Updates from: 01/27/2022 02:49:47
Category Microsoft Docs article Related commit history on GitHub Change details
compliance Apply Retention Labels Automatically https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/apply-retention-labels-automatically.md
search.appverid: - MOE150 - MET150
-description: Create retention labels and auto-labeling policies so you can automatically apply labels to retain what you need and delete what you don't
+description: Create auto-labeling retention policies so you can automatically apply labels to retain what you need and delete what you don't
# Automatically apply a retention label to retain or delete content
description: Create retention labels and auto-labeling policies so you can autom
>*[Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).* > [!NOTE]
-> This scenario is not supported for [regulatory records](records-management.md#records) or default labels for an organizing structure such as a document set or library in SharePoint, or a folder in Exchange. These scenarios require a [published retention label policy](create-apply-retention-labels.md#step-2-publish-retention-labels).
+> This scenario is not supported for [regulatory records](records-management.md#records) or default labels for an organizing structure such as a document set or library in SharePoint, or a folder in Exchange. These scenarios require a [published retention label policy](create-apply-retention-labels.md).
One of the most powerful features of [retention labels](retention.md) is the ability to apply them automatically to content that matches specified conditions. In this case, people in your organization don't need to apply the retention labels. Microsoft 365 does the work for them.
Use the following instructions for the two admin steps.
> - Apply a default retention label for SharePoint and Outlook > - Apply a retention label to email by using Outlook rules >
-> For these scenarios, see [Create and apply retention labels in apps](create-apply-retention-labels.md).
+> For these scenarios, see [Publish retention labels and apply them in apps](create-apply-retention-labels.md).
## Before you begin
-The global admin for your organization has full permissions to create and edit retention labels and their policies. If you aren't signing in as a global admin, see [Permissions required to create and manage retention policies and retention labels](get-started-with-retention.md#permissions-required-to-create-and-manage-retention-policies-and-retention-labels).
+The global admin for your organization has full permissions to create and edit retention labels and their policies. If you aren't signing in as a global admin, see the permissions information for [records management](get-started-with-records-management.md#permissions) or [information governance](get-started-with-information-governance.md#permissions-for-retention-policies-and-retention-labels), depending on the solution you're using.
-Decide before you create your retention label policy whether it will be **adaptive** or **static**. For more information, see [Adaptive or static policy scopes for retention](retention.md#adaptive-or-static-policy-scopes-for-retention). If you decide to use an adaptive policy, you must create one or more adaptive scopes before you create your retention label policy, and then select them during the create retention label policy process. For instructions, see [Configuration information for adaptive scopes](retention-settings.md#configuration-information-for-adaptive-scopes).
-
-## How to auto-apply a retention label
-
-First, create your retention label. Then create an auto-policy to apply that label. If you have already created your retention label, skip to [creating an auto-policy](#step-2-create-an-auto-apply-policy).
-
-Navigation instructions depend on whether you're using [records management](records-management.md) or not. Instructions are provided for both scenarios.
-
-### Step 1: Create a retention label
-
-1. In the [Microsoft 365 compliance center](https://compliance.microsoft.com/), navigate to one of the following locations:
-
- - If you are using records management:
- - **Solutions** > **Records management** > **File plan** tab > **+ Create a label** > **Retention label**
-
- - If you are not using records management:
- - **Solutions** > **Information governance** > **Labels** tab > + **Create a label**
-
- Don't immediately see your solution in the navigation pane? First select **Show all**.
+Make sure you have [created the retention labels](file-plan-manager.md#create-retention-labels) you want to apply to items.
-2. Follow the prompts in the configuration.
-
- For more information about the retention settings, see [Settings for retaining and deleting content](retention-settings.md#settings-for-retaining-and-deleting-content). However, if the label will be used for [cloud attachments](#auto-apply-labels-to-cloud-attachments), make sure you configure the start of the retention period to be **When items were labeled**.
-
- If you are using records management:
-
- - For information about the file plan descriptors, see [Use file plan to manage retention labels](file-plan-manager.md)
-
- - To use the retention label to declare records, select **Mark items as records**, or **Mark items as regulatory records**. For more information, see [Configuring retention labels to declare records](declare-records.md#configuring-retention-labels-to-declare-records).
+## How to create an auto-apply retention label policy
-3. After you have created the label and you see the options to publish the label, auto-apply the label, or just save the label: Select **Auto-apply this label to a specific type of content**, and then select **Done**
-
-To edit an existing label, select it, and then select the **Edit label** option to start the **Edit retention label** configuration that lets you change the label descriptions and any [eligible settings](#updating-retention-labels-and-their-policies) from step 2.
-
-### Step 2: Create an auto-apply policy
+Decide before you create your retention label policy whether it will be **adaptive** or **static**. For more information, see [Adaptive or static policy scopes for retention](retention.md#adaptive-or-static-policy-scopes-for-retention). If you decide to use an adaptive policy, you must create one or more adaptive scopes before you create your retention label policy, and then select them during the create retention label policy process. For instructions, see [Configuration information for adaptive scopes](retention-settings.md#configuration-information-for-adaptive-scopes).
When you create an auto-apply policy, you select a retention label to automatically apply to content, based on the conditions that you specify. 1. In the [Microsoft 365 compliance center](https://compliance.microsoft.com/), navigate to one of the following locations:
- - If you are using records management: **Information governance**:
- - **Solutions** > **Records management** > **Label policies** tab > **Auto-apply a label**
+ - If you are using records management:
+ - **Solutions** > **Records management** > > **Label policies** tab > **Auto-apply a label**
- - If you are not using records management:
+ - If you are using information governance:
- **Solutions** > **Information governance** > **Label policies** tab > **Auto-apply a label**
- Don't immediately see your solution in the navigation pane? First select **Show all**.
+ Don't immediately see your solution in the navigation pane? First select **Show all**.
2. Enter a name and description for this auto-labeling policy, and then select **Next**.
When you create an auto-apply policy, you select a retention label to automatica
6. Follow the prompts in the wizard to select a retention label, and then review and submit your configuration choices.
-To edit an existing auto-apply policy, select it to start the **Edit retention policy** configuration that lets you change the selected retention label and any [eligible settings](#updating-retention-labels-and-their-policies) from step 2.
+To edit an existing retention label policy (the policy type is **Auto-apply**), select it, and then select the **Edit** option to start the **Edit retention policy** configuration.
After content is labeled by using an auto-apply label policy, the applied label can't be automatically removed or changed by changing the content or the policy, or by a new auto-apply label policy. For more information, see [Only one retention label at a time](retention.md#only-one-retention-label-at-a-time).
compliance Archive Mailboxes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-mailboxes.md
+
+ Title: "Learn about archive mailboxes for Microsoft 365 Compliance"
+f1.keywords:
+- NOCSH
+++
+audience: Admin
+
+f1_keywords:
+- 'ms.o365.cc.ArchivingHelp'
+
+ms.localizationpriority: high
+
+- Strat_O365_IP
+- M365-security-compliance
+description: "Learn about archive mailboxes to provide additional mailbox storage."
++
+# Learn about archive mailboxes
+
+Mailbox archiving in Microsoft 365 (also called *In-Place Archiving*) provides users with additional mailbox storage space. After you turn on archive mailboxes, a user's current mailbox becomes their *primary mailbox* and an additional mailbox is created, called the *archive mailbox*. Both mailboxes are considered a user's mailbox for compliance features such as Content search from the Microsoft 365 compliance center, Microsoft 365 retention, and Litigation Hold.
+
+Users can access and store messages in their archive mailboxes by using Outlook and Outlook on the web. Users can also move or copy messages between their primary mailbox and their archive mailbox. They can also recover deleted items from the Recoverable Items folder in their archive mailbox by using the Recover Deleted Items tool.
+
+## Managing archive mailboxes with Messaging Records Management (MRM)
+
+Messages can also be moved to the archive mailbox by the [default Exchange retention policy](/exchange/security-and-compliance/messaging-records-management/default-retention-policy) from Messaging Records Management (MRM). This default policy is automatically assigned to every mailbox and does the following:
+
+ - Moves items that are two years or older from a user's primary mailbox to their archive mailbox.
+
+ - Moves items that are 14 days or older from the Recoverable Items folder in the user's primary mailbox to the Recoverable Items folder in their archive mailbox.
+
+You can customize your organization's MRM policy with [retention tags](/exchange/security-and-compliance/messaging-records-management/retention-tags-and-policies). For an example configuration, see [Set up an archive and deletion policy for mailboxes in your organization](set-up-an-archive-and-deletion-policy-for-mailboxes.md).
+
+> [!NOTE]
+> MRM, like Microsoft 365 retention policies and retention labels, can also automatically delete emails after a specified period. As an older technology than Microsoft 365 retention, MRM continues to work side-by-side with retention policies and retention labels from Microsoft 365 Compliance. For more information, see [Use retention policies and retention labels instead of older features](retention.md#use-retention-policies-and-retention-labels-instead-of-older-features).
+
+## Auto-expanding archiving
+
+After a user's archive mailbox is enabled, up to 100 GB of additional storage is available. If users need more storage space, enable auto-expanding archiving to provide up to 1.5 TB of additional storage in archive mailboxes. For more information, see [Learn about auto-expanding archiving](autoexpanding-archiving.md).
+
+## Licensing
+
+For a list of Outlook licenses that support archive mailboxes, see the references to In-Place Archiving in [Outlook license requirements for Exchange features](https://support.microsoft.com/office/46b6b7c5-c3ca-43e5-8424-1e2807917c99).
+
+## Next steps
+
+See [Enable archive mailboxes in the compliance center](enable-archive-mailboxes.md).
compliance Autoexpanding Archiving https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/autoexpanding-archiving.md
Title: "Overview of auto-expanding archiving"
+ Title: "Learn about auto-expanding archiving"
f1.keywords: - NOCSH--++ audience: Admin
ms.assetid: 37cdbb02-a24a-4093-8bdb-2a7f0b3a19ee
description: "Learn about auto-expanding archiving, which provides additional archive storage for Exchange Online mailboxes."
-# Overview of auto-expanding archiving
+# Learn about auto-expanding archiving
In Office 365, archive mailboxes provide users with additional mailbox storage space. After a user's archive mailbox is enabled, up to 100 GB of additional storage is available. In the past, when the 100-GB storage quota was reached, organizations had to contact Microsoft to request additional storage space for an archive mailbox. That's no longer the case.
