Updates from: 01/27/2021 04:16:16
Category Microsoft Docs article Related commit history on GitHub Change details
admin https://docs.microsoft.com/en-us/microsoft-365/admin/productivity/productivity-score https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/productivity/productivity-score.md a/microsoft-365/admin/productivity/productivity-score.md
@@ -75,13 +75,14 @@ For people experiences data, you need a Microsoft 365 for business or Office 365
Productivity Score is only available in the Microsoft 365 Admin Center and can only be accessed by IT professionals who have one of the following roles: -- Global admin
+- Global admin
- Exchange admins-- SharePoint admin -- Skype for Business admin -- Teams admin -- Global Reader -- Reports Reader
+- SharePoint admin
+- Skype for Business admin
+- Teams admin
+- Global Reader
+- Reports Reader
+- Usage Summary Reports Reader
> [!NOTE] > Only an IT professional with the Global Administrator role can sign up or opt in a tenant for Productivity Score.
admin https://docs.microsoft.com/en-us/microsoft-365/admin/services-in-china/parity-between-azure-information-protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/services-in-china/parity-between-azure-information-protection.md a/microsoft-365/admin/services-in-china/parity-between-azure-information-protection.md
@@ -1,10 +1,9 @@
Title: "Parity between Azure Information Protection for Office 365 operated by 21Vianet and commercial offerings"
+ Title: "Azure Information Protection support for Office 365 operated by 21Vianet"
f1.keywords: - NOCSH - audience: Admin
@@ -23,19 +22,23 @@ description: "Learn more about Azure Information Protection (AIP) for Office 365
monikerRange: 'o365-21vianet'
-# Parity between Azure Information Protection for Office 365 operated by 21Vianet and commercial offerings
+# Azure Information Protection support for Office 365 operated by 21Vianet
-While our goal is to deliver all commercial features and functionality to customers in China with our Azure Information Protection (AIP) for Office 365 operated by 21Vianet offer, there's some missing functionality that we'd like to highlight.
+This article covers the differences between Azure Information Protection (AIP) support for Office 365 operated by 21Vianet and commercial offerings, as well as specific instructions for configuring AIP for customers in China—including how to install the AIP on-premises scanner and manage content scan jobs.
-The following list includes the existing gaps between Azure Information Protection for Office 365 operated by 21Vianet and our commercial offerings as of January 2021:
+## Differences between AIP for Office 365 operated by 21Vianet and commercial offerings
+
+While our goal is to deliver all commercial features and functionality to customers in China with our AIP for Office 365 operated by 21Vianet offer, there's some missing functionality that we'd like to highlight.
+
+The following list includes the existing gaps between AIP for Office 365 operated by 21Vianet and our commercial offerings as of January 2021:
- Information Rights Management (IRM) is supported only for Microsoft 365 Apps for enterprise (build 11731.10000 or higher). Office 2010, Office 2013, and other Office 2016 versions are not supported. -- Migration from Active Directory Rights Management Services (AD RMS) to Azure Information Protection is currently not available.
+- Migration from Active Directory Rights Management Services (AD RMS) to AIP is currently not available.
-- Sharing of protected emails to users in the commercial cloud is supported.
+- Sharing of protected emails with users in the commercial cloud is supported.
-- Sharing of documents and email attachments to users in the commercial cloud is currently not available. This includes Office 365 operated by 21Vianet users in the commercial cloud, non-Office 365 operated by 21Vianet users in the commercial cloud, and users with an RMS for Individuals license.
+- Sharing of documents and email attachments with users in the commercial cloud is currently not available. This includes Office 365 operated by 21Vianet users in the commercial cloud, non-Office 365 operated by 21Vianet users in the commercial cloud, and users with an RMS for Individuals license.
- IRM with SharePoint (IRM-protected sites and libraries) is currently not available.
@@ -43,45 +46,61 @@ The following list includes the existing gaps between Azure Information Protecti
- The [Mobile Viewer](/azure/information-protection/rms-client/mobile-app-faq) is not supported by Azure China 21Vianet.
-## Configuring Azure Information Protection for customers in China
+## Configure AIP for customers in China
+
+To configure AIP for customers in China:
+1. [Enable Rights Management for the tenant](#step-1-enable-rights-management-for-the-tenant).
+
+2. [Configure DNS encryption](#step-2-configure-dns-encryption).
+
+3. [Install and configure the AIP unified labeling client](#step-3-install-and-configure-the-aip-unified-labeling-client).
+
+4. [Configure AIP apps on Windows](#step-4-configure-aip-apps-on-windows).
-### Enable Rights Management for the tenant
+5. [Install the AIP on-premises scanner and manage content scan jobs](#step-5-install-the-aip-on-premises-scanner-and-manage-content-scan-jobs).
-For the encryption to work correctly, the RMS must be enabled for the tenant.
+### Step 1: Enable Rights Management for the tenant
-- Check if the RMS is enabled:
- 1. Launch PowerShell as an administrator.
- 2. If the AIPService module isn't installed, run `Install-Module AipService`.
- 3. Import the module using `Import-Module AipService`.
- 4. Connect to the service using `Connect-AipService -environmentname azurechinacloud`.
- 5. Run `(Get-AipServiceConfiguration).FunctionalState` and check if the state is `Enabled`.
+For the encryption to work correctly, RMS must be enabled for the tenant.
-- If the functional state is `Disabled`, run `Enable-AipService`.
+1. Check if RMS is enabled:
-### DNS configuration for encryption (Windows)
+ 1. Launch PowerShell as an administrator.
+ 2. If the AIPService module isn't installed, run `Install-Module AipService`.
+ 3. Import the module using `Import-Module AipService`.
+ 4. Connect to the service using `Connect-AipService -environmentname azurechinacloud`.
+ 5. Run `(Get-AipServiceConfiguration).FunctionalState` and check if the state is `Enabled`.
+
+2. If the functional state is `Disabled`, run `Enable-AipService`.
+
+### Step 2: Configure DNS encryption
For encryption to work correctly, Office client applications must connect to the China instance of the service and bootstrap from there. To redirect client applications to the right service instance, the tenant admin must configure a DNS SRV record with information about the Azure RMS URL. Without the DNS SRV record, the client application will attempt to connect to the public cloud instance by default and will fail. Also, the assumption is that users will log in with a username based off the tenant-owned domain (for example, `joe@contoso.cn`), and not the `onmschina` username (for example, `joe@contoso.onmschina.cn`). The domain name from the username is used for DNS redirection to the correct service instance. -- Get the RMS ID:
- 1. Launch PowerShell as an administrator.
- 2. If the AIPService module isn't installed, run `Install-Module AipService`.
- 3. Connect to the service using `Connect-AipService -environmentname azurechinacloud`.
- 4. Run `(Get-AipServiceConfiguration).RightsManagementServiceId` to get the RMS ID.
+#### Configure DNS encryption - Windows
+
+1. Get the RMS ID:
-- Log in to your DNS provider, navigate to the DNS settings for the domain, and then add a new SRV record.
- - Service = `_rmsredir`
- - Protocol = `_http`
- - Name = `_tcp`
- - Target = `[GUID].rms.aadrm.cn` (where GUID is the RMS ID)
- - Priority, Weight, Seconds, TTL = default values
+ 1. Launch PowerShell as an administrator.
+ 2. If the AIPService module isn't installed, run `Install-Module AipService`.
+ 3. Connect to the service using `Connect-AipService -environmentname azurechinacloud`.
+ 4. Run `(Get-AipServiceConfiguration).RightsManagementServiceId` to get the RMS ID.
-- Associate the custom domain with the tenant in the [Azure portal](https://portal.azure.cn/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Domains). This will add an entry in DNS, which might take several minutes to get verified after you add the value to the DNS settings.
+2. Log in to your DNS provider, navigate to the DNS settings for the domain, and then add a new SRV record.
-- Log in to the Microsoft 365 admin center with the corresponding global admin credentials and add the domain (for example, `contoso.cn`) for user creation. In the verification process, additional DNS changes might be required. Once verification is done, users can be created.
+ - Service = `_rmsredir`
+ - Protocol = `_http`
+ - Name = `_tcp`
+ - Target = `[GUID].rms.aadrm.cn` (where GUID is the RMS ID)
+ - Priority, Weight, Seconds, TTL = default values
-### DNS configuration for encryption (Mac, iOS, Android)
+3. Associate the custom domain with the tenant in the [Azure portal](https://portal.azure.cn/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Domains). This will add an entry in DNS, which might take several minutes to get verified after you add the value to the DNS settings.
+
+4. Log in to the Microsoft 365 admin center with the corresponding global admin credentials and add the domain (for example, `contoso.cn`) for user creation. In the verification process, additional DNS changes might be required. Once verification is done, users can be created.
+
+#### Configure DNS encryption - Mac, iOS, Android
Log in to your DNS provider, navigate to the DNS settings for the domain, and then add a new SRV record.
@@ -92,13 +111,13 @@ Log in to your DNS provider, navigate to the DNS settings for the domain, and th
- Port = `80` - Priority, Weight, Seconds, TTL = default values
-### AIP client configuration
+### Step 3: Install and configure the AIP unified labeling client
-The unified AIP client can be downloaded from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=53018).
+Download the AIP unified labeling client from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=53018).
For more information, see: -- [Azure Information Protection documentation](/azure/information-protection/)
+- [AIP documentation](/azure/information-protection/)
- [AIP version history and support policy](/azure/information-protection/rms-client/unifiedlabelingclient-version-release-history) - [AIP system requirements](/azure/information-protection/requirements) - [AIP quickstart: Deploy the AIP client](/azure/information-protection/quickstart-deploy-client)
@@ -106,9 +125,9 @@ For more information, see:
- [AIP user guide](/azure/information-protection/rms-client/clientv2-user-guide) - [Learn about Microsoft 365 sensitivity labels](/microsoft-365/compliance/sensitivity-labels)
-### AIP apps configuration (unified labeling client only)
+### Step 4: Configure AIP apps on Windows
-For the unified labeling solution, AIP apps on Windows need the following registry key to point them to the correct sovereign cloud for Azure China:
+AIP apps on Windows need the following registry key to point them to the correct sovereign cloud for Azure China:
- Registry node = `HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\MSIP` - Name = `CloudEnvType`
@@ -118,9 +137,11 @@ For the unified labeling solution, AIP apps on Windows need the following regist
> [!IMPORTANT] > Make sure you don't delete the registry key after an uninstall. If the key is empty, incorrect, or non-existent, the functionality will behave as the default value (default value = 0 for the commercial cloud). If the key is empty or incorrect, a print error is also added to the log.
