Updates from: 01/25/2024 04:34:06
Category Microsoft Docs article Related commit history on GitHub Change details
manage-public-web-access Manage Public Web Access https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/copilot/manage-public-web-access.md
Title: Manage access to public web content in Microsoft Copilot for Microsoft 365 responses
+ Title: Manage access to web content in Microsoft Copilot for Microsoft 365 responses
f1.keywords: - NOCSH
- Adm_O365 - Adm_TOC - m365copilot
-description: "Learn how to manage Microsoft Copilot for Microsoft 365 access to public web content for your organization."
+description: "Learn how to manage Microsoft Copilot for Microsoft 365 access to web content for your organization."
-# Manage access to public web content in Microsoft Copilot for Microsoft 365 responses
+# Manage access to web content in Microsoft Copilot for Microsoft 365 responses
Microsoft Copilot for Microsoft 365 combines the power of large language models (LLMs) with your organization’s data – all in the flow of work – to turn your words into one of the most powerful productivity tools on the planet. Copilot can provide summaries of chats, messages, and meetings, answer business questions, and generate content. For more information, see [How Microsoft Copilot for Microsoft 365 works](https://www.youtube.com/watch?v=B2-8wrF9Okc).
As your organizationΓÇÖs Microsoft 365 admin, you can turn off CopilotΓÇÖs abili
- You must be a global admin or search admin to complete the task in this article. For more information, see [About admin roles in the Microsoft 365 admin center](/microsoft-365/admin/add-users/about-admin-roles).
-## Choose whether Microsoft Copilot for Microsoft 365 can access public web content
+## Choose whether Microsoft Copilot for Microsoft 365 can access web content
-Microsoft Copilot for Microsoft 365 chat experiences in Bing, Microsoft Edge, and the Microsoft Teams app has a feature that allows Copilot to reference public web content when responding to user prompts. Allowing Microsoft Copilot for Microsoft 365 to reference web content enhances the end user experience and productivity with Copilot. The feature is automatically turned on when you first start using Copilot. You can turn off this feature by following these steps:
+Microsoft Copilot for Microsoft 365 chat experiences in Bing, Microsoft Edge, and the Microsoft Teams app has a feature that allows Copilot to reference web content when responding to user prompts. Allowing Copilot for Microsoft 365 to reference web content enhances the end user experience and productivity with Copilot. The feature is automatically turned on when you first start using Copilot. You can turn off this feature by following these steps:
For Search admins and Global admins:
For Search admins and Global admins:
3. Select Change.
-4. Unselect the checkbox for Allow Copilot to reference public web content.
+4. Unselect the checkbox for Allow Copilot to reference web content.
5. Select Save. For Global admins only: 1. In the admin center, go to **Settings** > **Org settings**. 2. On the Copilot page, select **Public Web Content in Microsoft Copilot for Microsoft 365**. 3. Select **Change**.
-4. Unselect the checkbox for **Allow Copilot to reference public web content**.
+4. Unselect the checkbox for **Allow Copilot to reference web content**.
5. Select **Save**. All admin setting updates may take up to 24 hours to reflect any changes. >[!NOTE]
-> This method is the only way to turn off the ability of Microsoft Copilot for Microsoft 365 chat experiences to access public web content. The privacy controls for optional connected experiences available with Microsoft 365 Apps canΓÇÖt be used.
+> This method is the only way to turn off the ability of Copilot for Microsoft 365 chat experiences to access web content. The privacy controls for optional connected experiences available with Microsoft 365 Apps canΓÇÖt be used.
## End user action required
-There's a separate toggle for end users to enable and disable web access for Microsoft 365 Chat, and it can be found in the Plugins menu of Microsoft 365 Chat. This toggle is initially off by default, and users will have to enable it to receive this experience.
+There's a separate toggle for end users to enable and disable web access for Microsoft Copilot, and it can be found in the Plugins menu for Copilot. This toggle is initially off by default, and users will have to enable it to receive this experience.
If you turn off web access from the admin center, this control is disabled. However, if you enable web access, your users must enable the toggle in their settings as well to allow web access.
microsoft-365-copilot-overview Microsoft 365 Copilot Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/copilot/microsoft-365-copilot-overview.md
Microsoft 365 apps (such as Word, Excel, PowerPoint, Outlook, Teams, loop, and m
| Teams | Chat | Users can invoke Copilot in any chat. Copilot can summarize up to 30 days of the chat content prior to the last message in a given chat. Copilot uses only the single chat thread as source content for responses and can't reference other chats or data types (for example, meeting transcripts, emails, and files). Users can interact with Copilot by selecting pre-written prompts or writing their own questions. Responses include clickable citations that direct users to the relevant source content that was used. Conversations with Copilot take place in a side panel that allows users to copy and paste. Copilot conversations will disappear after the side panel is closed. | | | Meetings | Users can invoke Copilot in meetings or calls within the same tenant. Copilot will use the transcript in real-time to answer questions from the user. It only uses the transcript and knows the name of the user typing the question. The user can type any question or use pre-determined prompts; however, Copilot will only answer questions related to the meeting conversation from the transcript. The user can copy/paste an answer and access Copilot after the meeting ends on the Recap page. | | | Copilot | Allows users to access data across their Microsoft 365 Graph and leverage LLM functionality. Copilot can be accessed in Teams and when signed-in to Bing with an active directory account. |
+| | Calls | Copilot in Teams Phone uses the power of AI to empower you to work more flexibly and intelligently, automating important administrative tasks of a call, such as capturing key points, task owners, and next steps, so you can stay focused on the discussion. Copilot in Teams Phone supports both voice over Internet Protocol (VoIP) and public switched telephone network (PSTN) calls. |
| | Whiteboard | Makes meetings and brainstorm sessions more creative and effective. Use natural language to ask Copilot to generate ideas, organize ideas into themes, create designs that bring ideas to life and summarize whiteboard content. | | OneNote | Draft with Copilot | Use prompts to draft plans, generate ideas, create lists, and organize information to help you easily find what you need. |
admin Ai Assistance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/adoption/ai-assistance.md
Each insight captures the number of Copilot-enabled users in your organization p
- **Summarize a Teams conversation**: This represents the number of users who summarize Teams conversations using Copilot in Microsoft Teams. - **Summarize an email thread:** This represents the number of users who summarize email threads using Copilot in Outlook. - **Summarize a Word document:** This represents the number of users who summarize Word documents using Copilot in Microsoft Word.-- **Summarize a presentation:** This represents the number of users who summarize a presentation using Copilot in Microsoft PowerPoint. ### Create
admin Select Domain To Use For Email From Microsoft 365 Products https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/select-domain-to-use-for-email-from-microsoft-365-products.md
description: "Let Microsoft send notification messages from an email address wit
- [Supported Products](#supported-products) - [Excluded Scenarios](#excluded-scenarios)
-Emails sent out to users as they interact with each other and across various products within Microsoft 365 are designed to provide insights and information about their organization. These emails are typically sent out between users based on those interactions, which means that they are often sent from the userΓÇÖs email address. Those emails will remain unchanged and will continue to work as they do today.
+Emails sent out to users as they interact with each other and across various products within Microsoft 365 are designed to provide insights and information about their organization. These emails are typically sent out between users based on those interactions, which means that they're often sent from the userΓÇÖs email address. Those emails will remain unchanged and will continue to work as they do today.
There are several scenarios where emails are sent from a ΓÇ£no-replyΓÇ¥ system-based product account. For example, batched comments, news, digests, and system notification emails are currently sent from a no-reply product address. These include addresses such no-reply@sharepointonline.com, no-reply@planner.com, no-reply@project.com.
Please note that the following products currently support this feature:
- Planner - Project - Viva Connections
+- Viva Glint
+- Viva Pulse
- Viva Topics - Viva Amplify
+- Teams (Pending production rollout - Updates via Message Center Post MC705761 and Roadmap ID 375694)
> [!NOTE] > The supported products list will be updated as each product migrates to support the setting and no action will be required as these products onboard to the centralized setting.
business-premium M365bp Security Privacy Compliance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-security-privacy-compliance.md
+
+ Title: Security, privacy, and compliance
+description: "Learn about security, privacy, and compliance in Microsoft 365 Business Premium."
+search.appverid: MET150
+++
+audience: Admin
++ Last updated : 1/22/2024
+ms.localizationpriority: medium
+
+f1.keywords: NOCSH
++++
+# Security, privacy, and compliance in Microsoft 365 Business Premium
+
+At Microsoft, we're committed to security, privacy and compliance in Microsoft 365 Business Premium. Admins and compliance professionals can use the information in this article to see the steps we take to keep your organization and data secure.
+
+## Security
+
+Microsoft 365 Business Premium uses the following security best practices and procedures for service-level security:
+
+- Defense in-depth.
+- Customer controls within the service.
+- Security hardening.
+- Operational best practices for Microsoft 365.
+
+For information, see the [Microsoft Trust Center - Security](https://www.microsoft.com/security).
+
+For related configuration information, see the following articles:
+
+- [Configure your security protection in Microsoft 365 Business Premium](m365bp-security-overview.md)
+- [Microsoft 365 for business security best practices](secure-your-business-data.md)
+
+## Privacy
+
+For information about privacy in Microsoft 365 Business Premium, see:
+
+- [Microsoft Trust Center - Data protection and privacy](https://www.microsoft.com/trust-center/privacy).
+- [Privacy at Microsoft](https://privacy.microsoft.com/)
+
+## Compliance
+
+For information about compliance in Microsoft 365 Business Premium, see the [Microsoft Trust Center - Compliance](https://www.microsoft.com/trust-center/compliance/compliance-overview).
+
+For related configuration information, see [Set up information protection capabilities](m365bp-set-up-compliance.md).
+
+## Related resources
+
+- [Small business Zero Trust guidance - Additional threat protection for Microsoft 365 Business Premium](/security/zero-trust/guidance-smb-partner#additional-threat-protection)
+- [Privacy & data management overview](/compliance/assurance/assurance-privacy)
enterprise Create User Accounts With Microsoft 365 Powershell https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/create-user-accounts-with-microsoft-365-powershell.md
Title: "Create Microsoft 365 user accounts with PowerShell"
Previously updated : 08/10/2020 Last updated : 12/29/2023 audience: Admin
search.appverid:
- scotvorg - Ent_O365
+- must-keep
f1.keywords: - CSH
When you create user accounts in PowerShell, certain account properties are alwa
|**Password** <br/> |No <br/> | If you don't specify a password, a random password is assigned to the user account, and the password is visible in the results of the command. If you specify a password, it needs to be 8 to 16 ASCII text characters of the following types: lowercase letters, uppercase letters, numbers, and symbols.<br/> | |**UsageLocation** <br/> |No <br/> |This is a valid ISO 3166-1 alpha-2 country code. For example, *US* for the United States, and *FR* for France. It's important to provide this value, because some Microsoft 365 services aren't available in certain countries/regions. You can't assign a license to a user account unless the account has this value configured. For more information, see [About license restrictions](https://go.microsoft.com/fwlink/p/?LinkId=691730).<br/> |
->[!Note]
->[Learn how to create user accounts](../admin/add-users/add-users.md) by using the Microsoft 365 admin center.
->
+> [!NOTE]
+> Also see [Learn how to create user accounts](../admin/add-users/add-users.md) by using the Microsoft 365 admin center.
+>
> For a list of additional resources, see [Manage users and groups](/admin).
->
## Use the Azure Active Directory PowerShell for Graph module
To create an individual account, use the following syntax:
New-MsolUser -DisplayName <display name> -FirstName <first name> -LastName <last name> -UserPrincipalName <sign-in name> -UsageLocation <ISO 3166-1 alpha-2 country code> -LicenseAssignment <licensing plan name> [-Password <Password>] ```
->[!Note]
->PowerShell Core doesn't support the Microsoft Azure Active Directory module for Windows PowerShell module and cmdlets that have *Msol* in their name. Run these cmdlets from Windows PowerShell.
->
+> [!NOTE]
+> PowerShell Core doesn't support the Microsoft Azure Active Directory module for Windows PowerShell module and cmdlets that have *Msol* in their name. Run these cmdlets from Windows PowerShell.
To list the available [licensing plan names](/azure/active-directory/enterprise-users/licensing-service-plan-reference), use this command:
New-MsolUser -DisplayName "Caleb Sills" -FirstName Caleb -LastName Sills -UserPr
ShawnM@contoso.onmicrosoft.com,Shawn,Melendez,Shawn Melendez,US,contoso:ENTERPRISEPACK ```
- >[!NOTE]
- >The column names and their order in the first row of the CSV file are arbitrary. But make sure the order of the data in the rest of the file matches the order of the column names. And use the column names for the parameter values in the PowerShell for Microsoft 365 command.
-
+ > [!NOTE]
+ > The column names and their order in the first row of the CSV file are arbitrary. But make sure the order of the data in the rest of the file matches the order of the column names. And use the column names for the parameter values in the PowerShell for Microsoft 365 command.
