint Online team sites in your political campaign dev/test environment."
+ms.technology: mdo
+ms.prod: m365-security
--- # Create team sites in a political campaign dev/test environment
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/delegated-administration-faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/delegated-administration-faq.md
@@ -1,19 +1,21 @@
---
-title: "Delegated administration FAQ"
-f1.keywords:
-- NOCSH
+title: Delegated administration FAQ
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: troubleshooting
-ms.service: O365-seccomp
+ localization_priority: Normal ms.assetid: d6a87ce8-2c22-433a-b430-5eab14f6afdc
-ms.custom:
-- seo-marvel-apr2020
-description: "Admins can view frequently asked questions and answers about delegated administration tasks in Microsoft 365 for Microsoft partners and resellers."
+ms.custom:
+ - seo-marvel-apr2020
+description: Admins can view frequently asked questions and answers about delegated administration tasks in Microsoft 365 for Microsoft partners and resellers.
+ms.technology: mdo
+ms.prod: m365-security
--- # Delegated administration FAQ
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/deploy-an-isolated-sharepoint-online-team-site https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/deploy-an-isolated-sharepoint-online-team-site.md
@@ -1,21 +1,23 @@
---
-title: "Deploy an isolated SharePoint Online team site"
-f1.keywords:
-- NOCSH
+title: Deploy an isolated SharePoint Online team site
+f1.keywords:
+ - NOCSH
ms.author: josephd author: JoeDavies-MSFT manager: laurawi ms.date: 07/30/2019 audience: ITPro ms.topic: article
-ms.service: O365-seccomp
+ localization_priority: Normal ms.collection: Ent_O365 ms.custom:
- - Ent_Solutions
- - seo-marvel-apr2020
+ - Ent_Solutions
+ - seo-marvel-apr2020
ms.assetid: 3033614b-e23b-4f68-9701-f62525eafaab description: Use this step-by-step deployment guide to create and configure an isolated SharePoint Online team site in Microsoft Office 365.
+ms.technology: mdo
+ms.prod: m365-security
--- # Deploy an isolated SharePoint Online team site
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/design-an-isolated-sharepoint-online-team-site https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/design-an-isolated-sharepoint-online-team-site.md
@@ -1,23 +1,25 @@
---
-title: "Design an isolated SharePoint Online team site"
-f1.keywords:
-- NOCSH
+title: Design an isolated SharePoint Online team site
+f1.keywords:
+ - NOCSH
ms.author: josephd author: JoeDavies-MSFT manager: laurawi ms.date: 12/15/2017 audience: ITPro ms.topic: article
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150
+search.appverid:
+ - MET150
ms.collection: Ent_O365
-ms.custom:
- - Ent_Solutions
- - seo-marvel-apr2020
+ms.custom:
+ - Ent_Solutions
+ - seo-marvel-apr2020
ms.assetid: 775a4e9e-3135-4a48-b32f-bbdd9f2bd0aa description: Design isolated SharePoint Online team sites, including determine permission levels, assign permissions to users with access groups, and nested Azure AD groups.
+ms.technology: mdo
+ms.prod: m365-security
--- # Design an isolated SharePoint Online team site
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/detect-and-remediate-illicit-consent-grants https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/detect-and-remediate-illicit-consent-grants.md
@@ -1,22 +1,24 @@
---
-title: "Detect and Remediate Illicit Consent Grants"
-f1.keywords:
-- NOCSH
+title: Detect and Remediate Illicit Consent Grants
+f1.keywords:
+ - NOCSH
ms.author: tracyp author: MSFTTracyp manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: article
-ms.collection:
-- o365_security_incident_response-- M365-security-compliance
-ms.service: O365-seccomp
+ms.collection:
+ - o365_security_incident_response
+ - M365-security-compliance
+ localization_priority: Normal
-search.appverid:
-- MET150
+search.appverid:
+ - MET150
description: Learn how to recognize and remediate the illicit consent grants attack in Microsoft Office 365. ms.custom: seo-marvel-apr2020
+ms.technology: mdo
+ms.prod: m365-security
--- # Detect and Remediate Illicit Consent Grants
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/detect-and-remediate-outlook-rules-forms-attack https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/detect-and-remediate-outlook-rules-forms-attack.md
@@ -1,22 +1,24 @@
---
-title: "Detect and remediate the Outlook rules and custom forms injections attacks."
-f1.keywords:
-- NOCSH
+title: Detect and remediate the Outlook rules and custom forms injections attacks.
+f1.keywords:
+ - NOCSH
ms.author: tracyp author: MSFTTracyp manager: dansimp ms.date: 04/23/2018 audience: ITPro ms.topic: article
-ms.collection:
-- o365_security_incident_response-- M365-security-compliance
-ms.service: O365-seccomp
+ms.collection:
+ - o365_security_incident_response
+ - M365-security-compliance
+ localization_priority: Normal
-search.appverid:
-- MET150
-description: "Learn how to recognize and remediate the Outlook rules and custom forms injections attacks in Office 365"
+search.appverid:
+ - MET150
+description: Learn how to recognize and remediate the Outlook rules and custom forms injections attacks in Office 365
ms.custom: seo-marvel-apr2020
+ms.technology: mdo
+ms.prod: m365-security
--- # Detect and Remediate Outlook Rules and Custom Forms Injections Attacks
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/email-validation-and-authentication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/email-validation-and-authentication.md
@@ -1,23 +1,25 @@
---
-title: "Email authentication in Microsoft 365"
-f1.keywords:
-- NOCSH
+title: Email authentication in Microsoft 365
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: conceptual
-ms.service: O365-seccomp
-search.appverid:
-- MET150
-ms.assetid:
-ms.collection:
-- M365-security-compliance-- Strat_O365_IP+
+search.appverid:
+ - MET150
+ms.assetid:
+ms.collection:
+ - M365-security-compliance
+ - Strat_O365_IP
ms.custom: TopSMBIssues localization_priority: Priority
-description: "Admins can learn how EOP uses email authentication (SPF, DKIM, and DMARC) to help prevent spoofing, phishing, and spam."
+description: Admins can learn how EOP uses email authentication (SPF, DKIM, and DMARC) to help prevent spoofing, phishing, and spam.
+ms.technology: mdo
+ms.prod: m365-security
--- # Email authentication in EOP
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/enable-the-report-message-add-in https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/enable-the-report-message-add-in.md
@@ -1,21 +1,23 @@
---
-title: "Enable the Report Message add-in"
-f1.keywords:
-- NOCSH
+title: Enable the Report Message add-in
+f1.keywords:
+ - NOCSH
ms.author: siosulli author: chrisda manager: dansimp audience: Admin ms.topic: how-to
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150-- MOE150
+search.appverid:
+ - MET150
+ - MOE150
ms.assetid: 4250c4bc-6102-420b-9e0a-a95064837676
-ms.collection:
-- M365-security-compliance
-description: "Learn how to enable the Report Message add-in for Outlook and Outlook on the web, for individual users or your entire organization."
+ms.collection:
+ - M365-security-compliance
+description: Learn how to enable the Report Message add-in for Outlook and Outlook on the web, for individual users or your entire organization.
+ms.technology: mdo
+ms.prod: m365-security
--- # Enable the Report Message add-in
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/enable-the-report-phish-add-in https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/enable-the-report-phish-add-in.md
@@ -1,21 +1,23 @@
---
-title: "Enable the Report Phish add-in"
-f1.keywords:
-- NOCSH
+title: Enable the Report Phish add-in
+f1.keywords:
+ - NOCSH
ms.author: siosulli author: chrisda manager: dansimp audience: Admin ms.topic: how-to
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150-- MOE150
+search.appverid:
+ - MET150
+ - MOE150
ms.assetid: 4250c4bc-6102-420b-9e0a-a95064837676
-ms.collection:
-- M365-security-compliance
-description: "Learn how to enable the Report Phishing add-in for Outlook and Outlook on the web, for individual users or your entire organization."
+ms.collection:
+ - M365-security-compliance
+description: Learn how to enable the Report Phishing add-in for Outlook and Outlook on the web, for individual users or your entire organization.
+ms.technology: mdo
+ms.prod: m365-security
--- # Enable the Report Phishing add-in
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/ensure-that-spam-is-routed-to-each-user-s-junk-email-folder https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/ensure-that-spam-is-routed-to-each-user-s-junk-email-folder.md
@@ -1,22 +1,24 @@
---
-title: "Configure EOP to junk spam in hybrid environments"
-f1.keywords:
-- NOCSH
+title: Configure EOP to junk spam in hybrid environments
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: MSFTTracyP manager: chrisda
-ms.date:
+ms.date:
audience: ITPro ms.topic: how-to
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150
+search.appverid:
+ - MET150
ms.assetid: 0cbaccf8-4afc-47e3-a36d-a84598a55fb8
-ms.collection:
-- M365-security-compliance
-description: "Admins can learn how to route spam to user Junk Email folders in an Exchange Online Protection hybrid environment."
+ms.collection:
+ - M365-security-compliance
+description: Admins can learn how to route spam to user Junk Email folders in an Exchange Online Protection hybrid environment.
ms.custom: seo-marvel-apr2020
+ms.technology: mdo
+ms.prod: m365-security
--- # Configure standalone EOP to deliver spam to the Junk Email folder in hybrid environments
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/eop-features https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/eop-features.md
@@ -1,17 +1,19 @@
---
-title: "EOP features"
-f1.keywords:
-- NOCSH
+title: EOP features
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: overview
-ms.service: O365-seccomp
+ localization_priority: Normal ms.assetid: 599b8048-1056-457b-aae4-c063138fd319
-description: "The following table provides a list of features that are available in the Exchange Online Protection (EOP) hosted email filtering service."
+description: The following table provides a list of features that are available in the Exchange Online Protection (EOP) hosted email filtering service.
+ms.technology: mdo
+ms.prod: m365-security
--- # EOP features
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/eop-general-faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/eop-general-faq.md
@@ -1,19 +1,21 @@
---
-title: "EOP general FAQ"
-f1.keywords:
-- NOCSH
+title: EOP general FAQ
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: troubleshooting
-ms.service: O365-seccomp
+ localization_priority: Normal ms.assetid: 9dbff00a-474e-4452-aeb5-5be9a6b8c6d5
-ms.custom:
-- seo-marvel-apr2020
-description: "Get answers to the most common general questions about the Exchange Online Protection (EOP) cloud-hosted email filtering service."
+ms.custom:
+ - seo-marvel-apr2020
+description: Get answers to the most common general questions about the Exchange Online Protection (EOP) cloud-hosted email filtering service.
+ms.technology: mdo
+ms.prod: m365-security
--- # EOP general FAQ
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/eop-queued-deferred-and-bounced-messages-faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/eop-queued-deferred-and-bounced-messages-faq.md
@@ -1,19 +1,21 @@
---
-title: "EOP queued, deferred, and bounced messages FAQ"
-f1.keywords:
-- NOCSH
+title: EOP queued, deferred, and bounced messages FAQ
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: troubleshooting
-ms.service: O365-seccomp
+ localization_priority: Normal ms.assetid: 9d015a0d-52a0-484d-9a08-121d04f973d3
-ms.custom:
-- seo-marvel-apr2020
-description: "Find answers to the most common questions about messages that have been queued, deferred, or bounced during the Exchange Online Protection (EOP) filtering process."
+ms.custom:
+ - seo-marvel-apr2020
+description: Find answers to the most common questions about messages that have been queued, deferred, or bounced during the Exchange Online Protection (EOP) filtering process.