-### Manage Azure Information Protection content scan jobs
+### Step 5: Install the AIP on-premises scanner and manage content scan jobs
+
+Install the AIP on-premises scanner to scan your network and content shares for sensitive data, and apply classification and protection labels as configured in your organization's policy.
-To manage your Azure Information Protection content scan jobs with an Azure China scanner server, use the following cmdlets instead of the Azure portal:<br><br>
+When installing the scanner and managing your content scan jobs, use the following cmdlets instead of the Azure portal interface that's used by the commercial offerings:<br><br>
| Cmdlet | Description | |--|--|
@@ -132,4 +153,4 @@ To manage your Azure Information Protection content scan jobs with an Azure Chin
| [Set-AIPScannerContentScanJob](/powershell/module/azureinformationprotection/set-aipscannercontentscanjob) | Defines settings for your content scan job. | | [Set-AIPScannerRepository](/powershell/module/azureinformationprotection/set-aipscannerrepository) | Defines settings for an existing repository in your content scan job. |
-For more information, see [Manage your content scan jobs using PowerShell only](/azure/information-protection/deploy-aip-scanner-prereqs#use-powershell-with-a-disconnected-computer).
\ No newline at end of file
+For more information, see [What is the Azure Information Protection unified labeling scanner?](/azure/information-protection/deploy-aip-scanner) and [Manage your content scan jobs using PowerShell only](/azure/information-protection/deploy-aip-scanner-prereqs#use-powershell-with-a-disconnected-computer).
\ No newline at end of file
admin https://docs.microsoft.com/en-us/microsoft-365/admin/setup/download-software-licenses-csp https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/download-software-licenses-csp.md a/microsoft-365/admin/setup/download-software-licenses-csp.md
@@ -1,5 +1,5 @@
Title: "Download perpetual software and product license keys"
+ Title: "Download perpetual software and product license keys bought through the Cloud Solution Provider (CSP) program"
f1.keywords: - NOCSH
commerce https://docs.microsoft.com/en-us/microsoft-365/commerce/subscriptions/change-plans-manually https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/change-plans-manually.md a/microsoft-365/commerce/subscriptions/change-plans-manually.md
@@ -86,7 +86,7 @@ The licenses for the current subscription will be removed later; you'll only pay
2. On the **Active users** page, select the user to whom you want to assign a license.
-3. On te **Licenses and Apps** tab, expand **Licenses**, select the boxes for the licenses that you want to assign, then select **Save changes**.
+3. On the **Licenses and Apps** tab, expand **Licenses**, select the boxes for the licenses that you want to assign, then select **Save changes**.
### Reassign licenses for multiple users at once
@@ -114,4 +114,4 @@ If you moved all users from one subscription to another, and you no longer need
If you moved only some users to a different subscription, [remove licenses](../licenses/remove-licenses-from-subscription.md) that you no longer need. ## Call support to help you change plans
-[Call Microsoft support](../../admin/contact-support-for-business-products.md)
\ No newline at end of file
+[Call Microsoft support](../../admin/contact-support-for-business-products.md)
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/content-search https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/content-search.md a/microsoft-365/compliance/content-search.md
@@ -20,57 +20,49 @@ search.appverid:
ms.assetid: 53390468-eec6-45cb-b6cd-7511f9c909e4 - seo-marvel-apr2020
-description: "Use the Content Search tool in the compliance center in Office 365 or Microsoft 365 to search for content in a variety of Office 365 services."
+description: "Use the Content Search tool in the Microsoft compliance center to search for content in different Microsoft 365 services."
# Content Search
-You can use the Content Search eDiscovery tool in the compliance center in Office 365 or Microsoft 365 to search for in-place items such as email, documents, and instant messaging conversations in your organization. Use this tool to search for items in these
+You can use the Content search eDiscovery tool in the compliance center in Office 365 or Microsoft 365 to search for in-place items such as email, documents, and instant messaging conversations in your organization. Use this tool to search for items in these
-- Exchange Online mailboxes and public folders
-
+- Exchange Online mailboxes
+ - SharePoint Online sites and OneDrive for Business accounts
-
-- Skype for Business conversations
-
-- Microsoft Teams +
+- Microsoft Teams
- Microsoft 365 Groups -- Yammer Groups
-
-After you run a Content Search, the number of content locations and an estimated number of search results are displayed in the search statistics. You can also quickly view statistics, such as the content locations that have the most items that match the search query. After you run a search, you can preview the results or export them to a local computer.
+- Yammer Groups
+
+- Skype for Business conversations
+
+After you run a Content search, the number of content locations and an estimated number of search results are displayed in the search statistics. You can also quickly view statistics, such as the content locations that have the most items that match the search query. After you run a search, you can preview the results or export them to a local computer.
## Create a search To have access to the **Content search** page to run searches and preview and export search results, an administrator, compliance officer, or eDiscovery manager must be a member of the eDiscovery Manager role group in the Security & Compliance Center. For more information, see [Assign eDiscovery permissions](assign-ediscovery-permissions.md).
-1. Go to [https://protection.office.com](https://protection.office.com) and sign in using your Microsoft email address and password.
-
-2. Click **Search** \> **Content search**.
-
-3. On the **Search** page, click the arrow next to ![Add icon](../media/8ee52980-254b-440b-99a2-18d068de62d3.gif) **New search**.
+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com) and sign in using your Microsoft email address and password.
+
+2. In the left navigation pane of the Microsoft 365 compliance center, click **Show all**, and then click **Content search**.
- ![The New search dropdown list](../media/76b25861-55c5-4f50-9d48-9e2be2d0d078.png)
+3. On the **Content search** page, click **New search**.
- You can choose one of the following options:
-
- - **Guided search:** This option starts a wizard that guides you through the creating the search. The user interface to select content locations and build the search query are the same as the **New search** option.
-
- - **New search:** This option displays an updated user interface to create a search. This is the default option if you click **New search**.
-
- - **Search by ID List:** This option lets you search for specific email messages and other mailbox items using a list of Exchange IDs. To create an ID list search (formally called a targeted search), you submit a comma-separated value (CSV) file that identifies the specific mailbox items to search for. For instructions, see [Prepare a CSV file for an ID list Content Search in Office 365](csv-file-for-an-id-list-content-search.md).
+ You can also choose one of the other search options:
- The remainder of the steps in this procedure follows the default new search workflow.
+ - **Guided search:** This option starts a wizard that guides you through the creating the search. The user interface to select content locations and build the search query are the same as the **New search** option.
-4. Click **New search** in the drop-down list.
+ - **Search by ID list:** This option lets you search for specific email messages and other mailbox items using a list of Exchange IDs. To create an ID list search, you submit a comma-separated value (CSV) file that identifies the specific mailbox items to search for. For instructions, see [Prepare a CSV file for an ID list search](csv-file-for-an-id-list-content-search.md).
-5. Under **Search query**, specify the following things:
+4. Under **Search query**, specify the following things:
![Specify keywords, conditions, and locations to search](../media/1e6de9dd-eac9-4e2a-819d-9740cf6c9106.png) - **Keywords to search for:** Type a search query in **Keywords** box. You can specify keywords, message properties such as sent and received dates, or document properties such as file names or the date that a document was last changed. You can use more complex queries that use a Boolean operator, such as **AND**, **OR**, **NOT**, and **NEAR**. You can also search for sensitive information (such as social security numbers) in documents, or search for documents that have been shared externally. If you leave the keyword box empty, all content located in the specified content locations is included in the search results.
-
+ Alternatively, you can click the **Show keyword list** checkbox and the type a keyword in each row. If you do this, the keywords on each row are connected by a logical operator (**c:s**) that is similar in functionality to the **OR** operator in the search query that's created. Why use the keyword list? You can get statistics that show how many items match each keyword. This can help you quickly identify which keywords are the most (and least) effective. You can also use a keyword phrase (surrounded by parentheses) in a row. For more information about search statistics, see [View keyword statistics for Content Search results](view-keyword-statistics-for-content-search.md).
@@ -93,17 +85,17 @@ To have access to the **Content search** page to run searches and preview and ex
> [!NOTE] > When you search all mailbox locations or just specific mailboxes, data from other Office 365 applications that's saved to user mailboxes is included when you export the results of a Content Search. This data won't be included in the estimated search results and isn't available for preview. It is included when you export and download the search results. For more information, see [Content stored in Exchange Online mailboxes](what-is-stored-in-exo-mailbox.md).
-6. After you've set up your search query, click **Save & run**.
+5. After you've set up your search query, click **Save & run**.
-7. On the **Save search** page, type a name for the search, and an optional description that helps identify the search. The name of the search has to be unique in your organization.
+6. On the **Save search** page, type a name for the search, and an optional description that helps identify the search. The name of the search has to be unique in your organization.
-8. Click **Save** to start the search.
+7. Click **Save** to start the search.
After you save and run the search, any results returned by the search are displayed in the results pane. Depending on how you have the preview setting configured, the search results are display or you have to click **Preview results** to view them. See the next section for details. To access this content search again or access other content searches listed on the **Content search** page, select the search and then click **Open**.
-To clear the results or create another search, click ![Add icon](../media/O365-MDM-CreatePolicy-AddIcon.gif) **New search**.
+To clear the results or create another search, click ![Add icon](../media/O365-MDM-CreatePolicy-AddIcon.gif) **New search**.
## Preview search results
@@ -111,7 +103,7 @@ There are two configuration settings for previewing search results. After you ru
![Preview search results settings](../media/83519477-1c85-4442-8886-481f186fd758.png)
-1. **Preview results automatically:** This setting displays the search results after you a run a search.
+1. **Preview results automatically:** This setting displays the search results after you run a search.
2. **Preview results manually:** This setting displays placeholders in the search results pane, and displays the **Preview results** button that you have to click to display the search results. This is the default setting. It helps enhance search performance by not automatically displaying the search results when you open an existing search.
@@ -129,23 +121,22 @@ You can also download the search statistics and keyword statistics to a CSV file
To view search statistics:
-1. On the **Content search** page, click **Open** and then click the search that you want to view the statistic for.
-
+1. On the **Content search** page, click **Open** and then click the search that you want to view the statistic for.
+
2. On the flyout page, click **Open query**.
-
+
3. In the **Individual results** drop down list, click **Search statistics**.
-
+
4. In the **Type** drop down list, click one of the following options depending on the search statistics you want to view:
-
+
- **Summary:** Displays statistics for each type of content locations searched. This contents the number of content locations that contained items that matched the search query, and the total number and size of search result items. This is the default setting. - **Queries:** Displays statistics about the search query. This includes the type of content location the query statistics are applicable to, part of the search query the statistics are applicable to (note that **Primary** indicates the entire search query), the number of the content locations that contain items that match the search query, and the total number and size and items that were found (in the specified content location) that match the search query. Statistics for unindexed items (also called *partially indexed items*) are also displayed. However, only partially indexed items from mailboxes are included in the statistics. Partially indexed items from SharePoint and OneDrive are not included in the statistics. - **Top locations:** Displays statistics about the number of items that match the search query in each content location. The top 1,000 locations are displayed.
