| Category | Microsoft Docs article | Related commit history on GitHub | Change details |
|---|---|---|---|
| manage-public-web-access | Manage Public Web Access | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/copilot/manage-public-web-access.md | description: "Learn how to manage Microsoft Copilot for Microsoft 365 access to Microsoft Copilot for Microsoft 365 combines the power of large language models (LLMs) with your organization’s data – all in the flow of work – to turn your words into one of the most powerful productivity tools on the planet. Copilot can provide summaries of chats, messages, and meetings, answer business questions, and generate content. For more information, see [How Microsoft Copilot for Microsoft 365 works](https://www.youtube.com/watch?v=B2-8wrF9Okc). -As your organization’s Microsoft 365 admin, you can turn off Copilot’s ability to access and include web content when it responds to your users’ prompts. For more information on how this control impacts data, privacy, and security within Microsoft Copilot for Microsoft 365, see [Data, Privacy, and Security for Microsoft Copilot for Microsoft 365](microsoft-365-copilot-privacy.md#microsoft-copilot-for-microsoft-365-and-public-web-content). +As your organization’s Microsoft 365 admin, you can turn off Copilot’s ability to access and include web content when it responds to your users’ prompts. For more information on how this control impacts data, privacy, and security within Microsoft Copilot for Microsoft 365, see [Data, Privacy, and Security for Microsoft Copilot for Microsoft 365](microsoft-365-copilot-privacy.md#microsoft-copilot-for-microsoft-365-and-web-content). ## Before you begin |
| microsoft-365-copilot-overview | Microsoft 365 Copilot Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/copilot/microsoft-365-copilot-overview.md | Microsoft Copilot for Microsoft 365 capabilities that users see in Microsoft 365 The following diagram provides a visual representation of how Microsoft Copilot for Microsoft 365 works. Here's an explanation of how Microsoft Copilot for Microsoft 365 works: |
| microsoft-365-copilot-privacy | Microsoft 365 Copilot Privacy | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/copilot/microsoft-365-copilot-privacy.md | ms.localizationpriority: medium description: "Learn how Microsoft Copilot for Microsoft 365 uses data and how it stores and protects that data." hideEdit: true Previously updated : 01/16/2024 Last updated : 01/23/2024 # Data, Privacy, and Security for Microsoft Copilot for Microsoft 365 The information in this article is intended to help provide answers to the follo - [How does Microsoft Copilot for Microsoft 365 protect organizational information and data?](#how-does-microsoft-copilot-for-microsoft-365-protect-organizational-data) - [What data is stored about user interactions with Microsoft Copilot for Microsoft 365?](#data-stored-about-user-interactions-with-microsoft-copilot-for-microsoft-365) - [What data residency commitments does Microsoft Copilot make?](#microsoft-copilot-for-microsoft-365-and-data-residency)-- [Can Microsoft Copilot for Microsoft 365 use public web content in its responses?](#microsoft-copilot-for-microsoft-365-and-public-web-content)+- [Can Microsoft Copilot for Microsoft 365 use web content in its responses?](#microsoft-copilot-for-microsoft-365-and-web-content) - [What extensibility options are available for Microsoft Copilot for Microsoft 365](#extensibility-of-microsoft-copilot-for-microsoft-365) - [How does Microsoft Copilot for Microsoft 365 meet regulatory compliance requirements?](#meeting-regulatory-compliance-requirements) - [Do controls for connected experiences in Microsoft 365 Apps apply to Microsoft Copilot for Microsoft 365?](#microsoft-copilot-for-microsoft-365-and-policy-settings-for-connected-experiences) When you enter prompts using Microsoft Copilot for Microsoft 365, the informatio > [!NOTE] > When using Microsoft Copilot for Microsoft 365, your organizationΓÇÖs data might leave the Microsoft 365 service boundary under the following circumstances: >-> - When you allow Microsoft Copilot with Graph-grounded chat to reference public web content. The query sent to Bing might include your organizationΓÇÖs data. For more information, see [Microsoft Copilot for Microsoft 365 and public web content](#microsoft-copilot-for-microsoft-365-and-public-web-content). +> - When you allow Microsoft Copilot with Graph-grounded chat to reference web content. The query sent to Bing might include your organizationΓÇÖs data. For more information, see [Microsoft Copilot for Microsoft 365 and web content](#microsoft-copilot-for-microsoft-365-and-web-content). > - When youΓÇÖre using plugins to help Microsoft Copilot for Microsoft 365 to provide more relevant information. Check the privacy statement and terms of use of the plugin to determine how it will handle your organizationΓÇÖs data. For information, see [Extensibility of Microsoft Copilot for Microsoft 365](#extensibility-of-microsoft-copilot-for-microsoft-365). Abuse monitoring for Microsoft Copilot for Microsoft 365 occurs in real-time, without providing Microsoft any standing access to customer data, either for human or for automated review. While abuse moderation, which includes human review of content, is available in Azure OpenAI, Microsoft Copilot for Microsoft 365 services have opted out of it. Microsoft 365 data isnΓÇÖt collected or stored by Azure OpenAI. Copilot for Microsoft 365 is upholding data residency commitments as outlined in Microsoft [Advanced Data Residency (ADR)](/microsoft-365/enterprise/advanced-data-residency) and [Multi-Geo Capabilities](/microsoft-365/enterprise/microsoft-365-multi-geo) offerings will include data residency commitments for Copilot for Microsoft 365 customers later in 2024. For EU customers, Copilot for Microsoft 365 is an EU Data Boundary service. Customers outside the EU may have their queries processed in the US, EU, or other regions. -## Microsoft Copilot for Microsoft 365 and public web content +## Microsoft Copilot for Microsoft 365 and web content -Microsoft Copilot with Graph-grounded chat can reference public web content from the Bing search index to ground user prompts and responses. Based on the userΓÇÖs prompt, Copilot for Microsoft 365 determines whether it needs to use Bing to query public web content to help provide a relevant response to the user. There are [controls available to manage the use of public web content](#controls-available-to-manage-the-use-of-public-web-content) for both admins and users. +Microsoft Copilot with Graph-grounded chat can reference web content from the Bing search index to ground user prompts and responses. Based on the userΓÇÖs prompt, Copilot for Microsoft 365 determines whether it needs to use Bing to query web content to help provide a relevant response to the user. There are [controls available to manage the use of web content](#controls-available-to-manage-the-use-of-web-content) for both admins and users. > [!NOTE]-> Public web content grounding in Copilot uses only the Bing Search service. Copilot with commercial data protection (previously named Bing Chat Enterprise) is a separate offering and not involved with public web content grounding. +> Web grounding in Copilot uses only the Bing Search service. Copilot with commercial data protection (previously named Bing Chat Enterprise) is a separate offering and not involved with web grounding. -### Details on how public web content grounding works +### Details on how web grounding works -When public web grounding is enabled, Copilot for Microsoft 365 may automatically generate a web search query, if Copilot for Microsoft 365 determines that web data can improve the quality of the response. The search query is based on the userΓÇÖs prompt, Copilot interaction history, and relevant data the user has access to in Microsoft 365. This web search query might be displayed to the user after the prompt is entered. For example, the