+ms.technology: mdo
+ms.prod: m365-security
--- # EOP queued, deferred, and bounced messages FAQ
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/exchange-admin-center-in-exchange-online-protection-eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/exchange-admin-center-in-exchange-online-protection-eop.md
@@ -1,21 +1,23 @@
---
-title: "Exchange admin center in standalone EOP"
-f1.keywords:
-- NOCSH
+title: Exchange admin center in standalone EOP
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: overview
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150
+search.appverid:
+ - MET150
ms.assetid: 97921f0e-832f-40c7-b56d-414faede5191
-ms.collection:
-- M365-security-compliance
-description: "Learn about the web management interface in standalone Exchange Online Protection (EOP)."
+ms.collection:
+ - M365-security-compliance
+description: Learn about the web management interface in standalone Exchange Online Protection (EOP).
+ms.technology: mdo
+ms.prod: m365-security
--- # Exchange admin center in standalone EOP
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/exchange-online-protection-overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/exchange-online-protection-overview.md
@@ -1,19 +1,21 @@
---
-title: "Exchange Online Protection (EOP) overview"
-f1.keywords:
-- NOCSH
+title: Exchange Online Protection (EOP) overview
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp ms.date: 09/18/2020 audience: ITPro ms.topic: overview
-ms.service: O365-seccomp
+ localization_priority: Normal ms.assetid: 1270a65f-ddc3-4430-b500-4d3a481efb1e
-ms.custom:
-- seo-marvel-apr2020
-description: "Learn how Exchange Online Protection (EOP) can help protect your on-premises email organization in standalone and hybrid environments."
+ms.custom:
+ - seo-marvel-apr2020
+description: Learn how Exchange Online Protection (EOP) can help protect your on-premises email organization in standalone and hybrid environments.
+ms.technology: mdo
+ms.prod: m365-security
--- # Exchange Online Protection overview
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/external-email-forwarding https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/external-email-forwarding.md
@@ -1,19 +1,21 @@
---
-title: "Configuring and controlling external email forwarding, Automatic forwarding, 5.7.520 Access Denied, disable external forwarding, Your administrator has disabled external forwarding, outbound anti-spam policy"
-f1.keywords:
-- NOCSH
+title: Configuring and controlling external email forwarding, Automatic forwarding, 5.7.520 Access Denied, disable external forwarding, Your administrator has disabled external forwarding, outbound anti-spam policy
+f1.keywords:
+ - NOCSH
ms.author: tracyp author: MSFTTracyP manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: overview
-ms.service: O365-seccomp
+ localization_priority: Normal ms.assetid:
-ms.custom:
-- seo-marvel-apr2020
-description: "."
+ms.custom:
+ - seo-marvel-apr2020
+description: .
+ms.technology: mdo
+ms.prod: m365-security
--- # Control automatic external email forwarding in Microsoft 365
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/feature-permissions-in-eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/feature-permissions-in-eop.md
@@ -1,17 +1,19 @@
---
-title: "Feature permissions in EOP"
-f1.keywords:
-- NOCSH
+title: Feature permissions in EOP
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: conceptual
-ms.service: O365-seccomp
+ localization_priority: Normal ms.assetid: 34674847-a6b7-4a7e-9eaa-b64f22bc150d
-description: "Learn about the permission that are required for tasks in standalone Exchange Online Protection"
+description: Learn about the permission that are required for tasks in standalone Exchange Online Protection
+ms.technology: mdo
+ms.prod: m365-security
--- # Permissions in standalone EOP
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/find-and-release-quarantined-messages-as-a-user https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/find-and-release-quarantined-messages-as-a-user.md
@@ -1,24 +1,26 @@
--- title: Find and release quarantined messages as a user
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: Consumer/IW ms.topic: how-to
-ms.service: O365-seccomp
+ localization_priority: Priority
-search.appverid:
-- MET150-- MEW150
+search.appverid:
+ - MET150
+ - MEW150
ms.assetid: efff08ec-68ff-4099-89b7-266e3c4817be
-ms.collection:
-- M365-security-compliance
-ms.custom:
-- seo-marvel-apr2020
-description: "Users can learn how to view and manage quarantined messages in Exchange Online Protection (EOP) that should have been delivered to them."
+ms.collection:
+ - M365-security-compliance
+ms.custom:
+ - seo-marvel-apr2020
+description: Users can learn how to view and manage quarantined messages in Exchange Online Protection (EOP) that should have been delivered to them.
+ms.technology: mdo
+ms.prod: m365-security
--- # Find and release quarantined messages as a user in EOP
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/grant-access-to-the-security-and-compliance-center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/grant-access-to-the-security-and-compliance-center.md
@@ -1,24 +1,26 @@
---
-title: "Give users access to the Security & Compliance Center"
-f1.keywords:
-- NOCSH
+title: Give users access to the Security & Compliance Center
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: Admin ms.topic: how-to
-f1_keywords:
-- 'ms.o365.cc.PermissionsHelp'
-ms.service: O365-seccomp
+f1_keywords:
+ - 'ms.o365.cc.PermissionsHelp'
+ localization_priority: Normal ms.collection: Strat_O365_IP
-search.appverid:
-- MOE150-- MET150
+search.appverid:
+ - MOE150
+ - MET150
ms.assetid: 2cfce2c8-20c5-47f9-afc4-24b059c1bd76
-description: "Users need to be assigned permissions in the Microsoft 365 Security & Compliance Center before they can manage any of its security or compliance features."
+description: Users need to be assigned permissions in the Microsoft 365 Security & Compliance Center before they can manage any of its security or compliance features.
ms.custom: seo-marvel-apr2020
+ms.technology: mdo
+ms.prod: m365-security
--- # Give users access to the Security & Compliance Center
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/help-and-support-for-eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/help-and-support-for-eop.md
@@ -1,17 +1,19 @@
---
-title: "Help and support for EOP"
-f1.keywords:
-- NOCSH
+title: Help and support for EOP
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: conceptual
-ms.service: O365-seccomp
+ localization_priority: Normal ms.assetid: 64535a0a-1044-413f-8bc2-ed8e8a0bc54c
-description: "Microsoft provides help for EOP in a variety of places and methods including self-support and assisted-support."
+description: Microsoft provides help for EOP in a variety of places and methods including self-support and assisted-support.
+ms.technology: mdo
+ms.prod: m365-security
--- # Help and support for EOP
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/high-risk-delivery-pool-for-outbound-messages https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/high-risk-delivery-pool-for-outbound-messages.md
@@ -1,21 +1,23 @@
---
-title: "Outbound delivery pools"
-f1.keywords:
-- NOCSH
+title: Outbound delivery pools
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: conceptual
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150
+search.appverid:
+ - MET150
ms.assetid: ac11edd9-2da3-462d-8ea3-bbf9dbc6f948
-ms.collection:
-- M365-security-compliance
-description: "Learn how the delivery pools are used to protect the reputation of email servers in the Microsoft 365 datacenters."
+ms.collection:
+ - M365-security-compliance
+description: Learn how the delivery pools are used to protect the reputation of email servers in the Microsoft 365 datacenters.
+ms.technology: mdo
+ms.prod: m365-security
--- # Outbound delivery pools
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/how-office-365-uses-spf-to-prevent-spoofing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/how-office-365-uses-spf-to-prevent-spoofing.md
@@ -1,23 +1,25 @@
--- title: How Sender Policy Framework (SPF) prevents spoofing
-f1.keywords:
-- CSH
+f1.keywords:
+ - CSH
ms.author: tracyp author: MSFTTracyP manager: dansimp ms.date: 12/15/2016 audience: ITPro ms.topic: article
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150
+search.appverid:
+ - MET150
ms.assetid: 3aff33c5-1416-4867-a23b-e0c0c5b4d2be
-ms.collection:
-- M365-security-compliance
-ms.custom:
-- seo-marvel-apr2020
-description: "Learn how Microsoft 365 uses the Sender Policy Framework (SPF) TXT record in DNS to ensure that destination email systems trust messages sent from your custom domain."
+ms.collection:
+ - M365-security-compliance
+ms.custom:
+ - seo-marvel-apr2020
+description: Learn how Microsoft 365 uses the Sender Policy Framework (SPF) TXT record in DNS to ensure that destination email systems trust messages sent from your custom domain.
+ms.technology: mdo
+ms.prod: m365-security
--- # How Microsoft 365 uses Sender Policy Framework (SPF) to prevent spoofing
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/how-office-365-validates-the-from-address https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/how-office-365-validates-the-from-address.md
@@ -1,23 +1,25 @@
---
-title: "How EOP validates the From address to prevent phishing"
-f1.keywords:
-- NOCSH
+title: How EOP validates the From address to prevent phishing
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: conceptual
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- OWC150-- MET150
+search.appverid:
+ - OWC150
+ - MET150
ms.assetid: eef8408b-54d3-4d7d-9cf7-ad2af10b2e0e
-ms.collection:
-- M365-security-compliance
-description: "Admins can learn about the types of email addresses that are accepted or rejected by Exchange Online Protection (EOP) and Outlook.com to help prevent phishing."
+ms.collection:
+ - M365-security-compliance
+description: Admins can learn about the types of email addresses that are accepted or rejected by Exchange Online Protection (EOP) and Outlook.com to help prevent phishing.
ms.custom: seo-marvel-apr2020
+ms.technology: mdo
+ms.prod: m365-security
--- # How EOP validates the From address to prevent phishing
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/how-policies-and-protections-are-combined https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/how-policies-and-protections-are-combined.md
@@ -1,21 +1,23 @@
--- title: Order and precedence of email protection keywords: security, malware, Microsoft 365, M365, security center, ATP, Microsoft Defender ATP, Office 365 ATP, Azure ATP
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: conceptual
-ms.service: O365-seccomp
+ localization_priority: Normal
-ms.collection:
-- M365-security-compliance
-ms.custom:
-- seo-marvel-apr2020
-description: "Admins can learn about the application order of protections in Exchange Online Protection (EOP), and how the priority value in protection policies determines which policy is applied."
+ms.collection:
+ - M365-security-compliance
+ms.custom:
+ - seo-marvel-apr2020
+description: Admins can learn about the application order of protections in Exchange Online Protection (EOP), and how the priority value in protection policies determines which policy is applied.
+ms.technology: mdo
+ms.prod: m365-security
--- # Order and precedence of email protection
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/identity-access-policies-guest-access https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/identity-access-policies-guest-access.md
@@ -1,22 +1,23 @@
--- title: Identity and device access policies for allowing guest and external user B2B access - Microsoft 365 for enterprise | Microsoft Docs description: Describes the recommended Conditional Access and related policies for protecting access of guests and external users.