This section explains the functionality between auto-expanding archiving and oth
- **Import service:** You can use the Office 365 Import service to import PST files to a user's auto-expanded archive. You can import up to 100 GB of data from PST files to the user's archive mailbox.
-## More information
+## Next steps
For more technical details about auto-expanding archiving, see [Microsoft 365: Auto-Expanding Archives FAQ](https://techcommunity.microsoft.com/t5/exchange-team-blog/office-365-auto-expanding-archives-faq/ba-p/607784).+
+If you're ready to enable auto-expanding archiving, see [Enable auto-expanding archiving](enable-autoexpanding-archiving.md).
compliance Change The Hold Duration For An Inactive Mailbox https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/change-the-hold-duration-for-an-inactive-mailbox.md
Title: "Change the hold duration for an inactive mailbox" f1.keywords: - NOCSH--++ Last updated 8/29/2017 audience: Admin
compliance Communication Compliance Configure https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-configure.md
Recommended actions can help your organization get started with communication co
Activity in messages containing inappropriate content is aggregated by [classifier type](/microsoft-365/compliance/communication-compliance-policies#classifiers) from existing policies that use the inappropriate content template or custom policies that use classifiers for inappropriate content. Investigate alerts for these messages on the Alert dashboard for your policies.
-Activity involving [sensitive information types](/microsoft-365/compliance/communication-compliance-policies#sensitive-information-types) is detected in messages covered in existing policies and for messages that are not covered by existing policies. Insights are aggregated for all sensitive information types, including ones that your organization has not previously defined in an existing communication compliance policy. Use these insights to create a new communication compliance policy or to update existing policies.
+Activity involving [sensitive information types](/microsoft-365/compliance/communication-compliance-policies#sensitive-information-types) is detected in messages covered in existing policies and for messages that aren't covered by existing policies. Insights are aggregated for all sensitive information types, including ones that your organization hasn't previously defined in an existing communication compliance policy. Use these insights to create a new communication compliance policy or to update existing policies.
## Step 1 (required): Enable permissions for communication compliance
Choose from these solution role group options when configuring and managing comm
| Role | Role permissions | |:--|:--| | **Communication Compliance** | Use this role group to manage communication compliance for your organization in a single group. By adding all user accounts for designated administrators, analysts, investigators, and viewers, you can configure communication compliance permissions in a single group. This role group contains all the communication compliance permission roles. This configuration is the easiest way to quickly get started with communication compliance and is a good fit for organizations that do not need separate permissions defined for separate groups of users. Users that create policies as a communication compliance administrator must have their mailbox hosted on Exchange Online.|
-| **Communication Compliance Admin** | Use this role group to initially configure communication compliance and later to segregate communication compliance administrators into a defined group. Users assigned to this role group can create, read, update, and delete communication compliance policies, global settings, and role group assignments. Users assigned to this role group cannot view message alerts. Users that create policies as a communication compliance administrator must have their mailbox hosted on Exchange Online.|
-| **Communication Compliance Analyst** | Use this group to assign permissions to users that will act as communication compliance analysts. Users assigned to this role group can view policies where they are assigned as Reviewers, view message metadata (not message content), escalate to additional reviewers, or send notifications to users. Analysts cannot resolve pending alerts. |
+| **Communication Compliance Admin** | Use this role group to initially configure communication compliance and later to segregate communication compliance administrators into a defined group. Users assigned to this role group can create, read, update, and delete communication compliance policies, global settings, and role group assignments. Users assigned to this role group can't view message alerts. Users that create policies as a communication compliance administrator must have their mailbox hosted on Exchange Online.|
+| **Communication Compliance Analyst** | Use this group to assign permissions to users that will act as communication compliance analysts. Users assigned to this role group can view policies where they're assigned as Reviewers, view message metadata (not message content), escalate to additional reviewers, or send notifications to users. Analysts can't resolve pending alerts. |
| **Communication Compliance Investigator** | Use this group to assign permissions to users that will act as communication compliance investigators. Users assigned to this role group can view message metadata and content, escalate to additional reviewers, escalate to an Advanced eDiscovery case, send notifications to users, and resolve the alert. | | **Communication Compliance Viewer** | Use this group to assign permissions to users that will manage communication reports. Users assigned to this role group can access all reporting widgets on the communication compliance home page and can view all communication compliance reports. |
To manage supervised users in large enterprise organizations, you may need to mo
1. Create a dedicated [distribution group](/powershell/module/exchange/new-distributiongroup) for your global communication compliance policy with the following properties: Make sure that this distribution group isn't used for other purposes or other Office 365 services.
- - **MemberDepartRestriction = Closed**. Ensures that users cannot remove themselves from the distribution group.
- - **MemberJoinRestriction = Closed**. Ensures that users cannot add themselves to the distribution group.
- - **ModerationEnabled = True**. Ensures that all messages sent to this group are subject to approval and that the group is not being used to communicate outside of the communication compliance policy configuration.
+ - **MemberDepartRestriction = Closed**. Ensures that users can't remove themselves from the distribution group.
+ - **MemberJoinRestriction = Closed**. Ensures that users can't add themselves to the distribution group.
+ - **ModerationEnabled = True**. Ensures that all messages sent to this group are subject to approval and that the group isn't being used to communicate outside of the communication compliance policy configuration.
```PowerShell New-DistributionGroup -Name <your group name> -Alias <your group alias> -MemberDepartRestriction 'Closed' -MemberJoinRestriction 'Closed' -ModerationEnabled $true
For more information about configuring Yammer in Native Mode, see:
## Step 5 (required): Create a communication compliance policy >[!IMPORTANT]
->Using PowerShell to create and manage communication compliance policies is not supported. To create and manage these policies, you must use the policy management controls in the [Microsoft 365 communication compliance solution](https://compliance.microsoft.com/supervisoryreview).
+>Using PowerShell to create and manage communication compliance policies isn't supported. To create and manage these policies, you must use the policy management controls in the [Microsoft 365 communication compliance solution](https://compliance.microsoft.com/supervisoryreview).
>[!TIP] >Want to see an in-depth walkthrough of setting up a new communication compliance policy and remediating an alert? Check out [this 15-minute video](communication-compliance-plan.md#creating-a-communication-compliance-policy-walkthrough) to see a demonstration of how communication compliance policies can help you detect inappropriate messages, investigate potential violations, and remediate compliance issues.
For more information about configuring Yammer in Native Mode, see:
If you choose a policy template to create a policy, you will:
- - Confirm or update the policy name. Policy names cannot be changed once the policy is created.
+ - Confirm or update the policy name. Policy names can't be changed once the policy is created.
- Choose the users or groups to supervise, including choosing users or groups you'd like to exclude. When using the conflict of interest template, you'll select two groups or two users to monitor for internal communications.
For more information about configuring Yammer in Native Mode, see:
6. The **Your policy was created** page is displayed with guidelines on when policy will be activated and which communications will be captured.
-## Step 6 (optional): Create notice templates and configure user anonymization
+## Step 6 (optional): Update compliance boundaries for communication compliance policies
+
+[Compliance boundaries](/microsoft-365/compliance/set-up-compliance-boundaries) create logical boundaries within an organization that control the user content locations (such as mailboxes, OneDrive accounts, and SharePoint sites) that eDiscovery managers can search.
+
+If you've configured compliance boundaries in your organization, you must update the compliance boundaries to allow certain users access to mailboxes that support communication compliance policies. You'll need to allow access to communication compliance administrators and communication compliance reviewers for your policy management and investigation and remediation actions to work properly.
+
+To allow access for communication compliance admins and reviewers, run the following PowerShell commands. You only need to run these commands once, even if you add new communication compliance policies in the future:
+
+```powershell
+Import-Module ExchangeOnlineManagement
+$UserCredential = Get-Credential
+Connect-IPPSSession -Credential $UserCredential
+New-ComplianceSecurityFilter -FilterName "CC_mailbox" -Users <list your communication compliance admins and reviewers user alias or email address> -Filters "Mailbox_Name -like 'SupervisoryReview{*'" -Action All
+```
+
+For more information about cmdlet syntax, see [New-ComplianceSecurityFilter](/powershell/module/exchange/new-compliancesecurityfilter).
+
+## Step 7 (optional): Create notice templates and configure user anonymization
If you want to have the option of responding to a policy alert by sending a reminder notice to the associated user, you'll need to create at least one notice template in your organization. The notice template fields are editable before they're sent as part of the alert remediation process, and creating a customized notice template for each communication compliance policy is recommended.
You can also choose to enable anonymization for displayed usernames when investi
8. Select **Save** to create and save the notice template.
-## Step 7 (optional): Test your communication compliance policy
+## Step 8 (optional): Test your communication compliance policy
After you create a communication compliance policy, it's a good idea to test it to make sure that the conditions you defined are being properly enforced by the policy. You may also want to [test your data loss prevention (DLP) policies](create-test-tune-dlp-policy.md) if your communication compliance policies include sensitive information types. Make sure you give your policies time to activate so that the communications you want to test are captured.
compliance Compliance Quick Tasks https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-quick-tasks.md
To get their work done, people in your organization collaborate with others both
[Sensitivity labels](sensitivity-labels.md) let you classify and protect your organization's data, while making sure that user productivity and their ability to collaborate isn't hindered. Use sensitivity labels to enforce encryption and usage restrictions apply visual markings, and protect information across platforms and devices, on-premises and in the cloud.
-For step-by-step guidance to configure and use sensitivity labels, see [Get started with sensitivity labels](get-started-with-sensitivity-labels.md). For sensitivity label licensing information, see [Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#information-protection).
+For step-by-step guidance to configure and use sensitivity labels, see [Get started with sensitivity labels](get-started-with-sensitivity-labels.md).
-## Task 6: Configure a retention policy
+## Task 6: Configure retention policies
A [retention policy](retention.md) lets you proactively decide whether to retain content, delete content, or bothΓÇöretain and then delete the content at the end of a specified retention period. These actions might be needed to comply with industry regulations and internal policies, as well as reduce your risk in the event of litigation or a security breach. When content is subject to a retention policy, people can continue to edit and work with the content as if nothing's changed. The content is retained in place, in its original location. But if someone edits or deletes content that's subject to the retention policy, a copy of the original content is saved to a secure location where it's retained while the retention policy for that content is in effect.
-You can quickly put a retention policy in place for multiple locations in your Microsoft 365 environment such as Exchange mail, SharePoint sites, OneDrive accounts, and Microsoft 365 groups. There are no limits to the number of mailboxes or sites this policy can automatically include. But if you need to get more selective, you can do so by configuring a retention policy for specific locations and include or exclude sites or users.