user might see the phrase "searching for..." followed by the search query. The query is passed to the [Bing Search API](/bing/search-apis/bing-web-search/overview), which is part of the Bing Search service, to retrieve information from the web to ground a response. +When web grounding is enabled, Copilot for Microsoft 365 may automatically generate a web search query, if Copilot for Microsoft 365 determines that web data can improve the quality of the response. The search query is based on the userΓÇÖs prompt, Copilot interaction history, and relevant data the user has access to in Microsoft 365. This web search query might be displayed to the user after the prompt is entered. For example, the user might see the phrase "searching for..." followed by the search query. The query is passed to the [Bing Search API](/bing/search-apis/bing-web-search/overview), which is part of the Bing Search service, to retrieve information from the web to ground a response. -Web search queries might not contain all the words from a user's prompt. They're generally based off a few terms used to find relevant information on the web. However, they may still include some confidential data, depending on what the user included in the prompt. Queries sent to the Bing Search API by Copilot for Microsoft 365 are disassociated from the user ID or tenant ID. --Once web data is received, Copilot for Microsoft 365 passes the web data to the LLM to generate a richer response by including the latest information from the web and any relevant citations. In this process, the user's prompts and Copilot's responses remain within the Microsoft 365 service boundary. Only the search query, which is abstracted from the user's prompt and grounding data, goes to the Bing Search API outside the boundary. +Once web data is received, Copilot for Microsoft 365 passes the web data to the LLM to generate a richer response by including the latest information from the web and any relevant citations. In this process, the user's prompts and Copilot's responses remain within the Microsoft 365 service boundary. Only the search query, which is abstracted from the user's prompt and grounding data, goes to the Bing Search API outside the boundary. Queries sent to the Bing Search API by Copilot for Microsoft 365 are disassociated from the user ID or tenant ID. Web search queries might not contain all the words from a user's prompt. They're generally based off a few terms used to find relevant information on the web. However, they may still include some confidential data, depending on what the user included in the prompt. Microsoft Bing is a separate business from Microsoft 365 and data is managed independently of Microsoft 365. The use of Bing is covered by the [Microsoft Services Agreement](https://www.microsoft.com/servicesagreement) between each user and Microsoft, together with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement). The [Microsoft Products and Services Data Protection Addendum (DPA)](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA) doesnΓÇÖt apply to the use of Bing. -### Controls available to manage the use of public web content +### Controls available to manage the use of web content -Admins can prevent their users from referencing public web content in their requests. For more information, see [Manage access to public web content in Microsoft Copilot for Microsoft 365 responses](/microsoft-365-copilot/manage-public-web-access). Even when allowed by the admin, users still have the option whether or not they want to reference public web content in their requests. For more information, see [Use additional data sources with Microsoft 365 Copilot](https://support.microsoft.com/topic/b41e679a-ee19-4a8d-ab5c-ebd00ff46d71). +Admins can prevent their users from referencing web content in their requests. For more information, see [Manage access to web content in Microsoft Copilot for Microsoft 365 responses](/microsoft-365-copilot/manage-public-web-access). Even when allowed by the admin, users still have the option whether or not they want to reference web content in their requests. For more information, see [Use additional data sources with Microsoft 365 Copilot](https://support.microsoft.com/topic/b41e679a-ee19-4a8d-ab5c-ebd00ff46d71). > [!NOTE]-> The policy settings that control the use of optional connected experiences in Microsoft 365 Apps donΓÇÖt apply to Microsoft Copilot for Microsoft 365 and public web content. +> The policy settings that control the use of optional connected experiences in Microsoft 365 Apps donΓÇÖt apply to Microsoft Copilot for Microsoft 365 and web content. ## Extensibility of Microsoft Copilot for Microsoft 365 |
| admin | Manage Feedback Ms Org | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-feedback-ms-org.md | The table below represents which apps and services are currently connected to th |**PowerPoint**|Yes|Yes|Yes|Yes| |**Project**|Yes|Yes|Yes|Yes| |**Publisher**|Yes|Yes|Yes|Yes|-|**SharePoint**|[Some settings currently managed by other controls.](/powershell/module/sharepoint-online/set-spotenant)|||| +|**SharePoint**|Yes|Yes|Yes|Yes| |**Teams**|[Some settings currently managed by other controls.](/microsoftteams/manage-feedback-policies-in-teams)||Yes|| |**To Do**|Yes|Yes|Yes|Yes| |**Word**|Yes|Yes|Yes|Yes| |
| enterprise | Connect To All Microsoft 365 Services In A Single Windows Powershell Window | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/connect-to-all-microsoft-365-services-in-a-single-windows-powershell-window.md | Title: "Connect to all Microsoft 365 services in a single PowerShell window" Previously updated : 12/19/2023 Last updated : 01/16/2024 audience: ITPro + - azure-ad-ref-level-one-done ms.assetid: 53d3eef6-4a16-4fb9-903c-816d5d98d7e8 description: "Summary: Connect to all Microsoft 365 services in a single PowerShell window." Before you can manage all of Microsoft 365 from a single instance of PowerShell, - You need to install the modules that are required for Microsoft Entra ID, Exchange Online, Defender for Office 365, Microsoft Purview compliance, SharePoint Online, and Teams: - - [Azure Active Directory v2](connect-to-microsoft-365-powershell.md#connect-with-the-azure-active-directory-powershell-for-graph-module) + - [Install the Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/installation) - [SharePoint Online Management Shell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online) - [Teams PowerShell Module](/microsoftteams/teams-powershell-overview) - [Install and maintain the Exchange Online PowerShell module](/powershell/exchange/exchange-online-powershell-v2#install-and-maintain-the-exchange-online-powershell-module) Before you can manage all of Microsoft 365 from a single instance of PowerShell, Set-ExecutionPolicy RemoteSigned ``` -## Connection steps when using just a password +## Connection steps -Follow these steps to connect to all the services in a single PowerShell window when you're using just a password for sign-in. +Follow these steps to connect to all the services in a single PowerShell window. 