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.topic: article ms.author: josephd author: JoeDavies-MSFT manager: Laurawi
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.reviewer: martincoetzer ms.custom: -- it-pro-- goldenconfig
+ - it-pro
+ - goldenconfig
ms.collection: -- M365-identity-device-management-- M365-security-compliance-- m365solution-identitydevice-- m365solution-scenario
+ - M365-identity-device-management
+ - M365-security-compliance
+ - m365solution-identitydevice
+ - m365solution-scenario
+ms.technology: mdo
--- # Policies for allowing guest access and B2B external user access
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/identity-access-policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/identity-access-policies.md
@@ -4,20 +4,21 @@ description: Describes the recommended common identity and device access policie
ms.author: josephd author: JoeDavies-MSFT manager: Laurawi
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.topic: article
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.reviewer: martincoetzer ms.custom: -- it-pro-- goldenconfig
+ - it-pro
+ - goldenconfig
ms.collection: -- M365-identity-device-management-- M365-security-compliance-- remotework-- m365solution-identitydevice-- m365solution-scenario
+ - M365-identity-device-management
+ - M365-security-compliance
+ - remotework
+ - m365solution-identitydevice
+ - m365solution-scenario
+ms.technology: mdo
--- # Common identity and device access policies
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/identity-access-prerequisites https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/identity-access-prerequisites.md
@@ -4,20 +4,21 @@ description: This article describes the prerequisites you need to meet to use id
ms.author: josephd author: JoeDavies-MSFT manager: Laurawi
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.topic: article ms.date: 09/01/2020
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.reviewer: martincoetzer ms.custom: -- it-pro-- goldenconfig
+ - it-pro
+ - goldenconfig
ms.collection: -- M365-identity-device-management-- M365-security-compliance-- m365solution-identitydevice-- m365solution-scenario
+ - M365-identity-device-management
+ - M365-security-compliance
+ - m365solution-identitydevice
+ - m365solution-scenario
+ms.technology: mdo
--- # Prerequisite work for implementing identity and device access policies
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/index https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/index.md
@@ -6,15 +6,17 @@ manager: dansimp
ms.date: 08/13/2020 audience: Admin ms.topic: overview
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150-- MOE150
+search.appverid:
+ - MET150
+ - MOE150
ms.collection: -- M365-security-compliance-- m365initiative-defender-office365
-description: "Security in Office 365, from EOP to Defender for Office 365 Plans 1 and 2, Standard vs. Strict security configurations, and more. Understand what you have, and how to secure your properties."
+ - M365-security-compliance
+ - m365initiative-defender-office365
+description: Security in Office 365, from EOP to Defender for Office 365 Plans 1 and 2, Standard vs. Strict security configurations, and more. Understand what you have, and how to secure your properties.
+ms.technology: mdo
+ms.prod: m365-security
--- # Office 365 Security overview
@@ -119,7 +121,7 @@ This quick-reference will help you understand what capabilities come with each M
|Defender for Office 365 Plan 1|Defender for Office 365 Plan 2| |---|---|
-|Configuration, protection, and detection capabilities: <ul><li>[Safe Attachments](atp-safe-attachments.md)</li><li>[Safe Links](atp-safe-links.md)</li><li>[ATP for SharePoint, OneDrive, and Microsoft Teams](atp-for-spo-odb-and-teams.md)</li><li>[Anti-phishing protection in Defender for Office 365](set-up-anti-phishing-policies.md#exclusive-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365)</li><li>[Real-time detections](threat-explorer.md)</li></ul>|Defender for Office 365 Plan 1 capabilities <p> --- plus --- <p> Automation, investigation, remediation, and education capabilities: <ul><li>[Threat Trackers](threat-trackers.md)</li><li>[Threat Explorer](threat-explorer.md)</li><li>[Automated investigation and response](office-365-air.md)</li><li>[Attack Simulator](attack-simulator.md)</li></ul>|
+|Configuration, protection, and detection capabilities: <ul><li>[Safe Attachments](atp-safe-attachments.md)</li><li>[Safe Links](atp-safe-links.md)</li><li>[Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](atp-for-spo-odb-and-teams.md)</li><li>[Anti-phishing protection in Defender for Office 365](set-up-anti-phishing-policies.md#exclusive-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365)</li><li>[Real-time detections](threat-explorer.md)</li></ul>|Defender for Office 365 Plan 1 capabilities <p> --- plus --- <p> Automation, investigation, remediation, and education capabilities: <ul><li>[Threat Trackers](threat-trackers.md)</li><li>[Threat Explorer](threat-explorer.md)</li><li>[Automated investigation and response](office-365-air.md)</li><li>[Attack Simulator](attack-simulator.md)</li></ul>|
| - Microsoft Defender for Office 365 Plan 2 is included in Office 365 E5, Office 365 A5, and Microsoft 365 E5.
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/install-app-guard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/install-app-guard.md
@@ -1,20 +1,22 @@
--- title: Application Guard for Office 365 (public preview) for admins keywords: application guard, protection, isolation, isolated container, hardware isolation
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: maccruz author: schmurky manager: dansimp audience: ITPro ms.topic: article
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150-- MOE150
+search.appverid:
+ - MET150
+ - MOE150
ms.collection: M365-security-compliance
-description: "Get the latest in hardware-based isolation. Prevent current and emerging attacks like exploits or malicious links from disrupting employee productivity and enterprise security."
+description: Get the latest in hardware-based isolation. Prevent current and emerging attacks like exploits or malicious links from disrupting employee productivity and enterprise security.
+ms.technology: mdo
+ms.prod: m365-security
--- # Application Guard for Office (public preview) for admins
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/integrate-office-365-ti-with-wdatp https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/integrate-office-365-ti-with-wdatp.md
@@ -1,7 +1,7 @@
--- title: Use Microsoft Defender for Office 365 together with Microsoft Defender for Endpoint
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
keywords: integrate, Microsoft Defender, ATP ms.author: deniseb author: denisebmsft
@@ -9,15 +9,17 @@ manager: dansimp
ms.date: 09/29/2020 audience: ITPro ms.topic: article
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150-- MOE150
+search.appverid:
+ - MET150
+ - MOE150
ms.collection: -- M365-security-compliance
+ - M365-security-compliance
description: Use Microsoft Defender for Office 365 together with Microsoft Defender for Endpoint to get more detailed information about threats against your devices and email content. ms.custom: seo-marvel-apr2020
+ms.technology: mdo
+ms.prod: m365-security
--- # Use Microsoft Defender for Office 365 together with Microsoft Defender for Endpoint
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/investigate-malicious-email-that-was-delivered https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/investigate-malicious-email-that-was-delivered.md
@@ -1,24 +1,26 @@
--- title: Investigate malicious email that was delivered in Office 365, Find and investigate malicious email keywords: TIMailData-Inline, Security Incident, incident, ATP PowerShell, email malware, compromised users, email phish, email malware, read email headers, read headers, open email headers,special actions
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: tracyp author: msfttracyp manager: dansimp ms.date: 12/16/2020 audience: ITPro ms.topic: article
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150-- MOE150
+search.appverid:
+ - MET150
+ - MOE150
ms.assetid: 8f54cd33-4af7-4d1b-b800-68f8818e5b2a ms.collection: -- M365-security-compliance
-description: "Learn how to use threat investigation and response capabilities to find and investigate malicious email."
+ - M365-security-compliance
+description: Learn how to use threat investigation and response capabilities to find and investigate malicious email.
ms.custom: seo-marvel-apr2020
+ms.technology: mdo
+ms.prod: m365-security
--- # Investigate malicious email that was delivered in Office 365
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/isolated-sharepoint-online-team-site-dev-test-environment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/isolated-sharepoint-online-team-site-dev-test-environment.md
@@ -1,21 +1,23 @@
---
-title: "Isolated SharePoint Online team site dev/test environment"
-f1.keywords:
-- NOCSH
+title: Isolated SharePoint Online team site dev/test environment
+f1.keywords:
+ - NOCSH
ms.author: josephd author: JoeDavies-MSFT manager: laurawi ms.date: 12/15/2017 audience: ITPro ms.topic: article
-ms.service: O365-seccomp
+ localization_priority: Normal ms.collection: Ent_O365
-ms.custom:
-- TLG-- Ent_TLGs
+ms.custom:
+ - TLG
+ - Ent_TLGs
ms.assetid: d1795031-beef-49ea-a6fc-5da5450d320d description: "Summary: Configure a SharePoint Online team site that is isolated from the rest of the organization in your Microsoft 365 dev/test environment."
+ms.technology: mdo
+ms.prod: m365-security
--- # Isolated SharePoint Online team site dev/test environment
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/isolated-sharepoint-online-team-sites https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/isolated-sharepoint-online-team-sites.md
@@ -1,23 +1,25 @@
---
-title: "Isolated SharePoint Online team sites"
-f1.keywords:
-- NOCSH
+title: Isolated SharePoint Online team sites
+f1.keywords:
+ - NOCSH
ms.author: josephd author: JoeDavies-MSFT manager: laurawi ms.date: 12/15/2017 audience: ITPro ms.topic: overview
-ms.service: O365-seccomp
+ localization_priority: Priority ms.collection: -- Ent_O365-- Strat_O365_Enterprise
-ms.custom:
-- Ent_Solutions-- seo-marvel-apr2020
+ - Ent_O365
+ - Strat_O365_Enterprise
+ms.custom:
+ - Ent_Solutions
+ - seo-marvel-apr2020
ms.assetid: 71250a04-fd2d-4c3c-a32b-b8a838b19a54 description: Learn about isolated SharePoint Online team sites, including uses, requirements, and features they can be used with.
+ms.technology: mdo
+ms.prod: m365-security
--- # Isolated SharePoint Online team sites
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/junk-email-reporting-add-in-for-microsoft-outlook https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/junk-email-reporting-add-in-for-microsoft-outlook.md
@@ -1,19 +1,21 @@
---
-title: "Install and use the Junk Email Reporting add-in for Microsoft Outlook"
-f1.keywords:
-- NOCSH
+title: Install and use the Junk Email Reporting add-in for Microsoft Outlook
+f1.keywords:
+ - NOCSH
ms.author: siosulli author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: how-to
-ms.service: O365-seccomp
+ localization_priority: Normal ms.assetid: 4650fec1-4ee3-4659-abbc-bf091718cb26
-ms.collection:
-- M365-security-compliance
-description: "Learn how to install and use the Microsoft Junk Email Reporting add-in to report spam, non-spam, and phishing messages to Microsoft."
+ms.collection:
+ - M365-security-compliance
+description: Learn how to install and use the Microsoft Junk Email Reporting add-in to report spam, non-spam, and phishing messages to Microsoft.
+ms.technology: mdo
+ms.prod: m365-security
--- # Install and use the Junk Email Reporting add-in for Microsoft Outlook
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/learn-about-spoof-intelligence https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/learn-about-spoof-intelligence.md
@@ -1,24 +1,26 @@
---
-title: "Configure spoof intelligence"
-f1.keywords:
-- NOCSH
+title: Configure spoof intelligence
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: Admin ms.topic: how-to
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MOE150-- MET150
+search.appverid:
+ - MOE150
+ - MET150
ms.assetid: 978c3173-3578-4286-aaf4-8a10951978bf
-ms.collection:
-- M365-security-compliance
-ms.custom:
-- seo-marvel-apr2020
-description: "Admins can learn about spoof intelligence in Exchange Online Protection (EOP), where you can allow or block specific spoofed senders."
+ms.collection:
+ - M365-security-compliance
+ms.custom:
+ - seo-marvel-apr2020
+description: Admins can learn about spoof intelligence in Exchange Online Protection (EOP), where you can allow or block specific spoofed senders.
+ms.technology: mdo
+ms.prod: m365-security
--- # Configure spoof intelligence in EOP
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/mail-flow-in-eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mail-flow-in-eop.md
@@ -1,19 +1,21 @@
---
-title: "Mail flow in EOP"
-f1.keywords:
-- NOCSH
+title: Mail flow in EOP
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: overview
-ms.service: O365-seccomp
+ localization_priority: Normal ms.assetid: e109077e-cc85-4c19-ae40-d218ac7d0548
-ms.custom:
-- seo-marvel-apr2020
-description: "Admin can learn about the options for configuring mail flow and routing in Exchange Online Protection (EOP)."
+ms.custom:
+ - seo-marvel-apr2020
+description: Admin can learn about the options for configuring mail flow and routing in Exchange Online Protection (EOP).