+You can quickly put retention policies in place for multiple services in your Microsoft 365 environment that include Teams and Yammer messages, Exchange mail, SharePoint sites, and OneDrive accounts. There are no limits to the number of users, mailboxes or sites that a retention policy can automatically include. But if you need to get more selective, you can do so by configuring either an adaptive scope that's query-based to dynamically target specific instances, or a static scope that specifies specific instances to always include or always exclude.
-For step-by-step guidance to configure a retention policy, see [Create and configure retention policies](create-retention-policies.md). If you're new to configuring retention in Microsoft 365, see [Get started with retention policies and retention labels](get-started-with-retention.md).
+For step-by-step guidance to configure retention policies, see [Create and configure retention policies](create-retention-policies.md). Because retention policies form the cornerstone of an information governance strategy for Microsoft 365, see [Get started with information governance](get-started-with-information-governance.md).
## Task 7: Configure sensitive information and offensive language policies
For step-by-step guidance to plan and configure communication compliance, see [P
Sensitivity labels, sensitive information types, retention labels and policies and trainable classifiers can be used to classify and label sensitive items across Exchange, SharePoint, and OneDrive as you've seen in the previous tasks. The last step in your quick task journey is to see which items have been labeled and what actions your users are taking on those sensitive items. [content explorer](data-classification-content-explorer.md) and [activity explorer](data-classification-activity-explorer.md) provide this visibility. ### Content explorer
- Content explorer allows you to view, in their native format, all the items that have been classified as a sensitive information type or belonging to a certain classification by a trainable classifier, as well as all items that have sensitivity or retention label applied.
+Content explorer allows you to view, in their native format, all the items that have been classified as a sensitive information type or belonging to a certain classification by a trainable classifier, as well as all items that have sensitivity or retention label applied.
For step-by-step guidance to using content explorer, see [Know your data - data classification overview](data-classification-overview.md), and [Get started with content explorer](data-classification-content-explorer.md).
Now that youΓÇÖve configured the basics for compliance management for your organ
### Configure retention labels
-While retention policies apply at the container level to locations such as SharePoint sites and Exchange mailboxes, [retention labels](retention.md#retention-labels) allow for more specific targeting for your retention and deletion policies. For example, at the document or email message level that end users can apply manually in addition to automatic application by administrators. You can also apply a retention label to a document library, folder, or document set in SharePoint, so that all documents that are stored in that location inherit the default retention label.
+Whereas retention policies automatically apply to all items at the container level (such as SharePoint sites, user mailboxes, and so on), [retention labels](retention.md#retention-labels) apply to individual items, such as a SharePoint document or an email message. You can apply these labels manually or automatically.
-Additionally, retention labels support [records management](records-management.md) to mark content as a record. When this happens, the label places additional restrictions on the content that might be needed to help your organization comply with regulatory requirements.
+Retention labels can be used as part of your governance information strategy to retain what you need and delete what you don't. Use these labels when you need exceptions to your retention policies when specific documents or emails need different retention or deletion settings. For example, your SharePoint policy retains all documents for three years, but specific business documents must be retained for five years. For more information, see [Create retention labels for exceptions to your retention policies](create-retention-labels-information-governance.md).
-For step-by-step guidance to create and publish retention labels, see the following guidance:
-- [Create retention labels and apply them in apps](create-apply-retention-labels.md)-- [Apply a retention label to content automatically](apply-retention-labels-automatically.md)-
-To get started with records management, see [Get started with records management](get-started-with-records-management.md).
+However, retention labels, when used with [records management](records-management.md), provide many more management options to support the full lifecycle of documents and emails. This level of data management is well-suited to high-value items for business, legal, or regulatory record-keeping requirements. For more information, see [Get started with records management](get-started-with-records-management.md).
### Identify and define sensitive information types
compliance Create A Custom Sensitive Information Type https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-custom-sensitive-information-type.md
Here are the definitions and some examples for the available additional checks.
> 2. 機密性が高い, 机密的document and 机密的 document > > While creating a regex using a double byte hyphen or a double byte period, make sure to escape both the characters like one would escape a hyphen or period in a regex. Here is a sample regex for reference:
-> - (?<!\d)([4][0-9]{3}[\-?\-\t]*[0-9]{4}
+> - (?<!\d)([4][0-9]{3}[\-?\-\t]*[0-9]{4})
> > We recommend using a string match instead of a word match in a keyword list.
compliance Create And Manage Inactive Mailboxes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-and-manage-inactive-mailboxes.md
Title: "Create and manage inactive mailboxes" f1.keywords: - NOCSH--++ Last updated audience: Admin
compliance Create Apply Retention Labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-apply-retention-labels.md
Title: "Create retention labels and apply them in apps to retain or delete content"
+ Title: "Publish retention labels and apply them in apps to retain or delete content"
f1.keywords: - NOCSH
search.appverid: - MOE150 - MET150
-description: Instructions to create and publish retention labels so you can then apply them in apps to retain what you need and delete what you don't.
+description: Instructions to publish retention labels so you can then apply them in apps to retain what you need and delete what you don't.
-# Create retention labels and apply them in apps
+# Publish retention labels and apply them in apps
>*[Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).* > [!NOTE] > This scenario is supported for all retention label configurations, including [regulatory records](records-management.md#records).
-Use the following information to help you create and publish [retention labels](retention.md), and then apply them to documents and emails.
+Use the following information to help you publish [retention labels](retention.md), and then apply them to documents and emails.
Retention labels help you retain what you need and delete what you don't at the item level (document or email). They are also used to declare an item as a record as part of a [records management](records-management.md) solution for your Microsoft 365 data.
Use the following instructions for the two admin steps.
## Before you begin
-The global admin for your organization has full permissions to create and edit retention labels and their policies. If you aren't signing in as a global admin, see [Permissions required to create and manage retention policies and retention labels](get-started-with-retention.md#permissions-required-to-create-and-manage-retention-policies-and-retention-labels).
+The global admin for your organization has full permissions to create and edit retention labels and their policies. If you aren't signing in as a global admin, see the permissions information for [records management](get-started-with-records-management.md#permissions) or [information governance](get-started-with-information-governance.md#permissions-for-retention-policies-and-retention-labels), depending on the solution you're using.
-Decide before you create your retention label policy whether it will be **adaptive** or **static**. For more information, see [Adaptive or static policy scopes for retention](retention.md#adaptive-or-static-policy-scopes-for-retention). If you decide to use an adaptive policy, you must create one or more adaptive scopes before you create your retention label policy, and then select them during the create retention label policy process. For instructions, see [Configuration information for adaptive scopes](retention-settings.md#configuration-information-for-adaptive-scopes).
-
-## How to create and publish retention labels
-
-First, create your retention labels. Then create a label policy to make the labels available to apply in apps.
+Make sure you have [created the retention labels](file-plan-manager.md#create-retention-labels) you want to apply to items.
-Where you create and configure your retention labels depend on whether you're using records management or not. Instructions are provided for both scenarios.
-
-### Step 1: Create retention labels
-
-1. In the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft 365 compliance center</a>, go to one of the following locations:
-
- - If you are using records management:
- - **Solutions** > **Records management** > **File plan** tab > **+ Create a label** > **Retention label**
-
- - If you are not using records management:
- - **Solutions** > **Information governance** > **Labels** tab > + **Create a label**
-
- Don't immediately see your solution in the navigation pane? First select **Show all**.
+## How to publish retention labels
-2. Follow the prompts in the wizard.
-
- For more information about the retention settings, see [Settings for retaining and deleting content](retention-settings.md#settings-for-retaining-and-deleting-content).
-
- If you are using records management:
-
- - For information about the file plan descriptors, see [Use file plan to manage retention labels](file-plan-manager.md).
-
- - To use the retention label to declare records, select **Mark items as records**, or **Mark items as regulatory records**. For more information, see [Configuring retention labels to declare records](declare-records.md#configuring-retention-labels-to-declare-records).
-
-3. After you have created the label and you see the options to publish the label, auto-apply the label, or just save the label: Select **Just save the label for now**, and then select **Done**.
-
-4. Repeat these steps to create more labels.
-
-To edit an existing label, select it, and then select the **Edit label** option to start the Edit retention wizard that lets you change the label descriptions and any [eligible settings](#updating-retention-labels-and-their-policies) from step 2.
-
-### Step 2: Publish retention labels
-
-Publish retention labels so that they can be applied by users in apps, such as SharePoint and Outlook.
+Decide before you create your retention label policy whether it will be **adaptive** or **static**. For more information, see [Adaptive or static policy scopes for retention](retention.md#adaptive-or-static-policy-scopes-for-retention). If you decide to use an adaptive policy, you must create one or more adaptive scopes before you create your retention label policy, and then select them during the create retention label policy process. For instructions, see [Configuration information for adaptive scopes](retention-settings.md#configuration-information-for-adaptive-scopes).
1. In the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft 365 compliance center</a>, go to one of the following locations: - If you are using records management: - **Solutions** > **Records management** > > **Label policies** tab > **Publish labels**
- - If you are not using records management:
+ - If you are using information governance:
- **Solutions** > **Information governance** > **Label policies** tab > **Publish labels** Don't immediately see your solution in the navigation pane? First select **Show all**.
-2. Use the link to select the retention labels to publish, and then select **Next**.
+2. Follow the prompts to create the retention label policy. Be careful what name you choose for the policy, because this can't be changed after the policy is saved.
+
+3. Use the link to select the retention labels to publish, and then select **Next**.
-3. For the **Choose the type of retention policy to create** page, select **Adaptive** or **Static**, depending on the choice you made from the [Before you begin](#before-you-begin) instructions. If you haven't already created adaptive scopes, you can select **Adaptive** but because there won't be any adaptive scopes to select, you won't be able to finish the wizard with this option.
+4. For the **Choose the type of retention policy to create** page, select **Adaptive** or **Static**, depending on the choice you made from the [Before you begin](#before-you-begin) instructions. If you haven't already created adaptive scopes, you can select **Adaptive** but because there won't be any adaptive scopes to select, you won't be able to finish the wizard with this option.
-4. Depending on your selected scope:
+5. Depending on your selected scope:
- If you chose **Adaptive**: On the **Choose adaptive policy scopes and locations** page, select **Add scopes** and select one or more adaptive scopes that have been created. Then, select one or more locations. The locations that you can select depend on the [scope types](retention-settings.md#configuration-information-for-adaptive-scopes) added. For example, if you only added a scope type of **User**, you will be able to select **Exchange email** but not **SharePoint sites**.