1. Open Windows PowerShell. Follow these steps to connect to all the services in a single PowerShell window $credential = Get-Credential ``` -3. Run this command to connect to Microsoft Entra ID by using the Azure Active Directory PowerShell for Graph module. +3. Run this command to connect to Microsoft Entra ID by using the Microsoft Graph PowerShell SDK. - ```powershell - Connect-AzureAD -Credential $credential - ``` + > [!NOTE] + > The Azure Active Directory (AzureAD) PowerShell module is being deprecated and replaced by the Microsoft Graph PowerShell SDK. You can use the Microsoft Graph PowerShell SDK to access all Microsoft Graph APIs. For more information, see [Get started with the Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/get-started). + > + > Also see [Install the Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/installation) and [Upgrade from Azure AD PowerShell to Microsoft Graph PowerShell](/powershell/microsoftgraph/migration-steps) for information on how to install and upgrade to Microsoft Graph PowerShell, respectively. - Or if you're using the Microsoft Azure Active Directory module for Windows PowerShell module, run this command. + The Microsoft Graph PowerShell SDK supports two types of authentication: delegated access, and app-only access. In this example, you'll use delegated access to sign in as a user, grant consent to the SDK to act on your behalf, and call the Microsoft Graph. - ```powershell - Connect-MsolService -Credential $credential + For details on using app-only access for unattended scenarios, see [Use app-only authentication with the Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/app-only). ++ **Determine required permission scopes** ++ Each API in the Microsoft Graph is protected by one or more permission scopes. The user logging in must consent to one of the required scopes for the APIs you plan to use. In this example, we'll use the following APIs. ++ - List users to find the user ID of the logged-in user. + - List joinedTeams to get the Teams the user is a member of. + - List channels to get the channels in a Team. + - Send message to send a message to a Team's channel. ++ The **User.Read.All** permission scope enables the first two calls, and the **Group.ReadWrite.All** scope enables the rest. These permissions require an admin account. ++ For more information about how to determine what permission scopes you'll need, see [Using Find-MgGraphCommand](/powershell/microsoftgraph/find-mg-graph-command). ++ **Connect to Microsoft Graph** ++ To connect to your Microsoft 365 Organization, run the following command with example permission scopes: ++ ``` powershell + Connect-MgGraph -Scopes "User.Read.All","Group.ReadWrite.All" ``` - > [!NOTE] - > PowerShell Core doesn't support the Microsoft Azure Active Directory module for Windows PowerShell module and cmdlets with *Msol* in their name. You must run these cmdlets from PowerShell. + The command prompts you to go to a web page to sign in with your credentials. Once you've done that, the command indicates success with a **Welcome To Microsoft Graph!** message. You only need to sign in once per session. Passing credentials to the ```Connect-MgGraph``` cmdlet is currently not supported. ++ > [!TIP] + > You can accretively add permissions by repeating the **Connect-MgGraph** command with the new permission scopes. 4. Run these commands to connect to SharePoint Online. Specify the organization name for your domain. For example, for "litwareinc\.onmicrosoft.com", the organization name value is "litwareinc". Follow these steps to connect to all the services in a single PowerShell window > > To connect to Microsoft Teams clouds other than *Worldwide*, see [Connect-MicrosoftTeams](/powershell/module/teams/connect-microsoftteams). -### Azure Active Directory PowerShell for Graph module when using just a password --Here are the commands for all the services in a single block when you use the Azure Active Directory PowerShell for Graph module. Specify the name of your domain host and the UPN for the sign-in and run them all at the same time. --```powershell -$orgName="<for example, litwareinc for litwareinc.onmicrosoft.com>" -$acctName="<UPN of the account, such as belindan@litwareinc.onmicrosoft.com>" -$credential = Get-Credential -UserName $acctName -Message "Type the account's password." -#Azure Active Directory -Connect-AzureAD -Credential $credential -#SharePoint Online -Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking -Connect-SPOService -Url https://$orgName-admin.sharepoint.com -credential $credential -#Exchange Online -Import-Module ExchangeOnlineManagement -Connect-ExchangeOnline -ShowProgress $true -#Security & Compliance -Connect-IPPSSession -UserPrincipalName $acctName -#Teams and Skype for Business Online -Import-Module MicrosoftTeams -Connect-MicrosoftTeams -Credential $credential -``` --### Microsoft Azure Active Directory module for Windows PowerShell module when using just a password --Here are the commands for all the services in a single block when you use the Microsoft Azure Active Directory module for Windows PowerShell module. Specify the name of your domain host and the UPN for the sign-in and run them all at one time. --```powershell -$orgName="<for example, litwareinc for litwareinc.onmicrosoft.com>" -$acctName="<UPN of the account, such as belindan@litwareinc.onmicrosoft.com>" -$credential = Get-Credential -UserName $acctName -Message "Type the account's password." -#Azure Active Directory -Connect-MsolService -Credential $credential -#SharePoint Online -Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking -Connect-SPOService -Url https://$orgName-admin.sharepoint.com -credential $credential -#Exchange Online -Connect-ExchangeOnline -ShowProgress $true -#Security & Compliance -Connect-IPPSSession -UserPrincipalName $acctName -#Teams and Skype for Business Online -Import-Module MicrosoftTeams -Connect-MicrosoftTeams -Credential $credential -``` --## Connection steps when using multi-factor authentication --### Azure Active Directory PowerShell for Graph module when using MFA --Here are all the commands in a single block to connect to multiple Microsoft 365 services when you use multi-factor authentication with the Azure Active Directory PowerShell for Graph module. --```powershell -$acctName="<UPN of the account, such as belindan@litwareinc.onmicrosoft.com>" -$orgName="<for example, litwareinc for litwareinc.onmicrosoft.com>" -#Azure Active Directory -Connect-AzureAD -#SharePoint Online -Connect-SPOService -Url https://$orgName-admin.sharepoint.com -#Exchange Online -Connect-ExchangeOnline -UserPrincipalName $acctName -ShowProgress $true -#Security & Compliance -Connect-IPPSSession -UserPrincipalName $acctName -#Teams and Skype for Business Online -Import-Module MicrosoftTeams -Connect-MicrosoftTeams -``` --### Microsoft Azure Active Directory module for Windows PowerShell module when using MFA --Here are all the commands in a single block to connect to multiple Microsoft 365 services when you use multi-factor authentication with the Microsoft Azure Active Directory module for Windows PowerShell module. --```powershell -$acctName="<UPN of the account, such as belindan@litwareinc.onmicrosoft.com>" -$orgName="<for example, litwareinc for litwareinc.onmicrosoft.com>" -#Azure Active Directory -Connect-MsolService -#SharePoint Online -Connect-SPOService -Url https://$orgName-admin.sharepoint.com -#Exchange Online -Import-Module ExchangeOnlineManagement -Connect-ExchangeOnline -UserPrincipalName $acctName -ShowProgress $true -#Security & Compliance Center -Connect-IPPSSession -UserPrincipalName $acctName -#Teams and Skype for Business Online -Import-Module MicrosoftTeams -Connect-MicrosoftTeams -``` - ## Close the PowerShell window To close down the PowerShell window, run this command to remove the active sessions to SharePoint Online, Teams, Defender for Office 365 and Microsoft Purview compliance: Disconnect-SPOService; Disconnect-MicrosoftTeams; Disconnect-ExchangeOnline ## See also -- [Connect to Microsoft 365 with PowerShell](connect-to-microsoft-365-powershell.md)+- [Connect to Microsoft 365 with Microsoft Graph PowerShell](connect-to-microsoft-365-powershell.md) - [Manage SharePoint Online with PowerShell](manage-sharepoint-online-with-microsoft-365-powershell.md) - [Manage Microsoft 365 user accounts, licenses, and groups with PowerShell](manage-user-accounts-and-licenses-with-microsoft-365-powershell.md) |
| frontline | Deploy Dynamic Teams At Scale | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/deploy-dynamic-teams-at-scale.md | |
| frontline | Deploy Shifts At Scale | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/deploy-shifts-at-scale.md | ms.localizationpriority: medium - M365-collaboration - m365-frontline+ - teams-1p-app-admin appliesto: - Microsoft Teams - Microsoft 365 for frontline workers |