+ms.technology: mdo
+ms.prod: m365-security
--- # Mail flow in EOP
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/mail-flow-insights-v2 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mail-flow-insights-v2.md
@@ -1,17 +1,19 @@
---
-title: "Mail flow insights in the Mail flow dashboard"
-f1.keywords:
-- NOCSH
+title: Mail flow insights in the Mail flow dashboard
+f1.keywords:
+ - NOCSH
ms.author: siosulli author: chrisda manager: dansimp audience: ITPro ms.topic: overview
-ms.service: O365-seccomp
+ localization_priority: Normal ms.assetid: beb6acaa-6016-4d54-ba7e-3d6d035e2b46
-description: "Admins can learn about the insights and reports that are available in the Mail flow dashboard in the Security & Compliance Center."
+description: Admins can learn about the insights and reports that are available in the Mail flow dashboard in the Security & Compliance Center.
ms.custom: seo-marvel-apr2020
+ms.technology: mdo
+ms.prod: m365-security
--- # Mail flow insights in the Security & Compliance Center
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/mail-flow-intelligence-in-office-365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mail-flow-intelligence-in-office-365.md
@@ -1,18 +1,20 @@
---
-title: "Mail flow intelligence"
-f1.keywords:
-- NOCSH
+title: Mail flow intelligence
+f1.keywords:
+ - NOCSH
ms.author: siosulli author: chrisda manager: dansimp audience: ITPro ms.topic: troubleshooting
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150
+search.appverid:
+ - MET150
ms.assetid: c29f75e5-c16e-409e-a123-430691e38276
-description: "Admins can learn about the error codes that are associated with message delivery using connectors (also known as mail flow intelligence)."
+description: Admins can learn about the error codes that are associated with message delivery using connectors (also known as mail flow intelligence).
+ms.technology: mdo
+ms.prod: m365-security
--- # Mail flow intelligence in EOP
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/mail-flow-rules-transport-rules-0 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mail-flow-rules-transport-rules-0.md
@@ -1,17 +1,19 @@
--- title: Mail flow rules in EOP
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: conceptual
-ms.service: O365-seccomp
+ localization_priority: Normal ms.assetid: 9c2cf227-eff7-48ef-87fb-487186e47363
-description: "You can use mail flow rules (transport rules) to identify and take action on messages that flow through your organization."
+description: You can use mail flow rules (transport rules) to identify and take action on messages that flow through your organization.
+ms.technology: mdo
+ms.prod: m365-security
--- # Mail flow rules (transport rules) in standalone EOP
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/manage-admin-role-group-permissions-in-eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/manage-admin-role-group-permissions-in-eop.md
@@ -1,17 +1,19 @@
---
-title: "Manage role groups in EOP"
-f1.keywords:
-- NOCSH
+title: Manage role groups in EOP
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: how-to
-ms.service: O365-seccomp
+ localization_priority: Normal ms.assetid: 125834f4-1024-4325-ad5a-d2573cfb005e
-description: "Admins can learn how to assign or remove permissions in the Exchange admin center (EAC) in Exchange Online Protection."
+description: Admins can learn how to assign or remove permissions in the Exchange admin center (EAC) in Exchange Online Protection.
+ms.technology: mdo
+ms.prod: m365-security
--- # Manage role groups in standalone EOP
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/manage-an-isolated-sharepoint-online-team-site https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/manage-an-isolated-sharepoint-online-team-site.md
@@ -1,21 +1,23 @@
---
-title: "Manage an isolated SharePoint Online team site"
-f1.keywords:
-- NOCSH
+title: Manage an isolated SharePoint Online team site
+f1.keywords:
+ - NOCSH
ms.author: josephd author: JoeDavies-MSFT manager: laurawi ms.date: 12/15/2017 audience: ITPro ms.topic: article
-ms.service: O365-seccomp
+ localization_priority: Normal ms.collection: Ent_O365 ms.custom:
- - Ent_Solutions
- - seo-marvel-apr2020
+ - Ent_Solutions
+ - seo-marvel-apr2020
ms.assetid: 79a61003-4905-4ba8-9e8a-16def7add37c description: Manage an isolated SharePoint Online team site, add new users and groups, remove users and groups, and create a documents subfolder with custom permissions.
+ms.technology: mdo
+ms.prod: m365-security
--- # Manage an isolated SharePoint Online team site
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/manage-groups-in-eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/manage-groups-in-eop.md
@@ -1,19 +1,21 @@
---
-title: "Manage groups in EOP"
-f1.keywords:
-- NOCSH
+title: Manage groups in EOP
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: how-to
-ms.service: O365-seccomp
+ localization_priority: Normal ms.assetid: 212e68ac-6330-47e9-a169-6cf5e2f21e13
-ms.custom:
-- seo-marvel-apr2020
-description: "Admins in standalone Exchange Online Protection (EOP) organizations can learn how to create, modify, and remove distribution groups and mail-enabled security groups in the Exchange admin center (EAC) and in standalone Exchange Online Protection (EOP) PowerShell."
+ms.custom:
+ - seo-marvel-apr2020
+description: Admins in standalone Exchange Online Protection (EOP) organizations can learn how to create, modify, and remove distribution groups and mail-enabled security groups in the Exchange admin center (EAC) and in standalone Exchange Online Protection (EOP) PowerShell.
+ms.technology: mdo
+ms.prod: m365-security
--- # Manage groups in EOP
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/manage-mail-users-in-eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/manage-mail-users-in-eop.md
@@ -1,18 +1,20 @@
---
-title: "Manage mail users in standalone EOP"
-f1.keywords:
-- NOCSH
+title: Manage mail users in standalone EOP
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: how-to
-ms.service: O365-seccomp
+ localization_priority: Normal ms.assetid: 4bfaf2ab-e633-4227-8bde-effefb41a3db description: Learn about how to manage mail users in Exchange Online Protection (EOP), including using directory synchronization, EAC, and PowerShell to manage users. ms.custom: seo-marvel-apr2020
+ms.technology: mdo
+ms.prod: m365-security
--- # Manage mail users in standalone EOP
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/manage-quarantined-messages-and-files https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/manage-quarantined-messages-and-files.md
@@ -3,21 +3,23 @@ title: Manage quarantined messages and files as an admin
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: Admin ms.topic: how-to
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MOE150-- MED150-- MET150
+search.appverid:
+ - MOE150
+ - MED150
+ - MET150
ms.assetid: 065cc2cf-2f3a-47fd-a434-2a20b8f51d0c
-ms.collection:
-- M365-security-compliance
-ms.custom:
-- seo-marvel-apr2020
-description: "Admins can learn how to view and manage quarantined messages for all users in Exchange Online Protection (EOP). Admins in organizations with Microsoft Defender for Office 365 can also manage quarantined files in SharePoint Online, OneDrive for Business, and Microsoft Teams."
+ms.collection:
+ - M365-security-compliance
+ms.custom:
+ - seo-marvel-apr2020
+description: Admins can learn how to view and manage quarantined messages for all users in Exchange Online Protection (EOP). Admins in organizations with Microsoft Defender for Office 365 can also manage quarantined files in SharePoint Online, OneDrive for Business, and Microsoft Teams.
+ms.technology: mdo
+ms.prod: m365-security
--- # Manage quarantined messages and files as an admin in EOP
@@ -54,7 +56,7 @@ You view and manage quarantined messages in the Security & Compliance Center or
- Quarantined messages are retained for a default period of time before they're automatically deleted: - 30 days for messages quarantined by anti-spam policies (spam, phishing, and bulk email). This is the default and maximum value. To configure (lower) this value, see [Configure anti-spam policies](configure-your-spam-filter-policies.md). - 15 days for messages that contain malware.
- - 15 days for files quarantined by ATP for SharePoint, OneDrive, and Microsoft Teams in Defender for Office 365.
+ - 15 days for files quarantined by Safe Attachments for SharePoint, OneDrive, and Microsoft Teams in Defender for Office 365.
When a message expires from quarantine, you can't recover it.
@@ -219,7 +221,7 @@ When you're finished, click **Close**.
> [!NOTE] > The procedures for quarantined files in this section are available only to Microsoft Defender for Office 365 Plan 1 and Plan 2 subscribers.
-In organizations with Defender for Office 365, admins can manage quarantined files in SharePoint Online, OneDrive for Business, and Microsoft Teams. To enable protection for these files, see [Turn on ATP for SharePoint, OneDrive, and Microsoft Teams](turn-on-atp-for-spo-odb-and-teams.md).
+In organizations with Defender for Office 365, admins can manage quarantined files in SharePoint Online, OneDrive for Business, and Microsoft Teams. To enable protection for these files, see [Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](turn-on-atp-for-spo-odb-and-teams.md).
### View quarantined files
@@ -297,6 +299,6 @@ The cmdlets you use to view and manages messages and files in quarantine are:
- [Get-QuarantineMessage](https://docs.microsoft.com/powershell/module/exchange/get-quarantinemessage) -- [Preview-QuarantineMessage](https://docs.microsoft.com/powershell/module/exchange/preview-quarantinemessage): Note that this cmdlet is only for messages, not malware files from ATP for SharePoint Online, OneDrive for Business, or Teams.
+- [Preview-QuarantineMessage](https://docs.microsoft.com/powershell/module/exchange/preview-quarantinemessage): Note that this cmdlet is only for messages, not malware files from Safe Attachments for SharePoint, OneDrive, and Microsoft Teams.
- [Release-QuarantineMessage](https://docs.microsoft.com/powershell/module/exchange/release-quarantinemessage)
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/manage-recipients-in-eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/manage-recipients-in-eop.md
@@ -1,19 +1,21 @@
---
-title: "Manage recipients in standalone EOP"
-f1.keywords:
-- NOCSH
+title: Manage recipients in standalone EOP
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: overview
-ms.service: O365-seccomp
+ localization_priority: Normal ms.assetid: 2921f544-8257-4bae-8e3a-ce9250e9f162
-ms.custom:
-- seo-marvel-apr2020
-description: "Admins can learn about the different types of recipient objects in standalone Exchange Online Protection (EOP)."
+ms.custom:
+ - seo-marvel-apr2020
+description: Admins can learn about the different types of recipient objects in standalone Exchange Online Protection (EOP).
+ms.technology: mdo
+ms.prod: m365-security
--- # Manage recipients in standalone EOP
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/message-trace-scc https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/message-trace-scc.md
@@ -1,18 +1,20 @@
---
-title: "Message trace in the Security & Compliance Center"
-f1.keywords:
-- NOCSH
+title: Message trace in the Security & Compliance Center
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp audience: ITPro ms.topic: how-to
-ms.service: O365-seccomp
+ localization_priority: Normal ms.assetid: 3e64f99d-ac33-4aba-91c5-9cb4ca476803
-ms.custom:
-- seo-marvel-apr2020
-description: "Admins can use message trace in the Security & Compliance Center to find out what happened to messages."
+ms.custom:
+ - seo-marvel-apr2020
+description: Admins can use message trace in the Security & Compliance Center to find out what happened to messages.
+ms.technology: mdo
+ms.prod: m365-security
--- # Message trace in the Security & Compliance Center
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/mfi-auto-forwarded-messages-report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-auto-forwarded-messages-report.md
@@ -1,16 +1,18 @@
---
-title: "Auto-forwarded messages insight"
-f1.keywords:
-- NOCSH
+title: Auto-forwarded messages insight
+f1.keywords:
+ - NOCSH
ms.author: siosulli author: chrisda manager: dansimp audience: ITPro ms.topic: conceptual
-ms.service: O365-seccomp
+ localization_priority: Normal ms.assetid: b5543faa-44fa-44c5-8180-fb835e7e452d
-description: "Admins can learn about the Auto-forwarded messages report in the Mail flow dashboard in the Security & Compliance Center."