+ 2. Use the following syntax:
-
+ ```powershell Import-Csv -Path <Input CSV File Path and Name> | foreach {New-MsolUser -DisplayName $_.DisplayName -FirstName $_.FirstName -LastName $_.LastName -UserPrincipalName $_.UserPrincipalName -UsageLocation $_.UsageLocation -LicenseAssignment $_.AccountSkuId [-Password $_.Password]} | Export-Csv -Path <Output CSV File Path and Name> ``` This example creates user accounts from the file *C:\My Documents\NewAccounts.csv* and logs the results in a file named *C:\My Documents\NewAccountResults.csv*.
-
+ ```powershell Import-Csv -Path "C:\My Documents\NewAccounts.csv" | foreach {New-MsolUser -DisplayName $_.DisplayName -FirstName $_.FirstName -LastName $_.LastName -UserPrincipalName $_.UserPrincipalName -UsageLocation $_.UsageLocation -LicenseAssignment $_.AccountSkuId} | Export-Csv -Path "C:\My Documents\NewAccountResults.csv" ``` 3. Review the output file to see the results. We didn't specify passwords, so the random passwords that Microsoft 365 generated are visible in the output file.
-
+ ## See also [Manage Microsoft 365 user accounts, licenses, and groups with PowerShell](manage-user-accounts-and-licenses-with-microsoft-365-powershell.md)
enterprise Getting Started With Microsoft 365 Powershell https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/getting-started-with-microsoft-365-powershell.md
Title: "Get started with PowerShell for Microsoft 365"
Previously updated : 07/17/2020 Last updated : 01/24/2024 audience: ITPro
ms.localizationpriority: medium
- scotvorg - Ent_O365
+- must-keep
f1.keywords: - CSH
You can use commands and scripts in PowerShell for Microsoft 365 to manage Micro
Select from these topics: - [**Why you need to use PowerShell for Microsoft 365**](why-you-need-to-use-microsoft-365-powershell.md)
-
+ Start here if you're new to PowerShell for Microsoft 365. Learn why you should use PowerShell for Microsoft 365.
-
-- [**Connect to Microsoft 365 with PowerShell**](connect-to-microsoft-365-powershell.md)
-
+
+- [**Connect to Microsoft 365 with Microsoft Graph PowerShell**](connect-to-microsoft-365-powershell.md)
+ Start here to connect to your Microsoft 365 subscription by using PowerShell for Microsoft 365 and do administrative tasks from the command line.
-
+ - [**Connect to all Microsoft 365 services in a single PowerShell window**](connect-to-all-microsoft-365-services-in-a-single-windows-powershell-window.md)
-
+ You can manage Microsoft 365 in separate windows for Skype for Business Online, SharePoint Online, Microsoft Exchange Online, and Microsoft 365 accounts and licenses. Or, you can manage them all from a single window. This article explains how.
-
+ - [**Use PowerShell to create reports in Microsoft 365**](use-windows-powershell-to-create-reports-in-microsoft-365.md)
-
+ Start here if you've installed the PowerShell for Microsoft 365 modules and want to learn about using automation commands to create reports quickly.
-
+ - [**Cmdlet references for Microsoft 365 services**](cmdlet-references-for-microsoft-365-services.md)
-
+ Learn about the cmdlets for the PowerShell for Microsoft 365 modules.
-
+ - [**Microsoft 365 community resources for PowerShell**](microsoft-365-powershell-community-resources.md)
-
+ Start here to connect to the PowerShell community and get more information about using PowerShell for Microsoft 365.
-
+ ## Related topics [Manage Microsoft 365 with PowerShell](manage-microsoft-365-with-microsoft-365-powershell.md)
enterprise Identify Directory Synchronization Errors https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/identify-directory-synchronization-errors.md
Title: "View directory synchronization errors in Microsoft 365"
Previously updated : 08/10/2020 Last updated : 12/29/2023 audience: Admin
- scotvorg - Ent_O365 - M365-identity-device-management
+- must-keep
search.appverid: - MET150 - MOE150
You can view directory synchronization errors in the <a href="https://go.microso
To view any errors in the Microsoft 365 admin center:
-1. Sign in to the [Microsoft 365 admin center](https://admin.microsoft.com) with a global administrator account.
-
+1. Sign in to the [Microsoft 365 admin center](https://admin.microsoft.com) with a global administrator account.
+ 2. On the **Home** page, you'll see the **User management** card.
-
+ ![The User management card in the Microsoft 365 admin center.](../media/060006e9-de61-49d5-8979-e77cda198e71.png)
-3. On the card, choose **Sync errors** under **Microsoft Entra Connect** to see the errors on the **Directory sync errors** page.
-
+3. On the card, choose **Sync errors** under **Microsoft Entra Connect** to see the errors on the **Directory sync errors** page.
+ ![An example of the Directory sync errors page.](../media/882094a3-80d3-4aae-b90b-78b27047974c.png) 4. Choose any of the errors to display the details pane with information about the error and tips on how to fix it.
enterprise Manage Microsoft 365 Passwords https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/manage-microsoft-365-passwords.md
Title: "Manage Microsoft 365 user account passwords"
Previously updated : 09/24/2020 Last updated : 01/24/2024 audience: Admin
- scotvorg - Ent_O365 - M365-subscription-management
+- must-keep
search.appverid: - MET150 - MOE150
You manage user account passwords in:
- [The Microsoft 365 admin center](/admin) - The Microsoft Entra admin center
-
+ ### Hybrid With hybrid identity, passwords are stored in AD DS so you must use on-premises AD DS tools to manage user account passwords. Even when using Password Hash Synchronization (PHS), in which Microsoft Entra ID stores a hashed version of the already hashed version in AD DS, you and users must manage their passwords in AD DS.
Password writeback is required to fully utilize Microsoft Entra ID Protection ca
For additional information and configuration instructions, see [Microsoft Entra SSPR with password writeback](/azure/active-directory/active-directory-passwords-writeback).
->[!Note]
->Upgrade to the latest version of Microsoft Entra Connect to ensure the best possible experience and new features as they are released. For more information, see [Custom installation of Microsoft Entra Connect](/azure/active-directory/connect/active-directory-aadconnect-get-started-custom).
+> [!NOTE]
+> Upgrade to the latest version of Microsoft Entra Connect to ensure the best possible experience and new features as they are released. For more information, see [Custom installation of Microsoft Entra Connect](/azure/active-directory/connect/active-directory-aadconnect-get-started-custom).
> ## Simplify password resets
enterprise Manage Sharepoint Users And Groups With Powershell https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/manage-sharepoint-users-and-groups-with-powershell.md
Title: "Manage SharePoint Online users and groups with PowerShell"
+ Title: "Manage SharePoint users and groups with PowerShell"
Previously updated : 07/17/2020 Last updated : 01/24/2024 audience: Admin
search.appverid:
- scotvorg - Ent_O365
+- must-keep
f1.keywords: - CSH
- SPO_Content - seo-marvel-apr2020 ms.assetid: d0d3877a-831f-4744-96b0-d8167f06cca2
-description: In this article, learn how to use PowerShell for Microsoft 365 to manage SharePoint Online users, groups, and sites.
+description: In this article, learn how to use PowerShell for Microsoft 365 to manage SharePoint users, groups, and sites.
-# Manage SharePoint Online users and groups with PowerShell
+# Manage SharePoint users and groups with PowerShell
*This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise.*
-If you're a SharePoint Online administrator who works with large lists of user accounts or groups and wants an easier way to manage them, you can use PowerShell for Microsoft 365.
+If you're a SharePoint administrator who works with large lists of user accounts or groups and wants an easier way to manage them, you can use PowerShell for Microsoft 365.
-Before you begin, the procedures in this article require you to connect to SharePoint Online. For instructions, see [Connect to SharePoint Online PowerShell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online)
+Before you begin, the procedures in this article require you to connect to SharePoint. For instructions, see [Connect to SharePoint PowerShell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online)
## Get a list of sites, groups, and users
Get-SPOSite | ForEach {Get-SPOUser -Site $_.Url}
## Add a user to the Site Collection Administrators group
-You use the `Set-SPOUser` cmdlet to add a user to the list of Site Collection Administrators on a site collection.
+You use the `Set-SPOUser` cmdlet to add a user to the list of site admins on a site collection.
```powershell $tenant = "<tenant name, such as litwareinc for litwareinc.com>"
$user = "opalc"
Set-SPOUser -Site https://$tenant.sharepoint.com/sites/$site -LoginName $user@$tenant.com -IsSiteCollectionAdmin $true ```
-You can copy and paste these commands into Notepad, change the variable values for $tenant, $site, and $user to actual values from your environment, and then paste this into your SharePoint Online Management Shell window to run them.
+You can copy and paste these commands into Notepad, change the variable values for $tenant, $site, and $user to actual values from your environment, and then paste this into your SharePoint Management Shell window to run them.
## Add a user to other site collection groups
New-SPOSiteGroup -Group $group -PermissionLevels $level -Site https://$tenant.sh
Sometimes you have to remove a user from a site or even all sites. Perhaps the employee moves from one division to another or leaves the company. You can do this for one employee easily in the UI, but this isn't easily done when you have to move a complete division from one site to another.
-However by using the SharePoint Online Management Shell and CSV files, this is fast and easy. In this task, you'll use Windows PowerShell to remove a user from a site collection security group. Then you'll use a CSV file and remove lots of users from different sites.
+However by using the SharePoint Management Shell and CSV files, this is fast and easy. In this task, you'll use Windows PowerShell to remove a user from a site collection security group. Then you'll use a CSV file and remove lots of users from different sites.
We'll be using the 'Remove-SPOUser' cmdlet to remove a single Microsoft 365 user from a site collection group so we can see the command syntax. Here's how the syntax looks:
However, what if you wanted to do this for every site? You can do this without h
Get-SPOSite | ForEach {Get-SPOUser ΓÇôSite $_.Url} | Format-Table -Wrap -AutoSize | Out-File c:\UsersReport.txt -Force -Width 360 -Append ```
-This report is fairly simple, and you can add more code to create more specific reports or reports that include more detailed information. But this should give you an idea of how to use the SharePoint Online Management Shell to manage users in the SharePoint Online environment.
+This report is fairly simple, and you can add more code to create more specific reports or reports that include more detailed information. But this should give you an idea of how to use the SharePoint Management Shell to manage users in the SharePoint environment.
## See also
-[Connect to SharePoint Online PowerShell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online)
+[Connect to SharePoint PowerShell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online)
-[Manage SharePoint Online with PowerShell](create-sharepoint-sites-and-add-users-with-powershell.md)
+[Manage SharePoint with PowerShell](create-sharepoint-sites-and-add-users-with-powershell.md)
[Manage Microsoft 365 with PowerShell](manage-microsoft-365-with-microsoft-365-powershell.md)
enterprise Manage User Accounts And Licenses With Microsoft 365 Powershell https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/manage-user-accounts-and-licenses-with-microsoft-365-powershell.md
Title: "Manage Microsoft 365 user accounts, licenses, and groups with PowerShell
Previously updated : 11/13/2020 Last updated : 01/24/2024 audience: ITPro
ms.localizationpriority: medium
- scotvorg - Ent_O365
+- must-keep
f1.keywords: - CSH
enterprise Microsoft 365 Networking Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-networking-overview.md
Title: "Microsoft 365 Network Connectivity Overview"
Previously updated : 08/27/2021 Last updated : 12/29/2023 audience: Admin
- Ent_O365 - Strat_O365_Enterprise - m365initiative-coredeploy
+- must-keep
f1.keywords: - NOCSH description: "Discusses why network optimization is important for SaaS services, the goal of Microsoft 365 networking, and how SaaS requires different networking from other workloads."
description: "Discusses why network optimization is important for SaaS services,
Microsoft 365 is a distributed Software-as-a-Service (SaaS) cloud that provides productivity and collaboration scenarios through a diverse set of micro-services and applications. Client components of Microsoft 365 such as Outlook, Word, and PowerPoint run on user computers and connect to other components of Microsoft 365 that run in Microsoft datacenters. The most significant factor that determines the quality of the Microsoft 365 end user experience is network reliability and low latency between Microsoft 365 clients and Microsoft 365 service front doors.
-In this article, you will learn about the goals of Microsoft 365 networking, and why Microsoft 365 networking requires a different approach to optimization than generic Internet traffic.
+In this article, you'll learn about the goals of Microsoft 365 networking, and why Microsoft 365 networking requires a different approach to optimization than generic Internet traffic.
## Microsoft 365 networking goals
For more information on Microsoft 365 network connectivity principles, see [Micr
## Traditional network architectures and SaaS
-Traditional network architecture principles for client/server workloads are designed around the assumption that traffic between clients and endpoints does not extend outside the corporate network perimeter. Also, in many enterprise networks, all outbound Internet connections traverse the corporate network, and egress from a central location.
+Traditional network architecture principles for client/server workloads are designed around the assumption that traffic between clients and endpoints doesn't extend outside the corporate network perimeter. Also, in many enterprise networks, all outbound Internet connections traverse the corporate network, and egress from a central location.