-
+ For more detailed information about search statistics, see [View keyword statistics for Content Search results](view-keyword-statistics-for-content-search.md).
-
## Export search results After a search is successfully run, you can export the search results to a local computer. When you export email results, they can be downloaded to your computer as PST files or as individual messages (.msg files). When you export content from SharePoint and OneDrive sites, copies of native Office documents are exported. There are also other documents and reports that are included with the exported search results. You can also export the search results report and not the actual items.
@@ -153,21 +144,20 @@ After a search is successfully run, you can export the search results to a local
To export search results: 1. On the **Content search** page, click the search that you want to export the search results for.
-
-2. On the flyout page, click ![Export search results icon](../media/47205c65-babd-4b3a-bd7b-98dfd92883ba.png) **More**, and then click **Export results**. You can also export a search results report.
-
-3. Complete the sections on the **Export results** fly out page. Be sure to use the scroll bar to view all export options.
-
+
+2. On the flyout page, click **Export results**. You can also export a search results report.
+
+3. Complete the sections on the **Export results** fly out page. Be sure to use the scroll bar to view all export options.
+ For more detailed instructions and troubleshooting tips, see: -- [Export Content Search results](export-search-results.md)
-
-- [Export a Content Search report](export-a-content-search-report.md)
-
-
+- [Export Content search results](export-search-results.md)
+
+- [Export a Content search report](export-a-content-search-report.md)
+ ## More information about content search
-See the following sections for more information about content searches.
+See the following sections for more information about Content searches.
[Content search limits](#content-search-limits)
@@ -191,18 +181,19 @@ See the following sections for more information about content searches.
### Content search limits -- For a description of the limits that are applied to the Content Search feature, see [Limits for Content Search](limits-for-content-search.md).
-
-- Microsoft collects performance information for Content Searches run by all organizations. While the complexity of the search query can impact search times, the biggest factor that affects how long searches take is the number of mailboxes searched. Although Microsoft doesn't provide a Service Level Agreement for search times, the following table lists average search times for a Content Search based on the number of mailboxes included in the search.
-
-|**Number of mailboxes**|**Average search time**|
-|:--|:--|
-|100 <br/> |30 seconds <br/> |
-|1,000 <br/> |45 seconds <br/> |
-|10,000 <br/> |4 minutes <br/> |
-|25,000 <br/> |10 minutes <br/> |
-|50,000 <br/> |20 minutes <br/> |
-|100,000 <br/> |25 minutes <br/> |
+- For a description of the limits that are applied to Content search, see [Limits for Content search](limits-for-content-search.md).
+
+- Microsoft collects performance information for Content searches run by all organizations. While the complexity of the search query can impact search times, the biggest factor that affects how long searches take is the number of mailboxes searched. Although Microsoft doesn't provide a Service Level Agreement for search times, the following table lists average search times for a Content Search based on the number of mailboxes included in the search.
+
+ |**Number of mailboxes**|**Average search time**|
+ |:--|:--|
+ |100 <br/> |30 seconds <br/> |
+ |1,000 <br/> |45 seconds <br/> |
+ |10,000 <br/> |4 minutes <br/> |
+ |25,000 <br/> |10 minutes <br/> |
+ |50,000 <br/> |20 minutes <br/> |
+ |100,000 <br/> |25 minutes <br/> |
+ |||
### Building a search query
@@ -238,7 +229,7 @@ Keep the following things in mind when using the keyword list to create a search
### Searching Microsoft Teams and Microsoft 365 Groups
-You can search the mailbox that's associated with an Microsoft 365 Group or a Microsoft Team. Because Microsoft Teams is built on Microsoft 365 Groups, searching them is similar. In both cases, only the group or team mailbox is searched. The mailboxes of the group or team members aren't searched. To search them, you have to specifically add them to the search.
+You can search the mailbox that's associated with a Microsoft Team or Microsoft 365 Group. Because Microsoft Teams is built on Microsoft 365 Groups, searching them is similar. In both cases, only the group or team mailbox is searched. The mailboxes of the group or team members aren't searched. To search them, you have to specifically add them to the search.
Keep the following things in mind when searching for content in Microsoft Teams and Microsoft 365 Groups.
@@ -246,7 +237,7 @@ Keep the following things in mind when searching for content in Microsoft Teams
- Content from private channels is stored in each user's mailbox, not the team mailbox. To search for content in private channels, see [eDiscovery of private channels](https://docs.microsoft.com/microsoftteams/ediscovery-investigation#ediscovery-of-private-channels). -- Run the **Get-UnifiedGroup** cmdlet in Exchange Online to view properties for a team or an Microsoft 365 Group. This is a good way to get the URL for the site that's associated with a team or a group. For example, the following command displays selected properties for an Microsoft 365 Group named Senior Leadership Team:
+- Run the **Get-UnifiedGroup** cmdlet in Exchange Online to view properties for a team or a Microsoft 365 Group. This is a good way to get the URL for the site that's associated with a team or a group. For example, the following command displays selected properties for a Microsoft 365 Group named Senior Leadership Team:
```text Get-UnifiedGroup "Senior Leadership Team" | FL DisplayName,Alias,PrimarySmtpAddress,SharePointSiteUrl
@@ -259,12 +250,12 @@ Keep the following things in mind when searching for content in Microsoft Teams
> [!NOTE] > To run the **Get-UnifiedGroup** cmdlet, you have to be assigned the View-Only Recipients role in Exchange Online or be a member of a role group that's assigned the View-Only Recipients role. -- When a user's mailbox is searched, any team or Microsoft 365 Group that the user is a member of won't be searched. Similarly, when you search a team or an Microsoft 365 Group, only the group mailbox and group site that you specify is searched. The mailboxes and OneDrive for Business accounts of group members aren't searched unless you explicitly add them to the search.
-
-- To get a list of the members of a team or an Microsoft 365 Group, you can view the properties on the **Home \> Groups** page in the Microsoft 365 admin center. Alternatively, you can run the following command in Exchange Online PowerShell:
-
+- When a user's mailbox is searched, any team or Microsoft 365 Group that the user is a member of won't be searched. Similarly, when you search a team or a Microsoft 365 Group, only the group mailbox and group site that you specify is searched. The mailboxes and OneDrive for Business accounts of group members aren't searched unless you explicitly add them to the search.
+
+- To get a list of the members of a team or a Microsoft 365 Group, you can view the properties on the **Home \> Groups** page in the Microsoft 365 admin center. Alternatively, you can run the following command in Exchange Online PowerShell:
+ ```powershell
- Get-UnifiedGroupLinks <group or team name> -LinkType Members | FL DisplayName,PrimarySmtpAddress
+ Get-UnifiedGroupLinks <group or team name> -LinkType Members | FL DisplayName,PrimarySmtpAddress
``` > [!NOTE]
@@ -275,14 +266,14 @@ Keep the following things in mind when searching for content in Microsoft Teams
- Alternatively, conversations that are part of the Chat list in Teams are stored in the Exchange Online mailbox of the users who participate in the chat. And files that a user shares in Chat conversations are stored in the OneDrive for Business account of the user who shares the file. Therefore, you have to add the individual user mailboxes and OneDrive for Business accounts as content locations to search conversations and files in the Chat list. > [!NOTE]
- > In an Exchange hybrid deployment, users with an on-premises mailbox might participate in conversations that are part of the Chat list in Teams. In this case, content from these conversations is also searchable because it's saved to a cloud-based storage area (called a *cloud-based mailbox for on-premises users*) for users who have an on-premises mailbox. For more information, see [Searching cloud-based mailboxes for on-premises users in Office 365](search-cloud-based-mailboxes-for-on-premises-users.md).
+ > In an Exchange hybrid deployment, users with an on-premises mailbox might participate in conversations that are part of the Chat list in Teams. In this case, content from these conversations is also searchable because it's saved to a cloud-based storage area (called a *cloud-based mailbox for on-premises users*) for users who have an on-premises mailbox. For more information, see [Search for Teams chat data for on-premises users](search-cloud-based-mailboxes-for-on-premises-users.md).
-- Every team or team channel contains a Wiki for note-taking and collaboration. The Wiki content is automatically saved to a file with a .mht format. This file is stored in the Teams Wiki Data document library on the team's SharePoint site. You can use the Content Search tool to search the Wiki by specifying the team's SharePoint site as the content location to search.
-
+- Every team or team channel contains a Wiki for note-taking and collaboration. The Wiki content is automatically saved to a file with a .mht format. This file is stored in the Teams Wiki Data document library on the team's SharePoint site. You can use the Content Search tool to search the Wiki by specifying the team's SharePoint site as the content location to search.
+ > [!NOTE]
- > The capability to search the Wiki for a team or channel (when you search the team's SharePoint site) was released on June 22, 2017. Wiki pages that were saved or updated on that date or after are available to be searched. Wiki pages last saved or updated before that date aren't available for search.
-
-- Summary information for meetings and calls in a Teams channel are also stored in the mailboxes of users who dialed into the meeting or call. This means you can use Content Search to search these summary records. Summary information includes:
+ > The capability to search the Wiki for a team or channel (when you search the team's SharePoint site) was released on June 22, 2017. Wiki pages that were saved or updated on that date or after are available to be searched. Wiki pages last saved or updated before that date aren't available for search.
+
+- Summary information for meetings and calls in a Teams channel are also stored in the mailboxes of users who dialed into the meeting or call. This means you can use Content Search to search these summary records. Summary information includes:
- Date, start time, end time, and duration of a meeting or call
@@ -302,17 +293,36 @@ Keep the following things in mind when searching for content in Microsoft Teams
For more information, see [Microsoft Teams launches eDiscovery for calls and meetings](https://techcommunity.microsoft.com/t5/microsoft-teams-blog/microsoft-teams-launches-ediscovery-for-calling-and-meetings/ba-p/210947). -- You can use the **Kind** email property or the **Message kind** search condition to search specifically for content in Teams.
