-description: "Learn how to manage Microsoft Copilot for Microsoft 365 access to public web content for your organization."

-# Manage access to public web content in Microsoft Copilot for Microsoft 365 responses

-## Choose whether Microsoft Copilot for Microsoft 365 can access public web content

-Microsoft Copilot for Microsoft 365 chat experiences in Bing, Microsoft Edge, and the Microsoft Teams app has a feature that allows Copilot to reference public web content when responding to user prompts. Allowing Microsoft Copilot for Microsoft 365 to reference web content enhances the end user experience and productivity with Copilot. The feature is automatically turned on when you first start using Copilot. You can turn off this feature by following these steps:

-4. Unselect the checkbox for Allow Copilot to reference public web content.

-4. Unselect the checkbox for **Allow Copilot to reference public web content**.

-> This method is the only way to turn off the ability of Microsoft Copilot for Microsoft 365 chat experiences to access public web content. The privacy controls for optional connected experiences available with Microsoft 365 Apps canΓÇÖt be used.

-There's a separate toggle for end users to enable and disable web access for Microsoft 365 Chat, and it can be found in the Plugins menu of Microsoft 365 Chat. This toggle is initially off by default, and users will have to enable it to receive this experience.

-Emails sent out to users as they interact with each other and across various products within Microsoft 365 are designed to provide insights and information about their organization. These emails are typically sent out between users based on those interactions, which means that they are often sent from the userΓÇÖs email address. Those emails will remain unchanged and will continue to work as they do today.

->[!Note]

->[Learn how to create user accounts](../admin/add-users/add-users.md) by using the Microsoft 365 admin center.

->

->

->[!Note]

->PowerShell Core doesn't support the Microsoft Azure Active Directory module for Windows PowerShell module and cmdlets that have *Msol* in their name. Run these cmdlets from Windows PowerShell.

->

- >[!NOTE]

- >The column names and their order in the first row of the CSV file are arbitrary. But make sure the order of the data in the rest of the file matches the order of the column names. And use the column names for the parameter values in the PowerShell for Microsoft 365 command.

-

-

-

-

-

-

-

-

-

-

-

-

-

-

-

-

-1. Sign in to the [Microsoft 365 admin center](https://admin.microsoft.com) with a global administrator account.

-

-

-3. On the card, choose **Sync errors** under **Microsoft Entra Connect** to see the errors on the **Directory sync errors** page.

-

-

->[!Note]

->Upgrade to the latest version of Microsoft Entra Connect to ensure the best possible experience and new features as they are released. For more information, see [Custom installation of Microsoft Entra Connect](/azure/active-directory/connect/active-directory-aadconnect-get-started-custom).

-description: In this article, learn how to use PowerShell for Microsoft 365 to manage SharePoint Online users, groups, and sites.

-# Manage SharePoint Online users and groups with PowerShell

-If you're a SharePoint Online administrator who works with large lists of user accounts or groups and wants an easier way to manage them, you can use PowerShell for Microsoft 365.

-Before you begin, the procedures in this article require you to connect to SharePoint Online. For instructions, see [Connect to SharePoint Online PowerShell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online)

-You use the `Set-SPOUser` cmdlet to add a user to the list of Site Collection Administrators on a site collection.

-You can copy and paste these commands into Notepad, change the variable values for $tenant, $site, and $user to actual values from your environment, and then paste this into your SharePoint Online Management Shell window to run them.

-However by using the SharePoint Online Management Shell and CSV files, this is fast and easy. In this task, you'll use Windows PowerShell to remove a user from a site collection security group. Then you'll use a CSV file and remove lots of users from different sites.

-This report is fairly simple, and you can add more code to create more specific reports or reports that include more detailed information. But this should give you an idea of how to use the SharePoint Online Management Shell to manage users in the SharePoint Online environment.

-[Connect to SharePoint Online PowerShell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online)

-[Manage SharePoint Online with PowerShell](create-sharepoint-sites-and-add-users-with-powershell.md)

-In this article, you will learn about the goals of Microsoft 365 networking, and why Microsoft 365 networking requires a different approach to optimization than generic Internet traffic.