-In traditional network architectures, higher latency for generic Internet traffic is a necessary tradeoff in order to maintain network perimeter security, and performance optimization for Internet traffic typically involves upgrading or scaling out the equipment at network egress points. However, this approach does not address the requirements for optimum network performance of SaaS services such as Microsoft 365.
+In traditional network architectures, higher latency for generic Internet traffic is a necessary tradeoff in order to maintain network perimeter security, and performance optimization for Internet traffic typically involves upgrading or scaling out the equipment at network egress points. However, this approach doesn't address the requirements for optimum network performance of SaaS services such as Microsoft 365.
## Identifying Microsoft 365 network traffic
Microsoft 365 helps meet your organization's needs for content security and data
## Why is Microsoft 365 networking different?
-Microsoft 365 is designed for optimal performance using endpoint security and encrypted network connections, reducing the need for perimeter security enforcement. Microsoft 365 datacenters are located across the world and the service is designed to use various methods for connecting clients to best available service endpoints. Since user data and processing are distributed between many Microsoft datacenters, there is no single network endpoint to which client machines can connect. In fact, data and services in your Microsoft 365 tenant are dynamically optimized by the Microsoft Global Network to adapt to the geographic locations from which they are accessed by end users.
+Microsoft 365 is designed for optimal performance using endpoint security and encrypted network connections, reducing the need for perimeter security enforcement. Microsoft 365 datacenters are located across the world and the service is designed to use various methods for connecting clients to best available service endpoints. Since user data and processing are distributed between many Microsoft datacenters, there's no single network endpoint to which client machines can connect. In fact, data and services in your Microsoft 365 tenant are dynamically optimized by the Microsoft Global Network to adapt to the geographic locations from which they're accessed by end users.
Certain common performance issues are created when Microsoft 365 traffic is subject to packet inspection and centralized egress:
enterprise Page Diagnostics For Spo https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/page-diagnostics-for-spo.md
Title: Use the Page Diagnostics tool for SharePoint Online
Previously updated : 06/03/2020 Last updated : 01/08/2024 audience: Admin
- scotvorg - Ent_O365 - SPO_Content
+- must-keep
search.appverid: - MET150 - SPO160
search.appverid:
- BSA160 f1.keywords: - NOCSH
-description: "Use the Page Diagnostics for SharePoint tool to analyze SharePoint Online modern portal and classic publishing pages against a pre-defined set of performance criteria."
+description: "Use the Page Diagnostics for SharePoint tool to analyze SharePoint Online modern portal and classic publishing pages against a predefined set of performance criteria."
# Use the Page Diagnostics for SharePoint tool
-This article describes how to use the **Page Diagnostics for SharePoint tool** to analyze SharePoint Online modern and classic site pages against a pre-defined set of performance criteria.
+This article describes how to use the **Page Diagnostics for SharePoint tool** to analyze SharePoint Online modern and classic site pages against a predefined set of performance criteria.
The Page Diagnostics for SharePoint tool can be installed for: -- **Microsoft Edge** [(Edge extension)](https://microsoftedge.microsoft.com/addons/detail/ocemkolpnamjcacndljdfmhlpcaoipji)-- **Chrome** [(Chrome extension)](https://chrome.google.com/webstore/detail/inahogkhlkbkjkkaleonemeijihmfagi)
+- [**Microsoft Edge** extension)](https://microsoftedge.microsoft.com/addons/detail/ocemkolpnamjcacndljdfmhlpcaoipji)
+- [**Chrome** extension)](https://chrome.google.com/webstore/detail/inahogkhlkbkjkkaleonemeijihmfagi)
->[!TIP]
->Version **2.0.0** and later includes support for modern pages in addition to classic site pages. If you are unsure which version of the tool you are using, you can select the **About** link or the ellipses (...) to verify your version. **Always update to the latest version** when using the tool.
+> [!TIP]
+> Version **2.0.0** and later includes support for modern pages in addition to classic site pages. If you are unsure which version of the tool you are using, you can select the **About** link or the ellipses (...) to verify your version. **Always update to the latest version** when using the tool.
-The Page Diagnostics for SharePoint tool is a browser extension for the new Microsoft Edge (https://www.microsoft.com/edge) and Chrome browsers that analyzes both SharePoint Online modern portal and classic publishing site pages.
+The Page Diagnostics for SharePoint tool is a browser extension for the new Microsoft Edge (https://www.microsoft.com/edge) and Chrome browsers that analyzes both SharePoint Online modern portal and classic publishing site pages.
> [!IMPORTANT] > This tool only works for SharePoint Online, and canΓÇÖt be used on a SharePoint system page or on a SharePoint App page. The App page type is designed to be used for specific business applications within SharePoint Online and not for portals. The tool is designed to optimize portal pages and Teams site pages.
-The tool generates a report for each analyzed page showing how the page performs against a pre-defined set of rules and displays detailed information when results for a test fall outside the baseline value. SharePoint Online administrators and designers can use the tool to troubleshoot performance issues and to ensure that new pages are optimized prior to publishing.
+The tool generates a report for each analyzed page showing how the page performs against a predefined set of rules and displays detailed information when results for a test fall outside the baseline value. SharePoint Online administrators and designers can use the tool to troubleshoot performance issues and to ensure that new pages are optimized prior to publishing.
-The Page Diagnostics tool is designed to analyze SharePoint site pages only, not system pages such as *allitems.aspx* or *sharepoint.aspx*. If you attempt to run the tool on a system page or any other non-site page, you'll receive an error message advising that the tool canΓÇÖt be run for that type of page.
+The Page Diagnostics tool is designed to analyze SharePoint site pages only, not system pages such as *allitems.aspx* or *sharepoint.aspx*. If you attempt to run the tool on a system page or any other nonsite page, you'll receive an error message advising that the tool canΓÇÖt be run for that type of page.
> [!div class="mx-imgBorder"] > ![Must run on a SharePoint page.](../media/page-diagnostics-for-spo/pagediag-Error-StartPage.png)
-This isn't an error in the tool as there's no value in assessing libraries or system pages. Please navigate to a SharePoint site page to use the tool. If this error occurs on a SharePoint page, please check the master page to ensure that the SharePoint metatags haven't been removed.
+This isn't an error in the tool as there's no value in assessing libraries or system pages. Navigate to a SharePoint site page to use the tool. If this error occurs on a SharePoint page, check the master page to ensure that the SharePoint metatags haven't been removed.
To provide feedback about the tool, select the ellipsis at the top right corner of the tool and then select **Give feedback**.
To provide feedback about the tool, select the ellipsis at the top right corner
## Install the Page Diagnostics for SharePoint tool
-The installation procedure in this section will work for both the Chrome and Microsoft Edge browsers.
+The installation procedure in this section works for both the Chrome and Microsoft Edge browsers.
> [!IMPORTANT] > Microsoft does not read data or page content that is analyzed by the Page Diagnostics for SharePoint tool, and we do not capture any personal information, website or download information. The only identifiable information logged to Microsoft by the tool is the tenant name, counts of rules that have failed and the date and time the tool was run. This information is used by Microsoft to better understand modern portal and publishing site usage trends and common performance issues.
-1. Install the Page Diagnostics for SharePoint tool for **Microsoft Edge** [(Edge extension)](https://microsoftedge.microsoft.com/addons/detail/ocemkolpnamjcacndljdfmhlpcaoipji) or **Chrome** [(Chrome extension)](https://chrome.google.com/webstore/detail/inahogkhlkbkjkkaleonemeijihmfagi). Please review the User Privacy Policy provided on the description page in the store. When adding the tool to your browser, you'll see the following permissions notice.
+1. Install the Page Diagnostics for SharePoint tool for **Microsoft Edge** [(Edge extension)](https://microsoftedge.microsoft.com/addons/detail/ocemkolpnamjcacndljdfmhlpcaoipji) or **Chrome** [(Chrome extension)](https://chrome.google.com/webstore/detail/inahogkhlkbkjkkaleonemeijihmfagi). Review the User Privacy Policy provided on the description page in the store. When adding the tool to your browser, you'll see the following permissions notice.
> [!div class="mx-imgBorder"] > ![Extension permissions.](../media/page-diagnostics-for-spo/pagediag-add-to-edge.png) This notice is in place because a page may contain content from locations outside of SharePoint depending on the web parts and customizations on the page. This means that the tool will read the requests and responses when the start button is clicked and only for the active SharePoint tab where the tool is running. This information is captured locally by the web browser and is available to you via the **Export to JSON** or **Export to HAR** button in the tool's _Network trace_ tab. **The information is not sent to or captured by Microsoft.** (The tool respects the Microsoft privacy policy accessible [here](https://go.microsoft.com/fwlink/p/?linkid=857875).)
- The _Manage your downloads_ permission covers use of the tool's **Export to JSON** functionality. Please follow your company's own privacy guidelines before sharing the JSON file outside of your organization, as the results contain URLs and that can be classified as PII (Personally Identifiable Information).
+ The _Manage your downloads_ permission covers use of the tool's **Export to JSON** functionality. Follow your company's own privacy guidelines before sharing the JSON file outside of your organization, as the results contain URLs and that can be classified as PII (Personally Identifiable Information).
1. If you want to use the tool in Incognito or InPrivate mode, follow the procedure for your browser: 1. In Microsoft Edge, navigate to **Extensions** or type _edge://extensions_ in the URL bar and select **Details** for the extension. In the extension settings, select the checkbox for **allow in InPrivate**. 1. In Chrome, navigate to **Extensions** or type _chrome://extensions_ in the URL bar and select **Details** for the extension. In the extension settings, select the slider for **allow in Incognito**.
Select **Start** to begin collecting data for analysis.
## How to use the Diagnostic tests tab
-When you analyze a SharePoint modern portal page or classic publishing site page with the Page Diagnostics for SharePoint tool, results are analyzed using pre-defined rules that compare results against baseline values and displayed in the **Diagnostic tests** tab. Rules for certain tests may use different baseline values for modern portal and classic publishing sites depending on how specific performance characteristics differ between the two.
+When you analyze a SharePoint modern portal page or classic publishing site page with the Page Diagnostics for SharePoint tool, results are analyzed using predefined rules that compare results against baseline values and displayed in the **Diagnostic tests** tab. Rules for certain tests may use different baseline values for modern portal and classic publishing sites depending on how specific performance characteristics differ between the two.
Test results that appear in the **Improvement opportunities** or **Attention required** categories indicate areas that should be reviewed against recommended practices, and can be selected to display additional information about the result. Details for each item include a _Learn more_ link, which will take you directly to the appropriate guidance related to the test. Test results that appear in the **No action required** category indicate compliance with the relevant rule and don't display additional details when selected.
Red or yellow results may also indicate web parts that refresh data too frequent
The **Network Trace** tab provides detailed information about both requests to build the page and the responses received from SharePoint. 1. **Look for item load times flagged as red**. Each request and response is color coded to indicate its impact on overall page performance using the following latency metrics:
- - Green: \< 500ms
- - Yellow: 500-1000ms
- - Red: \> 1000ms
+ - Green: \< 500 ms
+ - Yellow: 500-1000 ms
+ - Red: \> 1000 ms
> [!div class="mx-imgBorder"] > ![Network Trace.](../media/page-diagnostics-for-spo/pagediag-networktrace-red.png)
- In the image shown above, the red item pertains to the default page. It will always show red unless the page loads in \< 1000ms (less than 1 second).
+ In the image shown above, the red item pertains to the default page. It will always show red unless the page loads in \< 1000 ms (less than 1 second).
2. **Test item load times**. In some cases there will be no time or color indicator because the items have already been cached by the browser. To test this correctly, open the page, clear browser cache, and then click **Start** as that will force a "cold" page load and be a true reflection of the initial page load. This should then be compared to the "warm" page load as that will also help determine what items are being cached on the page.
-3. **Share relevant details with others who can help investigate issues**. To share the details or information provided in the tool with your developers or a technical support person, using the **Enable exporting to HTTP Archive (HAR)** is the recommended approach.
+3. **Share relevant details with others who can help investigate issues**. To share the details or information provided in the tool with your developers or a technical support person, using the **Enable exporting to HTTP Archive (HAR)** is the recommended approach.
> [!div class="mx-imgBorder"] > ![Enable exporting to HAR.](../media/page-diagnostics-for-spo/pagediag-submithar.png)
-That should be enabled prior to clicking Start, which will then enable debug mode in your browser. It will generate an HTTP Archive file (HAR) which can then be accessed through the "Network Trace" tab. Click the "Export to HAR" and it will download the file to your computer and you can then share it accordingly. The file can be opened in various debug tools, like F12 Developer Tools and Fiddler.
+Exporting should be enabled prior to clicking Start, which will then enable debug mode in your browser. This generates an HTTP Archive file (HAR) which can then be accessed through the "Network Trace" tab. Click the "Export to HAR" button to download the file to your computer and you can then share it accordingly. The file can be opened in various debug tools, like F12 Developer Tools and Fiddler.