| security | Configure Endpoints Non Windows | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-endpoints-non-windows.md | Title: Onboard non-Windows devices to the Microsoft Defender for Endpoint service description: Configure non-Windows devices so that they can send sensor data to the Microsoft Defender for Endpoint service. -keywords: onboard non-Windows devices, macos, linux, device management, configure Microsoft Defender for Endpoint devices -search.product: eADQiWindows 10XVcnh search.appverid: met150 -ms.sitesec: library ms.pagetype: security Last updated 12/18/2020 **Applies to:** -- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037)-- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender XDR](https://go.microsoft.com/fwlink/?linkid=2118804)+- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) +- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) **Platforms** - macOS You'll need to take the following steps: ## Offboard non-Windows devices -For macOS and Linux devices, you can choose to offboard through Microsoft Defender for Endpoint. In the navigation pane, select **Settings** \> **Offboard** \> **Select Operating System to start the offboarding Process**. +For macOS and Linux devices, you can choose to offboard through Microsoft Defender for Endpoint. In the navigation pane, select **Settings** > **Offboard** > **Select Operating System to start the offboarding Process**. ++For details on offboarding Microsoft Defender on macOS, see [Uninstalling Microsoft Defender for macOS](mac-resources.md). You can also offboard non-Windows devices by disabling the third-party integration. Enable coverage for devices running non-Windows platforms by [integrating third-party solutions](https://security.microsoft.com/interoperability/partners). You can also offboard non-Windows devices by disabling the third-party integrati - [Configure proxy and Internet connectivity settings](configure-proxy-internet.md) - [Troubleshooting Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md) [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../../includes/defender-mde-techcommunity.md)]+ |
| security | Defender Endpoint Demonstrations | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/defender-endpoint-demonstrations.md | +- [Microsoft Defender for Business](https://www.microsoft.com/security/business/endpoint-security/microsoft-defender-business) +- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) +- [Microsoft Defender Antivirus](microsoft-defender-antivirus-windows.md) +- [Microsoft Defender for Individuals](https://www.microsoft.com/microsoft-365/microsoft-defender-for-individuals) -The following demonstration scenarios will help you learn about the capabilities of Microsoft Defender for Endpoint on Windows (Mac and Linux are out of scope). Demonstration scenarios are provided for the following Microsoft Defender for Endpoint protection areas: +The following demonstration scenarios will help you learn about the capabilities of Microsoft Defender for Endpoint on Windows, Mac, and Linux. Demonstration scenarios are provided for the following Microsoft Defender for Endpoint protection areas: :::image type="content" source="images/microsoft-defender-for-endpoint-cloud-protection.png" alt-text="Shows the areas of Microsoft Defender for Endpoint demonstration scenarios covered in this collection" lightbox="images/microsoft-defender-for-endpoint-cloud-protection.png"::: The following table lists the available demonstrations alphabetically, with thei | # | Demonstration name | Protection area | Description | |:--|:|:|:|-| 1 | [App reputation demonstration](defender-endpoint-demonstration-app-reputation.md) | NGP | Navigate to the app reputation page to see the demonstration scenario using Microsoft Edge. | -| 2 | [Attack surface reduction rules demonstrations](defender-endpoint-demonstration-attack-surface-reduction-rules.md) | ASR | Download sample files to trigger each ASR rule. | -| 3 | [Block at First Sight (BAFS) demonstration](defender-endpoint-demonstration-block-at-first-sight-bafs.md) | NGP | With the BAFS feature in Microsoft Defender Antivirus, newly discovered files are analyzed and - if needed - blocked. | -| 4 | [Cloud-delivered protection demonstration](defender-endpoint-demonstration-cloud-delivered-protection.md) | NGP | Confirm that cloud-delivered protection is working properly on your computer. | -| 5 | [Controlled folder access (CFA) demonstration (block script)](defender-endpoint-demonstration-controlled-folder-access-test-tool.md) | ASR | Download the CFA test tool. | -| 6 | [Controlled folder access (CFA) demonstrations (block ransomware)](defender-endpoint-demonstration-controlled-folder-access.md) | ASR | Download and execute a sample file to trigger CFA ransomware protection. | -| 7 | [Exploit protection (EP) demonstrations](defender-endpoint-demonstration-exploit-protection.md) | ASR | Apply custom exploit protection settings. | -| 8 | [Network protection demonstrations](defender-endpoint-demonstration-network-protection.md) | ASR | Navigate to a suspicious URL to trigger network protection. | -| 9 | [Potentially unwanted applications (PUA) demonstration](defender-endpoint-demonstration-potentially-unwanted-applications.md) | NGP | Confirm that potentially unwanted applications (PUAs) are being blocked on your network by downloading a fake (safe) PUA file. | -| 10 | [URL reputation demonstrations](defender-endpoint-demonstration-smartscreen-url-reputation.md) | NGP | Navigate to the URL Reputation page to see the demonstration scenarios using Microsoft Edge. | +| 1 |[Endpoint Detection and Response (EDR) detections](/microsoft-365/security/defender-endpoint/edr-detection)| EDR |Confirm that EDR is detecting cyber threats such as malware.| +| 2 |[Validate antimalware](/microsoft-365/security/defender-endpoint/validate-antimalware)| NGP |Confirm that antivirus/antimalware is detecting and blocking malware. | +| 3 |[Potentially unwanted applications (PUA) demonstration](/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-potentially-unwanted-applications)| NGP |Confirm that potentially unwanted applications (PUAs) are being blocked on your network by downloading a fake (safe) PUA file. | +| 4 |[Cloud-delivered protection demonstration](/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-cloud-delivered-protection)| NGP |Confirm that cloud-delivered protection is working properly on your computer. | +| 5 |[Block at First Sight (BAFS) demonstration](/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-block-at-first-sight-bafs)| NGP |With the BAFS feature in Microsoft Defender Antivirus, newly discovered files are analyzed and if needed blocked. | +| 6 |[App reputation demonstration](/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-app-reputation)| NGP |Navigate to the app reputation page to see the demonstration scenario using Microsoft Edge.| +| 7 |[URL reputation demonstrations](/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-smartscreen-url-reputation)| NGP |Navigate to the URL Reputation page to see the demonstration scenarios using Microsoft Edge.| +| 8 |[Network protection demonstrations](/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-network-protection)| ASR |Navigate to a suspicious URL to trigger network protection. | +| 9 |[Attack surface reduction rules (ASR rules) demonstrations](/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-attack-surface-reduction-rules)| ASR |Download sample files to trigger each ASR rule.| +| 10 |[Exploit protection (EP) demonstrations](/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-exploit-protection)| ASR | Apply custom exploit protection settings.| +| 11 |[Controlled folder access (CFA) demonstration (block script)](/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-controlled-folder-access-test-tool)| ASR | Download the CFA test tool.| +| 12 |[Controlled folder access (CFA) demonstrations (block ransomware)](/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-controlled-folder-access)| ASR | Download and execute a sample file to trigger CFA ransomware protection.| ## See also |