Publish retention labels so that they can be applied by users in apps, such as S
For information about the location choices, see [Locations](retention-settings.md#locations).
-5. Follow the prompts in the wizard to name your policy, review, and submit your configuration choices.
-
- For information about the location choices, see [Locations](retention-settings.md#locations).
-
-To edit an existing retention label policy (the policy type is **Publish**), select it, and then select the **Edit** option to start the Edit retention policy. This wizard lets you change the policy description and any [eligible settings](#updating-retention-labels-and-their-policies).
+To edit an existing retention label policy (the policy type is **Publish**), select it, and then select the **Edit** option to start the **Edit retention policy** configuration.
## When retention labels become available to apply
-For OneDrive and SharePoint locations, published labels typically appear for users to select within one or two days. However, allow up to seven days.
+If you publish retention labels to SharePoint or OneDrive, those labels typically appear for users to select within one day. However, allow up to seven days.
-For Exchange and Microsoft 365 Groups locations, it can take up to seven days for published retention labels to appear for users in Outlook, and the mailbox must contain at least 10 MB of data.
+If you publish retention labels to Exchange, it can take up to seven days for those retention labels to appear for users, and the mailbox must contain at least 10 MB of data.
![Diagram of when published labels take effect.](../media/retention-labels-published-timings.png)
Although the UI refers to retention policies, it's your retention labels that di
## Updating retention labels and their policies
-When you edit a retention label or retention label policy, and the retention label or policy is already applied to content, your updated settings will automatically be applied to this content in addition to content that's newly identified.
+If you [edit a retention label](file-plan-manager.md#edit-retention-labels) or a retention label policy, and the retention label or policy is already applied to content, your updated settings will automatically be applied to this content in addition to content that's newly identified.
Some settings can't be changed after the label or policy is created and saved, which include: - Names for retention labels and their policies, the scope type (adaptive or static), and the retention settings except the retention period. However, you can't change the retention period when the retention period is based on when items were labeled.
compliance Create Retention Labels Information Governance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-retention-labels-information-governance.md
+
+ Title: "Create retention labels for exceptions to your retention policies"
+f1.keywords:
+- NOCSH
+++ Last updated :
+audience: Admin
++
+ms.localizationpriority : high
+
+- M365-security-compliance
+- SPO_Content
+search.appverid:
+- MOE150
+- MET150
+description: Instructions to create retention labels for exceptions to retention policies for information governance so you can retain what you need and delete what you don't.
++
+# Create retention labels for exceptions to your retention policies
+
+>*[Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).*
+
+As part of your governance information strategy to retain what you need and delete what you don't, you might need to create a few retention labels for items that need exceptions to your retention policies.
+
+Whereas retention policies automatically apply to all items at the container level (such as SharePoint sites, user mailboxes, and so on), retention labels apply to individual items, such as a SharePoint document or an email message.
+
+Because of the [principles of retention](retention.md#the-principles-of-retention-or-what-takes-precedence), you can use retention labels to supplement a retention policy for specific SharePoint, OneDrive, or Exchange items that need to be retained longer, or deleted sooner than the specified settings in a retention policy for the same location.
+
+For example: The majority of content on your SharePoint sites need to be retained for three years, which is covered with a retention policy. But you have some contract documents that must be retained for seven years. These exceptions can be addressed with retention labels. After assigning the retention policy to all SharePoint sites, you apply the retention labels to the contract documents. All SharePoint items will be retained for three years, and just the contract documents will be retained for seven years.
+
+Retention labels also support more capabilities than retention policies. For more information, see [Compare capabilities for retention policies and retention labels](retention.md#compare-capabilities-for-retention-policies-and-retention-labels).
+
+Use the following information to help you create retention labels to supplement retention policies as part of your information governance strategy.
+
+> [!NOTE]
+> Create retention labels from the **Records management** solution rather than **Information governance** if you need to use retention labels for the lifecycle management of high-value items for business, legal, or regulatory record-keeping requirements. For example, you want to use event-based retention or disposition review. For instructions, see [Use file plan to create and manage retention labels](file-plan-manager.md).
+
+## Before you begin
+
+The global admin for your organization has full permissions to create and edit retention labels and their policies. If you aren't signing in as a global admin, see [Permissions for retention policies and retention labels](get-started-with-information-governance.md#permissions-for-retention-policies-and-retention-labels).
+
+## How to create retention labels for information governance
+
+1. In the [Microsoft 365 compliance center](https://compliance.microsoft.com/), navigate to: **Solutions** > **Information governance** > **Labels** tab > + **Create a label**
+
+ Don't immediately see the **Information governance** solution? First select **Show all**.
+
+2. Follow the prompts to create the retention label. Be careful what name you choose, because this can't be changed after the label is saved.
+
+ For more information about the retention settings, see [Settings for retaining and deleting content](retention-settings.md#settings-for-retaining-and-deleting-content).
+
+3. After you have created the label and you see the options to publish the label, auto-apply the label, or just save the label: Select **Just save the label for now**, and then select **Done**.
+
+4. Repeat these steps to create any more retention labels that you need for different retention settings.
+
+To edit an existing label, select it, and then select the **Edit label** option to start the Edit retention label configuration that lets you change the label descriptions and any eligible settings.
+
+Most settings can't be changed after the label is created and saved, which include:
+- The retention label name and the retention settings except the retention period. However, you can't change the retention period when the retention period is based on when items were labeled.
+
+## Next steps
+
+Now you've created retention labels, they are ready to be added to items by publishing the labels, or automatically applying them:
+- [Publish retention labels and apply them in apps](create-apply-retention-labels.md)
+- [Apply a retention label to content automatically](apply-retention-labels-automatically.md)
compliance Create Retention Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-retention-policies.md
For more information about retention policies and how retention works in Microso
## Before you begin
-The global admin for your organization has full permissions to create and edit retention policies. If you aren't signing in as a global admin, see [Permissions required to create and manage retention policies and retention labels](get-started-with-retention.md#permissions-required-to-create-and-manage-retention-policies-and-retention-labels).
+The global admin for your organization has full permissions to create and edit retention policies. If you aren't signing in as a global admin, see the [permissions information for information governance](get-started-with-information-governance.md#permissions-for-retention-policies-and-retention-labels).
Decide before you create your retention policy whether it will be **adaptive** or **static**. For more information, see [Adaptive or static policy scopes for retention](retention.md#adaptive-or-static-policy-scopes-for-retention). If you decide to use an adaptive policy, you must create one or more adaptive scopes before you create your retention policy, and then select them during the create retention policy process. For instructions, see [Configuration information for adaptive scopes](retention-settings.md#configuration-information-for-adaptive-scopes).
When you have more than one retention policy, and when you also use retention la
By default, [all teams and all users are selected](retention-settings.md#a-policy-that-applies-to-entire-locations), but you can refine this by selecting the [**Choose** and **Exclude** options](retention-settings.md#a-policy-with-specific-inclusions-or-exclusions). However, before you change the default, be aware of the following consequences for a retention policy that deletes messages when it's configured for includes or excludes:
- - For group chat messages and private channel messages, because a copy of messages are saved in each user's mailbox who are included in the chat, copies of messages will continue to be returned in eDiscovery results from users who weren't assigned the policy.
- - For users who weren't assigned the policy, deleted messages will be returned in their Teams search results but won't display the contents of the message as a result of the permanent deletion from the policy assigned to users.
+ - For group chat messages and private channel messages, because a copy of messages are saved in each user's mailbox who are included in the conversation, copies of messages will continue to be returned in eDiscovery results from users who weren't assigned the policy.
+ - For users who weren't assigned the policy, deleted messages as a result of the policy will be returned in their Teams search results but won't display the contents of the message.
5. For **Decide if you want to retain content, delete it, or both** page, specify the configuration options for retaining and deleting content.
First, the retention policy needs to be distributed to the locations that you se
When settings from the retention policy are already applied to content, a change in configuration to the policy will be automatically applied to this content in addition to content that's newly identified.
-Some settings can't be changed after the policy is created and saved, which include the name of the retention policy, the scope type (adaptive or static), and the retention settings except the retention period.
+Some settings can't be changed after the policy is created and saved, which include the name of the retention policy, the scope type (adaptive or static), and the retention settings except the retention period.
+
+## Next steps
+
+If some items for Exchange, SharePoint, OneDrive, or Microsoft 365 Groups need different retention settings from the retention policy settings you've configured, [create retention labels for these exceptions](create-retention-labels-information-governance.md).
+
+However, if you're looking for lifecycle management of high-value items for business, legal, or regulatory record-keeping requirements, [use file plan to create and manage retention labels](file-plan-manager.md).
compliance Data Classification Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/data-classification-overview.md
Here's a list of Microsoft Information Protection (MIP) roles that are in previe
- Information Protection Investigator - Information Protection Reader
-Here's a list of MIP role groups that are in preview. To learn more about the, see [Role groups in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#role-groups-in-the-security--compliance-center)
+Here's a list of MIP role groups that are in preview. To learn more about them, see [Role groups in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#role-groups-in-the-security--compliance-center)
- Information Protection - Information Protection Admins
To find out how many items are in any given classification category, hover over
> [!NOTE] > If the card displays the message "No data found with sensitive information", it means that there are no items in your organization that have been classified as being a sensitive information type or no items that have been crawled. To get started with labels, see: >- [Get started with sensitivity labels](get-started-with-sensitivity-labels.md)
->- [Get started with retention policies and retention labels](get-started-with-retention.md)
+>- [Get started with records-management](get-started-with-records-management.md)
>- [Sensitive information type entity definitions](sensitive-information-type-entity-definitions.md) ## Top sensitivity labels applied to content
The top applied retention labels card shows you how many items have a given rete
> [!NOTE] > If this card displays the message, "No retention labels detected", it means you haven't created or published any retention labels or no content has had a retention label applied. To get started with retention labels, see:
->- [Get started with retention policies and retention labels](get-started-with-retention.md)
+>- [Get started with information governance](get-started-with-information-governance.md)
## Top activities detected
compliance Declare Records https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/declare-records.md
For more information about searching for these events, see [Search the audit log
## Next steps
-For a list of scenarios supported by records management, see [Common scenarios for records management](get-started-with-records-management.md#common-scenarios-for-records-management).