> [!div class="mx-imgBorder"] > ![Network trace.](../media/page-diagnostics-for-spo/pagediag-networktracehar.png)
That should be enabled prior to clicking Start, which will then enable debug mod
We've included a **Microsoft Support level feature** that should only be utilized when working directly on a support case. Utilizing this feature will provide no benefit to you when used without support team engagement, and can make the page perform significantly slower. There's no additional information when using this feature in the tool as the additional information is added to the logging in the service.
-No change is visible except that you will be notified that you have enabled it and your page performance will be significantly degraded by 2-3 times slower performance whilst enabled. It will only be relevant for the particular page and that active session. For this reason, this should be used sparingly and only when actively engaged with support.
+No change is visible except that you'll be notified that you have enabled it and your page performance will be degraded by 2-3 times slower performance whilst enabled. It will only be relevant for the particular page and that active session. For this reason, this should be used sparingly and only when actively engaged with support.
### To enable the Microsoft Support level feature
No change is visible except that you will be notified that you have enabled it a
You should note the CorrelationID (displayed at the top of the tool) and provide it to your support representative to enable them to gather additional information about the diagnostic session.
-## Related topics
+## Related articles
[Tune SharePoint Online performance](tune-sharepoint-online-performance.md)
security Investigate Incidents https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/investigate-incidents.md
Title: Investigate incidents in Microsoft Defender for Endpoint description: See associated alerts, manage the incident, and see alert metadata to help you investigate an incident
-keywords: investigate, incident, alerts, metadata, risk, detection source, affected devices, patterns, correlation
-search.product: eADQiWindows 10XVcnh
search.appverid: met150
-ms.sitesec: library
-ms.pagetype: security
ms.localizationpriority: medium
- mde-edr Previously updated : 12/18/2020 Last updated : 01/24/2024 # Investigate incidents in Microsoft Defender for Endpoint
When you investigate an incident, you'll see:
## Analyze incident details
+> [!TIP]
+> For a limited time during January 2024, when you visit the **Incidents** page, Defender Boxed appears. Defender Boxed highlights your organization's security successes, improvements, and response actions during 2023. To reopen Defender Boxed, in the Microsoft Defender portal, go to **Incidents**, and then select **Your Defender Boxed**.
+ Click an incident to see the **Incident pane**. Select **Open incident page** to see the incident details and related information (alerts, devices, investigations, evidence, graph). :::image type="content" source="images/atp-incident-details.png" alt-text="The details of an incident" lightbox="images/atp-incident-details.png":::
security Manage Incidents https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-incidents.md
- mde-edr Previously updated : 12/18/2020 Last updated : 01/24/2024 # Manage Microsoft Defender for Endpoint incidents
Last updated 12/18/2020
Managing incidents is an important part of every cybersecurity operation. You can manage incidents by selecting an incident from the **Incidents queue** or the **Incidents management pane**.
+> [!TIP]
+> For a limited time during January 2024, when you visit the **Incidents** page, Defender Boxed appears. Defender Boxed highlights your organization's security successes, improvements, and response actions during 2023. To reopen Defender Boxed, in the Microsoft Defender portal, go to **Incidents**, and then select **Your Defender Boxed**.
Selecting an incident from the **Incidents queue** brings up the **Incident management pane** where you can open the incident page for details.
security View Incidents Queue https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/view-incidents-queue.md
search.appverid: met150 Previously updated : 12/18/2020 Last updated : 01/24/2024 # View and organize the Microsoft Defender for Endpoint Incidents queue
Last updated 12/18/2020
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-pullalerts-abovefoldlink)
+> [!TIP]
+> For a limited time during January 2024, when you visit the **Incidents** page, Defender Boxed appears. Defender Boxed highlights your organization's security successes, improvements, and response actions during 2023. To reopen Defender Boxed, in the Microsoft Defender portal, go to **Incidents**, and then select **Your Defender Boxed**.
++ The **Incidents queue** shows a collection of incidents that were flagged from devices in your network. It helps you sort through incidents to prioritize and create an informed cybersecurity response decision. By default, the queue displays incidents seen in the last 6 months, with the most recent incident showing at the top of the list, helping you see the most recent incidents first.
security Whats New In Microsoft Defender Endpoint https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint.md
ms.localizationpriority: medium Previously updated : 01/22/2024 Last updated : 01/24/2024 audience: ITPro
For more information on Microsoft Defender for Endpoint on specific operating sy
- [What's new in Defender for Endpoint on Android](android-whatsnew.md) - [What's new in Defender for Endpoint on iOS](ios-whatsnew.md)
+## January 2024
+
+- **Defender Boxed is available for a limited period of time**. Defender Boxed highlights your organization's security successes, improvements, and response actions during 2023. Take a moment to celebrate your organization's improvements in security posture, overall response to detected threats (manual and automatic), blocked emails, and more.
+
+ - Defender Boxed opens automatically when you go to the **Incidents** page in the Microsoft Defender portal.
+ - If you close Defender Boxed and you want to reopen it, in the Microsoft Defender portal, go to **Incidents**, and then select **Your Defender Boxed**.
+ - Act quickly! Defender Boxed is available only for a short period of time.
++ ## November 2023 - [Microsoft Defender Core service](microsoft-defender-antivirus-windows.md#microsoft-defender-core-service) is now available for consumers and is planned to begin rolling out to enterprise customers in early 2024.
security Whats New https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/whats-new.md
You can also get product updates and important notifications through the [messag
- Defender Experts for XDR now lets you [receive managed response notifications and updates using Teams](get-started-xdr.md#receive-managed-response-notifications-and-updates-in-microsoft-teams). You can also chat with Defender Experts regarding incidents where managed response is issued.
+- (GA) New functionality in the **incident queue's available filters** is now generally available. Prioritize incidents according to your preferred filters by creating filter sets and saving filter queries. Learn more about incident queue filters in [Available filters](incident-queue.md#available-filters).
+ - (GA) Microsoft Defender for Cloud alerts integration with Microsoft Defender XDR is now generally available. Learn more about the integration in [Microsoft Defender for Cloud in Microsoft Defender XDR](microsoft-365-security-center-defender-cloud.md). -- **Activity log** is now available within an incident page. Use the activity log to view all audits and comments, and add comments to the log of an incident. For details, see [Activity log](manage-incidents.md#activity-log).
+- (GA) **Activity log** is now available within an incident page. Use the activity log to view all audits and comments, and add comments to the log of an incident. For details, see [Activity log](manage-incidents.md#activity-log).
- (Preview) **[Query history](advanced-hunting-query-history.md) in advanced hunting** is now available. You can now rerun or refine queries you have run recently. Up to 30 queries in the past 28 days can be loaded in the query history pane. -- (Preview) Additional features you can use to **[drill down](/advanced-hunting-query-results#drill-down-from-query-results)** further from your query results in advanced hunting are now available.
+- (Preview) Additional features you can use to **[drill down](advanced-hunting-query-results.md#drill-down-from-query-results)** further from your query results in advanced hunting are now available.
## December 2023
security Advanced Delivery Policy Configure https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/advanced-delivery-policy-configure.md
In addition to the two scenarios that the advanced delivery policy can help you
In PowerShell, the basic elements of SecOps mailboxes in the advanced delivery policy are: - **The SecOps override policy**: Controlled by the **\*-SecOpsOverridePolicy** cmdlets.-- **The SecOps override rule**: Controlled by the **\*-SecOpsOverrideRule** cmdlets.
+- **The SecOps override rule**: Controlled by the **\*-ExoSecOpsOverrideRule** cmdlets.
This behavior has the following results:
For detailed syntax and parameter information, see [New-SecOpsOverridePolicy](/p
In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), run the following command: ```powershell
-New-SecOpsOverrideRule -Name SecOpsOverrideRule -Policy SecOpsOverridePolicy
+New-ExoSecOpsOverrideRule -Name SecOpsOverrideRule -Policy SecOpsOverridePolicy
```
-Regardless of the Name value you specify, the rule name is _SecOpsOverrideRule_\<GUID\> where \<GUID\> is a unique GUID value (for example, 6fed4b63-3563-495d-a481-b24a311f8329).
+Regardless of the Name value you specify, the rule name will be `_Exe:SecOpsOverrid:<GUID\>` \[sic\] where \<GUID\> is a unique GUID value (for example, 312c23cf-0377-4162-b93d-6548a9977efb9).
-For detailed syntax and parameter information, see [New-SecOpsOverrideRule](/powershell/module/exchange/new-secopsoverriderule).
+For detailed syntax and parameter information, see [New-ExoSecOpsOverrideRule](/powershell/module/exchange/new-ExoSecOpsOverrideRule).
### Use PowerShell to view the SecOps override policy
For detailed syntax and parameter information, see [Get-SecOpsOverridePolicy](/p
In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), this example returns detailed information about SecOps override rules. ```powershell
-Get-SecOpsOverrideRule
+Get-ExoSecOpsOverrideRule
```
-Although the previous command should return only one rule, any rules that are pending deletion might also be included in the results.
+Although the previous command should return only one rule, a rule that's pending deletion might also be included in the results.
This example identifies the valid rule (one) and any invalid rules. ```powershell
-Get-SecOpsOverrideRule | Format-Table Name,Mode
+Get-ExoSecOpsOverrideRule | Format-Table Name,Mode
```
-After you identify the invalid rules, you can remove them by using the **Remove-SecOpsOverrideRule** cmdlet as described [later in this article](#use-powershell-to-remove-secops-override-rules).
+After you identify the invalid rules, you can remove them by using the **Remove-ExoSecOpsOverrideRule** cmdlet as described [later in this article](#use-powershell-to-remove-secops-override-rules).
-For detailed syntax and parameter information, see [Get-SecOpsOverrideRule](/powershell/module/exchange/get-secopsoverriderule).
+For detailed syntax and parameter information, see [Get-ExoSecOpsOverrideRule](/powershell/module/exchange/get-exosecopsoverriderule).
### Use PowerShell to modify the SecOps override policy
For detailed syntax and parameter information, see [Set-SecOpsOverridePolicy](/p
### Use PowerShell to modify a SecOps override rule
-The **Set-SecOpsOverrideRule** cmdlet doesn't modify the email addresses in the SecOps override rule. To modify the email addresses in the SecOps override rule, use the **Set-SecOpsOverridePolicy** cmdlet.
+The **Set-ExoSecOpsOverrideRule** cmdlet doesn't modify the email addresses in the SecOps override rule. To modify the email addresses in the SecOps override rule, use the **Set-SecOpsOverridePolicy** cmdlet.
-For detailed syntax and parameter information, see [Set-SecOpsOverrideRule](/powershell/module/exchange/set-secopsoverriderule).
+For detailed syntax and parameter information, see [Set-ExoSecOpsOverrideRule](/powershell/module/exchange/set-exosecopsoverriderule).
### Use PowerShell to remove the SecOps override policy
For detailed syntax and parameter information, see [Remove-SecOpsOverridePolicy]
### Use PowerShell to remove SecOps override rules
-In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), use the following syntax:
+In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), use the following commands:
-```powershell
-Remove-SecOpsOverrideRule -Identity <RuleIdentity>
-```
+- Remove any SecOps override rules:
-This example removes the specified SecOps override rule.
+ ```powershell
+ Get-ExoSecOpsOverridePolicy | Remove-ExoSecOpsOverrideRule
+ ```
-```powershell
-Remove-SecOpsOverrideRule -Identity SecOpsOverrideRule6fed4b63-3563-495d-a481-b24a311f8329
-```
+- Remove the specified SecOps override rule:
+
+ ```powershell
+ Remove-ExoSecOpsOverrideRule -Identity "_Exe:SecOpsOverrid:312c23cf-0377-4162-b93d-6548a9977efb"
+ ```
-For detailed syntax and parameter information, see [Remove-SecOpsOverrideRule](/powershell/module/exchange/remove-secopsoverriderule).
+For detailed syntax and parameter information, see [Remove-ExoSecOpsOverrideRule](/powershell/module/exchange/remove-exosecopsoverriderule).
## PowerShell procedures for third-party phishing simulations in the advanced delivery policy In PowerShell, the basic elements of third-party phishing simulations in the advanced delivery policy are: - **The phishing simulation override policy**: Controlled by the **\*-PhishSimOverridePolicy** cmdlets.-- **The phishing simulation override rule**: Controlled by the **\*-PhishSimOverrideRule** cmdlets.
+- **The phishing simulation override rule**: Controlled by the **\*-ExoPhishSimOverrideRule** cmdlets.
- **The allowed (unblocked) phishing simulation URLs**: Controlled by the **\*-TenantAllowBlockListItems** cmdlets. > [!NOTE]
Configuring a third-party phishing simulation in PowerShell is a multi-step proc
#### Step 1: Use PowerShell to create the phishing simulation override policy
-In [Security & Compliance PowerShell](/powershell/exchange/connect-to-scc-powershell), this example creates the phishing simulation override policy.
+In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), this example creates the phishing simulation override policy.