+description: Admins can learn about the Auto-forwarded messages report in the Mail flow dashboard in the Security & Compliance Center.
+ms.technology: mdo
+ms.prod: m365-security
--- # Auto-forwarded messages insight in the Security & Compliance Center
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/mfi-domain-mail-flow-status-insight https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-domain-mail-flow-status-insight.md
@@ -1,18 +1,20 @@
---
-title: "Top domain mail flow status insight in the Mail flow dashboard"
-f1.keywords:
-- NOCSH
+title: Top domain mail flow status insight in the Mail flow dashboard
+f1.keywords:
+ - NOCSH
ms.author: siosulli author: chrisda manager: dansimp audience: ITPro ms.topic: conceptual
-ms.service: O365-seccomp
+ localization_priority: Normal ms.assetid:
-ms.custom:
-- seo-marvel-apr2020
-description: "Admins can learn how to use the Top domain mail flow status insight in the Mail flow dashboard in the Security & Compliance Center to troubleshoot mail flow issues related to their MX records."
+ms.custom:
+ - seo-marvel-apr2020
+description: Admins can learn how to use the Top domain mail flow status insight in the Mail flow dashboard in the Security & Compliance Center to troubleshoot mail flow issues related to their MX records.
+ms.technology: mdo
+ms.prod: m365-security
--- # Top domain mail flow status insight in the Security & Compliance Center
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/mfi-mail-flow-map-report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-mail-flow-map-report.md
@@ -1,18 +1,20 @@
---
-title: "Mail flow map"
-f1.keywords:
-- NOCSH
+title: Mail flow map
+f1.keywords:
+ - NOCSH
ms.author: siosulli author: chrisda manager: dansimp audience: ITPro ms.topic: conceptual
-ms.service: O365-seccomp
+ localization_priority: Normal
-ms.assetid:
-ms.custom:
-- seo-marvel-apr2020
-description: "Admins can learn how to use the Mail flow map in the Mail flow dashboard in the Security & Compliance Center to visualize and track how mail flows to and from their organization over connectors and without using connectors."
+ms.assetid:
+ms.custom:
+ - seo-marvel-apr2020
+description: Admins can learn how to use the Mail flow map in the Mail flow dashboard in the Security & Compliance Center to visualize and track how mail flows to and from their organization over connectors and without using connectors.
+ms.technology: mdo
+ms.prod: m365-security
--- # Mail flow map in the Security & Compliance Center
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/mfi-mail-loop-insight https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-mail-loop-insight.md
@@ -1,18 +1,20 @@
---
-title: "Fix possible mail loop insight"
-f1.keywords:
-- NOCSH
+title: Fix possible mail loop insight
+f1.keywords:
+ - NOCSH
ms.author: siosulli author: chrisda manager: dansimp audience: ITPro ms.topic: conceptual
-ms.service: O365-seccomp
+ localization_priority: Normal ms.assetid: cb801985-3c89-4979-9c18-17829a4cb563
-ms.custom:
-- seo-marvel-apr2020
-description: "Admins can learn how to use the Fix possible mail loop insight in the Mail flow dashboard in the Security & Compliance Center to identify and fix mail loops in their organization."
+ms.custom:
+ - seo-marvel-apr2020
+description: Admins can learn how to use the Fix possible mail loop insight in the Mail flow dashboard in the Security & Compliance Center to identify and fix mail loops in their organization.
+ms.technology: mdo
+ms.prod: m365-security
--- # Fix possible mail loop insight in the Security & Compliance Center
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/mfi-new-domains-being-forwarded-email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-new-domains-being-forwarded-email.md
@@ -1,16 +1,17 @@
---
-title: "New domains being forwarded email insight"
-f1.keywords:
-- NOCSH
+title: New domains being forwarded email insight
+f1.keywords:
+ - NOCSH
ms.author: siosulli author: chrisda manager: dansimp audience: ITPro ms.topic: conceptual
-ms.service: exchange-online
localization_priority: Normal
-ms.assetid:
-description: "Admins can learn how to use the New domains being forwarded email insight in the Mail flow dashboard in the Security & Compliance Center to investigate when their users are forwarding messages to external domains that have never been been forwarded to."
+ms.assetid:
+description: Admins can learn how to use the New domains being forwarded email insight in the Mail flow dashboard in the Security & Compliance Center to investigate when their users are forwarding messages to external domains that have never been been forwarded to.
+ms.technology: mdo
+ms.prod: m365-security
--- # New domains being forwarded email insight in the Security & Compliance Center
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/mfi-new-users-forwarding-email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-new-users-forwarding-email.md
@@ -1,16 +1,17 @@
---
-title: "New users forwarding email insight"
-f1.keywords:
-- NOCSH
+title: New users forwarding email insight
+f1.keywords:
+ - NOCSH
ms.author: siosulli author: chrisda manager: dansimp audience: ITPro ms.topic: conceptual
-ms.service: exchange-online
localization_priority: Normal
-ms.assetid:
-description: "Admins can learn how to use the New users forwarding email insight in the Security & Compliance Center to investigate when users in their organization are forwarding messages to new domains."
+ms.assetid:
+description: Admins can learn how to use the New users forwarding email insight in the Security & Compliance Center to investigate when users in their organization are forwarding messages to new domains.
+ms.technology: mdo
+ms.prod: m365-security
--- # New users forwarding email insight in the Security & Compliance Center
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/mfi-non-accepted-domain-report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-non-accepted-domain-report.md
@@ -1,18 +1,20 @@
---
-title: "Non-accepted domain report in the Mail flow dashboard"
-f1.keywords:
-- NOCSH
+title: Non-accepted domain report in the Mail flow dashboard
+f1.keywords:
+ - NOCSH
ms.author: siosulli author: chrisda manager: dansimp audience: ITPro ms.topic: conceptual
-ms.service: O365-seccomp
+ localization_priority: Normal
-ms.assetid:
-ms.custom:
-- seo-marvel-apr2020
-description: "Admins can learn how to use the Non-accepted domain report in the Mail flow dashboard in the Security & Compliance Center to monitor messages from your on-premises organization where the sender's domain isn't configured in Microsoft 365."
+ms.assetid:
+ms.custom:
+ - seo-marvel-apr2020
+description: Admins can learn how to use the Non-accepted domain report in the Mail flow dashboard in the Security & Compliance Center to monitor messages from your on-premises organization where the sender's domain isn't configured in Microsoft 365.
+ms.technology: mdo
+ms.prod: m365-security
--- # Non-accepted domain report in the Security & Compliance Center
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/mfi-non-delivery-report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-non-delivery-report.md
@@ -1,18 +1,20 @@
---
-title: "Non-delivery report in the Mail flow dashboard"
-f1.keywords:
-- NOCSH
+title: Non-delivery report in the Mail flow dashboard
+f1.keywords:
+ - NOCSH
ms.author: siosulli author: chrisda manager: dansimp audience: ITPro ms.topic: conceptual
-ms.service: O365-seccomp
+ localization_priority: Normal
-ms.assetid:
-ms.custom:
-- seo-marvel-apr2020
-description: "Admins can learn how to use the Non-delivery details report in the Mail flow dashboard in the Security & Compliance Center to monitor the most frequently encountered error codes in non-delivery reports (also known as NDRs or bounce messages) from senders in your organization."
+ms.assetid:
+ms.custom:
+ - seo-marvel-apr2020
+description: Admins can learn how to use the Non-delivery details report in the Mail flow dashboard in the Security & Compliance Center to monitor the most frequently encountered error codes in non-delivery reports (also known as NDRs or bounce messages) from senders in your organization.
+ms.technology: mdo
+ms.prod: m365-security
--- # Non-delivery report in the Security & Compliance Center
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/mfi-outbound-and-inbound-mail-flow https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-outbound-and-inbound-mail-flow.md
@@ -1,17 +1,19 @@
---
-title: "Outbound and inbound mail flow insight in the Mail flow dashboard"
-f1.keywords:
-- NOCSH
+title: Outbound and inbound mail flow insight in the Mail flow dashboard
+f1.keywords:
+ - NOCSH
ms.author: siosulli author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: conceptual
-ms.service: O365-seccomp
+ localization_priority: Normal ms.assetid: f2738dec-41b0-43c4-b814-84c0a4e45c6d
-description: "Admins can learn about the Outbound and inbound mail flow insight in the Mail flow dashboard in the Security & Compliance Center."
+description: Admins can learn about the Outbound and inbound mail flow insight in the Mail flow dashboard in the Security & Compliance Center.
+ms.technology: mdo
+ms.prod: m365-security
--- # Outbound and inbound mail flow insight in the Security & Compliance Center
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/mfi-queue-alerts-and-queues https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-queue-alerts-and-queues.md
@@ -1,16 +1,18 @@
---
-title: "Queues insight in the Mail flow dashboard"
-f1.keywords:
-- NOCSH
+title: Queues insight in the Mail flow dashboard
+f1.keywords:
+ - NOCSH
ms.author: siosulli author: chrisda manager: dansimp audience: ITPro ms.topic: conceptual
-ms.service: O365-seccomp
+ localization_priority: Normal ms.assetid: 37640c80-ce6f-47e2-afd1-bc1d3c50e637
-description: "Admins can learn how to use the Queues widget in the Mail flow dashboard in the Security & Compliance Center to monitor unsuccessful mail flow to their on-premises or partner organizations over outbound connectors."
+description: Admins can learn how to use the Queues widget in the Mail flow dashboard in the Security & Compliance Center to monitor unsuccessful mail flow to their on-premises or partner organizations over outbound connectors.
+ms.technology: mdo
+ms.prod: m365-security
--- # Queues insight in the Security & Compliance Center
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/mfi-slow-mail-flow-rules-insight https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-slow-mail-flow-rules-insight.md
@@ -1,19 +1,21 @@
---
-title: "Fix slow mail flow rules insight"
-f1.keywords:
-- NOCSH
+title: Fix slow mail flow rules insight
+f1.keywords:
+ - NOCSH
ms.author: siosulli author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: conceptual
-ms.service: O365-seccomp
+ localization_priority: Normal ms.assetid: 37125cdb-715d-42d0-b669-1a8efa140813
-ms.custom:
-- seo-marvel-apr2020
-description: "Admins can learn how to use the Fix slow mail flow rules insight in the Security & Compliance Center to identify and fix inefficient or broken mail flow rules (also known as transport rules) in their organization."
+ms.custom:
+ - seo-marvel-apr2020
+description: Admins can learn how to use the Fix slow mail flow rules insight in the Security & Compliance Center to identify and fix inefficient or broken mail flow rules (also known as transport rules) in their organization.
+ms.technology: mdo
+ms.prod: m365-security
--- # Fix slow mail flow rules insight in the Security & Compliance Center
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/mfi-smtp-auth-clients-report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mfi-smtp-auth-clients-report.md
@@ -1,18 +1,20 @@
---
-title: "SMTP Auth clients insight and report in the Mail flow dashboard"
-f1.keywords:
-- NOCSH
+title: SMTP Auth clients insight and report in the Mail flow dashboard
+f1.keywords:
+ - NOCSH
ms.author: siosulli author: chrisda manager: dansimp audience: ITPro ms.topic: conceptual
-ms.service: O365-seccomp
+ localization_priority: Normal
-ms.assetid:
-ms.custom:
-- seo-marvel-apr2020
-description: "Admins can learn how to use the SMTP Auth insight and report in the Mail flow dashboard in the Security & Compliance Center to monitor email senders in their organization that use authenticated SMTP (SMTP AUTH) to send email messages."