-Traditional network architecture principles for client/server workloads are designed around the assumption that traffic between clients and endpoints does not extend outside the corporate network perimeter. Also, in many enterprise networks, all outbound Internet connections traverse the corporate network, and egress from a central location.

-In traditional network architectures, higher latency for generic Internet traffic is a necessary tradeoff in order to maintain network perimeter security, and performance optimization for Internet traffic typically involves upgrading or scaling out the equipment at network egress points. However, this approach does not address the requirements for optimum network performance of SaaS services such as Microsoft 365.

-Microsoft 365 is designed for optimal performance using endpoint security and encrypted network connections, reducing the need for perimeter security enforcement. Microsoft 365 datacenters are located across the world and the service is designed to use various methods for connecting clients to best available service endpoints. Since user data and processing are distributed between many Microsoft datacenters, there is no single network endpoint to which client machines can connect. In fact, data and services in your Microsoft 365 tenant are dynamically optimized by the Microsoft Global Network to adapt to the geographic locations from which they are accessed by end users.

-description: "Use the Page Diagnostics for SharePoint tool to analyze SharePoint Online modern portal and classic publishing pages against a pre-defined set of performance criteria."

-This article describes how to use the **Page Diagnostics for SharePoint tool** to analyze SharePoint Online modern and classic site pages against a pre-defined set of performance criteria.

->[!TIP]

->Version **2.0.0** and later includes support for modern pages in addition to classic site pages. If you are unsure which version of the tool you are using, you can select the **About** link or the ellipses (...) to verify your version. **Always update to the latest version** when using the tool.

-The Page Diagnostics for SharePoint tool is a browser extension for the new Microsoft Edge (https://www.microsoft.com/edge) and Chrome browsers that analyzes both SharePoint Online modern portal and classic publishing site pages.

-The tool generates a report for each analyzed page showing how the page performs against a pre-defined set of rules and displays detailed information when results for a test fall outside the baseline value. SharePoint Online administrators and designers can use the tool to troubleshoot performance issues and to ensure that new pages are optimized prior to publishing.

-The Page Diagnostics tool is designed to analyze SharePoint site pages only, not system pages such as *allitems.aspx* or *sharepoint.aspx*. If you attempt to run the tool on a system page or any other non-site page, you'll receive an error message advising that the tool canΓÇÖt be run for that type of page.

-This isn't an error in the tool as there's no value in assessing libraries or system pages. Please navigate to a SharePoint site page to use the tool. If this error occurs on a SharePoint page, please check the master page to ensure that the SharePoint metatags haven't been removed.

-The installation procedure in this section will work for both the Chrome and Microsoft Edge browsers.

-1. Install the Page Diagnostics for SharePoint tool for **Microsoft Edge** [(Edge extension)](https://microsoftedge.microsoft.com/addons/detail/ocemkolpnamjcacndljdfmhlpcaoipji) or **Chrome** [(Chrome extension)](https://chrome.google.com/webstore/detail/inahogkhlkbkjkkaleonemeijihmfagi). Please review the User Privacy Policy provided on the description page in the store. When adding the tool to your browser, you'll see the following permissions notice.

- The _Manage your downloads_ permission covers use of the tool's **Export to JSON** functionality. Please follow your company's own privacy guidelines before sharing the JSON file outside of your organization, as the results contain URLs and that can be classified as PII (Personally Identifiable Information).

-When you analyze a SharePoint modern portal page or classic publishing site page with the Page Diagnostics for SharePoint tool, results are analyzed using pre-defined rules that compare results against baseline values and displayed in the **Diagnostic tests** tab. Rules for certain tests may use different baseline values for modern portal and classic publishing sites depending on how specific performance characteristics differ between the two.

- - Green: \< 500ms

- - Yellow: 500-1000ms

- - Red: \> 1000ms

- In the image shown above, the red item pertains to the default page. It will always show red unless the page loads in \< 1000ms (less than 1 second).

-3. **Share relevant details with others who can help investigate issues**. To share the details or information provided in the tool with your developers or a technical support person, using the **Enable exporting to HTTP Archive (HAR)** is the recommended approach.