```powershell New-PhishSimOverridePolicy -Name PhishSimOverridePolicy
For detailed syntax and parameter information, see [New-PhishSimOverridePolicy](
#### Step 2: Use PowerShell to create the phishing simulation override rule
-In [Security & Compliance PowerShell](/powershell/exchange/connect-to-scc-powershell), use the following syntax:
+In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), use the following syntax:
```powershell
-New-PhishSimOverrideRule -Name PhishSimOverrideRule -Policy PhishSimOverridePolicy -Domains <Domain1>,<Domain2>,...<Domain10> -SenderIpRanges <IPAddressEntry1>,<IPAddressEntry2>,...<IPAddressEntry10>
+New-ExoPhishSimOverrideRule -Name <ArbitraryTextValue> -Policy PhishSimOverridePolicy -Domains <Domain1>,<Domain2>,...<Domain10> -SenderIpRanges <IPAddressEntry1>,<IPAddressEntry2>,...<IPAddressEntry10>
```
-Regardless of the Name value you specify, the rule name is _PhishSimOverrideRule_\<GUID\> where \<GUID\> is a unique GUID value (for example, a0eae53e-d755-4a42-9320-b9c6b55c5011).
+Regardless of the Name value you specify, the rule name will be `_Exe:PhishSimOverr:<GUID\>` \[sic\] where \<GUID\> is a unique GUID value (for example, 6fed4b63-3563-495d-a481-b24a311f8329).
A valid IP address entry is one of the following values:
A valid IP address entry is one of the following values:
This example creates the phishing simulation override rule with the specified settings. ```powershell
-New-PhishSimOverrideRule -Name PhishSimOverrideRule -Policy PhishSimOverridePolicy -Domains fabrikam.com,wingtiptoys.com -SenderIpRanges 192.168.1.55
+New-ExoPhishSimOverrideRule -Policy PhishSimOverridePolicy -Domains fabrikam.com,wingtiptoys.com -SenderIpRanges 192.168.1.55
```
-For detailed syntax and parameter information, see [New-PhishSimOverrideRule](/powershell/module/exchange/new-phishsimoverriderule).
+For detailed syntax and parameter information, see [New-ExoPhishSimOverrideRule](/powershell/module/exchange/new-exophishsimoverriderule).
#### Step 3: (Optional) Use PowerShell to identify the phishing simulation URLs to allow
For detailed syntax and parameter information, see [New-TenantAllowBlockListItem
### Use PowerShell to view the phishing simulation override policy
-In [Security & Compliance PowerShell](/powershell/exchange/connect-to-scc-powershell), this example returns detailed information about the one and only phishing simulation override policy.
+In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), this example returns detailed information about the one and only phishing simulation override policy.
```powershell Get-PhishSimOverridePolicy
For detailed syntax and parameter information, see [Get-PhishSimOverridePolicy](
### Use PowerShell to view phishing simulation override rules
-In [Security & Compliance PowerShell](/powershell/exchange/connect-to-scc-powershell), this example returns detailed information about phishing simulation override rules.
+In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell)), this example returns detailed information about phishing simulation override rules.
```powershell
-Get-PhishSimOverrideRule
+Get-ExoPhishSimOverrideRule
``` Although the previous command should return only one rule, any rules that are pending deletion might also be included in the results.
Although the previous command should return only one rule, any rules that are pe
This example identifies the valid rule (one) and any invalid rules. ```powershell
-Get-PhishSimOverrideRule | Format-Table Name,Mode
+Get-ExoPhishSimOverrideRule | Format-Table Name,Mode
```
-After you identify the invalid rules, you can remove them by using the **Remove-PhishSimOverrideRule** cmdlet as described [later in this article](#use-powershell-to-remove-phishing-simulation-override-rules).
+After you identify the invalid rules, you can remove them by using the **Remove-ExoPhishSimOverrideRule** cmdlet as described [later in this article](#use-powershell-to-remove-phishing-simulation-override-rules).
-For detailed syntax and parameter information, see [Get-PhishSimOverrideRule](/powershell/module/exchange/get-phishsimoverriderule).
+For detailed syntax and parameter information, see [Get-ExoPhishSimOverrideRule](/powershell/module/exchange/get-exophishsimoverriderule).
### Use PowerShell to view the allowed phishing simulation URL entries
For detailed syntax and parameter information, see [Get-TenantAllowBlockListItem
### Use PowerShell to modify the phishing simulation override policy
-In [Security & Compliance PowerShell](/powershell/exchange/connect-to-scc-powershell), use the following syntax:
+In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), use the following syntax:
```powershell Set-PhishSimOverridePolicy -Identity PhishSimOverridePolicy [-Comment "<DescriptiveText>"] [-Enabled <$true | $false>]
For detailed syntax and parameter information, see [Set-PhishSimOverridePolicy](
### Use PowerShell to modify phishing simulation override rules
-In [Security & Compliance PowerShell](/powershell/exchange/connect-to-scc-powershell), use the following syntax:
+In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), use the following syntax:
+
+```powershell
+Get-ExoPhishSimOverrideRule| Set-ExoPhishSimOverrideRule [-Comment "<DescriptiveText>"] [-AddSenderDomainIs <DomainEntry1>,<DomainEntry2>,...<DomainEntryN>] [-RemoveSenderDomainIs <DomainEntry1>,<DomainEntry2>,...<DomainEntryN>] [-AddSenderIpRanges <IPAddressEntry1>,<IPAddressEntry2>,...<IPAddressEntryN>] [-RemoveSenderIpRanges <IPAddressEntry1>,<IPAddressEntry2>,...<IPAddressEntryN>]
+```
+
+or
```powershell
-Set-PhishSimOverrideRule -Identity PhishSimOverrideRulea0eae53e-d755-4a42-9320-b9c6b55c5011 [-Comment "<DescriptiveText>"] [-AddSenderDomainIs <DomainEntry1>,<DomainEntry2>,...<DomainEntryN>] [-RemoveSenderDomainIs <DomainEntry1>,<DomainEntry2>,...<DomainEntryN>] [-AddSenderIpRanges <IPAddressEntry1>,<IPAddressEntry2>,...<IPAddressEntryN>] [-RemoveSenderIpRanges <IPAddressEntry1>,<IPAddressEntry2>,...<IPAddressEntryN>]
+Set-ExoPhishSimOverrideRule -Identity <PhishSimOverrideRuleIdentity> [-Comment "<DescriptiveText>"] [-AddSenderDomainIs <DomainEntry1>,<DomainEntry2>,...<DomainEntryN>] [-RemoveSenderDomainIs <DomainEntry1>,<DomainEntry2>,...<DomainEntryN>] [-AddSenderIpRanges <IPAddressEntry1>,<IPAddressEntry2>,...<IPAddressEntryN>] [-RemoveSenderIpRanges <IPAddressEntry1>,<IPAddressEntry2>,...<IPAddressEntryN>]
```
-This example modifies the specified phishing simulation override rule with the following settings:
+Use the **Get-ExoPhishSimOverrideRule** cmdlet to find the \<PhishSimOverrideRuleIdentity\> values. The name of the rule uses the following syntax: `_Exe:PhishSimOverr:<GUID\>` \[sic\] where \<GUID\> is a unique GUID value (for example, 6fed4b63-3563-495d-a481-b24a311f8329).
+
+This example modifies the (presumably only) phishing simulation override rule with the following settings:
- Add the domain entry blueyonderairlines.com. - Remove the IP address entry 192.168.1.55.
-These changes don't affect existing entries.
+These changes don't affect existing entries in the rule.
```powershell
-Set-PhishSimOverrideRule -Identity PhishSimOverrideRulea0eae53e-d755-4a42-9320-b9c6b55c5011 -AddSenderDomainIs blueyonderairlines.com -RemoveSenderIpRanges 192.168.1.55
+Get-ExoPhishSimOverrideRule| Set-ExoPhishSimOverrideRule| Set-ExoPhishSimOverrideRule -AddSenderDomainIs blueyonderairlines.com -RemoveSenderIpRanges 192.168.1.55
```
-For detailed syntax and parameter information, see [Set-PhishSimOverrideRule](/powershell/module/exchange/set-phishsimoverriderule).
+For detailed syntax and parameter information, see [Set-ExoPhishSimOverrideRule](/powershell/module/exchange/set-exophishsimoverriderule).
### Use PowerShell to modify the allowed phishing simulation URL entries
You can't modify the URL values directly. You can [remove existing URL entries](
In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), to modify other properties of an allowed phishing simulation URL entry (for example, the expiration date or comments), use the following syntax: ```powershell
-Set-TenantAllowBlockListItems <-Entries "<URL1>","<URL2>",..."<URLN>" | -Ids <Identity>> -ListType URL -ListSubType AdvancedDelivery <[-NoExpiration] | [-ExpirationDate <DateTime>]> [-Notes <String>]
+Set-TenantAllowBlockListItems <-Entries "<URL1>","<URL2>",..."<URLN>" | -Ids <Identity> -ListType URL -ListSubType AdvancedDelivery <[-NoExpiration] | [-ExpirationDate <DateTime>]> [-Notes <String>]
``` You identify the entry to modify by its URL values (the _Entries_ parameter) or the Identity value from the output of the **Get-TenantAllowBlockListItems** cmdlet (the _Ids_ parameter).
For detailed syntax and parameter information, see [Set-TenantAllowBlockListItem
### Use PowerShell to remove a phishing simulation override policy
-In [Security & Compliance PowerShell](/powershell/exchange/connect-to-scc-powershell), this example removes the phishing simulation override policy and the corresponding rule.
+In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), this example removes the phishing simulation override policy and the corresponding rule.
```powershell Remove-PhishSimOverridePolicy -Identity PhishSimOverridePolicy
For detailed syntax and parameter information, see [Remove-PhishSimOverridePolic
### Use PowerShell to remove phishing simulation override rules
-In [Security & Compliance PowerShell](/powershell/exchange/connect-to-scc-powershell), use the following syntax:
+In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), use the following commands:
-```powershell
-Remove-PhishSimOverrideRule -Identity <RuleIdentity>
-```
+- Remove any phishing simulation override rules:
-This example removes the specified phishing simulation override rule.
+ ```powershell
+ Get-ExoPhishSimOverridePolicy | Remove-ExoPhishSimOverrideRule
+ ```
-```powershell
-Remove-PhishSimOverrideRule -Identity PhishSimOverrideRulea0eae53e-d755-4a42-9320-b9c6b55c5011
-```
+- Remove the specified phishing simulation override rule:
+
+ ```powershell
+ Remove-ExoSPhishSimOverrideRule -Identity "_Exe:PhishSimOverr:6fed4b63-3563-495d-a481-b24a311f8329"
+ ```
-For detailed syntax and parameter information, see [Remove-PhishSimOverrideRule](/powershell/module/exchange/remove-phishsimoverriderule).
+For detailed syntax and parameter information, see [Remove-ExoPhishSimOverrideRule](/powershell/module/exchange/remove-exophishsimoverriderule).
### Use PowerShell to remove the allowed phishing simulation URL entries In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), use the following syntax: ```powershell
-Remove-TenantAllowBlockListItems <-Entries "<URL1>","<URL2>",..."<URLN>" | -Ids <Identity>> -ListType URL -ListSubType AdvancedDelivery
+Remove-TenantAllowBlockListItems <-Entries "<URL1>","<URL2>",..."<URLN>" | -Ids <Identity> -ListType URL -ListSubType AdvancedDelivery
``` You identify the entry to modify by its URL values (the _Entries_ parameter) or the Identity value from the output of the **Get-TenantAllowBlockListItems** cmdlet (the _Ids_ parameter).
security Defender For Office 365 Whats New https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/defender-for-office-365-whats-new.md
For more information on what's new with other Microsoft Defender security produc
- [What's new in Microsoft Defender for Identity](/defender-for-identity/whats-new) - [What's new in Microsoft Defender for Cloud Apps](/cloud-app-security/release-notes)
+## January 2024
+
+- **Providing intent while submitting is now generally available**: Admins can identify if they're submitting an item to Microsoft for a second opinion or they're submitting the message because it's malicious and was missed by Microsoft. With this change, Microsoft analysis of admin submitted messages (email and Microsoft Teams), URLs, and email attachments is further streamlined and results in a more accurate analysis. [Learn more](submissions-admin.md).
## December 2023
security Quarantine Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/quarantine-policies.md
The rest of this step explains how to assign quarantine policies for supported f
### Anti-spam policies
-1. In the Microsoft Defender portal at <https://security.microsoft.com>, go to **Email & collaboration** \> **Policies & rules** \> **Threat policies** \> **Anti-spam** in the **Policies** section. Or, to go directly to the **Ant-spam policies** page, use <https://security.microsoft.com/antispam>.
+1. In the Microsoft Defender portal at <https://security.microsoft.com>, go to **Email & collaboration** \> **Policies & rules** \> **Threat policies** \> **Anti-spam** in the **Policies** section. Or, to go directly to the **Anti-spam policies** page, use <https://security.microsoft.com/antispam>.
2. On the **Anti-spam policies** page, use either of the following methods: - Select an existing **inbound** anti-spam policy by clicking anywhere in the row other than the check box next to the name. In the policy details flyout that opens, go to the **Actions** section and then select **Edit actions**.
security Reports Defender For Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/reports-defender-for-office-365.md
- seo-marvel-apr2020 Previously updated : 6/21/2023 Last updated : 1/24/2024 appliesto: - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/mdo-security-comparison#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a> - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a>
When you're finished configuring the filters, select **Apply**, **Cancel**, or :
On the **Mail latency report** page, the :::image type="icon" source="../../medi#export-report-data)** action is available.