| security | Live Response | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/live-response.md | Before you can initiate a session on a device, make sure you fulfill the followi - **Windows Server 2012 R2** - with [KB5005292](https://support.microsoft.com/topic/microsoft-defender-for-endpoint-update-for-edr-sensor-f8f69773-f17f-420f-91f4-a8e5167284ac) - **Windows Server 2016** - with [KB5005292](https://support.microsoft.com/topic/microsoft-defender-for-endpoint-update-for-edr-sensor-f8f69773-f17f-420f-91f4-a8e5167284ac)-+ > [!NOTE] + > For Windows Server 2012R2 or 2016 you must have the [Unified Agent](update-agent-mma-windows.md#update-mma-on-your-devices) installed, and it is recommended to patch to latest sensor version with KB5005292. + - **Windows Server 2019** - Version 1903 or (with [KB4515384](https://support.microsoft.com/help/4515384/windows-10-update-kb4515384)) later - Version 1809 (with [KB4537818](https://support.microsoft.com/help/4537818/windows-10-update-kb4537818)) |
| security | Whats New In Microsoft Defender Endpoint | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint.md | |
| security | Get Started Xdr | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/get-started-xdr.md | Title: Get started with Microsoft Defender Experts for XDR description: Defender Experts for XDR lets you determine the individuals or groups within your organization that need to be notified if there's a critical incident -keywords: XDR, protected assets, defender experts for xdr, set up microsoft xdr, set up permissions in xdr, managed detection and response (MDR) service, service delivery manager, readiness, threat hunting and analysis, actions needed xdr +keywords: XDR, protected assets, defender experts for xdr, set up microsoft xdr, set up permissions in xdr, managed detection and response (MDR) service, service delivery manager, managed response in Teams, readiness, threat hunting and analysis, actions needed xdr ms.mktglfcycl: deploy To edit or update your notification contacts after the initial setup, go to **Se ## Receive managed response notifications and updates in Microsoft Teams -Apart from email and in-portal chat, you also have to option to use Microsoft Teams to receive updates about managed responses and communicate with our experts in real time. When this setting is turned on, a new team named **Defender Experts team** is created, where managed response notifications related to ongoing incidents are sent as new posts in the **Managed response** channel. [Learn more about using Teams chat](../defender/start-using-mdex-xdr.md#teams-chat) +Apart from email and [in-portal chat](start-using-mdex-xdr.md#in-portal-chat), you also have to option to use Microsoft Teams to receive updates about managed responses and communicate with our experts in real time. When this setting is turned on, a new team named **Defender Experts team** is created, where managed response notifications related to ongoing incidents are sent as new posts in the **Managed response** channel. [Learn more about using Teams chat](../defender/start-using-mdex-xdr.md#teams-chat) > [!IMPORTANT] > Defender Experts will have access to all messages posted on any channel in the created **Defender Experts team**. To prevent Defender Experts from accessing messages in this team, go to **Apps** in Teams then navigate to **Manage your apps** > **Defender Experts** > **Remove**. This removal action cannot be reversed. Apart from email and in-portal chat, you also have to option to use Microsoft Te 3. Select **Submit**. The step-by-step guide then completes the initial setup. 4. Select **View readiness assessment** to complete the necessary actions required to [optimize your security posture](#prepare-your-environment-for-the-defender-experts-service). +> [!NOTE] +> To set up the Defender Experts Teams application, you must have either the **Global administrator** or **Security administrator** role assigned, and a Microsoft Teams license. + To turn on Teams notifications and chat after the initial setup, go to **Settings** > **Defender Experts** > **Teams**. :::image type="content" source="../../media/xdr/Teams-managed-response.png" alt-text="Screenshot of option to activate Teams for receiving managed response." lightbox="../../media/xdr/Teams-managed-response.png"::: |
| security | Incident Queue | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/incident-queue.md | Title: Prioritize incidents in Microsoft Defender XDR description: Learn how to filter incidents from the incident queue in Microsoft Defender XDR -keywords: incident, queue, overview, devices, identities, users, mailbox, email, incidents, analyze, response, triage -search.product: eADQiWindows 10XVcnh -ms.sitesec: library -ms.pagetype: security f1.keywords: - NOCSH Microsoft Defender XDR applies correlation analytics and aggregates related aler The **Incident queue** shows a collection of incidents that were created across devices, users, and mailboxes. It helps you sort through incidents to prioritize and create an informed cybersecurity response decision, a process known as incident triage. -You get to the incident queue from **Incidents & alerts > Incidents** on the quick launch of the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a>. Here's an example. +> [!TIP] +> For a limited time during January 2024, when you visit the **Incidents** page, Defender Boxed appears. Defender Boxed highlights your organization's security successes, improvements, and response actions during 2023. To reopen Defender Boxed, in the Microsoft Defender portal, go to **Incidents**, and then select **Your Defender Boxed**. ++You can get to the incident queue from **Incidents & alerts > Incidents** on the quick launch of the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a>. Here's an example. :::image type="content" source="../../media/incidents-queue/incidents-ss-incidents.png" alt-text="The Incident section showing the incident queue in the Microsoft Defender portal." lightbox="../../media/incidents-queue/incidents-ss-incidents.png"::: |
| security | Incidents Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/incidents-overview.md | Title: Incident response with Microsoft Defender XDR description: Investigate incidents seen across devices, users, and mailboxes in the Microsoft Defender portal. -keywords: incidents, alerts, attack story, investigate, analyze, response, correlation, attack, machines, devices, users, identities, identity, mailbox, email, 365, microsoft, m365, incident response, cyber-attack -search.product: eADQiWindows 10XVcnh -ms.sitesec: library -ms.pagetype: security f1.keywords: - NOCSH If [enabled](m365d-enable.md), Microsoft Defender XDR can [automatically investi ## Incidents and alerts in the Microsoft Defender portal +> [!TIP] +> For a limited time during January 2024, when you visit the **Incidents** page, Defender Boxed appears. Defender Boxed highlights your organization's security successes, improvements, and response actions during 2023. To reopen Defender Boxed, in the Microsoft Defender portal, go to **Incidents**, and then select **Your Defender Boxed**. + You manage incidents from **Incidents & alerts > Incidents** on the quick launch of the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target=" blank">Microsoft Defender portal</a>. Here's an example. :::image type="content" source="../../media/incidents-queue/incidents-ss-incidents.png" alt-text="The Incidents page in the Microsoft Defender portal." lightbox="../../media/incidents-queue/incidents-ss-incidents.png"::: |