-That should be enabled prior to clicking Start, which will then enable debug mode in your browser. It will generate an HTTP Archive file (HAR) which can then be accessed through the "Network Trace" tab. Click the "Export to HAR" and it will download the file to your computer and you can then share it accordingly. The file can be opened in various debug tools, like F12 Developer Tools and Fiddler.

-No change is visible except that you will be notified that you have enabled it and your page performance will be significantly degraded by 2-3 times slower performance whilst enabled. It will only be relevant for the particular page and that active session. For this reason, this should be used sparingly and only when actively engaged with support.

-## Related topics

-keywords: investigate, incident, alerts, metadata, risk, detection source, affected devices, patterns, correlation

-search.product: eADQiWindows 10XVcnh

-ms.sitesec: library

-ms.pagetype: security

-New-SecOpsOverrideRule -Name SecOpsOverrideRule -Policy SecOpsOverridePolicy

-Regardless of the Name value you specify, the rule name is _SecOpsOverrideRule_\<GUID\> where \<GUID\> is a unique GUID value (for example, 6fed4b63-3563-495d-a481-b24a311f8329).

-For detailed syntax and parameter information, see [New-SecOpsOverrideRule](/powershell/module/exchange/new-secopsoverriderule).

-Get-SecOpsOverrideRule

-Although the previous command should return only one rule, any rules that are pending deletion might also be included in the results.

-Get-SecOpsOverrideRule | Format-Table Name,Mode

-After you identify the invalid rules, you can remove them by using the **Remove-SecOpsOverrideRule** cmdlet as described [later in this article](#use-powershell-to-remove-secops-override-rules).

-For detailed syntax and parameter information, see [Get-SecOpsOverrideRule](/powershell/module/exchange/get-secopsoverriderule).

-The **Set-SecOpsOverrideRule** cmdlet doesn't modify the email addresses in the SecOps override rule. To modify the email addresses in the SecOps override rule, use the **Set-SecOpsOverridePolicy** cmdlet.

-For detailed syntax and parameter information, see [Set-SecOpsOverrideRule](/powershell/module/exchange/set-secopsoverriderule).

-In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), use the following syntax:

-```powershell

-Remove-SecOpsOverrideRule -Identity <RuleIdentity>

-```

-This example removes the specified SecOps override rule.

-```powershell

-Remove-SecOpsOverrideRule -Identity SecOpsOverrideRule6fed4b63-3563-495d-a481-b24a311f8329

-```

-For detailed syntax and parameter information, see [Remove-SecOpsOverrideRule](/powershell/module/exchange/remove-secopsoverriderule).

-In [Security & Compliance PowerShell](/powershell/exchange/connect-to-scc-powershell), this example creates the phishing simulation override policy.

-In [Security & Compliance PowerShell](/powershell/exchange/connect-to-scc-powershell), use the following syntax:

-New-PhishSimOverrideRule -Name PhishSimOverrideRule -Policy PhishSimOverridePolicy -Domains <Domain1>,<Domain2>,...<Domain10> -SenderIpRanges <IPAddressEntry1>,<IPAddressEntry2>,...<IPAddressEntry10>

-Regardless of the Name value you specify, the rule name is _PhishSimOverrideRule_\<GUID\> where \<GUID\> is a unique GUID value (for example, a0eae53e-d755-4a42-9320-b9c6b55c5011).

-New-PhishSimOverrideRule -Name PhishSimOverrideRule -Policy PhishSimOverridePolicy -Domains fabrikam.com,wingtiptoys.com -SenderIpRanges 192.168.1.55

-For detailed syntax and parameter information, see [New-PhishSimOverrideRule](/powershell/module/exchange/new-phishsimoverriderule).

-In [Security & Compliance PowerShell](/powershell/exchange/connect-to-scc-powershell), this example returns detailed information about the one and only phishing simulation override policy.

-In [Security & Compliance PowerShell](/powershell/exchange/connect-to-scc-powershell), this example returns detailed information about phishing simulation override rules.