+## Post-delivery activities report
+
+The **Post-delivery activities** report shows information about email messages that removed from user mailboxes after delivery by zero-hour auto purge (ZAP). For more information about ZAP, see [Zero-hour auto purge (ZAP) in Exchange Online](zero-hour-auto-purge.md).
+
+The report shows real-time information, with updated threat information.
+
+On the **Email & collaboration reports** page at <https://security.microsoft.com/emailandcollabreport>, find **Post-delivery activities**, and then select **View details**. Or, to go directly to the report, use <https://security.microsoft.com/reports/ZapReport>.
++
+On the **Post-delivery activities** page, the chart shows the following information for the specified date range:
+
+- **No threat**: The number of unique delivered messages that were found to be not spam by ZAP.
+- **Spam**: The number of unique messages that were removed from mailboxes by ZAP for spam.
+- **Phishing**: The number of unique messages that were removed from mailboxes by ZAP for phishing.
+- **Malware**: The number of unique messages that were removed from mailboxes by ZAP for phishing.
+
+The details table below the graph shows the following information:
+
+- **Subject**
+- **Received time**
+- **Sender**
+- **Recipient**
+- **ZAP time**
+- **Original threat**
+- **Original location**
+- **Updated threat**
+- **Updated delivery location**
+- **Detection technology**
+
+ To see all columns, you likely need to do one or more of the following steps:
+
+ - Horizontally scroll in your web browser.
+ - Narrow the width of appropriate columns.
+ - Zoom out in your web browser.
+
+Select :::image type="icon" source="../../media/m365-cc-sc-filter-icon.png" border="false"::: **Filter** to modify the report and the details table by selecting one or more of the following values in the flyout that opens:
+
+- **Date (UTC)**: **Start date** and **End date**.
+- **Verdict**:
+ - **No threat**
+ - **Spam**
+ - **Phishing**
+ - **Malware**
+
+When you're finished configuring the filters, select **Apply**, **Cancel**, or :::image type="icon" source="../../media/m365-cc-sc-clear-filters-icon.png" border="false"::: **Clear filters**.
+
+On the **Post delivery activities** page, the :::image type="icon" source="../../medi#export-report-data)** actions are available.
++ ## Threat protection status report The **Threat protection status** report is a single view that brings together information about malicious content and malicious email detected and blocked by [Exchange Online Protection](eop-about.md) (EOP) and Defender for Office 365. For more information, see [Threat protection status report](reports-email-security.md#threat-protection-status-report).
security Reports Email Security https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/reports-email-security.md
- seo-marvel-apr2020 Previously updated : 11/2/2023 Last updated : 1/24/2024 appliesto: - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a> - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/mdo-security-comparison#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>
The **Mail latency report** in Defender for Office 365 contains information on t
## Post-delivery activities report
-The **Post-delivery activities** report shows information about email messages that removed from user mailboxes after delivery by zero-hour auto purge (ZAP). For more information about ZAP, see [Zero-hour auto purge (ZAP) in Exchange Online](zero-hour-auto-purge.md).
-
-The report shows real-time information, with updated threat information.
-
-On the **Email & collaboration reports** page at <https://security.microsoft.com/emailandcollabreport>, find **Post-delivery activities**, and then select **View details**. Or, to go directly to the report, use <https://security.microsoft.com/reports/ZapReport>.
--
-On the **Post-delivery activities** page, the chart shows the following information for the specified date range:
--- **No threat**: The number of unique delivered messages that were found to be not spam by ZAP.-- **Spam**: The number of unique messages that were removed from mailboxes by ZAP for spam.-- **Phishing**: The number of unique messages that were removed from mailboxes by ZAP for phishing.-- **Malware**: The number of unique messages that were removed from mailboxes by ZAP for phishing.-
-The details table below the graph shows the following information:
--- **Subject**-- **Received time**-- **Sender**-- **Recipient**-- **ZAP time**-- **Original threat**-- **Original location**-- **Updated threat**-- **Updated delivery location**-- **Detection technology**-
- To see all columns, you likely need to do one or more of the following steps:
-
- - Horizontally scroll in your web browser.
- - Narrow the width of appropriate columns.
- - Zoom out in your web browser.
-
-Select :::image type="icon" source="../../media/m365-cc-sc-filter-icon.png" border="false"::: **Filter** to modify the report and the details table by selecting one or more of the following values in the flyout that opens:
--- **Date (UTC)**: **Start date** and **End date**.-- **Verdict**:
- - **No threat**
- - **Spam**
- - **Phishing**
- - **Malware**
-
-When you're finished configuring the filters, select **Apply**, **Cancel**, or :::image type="icon" source="../../media/m365-cc-sc-clear-filters-icon.png" border="false"::: **Clear filters**.
-
-On the **Post delivery activities** page, the :::image type="icon" source="../../media/m365-cc-sc-create-icon.png" border="false"::: **[Create schedule](#schedule-recurring-reports)** and :::image type="icon" source="../../media/m365-cc-sc-download-icon.png" border="false"::: **[Export](#export-report-data)** actions are available.
-
+The **Post-delivery activities** report is available only in organizations with Microsoft Defender for Office 365 Plan 2. For information about the report, see [Post-delivery activities report](reports-defender-for-office-365.md#post-delivery-activities-report).
## Spam detections report
security Safe Links About https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/safe-links-about.md
Safe Links protection by Safe Links policies is available in the following locat
For more information about Safe Links protection for email messages, see the [Safe Links settings for email messages](#safe-links-settings-for-email-messages) section later in this article. > [!NOTE]
- > Safe Links does not work on mail-enabled public folders.
+ > Safe Links doesn't work on mail-enabled public folders.
+ >
+ > Safe Links doesn't provide protection for URLs in Rich Text Format (RTF) email messages.
> > Safe Links supports only HTTP(S) and FTP formats. >
security Submissions Admin https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/submissions-admin.md
For other ways that **admins** can report messages to Microsoft in the Defender
3. On the **Emails** tab, select :::image type="icon" source="../../media/m365-cc-sc-create-icon.png" border="false"::: **Submit to Microsoft for analysis**.
-4. In the **Submit to Microsoft for analysis** flyout that opens, enter the following information:
+4. On the first page of the **Submit to Microsoft for analysis** flyout that opens, enter the following information:
- **Select the submission type**: Verify the value **Email** is selected.
For other ways that **admins** can report messages to Microsoft in the Defender
- **Add the email network message ID**: The GUID value is available in the **X-MS-Exchange-Organization-Network-Message-Id** header in the message or in the **X-MS-Office365-Filtering-Correlation-Id** header in quarantined messages. - **Upload the email file (.msg or .eml)**: Select **Browse files**. In the dialog that opens, find and select the .eml or .msg file, and then select **Open**.
- - **Choose a recipient who had an issue**: Specify the recipients to run a policy check against. The policy check determines if the email bypassed scanning due to user or organization policies or override.
+ - **Choose at least one recipient who had an issue**: Specify the recipients to run a policy check against. The policy check determines if the email bypassed scanning due to user or organization policies or override.
+
+ - **Why are you submitting this message to Microsoft?**: Select one of the following values:
+ - **It appears suspicious**: Select this value to get a second opinion from Microsoft, select **Submit**, and then go to Step 6.
+
+ or
+
+ - **I've confirmed it's a threat**: Select this value if you're sure that the item is malicious, and then select one of the following values in the **Choose a category** section that appears:
+ - **Phish**
+ - **Malware**
+ - **Spam**
+
+ Select **Next**.
- - **Select a reason for submitting to Microsoft**: Verify **Should have been blocked (False negative)** is selected.
+ :::image type="content" source="../../media/admin-submission-email-block.png" alt-text="Submit a false negative (bad) email to Microsoft for analysis on the Submissions page in the Defender portal." lightbox="../../media/admin-submission-email-block.png":::
- - **The email should have been categorized as**: Select **Phish**, **Malware**, or **Spam**. If you're not sure, use your best judgment.
+5. On the second page of the **Submit to Microsoft for analysis** flyout that opens, do one of the following steps:
+ - Select **Submit**.
- - **Block all emails from this sender or domain**: Select this option to create a block entry for the sender domain or email address in the Tenant Allow/Block List. For more information about the Tenant Allow/Block List, see [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md).
+ or
- After you select this option, the following settings are available:
+ - Select **Block all emails from this sender or domain**: This option creates a block entry for the sender domain or email address in the Tenant Allow/Block List. For more information about the Tenant Allow/Block List, see [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md).
- - By default, **Sender** is selected but you can select **Domain** instead.
- - **Remove block entry after**: The default value is **30 days**, but you can select from the following values:
- - **1 day**
- - **7 days**
- - **30 days**
- - **90 days**
- - **Never expire**
- - **Specific date**: The maximum value is 90 days from today.
- - **Block entry note**: Enter optional information about why you're blocking this email.
+ After you select this option, the following settings are available:
- When you're finished in the **Submit to Microsoft for analysis** flyout, select **Submit**, and then select **Done**.
+ - By default, **Sender** is selected but you can select **Domain** instead.
+ - **Remove block entry after**: The default value is **30 days**, but you can select from the following values:
+ - **1 day**
+ - **7 days**
+ - **30 days**
+ - **Never expire**
+ - **Specific date**: The maximum value is 90 days from today.
+ - **Block entry note (optional)**: Enter optional information about why you're blocking this item.
+ When you're finished on the second page of the **Submit to Microsoft for analysis** flyout, select **Submit**.
+
+ :::image type="content" source="../../media/admin-submission-email-block-page-2.png" alt-text="Choose whether to create a corresponding block entry for the sender domain or email address in the Tenant Allow/Block List." lightbox="../../media/admin-submission-email-block-page-2.png":::
+
+6. Select **Done**.
After a few moments, the block entry is available on the **Domains & addresses** tab on the **Tenant Allow/Block Lists** page at <https://security.microsoft.com/tenantAllowBlockList?viewid=Sender>.
After a few moments, the block entry is available on the **Domains & addresses**
3. On the **Email attachments** tab, select :::image type="icon" source="../../media/m365-cc-sc-create-icon.png" border="false"::: **Submit to Microsoft for analysis**.
-4. On the **Submit to Microsoft for analysis** flyout that opens, enter the following information:
+4. On the first page of the **Submit to Microsoft for analysis** flyout that opens, enter the following information:
- **Select the submission type**: Verify the value **Email attachment** is selected. - **File**: Select :::image type="icon" source="../../media/m365-cc-sc-import-icon.png" border="false"::: **Browse files** to find and select the file to submit.
- - **Select a reason for submitting to Microsoft**: Verify **Should have been blocked (False negative)** is selected.
+ - **Why are you submitting this email attachment to Microsoft?**: Select one of the following values:
+ - **It appears suspicious**: Select this value to get a second opinion from Microsoft, select **Submit**, and then go to Step 6.
+
+ or
- - **The email should have been categorized as**: Select **Phish** or **Malware**. If you're not sure, use your best judgment.
+ - **I've confirmed it's a threat**: Select this value if you're sure that the item is malicious, and then select one of the following values in the **Choose a category** section that appears:
+ - **Phish**
+ - **Malware**
- - **Block this file**: Select this option to create a block entry for the file in the Tenant Allow/Block List. For more information about the Tenant Allow/Block List, see [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md).
+ Select **Next**.
- After you select this option, the following settings are available:
+ :::image type="content" source="../../media/admin-submission-file-block.png" alt-text="Submit a false negative (bad) email attachment to Microsoft for analysis on the Submissions page in the Defender portal." lightbox="../../media/admin-submission-file-block.png":::
- - **Remove block entry after**: The default value is **30 days**, but you can select from the following values:
- - **1 day**
- - **7 days**
- - **30 days**
- - **90 days**
- - **Never expire**
- - **Specific date**: The maximum value is 90 days from today.
+5. On the second page of the **Submit to Microsoft for analysis** flyout that opens, do one of the following steps:
+ - Select **Submit**.
- - **Block entry note**: Enter optional information about why you're blocking this file.
+ or
- When you're finished in the **Submit to Microsoft for analysis** flyout, select **Submit**, and then select **Done**.
+ - Select **Block this file**: This option creates a block entry for the file in the Tenant Allow/Block List. For more information about the Tenant Allow/Block List, see [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md).
+ After you select this option, the following settings are available:
+
+ - **Remove block entry after**: The default value is **30 days**, but you can select from the following values:
+ - **1 day**
+ - **7 days**
+ - **30 days**
+ - **Never expire**
+ - **Specific date**: The maximum value is 30 days from today.
+ - **Block entry note (optional)**: Enter optional information about why you're blocking this item.
+
+ When you're finished in the **Submit to Microsoft for analysis** flyout, select **Submit**.
+
+ :::image type="content" source="../../media/admin-submission-file-block-page-2.png" alt-text="Choose whether to create a corresponding block entry for the file in the Tenant Allow/Block List." lightbox="../../media/admin-submission-file-block-page-2.png":::
+
+6. Select **Done**.