+For a list of scenarios supported by records management, see [Common scenarios for records management](get-started-with-records-management.md#common-scenarios).
compliance Delete An Inactive Mailbox https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/delete-an-inactive-mailbox.md
Title: "Delete an inactive mailbox" f1.keywords: - NOCSH--++ Last updated audience: Admin
compliance Device Onboarding Mdm https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/device-onboarding-mdm.md
For security reasons, the package used to Offboard devices will expire 30 days a
5. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *DeviceCompliance_valid_until_YYYY-MM-DD.offboarding*. ++ 6. Use the Microsoft Intune custom configuration policy to deploy the following supported OMA-URI settings. ```text
For security reasons, the package used to Offboard devices will expire 30 days a
Date type: String Value: [Copy and paste the value from the content of the DeviceCompliance_valid_until_YYYY-MM-DD.offboarding file] ```
+> [!NOTE]
+> If Microsoft Defender for Endpoint is already configured, you can **Turn on device onboarding** and Step 6 is no longer required.
-For more information on Microsoft Intune policy settings see, [Windows 10 policy settings in Microsoft Intune](/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune).
+For more information on Microsoft Intune policy settings, see [Windows 10 policy settings in Microsoft Intune](/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune).
> [!NOTE] > The **Health Status for offboarded devices** policy uses read-only properties and can't be remediated.
For more information on Microsoft Intune policy settings see, [Windows 10 policy
- [Onboard Windows 10 devices using Microsoft Endpoint Configuration Manager](device-onboarding-sccm.md) - [Onboard Windows 10 devices using a local script](device-onboarding-script.md) - [Onboard non-persistent virtual desktop infrastructure (VDI) devices](device-onboarding-vdi.md)-- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding)
+- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding)
compliance Enable Archive Mailboxes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/enable-archive-mailboxes.md
Title: "Enable archive mailboxes in the Microsoft 365 compliance center"
+ Title: "Enable archive mailboxes for Microsoft 365 Compliance"
f1.keywords: - NOCSH--++ audience: Admin
- seo-marvel-apr2020 - admindeeplinkCOMPLIANCE - admindeeplinkEXCHANGE
-description: "Learn how to use the compliance center to enable archive mailboxes to support your organization's message retention, eDiscovery, and hold requirements."
+description: "Learn how to enable or disable archive mailboxes to support your organization's message retention, eDiscovery, and hold requirements."
# Enable archive mailboxes in the compliance center
-Archiving in Microsoft 365 (also called *In-Place Archiving*) provides users with additional mailbox storage space. After you turn on archive mailboxes, users can access and store messages in their archive mailboxes by using Microsoft Outlook and Outlook on the web (formerly known as Outlook Web App). Users can also move or copy messages between their primary mailbox and their archive mailbox. They can also recover deleted items from the Recoverable Items folder in their archive mailbox by using the Recover Deleted Items tool.
+Archiving in Microsoft 365 (also called *In-Place Archiving*) provides users with additional mailbox storage space. For more information, see [Learn about archive mailboxes](archive-mailboxes.md).
-> [!NOTE]
-> The auto-expanding archiving feature in Microsoft 365 provides additional storage in archive mailboxes. When auto-expanding archiving is turned on, and then the initial storage quota in a user's archive mailbox is reached, Microsoft 365 automatically adds additional storage space. This means that users won't run out of mailbox storage space and you won't have to manage anything after you initially enable the archive mailbox and turn on auto-expanding archiving for your organization. For more information, see [Overview of auto-expanding archiving](autoexpanding-archiving.md).
+Use the information in this article to enable or disable an archive mailbox in the Microsoft 365 compliance center, or by using PowerShell. Also learn how to run an automated diagnostic check on a user's archive mailbox to identify any problems and suggested resolutions.
## Get the necessary permissions
-You have to be assigned the Mail Recipients role in Exchange Online to enable or disable archive mailboxes. By default, this role is assigned to the Recipient Management and Organization Management role groups on the **Permissions** page in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2059104" target="_blank">Exchange admin center</a>. If you don't see the **Archive** page in the Microsoft 365 compliance center, ask your administrator to assign you the necessary permissions.
+You must be assigned the Mail Recipients role in Exchange Online to enable or disable archive mailboxes. By default, this role is assigned to the Recipient Management and Organization Management role groups on the **Permissions** page in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2059104" target="_blank">Exchange admin center</a>.
+
+If you don't see the **Archive** page in the Microsoft 365 compliance center, ask your administrator to assign you the necessary permissions.
## Enable an archive mailbox
A flyout page opens in the Microsoft 365 admin center. Enter the email address o
> [!NOTE] > You must be a Microsoft 365 global admin to use the archive mailbox diagnostic check. Also, this feature isn't available in Microsoft 365 Government clouds, Microsoft 365 operated by 21Vianet, or Microsoft 365 Germany.
-## More information
--- When an archive mailbox is enabled, users can store messages in their archive mailbox. Users can access their archive mailboxes by using Microsoft Outlook and Outlook on the web. Using either of these client applications, users can view messages in their archive mailbox and move or copy messages between their primary mailbox and their archive mailbox. Users can also recover deleted items from the Recoverable Items folder in their archive mailbox by using the Recover Deleted Items tool.-
- For a list of Outlook licenses that support In-Place Archiving, see [Outlook license requirements for Exchange features](https://support.microsoft.com/office/46b6b7c5-c3ca-43e5-8424-1e2807917c99).
--- Archive mailboxes help you and your users to meet your organization's retention, eDiscovery, and hold requirements. For example, you can use your organization's Exchange retention policy to move mailbox content to users' archive mailbox. When you use the Content search tool in the Microsoft 365 compliance center to search a user's mailbox for specific content, the user's archive mailbox will also be searched. And, when you place a Litigation Hold or apply a retention policy to a user's mailbox, items in the archive mailbox are also retained.--- After archive mailboxes are enabled, your organization can take advantage of the default Exchange retention policy (also called Messaging Records Management or MRM policy) that is automatically assigned to every mailbox. When an archive mailbox is enabled, the default Exchange retention policy automatically does the following:-
- - Moves items that are two years or older from a user's primary mailbox to their archive mailbox.
-
- - Moves items that are 14 days or older from the Recoverable Items folder in the user's primary mailbox to the Recoverable Items folder in their archive mailbox.
--- For more information about archive mailboxes and Exchange retention policies, see:-
- - [Retention tags and retention policies in Exchange Online](/exchange/security-and-compliance/messaging-records-management/retention-tags-and-policies)
-
- - [Default Retention Policy in Exchange Online](/exchange/security-and-compliance/messaging-records-management/default-retention-policy)
+## Next steps
- - [Set up an archive and deletion policy for mailboxes in your organization](set-up-an-archive-and-deletion-policy-for-mailboxes.md)
+Consider enabling [auto-expanding archiving](autoexpanding-archiving.md) for additional storage space. For instructions, see [Enable auto-expanding archiving](enable-autoexpanding-archiving.md).
compliance Enable Autoexpanding Archiving https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/enable-autoexpanding-archiving.md
Title: "Enable auto-expanding archiving - Admin Help"
+ Title: "Enable auto-expanding archiving"
f1.keywords: - NOCSH--++ Last updated audience: Admin
description: "For administrators: Learn how to enable auto-expanding archiving,
-# Enable auto-expanding archiving - Admin Help
+# Enable auto-expanding archiving
-You can use the Exchange Online auto-expanding archiving feature to enable additional storage space for archive mailboxes. When auto-expanding archiving is turned on, additional storage space is automatically added to a user's archive mailbox until it reaches the storage limit of 1.5 TB. You can turn on auto-expanding archiving for everyone in your organization or just for specific users. For more information about auto-expanding archiving, see [Overview of auto-expanding archiving](autoexpanding-archiving.md).
+You can use the Exchange Online auto-expanding archiving feature to enable additional storage space for archive mailboxes. When auto-expanding archiving is turned on, additional storage space is automatically added to a user's archive mailbox until it reaches the storage limit of 1.5 TB. You can turn on auto-expanding archiving for everyone in your organization or just for specific users. For more information about auto-expanding archiving, see [Learn about auto-expanding archiving](autoexpanding-archiving.md).
## Before you enable auto-expanding archiving
Keep the following things in mind after you enable auto-expanding archiving:
- Auto-expanding archiving is supported for cloud-based archive mailboxes in an Exchange hybrid deployment for users who have an on-premises primary mailbox. However, after auto-expanding archiving is enabled for a cloud-based archive mailbox, you can't off-board that archive mailbox back to the on-premises Exchange organization. Auto-expanding archiving isn't supported for on-premises mailboxes in any version of Exchange Server. -- For a list of Outlook clients that users can use to access items in the additional storage area in their archive mailbox, see the "Outlook requirements for accessing items in an auto-expanded archive" section in [Overview of auto-expanding archiving](autoexpanding-archiving.md#outlook-requirements-for-accessing-items-in-an-auto-expanded-archive).
+- For a list of Outlook clients that users can use to access items in the additional storage area in their archive mailbox, see the "Outlook requirements for accessing items in an auto-expanded archive" section in [Learn about auto-expanding archiving](autoexpanding-archiving.md#outlook-requirements-for-accessing-items-in-an-auto-expanded-archive).
- As previously explained, 10 GB is added to the storage quota of the user's primary archive mailbox (and to the Recoverable Items folder if the mailbox is on hold) when you run the **Enable-Mailbox -AutoExpandingArchive** command. This provides additional storage until the auto-expanded storage space is provisioned (which can take up to 30 days). This additional storage space isn't added when you run the **Set-OrganizationConfig -AutoExpandingArchive** to enable auto-expanding archiving for all mailboxes in your organization. If you enabled auto-expanding archiving for the entire organization, but need to add the additional 10 GB of storage space for a specific user, you can run the **Enable-Mailbox -AutoExpandingArchive** command on that mailbox. You will receive an error saying that auto-expanding archiving has already been enabled, but the additional storage space will be added to the mailbox.
compliance Event Driven Retention https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/event-driven-retention.md
High-level workflow for event-driven retention:
### Step 1: Create a label whose retention period is based on an event
-To create and configure your retention label, see the instructions for [Create retention labels](./create-apply-retention-labels.md#step-1-create-retention-labels). But specific to event-based retention, on the **Define retention settings** page of the Create retention label wizard, after **Start the retention period based on**, select one of the default event types from the dropdown list, or create your own by selecting **Create new event type**:
+To create and configure your retention label, see the instructions for [Create retention labels](file-plan-manager.md#create-retention-labels) for records management, or [How to create retention labels for information governance](create-retention-labels-information-governance.md). But specific to event-based retention, on the **Define retention settings** page when you create the retention label, after **Start the retention period based on**, select one of the default event types from the dropdown list, or create your own by selecting **Create new event type**:
![Create a new event type for a retention label.](../media/SPRetention6.png)
compliance File Plan Manager https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/file-plan-manager.md
description: File plan provides advanced management capabilities for retention l
-# Use file plan to manage retention labels
+# Use file plan to create and manage retention labels
>*[Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).*
When you select **Choose** for each of these optional descriptors, you can selec
![Create new file plan descriptor for provision/citation.](../media/file-plan-descriptors-create.png)
+## Create retention labels
+
+1. From the **File plan** page, select **+ Create a label** > **Retention label**
+
+2. Follow the prompts for the configuration process.