-Get-PhishSimOverrideRule

-Get-PhishSimOverrideRule | Format-Table Name,Mode

-After you identify the invalid rules, you can remove them by using the **Remove-PhishSimOverrideRule** cmdlet as described [later in this article](#use-powershell-to-remove-phishing-simulation-override-rules).

-For detailed syntax and parameter information, see [Get-PhishSimOverrideRule](/powershell/module/exchange/get-phishsimoverriderule).

-In [Security & Compliance PowerShell](/powershell/exchange/connect-to-scc-powershell), use the following syntax:

-In [Security & Compliance PowerShell](/powershell/exchange/connect-to-scc-powershell), use the following syntax:

-Set-PhishSimOverrideRule -Identity PhishSimOverrideRulea0eae53e-d755-4a42-9320-b9c6b55c5011 [-Comment "<DescriptiveText>"] [-AddSenderDomainIs <DomainEntry1>,<DomainEntry2>,...<DomainEntryN>] [-RemoveSenderDomainIs <DomainEntry1>,<DomainEntry2>,...<DomainEntryN>] [-AddSenderIpRanges <IPAddressEntry1>,<IPAddressEntry2>,...<IPAddressEntryN>] [-RemoveSenderIpRanges <IPAddressEntry1>,<IPAddressEntry2>,...<IPAddressEntryN>]

-This example modifies the specified phishing simulation override rule with the following settings:

-These changes don't affect existing entries.

-Set-PhishSimOverrideRule -Identity PhishSimOverrideRulea0eae53e-d755-4a42-9320-b9c6b55c5011 -AddSenderDomainIs blueyonderairlines.com -RemoveSenderIpRanges 192.168.1.55

-For detailed syntax and parameter information, see [Set-PhishSimOverrideRule](/powershell/module/exchange/set-phishsimoverriderule).

-Set-TenantAllowBlockListItems <-Entries "<URL1>","<URL2>",..."<URLN>" | -Ids <Identity>> -ListType URL -ListSubType AdvancedDelivery <[-NoExpiration] | [-ExpirationDate <DateTime>]> [-Notes <String>]

-In [Security & Compliance PowerShell](/powershell/exchange/connect-to-scc-powershell), this example removes the phishing simulation override policy and the corresponding rule.

-In [Security & Compliance PowerShell](/powershell/exchange/connect-to-scc-powershell), use the following syntax:

-```powershell

-Remove-PhishSimOverrideRule -Identity <RuleIdentity>

-```

-This example removes the specified phishing simulation override rule.

-```powershell

-Remove-PhishSimOverrideRule -Identity PhishSimOverrideRulea0eae53e-d755-4a42-9320-b9c6b55c5011

-```

-For detailed syntax and parameter information, see [Remove-PhishSimOverrideRule](/powershell/module/exchange/remove-phishsimoverriderule).

-Remove-TenantAllowBlockListItems <-Entries "<URL1>","<URL2>",..."<URLN>" | -Ids <Identity>> -ListType URL -ListSubType AdvancedDelivery

-1. In the Microsoft Defender portal at <https://security.microsoft.com>, go to **Email & collaboration** \> **Policies & rules** \> **Threat policies** \> **Anti-spam** in the **Policies** section. Or, to go directly to the **Ant-spam policies** page, use <https://security.microsoft.com/antispam>.

-The **Post-delivery activities** report shows information about email messages that removed from user mailboxes after delivery by zero-hour auto purge (ZAP). For more information about ZAP, see [Zero-hour auto purge (ZAP) in Exchange Online](zero-hour-auto-purge.md).

-The report shows real-time information, with updated threat information.

-On the **Email & collaboration reports** page at <https://security.microsoft.com/emailandcollabreport>, find **Post-delivery activities**, and then select **View details**. Or, to go directly to the report, use <https://security.microsoft.com/reports/ZapReport>.

-On the **Post-delivery activities** page, the chart shows the following information for the specified date range:

-The details table below the graph shows the following information:

- To see all columns, you likely need to do one or more of the following steps:

- - Horizontally scroll in your web browser.

- - Narrow the width of appropriate columns.

- - Zoom out in your web browser.