After a few moments, the block entry is available on the **Files** tab on the **Tenant Allow/Block Lists** page at <https://security.microsoft.com/tenantAllowBlockList?viewid=FileHash>.
After a few moments, the block entry is available on the **Files** tab on the **
- **URL**: Enter the full URL (for example, `https://www.fabrikam.com/marketing.html`), and then select it in the box that appears. You can enter up to 50 URLs at once.
- - **Select a reason for submitting to Microsoft**: Verify **Should have been blocked (False negative)** is selected.
+ - **Why are you submitting this URL to Microsoft?**: Select one of the following values:
+ - **It appears suspicious**: Select this value to get a second opinion from Microsoft, select **Submit**, and then go to Step 6.
+
+ or
+
+ - **I've confirmed it's a threat**: Select this value if you're sure that the item is malicious, and then select one of the following values in the **Choose a category** section that appears:
+ - **Phish**
+ - **Malware**
+
+ Select **Next**.
+
+ :::image type="content" source="../../media/admin-submission-url-block.png" alt-text="Submit a false negative (bad) URL to Microsoft for analysis on the Submissions page in the Defender portal." lightbox="../../media/admin-submission-url-block.png":::
+
+5. On the second page of the **Submit to Microsoft for analysis** flyout that opens, do one of the following steps:
+ - Select **Submit**.
- - **The email should have been categorized as**: Select **Phish** or **Malware**. If you're not sure, use your best judgment.
+ or
- - **Block this URL**: Select this option to create a block entry for the URL in the Tenant Allow/Block List. For more information about the Tenant Allow/Block List, see [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md).
+ - Select **Block this URL**: This option creates a block entry for the URL in the Tenant Allow/Block List. For more information about the Tenant Allow/Block List, see [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md).
- After you select this option, the following settings are available:
+ After you select this option, the following settings are available:
- - **Remove block entry after**: The default value is **30 days**, but you can select from the following values:
- - **1 day**
- - **7 days**
- - **30 days**
- - **90 days**
- - **Never expire**
- - **Specific date**: The maximum value is 90 days from today.
+ - **Remove block entry after**: The default value is **30 days**, but you can select from the following values:
+ - **1 day**
+ - **7 days**
+ - **30 days**
+ - **Never expire**
+ - **Specific date**: The maximum value is 30 days from today.
+ - **Block entry note (optional)**: Enter optional information about why you're blocking this itme.
- - **Block entry note**: Enter optional information about why you're blocking this URL.
+ When you're finished in the **Submit to Microsoft for analysis** flyout, select **Submit**.
- When you're finished in the **Submit to Microsoft for analysis** flyout, select **Submit**, and then select **Done**.
+ :::image type="content" source="../../media/admin-submission-url-block-page-2.png" alt-text="Choose whether to create a corresponding block entry for the URL in the Tenant Allow/Block List." lightbox="../../media/admin-submission-url-block-page-2.png":::
+6. Select **Done**.
After a few moments, the block entry is available on the **URL** tab on the **Tenant Allow/Block Lists** page at <https://security.microsoft.com/tenantAllowBlockList?viewid=Url>.
After a few moments, the block entry is available on the **URL** tab on the **Te
3. On the **Emails** tab, select :::image type="icon" source="../../media/m365-cc-sc-create-icon.png" border="false"::: **Submit to Microsoft for analysis**.
-4. In the **Submit to Microsoft for analysis** flyout that opens, enter the following information:
+4. In the first page of the **Submit to Microsoft for analysis** flyout that opens, enter the following information:
- **Select the submission type**: Verify the value **Email** is selected.
After a few moments, the block entry is available on the **URL** tab on the **Te
- **Add the email network message ID**: The GUID value is available in the **X-MS-Exchange-Organization-Network-Message-Id** header in the message or in the **X-MS-Office365-Filtering-Correlation-Id** header in quarantined messages. - **Upload the email file (.msg or .eml)**: Select **Browse files**. In the dialog that opens, find and select the .eml or .msg file, and then select **Open**.
- - **Choose a recipient who had an issue**: Specify the recipients to run a policy check against. The policy check determines if the email was blocked due to user or organization policies or overrides.
+ - **Choose at least one recipient who had an issue**: Specify the recipients to run a policy check against. The policy check determines if the email was blocked due to user or organization policies or overrides.
- - **Select a reason for submitting to Microsoft**: Select **Should not have been blocked (False positive)**, and then configure the following settings:
+ - **Why are you submitting this message to Microsoft?**: Select one of the following values:
+ - **It appears clean**: Select this value to get a second opinion from Microsoft, select **Submit**, and then go to Step 6.
- - **Allow emails with similar attributes (URL, sender, etc.)**: Turn on this setting :::image type="icon" source="../../media/scc-toggle-on.png" border="false":::.
+ or
- - **Remove allow entry after**: The default value is **30 days**, but you can select from the following values:
- - **1 day**
- - **7 days**
- - **30 days**
- - **Specific date**: The maximum value is 30 days from today.
+ - **I've confirmed it's clean**: Select this value if you're sure that the item is clean, and then select **Next**
- For spoofed senders, this value is meaningless, because entries for spoofed senders never expire.
+ :::image type="content" source="../../media/admin-submission-email-allow.png" alt-text="Submit a false positive (good) email to Microsoft for analysis on the Submissions page in the Defender portal." lightbox="../../media/admin-submission-email-allow.png":::
- - **Allow entry note**: Enter optional information about why you're allowing and submitting this email message.
+5. On the second page of the **Submit to Microsoft for analysis** flyout that opens, do one of the following steps:
+ - Select **Submit**.
- For spoofed senders, any value you enter here isn't shown in the allow entry on the **Spoofed senders** tab on the **Tenant Allow/Block Lists** page.
+ or
- When you're finished in the **Submit to Microsoft for analysis** flyout, select **Submit**, and then select **Done**.
+ - Select **Allow this message**: This option creates an allow entry for the elements of the message in the Tenant Allow/Block List. For more information about the Tenant Allow/Block List, see [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md).
- :::image type="content" source="../../media/admin-submission-email-allow.png" alt-text="Submit a false positive (good) email to Microsoft for analysis on the Submissions page in the Defender portal." lightbox="../../media/admin-submission-email-allow.png":::
+ After you select this option, the following settings are available:
+
+ - **Remove allow entry after**: The default value is **30 days**, but you can select from the following values:
+ - **1 day**
+ - **7 days**
+ - **30 days**
+ - **Specific date**: The maximum value is 90 days from today.
+
+ For spoofed senders, this value is meaningless, because entries for spoofed senders never expire.
+
+ - **Allow entry note (optional)**: Enter optional information about why you're allowing this item. For spoofed senders, any value you enter here isn't shown in the allow entry on the **Spoofed senders** tab on the **Tenant Allow/Block Lists** page.
+
+ When you're finished on the second page of the **Submit to Microsoft for analysis** flyout, select **Submit**.
+
+ :::image type="content" source="../../media/admin-submission-email-allow-page-2.png" alt-text="Choose whether to create a corresponding allow entry for the elements of the message in the Tenant Allow/Block List." lightbox="../../media/admin-submission-email-block-page-2.png":::
+
+6. Select **Done**.
After a few moments, the associated allow entries appear on the **Domains & addresses**, **Spoofed senders**, **URLs**, or **Files** tabs on the **Tenant Allow/Block Lists** page at <https://security.microsoft.com/tenantAllowBlockList>.
After a few moments, the associated allow entries appear on the **Domains & addr
- **File**: Select **Browse files** to find and select the file to submit.
- - **Select a reason for submitting to Microsoft**: Select **Should not have been blocked (False positive)**, and then configure the following settings:
+ - **Why are you submitting the message to Microsoft?**: Select one of the following values:
+ - **It appears clean**: Select this value to get a second opinion from Microsoft, select **Submit**, and then go to Step 6.
- - **Allow this file**: Turn on this setting :::image type="icon" source="../../media/scc-toggle-on.png" border="false":::.
+ or
- - **Remove allow entry after**: The default value is **30 days**, but you can select from the following values:
- - **1 day**
- - **7 days**
- - **30 days**
- - **Specific date**: The maximum value is 30 days from today.
+ - **I've confirmed it's clean**: Select this value if you're sure that the item is clean, and then select **Next**.
- - **Allow entry note**: Enter optional information about why you're allowing and submitting this file.
+ :::image type="content" source="../../media/admin-submission-file-allow.png" alt-text="Submit a false positive (good) email attachment to Microsoft for analysis on the Submissions page in the Defender portal." lightbox="../../media/admin-submission-file-allow.png":::
- When you're finished in the **Submit to Microsoft for analysis** flyout, select **Submit**, and then select **Done**.
+5. On the second page of the **Submit to Microsoft for analysis** flyout that opens, do one of the following steps:
+ - Select **Submit**.
- :::image type="content" source="../../media/admin-submission-file-allow.png" alt-text="Submit a false positive (good) email attachment to Microsoft for analysis on the Submissions page in the Defender portal." lightbox="../../media/admin-submission-file-allow.png":::
+ or
+
+ - Select **Allow this file**: This option creates a allow entry for the file in the Tenant Allow/Block List. For more information about the Tenant Allow/Block List, see [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md).
+
+ After you select this option, the following settings are available:
+
+ - **Remove allow entry after**: The default value is **30 days**, but you can select from the following values:
+ - **1 day**
+ - **7 days**
+ - **30 days**
+ - **Specific date**: The maximum value is 30 days from today.
+ - **Block entry note (optional)**: Enter optional information about why you're blocking this item.
+
+ When you're finished on the second page of the **Submit to Microsoft for analysis** flyout, select **Submit**.
+
+ :::image type="content" source="../../media/admin-submission-file-allow-page-2.png" alt-text="Choose whether to create a corresponding allow entry for the file in the Tenant Allow/Block List." lightbox="../../media/admin-submission-file-allow-page-2.png":::
+
+6. Select **Done**.
After a few moments, the allow entry is available on the **Files** tab on the **Tenant Allow/Block List** page. For more information about the Tenant Allow/Block List, see [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md).
For URLs reported as false positives, we allow subsequent messages that contain
- **URL**: Enter the full URL (for example, `https://www.fabrikam.com/marketing.html`), and then select it in the box that appears. You can also provide a top level domain (for example, `https://www.fabrikam.com/*`), and then select it in the box that appears. You can enter up to 50 URL at once.
- - **Select a reason for submitting to Microsoft**: Select **Should not have been blocked (False positive)**, and then configure the following settings:
+ - **Why are you submitting this URL to Microsoft?**: Select one of the following values:
+ - **It appears clean**: Select this value to get a second opinion from Microsoft, select **Submit**, and then go to Step 6.
- - **Allow this URL**: Turn on this setting :::image type="icon" source="../../media/scc-toggle-on.png" border="false":::.
+ or
- - **Remove allow entry after**: The default value is **30 days**, but you can select from the following values:
- - **1 day**
- - **7 days**
- - **30 days**
- - **Specific date**: The maximum value is 30 days from today.
+ - **I've confirmed it's clean**: Select this value if you're sure that the item is clean, and then select **Next**.
- - **Allow entry note**: Enter optional information about why you're allowing and submitting this URL.
+ :::image type="content" source="../../media/admin-submission-url-allow.png" alt-text="Submit a false positive (good) URL to Microsoft for analysis on the Submissions page in the Defender portal." lightbox="../../media/admin-submission-url-allow.png":::
- When you're finished in the **Submit to Microsoft for analysis** flyout, select **Submit**, and then select **Done**.
+5. On the second page of the **Submit to Microsoft for analysis** flyout that opens, do one of the following steps:
+ - Select **Submit**.
- :::image type="content" source="../../media/admin-submission-url-allow.png" alt-text="Submit a false positive (good) URL to Microsoft for analysis on the Submissions page in the Defender portal." lightbox="../../media/admin-submission-url-allow.png":::
+ or
+
+ - Select **Allow this URL**: This option creates an allow entry for the URL in the Tenant Allow/Block List. For more information about the Tenant Allow/Block List, see [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md).
+
+ After you select this option, the following settings are available:
+
+ - **Remove block entry after**: The default value is **30 days**, but you can select from the following values:
+ - **1 day**
+ - **7 days**
+ - **30 days**
+ - **Specific date**: The maximum value is 30 days from today.
+ - **Allow entry note (optional)**: Enter optional information about why you're allow this item.
+
+ When you're finished on the second page of the **Submit to Microsoft for analysis** flyout, select **Submit**.
+
+ :::image type="content" source="../../media/admin-submission-url-allow-page-2.png" alt-text="Choose whether to create a corresponding allow entry for the URL in the Tenant Allow/Block List." lightbox="../../media/admin-submission-url-allow-page-2.png":::
+
+6. Select **Done**.
After a few moments, the allow entry is available on the **URL** tab on the **Tenant Allow/Block Lists** page at <https://security.microsoft.com/tenantAllowBlockList?viewid=Url>.