+
+
+
+ To use the retention label to declare records, select **Mark items as records**, or **Mark items as regulatory records**. For more information, see [Configuring retention labels to declare records](declare-records.md#configuring-retention-labels-to-declare-records).
+
+3. After you have created the label and you see the options to publish the label, auto-apply the label, or just save the label: Select **Just save the label for now**, and then select **Done**.
+
+4. Repeat these steps to create more labels.
+
+## Edit retention labels
+
+To edit an existing retention label, select it from the **File Plan** page, and then select the **Edit label** option to start the Edit retention process that lets you change the label description and any eligible settings.
+
+Some settings can't be changed after the label is created and saved, which include:
+- The retention label name and the retention settings except the retention period. However, you can't change the retention period when the retention period is based on when items were labeled.
+- The option to mark items as a record.
+
+## Delete retention labels
+
+You can delete retention labels that aren't currently included in any [published](create-apply-retention-labels.md) or [auto-apply](apply-retention-labels-automatically.md) retention label policies, that aren't configured for event-based retention, or mark items as regulatory records.
+
+For retention labels that you can delete, if they have been applied to items, the deletion fails and you see a link to content explorer to identify the labeled items.
+
+However, it can take up to two days for content explorer to show the items that are labeled. In this scenario, the retention label might be deleted without showing you the link to content explorer.
+ ## Export all retention labels to analyze or enable offline reviews From your file plan, you can export the details of all retention labels into a .csv file to help you facilitate periodic compliance reviews with data governance stakeholders in your organization.
Use the following information to help you fill out the downloaded template to im
## Next steps
-For more information about creating, editing, and applying retention labels, see the following two scenarios:
-- [Create retention labels and apply them in apps](create-apply-retention-labels.md)
+Now you've created retention labels, they are ready to be added to items by publishing the labels, or automatically applying them:
+- [Publish retention labels and apply them in apps](create-apply-retention-labels.md)
- [Apply a retention label to content automatically](apply-retention-labels-automatically.md)
compliance Get Started With Information Governance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/get-started-with-information-governance.md
+
+ Title: "Get started with information governance in Microsoft 365"
+f1.keywords:
+- NOCSH
+++ Last updated :
+audience: Admin
++
+ms.localizationpriority: high
+
+- M365-security-compliance
+- SPO_Content
+- m365initiative-compliance
+
+search.appverid:
+- MOE150
+- MET150
+description: Ready to start governing your organization's data, but not sure where to start? Read some prescriptive guidance to get started.
++
+# Get started with information governance
+
+>*[Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).*
+
+Ready to start governing your organization's data by retaining the content that you need to keep, and deleting the content that you don't? Use the following guidance to get started:
+
+1. **Understand how retention and deletion works** in Microsoft 365, and then identify the workloads that need a retention policy and whether you need to create retention labels for exceptions: [Learn about retention](retention.md)
+
+ > [!NOTE]
+ > If you need lifecycle management of high-value items for business, legal, or regulatory record-keeping requirements: Use retention labels with [records management](records-management.md) rather than information governance.
+
+2. **Create retention policies** for the workloads you identified, specifying retention settings and actions that are required by your organization policies or industry regulations: [Create retention policies](create-retention-policies.md)
+
+ If needed, [create and apply retention labels for your exceptions](create-retention-labels-information-governance.md).
+
+3. **Enable mailbox archiving** to provide users with additional mailbox storage space: [Enable archive mailboxes in the compliance center](enable-archive-mailboxes.md)
+
+ If required to support archive mailboxes:
+
+ - [Enable auto-expanding archiving](enable-autoexpanding-archiving.md) for mailboxes that need more than 100 GB storage.
+
+ - Use [retention tags with a retention policy from messaging records management (MRM)](set-up-an-archive-and-deletion-policy-for-mailboxes.md) if you need to customize how emails are automatically moved from a user's primary mailbox to their archive mailbox, or if you need to specify retention and deletion settings for specific folders rather than the whole mailbox.
+
+4. **Understand and manage inactive mailboxes** that retain mailbox content after employees leave the organization: [Learn about inactive mailboxes](inactive-mailboxes-in-office-365.md)
+
+5. If you have PST files that contain data you want to govern: **Import PST files to online mailboxes** by using network upload or drive shipping: [Learn about importing your organization's PST files](importing-pst-files-to-office-365.md)
+
+Independently from these steps, **Use connectors to import and archive third-party-data** that includes data from social media platforms, instant messaging platforms, and document collaboration platforms. When this data is imported to online mailboxes, it supports not just information governance from Microsoft 365 Compliance, but also other compliance solutions such as communication compliance, insider risk management, and eDiscovery. For more information, see [Learn about connectors for third-party data](archiving-third-party-data.md).
+
+## Subscription and licensing requirements
+
+A number of different subscriptions support information governance capabilities.
+
+To see the options for licensing your users to benefit from Microsoft 365 compliance features, see the [Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance). For the features listed on this page, see the [Information Governance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#information-governance) section and related [PDF download](https://go.microsoft.com/fwlink/?linkid=2139145) for feature-level licensing requirements.
+
+## Permissions
+
+See the following section for information about roles and role groups to manage Microsoft 365 retention.
+
+For permissions to manage mailboxes for archiving, inactive mailboxes, and import, these typically require Exchange permissions, such as the Mail Recipients role. By default, this role is assigned to the Recipient Management and Organization Management role groups. For the exact permissions requirement for each management task, see the documentation that accompanies the admin instructions.
+
+### Permissions for retention policies and retention labels
+
+Members of your compliance team who will create and manage retention policies and retention labels need permissions to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft 365 compliance center</a>. By default, the tenant admin (global administrator) has access to this location and can give compliance officers and other people access without giving them all the permissions of a tenant admin. To grant permissions for this limited administration, we recommend that you add users to the **Compliance Administrator** admin role group.
+
+Alternatively to using this default role, you can create a new role group and add the **Retention Management** role to this group. For a read-only role, use **View-Only Retention Management**.
+
+For instructions to add users to the default roles or create your own role groups, see [Permissions in the Microsoft 365 compliance center](microsoft-365-compliance-center-permissions.md).
+
+These permissions are required only to create, configure, and apply retention policies and retention labels. The person configuring these policies and labels doesn't require access to the content.
+
+## Common scenarios
+
+Use the following table to help you map your business requirements to the most common scenarios for information governance.
+
+|I want to ...|Documentation|
+|-||
+|Efficiently retain or delete data for Microsoft 365
+|Provide users with additional mailbox storage |[Enable archive mailboxes in the compliance center](enable-archive-mailboxes.md)|
+|Retain mailbox data after employees leave the organization |[Create and manage inactive mailboxes](create-and-manage-inactive-mailboxes.md)|
+|Upload mailbox data from PST files |[Use network upload to import PST files](use-network-upload-to-import-pst-files.md)|
++
+If you have a scenario that requires lifecycle management for individual items, see the [common scenarios for records management](get-started-with-records-management.md#common-scenarios).
+
+## End-user documentation
+
+See the following section for information about end-user documentation to support Microsoft 365 retention.
+
+The information governance capabilities that support mailbox management (archiving, inactive mailboxes, and import) typically don't require end-user documentation.
+
+### End-user documentation for retention and deletion
+
+Most retention policies work unobtrusively in the background without user interaction, and so need little documentation for users. Retention policies for Teams inform users when their messages have been deleted with a link to [Teams messages about retention policies](https://support.microsoft.com/office/teams-messages-about-retention-policies-c151fa2f-1558-4cf9-8e51-854e925b483b).
+
+However, if you supplement retention policies with retention labels, these labels do have a UI presence in Microsoft 365 apps. Before you deploy these labels to your production network, make sure you provide information and instructions for end users and your help desk. To help users apply retention labels in SharePoint and OneDrive, see [Apply retention labels to files in SharePoint or OneDrive](https://support.microsoft.com/office/apply-retention-labels-to-files-in-sharepoint-or-onedrive-11a6835b-ec9f-40db-8aca-6f5ef18132df).
+
+The most effective end-user documentation will always be customized guidance and instructions you provide for the retention label names and configurations you choose. See the following page and downloads that you can use to help train your users: [End User Training for Retention Labels](https://microsoft.github.io/ComplianceCxE/enduser/retention/).
+
compliance Get Started With Records Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/get-started-with-records-management.md
description: Need a records management solution for Microsoft 365 that manages h
Ready to start managing your organization's high-value content for legal, business, or regulatory obligations by using a records management solution in Microsoft 365? Use the following guidance to get started:
-1. **Understand the records management solution** and what actions are allowed or blocked when documents and emails are declared records: [Learn about records management](records-management.md).
+1. **Understand how retention and deletion works** in Microsoft 365, and identify whether you need to use retention policies to supplement retention labels that manage documents and emails at the item level: [Learn about retention policies and retention labels](retention.md)
+
+ If necessary, [create retention policies](create-retention-policies.md) for baseline governance of data across Microsoft 365 workloads.
+
+2. **Understand the records management solution** and how retention labels can be used to allow or block actions when documents and emails are declared records: [Learn about records management](records-management.md)
-2. **Understand retention labels and how retention works** for SharePoint and Exchange, because retention labels are used to declare records: [Learn about retention policies and retention labels](retention.md)
-
-3. **Create your file plan for retention settings and actions** by [importing an existing plan](file-plan-manager.md#import-retention-labels-into-your-file-plan) if you have one, or create [new retention labels that declare records](declare-records.md).