| security | Manage Incidents | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/manage-incidents.md | Last updated 01/22/2024 Incident management is critical to ensuring that incidents are named, assigned, and tagged to optimize time in your incident workflow and more quickly contain and address threats. +> [!TIP] +> For a limited time during January 2024, when you visit the **Incidents** page, Defender Boxed appears. Defender Boxed highlights your organization's security successes, improvements, and response actions during 2023. To reopen Defender Boxed, in the Microsoft Defender portal, go to **Incidents**, and then select **Your Defender Boxed**. + You can manage incidents from **Incidents & alerts > Incidents** on the quick launch of the Microsoft Defender portal ([security.microsoft.com](https://security.microsoft.com)). Here's an example. :::image type="content" source="../../media/incidents-queue/fig1-manageincidents.png" alt-text="Highlighting the manage incident option within the incident queue and quick launch pane in the Microsoft Defender portal" lightbox="../../media/incidents-queue/fig1-manageincidents.png"::: |
| security | Microsoft Secure Score Whats New | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-secure-score-whats-new.md | The following recommendations have been added as Microsoft Secure Score improvem - Ensure that SharePoint guest users cannot share items they don't own. +### Defender for Cloud Apps support for multiple instances of an app ++Microsoft Defender for Cloud Apps now supports Secure Score recommendations across multiple instances of the same app. For example, if you have multiple instances of AWS, you can configure and filter for Secure Score recommendations for each instance individually. ++For more information, see [Turn on and manage SaaS security posture management (SSPM)](/defender-cloud-apps/security-saas). + ## December 2023 The following recommendations have been added as Microsoft Secure Score improvement actions: |
| security | Respond First Incident 365 Defender | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/respond-first-incident-365-defender.md | Title: Responding to your first incident in Microsoft Defender XDR description: The basics of responding to your first incident in Microsoft Defender XDR. -keywords: incidents, alerts, investigate, correlation, attack, devices, users, identities, identity, mailbox, email, 365, microsoft, m365, incident response, cyber-attack, self-study, ramp up, ramp-up, onboard, incident responder -search.product: eADQiWindows 10XVcnh -ms.sitesec: library -ms.pagetype: security f1.keywords: - NOCSH This guide has three main sections: An [incident](incidents-overview.md) is a chain of processes created, commands, and actions that might not have coincided. An incident provides a holistic picture and context of suspicious or malicious activity. A single incident gives you an attack's complete context instead of triaging hundreds of alerts from multiple services. +> [!TIP] +> For a limited time during January 2024, when you visit the **Incidents** page, Defender Boxed appears. Defender Boxed highlights your organization's security successes, improvements, and response actions during 2023. To reopen Defender Boxed, in the Microsoft Defender portal, go to **Incidents**, and then select **Your Defender Boxed**. + Microsoft Defender XDR has many features that you can use to respond to an incident. You can navigate the incidents by selecting **View all incidents** in the Active incidents card on the Home page or through **Incidents & alerts** on the left navigation pane. :::image type="content" source="../../media/first-incident/m365d-viewincidents-home.png" alt-text="View all incidents shown in Microsoft Defender XDR home page" lightbox="../../media/first-incident/m365d-viewincidents-home.png"::: |
| security | Start Using Mdex Xdr | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/start-using-mdex-xdr.md | Title: How to use the Microsoft Defender Experts for XDR service description: Defender Experts for XDR helps prioritize and customize recommendations to fit your environment -keywords: XDR, Xtended detection and response, defender experts for xdr, Microsoft Defender Experts for XDR, managed threat hunting, managed detection and response (MDR) service, service delivery manager, real-time visibility with XDR experts, threat hunting and analysis +keywords: XDR, Xtended detection and response, defender experts for xdr, Microsoft Defender Experts for XDR, managed threat hunting, managed detection and response (MDR) service, service delivery manager, Managed response in Teams, real-time visibility with XDR experts, threat hunting and analysis ms.mktglfcycl: deploy Once you turn on chat on Teams, a new team named **Defender Experts team** is cr **Important reminders when using the Teams chat:** -- Only reply to posts (announcing managed response is published on an incident) created by Defender Experts. When you create a new post, our experts might not be able to see it.+- Only reply to posts (announcing managed response is published on an incident) created by Defender Experts. When you create a new post, our experts will not be able to see it. - Tag or mention our experts by typing *@Defender Experts* in your replies, so they are notified to join the chat conversation. - DonΓÇÖt attach any attachments (for example, files for analysis) in the chat. For security reasons, Defender Experts won't be able to view the attachments. Instead, send them to appropriate submissions channels or provide links where they can be found in Microsoft Defender XDR portal. |
| security | Whats New | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/whats-new.md | Title: What's new in Microsoft Defender XDR description: Lists the new features and functionality in Microsoft Defender XDR keywords: what's new in Microsoft Defender XDR, ga, generally available, capabilities, available, new -search.product: eADQiWindows 10XVcnh search.appverid: met150 -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium Previously updated : 01/18/2024 Last updated : 01/22/2024 audience: ITPro You can also get product updates and important notifications through the [messag ## January 2024 +- **Defender Boxed is available for a limited period of time**. Defender Boxed highlights your organization's security successes, improvements, and response actions during 2023. Take a moment to celebrate your organization's improvements in security posture, overall response to detected threats (manual and automatic), blocked emails, and more. ++ - Defender Boxed opens automatically when you go to the **Incidents** page in the Microsoft Defender portal. + - If you close Defender Boxed and you want to reopen it, in the Microsoft Defender portal, go to **Incidents**, and then select **Your Defender Boxed**. + - Act quickly! Defender Boxed is available only for a short period of time. + - Defender Experts for XDR now lets you [receive managed response notifications and updates using Teams](get-started-xdr.md#receive-managed-response-notifications-and-updates-in-microsoft-teams). You can also chat with Defender Experts regarding incidents where managed response is issued.+ - (GA) Microsoft Defender for Cloud alerts integration with Microsoft Defender XDR is now generally available. Learn more about the integration in [Microsoft Defender for Cloud in Microsoft Defender XDR](microsoft-365-security-center-defender-cloud.md).+ - **Activity log** is now available within an incident page. Use the activity log to view all audits and comments, and add comments to the log of an incident. For details, see [Activity log](manage-incidents.md#activity-log). + - (Preview) **[Query history](advanced-hunting-query-history.md) in advanced hunting** is now available. You can now rerun or refine queries you have run recently. Up to 30 queries in the past 28 days can be loaded in the query history pane.+ - (Preview) Additional features you can use to **[drill down](/advanced-hunting-query-results#drill-down-from-query-results)** further from your query results in advanced hunting are now available. ## December 2023 - **Microsoft Defender XDR Unified role-based access control (RBAC)** is now generally available. Unified (RBAC) allows administrators to manage user permissions across different security solutions from a single, centralized location. This offering is also available to GCC Moderate customers. To learn more, see [Microsoft Defender XDR Unified role-based access control (RBAC)](manage-rbac.md).