+ms.assetid:
+ms.custom:
+ - seo-marvel-apr2020
+description: Admins can learn how to use the SMTP Auth insight and report in the Mail flow dashboard in the Security & Compliance Center to monitor email senders in their organization that use authenticated SMTP (SMTP AUTH) to send email messages.
+ms.technology: mdo
+ms.prod: m365-security
--- # SMTP Auth clients insight and report in the Security & Compliance Center
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/microsoft-365-policies-configurations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/microsoft-365-policies-configurations.md
@@ -1,24 +1,24 @@
--- title: Identity and device access configurations - Microsoft 365 for enterprise
-description: Describes Microsoft recommendations and core concepts for deploying secure email, docs, and apps policies and configurations.
+description: Describes Microsoft recommendations and core concepts for deploying secure email, docs, and apps policies and configurations.
ms.author: josephd author: JoeDavies-MSFT manager: laurawi
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
ms.topic: article ms.date: 09/29/2020
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.reviewer: martincoetzer ms.custom: -- it-pro-- goldenconfig
+ - it-pro
+ - goldenconfig
ms.collection: -- M365-identity-device-management-- M365-security-compliance-- m365solution-identitydevice-- m365solution-overview-
+ - M365-identity-device-management
+ - M365-security-compliance
+ - m365solution-identitydevice
+ - m365solution-overview
+ms.technology: mdo
--- # Identity and device access configurations
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/microsoft-security-guidance-for-political-campaigns-nonprofits-and-other-agile-o https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/microsoft-security-guidance-for-political-campaigns-nonprofits-and-other-agile-o.md
@@ -1,26 +1,28 @@
--- title: Microsoft Security Guidance - Political campaigns & nonprofits
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: bcarter author: brendacarter manager: laurawi ms.date: 12/15/2017 audience: ITPro ms.topic: overview
-ms.collection:
-- Ent_O365-- Strat_O365_Enterprise-- M365-security-compliance
-ms.service: O365-seccomp
+ms.collection:
+ - Ent_O365
+ - Strat_O365_Enterprise
+ - M365-security-compliance
+ localization_priority: Priority
-search.appverid:
-- MET150
-ms.custom:
- - Strat_O365_Enterprise
- - seo-marvel-apr2020
+search.appverid:
+ - MET150
+ms.custom:
+ - Strat_O365_Enterprise
+ - seo-marvel-apr2020
ms.assetid: 10d1004b-42b6-4e2b-aaa2-18ddd9118f64 description: "Summary: Planning and implementation guidance for fast-moving organizations that have an increased threat profile."
+ms.technology: mdo
+ms.prod: m365-security
--- # Microsoft Security Guidance for Political Campaigns, Nonprofits, and Other Agile Organizations
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/monitor-for-leaks-of-personal-data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/monitor-for-leaks-of-personal-data.md
@@ -1,23 +1,25 @@
---
-title: "Monitor for leaks of personal data"
-f1.keywords:
-- NOCSH
+title: Monitor for leaks of personal data
+f1.keywords:
+ - NOCSH
ms.author: bcarter author: brendacarter manager: laurawi ms.date: 02/07/2018 audience: ITPro ms.topic: overview
-ms.collection:
-- Strat_O365_Enterprise-- Ent_O365-- GDPR-- M365-security-compliance
-ms.service: O365-seccomp
+ms.collection:
+ - Strat_O365_Enterprise
+ - Ent_O365
+ - GDPR
+ - M365-security-compliance
+ localization_priority: Priority
-search.appverid:
-- MET150
-description: "Learn about three tools you can use to monitor for leaks of personal data."
+search.appverid:
+ - MET150
+description: Learn about three tools you can use to monitor for leaks of personal data.
+ms.technology: mdo
+ms.prod: m365-security
--- # Monitor for leaks of personal data
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/move-domains-and-settings-from-one-eop-organization-to-another-eop-organization https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/move-domains-and-settings-from-one-eop-organization-to-another-eop-organization.md
@@ -1,19 +1,21 @@
--- title: Move domains & settings from one EOP organization to another
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: how-to
-ms.service: O365-seccomp
+ localization_priority: Normal ms.assetid: 9d64867b-ebdb-4323-8e30-4560d76b4c97
-ms.custom:
-- seo-marvel-apr2020
-description: "In this article, you'll learn how to move domains and settings from one Microsoft Exchange Online Protection (EOP) organization (tenant) to another."
+ms.custom:
+ - seo-marvel-apr2020
+description: In this article, you'll learn how to move domains and settings from one Microsoft Exchange Online Protection (EOP) organization (tenant) to another.
+ms.technology: mdo
+ms.prod: m365-security
--- # Move domains and settings from one EOP organization to another
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/office-365-air https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/office-365-air.md
@@ -1,26 +1,28 @@
---
-title: "Automated investigation and response in Microsoft Defender for Office 365"
+title: Automated investigation and response in Microsoft Defender for Office 365
keywords: AIR, autoIR, ATP, automated, investigation, response, remediation, threats, advanced, threat, protection
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: deniseb author: denisebmsft manager: dansimp audience: ITPro ms.topic: article
-ms.date: 11/05/2020
-ms.service: O365-seccomp
+ms.date: 01/21/2021
+ localization_priority: Normal
-search.appverid:
-- MET150-- MOE150
+search.appverid:
+ - MET150
+ - MOE150
ms.collection: -- M365-security-compliance-- m365initiative-defender-office365
-description: "Get started using automated investigation and response capabilities in Microsoft Defender for Office 365."
+ - M365-security-compliance
+ - m365initiative-defender-office365
+description: Get started using automated investigation and response capabilities in Microsoft Defender for Office 365.
ms.custom: -- air-- seo-marvel-mar2020
+ - air
+ - seo-marvel-mar2020
+ms.technology: mdo
+ms.prod: m365-security
--- # Automated investigation and response (AIR) in Microsoft Defender for Office 365
@@ -89,7 +91,7 @@ AIR capabilities are included in [Microsoft Defender for Office 365](office-365-
5. [Safe Links and Safe Attachments](protect-against-threats.md#part-4---protection-from-malicious-urls-and-files-safe-links-and-safe-attachments-in-defender-for-office-365).
-6. [Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](protect-against-threats.md#part-5---verify-atp-for-sharepoint-onedrive-and-microsoft-teams-is-turned-on).
+6. [Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](protect-against-threats.md#part-5---verify-safe-attachments-for-sharepoint-onedrive-and-microsoft-teams-is-turned-on).
7. [Zero-hour auto purge for email](protect-against-threats.md#zero-hour-auto-purge-for-email-in-eop).
@@ -100,7 +102,7 @@ In addition, make sure to [review your organization's alert policies](https://do
Microsoft 365 provides many built-in alert policies that help identify Exchange admin permissions abuse, malware activity, potential external and internal threats, and information governance risks. Several of the [default alert policies](https://docs.microsoft.com/microsoft-365/compliance/alert-policies#default-alert-policies) can trigger automated investigations. The following table describes the alerts that trigger automated investigations, their severity in the Microsoft 365 security center, and how they're generated: |Alert|Severity|How the alert is generated|
-|---|---|---|
+|:---|:---|:---|
|A potentially malicious URL click was detected|**High**|This alert is generated when any of the following occurs: <ul><li>A user protected by [Safe Links](atp-safe-links.md) in your organization clicks a malicious link</li><li>Verdict changes for URLs are identified by Microsoft Defender for Office 365</li><li>Users override Safe Links warning pages (based on your organization's [Safe Links policy](set-up-atp-safe-links-policies.md)).</li></ul> <p> For more information on events that trigger this alert, see [Set up Safe Links policies](set-up-atp-safe-links-policies.md).| |An email message is reported by a user as malware or phish|**Informational**|This alert is generated when users in your organization report messages as phishing email using the [Report Message add-in](enable-the-report-message-add-in.md) or the [Report Phishing add-in](enable-the-report-phish-add-in.md).| |Email messages containing malware are removed after delivery|**Informational**|This alert is generated when any email messages containing malware are delivered to mailboxes in your organization. If this event occurs, Microsoft removes the infected messages from Exchange Online mailboxes using [Zero-hour auto purge](zero-hour-auto-purge.md).|
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/office-365-atp https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/office-365-atp.md
@@ -1,25 +1,27 @@
---
-title: "Microsoft Defender for Office 365"
-f1.keywords:
-- CSH
+title: Microsoft Defender for Office 365
+f1.keywords:
+ - CSH
ms.author: tracyp author: msfttracyp manager: dansimp
-ms.date:
+ms.date:
audience: Admin ms.topic: conceptual
-ms.service: O365-seccomp
+ localization_priority: Priority
-search.appverid:
-- MET150-- MOE150
+search.appverid:
+ - MET150
+ - MOE150
ms.assetid: e100fe7c-f2a1-4b7d-9e08-622330b83653 ms.collection: -- M365-security-compliance-- m365initiative-defender-office365
-ms.custom:
-- seo-marvel-apr2020
-description: "Microsoft Defender for Office 365 includes safe attachments, safe links, advanced anti-phishing tools, reporting tools and threat intelligence capabilities."
+ - M365-security-compliance
+ - m365initiative-defender-office365
+ms.custom:
+ - seo-marvel-apr2020
+description: Microsoft Defender for Office 365 includes safe attachments, safe links, advanced anti-phishing tools, reporting tools and threat intelligence capabilities.
+ms.technology: mdo
+ms.prod: m365-security
--- # Microsoft Defender for Office 365
@@ -71,7 +73,7 @@ The following table summarizes what's included in each plan.
|Microsoft Defender for Office 365 Plan 1|Microsoft Defender for Office 365 Plan 2| |---|---|
-|Configuration, protection, and detection capabilities: <ul><li>[Safe Attachments](atp-safe-attachments.md)</li><li>[Safe Links](atp-safe-links.md)</li><li>[ATP for SharePoint, OneDrive, and Microsoft Teams](atp-for-spo-odb-and-teams.md)</li><li>[Anti-phishing in Defender for Office 365 protection](set-up-anti-phishing-policies.md#exclusive-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365)</li><li>[Real-time detections](threat-explorer.md)</li></ul>|Microsoft Defender for Office 365 Plan 1 capabilities <br>--- plus ---<br> Automation, investigation, remediation, and education capabilities:<ul><li>[Threat Trackers](threat-trackers.md)</li><li>[Threat Explorer](threat-explorer.md)</li><li>[Automated investigation and response](office-365-air.md)</li><li>[Attack Simulator](attack-simulator.md)</li><li>[Campaign Views](campaigns.md)</li></ul>|
+|Configuration, protection, and detection capabilities: <ul><li>[Safe Attachments](atp-safe-attachments.md)</li><li>[Safe Links](atp-safe-links.md)</li><li>[Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](atp-for-spo-odb-and-teams.md)</li><li>[Anti-phishing in Defender for Office 365 protection](set-up-anti-phishing-policies.md#exclusive-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365)</li><li>[Real-time detections](threat-explorer.md)</li></ul>|Microsoft Defender for Office 365 Plan 1 capabilities <br>--- plus ---<br> Automation, investigation, remediation, and education capabilities:<ul><li>[Threat Trackers](threat-trackers.md)</li><li>[Threat Explorer](threat-explorer.md)</li><li>[Automated investigation and response](office-365-air.md)</li><li>[Attack Simulator](attack-simulator.md)</li><li>[Campaign Views](campaigns.md)</li></ul>|
| - Microsoft Defender for Office 365 Plan 2 is included in Office 365 E5, Office 365 A5, Microsoft 365 E5 Security, and Microsoft 365 E5.