+- Card content generated by apps in Teams channels, 1:1 chats, and 1xN chats is stored in mailboxes and can be searched. A *card* is a UI container for short pieces of content. Cards can have multiple properties and attachments, and can include buttons that can trigger card actions. For more information, see [Cards](https://docs.microsoft.com/microsoftteams/platform/task-modules-and-cards/what-are-cards)
+
+ Like other Teams content, where card content is stored is based on where the card was used. Content for cards used in a Teams channel is stored in the Teams group mailbox. Card content for 1:1 and 1xN chats are stored in the mailboxes of the chat participants.
+
+ To search for card content, you can use the `kind:microsoftteams` or `itemclass:IPM.SkypeTeams.Message` search conditions. When reviewing search results, card content generated by bots in a Teams channel have the **Sender/Author** email property as `<appname>@teams.microsoft.com`, where `appname` is the name of the app that generated the card content. If card content was generated by a user, the value of **Sender/Author** identifies the user.
+
+ When viewing card content in Content search results, the content appears as an attachment to the message. The attachment is named `appname.html`, where `appname` is the name of the app that generated the card content. The following screenshots show how card content (for an app named Asana) appears in Teams and in the results of a search.
+
+ **Card content in Teams**
+
+ ![Card content in Teams channel message](../media/CardContentTeams.png)
+
+ **Card content in search results**
+
+ ![Same card content in the results of a Content search](../media/CardContentEdiscoverySearchResults.png)
+
+ > [!NOTE]
+ > To display images from card content in search results at this time (such as the checkmarks in the previous screenshot), you have to be signed into Teams (at https://teams.microsoft.com) in a different tab in the same browser session that you use to view the search results. Otherwise, image placeholders are displayed.
+
+- You can use the **Kind** email property or the **Message kind** search condition to search specifically for content in Teams.
- To use the **Kind** property as part of the keyword search query, in the **Keywords** box of a search query, type `kind:microsoftteams`. ![Use kind:microsoftteams in the Keywords box](../media/O365-ContentSearch-Teams-Keywords.png)
- - To use a search condition, add the **Message kind** condition and use the value `microsoftteams`.
+ - To use a search condition, add the **Message kind** condition and use the value `microsoftteams`.
![Use the Message kind condition with the value microsoftteams.](../media/O365-ContentSearch-Teams-MessageKindCondition.png)
-Conditions are logically connected to the keyword query by the **AND** operator. That means an item must match both the keyword query and the search condition to be returned in the search results. For more information, see the "Guidelines for using conditions" section in [Keyword queries and search conditions for Content Search.](keyword-queries-and-search-conditions.md#guidelines-for-using-conditions)
+ Conditions are logically connected to the keyword query by the **AND** operator. That means an item must match both the keyword query and the search condition to be returned in the search results. For more information, see the "Guidelines for using conditions" section in [Keyword queries and search conditions for Content Search.](keyword-queries-and-search-conditions.md#guidelines-for-using-conditions)
### Searching Yammer Groups
@@ -340,21 +350,21 @@ You can search inactive mailboxes in a content search. To get a list of the inac
Here are a few things to keep in mind when searching inactive mailboxes. - If an existing content search includes a user mailbox and that mailbox is made inactive, the content search will continue to search the inactive mailbox when you rerun the search after it becomes inactive.
-
+ - Sometimes a user may have an active mailbox and an inactive mailbox that have the same SMTP address. In this case, only the specific mailbox that you select as a location for a content search is searched. In other words, if you add a user's mailbox to a search, you can't assume that both their active and inactive mailboxes are searched. Only the mailbox that you explicitly add to the search is searched.
-
+ - You can use Security & Compliance Center PowerShell to create a content search to search an inactive mailbox. To do this, you have to pre-append a period ( . ) to the email address of the inactive mailbox. For example, the following command creates a content search that searches an inactive mailbox with the email address pavelb@contoso.onmicrosoft.com:
- ```
+ ```powershell
New-ComplianceSearch -Name InactiveMailboxSearch -ExchangeLocation .pavelb@contoso.onmicrosoft.com -AllowNotFoundExchangeLocationsEnabled $true ``` - We strongly recommend that you avoid having an active mailbox and inactive mailbox with the same SMTP address. If you need to reuse the SMTP address that is assigned to an inactive mailbox, we recommend that you recover the inactive mailbox or restore the contents of an inactive mailbox to an active mailbox (or the archive of an active mailbox), and then delete the inactive mailbox. For more information, see one of the following topics:
-
+ - [Recover an inactive mailbox in Office 365](recover-an-inactive-mailbox.md)
-
+ - [Restore an inactive mailbox in Office 365](restore-an-inactive-mailbox.md)
-
+ - [Delete an inactive mailbox in Office 365](delete-an-inactive-mailbox.md) ### Searching disconnected or de-licensed mailboxes
@@ -386,28 +396,27 @@ You can preview supported file types in the preview pane. If a file type isn't s
Also, the following file container types are supported. You can view the list of files in the container in the preview pane. - .zip
-
+ - .gzip
-
+ ### Partially indexed items -- As previously explained, partially indexed items in mailboxes are included in the estimated search results. Partially indexed items from SharePoint and OneDrive aren't included in the estimated search results.
-
+- As previously explained, partially indexed items in mailboxes are included in the estimated search results. Partially indexed items from SharePoint and OneDrive aren't included in the estimated search results.
+ - If a partially indexed item matches the search query (because other message or document properties meet the search criteria), it isn't included in the estimated number of unindexed items. If a partially indexed item is excluded by the search criteria, it isn't included in the estimated number of unindexed items. For more information, see [Partially indexed items in Content Search in Office 365](partially-indexed-items-in-content-search.md). ### Searching for content in a SharePoint Multi-Geo environment If it's necessary for an eDiscovery manager to search for content in SharePoint and OneDrive in different regions in a [SharePoint multi-geo environment](https://go.microsoft.com/fwlink/?linkid=860840), then you need to do the following things to make that happen:
-
+ 1. Create a separate user account for each satellite geo location that the eDiscovery manager needs to search. To search for content in sites in that geo location, the eDiscovery manager must sign in to the account you created for that location and then run a content search. 2. Create a search permissions filter for each satellite geo location (and corresponding user account) the eDiscovery manager needs to search. Each of these search permissions filters limits the scope of the content search to a specific geo location when the eDiscovery manager is signed in to the user account associated with that location.
-
-> [!TIP]
-> You don't have to use this strategy when using the search tool in [Advanced eDiscovery](overview-ediscovery-20.md). That's because all datacenters are searched when you search SharePoint sites and OneDrive accounts in Advanced eDiscovery. You have to use this strategy of region-specific user accounts and search permissions filters only when using the Content Search tool and running searches associated with [eDiscovery cases](ediscovery-cases.md).
+> [!TIP]
+> You don't have to use this strategy when using the search tool in [Advanced eDiscovery](overview-ediscovery-20.md). That's because all datacenters are searched when you search SharePoint sites and OneDrive accounts in Advanced eDiscovery. You have to use this strategy of region-specific user accounts and search permissions filters only when using the Content Search tool and running searches associated with [eDiscovery cases](ediscovery-cases.md).
-For example, let's say that an eDiscovery manager needs to search for SharePoint and OneDrive content in satellite locations in North American, Europe, and Asia Pacific. The first step is to create three users accounts, one for each location. The next step is to create three search permissions filters, one for each location *and* corresponding user account. Here are examples of the three search permissions filters for this scenario. In each of these examples, the **Region** specifies the SharePoint datacenter location for that geo and the **Users** parameter specifies the corresponding user account.
+For example, let's say that an eDiscovery manager needs to search for SharePoint and OneDrive content in satellite locations in North American, Europe, and Asia Pacific. The first step is to create three users accounts, one for each location. The next step is to create three search permissions filters, one for each location *and* corresponding user account. Here are examples of the three search permissions filters for this scenario. In each of these examples, the **Region** specifies the SharePoint datacenter location for that geo and the **Users** parameter specifies the corresponding user account.
**North America**
@@ -431,6 +440,6 @@ Keep the following things in mind when using search permissions filters to searc
- The **Region** parameter directs searches to the specified satellite location. If an eDiscovery manager only searches SharePoint and OneDrive sites outside of the region specified in the search permissions filter, no search results are returned. -- The **Region** parameter doesn't control searches of Exchange mailboxes. All datacenters are searched when you search mailboxes.
-
+- The **Region** parameter doesn't control searches of Exchange mailboxes. All datacenters are searched when you search mailboxes.
+ For more information about using search permissions filters in a multi-geo environment, see the "Searching and exporting content in Multi-Geo environments" section in [Set up compliance boundaries for eDiscovery investigations](set-up-compliance-boundaries.md#searching-and-exporting-content-in-multi-geo-environments).
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/create-ediscovery-holds https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-ediscovery-holds.md a/microsoft-365/compliance/create-ediscovery-holds.md
@@ -106,7 +106,7 @@ Keep the following things in mind about eDiscovery hold statistics:
When you [search for content](search-for-content-in-core-ediscovery.md) in a Core eDiscovery case, you can quickly configure the search to only search the content locations that have been placed on a hold associated with the case.
-![Locations, locations on hold](../media/d56398aa-0b20-4500-8e26-494eab92a99f.png)
+![Locations on hold](../media/d56398aa-0b20-4500-8e26-494eab92a99f.png)
Select the **Locations on hold** option to search all the content locations that have been placed on hold. If the case contains multiple eDiscovery holds, the content locations from all holds will be searched when you select this option. Additionally, if a content location was placed on a query-based hold, only the items that match the hold query will be searched when you run the search. In other words, only the content that matches both the hold criteria and the search criteria is returned with the search results. For example, if a user was placed on query-based case hold that preserves items that were sent or created before a specific date, only those items would be searched. This is accomplished by connecting the case hold query and the search query by an **AND** operator.
@@ -126,13 +126,25 @@ Conversations that are part of a Microsoft Teams channel are stored in the mailb
Alternatively, conversations that are part of the Chat list in Teams (called *1:1 chats* or *1:N group chats*) are stored in the mailboxes of the users who participate in the chat. And files that users share in chat conversations are stored in the OneDrive account of the user who shares the file. Therefore, you have to add the individual user mailboxes and OneDrive accounts to an eDiscovery hold to preserve conversations and files in the chat list. It's a good idea to place a hold on the mailboxes of members of a Microsoft Team in addition to placing the team mailbox and site on hold.
-Starting in February 2020, we turned on ability to preserve content in private channels. Because Private channel chats are stored in the mailboxes of the chat participants, placing a user mailbox on eDiscovery hold will preserve private channel chats. Also, if a user mailbox was placed on an eDiscovery hold prior to February 2020, the hold will now automatically apply to private channel messages stored in that mailbox. Preserving files shared in private channels is also supported.