+ - Microsoft Defender Experts for XDR now lets you [exclude devices and users](get-started-xdr.md#exclude-all-high-value-devices-or-users-automatically) from remediation actions taken by our experts and instead get remediation guidance for those entities.+ - The Microsoft Defender portal's incident queue has updated filters, search, and added a new function where you can create your own filter sets. For details, see [Available filters](incident-queue.md#available-filters).+ - You can now assign incidents to a user group or another user. For details, see [Assign an incident](manage-incidents.md#assign-an-incident). ## November 2023 - Microsoft Defender Experts for Hunting now lets you generate sample Defender Experts Notifications so you can start experiencing the service without having to wait for an actual critical activity to happen in your environment. [Learn more](onboarding-defender-experts-for-hunting.md#generate-sample-defender-experts-notifications)+ - (Preview) Microsoft Defender for Cloud alerts are now integrated in Microsoft Defender XDR. Defender for Cloud alerts are automatically correlated to incidents and alerts in the Microsoft Defender portal and cloud resource assets can be viewed in the incidents and alerts queues. Learn more about the [Defender for Cloud integration](microsoft-365-security-center-defender-cloud.md) in Microsoft Defender XDR.+ - (Preview) Microsoft Defender XDR now has built in [deception technology](deception-overview.md) to protect your environment from high-impact attacks that use human-operated lateral movement. Learn more about the deception feature and how to [configure the deception feature](configure-deception.md).+ - Microsoft Defender Experts for XDR now lets you perform your own [readiness assessment](get-started-xdr.md#prepare-your-environment-for-the-defender-experts-service) when preparing the environment for the Defender Experts for XDR service. ## October 2023 - (Preview) You can now get email notifications for manual or automated actions done in Microsoft Defender XDR. Learn how to configure email notifications for manual or automated response actions performed in the portal. For details, see [Get email notifications for response actions in Microsoft Defender XDR](m365d-response-actions-notifications.md).+ - (Preview) [Microsoft Security Copilot in Microsoft Defender XDR](security-copilot-in-microsoft-365-defender.md) is now in preview. Microsoft Defender XDR users can take advantage of Security Copilot capabilities to summarize incidents, analyze scripts and codes, use guided responses to resolve incidents, generate KQL queries, and create incident reports within the portal. Security Copilot is on an invitation-only preview. Learn more about Security Copilot in the [Microsoft Security Copilot Early Access Program Frequently Asked Questions](/security-copilot/faq-security-copilot). ## September 2023 You can also get product updates and important notifications through the [messag ## August 2023 - Guides to responding to your first incident for new users are now live. [Understand incidents](respond-first-incident-365-defender.md) and learn to triage and prioritize, [analyze your first incident](respond-first-incident-analyze.md) using tutorials and videos, and [remediate attacks](respond-first-incident-remediate.md) by understanding actions available in the portal.+ - (Preview) [Asset rule management - Dynamic rules for devices](./configure-asset-rules.md) is now in public preview. Dynamic rules can help manage device context by assigning tags and device values automatically based on certain criteria.+ - (Preview) The [DeviceInfo](advanced-hunting-deviceinfo-table.md) table in advanced hunting now also includes the columns `DeviceManualTags` and `DeviceDynamicTags` in public preview to surface both manually and dynamically assigned tags related to the device you are investigating.+ - The **Guided response** feature in Microsoft Defender Experts for XDR has been renamed to **[Managed response](start-using-mdex-xdr.md#how-to-use-managed-response-in-microsoft-365-defender)**. We have also added a [new FAQ section](faq-incident-notifications-xdr.md#understanding-and-managing-defender-experts-for-xdr-incident-updates) on incident updates. ## July 2023 - (GA) The [Attack story](investigate-incidents.md#attack-story) in incidents is now generally available. The attack story provides the full story of the attack and allows incident response teams to view the details and apply remediation.+ - A new URL and domain page is now available in Microsoft Defender XDR. The updated URL and domain page provides a single place to view all the information about a URL or a domain, including its reputation, the users who clicked it, the devices that accessed it, and emails where the URL or domain was seen. For details, see [Investigate URLs in Microsoft Defender XDR](/microsoft-365/security/defender-endpoint/investigate-domain). ## June 2023 You can also get product updates and important notifications through the [messag ## May 2023 - (GA) [Alert tuning](investigate-alerts.md#tune-an-alert) is now generally available. Alert tuning lets you fine-tune alerts to reduce investigation time and focus on resolving high priority alerts. Alert tuning replaces the Alert suppression feature.+ - (GA) [Automatic attack disruption](automatic-attack-disruption.md) is now generally available. This capability automatically disrupts human-operated ransomware (HumOR), business email compromise (BEC), and adversary-in-the-middle (AiTM) attacks.+ - (Preview) [Custom functions](advanced-hunting-custom-functions.md) are now available in advanced hunting. You can now create your own custom functions so you can reuse any query logic when you hunt in your environment. ## April 2023 - (GA) The [unified Assets tab in the Incidents page](investigate-incidents.md) is now generally available.+ - Microsoft is using a new weather-based naming taxonomy for threat actors. This new naming schema will provide more clarity and will be easier to reference. [Learn more about the new naming taxonomy](/microsoft-365/security/intelligence/microsoft-threat-actor-naming). ## March 2023 You can also get product updates and important notifications through the [messag - (Preview) Microsoft Defender Threat Intelligence (Defender TI) is now available in the Microsoft Defender portal. This change introduces a new navigation menu within the Microsoft Defender portal named **Threat Intelligence**. [Learn more](defender-threat-intelligence.md)+ - (Preview) Complete device reports for the [`DeviceInfo` table](advanced-hunting-deviceinfo-table.md) in advanced hunting are now sent *every hour* (instead of the previous daily cadence). In addition, complete device reports are also sent whenever there is a change to any previous report. New columns were also added to the `DeviceInfo` table, along with several improvements to existing data in `DeviceInfo` and [DeviceNetworkInfo](advanced-hunting-devicenetworkinfo-table.md) tables.+ - (Preview) Near real-time custom detection is now available for public preview in advanced hunting custom detections. There is a new [Continuous (NRT)](custom-detection-rules.md) frequency, which checks data from events as they are collected and processed in near real-time.+ - (Preview) [Behaviors in Microsoft Defender for Cloud Apps](/defender-cloud-apps/behaviors) is now available for public preview. Preview customers can now also hunt for behaviors in advanced hunting using the [BehaviorEntities](advanced-hunting-behaviorentities-table.md) and [BehaviorInfo](advanced-hunting-behaviorinfo-table.md) tables. ## February 2023 - (GA) The [query resources report in advanced hunting](advanced-hunting-limits.md#view-query-resources-report-to-find-inefficient-queries) is now generally available.