@@ -99,7 +101,7 @@ The policies that are defined for your organization determine the behavior and p
- **[Safe Links](atp-safe-links.md)**: Provides time-of-click verification of URLs, for example, in emails messages and Office files. Protection is ongoing and applies across your messaging and Office environment. Links are scanned for each click: safe links remain accessible and malicious links are dynamically blocked. To learn more, see [Set up Safe Links policies](set-up-atp-safe-links-policies.md). -- **[ATP for SharePoint, OneDrive, and Microsoft Teams](atp-for-spo-odb-and-teams.md)**: Protects your organization when users collaborate and share files, by identifying and blocking malicious files in team sites and document libraries. To learn more, see [Turn on Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams](turn-on-atp-for-spo-odb-and-teams.md).
+- **[Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](atp-for-spo-odb-and-teams.md)**: Protects your organization when users collaborate and share files, by identifying and blocking malicious files in team sites and document libraries. To learn more, see [Turn on Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams](turn-on-atp-for-spo-odb-and-teams.md).
- **[Anti-phishing protection in Defender for Office 365](set-up-anti-phishing-policies.md#exclusive-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365)**: Detects attempts to impersonate your users and internal or custom domains. It applies machine learning models and advanced impersonation-detection algorithms to avert phishing attacks. To learn more, see [Configure anti-phishing policies in Microsoft Defender for Office 365](configure-atp-anti-phishing-policies.md).
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/office-365-evaluation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/office-365-evaluation.md
@@ -2,21 +2,23 @@
title: Evaluate Microsoft Defender for Office 365 description: Defender for Office 365 in evaluation mode creates Defender for Office 365 email policies that log verdicts, such as malware, but don't act on messages. keywords: evaluate Office 365, Microsoft Defender for Office 365, office 365 evaluation, try office 365, Microsoft Defender, ATP
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: ellevin author: levinec manager: dansimp audience: ITPro ms.topic: article
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150-- MOE150
+search.appverid:
+ - MET150
+ - MOE150
ms.collection: -- M365-security-compliance
+ - M365-security-compliance
ms.custom: seo-marvel-apr2020
+ms.technology: mdo
+ms.prod: m365-security
--- # Evaluate Microsoft Defender for Office 365
@@ -99,7 +101,7 @@ Enhanced filtering for connectors will allow tenants to use anti-spoofing protec
### URLs
-URLs will be detonated during mail flow. If you don't want specific URLs detonated, manage your list of allowed URLs appropriately. See [Manage URLs in the Tenant Allow/Block List](tenant-allow-block-list.md) for details.
+URLs will be detonated during mail flow. If you don't want specific URLs detonated, manage your list of allowed URLs appropriately. See [Manage the Tenant Allow/Block List](tenant-allow-block-list.md) for details.
URL links in the email message bodies won't wrap, to lessen customer impact.
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/office-365-ti https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/office-365-ti.md
@@ -1,25 +1,27 @@
--- title: Threat investigation & response capabilities - Microsoft Defender for Office 365 Plan 2
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: tracyp author: msfttracyp manager: dansimp ms.date: 12/09/2019 audience: Admin ms.topic: overview
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150-- MOE150
+search.appverid:
+ - MET150
+ - MOE150
ms.assetid: 32405da5-bee1-4a4b-82e5-8399df94c512 ms.collection: -- M365-security-compliance-- m365initiative-defender-office365
-ms.custom:
-- seo-marvel-apr2020
-description: "Learn about threat investigation and response capabilities in Microsoft Defender for Office 365 Plan."
+ - M365-security-compliance
+ - m365initiative-defender-office365
+ms.custom:
+ - seo-marvel-apr2020
+description: Learn about threat investigation and response capabilities in Microsoft Defender for Office 365 Plan.
+ms.technology: mdo
+ms.prod: m365-security
--- # Threat investigation and response
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/office365-security-incident-response-overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/office365-security-incident-response-overview.md
@@ -1,23 +1,25 @@
---
-title: "Security Incident Response"
-f1.keywords:
-- NOCSH
+title: Security Incident Response
+f1.keywords:
+ - NOCSH
ms.author: chrfox author: chrfox manager: laurawi ms.date: 04/27/2018 audience: ITPro ms.topic: overview
-ms.collection:
-- o365_security_incident_response-- M365-security-compliance
-ms.service: O365-seccomp
+ms.collection:
+ - o365_security_incident_response
+ - M365-security-compliance
+ localization_priority: Normal
-search.appverid:
-- MET150
-description: "This solution tells you what the most common cybersecurity attacks might look like in Microsoft 365 and how to respond to them"
-ms.custom:
-- seo-marvel-apr2020
+search.appverid:
+ - MET150
+description: This solution tells you what the most common cybersecurity attacks might look like in Microsoft 365 and how to respond to them
+ms.custom:
+ - seo-marvel-apr2020
+ms.technology: mdo
+ms.prod: m365-security
--- # Security Incident Response
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/outbound-spam-controls https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/outbound-spam-controls.md
@@ -1,24 +1,26 @@
---
-title: "Outbound spam protection"
-f1.keywords:
-- NOCSH
+title: Outbound spam protection
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: Admin ms.topic: overview
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150-- MOE150
+search.appverid:
+ - MET150
+ - MOE150
ms.assetid: 6a601501-a6a8-4559-b2e7-56b59c96a586
-ms.collection:
-- M365-security-compliance
-ms.custom:
-- seo-marvel-apr2020
-description: "Admins can learn about the outbound spam controls in Exchange Online Protection (EOP), and what to do if you need to send mass mailings."
+ms.collection:
+ - M365-security-compliance
+ms.custom:
+ - seo-marvel-apr2020
+description: Admins can learn about the outbound spam controls in Exchange Online Protection (EOP), and what to do if you need to send mass mailings.
+ms.technology: mdo
+ms.prod: m365-security
--- # Outbound spam protection in EOP
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center.md
@@ -1,23 +1,25 @@
--- title: Permissions - Security & Compliance Center
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: Admin ms.topic: conceptual
-f1_keywords:
-- 'ms.o365.cc.AdminRoleGroups'
-ms.service: O365-seccomp
+f1_keywords:
+ - 'ms.o365.cc.AdminRoleGroups'
+ localization_priority: Normal ms.collection: Strat_O365_IP
-search.appverid:
-- MOE150-- MET150
-description: "Admins can learn about the permissions that are available in the Security & Compliance Center in Microsoft 365."
+search.appverid:
+ - MOE150
+ - MET150
+description: Admins can learn about the permissions that are available in the Security & Compliance Center in Microsoft 365.
ms.custom: seo-marvel-apr2020
+ms.technology: mdo
+ms.prod: m365-security
--- # Permissions in the Security & Compliance Center
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/permissions-microsoft-365-compliance-security https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/permissions-microsoft-365-compliance-security.md
@@ -1,22 +1,24 @@
--- title: Permissions in the Microsoft 365 security and compliance centers
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp ms.date: ms.audience: Admin ms.topic: article
-ms.service: O365-seccomp
+ localization_priority: Priority ms.collection: -- M365-security-compliance
+ - M365-security-compliance
search.appverid: -- MOE150-- MET150
-description: "By using the Microsoft 365 security center or Microsoft 365 compliance center, you can manage permissions centrally for all tasks related to security or compliance."
+ - MOE150
+ - MET150
+description: By using the Microsoft 365 security center or Microsoft 365 compliance center, you can manage permissions centrally for all tasks related to security or compliance.
ms.custom: seo-marvel-apr2020
+ms.technology: mdo
+ms.prod: m365-security
--- # Permissions in the Microsoft 365 compliance center and Microsoft 365 security center
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/preset-security-policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/preset-security-policies.md
@@ -1,19 +1,21 @@
---
-title: "Preset security policies"
-f1.keywords:
-- NOCSH
+title: Preset security policies
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp audience: ITPro ms.topic: how-to
-ms.date:
-ms.service: O365-seccomp
+ms.date:
+ localization_priority: Normal
-ms.assetid:
-ms.collection:
-- M365-security-compliance
-description: "Admins can learn how to apply Standard and Strict policy settings across the protection features of Exchange Online Protection (EOP) and Microsoft Defender for Office 365"
+ms.assetid:
+ms.collection:
+ - M365-security-compliance
+description: Admins can learn how to apply Standard and Strict policy settings across the protection features of Exchange Online Protection (EOP) and Microsoft Defender for Office 365
+ms.technology: mdo
+ms.prod: m365-security
--- # Preset security policies in EOP and Microsoft Defender for Office 365
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/protect-against-threats https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/protect-against-threats.md
@@ -1,24 +1,26 @@
---
-title: "Protect against threats"
-f1.keywords:
-- NOCSH
+title: Protect against threats
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp audience: Admin ms.topic: overview
-ms.service: O365-seccomp
+ localization_priority: Normal ms.date: 09/08/2020
-search.appverid:
-- MOE150-- MET150
+search.appverid:
+ - MOE150
+ - MET150
ms.assetid: b10023f6-f30f-45d3-b3ad-b71aa4aa0d58 ms.collection: -- M365-security-compliance-- m365initiative-defender-office365
-description: "Admins can learn about threat protection in Microsoft 365 and configure how to use it for your organization."
+ - M365-security-compliance
+ - m365initiative-defender-office365
+description: Admins can learn about threat protection in Microsoft 365 and configure how to use it for your organization.
ms.custom: seo-marvel-apr2020
+ms.technology: mdo
+ms.prod: m365-security
--- # Protect against threats
@@ -50,7 +52,7 @@ Threat protection features are included in *all* Microsoft or Office 365 subscri
|Anti-spam protection|[EOP](https://docs.microsoft.com/office365/servicedescriptions/exchange-online-protection-service-description/exchange-online-protection-service-description)| |Zero-hour auto purge (for email)|[EOP](https://docs.microsoft.com/office365/servicedescriptions/exchange-online-protection-service-description/exchange-online-protection-service-description)| |Protection from malicious URLs and files in email and Office documents (safe links and safe attachments)|[Microsoft Defender for Office 365](https://docs.microsoft.com/office365/servicedescriptions/office-365-advanced-threat-protection-service-description)|
-|Turn on ATP for SharePoint, OneDrive, and Microsoft Teams workloads|[Defender for Office 365 ](atp-for-spo-odb-and-teams.md)|
+|Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams workloads|[Defender for Office 365 ](atp-for-spo-odb-and-teams.md)|
|Advanced anti-phishing protection|[Defender for Office 365](https://docs.microsoft.com/office365/servicedescriptions/office-365-advanced-threat-protection-service-description)| ### Roles and permissions
@@ -202,7 +204,7 @@ To set up [Safe Links](atp-safe-links.md), review and edit your global settings
To learn more, see [Set up Safe Links policies](set-up-atp-safe-links-policies.md).
-## Part 5 - Verify ATP for SharePoint, OneDrive, and Microsoft Teams is turned on
+## Part 5 - Verify Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is turned on
Workloads like SharePoint, OneDrive, and Teams are built for collaboration. Using Defender for Office 365 helps with blocking and detection of files that are identified as malicious in team sites and document libraries. You can read more about how that works [here](atp-for-spo-odb-and-teams.md).
@@ -211,7 +213,7 @@ Workloads like SharePoint, OneDrive, and Teams are built for collaboration. Usin
1. In the [Security & Compliance Center](https://protection.office.com), choose **Threat management** \> **Policy** \> **ATP Safe Attachments**, and then click **Global settings**.