-Select :::image type="icon" source="../../media/m365-cc-sc-filter-icon.png" border="false"::: **Filter** to modify the report and the details table by selecting one or more of the following values in the flyout that opens:

- - **No threat**

- - **Spam**

- - **Phishing**

- - **Malware**

-When you're finished configuring the filters, select **Apply**, **Cancel**, or :::image type="icon" source="../../media/m365-cc-sc-clear-filters-icon.png" border="false"::: **Clear filters**.

-On the **Post delivery activities** page, the :::image type="icon" source="../../media/m365-cc-sc-create-icon.png" border="false"::: **[Create schedule](#schedule-recurring-reports)** and :::image type="icon" source="../../media/m365-cc-sc-download-icon.png" border="false"::: **[Export](#export-report-data)** actions are available.

- > Safe Links does not work on mail-enabled public folders.

-4. In the **Submit to Microsoft for analysis** flyout that opens, enter the following information:

- - **Choose a recipient who had an issue**: Specify the recipients to run a policy check against. The policy check determines if the email bypassed scanning due to user or organization policies or override.

- - **Select a reason for submitting to Microsoft**: Verify **Should have been blocked (False negative)** is selected.

- - **The email should have been categorized as**: Select **Phish**, **Malware**, or **Spam**. If you're not sure, use your best judgment.

- - **Block all emails from this sender or domain**: Select this option to create a block entry for the sender domain or email address in the Tenant Allow/Block List. For more information about the Tenant Allow/Block List, see [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md).

- After you select this option, the following settings are available:

- - By default, **Sender** is selected but you can select **Domain** instead.

- - **Remove block entry after**: The default value is **30 days**, but you can select from the following values:

- - **1 day**

- - **7 days**

- - **30 days**

- - **90 days**

- - **Never expire**

- - **Specific date**: The maximum value is 90 days from today.

- - **Block entry note**: Enter optional information about why you're blocking this email.

- When you're finished in the **Submit to Microsoft for analysis** flyout, select **Submit**, and then select **Done**.

-4. On the **Submit to Microsoft for analysis** flyout that opens, enter the following information:

- - **Select a reason for submitting to Microsoft**: Verify **Should have been blocked (False negative)** is selected.

- - **The email should have been categorized as**: Select **Phish** or **Malware**. If you're not sure, use your best judgment.

- - **Block this file**: Select this option to create a block entry for the file in the Tenant Allow/Block List. For more information about the Tenant Allow/Block List, see [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md).

- After you select this option, the following settings are available:

- - **Remove block entry after**: The default value is **30 days**, but you can select from the following values:

- - **1 day**

- - **7 days**

- - **30 days**

- - **90 days**

- - **Never expire**

- - **Specific date**: The maximum value is 90 days from today.

- - **Block entry note**: Enter optional information about why you're blocking this file.

- When you're finished in the **Submit to Microsoft for analysis** flyout, select **Submit**, and then select **Done**.

- - **Select a reason for submitting to Microsoft**: Verify **Should have been blocked (False negative)** is selected.

- - **The email should have been categorized as**: Select **Phish** or **Malware**. If you're not sure, use your best judgment.

- - **Block this URL**: Select this option to create a block entry for the URL in the Tenant Allow/Block List. For more information about the Tenant Allow/Block List, see [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md).

- After you select this option, the following settings are available:

- - **Remove block entry after**: The default value is **30 days**, but you can select from the following values:

- - **1 day**

- - **7 days**

- - **30 days**

- - **90 days**

- - **Never expire**

- - **Specific date**: The maximum value is 90 days from today.

- - **Block entry note**: Enter optional information about why you're blocking this URL.

- When you're finished in the **Submit to Microsoft for analysis** flyout, select **Submit**, and then select **Done**.

-4. In the **Submit to Microsoft for analysis** flyout that opens, enter the following information:

- - **Choose a recipient who had an issue**: Specify the recipients to run a policy check against. The policy check determines if the email was blocked due to user or organization policies or overrides.