+ - (Preview) The [automatic attack disruption](automatic-attack-disruption.md) capability now disrupts business email compromise (BEC). ## January 2023 This change introduces a new navigation menu within the Microsoft Defender porta ## November 2022 - (Preview) Microsoft Defender Experts for XDR (Defender Experts for XDR) is now available for preview. Defender Experts for XDR is a managed detection and response service that helps your security operations centers (SOCs) focus and accurately respond to incidents that matter. It provides extended detection and response for customers who use Microsoft Defender XDR workloads: Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, Microsoft Defender for Cloud Apps, and Azure Active Directory (Azure AD). For details, refer to [Expanded Microsoft Defender Experts for XDR preview](dex-xdr-overview.md).+ - (Preview) The query resource report is now available in advanced hunting. The report shows your organization's consumption of CPU resources for hunting based on queries that ran in the last 30 days using any of the hunting interfaces. See [View query resources report](advanced-hunting-limits.md#view-query-resources-report-to-find-inefficient-queries) to find inefficient queries. ## October 2022 This change introduces a new navigation menu within the Microsoft Defender porta ## August 2022 - (GA) [Microsoft Defender Experts for Hunting](defender-experts-for-hunting.md) is now generally available. If you're a Microsoft Defender XDR customer with a robust security operations center but want Microsoft to help you proactively hunt for threats across endpoints, Office 365, cloud applications, and identity using Microsoft Defender data, then learn more about applying, setting up, and using the service. Defender Experts for Hunting is sold separately from other Microsoft Defender XDR products.+ - (Preview) [Guided mode](advanced-hunting-modes.md#get-started-with-guided-hunting-mode) is now available for public preview in advanced hunting. Analysts can now start querying their database for endpoint, identities, email & collaboration, and cloud apps data *without knowing Kusto Query Language (KQL)*. Guided mode features a friendly, easy-to-use, building-block style of constructing queries through dropdown menus containing available filters and conditions. See [Get started with query builder](advanced-hunting-query-builder.md). ## July 2022 The security operations team can view all actions pending approval, and the stip ## April 2022 - (Preview) [Actions](advanced-hunting-take-action.md) can now be taken on email messages straight from hunting query results. Emails can be moved to other folders or deleted permanently. + - (Preview) The new [`UrlClickEvents` table](advanced-hunting-urlclickevents-table.md) in advanced hunting can be used to hunt for threats like phishing campaigns and suspicious links based on information coming from Safe Links clicks in email messages, Microsoft Teams, and Office 365 apps. ## March 2022 The security operations team can view all actions pending approval, and the stip ## November 2021 - (Preview) The application governance add-on feature to Defender for Cloud Apps is now available in Microsoft Defender XDR. App governance provides a security and policy management capability designed for OAuth-enabled apps that access Microsoft 365 data through Microsoft Graph APIs. App governance delivers full visibility, remediation, and governance into how these apps and their users access, use, and share your sensitive data stored in Microsoft 365 through actionable insights and automated policy alerts and actions. [Learn more about application governance](/cloud-app-security/app-governance-manage-app-governance).+ - (Preview) The [advanced hunting](advanced-hunting-overview.md) page now has multitab support, smart scrolling, streamlined schema tabs, quick edit options for queries, a query resource usage indicator, and other improvements to make querying smoother and easier to fine-tune.+ - (Preview) You can now use the [link to incident](advanced-hunting-link-to-incident.md) feature to include events or records from the advanced hunting query results right into a new or existing incident that you are investigating. ## October 2021 The security operations team can view all actions pending approval, and the stip ## September 2021 - (GA) Microsoft Defender for Office 365 event data is available in the Microsoft Defender XDR event streaming API. You can see the availability and status of event types in the [Supported Microsoft Defender XDR event types in streaming API](supported-event-types.md).+ - (GA) Microsoft Defender for Office 365 data available in advanced hunting is now generally available.+ - (GA) Assign incidents and alerts to user accounts You can assign an incident, and all the alerts associated with it, to a user account from **Assign to:** on the **Manage incident** pane of an incident or the **Manage alert** pane of an alert. |
| security | Defender For Office 365 Whats New | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/defender-for-office-365-whats-new.md | f1.keywords: NOCSH ms.localizationpriority: medium Previously updated : 1/2/2024 Last updated : 01/22/2024 audience: ITPro For more information on what's new with other Microsoft Defender security produc - [What's new in Microsoft Defender for Identity](/defender-for-identity/whats-new) - [What's new in Microsoft Defender for Cloud Apps](/cloud-app-security/release-notes) + ## December 2023 - **Microsoft Defender XDR Unified RBAC is now generally available**: Defender XDR Unified RBAC supports all Defender for Office 365 scenarios that were previously controlled by [Email & collaboration permissions](mdo-portal-permissions.md) and [Exchange Online permissions](/exchange/permissions-exo/permissions-exo). To learn more about the supported workloads and data resources, see [Microsoft Defender XDR Unified role-based access control (RBAC)](/microsoft-365/security/defender/manage-rbac). |
| security | Email Authentication Arc Configure | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/email-authentication-arc-configure.md | dkim=[1,1,header.d=sampledoamin.onmicrosoft.com] dmarc=[1,1,header.from=sampledoamin.onmicrosoft.com]) ``` -To check whether the ARC result was used to override a DMARC failure, look for `compauth=pass` and `reason=130` in the last **ARC-Authentication-Results** header. For example: +To check whether the ARC result was used to override a DMARC failure, look for `compauth=pass` and `reason=130` in the last **Authentication-Results** header. For example: ```text |
| syntex | Syntex Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/syntex-overview.md | Both structured and freeform models use Microsoft Power Apps AI Builder to creat [Learn more about taxonomy tagging in Microsoft Syntex.](taxonomy-tagging-overview.md) -### Dpcument translation +### Document translation :::row::: :::column span="3"::: Both structured and freeform models use Microsoft Power Apps AI Builder to creat [Learn more about translation in Microsoft Syntex.](translation-overview.md) -### Syntex eSignature +### SharePoint eSignature :::row::: :::column span="":::  :::column-end::: :::column span="3":::- Send electronic requests using Syntex eSignature, keeping your content in Microsoft 365 while itΓÇÖs being reviewed and signed. Use Syntex eSignature to quickly and securely send documents for signature to people both inside and outside of your organization. + Send electronic requests using SharePoint eSignature, keeping your content in Microsoft 365 while itΓÇÖs being reviewed and signed. Use eSignature to quickly and securely send documents for signature to people both inside and outside of your organization. :::column-end::: :::row-end::: -[Learn more about using Microsoft Syntex eSignature.](esignature-overview.md) +[Learn more about using SharePoint eSignature.](esignature-overview.md) ### Optical character recognition |