-
-For more information about preserving Teams content, see [Place a Microsoft Teams user or team on legal hold](https://docs.microsoft.com/MicrosoftTeams/legal-hold).
-
> [!IMPORTANT] > In a cloud-based organization, users who participate in conversations that are part of the chat list in Teams must have an Exchange Online mailbox in order to retain chat conversations when the mailbox is placed on an eDiscovery hold. That's because conversations that are part of the chat list are stored in the cloud-based mailboxes of the chat participants. If a chat participant doesn't have an Exchange Online mailbox, you won't be able to preserve those chat conversations. For example, in an Exchange hybrid deployment, users with an on-premises mailbox may be able to participate in conversations that are part of the chat list in Teams. But in this case, content from these conversation can't be preserved because these users don't have a cloud-based mailboxes that can be placed on hold.
-
+
+For more information about preserving Teams content, see [Place a Microsoft Teams user or team on legal hold](https://docs.microsoft.com/MicrosoftTeams/legal-hold).
+
+### Preserve card content
+
+Similarly, card content generated by apps in Teams channels, 1:1 chats, and 1:N group chats is stored in mailboxes and is preserved when a mailbox is placed on an eDiscovery hold. A *card* is a UI container for short pieces of content. Cards can have multiple properties and attachments, and can include buttons that trigger card actions. For more information, see [Cards](https://docs.microsoft.com/microsoftteams/platform/task-modules-and-cards/what-are-cards). Like other Teams content, where card content is stored is based on where the card was used. Content for cards used in a Teams channel is stored in the Teams group mailbox. Card content for 1:1 and 1xN chats are stored in the mailboxes of the chat participants.
+
+### Preserve meeting and call information
+
+Summary information for meetings and calls in a Teams channel is also stored in the mailboxes of users who dialed into the meeting or call. This content is also preserved when an eDiscovery hold is placed on user mailboxes.
+
+### Preserve content in private channels
+
+Starting in February 2020, we also turned on ability to preserve content in private channels. Because private channel chats are stored in the mailboxes of the chat participants, placing a user mailbox on eDiscovery hold will preserve private channel chats. Also, if a user mailbox was placed on an eDiscovery hold prior to February 2020, the hold will now automatically apply to private channel messages stored in that mailbox. Preserving files shared in private channels is also supported.
+
+### Preserve wiki content
+ Every Team or team channel also contains a Wiki for note taking and collaboration. The Wiki content is automatically saved to a file with a .mht format. This file is stored in the Teams Wiki Data document library on the team's SharePoint site. You can preserve the wiki content by adding the team's SharePoint site to an eDiscovery hold. > [!NOTE]
@@ -171,7 +183,7 @@ Keep the following things in mind when placing both Teams and Office 365 Groups
> [!NOTE] > To run the **Get-UnifiedGroupLinks** cmdlet, you have to be assigned the View-Only Recipients role in Exchange Online or be a member of a role group that's assigned the View-Only Recipients role.
-## OneDrive accounts
+## Preserve content in OneDrive accounts
To collect a list of the URLs for the OneDrive for Business sites in your organization so you can add them to a hold or search associated with an eDiscovery case, see [Create a list of all OneDrive locations in your organization](https://docs.microsoft.com/onedrive/list-onedrive-urls). The script in this article creates a text file that contains a list of all OneDrive sites in your organization. To run this script, you have to install and use the SharePoint Online Management Shell. Be sure to append the URL for your organization's MySite domain to each OneDrive site that you want to search. This is the domain that contains all your OneDrive; for example, `https://contoso-my.sharepoint.com`. Here's an example of a URL for a user's OneDrive site: `https://contoso-my.sharepoint.com/personal/sarad_contoso_onmicrosoft.com`.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/export-search-results https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/export-search-results.md a/microsoft-365/compliance/export-search-results.md
@@ -153,9 +153,12 @@ The next step is to download the search results from the Azure Storage location
2. Click **Browse** to specify the location where you want to download the search result files.
- > [!NOTE]
- > Due to the high amount of disk activity (reads and writes), you should download search results to a local disk drive; don't download them to a mapped network drive or other network location.
-
+ > [!IMPORTANT]
+ > Due to high network activity during download, you should download search results only to a location on an internal drive on your local computer. For the best download experience, follow these guidelines: <br/>
+ >- Don't download search results to a UNC path, a mapped network drive, an external USB drive, or a synched OneDrive for Business account.<br/>
+ >- Disable anti-virus scanning for the folder that you download the search result to.<br/>
+ >- Download search results to different folders for concurrent download jobs.
+ 6. Click **Start** to download the search results to your computer. The **eDiscovery Export Tool** displays status information about the export process, including an estimate of the number (and size) of the remaining items to be downloaded. When the export process is complete, you can access the files in the location where they were downloaded.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/insider-risk-management-cases https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/insider-risk-management-cases.md a/microsoft-365/compliance/insider-risk-management-cases.md
@@ -154,15 +154,13 @@ To add a note to a case:
### Contributors
-The **Contributors** tab in the case is where risk analysts and investigators can add other reviewers to the case. Be default, all users assigned the **Insider Risk Management Analysts** and **Insider Risk Management Investigators** roles are listed as contributors for each active and closed case.
+The **Contributors** tab in the case is where risk analysts and investigators can add other reviewers to the case. Be default, all users assigned the **Insider Risk Management Analysts** and **Insider Risk Management Investigators** roles are listed as contributors for each active and closed case. Only users assigned the **Insider Risk Management Investigators** role have permission to view files and messages in the Content Explorer.
-All insider risk management cases must be managed with appropriate access controls in place to maintain confidentiality and integrity of the investigation. To help maintain access control of cases, users are assigned one of two types of access to cases:
+Temporary access to a case can be granted by adding a user as a contributor. Contributors have all case management control on the specific case except:
-- **Permanent access**: Permanent access is automatically granted to users with the **Insider Risk Management Analysts** and **Insider Risk Management Investigators** roles when the case is created from an alert. Permanent access grants full control of the case for the lifetime of the case and grants the ability to add other case contributors.-- **Temporary access**: Temporary access is only granted to users by contributors that have permanent access for the case. Typically, this access level is granted to user that needs to add notes to a case. Contributors with temporary access have all case management control except:
- - Permission to confirm or dismiss alerts
- - Permission to edit the contributors for cases
- - Permission to view files and messages in the Content Explorer
+- Permission to confirm or dismiss alerts
+- Permission to edit the contributors for cases
+- Permission to view files and messages in the Content Explorer
To add a contributor to a case:
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/retention-policies-sharepoint https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-policies-sharepoint.md a/microsoft-365/compliance/retention-policies-sharepoint.md
@@ -52,15 +52,23 @@ For retention policies and auto-apply label policies: SharePoint sites must be i
## How retention works for SharePoint and OneDrive
-To support retention, SharePoint and OneDrive create a Preservation Hold library if one doesn't exist. You can view this library on the **Site contents** page in the top-level site of the site collection. Most users can't view the Preservation Hold library because it's visible only to site collection administrators.
-
-If somebody attempts to change or delete a document that's subject to retain the content, a check is made whether the content's been changed since the retention settings were applied. If this is the first change since the retention settings were applied, the content is copied to the Preservation Hold library, which allows the person to change or delete the original content. Any content in a site collection can be copied to the Preservation Hold library, independently from retention settings.
+To store content that needs to be retained, SharePoint and OneDrive create a Preservation Hold library if one doesn't exist. You can view this library on the **Site contents** page in the top-level site of the site collection. Most users can't view the Preservation Hold library because it's visible only to site collection administrators.
+
+Items in SharePoint that have a standard retention label (doesn't declare the item to be a record) don't need the Preservation Hold library because these items remain in their original location. SharePoint prevents users from deleting items when the applied retention label is configured to retain the content, and SharePoint versioning preserves older versions when items are edited. But for other scenarios, the Preservation Hold library is used when items must be retained:
+- Items in OneDrive that have standard retention labels
+- Items in SharePoint or OneDrive that have retention labels that declares them a record, and the item is unlocked for editing
+- Items that are subject to retention policies
+
+To retain this content when a user attempts to change or delete it, a check is made whether the content's been changed since the retention settings were applied. If this is the first change since the retention settings were applied, the content is copied to the Preservation Hold library, which allows the person to change or delete the original content. Any content in a site collection can be copied to the Preservation Hold library, independently from retention settings.
A timer job periodically cleans up the Preservation Hold library. This job compares all content in the Preservation Hold library to all queries used by the retention settings for that content. Content that is older than their configured retention period is deleted from the Preservation Hold library, and the original location if it is still there. This timer job runs every seven days, which means that it can take up to seven days for content to be deleted. This behavior applies to content that exists when the retention settings were applied. In addition, for retention policies, any new content that's created or added to the site collection after it was included in the policy will be retained after deletion. However, new content isn't copied to the Preservation Hold library the first time it's edited, only when it's deleted. To retain all versions of a file, you must turn on [versioning](#how-retention-works-with-document-versions).
-A user receives an error if they try to delete a library, list, folder, or site that's subject to a retention policy. A user can delete a folder if they first move or delete any files in the folder that are subject to the policy. Also, the Preservation Hold library is created at this stage, and not when you create a retention policy or apply a retention label. This means that to test retention, you must first edit or delete a document in a site that's subject to a retention policy or that has a retention label applied, and then browse to the Preservation Hold library to view the retained copy.
+Users see an error message if they try to delete a library, list, folder, or site that's subject to retention. They can delete a folder if they first move or delete any files in the folder that are subject to retention.
+
+> [!NOTE]
+> Because the Preservation Hold library is created only when it's needed, and not when you apply a retention policy or retention label, to see this working, you must first edit or delete an item that's subject to retention. Then browse to the Preservation Hold library to view the retained copy.
After retention settings are assigned to content in a OneDrive account or SharePoint site, the paths the content takes depend on whether the retention settings are to retain and delete, to retain only, or delete only.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/retention-policies-teams https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-policies-teams.md a/microsoft-365/compliance/retention-policies-teams.md
@@ -33,7 +33,10 @@ For other workloads, see:
## What's included for retention and deletion
-The following Teams items can be retained and deleted by using retention policies for Teams: Chat messages and channel messages, including embedded images, tables, hypertext links and links to other Teams messages and files. Chat messages include all the names of the people in the chat, and channel messages include the team name and the message title (if supplied).
+The following Teams items can be retained and deleted by using retention policies for Teams: Chat messages and channel messages, including embedded images, tables, hypertext links and links to other Teams messages and files, and [card content](https://docs.microsoft.com/microsoftteams/platform/task-modules-and-cards/what-are-cards). Chat messages include all the names of the people in the chat, and channel messages include the team name and the message title (if supplied).