You can sort the entries by clicking on an available column header. Select :::im
- **Submission name**<sup>\*</sup> - **Sender**<sup>\*</sup> - **Recipient**
+- **Submitted by**<sup>\*</sup>
- **Date submitted**<sup>\*</sup> - **Reason for submitting**<sup>\*</sup>-- **Original verdict**<sup>\*</sup> - **Status**<sup>\*</sup> - **Result**<sup>\*</sup> - **Delivery/Block reason**
You can sort the entries by clicking on an available column header. Select :::im
- **Bulk compliant level (BCL)** - **Destination** - **Policy action**-- **Submitted by** - **Phish simulation** - **Tags**<sup>\*</sup>: For more information about user tags, see [User tags](user-tags-about.md). - **Action**
You can sort the entries by clicking on an available column header. Select :::im
To group the entries, select :::image type="icon" source="../../media/m365-cc-sc-group-icon.png" border="false"::: **Group** and then select one of the following values: - **Reason**-- **Original verdict** - **Status** - **Result** - **Tags**
To filter the entries, select :::image type="icon" source="../../media/m365-cc-s
- **Submitted by** - **Reason for submitting**: Any of the following values: - **Not junk**
+ - **Appears clean**
+ - **Appears suspicious**
- **Phish** - **Malware** - **Spam**.
You can sort the entries by clicking on an available column header. Select :::im
To group the entries, select :::image type="icon" source="../../media/m365-cc-sc-group-icon.png" border="false"::: **Group** and then select one of the following values: - **Reason**-- **Original verdict** - **Status** - **Result** - **Tags**
To filter the entries, select :::image type="icon" source="../../media/m365-cc-s
- **Date submitted**: **Start date** and **End date**. - **Submission ID**: A GUID value that's assigned to every submission.
+- **Teams message ID**
+- **Sender**
+- **Recipient**
- **Teams message** - **Submitted by** - **Reason for submitting**: Any of the following values: - **Not junk**
+ - **Appears clean**
+ - **Appears suspicious**
- **Phish** - **Malware** - **Status**: **Pending** and **Completed**.
You can sort the entries by clicking on an available column header. Select :::im
To group the entries, select :::image type="icon" source="../../media/m365-cc-sc-group-icon.png" border="false"::: **Group** and then select one of the following values: - **Reason**-- **Original verdict** - **Status** - **Result** - **Tags**
To filter the entries, select :::image type="icon" source="../../media/m365-cc-s
- **Submitted by** - **Reason for submitting**: Any of the following values: - **Not junk**
+ - **Appears clean**
+ - **Appears suspicious**
- **Phish** - **Malware**
- - **Spam**.
- **Status**: **Pending** and **Completed**. - **Tags**: **All** or select [user tags](user-tags-about.md) from the dropdown list.
You can sort the entries by clicking on an available column header. Select :::im
To group the entries, select :::image type="icon" source="../../media/m365-cc-sc-group-icon.png" border="false"::: **Group** and then select one of the following values: - **Reason**-- **Original verdict** - **Status** - **Result** - **Tags**
To filter the entries, select :::image type="icon" source="../../media/m365-cc-s
- **Submitted by** - **Reason for submitting**: Any of the following values: - **Not junk**
+ - **Appears clean**
+ - **Appears suspicious**
- **Phish** - **Malware**
- - **Spam**
- **Status**: **Pending** and **Completed**. - **Tags**: **All** or select [user tags](user-tags-about.md) from the dropdown list.
You can sort the entries by clicking on an available column header. Select :::im
- **Date reported**<sup>\*</sup> - **Sender**<sup>\*</sup> - **Reported reason**<sup>\*</sup>-- **Original verdict**<sup>\*</sup> - **Result**<sup>\*</sup>: Contains the following information for reported messages based on the [user reported settings](submissions-user-reported-messages-custom-mailbox.md): - **Send the reported messages to** \> **Microsoft and my reporting mailbox** or **Microsoft only**: Values derived from the following analysis: - **Policy hits**: Information about any policies or overrides that may have allowed or blocked the incoming messages, including overrides to our filtering verdicts. The result should be available within several minutes. Otherwise, detonation and feedback from graders could take up to one day.
You can sort the entries by clicking on an available column header. Select :::im
- **Phish simulation** - **Converted to admin submission** - **Marked as**<sup>\*</sup>-- **Marked by**
+- **Marked by**<sup>\*</sup>
- **Date marked** - **Tags**<sup>\*</sup>: For more information about user tags, see [User tags](user-tags-about.md).
To group the entries, select :::image type="icon" source="../../media/m365-cc-sc
- **Sender** - **Reported by**-- **Original verdict** - **Result** - **Reported from** - **Converted to admin submission**
On the **User reported** tab, actions for user reported messages are available o
- Select the message from the list by selecting the check box next to the first column. The following actions are available on the **User reported** tab: - :::image type="icon" source="../../media/m365-cc-sc-submit-user-reported-message-icon.png" border="false"::: **[Submit to Microsoft for analysis](#submit-user-reported-messages-to-microsoft-for-analysis)** - :::image type="icon" source="../../media/m365-cc-scc-mark-and-notify-icon.png" border="false"::: **[Mark as and notify](#notify-users-about-admin-submitted-messages-to-microsoft)**
+ - **[Trigger investigation](#trigger-an-investigation-in-defender-for-office-365-plan-2)** (Defender for Office 365 Plan 2 only)
- Select the message from the list by clicking anywhere in the row other than the check box. The following actions are available in the details flyout that opens<sup>\*</sup>: - :::image type="icon" source="../../media/m365-cc-sc-submit-user-reported-message-icon.png" border="false"::: **[Submit to Microsoft for analysis](#submit-user-reported-messages-to-microsoft-for-analysis)**
These actions are described in the following subsections.
After you select the message on the **User reported** tab, use either of the following methods to submit the message to Microsoft: -- **On the User reported tab**: Select :::image type="icon" source="../../media/m365-cc-sc-submit-user-reported-message-icon.png" border="false"::: **Submit to Microsoft for analysis***.
+- **On the User reported tab**: Select :::image type="icon" source="../../media/m365-cc-sc-create-icon.png" border="false"::: **Submit to Microsoft for analysis***.
+
+- **In the details flyout of the selected message**: Select **Submit to Microsoft for analysis** or :::image type="icon" source="../../media/m365-cc-sc-more-actions-icon.png" border="false"::: **More options** \> **Submit to Microsoft for analysis** at the top of the flyout.
+
+In the **Submit to Microsoft for analysis** flyout that opens, do the following steps based on whether the message an email message or a Teams message:
-- **In the details flyout of the selected message**: Select :::image type="icon" source="../../media/m365-cc-sc-submit-user-reported-message-icon.png" border="false"::: **Submit to Microsoft for analysis** or :::image type="icon" source="../../media/m365-cc-sc-more-actions-icon.png" border="false"::: **More options** \> :::image type="icon" source="../../media/m365-cc-sc-submit-user-reported-message-icon.png" border="false"::: **Submit to Microsoft for analysis** at the top of the flyout.
+- **Email messages**:
+ - **Why are you submitting this message to Microsoft?**: Select one of the following values:
+ - **It appears clean** or **It appears suspicious**: Select one of these values to get a second opinion from Microsoft.
-In the **Submit to Microsoft for analysis** dropdown list, select one of the following values:
+ Select **Submit**, and then select **Done**.
-- **Available values for email messages**:
+ - **I've confirmed it's clean**: Select this value if you're sure that the item is clean, and then select **Next**.
- - **Report clean**: In the dialog that opens, review or configure the following settings:
+ On the next page of the flyout, do one of the following steps:
- **Allow email with similar attributes (URL, sender, etc.)**: Select this option to add corresponding allow entries in Tenant Allow/Block List. The following settings are available:
+ - Select **Submit**, and then select **Done**.
+
+ or
+
+ - Select **Allow this message**: This option creates an allow entry for the elements of the message in the Tenant Allow/Block List. For more information about the Tenant Allow/Block List, see [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md).
+
+ After you select this option, the following settings are available:
- **Remove allow entry after**: The default value is **30 days**, but you can select from the following values: - **1 day** - **7 days** - **30 days** - **Specific date**: The maximum value is 30 days from today.
- - **Allow entry note**: Enter optional information about why you're blocking this email.
- When you're finished in the **Submit message as clean to Microsoft** dialog, select **Submit**.
+ - **Allow entry note (optional)**: Enter optional information about why you're allowing this item. For spoofed senders, any value you enter here isn't shown in the allow entry on the **Spoofed senders** tab on the **Tenant Allow/Block Lists** page.
+
+ When you're finished in the flyout, select **Submit**, and then select **Done**.
- - **Report phishing**, **Report malware** or **Report spam**: These selections have the same options in the dialog that opens:
+ - **I've confirmed it's a threat**: Select this value if you're sure that the item is malicious, and then select one of the following values in the **Choose a category** section that appears:
+ - **Phish**
+ - **Malware**
+ - **Spam**
- **Block all email from this sender or domain**: Select this option to add a sender or domain block entry in Tenant Allow/Block List. The following settings are available:
+ Select **Next**.
- - Select **Sender** or **Domain**.
- - **Remove allow entry after**: The default value is **30 days**, but you can select from the following values:
- - **1 day**
- - **7 days**
- - **30 days**
- - **Specific date**: The maximum value is 30 days from today.
+ On the next page of the flyout, do one of the following steps:
- When you're finished in the dialog, select **Submit**.
+ - Select **Submit**, and then select **Done**.
- - **Trigger investigation**: Defender for Office 365 Plan 2 only. For more information, see [Trigger an investigation](air-about-office.md#example-a-security-administrator-triggers-an-investigation-from-threat-explorer).
+ or
+
+ - Select **Block all emails from this sender or domain**: This option creates a block entry for the sender domain or email address in the Tenant Allow/Block List. For more information about the Tenant Allow/Block List, see [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md).
+
+ After you select this option, the following settings are available:
+
+ - By default, **Sender** is selected but you can select **Domain** instead.
+ - **Remove block entry after**: The default value is **30 days**, but you can select from the following values:
+ - **1 day**
+ - **7 days**
+ - **30 days**
+ - **Never expire**
+ - **Specific date**: The maximum value is 30 days from today.
+ - **Block entry note (optional)**: Enter optional information about why you're blocking this item.
+
+ When you're finished in the flyout, select **Submit**, and then select **Done**.
:::image type="content" source="../../media/admin-submission-user-reported-submit-button-options.png" alt-text="The available actions in the Submit to Microsoft for analysis dropdown list." lightbox="../../media/admin-submission-user-reported-submit-button-options.png"::: -- **Available values for Teams messages**: No other options are available when you select one of the following values:
- - **Report clean**
- - **Report phishing**
- - **Report malware**
+- **Teams messages**: Select one of the following values:
+ - **I've confirmed its clean**
+ - **It appears clean**
+ - **It appears suspicious**
+
+ After you select one of these values, select **Submit**, and then select **Done**.
+
+ - **I've confirmed it's a threat**: Select this value if you're sure that the item is malicious, and then select one of the following values in the **Choose a category** section that appears:
+ - **Phish**
+ - **Malware**
+
+ Select **Submit**, and then select **Done**.
After you submit a user reported message to Microsoft from the **User reported** tab, the value of **Converted to admin submission** turns from **No** to **Yes**, and a corresponding admin submission entry is created on the appropriate tab on the **Submissions** page (for example, the **Emails** tab).
+#### Trigger an investigation in Defender for Office 365 Plan 2
+
+- **On the User reported tab**, select **Trigger investigation** in the dropdown list on :::image type="icon" source="../../media/m365-cc-sc-create-icon.png" border="false"::: **Submit to Microsoft for analysis***.
++
+For more information, see [Trigger an investigation](air-about-office.md#example-a-security-administrator-triggers-an-investigation-from-threat-explorer).
+ #### Notify users about admin submitted messages to Microsoft After an admin submits a user reported message to Microsoft from the **User reported** tab, admins can use the :::image type="icon" source="../../media/m365-cc-scc-mark-and-notify-icon.png" border="false"::: **Mark as and notify** action to mark the message with a verdict and send a templated notification message to the user who reported the message.
syntex Backup Limitations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/backup/backup-limitations.md
Performance and speed of web interfaces, initial configuration, and restores mig
- While restoring Exchange mailboxes at a granular level, the search feature provides several search parameters. These parameters allow you to enter up to a maximum of five keywords each. For example, the parameters ΓÇ£fromΓÇ¥ and ΓÇ£toΓÇ¥ allow you to enter up to a maximum of five email addresses each. -- The multi-geo feature isn't supported for SharePoint Online or OneDrive for Business services in this release. This might affect the restore of sites across different geos.
+- The multi-geo feature isn't supported for SharePoint Online or OneDrive for Business services in this release. This might affect the restore of sites across different geos. Exchange Online multi-geo is supported, however, when configuring a restore each mailbox in a single restore request must be in the same geo.
- OneDrive accounts and SharePoint sites that have undergone the following types of changes won't be undoable via restore: tenant rename, tenant move, and site URL change.