- - **Select a reason for submitting to Microsoft**: Select **Should not have been blocked (False positive)**, and then configure the following settings:

- - **Allow emails with similar attributes (URL, sender, etc.)**: Turn on this setting :::image type="icon" source="../../media/scc-toggle-on.png" border="false":::.

- - **Remove allow entry after**: The default value is **30 days**, but you can select from the following values:

- - **1 day**

- - **7 days**

- - **30 days**

- - **Specific date**: The maximum value is 30 days from today.

- For spoofed senders, this value is meaningless, because entries for spoofed senders never expire.

- - **Allow entry note**: Enter optional information about why you're allowing and submitting this email message.

- For spoofed senders, any value you enter here isn't shown in the allow entry on the **Spoofed senders** tab on the **Tenant Allow/Block Lists** page.

- When you're finished in the **Submit to Microsoft for analysis** flyout, select **Submit**, and then select **Done**.

- :::image type="content" source="../../media/admin-submission-email-allow.png" alt-text="Submit a false positive (good) email to Microsoft for analysis on the Submissions page in the Defender portal." lightbox="../../media/admin-submission-email-allow.png":::

- - **Select a reason for submitting to Microsoft**: Select **Should not have been blocked (False positive)**, and then configure the following settings:

- - **Allow this file**: Turn on this setting :::image type="icon" source="../../media/scc-toggle-on.png" border="false":::.

- - **Remove allow entry after**: The default value is **30 days**, but you can select from the following values:

- - **1 day**

- - **7 days**

- - **30 days**

- - **Specific date**: The maximum value is 30 days from today.

- - **Allow entry note**: Enter optional information about why you're allowing and submitting this file.

- When you're finished in the **Submit to Microsoft for analysis** flyout, select **Submit**, and then select **Done**.

- :::image type="content" source="../../media/admin-submission-file-allow.png" alt-text="Submit a false positive (good) email attachment to Microsoft for analysis on the Submissions page in the Defender portal." lightbox="../../media/admin-submission-file-allow.png":::

- - **Select a reason for submitting to Microsoft**: Select **Should not have been blocked (False positive)**, and then configure the following settings:

- - **Allow this URL**: Turn on this setting :::image type="icon" source="../../media/scc-toggle-on.png" border="false":::.

- - **Remove allow entry after**: The default value is **30 days**, but you can select from the following values:

- - **1 day**

- - **7 days**

- - **30 days**

- - **Specific date**: The maximum value is 30 days from today.

- - **Allow entry note**: Enter optional information about why you're allowing and submitting this URL.

- When you're finished in the **Submit to Microsoft for analysis** flyout, select **Submit**, and then select **Done**.

- :::image type="content" source="../../media/admin-submission-url-allow.png" alt-text="Submit a false positive (good) URL to Microsoft for analysis on the Submissions page in the Defender portal." lightbox="../../media/admin-submission-url-allow.png":::

- - **Spam**.

- - **Spam**

-In the **Submit to Microsoft for analysis** dropdown list, select one of the following values:

- - **Report clean**: In the dialog that opens, review or configure the following settings:

- **Allow email with similar attributes (URL, sender, etc.)**: Select this option to add corresponding allow entries in Tenant Allow/Block List. The following settings are available:

- - **Allow entry note**: Enter optional information about why you're blocking this email.

- When you're finished in the **Submit message as clean to Microsoft** dialog, select **Submit**.

- - **Report phishing**, **Report malware** or **Report spam**: These selections have the same options in the dialog that opens:

- **Block all email from this sender or domain**: Select this option to add a sender or domain block entry in Tenant Allow/Block List. The following settings are available:

- - Select **Sender** or **Domain**.

- - **Remove allow entry after**: The default value is **30 days**, but you can select from the following values:

- - **1 day**

- - **7 days**

- - **30 days**

- - **Specific date**: The maximum value is 30 days from today.

- When you're finished in the dialog, select **Submit**.

- - **Trigger investigation**: Defender for Office 365 Plan 2 only. For more information, see [Trigger an investigation](air-about-office.md#example-a-security-administrator-triggers-an-investigation-from-threat-explorer).

- - **Report clean**

- - **Report phishing**

- - **Report malware**