+
+> [!NOTE]
+> Including card content is a recent addition and currently rolling out to tenants. For more information, see [Microsoft 365 compliance capabilities for Adaptive Card content through apps in Teams now available](https://techcommunity.microsoft.com/t5/microsoft-teams-blog/microsoft-365-compliance-capabilities-for-adaptive-card-content/ba-p/2095869).
Teams messages in private channels are not included, and reactions from others in the form of emoticons are not included.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/search-cloud-based-mailboxes-for-on-premises-users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/search-cloud-based-mailboxes-for-on-premises-users.md a/microsoft-365/compliance/search-cloud-based-mailboxes-for-on-premises-users.md
@@ -34,10 +34,8 @@ Here are the requirements and limitations for enabling cloud-based storage for o
- Only Teams chat data associated with an on-premises user is stored in the cloud-based storage area. An on-premises user can't access this storage area in any way. -- You have to submit a request to Microsoft Support to enable your organization to search for Teams chat data for on-premises users. See [Filing a request with Microsoft Support to enable this feature](#filing-a-request-with-microsoft-support-to-enable-this-feature) in this article.- > [!NOTE]
-> Teams channel conversations are always stored in the cloud-based mailbox that's associated with the Team. That means you can use Content Search to search channel conversations without have to file a support request. For more information about searching Teams channel conversations, see [Searching Microsoft Teams and Microsoft 365 Groups](content-search.md#searching-microsoft-teams-and-microsoft-365-groups).
+> Teams channel conversations are always stored in the cloud-based mailbox that's associated with the Team, which means you can search for channel conversations. For more information about searching Teams channel conversations, see [Searching Microsoft Teams and Microsoft 365 Groups](content-search.md#searching-microsoft-teams-and-microsoft-365-groups).
## How it works
@@ -49,20 +47,7 @@ The following graphic shows the workflow of how Teams chat data for on-premises
In addition to this new capability, you can still use Content Search to search, preview, and export Teams content in the cloud-based SharePoint site and Exchange mailbox associated with each Microsoft Team and 1xN Teams chat data in the Exchange Online mailbox for cloud-based users.
-## Filing a request with Microsoft Support to enable this feature
-
-You must file a request with Microsoft Support to enable your organization to use the graphical user interface in the Security & Compliance Center to search for Teams chat data for on-premises users. This feature is available in Security & Compliance Center PowerShell. You don't have to submit a support request to use PowerShell to search for Teams chat data for on-premises users.
-
-Include the following information when you submit the request to Microsoft Support:
-
-- The default domain name of your organization. -- The tenant name and tenant ID of your organization. You can find these in the Azure Active Directory portal (under **Manage** \> **Properties**). See [Find your Microsoft 365 tenant ID](https://docs.microsoft.com/onedrive/find-your-office-365-tenant-id).--- The following title or description of the purpose of the support request: "Enable Application Content Search for On-premises Users". This helps route the request to the eDiscovery engineering team who will implement the request.-
-After the engineering change is made, Microsoft Support will send you an estimated deployment date. The deployment process usually takes 2ΓÇô3 weeks after you submit the support request.
-
### What happens after this feature is enabled? After this feature is deployed in your organization, the following changes are made in Content Search and in searches associated with an eDiscovery case in the Security & Compliance Center:
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/unlimited-archiving https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/unlimited-archiving.md a/microsoft-365/compliance/unlimited-archiving.md
@@ -85,7 +85,8 @@ Here are some things to consider when using Outlook or Outlook on the web to acc
- You can access any folder in your archive mailbox, including ones that were moved to the auto-expanded storage area. -- Search for auto-expanded archiving is only available in Outlook Desktop as of Insiders build 16.0.12716.10000. Search is available in Outlook for the web. Similar to Online Archive, you can search for items that were moved to an additional storage area only by searching the folder itself. This means that you have to select the archive folder in the folder list to select the **Current Folder** option as the search scope. Similarly, if a folder in an auto-expanded storage area contains subfolders, you have to search each subfolder separately.
+- Search for auto-expanded archiving is available in Outlook for the web. Similar to Online Archive, you can search for items that were moved to an additional storage area only by searching the current folder itself. This means that you must select the archive folder in the folder list, and then select a single folder as your search scope. Similarly, if a folder in an auto-expanded storage area contains subfolders, you must search each subfolder separately.
+- Auto-expanded archive search is available in Outlook Desktop in Current Channel (Preview). Within this preview, the Current Mailbox scope is available, thus allowing you to search the auto-expanded archive. For more information about this and other Microsoft Search support features, see [How Outlook for Windows connected to Exchange Online utilizes Microsoft Search](https://techcommunity.microsoft.com/t5/outlook-global-customer-service/how-outlook-for-windows-connected-to-exchange-online-utilizes/ba-p/1715045).
- Item counts in Outlook and Read/Unread counts (in Outlook and Outlook on the web) in an auto-expanded archive might not be accurate.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/view-keyword-statistics-for-content-search https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/view-keyword-statistics-for-content-search.md a/microsoft-365/compliance/view-keyword-statistics-for-content-search.md
@@ -29,11 +29,11 @@ You can also download the search statistics and keyword statistics to a CSV file
## Get statistics for Content Searches
-To display statistics for Content Searches:
+To display statistics for Content searches:
-1. In the Security & Compliance Center, go to **Search** \> **Content search**.
-
-2. In the list of searches, select one or more searches, and then click **Search statistics**![Search Statistics button](../media/9bf56d43-25bf-4f53-a4be-f4d55102310c.png).
+1. In the Microsoft 365 compliance center, go to **Show all** > **Content search**.
+
+2. In the list of searches, select two or more searches, and then click **Search statistics** on the **Bulk actions** flyout page.
![Select multiple searches and then click Search statistics](../media/1195c6c3-2e00-469d-8c29-85c1c7ebe6c7.png)
@@ -100,12 +100,11 @@ To display statistics for Content Searches:
As previous explained, the **Queries** page shows the search query and the number (and size) of items that match the query. If you use a keyword list when you create or edit a search query, you can get enhanced statistics that show how many items match each keyword or keyword phrase. This can help you quickly identify which parts of the query are the most (and least) effective. For example, if a keyword returns a large number of items, you might choose to refine the keyword query to narrow the search results. You can set up a keyword list when you create or edit a Content Search. - To create a keyword list and view keyword statistics for a Content Search:
-1. In the Security & Compliance Center, go to **Search** \> **Content search**.
+1. In the Microsoft 365 compliance center, go to **Show all** > **Content search**.
-2. In the list of Content Searches, click and a search, and then click **Edit** ![Edit icon](../media/ebd260e4-3556-4fb0-b0bb-cc489773042c.gif).
+2. In the list of content searches, click and a search, and then click **Edit** ![Edit icon](../media/ebd260e4-3556-4fb0-b0bb-cc489773042c.gif).
3. Click **Query** and then do the following things:
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/cross-tenant-mailbox-migration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/cross-tenant-mailbox-migration.md a/microsoft-365/enterprise/cross-tenant-mailbox-migration.md
@@ -171,7 +171,7 @@ The target admin setup is now complete!
3. In either the Microsoft 365 admin center or a Remote PowerShell session, create one or more mail-enabled security groups to control the list of mailboxes allowed by the target tenant to pull (move) from the source tenant to the target tenant. You do not need to populate this group in advance, but at least one group must be provided to run the setup steps (script). Nest groups are not supported.
-4. Download the SetupCrossTenantRelationshipForTargetResource.ps1 script for the source tenant setup from the GitHub repository here: [https://github.com/microsoft/cross-tenant/releases/tag/Preview](https://github.com/microsoft/cross-tenant/releases/tag/Preview).
+4. Download the SetupCrossTenantRelationshipForResourceTenant.ps1 script for the source tenant setup from the GitHub repository here: [https://github.com/microsoft/cross-tenant/releases/tag/Preview](https://github.com/microsoft/cross-tenant/releases/tag/Preview).
5. Create a Remote PowerShell connection to the source tenant with your Exchange Administrator permissions. Global Admin permissions are not required to configure the source tenant, only the target tenant because of the Azure application creation process.
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/ms-cloud-germany-transition-phases https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/ms-cloud-germany-transition-phases.md a/microsoft-365/enterprise/ms-cloud-germany-transition-phases.md
@@ -3,7 +3,7 @@ Title: "Migration phases actions and impacts for the migration from Microsoft Cl
Previously updated : 12/15/2020 Last updated : 01/26/2021 audience: ITPro
@@ -30,7 +30,7 @@ The phases and their actions ensure that critical data and experiences are migra
The following sections contain actions and effects for workloads as they progress through various phases of the migration. Review the tables and determine which actions or effects are applicable to your organization. Ensure that you're prepared to execute the steps in the respective phases as required. Failure to complete necessary steps may result in service outage and might delay completion of the migration to the Office 365 services.
-## Exchange Online
+## Exchange Online (Phase 5 of 9)
| Step(s) | Description | Applies to | Impact | |:-|:--|:-|:-|
@@ -53,7 +53,7 @@ Additional considerations:
To find out more about the differences for organizations in migration and after Exchange Online resources are migrated, review the information in [Customer experience during the migration to Office 365 services in the new German datacenter regions](ms-cloud-germany-transition-experience.md).
-## Exchange Online Protection
+## Exchange Online Protection (Phase 6 of 9)
Back-end Exchange Online Protection (EOP) features are copied to new Germany region.
@@ -62,7 +62,7 @@ Back-end Exchange Online Protection (EOP) features are copied to new Germany reg
| Migration of Exchange Online routing and historical message detail. | Exchange Online enables routing from external hosts to Office 365. The external MX records are transitioned to route to the EOP service. Tenant configuration and historical details are migrated. | Exchange Online customers | - MicrosoftΓÇômanaged DNS entries are updated from Office 365 Germany EOP to Office 365 services. <br><br> - Customers should wait for 30 days after EOP dual write for EOP migration. Otherwise, there may be data loss. | |||||
-## SharePoint Online
+## SharePoint Online (Phase 4 of 9)
| Step(s) | Description | Applies to | Impact | |:-|:--|:-|:-|
@@ -82,7 +82,7 @@ Additional considerations:
- Microsoft Cloud Deutschland customers whose SharePoint Online instance is migrated must update SharePoint Online PowerShell module/Microsoft.SharePointOnline.CSOM to version 16.0.20717.12000 or above. Otherwise, connections to SharePoint Online via PowerShell or the client-side object model will fail.