-2. Verify the **Turn on ATP for SharePoint, OneDrive, and Microsoft Teams** toggle is to the right: ![Toggle on](../../media/scc-toggle-on.png), and then click **Save**.
+2. Verify the **Turn on Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams** toggle is to the right: ![Toggle on](../../media/scc-toggle-on.png), and then click **Save**.
3. Review (and, as appropriate, edit) your organization's [Safe Attachments policies](set-up-atp-safe-attachments-policies.md) and [Safe Links policies](set-up-atp-safe-links-policies.md).
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/protect-on-premises-mailboxes-with-exchange-online-protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/protect-on-premises-mailboxes-with-exchange-online-protection.md
@@ -1,26 +1,28 @@
--- title: Protect on-premises mailboxes in China with standalone EOP
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: how-to
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- GEU150-- GMA150-- GPA150-- MET150
+search.appverid:
+ - GEU150
+ - GMA150
+ - GPA150
+ - MET150
ms.assetid: c5e95951-da67-4ec7-92c5-982abd477e69
-ms.collection:
-- M365-security-compliance
-ms.custom:
-- seo-marvel-apr2020
-description: "Admins in China using Office 365 operated by 21Vianet can learn how to use standalone Exchange Online Protection (EOP) to protect their on-premises mailboxes."
+ms.collection:
+ - M365-security-compliance
+ms.custom:
+ - seo-marvel-apr2020
+description: Admins in China using Office 365 operated by 21Vianet can learn how to use standalone Exchange Online Protection (EOP) to protect their on-premises mailboxes.
+ms.technology: mdo
+ms.prod: m365-security
--- # Protect on-premises mailboxes in China with standalone EOP
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/quarantine-email-messages https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/quarantine-email-messages.md
@@ -1,26 +1,28 @@
---
-title: "Quarantined email messages"
-f1.keywords:
-- NOCSH
+title: Quarantined email messages
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: Admin ms.topic: overview
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MOE150-- MED150-- MET150
+search.appverid:
+ - MOE150
+ - MED150
+ - MET150
ms.assetid: 4c234874-015e-4768-8495-98fcccfc639b ms.collection: -- M365-security-compliance-- m365initiative-defender-office365
-ms.custom:
-- seo-marvel-apr2020
-description: "Admins can learn about quarantine in Exchange Online Protection (EOP) that holds potentially dangerous or unwanted messages."
+ - M365-security-compliance
+ - m365initiative-defender-office365
+ms.custom:
+ - seo-marvel-apr2020
+description: Admins can learn about quarantine in Exchange Online Protection (EOP) that holds potentially dangerous or unwanted messages.
+ms.technology: mdo
+ms.prod: m365-security
--- # Quarantined email messages in EOP
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/quarantine-faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/quarantine-faq.md
@@ -1,23 +1,25 @@
---
-title: "Quarantined messages FAQ"
-f1.keywords:
-- NOCSH
+title: Quarantined messages FAQ
+f1.keywords:
+ - NOCSH
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.topic: troubleshooting
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150
+search.appverid:
+ - MET150
ms.assetid: c440b2ac-cafa-4be5-ba4c-14278a7990ae ms.collection: -- M365-security-compliance-- m365initiative-defender-office365
-description: "Admins can view frequently asked questions and answers about quarantined messages in Exchange Online Protection (EOP)."
+ - M365-security-compliance
+ - m365initiative-defender-office365
+description: Admins can view frequently asked questions and answers about quarantined messages in Exchange Online Protection (EOP).
ms.custom: seo-marvel-apr2020
+ms.technology: mdo
+ms.prod: m365-security
--- # Quarantined messages FAQ
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/quarantine-tags https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/quarantine-tags.md
@@ -3,19 +3,21 @@ title: Quarantine tags
ms.author: chrisda author: chrisda manager: dansimp
-ms.reviewer:
-ms.date:
+ms.reviewer:
+ms.date:
audience: ITPro ms.topic: how-to
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150
-ms.assetid:
-ms.collection:
-- M365-security-compliance
+search.appverid:
+ - MET150
+ms.assetid:
+ms.collection:
+ - M365-security-compliance
ROBOTS: NOINDEX
-description: "Admins can learn how to use quarantine tags to control what users are able to do to their quarantined messages."
+description: Admins can learn how to use quarantine tags to control what users are able to do to their quarantined messages.
+ms.technology: mdo
+ms.prod: m365-security
--- # Quarantine tags
@@ -226,7 +228,7 @@ In _supported_ protection features that quarantine messages or files (automatica
|[Anti-spam policies](configure-your-spam-filter-policies.md): <ul><li>**Spam** (_SpamAction_)</li><li>**High confidence spam** (_HighConfidenceSpamAction_)</li><li>**Phishing email** (_PhishSpamAction_)</li><li>**High confidence phishing email** (_HighConfidencePhishAction_)</li><li>**Bulk email** (_BulkSpamAction_)</li></ul>|Yes|<ul><li>DefaultSpamTag (Full access)</li><li>DefaultHighConfSpamTag (Full access)</li><li>DefaultPhishTag (Full access)</li><li>DefaultHighConfPhishTag (No access)</li><li>DefaultBulkTag (Full access)</li></ul> |Anti-phishing policies: <ul><li>[Spoof intelligence protection](set-up-anti-phishing-policies.md#spoof-settings) (_AuthenticationFailAction_)</li><li>[Impersonation protection](set-up-anti-phishing-policies.md#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365):<sup>\*</sup> <ul><li>**If email is sent by an impersonated user** (_TargetedUserProtectionAction_)</li><li>**If email is sent by an impersonated domain** (_TargetedDomainProtectionAction_)</li><li>**Mailbox intelligence** \> **If email is sent by an impersonated user** (_MailboxIntelligenceProtectionAction_)</li></ul></li></ul></ul>|No|n/a| |[Anti-malware policies](configure-anti-malware-policies.md): All detected messages are always quarantined.|No|n/a|
-|[ATP for SharePoint, OneDrive, and Microsoft Teams](atp-for-spo-odb-and-teams.md)|No|n/a|
+|[Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](atp-for-spo-odb-and-teams.md)|No|n/a|
|[Mail flow rules](https://docs.microsoft.com/exchange/security-and-compliance/mail-flow-rules/mail-flow-rules) (also known as transport rules) with the action: **Deliver the message to the hosted quarantine** (_Quarantine_).|No|n/a| |
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365-atp https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365-atp.md
@@ -1,23 +1,25 @@
---
-title: "Microsoft recommendations for EOP and Defender for Office 365 security settings"
+title: Microsoft recommendations for EOP and Defender for Office 365 security settings
keywords: Office 365 security recommendations, Sender Policy Framework, Domain-based Message Reporting and Conformance, DomainKeys Identified Mail, steps, how does it work, security baselines, baselines for EOP, baselines for Defender for Office 365 , set up Defender for Office 365 , set up EOP, configure Defender for Office 365, configure EOP, security configuration
-f1.keywords:
-- NOCSH
+f1.keywords:
+ - NOCSH
ms.author: tracyp author: MSFTTracyP
-ms.date:
+ms.date:
manager: dansimp audience: ITPro ms.topic: conceptual
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150
+search.appverid:
+ - MET150
ms.assetid: 6f64f2de-d626-48ed-8084-03cc72301aa4 ms.collection: -- M365-security-compliance-- m365initiative-defender-office365
-description: "What are best practices for Exchange Online Protection (EOP) and Defender for Office 365 security settings? What's the current recommendations for standard protection? What should be used if you want to be more strict? And what extras do you get if you also use Defender for Office 365?"
+ - M365-security-compliance
+ - m365initiative-defender-office365
+description: What are best practices for Exchange Online Protection (EOP) and Defender for Office 365 security settings? What's the current recommendations for standard protection? What should be used if you want to be more strict? And what extras do you get if you also use Defender for Office 365?
+ms.technology: mdo
+ms.prod: m365-security
--- # Recommended settings for EOP and Microsoft Defender for Office 365 security
@@ -148,7 +150,7 @@ Additional security benefits come with a Microsoft Defender for Office 365 subsc
> > - There are no default Safe Links policies or Safe Attachments policies that automatically protect all recipients in the organization. To get the protections, you need to create at least one Safe Links Policy and Safe Attachments policy. >
-> - [ATP for SharePoint, OneDrive, and Microsoft Teams](atp-for-spo-odb-and-teams.md) protection and [Safe Documents](safe-docs.md) protection have no dependencies on Safe Links policies.
+> - [Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](atp-for-spo-odb-and-teams.md) protection and [Safe Documents](safe-docs.md) protection have no dependencies on Safe Links policies.
If your subscription includes Microsoft Defender for Office 365 or if you've purchased Defender for Office 365 as an add-on, set the following Standard or Strict configurations.
@@ -250,7 +252,7 @@ Safe Attachments in Microsoft Defender for Office 365 includes global settings t
#### Global settings for Safe Attachments
-To configure these settings, see [Turn on ATP for SharePoint, OneDrive, and Microsoft Teams](turn-on-atp-for-spo-odb-and-teams.md) and [Safe Documents in Microsoft 365 E5](safe-docs.md).
+To configure these settings, see [Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](turn-on-atp-for-spo-odb-and-teams.md) and [Safe Documents in Microsoft 365 E5](safe-docs.md).
In PowerShell, you use the [Set-AtpPolicyForO365](https://docs.microsoft.com/powershell/module/exchange/set-atppolicyforo365) cmdlet for these settings.
@@ -258,7 +260,7 @@ In PowerShell, you use the [Set-AtpPolicyForO365](https://docs.microsoft.com/pow
|Security feature name|Default|Standard|Strict|Comment| |---|:---:|:---:|:---:|---|
-|**Turn on ATP for SharePoint, OneDrive, and Microsoft Teams** <p> _EnableATPForSPOTeamsODB_|On <p> `$true`|On <p> `$true`||
+|**Turn on Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams** <p> _EnableATPForSPOTeamsODB_|On <p> `$true`|On <p> `$true`||
|**Turn on Safe Documents for Office clients** <p> _EnableSafeDocs_|On <p> `$true`|On <p> `$true`|This setting is only available with Microsoft 365 E5 or Microsoft 365 E5 Security licenses. For more information, see [Safe Documents in Microsoft Defender for Office 365](safe-docs.md).| |**Allow people to click through Protected View even if Safe Documents identified the file as malicious** <p> _AllowSafeDocsOpen_|Off <p> `$false`|Off <p> `$false`|This setting is related to Safe Documents.| |
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/recover-from-ransomware https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/recover-from-ransomware.md
@@ -1,19 +1,21 @@
---
-title: "Recover from a ransomware attack"
+title: Recover from a ransomware attack
ms.author: chrisda author: chrisda manager: dansimp
-ms.date:
+ms.date:
audience: ITPro ms.article: how-to
-ms.service: O365-seccomp
+ localization_priority: Normal
-search.appverid:
-- MET150
+search.appverid:
+ - MET150
ms.collection: -- M365-security-compliance-- m365initiative-defender-office365
-description: "Microsoft 365 admins can learn how to recover from a ransomware attack."
+ - M365-security-compliance
+ - m365initiative-defender-office365
+description: Microsoft 365 admins can learn how to recover from a ransomware attack.
+ms.technology: mdo
+ms.prod: m365-security
--- # Recover from a ransomware attack in Microsoft 365
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/reducing-malware-threats-through-file-attachment-blocking-in-exchange-online-pro