+3. **Create your file plan for retention and deletion settings and actions, and when items should be marked as records** by importing an existing plan if you have one, or create new retention labels: [Use file plan to create and manage retention labels](file-plan-manager.md)
4. **Publish and apply your retention labels**. Retention labels are reusable building blocks that can be used in multiple policies and can be incorporated into user workflows: - [Create retention labels and apply them in apps](create-apply-retention-labels.md) - [Apply a retention label to content automatically](apply-retention-labels-automatically.md)
-## Subscription and licensing requirements for records management
+Independently from these steps, **Use connectors to import and archive third-party-data** that includes data from social media platforms, instant messaging platforms, and document collaboration platforms. When this data is imported to online mailboxes, it supports not just records management from Microsoft 365 Compliance, but also other compliance solutions such as communication compliance, insider risk management, and eDiscovery. For more information, see [Learn about connectors for third-party data](archiving-third-party-data.md).
+
+## Subscription and licensing requirements
A number of different subscriptions support records management and the licensing requirements for users depend on the features you use. To see the options for licensing your users to benefit from Microsoft 365 compliance features, see the [Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance). For records management, see the [Records Management](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#records-management) section and related PDF download for feature-level licensing requirements.
-## Permissions required for records management
+## Permissions
Members of your compliance team who are responsible for records management need permissions to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft 365 compliance center</a>. By default, the tenant admin (global administrator) has access to this location and can give compliance officers and other people access without giving them all the permissions of a tenant admin. To grant permissions for this limited administration, we recommend that you add users to the **Records Management** admin role group, which grants permissions for all features related to records management, including [disposition review and verification](disposition.md).
For instructions to add users to the default roles or create your own role group
These permissions are required only to create, configure, and apply retention labels that declare records, and manage disposition. The person configuring these labels doesn't require access to the content.
-## Common scenarios for records management
+## Common scenarios
Use the following table to help you map your business requirements to the scenarios that are supported by records management.
-> [!NOTE]
-> Because records management uses retention labels to mark an item as a record, many scenarios in this table are also listed as [common scenarios for retention policies and retention labels](get-started-with-retention.md#common-scenarios-for-retention-policies-and-retention-labels).
+> [!TIP]
+> Need to comply with a specific industry regulation? Check [Regulatory requirements for information governance and records management](retention-regulatory-requirements.md) for regulation-specific guidance.
|I want to ...|Documentation| |-||
Use the following table to help you map your business requirements to the scenar
|Have proof of disposition for content that is permanently deleted at the end of its retention period|[Disposition of records](disposition.md#disposition-of-records) | | Monitor how and where retain and delete settings are applied to items | [Monitoring retention labels](retention.md#monitoring-retention-labels) |
-## End-user documentation for records
+## End-user documentation
-Retention labels that are used for records management have a UI presence in Microsoft 365 apps. Make sure you provide guidance for end users and your help desk before you deploy retention labels to your production network.
+If you're using retention policies for baseline data governance, they typically work unobtrusively in the background without user interaction. As a result, they need little documentation for users. Retention policies for Teams inform users when their messages have been deleted with a link to [Teams messages about retention policies](https://support.microsoft.com/office/teams-messages-about-retention-policies-c151fa2f-1558-4cf9-8e51-854e925b483b).
-To help users apply retention labels in SharePoint and OneDrive, which includes information about unlocking records for editing, see [Apply retention labels to files in SharePoint or OneDrive](https://support.microsoft.com/office/apply-retention-labels-to-files-in-sharepoint-or-onedrive-11a6835b-ec9f-40db-8aca-6f5ef18132df).
+In comparison, retention labels have a UI presence in Microsoft 365 apps, so make sure you provide guidance for end users and your help desk before these labels are deployed to your production network. To help users apply retention labels in SharePoint and OneDrive, and information about unlocking records for editing, see [Apply retention labels to files in SharePoint or OneDrive](https://support.microsoft.com/office/apply-retention-labels-to-files-in-sharepoint-or-onedrive-11a6835b-ec9f-40db-8aca-6f5ef18132df).
-However, the most effective end-user documentation will be customized guidance and instructions you provide for the retention label names and configurations you choose. See the following blog post for a download package that you can use to train users and drive adoption: [End User Training for Retention Labels in M365 ΓÇô How to Accelerate Your Adoption](https://techcommunity.microsoft.com/t5/microsoft-security-and/end-user-training-for-retention-labels-in-m365-how-to-accelerate/ba-p/1750861).
+However, the most effective end-user documentation will be customized guidance and instructions you provide for the retention label names and configurations you choose. See the following page and downloads that you can use to help train your users: [End User Training for Retention Labels](https://microsoft.github.io/ComplianceCxE/enduser/retention/).
compliance Get Started With Retention https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/get-started-with-retention.md
- Title: "Get started with retention policies and retention labels"-- NOCSH--- Previously updated : ----- M365-security-compliance-- SPO_Content-- m365initiative-compliance--- MOE150-- MET150
-description: Ready to start implementing retention policies and retention labels to govern your organization's data, but not sure where to start? Read some practical guidance to get started.
--
-# Get started with retention policies and retention labels
-
->*[Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).*
-
-Ready to start governing your organization's data by retaining the content that you need to keep, and deleting the content that you don't? Use the following guidance to get started:
-
-1. **Understand how retention works** in Microsoft 365, and then identify whether you need to use retention policies or retention labels, or a combination: [Learn about retention](retention.md)
-
-2. **Identify the retention settings and actions** that are required by your organization policies or industry regulations.
-
- As part of this assessment, determine whether you will use [records management](records-management.md).
-
-3. **Create retention policies and retention labels**, based on the retention settings and actions that you identified.
-
- For retention labels, you might find it useful to use [file plan](file-plan-manager.md) to define and refine your retention labels in a spreadsheet. Then, import that spreadsheet to create your labels.
-
-3. **Publish and apply your retention labels**. While retention policies are designed for "set it and forget it" configuration, retention labels are reusable building blocks that can be used in multiple policies and can be incorporated into user workflows. See the list of [common scenarios](#common-scenarios-for-retention-policies-and-retention-labels) to help you identify how retention labels can be used.
-
-## Subscription and licensing requirements for retention policies and retention labels
-
-A number of different subscriptions support retention policies and retention labels and the licensing requirements for users depend on the features you use.
-
-To see the options for licensing your users to benefit from Microsoft 365 compliance features, see the [Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance). For retention, see the [Information Governance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#information-governance) section and related PDF download for feature-level licensing requirements.
-
-## Permissions required to create and manage retention policies and retention labels
-
-Members of your compliance team who will create and manage retention policies and retention labels need permissions to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft 365 compliance center</a>. By default, the tenant admin (global administrator) has access to this location and can give compliance officers and other people access without giving them all the permissions of a tenant admin. To grant permissions for this limited administration, we recommend that you add users to the **Compliance Administrator** admin role group.
-
-Alternatively to using this default role, you can create a new role group and add the **Retention Management** role to this group. For a read-only role, use **View-Only Retention Management**.
-
-For instructions to add users to the default roles or create your own role groups, see [Permissions in the Microsoft 365 compliance center](microsoft-365-compliance-center-permissions.md).
-
-These permissions are required only to create, configure, and apply retention policies and retention labels. The person configuring these policies and labels doesn't require access to the content.
-
-## Common scenarios for retention policies and retention labels
-
-Use the following table to help you map your business requirements to retention scenarios supported by retention policies and retention labels.
-
-|I want to ...|Documentation|
-|-||
-|Efficiently set retain and delete actions by Microsoft 365 service: <br />- Exchange <br />- SharePoint <br />- OneDrive <br />- Microsoft 365 Groups <br />- Skype for Business <br />- Microsoft Teams <br />- Yammer network |[Create and configure retention policies](create-retention-policies.md)|
-|Let admins and users manually apply retain and delete actions for documents and emails: <br />- SharePoint <br />- OneDrive <br />- Outlook and Outlook on the web|[Create retention labels and apply them in apps](create-apply-retention-labels.md)|
-|Let site admins set default retain and delete actions for all content in a SharePoint library, folder, or document set|[Create retention labels and apply them in apps](create-apply-retention-labels.md)|
-|Let users automatically apply retain and delete actions to emails by using Outlook rules|[Create retention labels and apply them in apps](create-apply-retention-labels.md)|
-|Let admins apply retain and delete actions to a document understanding model, so that these are automatically applied to identified documents in a SharePoint library|[Create retention labels and apply them in apps](create-apply-retention-labels.md)|
-|Automatically apply retain and delete actions to documents and emails |[Apply a retention label to content automatically](apply-retention-labels-automatically.md)|
-|Start the retention period when an event occurs, such as: <br />- Employees leave the organization <br />- Contracts expire <br />- End of product lifetime| [Start retention when an event occurs](event-driven-retention.md)|
-|Restrict changes to policies to help meet regulatory requirements or safeguard against rogue administrators| [Use Preservation Lock to restrict changes to retention policies and retention label policies](retention-preservation-lock.md)
-|Make sure somebody reviews and approves before content is deleted at the end of its retention period|[Disposition reviews](disposition.md#disposition-reviews) |
-| Monitor how and where retain and delete settings are applied to items | [Monitoring retention labels](retention.md#monitoring-retention-labels) |
-|Use a single records management solution for documents and emails |[Learn about records management](records-management.md) |
-
-If you use retention labels for records management, there are additional scenarios that are unique to retention labels that mark content as a record. See [Common scenarios for records management](get-started-with-records-management.md#common-scenarios-for-records-management).
-
-## End-user documentation for retention
-
-Most retention policies work unobtrusively in the background without user interaction, and so need little documentation for users. Retention policies for Teams inform users when their messages have been deleted with a link to [Teams messages about retention policies](https://support.microsoft.com/office/teams-messages-about-retention-policies-c151fa2f-1558-4cf9-8e51-854e925b483b).
-
-Because retention labels have a UI presence in Microsoft 365 apps, make sure you provide guidance for end users and your help desk before you deploy these labels to your production network. To help users apply retention labels in SharePoint and OneDrive, see [Apply retention labels to files in SharePoint or OneDrive](https://support.microsoft.com/office/apply-retention-labels-to-files-in-sharepoint-or-onedrive-11a6835b-ec9f-40db-8aca-6f5ef18132df).
-
-However, the most effective end-user documentation will be customized guidance and instructions you provide for the retention label names and configurations you choose. See the following page and downloads that you can use to help train your users: [End User Training for Retention Labels](https://microsoft.github.io/ComplianceCxE/enduser/retention/).
compliance Importing Pst Files To Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/importing-pst-files-to-office-365.md
Title: "Overview of importing your organization's PST files"
+ Title: "Learn about importing your organization's PST files"
f1.keywords: - NOCSH
description: Learn how to use the Import service in the Microsoft 365 compliance center to bulk-import email data (PST files) to user mailboxes.