-## Skype for Business Online
+## Skype for Business Online (Phase 7 of 9)
| Step(s) | Description | Applies to | Impact | |:-|:--|:-|:-|
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/o365-data-locations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/o365-data-locations.md a/microsoft-365/enterprise/o365-data-locations.md
@@ -129,7 +129,7 @@ For country/region specific data centers, the following defines the cities where
| France | Paris, Marseille | | Germany | Frankfurt, Berlin | | India | Chennai, Mumbai, Pune |
-| Japan | Osaka, Tokyo, Saitama |
+| Japan | Osaka, Tokyo |
| South Korea | Busan, Seoul | | Norway | Oslo, Stavanger | | South Africa | Cape Town, Johannesburg |
knowledge https://docs.microsoft.com/en-us/microsoft-365/knowledge/index https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/knowledge/index.md a/microsoft-365/knowledge/index.md
@@ -38,8 +38,8 @@ The resources in this section help you learn more about what Topic experiences i
| If you're looking for this information: | Go to this resource: | |:--|:--|
-|Learn more about document understanding|[Topic Experiences overview](topic-experiences-overview.md)|
-|Learn how topics are discovered and created by AI|[Topic Experiences discovery](topic-experiences-discovery.md)|
+|Learn more about topic experiences|[Topic Experiences overview](topic-experiences-overview.md)|
+|Learn how topics are discovered and suggested by AI|[Topic Experiences discovery](topic-experiences-discovery.md)|
|Learn about topic security|[Topic Experiences security and privacy](topic-experiences-security-privacy.md)|
@@ -59,7 +59,7 @@ The resources in this section help your admin in your organization to set up and
|:--|:--| |Learn how to set up and configure Topic Experiences|[Set up Topic Experiences](set-up-topic-experiences.md)| |Learn how to configure user permissions|[Manage topic permissions](topic-experiences-user-permissions.md)|
-|Learn how manage who can view topics|[Manage topic visibility](topic-experiences-knowledge-rules.md)|
+|Learn how to manage who can view topics|[Manage topic visibility](topic-experiences-knowledge-rules.md)|
|Learn how to manage your topic discovery settings|[Manage topic discovery](topic-experiences-discovery.md)| ## Work with topics
knowledge https://docs.microsoft.com/en-us/microsoft-365/knowledge/topic-experiences-discovery-curation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/knowledge/topic-experiences-discovery-curation.md a/microsoft-365/knowledge/topic-experiences-discovery-curation.md
@@ -24,13 +24,13 @@ Topic Experiences converts knowledge information to knowledge in your Microsoft
What Topic Experiences does is use Microsoft Graph and AI to identify **topics** in your organization. A topic is a phrase or term that has a specific meaning to an organization, where users would benefit by being able to view a wiki page about it. AI searches for people and content connected to the topic, and if enough it discovered, it becomes a suggested topic.
-The AI generated topic information is added to a **Topic page**, which can contain:
+The AI suggested topic information is added to a **Topic page**, which can contain:
- A short description of the topic. - Alternate names for the topic. - People who might know more about the topic. - Sites, files, and pages that might be related to the topic.
-Topic experiences then makes sure that every instance of a topic is highlighted on all SharePoint modern site pages in your tenant. When a user is curious to learn more about a topic, they can select the highlighted topic to view a **Topic summary** card that provides a short description. And if they want to learn more, they can select a **Topic details** link in the summary to open the detailed topic page.
+Topic experiences then, when the context is appropriate, suggests these topics to be highlighted on all SharePoint modern site pages in your tenant. When a user is curious to learn more about a topic, they can select the highlighted topic to view a **Topic summary** card that provides a short description. And if they want to learn more, they can select a **Topic details** link in the summary to open the detailed topic page.
![Topic highlights](../media/knowledge-management/saturn.png) </br>
@@ -39,40 +39,16 @@ Additionally, users will also be able to find topics through Microsoft Search.
## Topic curation
-Topic Experiences welcomes human "curation" to improve the quality of your topics. While AI initially identifies and suggests topics, manually made updates to content from contributors, confirmation from users for AI generated content, and feedback on the usefulness of topics are all essential.
+Topic Experiences welcomes human contribution to improve the quality of your topics. While AI initially identifies and suggests topics, manually made edits to content from contributors, confirmation from users for AI generated content, and feedback on the usefulness of topics are all essential.
- AI generated topics ("suggested topics") can be reviewed by **knowledge managers** in your organization. In the Manage Topics page in the Topic Center, they can choose to confirm them as valid, or reject them to prevent them from being viewed. - You can assign *Create and edit topics* permissions to any of your licensed users so that they can make changes to existing topics or create new topics when needed. -- Even users who only have read access to topic (topic viewers) will be asked to verify the usefulness of specific topics.-
-Even with human curation, AI will continually look for more information about topics, and will look for human verification. For example, if AI thinks you are a person that should be pinned as an expert on a topic, it will ask you to confirm this.
-------------
+- Even users who only have read access to topic (topic viewers) will be asked to verify the usefulness of specific topics. Their feedback is also taken to confirm or reject a suggested topic.
+Even with human edits, AI will continually look for more information about topics, and will look for human verification. For example, if AI thinks you are a person that should be listed as an expert on a topic, it will ask you to confirm this.
## See also---
-
------
knowledge https://docs.microsoft.com/en-us/microsoft-365/knowledge/topic-experiences-overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/knowledge/topic-experiences-overview.md a/microsoft-365/knowledge/topic-experiences-overview.md
@@ -21,7 +21,7 @@ description: "Overview of Topic experiences."
> [!Note] > The content in this article is for Project Cortex Private Preview. [Find out more about Project Cortex](https://aka.ms/projectcortex).
-Topic experiences uses Microsoft AI technology, Microsoft 365, Delve, Microsoft Graph, Search, and other components and services to build a knowledge network in your Microsoft 365 environment.
+Topic experiences uses Microsoft AI technology, Microsoft 365, Microsoft Graph, Search, and other components and services to build a knowledge network in your Microsoft 365 environment.
</br>
@@ -33,7 +33,7 @@ Its goal is to convert information into knowledge and deliver it to your users i
Topic experiences helps to address a key business issue in many companies - providing the information to users when they need it. For example, new employees need to learn a lot of new information quickly, and encounter terms they know nothing about when reading through company information. To learn more, the user might need to step away from what they are doing and spend valuable time searching for details, such as information about what the term is, who in the organization is a subject matter expert, and maybe sites and documents that are related to the term.
-Topic experiences uses AI to automatically search for and identify **topics** in your organization. It compiles information about them, such as a short description, subject matter experts on the topic, and sites, files, and pages that are related to it. A knowledge manager or contributor can choose to update the topic information as needed. The topics are available to your users, which means that for every instance of the topic that appears in a modern SharePoint site in news and pages, the text will be highlighted. Users can choose to select the topic to learn more about it through the topic details. Topics can also be found in SharePoint Search.
+Topic experiences uses AI to automatically search for and identify **topics** in your organization. It compiles information about them, such as a short description, people working on the topic, and sites, files, and pages that are related to it. A knowledge manager or contributor can choose to update the topic information as needed. The topics are available to your users, which means that for every instance of the topic that appears in a modern SharePoint site in news and pages, the text will be highlighted. Users can choose to select the topic to learn more about it through the topic details. Topics can also be found in SharePoint Search.
## How topics are displayed to users
@@ -60,13 +60,13 @@ Your knowledge admins can choose to crawl all SharePoint sites in your tenant fo
## Roles
-When you use Topic experiences in you Microsoft 365 environment, your users will have the following roles:
+When you use Topic experiences in your Microsoft 365 environment, your users will have the following roles:
- Topic viewer: Users who will be able to see topic highlights on SharePoint modern sites that they have at least *Read* access to, and in Microsoft Search. They will be able to select topic highlights to see topic details in topic pages. Topic viewers will be able to provide feedback on how useful a topic is to them. -- Contributors: Users who have rights to edit existing topics or create new ones. Knowledge admins assign contributor permissions to users through the Topic experiences settings in the Microsoft 365 admin center. Note that you can also choose to give all topic viewers the permission to edit and create topics so that they can also contribute to topics that they see.
+- Contributors: Users who have rights to edit existing topics or create new ones. Knowledge admins assign contributor permissions to users through the Topic experiences settings in the Microsoft 365 admin center. Note that you can also choose to give all topic viewers the permission to edit and create topics so that everyone can contribute to topics that they see.
-- Knowledge managers: Users who guide topics through the topic lifecycle. Knowledge managers use the **Manage Topics** page in the Topic center to confirm or remove AI-suggested topics, as well as edit existing topics or create new ones, and are the only users who have access to it. Knowledge admins assign knowledge manager permissions to users through the Topic experiences admin settings in the Microsoft 365 admin center.
+- Knowledge managers: Users who guide topics through the topic lifecycle. Knowledge managers use the **Manage Topics** page in the Topic center to confirm AI-suggested topics, remove topics that are no longer relevant, as well as edit existing topics or create new ones, and are the only users who have access to it. Knowledge admins assign knowledge manager permissions to users through the Topic experiences admin settings in the Microsoft 365 admin center.
- Knowledge admins: Knowledge admins set up Topic experiences and manage it through the admin controls in the Microsoft 365 admin center. Currently, a Microsoft 365 global or SharePoint administrator can serve as a knowledge admin.
@@ -80,7 +80,7 @@ While all licensed users will be able to see topics they are connected with in t
Knowledge managers will be able to: -- Confirm or reject topics that were discovered in your tenant.
+- Confirm or remove topics that were discovered in your tenant.
- Create new topics manually as needed (for example, if not enough information was provided for it to be discovered through AI). - Edit existing topic pages.</br>
@@ -104,7 +104,7 @@ See [assign user permissions](https://docs.microsoft.com/microsoft-365/knowledge
AI will continually work to provide you suggestions to improve your topics as changes occur in your environment.
-Users who you allow access to see topics in their daily work might be asked if the topic was useful to them. AI looks at these responses and use them to help determine what's shown on topic summaries and in topic details.
+Users who you allow access to see topics in their daily work might be asked if the topic was useful to them. The system looks at these responses and uses them to help determine what's shown on topic summaries and in topic details.
Users with edit or create topics permissions can make updates to topic pages directly if they want to make corrections or add additional information.
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configuration-analyzer-for-security-policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configuration-analyzer-for-security-policies.md a/microsoft-365/security/office-365-security/configuration-analyzer-for-security-policies.md
@@ -26,9 +26,6 @@ ms.prod: m365-security
[!INCLUDE [Microsoft 365 Defender rebranding](../includes/microsoft-defender-for-office.md)]
-> [!NOTE]
-> The features described in this article are in Preview, aren't available in all organizations, and are subject to change. For information about the release schedule, check out the [Microsoft 365 roadmap](https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=config%2Canalyzer).
- Configuration analyzer in the Security & Compliance center provides a central location to find and fix security policies where the settings are below the Standard protection and Strict protection profile settings in [preset security policies](preset-security-policies.md). The following types of policies are analyzed by the configuration analyzer:
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/identity-access-policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/identity-access-policies.md a/microsoft-365/security/office-365-security/identity-access-policies.md
@@ -239,6 +239,8 @@ To create the Conditional Access policy that requires approved apps and APP prot
If you are enabling mobile access to Exchange Online, implement [Block ActiveSync clients](secure-email-recommended-policies.md#block-activesync-clients), which prevents Exchange ActiveSync clients leveraging basic authentication from connecting to Exchange Online. This policy is not pictured in the illustration at the top of this article. It is described and pictured in [Policy recommendations for securing email](secure-email-recommended-policies.md).
+To create the Conditional Access policy that requires Edge for iOS and Android, follow "Step 2: Configure an Azure AD Conditional Access policy for Microsoft 365" in [Scenario 2: Browser apps require approved apps with app protection policies](https://docs.microsoft.com/azure/active-directory/conditional-access/app-protection-based-conditional-access#scenario-2-browser-apps-require-approved-apps-with-app-protection-policies), which allows Edge for iOS and Android, but blocks other mobile device web browsers from connecting to Microsoft 365 endpoints.
+ These policies leverage the grant controls [Require approved client app](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-conditional-access-grant#require-approved-client-app) and [Require app protection policy](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-conditional-access-grant#require-app-protection-policy). Finally, blocking legacy authentication for other client apps on iOS and Android devices ensures that these clients cannot bypass Conditional Access policies. If you're following the guidance in this article, you've already configured [Block clients that don't support modern authentication](#block-clients-that-dont-support-modern-authentication).
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/removing-user-from-restricted-users-portal-after-spam https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/removing-user-from-restricted-users-portal-after-spam.md a/microsoft-365/security/office-365-security/removing-user-from-restricted-users-portal-after-spam.md
@@ -70,7 +70,7 @@ Admins can remove users from the Restricted Senders portal in the Security & Com
5. Click **Yes** to confirm the change. > [!NOTE]
- > It may take 30 minutes or more before restrictions are removed.
+ > It might take up to 24 hours for all restrictions to be removed from the user.
## Verify the alert settings for restricted users
@@ -81,7 +81,7 @@ The default alert policy named **User restricted from sending email** will autom
1. In the Security & Compliance Center, go to **Alerts** \> **Alert policies**.
-2. Find an select the **User restricted from sending email** alert.
+2. Find and select the **User restricted from sending email** alert.
3. In the flyout that appears, verify or configure the following settings:
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-atp-safe-attachments-policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/set-up-atp-safe-attachments-policies.md a/microsoft-365/security/office-365-security/set-up-atp-safe-attachments-policies.md
@@ -103,7 +103,7 @@ Creating a custom Safe Attachments policy in the Security & Compliance Center cr
The recommendation for Standard and Strict policy settings is to enable redirection. For more information, see [Safe Attachments settings](recommended-settings-for-eop-and-office365-atp.md#safe-attachments-settings).
- - **Apply the above selection if malware scanning for attachments times out or error occurs**: The action specified by **Safe Attachments unknown malware response** is taken on messages even when Safe Attachments scanning can't complete. Always select this option if you select **Enabled redirect**. Otherwise, messages might be lost.
+ - **Apply the above selection if malware scanning for attachments times out or error occurs**: The action specified by **Safe Attachments unknown malware response** is taken on messages even when Safe Attachments scanning can't complete. If you selected this option, always select **Enabled redirect**. Otherwise, messages might be lost.
When you're finished, click **Next**.
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/user-submission https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/user-submission.md a/microsoft-365/security/office-365-security/user-submission.md
@@ -69,6 +69,15 @@ After you've verified that your mailbox meets all applicable prerequisites, [Use
- **Organization Management** or **Security Administrator** in the [Security & Compliance Center](permissions-in-the-security-and-compliance-center.md). - **Organization Management** in [Exchange Online](https://docs.microsoft.com/Exchange/permissions-exo/permissions-exo#role-groups).
+- You need access to Exchange Online PowerShell. If the account that you're trying to use doesn't have access to Exchange Online PowerShell, you'll receive an error that looks like this when specify the submissions mailbox:
+
+ > Specify an email address in your domain
+
+ For more information about enabling or disabling access to Exchange Online PowerShell, see the following topics:
+
+ - [Enable or disable access to Exchange Online PowerShell](https://docs.microsoft.com/powershell/exchange/disable-access-to-exchange-online-powershell)
+ - [Client Access Rules in Exchange Online](https://docs.microsoft.com/exchange/clients-and-mobile-in-exchange-online/client-access-rules/client-access-rules)
+ ## Use the Security & Compliance Center to configure the user submissions mailbox 1. In the Security & Compliance Center, go to **Threat management** \> **Policy** \> **User submissions**.
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/view-mail-flow-reports https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/view-mail-flow-reports.md a/microsoft-365/security/office-365-security/view-mail-flow-reports.md
@@ -29,7 +29,7 @@ ms.prod: m365-security
In addition to the mail flow reports that are available in the [Mail flow dashboard](mail-flow-insights-v2.md) in the Security & Compliance Center, a variety of additional mail flow reports are available in the Reports dashboard to help you monitor your Microsoft 365 organization.
-If you have the [necessary permissions](#what-permissions-are-needed-to-view-these-reports), you can view these reports in the [Security & Compliance Center](https://office.protection.com) by going to **Reports** \> **Dashboard**. To go directly to the Reports dashboard, open <https://protection.office.com/insightdashboard>.
+If you have the [necessary permissions](#what-permissions-are-needed-to-view-these-reports), you can view these reports in the [Security & Compliance Center](https://protection.office.com) by going to **Reports** \> **Dashboard**. To go directly to the Reports dashboard, open <https://protection.office.com/insightdashboard>.
![Reports dashboard in the Security & Compliance Center](../../media/6b213d34-adbb-44af-8549-be9a7e2db087.png)
solutions https://docs.microsoft.com/en-us/microsoft-365/solutions/financial-services-secure-collaboration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/financial-services-secure-collaboration.md a/microsoft-365/solutions/financial-services-secure-collaboration.md
@@ -318,7 +318,7 @@ Microsoft 365 recently launched an insider risk management solution that correla
For example, insider risk management in Microsoft 365 can correlate signals from a user's Windows 10 desktop, such as copying files to a USB drive or emailing a personal email account, with activities from online services such as Office 365 email, SharePoint Online, Microsoft Teams, or OneDrive for Business, to identify data exfiltration patterns. It can also correlate these activities with employees leaving an organization, which is a common data exfiltration pattern. It can monitor multiple activities and behavior over time. When common patterns emerge, it can raise alerts and help investigators focus on key activities to verify a policy violation with a high degree of confidence. Insider risk management can pseudo-anonymize data from investigators to help meet data privacy regulations, while still surfacing key activities that help them perform investigations efficiently. It allows investigators to package and securely send key activity data to the HR and legal departments, following common escalation workflows for raising cases for remediation action.
-Insider risk management in Microsoft 365 significantly increases capabilities of organizations to monitor and investigate insider risks while allowing organizations to still meet data privacy regulations and follow established escalation paths when cases require higher-level action.
+Insider risk management in Microsoft 365 significantly increases capabilities of organizations to monitor and investigate insider risks while allowing organizations to still meet data privacy regulations and follow established escalation paths when cases require higher-level action. For more information about insider risk management in Microsoft 365, see [Modern risk pain points and Workflow in Insider risk management in Microsoft 365](https://docs.microsoft.com/microsoft-365/compliance/insider-risk-management?view=o365-worldwide).
![A call center worker in in a cubicle types while viewing a screen.](../media/clo17-call-center-006.jpg)
solutions https://docs.microsoft.com/en-us/microsoft-365/solutions/information-protection-deploy-assess https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/information-protection-deploy-assess.md a/microsoft-365/solutions/information-protection-deploy-assess.md
@@ -227,3 +227,7 @@ In addition to the Content Explorer, organizations have access to the Content Se
Detailed guidance on the use of Content Search for discovery of personal data is provided in [this article](../compliance/search-for-and-find-personal-data.md). Content Search and other discovery techniques are also explored in [DSRs for the GDPR and CCPA](../compliance/gdpr-dsr-office365.md#introduction-to-dsrs). Additional insights on investigative and remediation techniques for personal data in Microsoft 365 are provided in the [monitor and respond article](information-protection-deploy-monitor-respond.md).+
+> [!NOTE]
+> To Find what sensitive information you have in files stored on-premises, please refer to [Azure Information Protection](https://docs.microsoft.com/azure/information-protection/quickstart-findsensitiveinfo).
+
solutions https://docs.microsoft.com/en-us/microsoft-365/solutions/productivity-illustrations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/productivity-illustrations.md a/microsoft-365/solutions/productivity-illustrations.md
@@ -24,7 +24,7 @@ The logical architecture of productivity services in Microsoft 365, leading with
| Item | Description | |:--|:--|
-|[![Teams logical architecture poster](../downloads/msft-teams-logical-architecture-thumb.png)](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/msft-m365-teams-logical-architecture.pdf) <br/> [PDF](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/msft-m365-teams-logical-architecture.pdf) \| [Visio](https://github.com/MicrosoftDocs/OfficeDocs-Enterprise/raw/live/Enterprise/downloads/msft-m365-teams-logical-architecture.vsdx) <br>Updated April 2019 |Microsoft provides a suite of productivity services that work together to provide collaboration experiences with data governance, security, and compliance capabilities. <br/> <br/>This series of illustrations provides a view into the logical architecture of productivity services for enterprise architects, leading with Microsoft Teams.|
+|[![Teams logical architecture poster](../downloads/msft-teams-logical-architecture-thumb.png)](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/msft-m365-teams-logical-architecture.pdf) <br/> [PDF](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/msft-m365-teams-logical-architecture.pdf) \| [Visio](https://github.com/MicrosoftDocs/OfficeDocs-Enterprise/raw/live/Enterprise/downloads/msft-m365-teams-logical-architecture.vsdx) <br>Updated January 2021 |Microsoft provides a suite of productivity services that work together to provide collaboration experiences with data governance, security, and compliance capabilities. <br/> <br/>This series of illustrations provides a view into the logical architecture of productivity services for enterprise architects, leading with Microsoft Teams.|
### Groups in Microsoft 365 for IT Architects