-# Overview of importing your organization's PST files
+# Learn about importing your organization's PST files
> [!NOTE] > This article is for administrators. Are you trying to import PST files to your own mailbox? See [Import email, contacts, and calendar from an Outlook .pst file](https://go.microsoft.com/fwlink/p/?LinkID=785075).
Here's an illustration and description of the complete PST import process. The i
5. **Filter the PST data that will be imported to mailboxes** - After the import job is created (and after the PST files from a drive shipping job are uploaded to the Azure Storage location) Microsoft 365 analyzes the data in the PST files (safely and securely) by identifying the age of the items and the different message types included in the PST files. When the analysis is completed and the data is ready to import, you have the option to import all the data contained in the PST files or you can trim the data that's imported by setting filters that control what data gets imported.
-6. **Start the PST import job** - After the import job is started, Microsoft 365 uses the information in the PST import mapping file to import the PSTs files from the he Azure Storage location to user mailboxes. Status information about the import job (including information about each PST file being imported) is displayed on the **Import PST files** page in the Microsoft 365 compliance center. When the import job is finished, the status for the job is set to **Complete**.
+6. **Start the PST import job** - After the import job is started, Microsoft 365 uses the information in the PST import mapping file to import the PST files from the Azure Storage location to user mailboxes. Status information about the import job (including information about each PST file being imported) is displayed on the **Import PST files** page in the Microsoft 365 compliance center. When the import job is finished, the status for the job is set to **Complete**.
## Why import email data to Microsoft 365?
compliance Inactive Mailboxes In Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/inactive-mailboxes-in-office-365.md
Title: "Learn about inactive mailboxes" f1.keywords: - NOCSH--++ Last updated audience: Admin
compliance Increase The Recoverable Quota For Mailboxes On Hold https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/increase-the-recoverable-quota-for-mailboxes-on-hold.md
To help reduce the chance of exceeding this limit, the storage quota for the Rec
|Archive mailbox, including Recoverable Items folder <sup>\*</sup> |1.5 TB |1.5 TB | > [!NOTE]
-> <sup>\*</sup> The initial storage quota for the archive mailbox is 100 GB for users with an Exchange Online (Plan 2) license. However, when auto-expanding archiving is turned on for mailboxes on hold, the storage quota for both the archive mailbox and the Recoverable Items folder is increased to 110 GB. Additional archive storage space (which includes the Recoverable Items folder) up to 1.5 TB will be provisioned when necessary. For more information about auto-expanding archiving, see [Overview of auto-expanding archiving](autoexpanding-archiving.md).
+> <sup>\*</sup> The initial storage quota for the archive mailbox is 100 GB for users with an Exchange Online (Plan 2) license. However, when auto-expanding archiving is turned on for mailboxes on hold, the storage quota for both the archive mailbox and the Recoverable Items folder is increased to 110 GB. Additional archive storage space (which includes the Recoverable Items folder) up to 1.5 TB will be provisioned when necessary. For more information about auto-expanding archiving, see [Learn about auto-expanding archiving](autoexpanding-archiving.md).
When the storage quota for the Recoverable Items folder in the primary mailbox of a mailbox on hold is close to reaching its limit, you can do the following things:
compliance Information Governance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/information-governance.md
+
+ Title: "Learn about information governance in Microsoft 365"
+f1.keywords:
+- NOCSH
+++ Last updated :
+audience: Admin
++
+ms.localizationpriority: high
+
+- M365-security-compliance
+- SPO_Content
+- m365initiative-compliance
+description: Learn about what it means to govern your organization's data with Microsoft 365.
++
+# Learn about information governance
+
+>*[Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).*
+
+As part of [Microsoft Information Governance](manage-information-governance.md) that also includes [records management](records-management.md) and [data connectors](archiving-third-party-data.md), information governance from Microsoft 365 provides you with tools and capabilities to retain the content that you need to keep, and delete the content that you don't. Retaining and deleting content is often needed for compliance and regulatory requirement, but deleting content that no longer has business value also helps you manage risk and liability. For example, it reduces your attack surface.
+
+**Retention policies** are the cornerstone for information governance. Use them for Microsoft 365 workloads that include Exchange, SharePoint, OneDrive, Teams, and Yammer. Configure whether content for these services needs to be retained indefinitely, or for a specific period if users edit or delete it. Or you can configure the policy to automatically permanently delete the content after a specified period if it's not already deleted. You can also combine these two actions for retain and then delete, which is a very typical configuration. For example, retain email for three years and then delete it.
+
+When you configure a retention policy, you can target all instances in your organization (such as all mailboxes and all SharePoint sites), or individual instances (such as only the mailboxes for specific departments or regions, or just selected SharePoint sites).
+
+If you need exceptions for individual emails or documents, such as a longer retention period for legal documents, you do this with **retention labels** that you publish to apps so that users can apply them, or automatically apply them by inspecting the content.
+
+For more information about retention policies and retention labels, and how retention works in Microsoft 365, see [Learn about retention policies and retention labels](retention.md).
+
+> [!NOTE]
+> If you need lifecycle management of high-value items for business, legal, or regulatory record-keeping requirements, use retention labels with [records management](records-management.md) rather than retention labels with information governance.
+
+Other information governance capabilities to help you keep what you need and delete what you don't:
+
+- **Mailbox archiving** to provide users with additional mailbox storage space, and auto-expanding archiving for mailboxes that need more than 100 GB storage. A default archiving policy automatically moves email to the archive mailbox, and if required, you can customize this policy. For more information about mailbox archiving, see [Learn about archive mailboxes](archive-mailboxes.md).
+
+- **Inactive mailboxes** that retain mailbox content after employees leave the organization. For more information about inactive mailboxes, see [Learn about inactive mailboxes](inactive-mailboxes-in-office-365.md).
+
+- **Import service for PST files** by using network upload or drive shipping. For more information, see [Learn about importing your organization's PST files](importing-pst-files-to-office-365.md).
+
+## Deployment guidance
+
+For deployment guidance for information governance that includes a recommended deployment roadmap, licensing information, permissions, a list of supported scenarios, and end-user documentation, see [Get started with information governance](get-started-with-information-governance.md).
+
+Looking for deployment guidance to protect your data? See [Deploy a Microsoft Information Protection solution](information-protection-solution.md).
+
compliance Manage Information Governance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/manage-Information-governance.md
description: "Implement Microsoft Information Governance capabilities to govern
Use Microsoft Information Governance (sometimes abbreviated to MIG) capabilities to govern your data for compliance or regulatory requirements.
-![Govern your data - information governance and records management.](../media/information-governance-records-management.png)
+From a [licensing perspective](#licensing-requirements), there can be considerable overlap between information governance, records management, and data connectors. All three areas support retention and deletion of data in Microsoft 365. Connectors are used by compliance solutions other than information governance and records management.
-Looking to protect your data? See [Microsoft Information Protection in Microsoft 365](information-protection.md).
+Use the following graphic to help you identify the main configurable components for these three different solutions that each have their own node in the compliance center:
+
+![Main components to manage for Microsoft Information Goevernance.](../media/information-governance-components.png)
-To help you comply with data privacy regulations, weΓÇÖve designed a workflow to guide you through an end-to-end process to plan and implement capabilities across Microsoft 365, including secure access, threat protection, information protection, and data governance. For more information, see [Deploy information protection for data privacy regulations with Microsoft 365](../solutions/information-protection-deploy.md) (aka.ms/m365dataprivacy).
+Looking to protect your data? See [Microsoft Information Protection in Microsoft 365](information-protection.md).
## Information governance
To keep what you need and delete what you don't:
|Capability|What problems does it solve?|Get started| |:|:|:--|:--|
-|[Retention policies and retention labels](retention.md)| Retain or delete content with policy management and a deletion workflow for email, documents, instant messages, and more <br /><br />Example scenario: [Apply a retention label to content automatically](apply-retention-labels-automatically.md) | [Get started with retention policies and retention labels](get-started-with-retention.md)|
-|[Import service](importing-pst-files-to-office-365.md)| Bulk-import PST files to Exchange Online mailboxes to retain and search email messages for compliance or regulatory requirements | [Use network upload to import your organization's PST files to Microsoft 365](use-network-upload-to-import-pst-files.md)|
-|[Archive third-party data](archiving-third-party-data.md)| Import, archive, and apply compliance solutions to third-party data from social media platforms, instant messaging platforms, and document collaboration platforms| [Third-party connectors](archiving-third-party-data.md#third-party-data-connectors)|
+|[Retention policies for Microsoft 365 workloads, with retention labels for exceptions](retention.md) | Retain or delete content with policy management for email, documents, Teams and Yammer messages | [Create and configure retention policies](create-retention-policies.md) <br /><br /> [Create retention labels for exceptions to your retention policies](create-retention-labels-information-governance.md)|
+|[Archive mailboxes](archive-mailboxes.md)| Provides users with additional mailbox storage space | [Enable archive mailboxes](enable-archive-mailboxes.md) |
|[Inactive mailboxes](inactive-mailboxes-in-office-365.md)| Retain mailbox content after employees leave the organization so that this content remains accessible to administrators, compliance officers, and records managers | [Create and manage inactive mailboxes](create-and-manage-inactive-mailboxes.md)|
+|[Import service for PST files](importing-pst-files-to-office-365.md)| Bulk-import PST files to Exchange Online mailboxes to retain and search email messages for compliance or regulatory requirements | [Use network upload to import your organization's PST files to Microsoft 365](use-network-upload-to-import-pst-files.md)|
## Records management
-To manage high-value content for legal, business, or regulatory obligations:
+Lifecycle management of high-value items for legal, business, or regulatory obligations:
|Capability|What problems does it solve?|Get started| |:|:||:-|
-|[Records management](records-management.md)| A single solution for email and documents that incorporates retention schedules and requirements into a file plan that supports the full lifecycle of your content with records declaration, retention, and disposition <br /><br />Example scenario: [Disposition of records](disposition.md#disposition-of-records)|[Get started with records management](get-started-with-records-management.md) |
+|[Records management](records-management.md)| A single solution for email and documents that incorporates flexible retention and deletion schedules and requirements to support the full lifecycle of your content with records declaration and defensible disposition when needed |[Get started with records management](get-started-with-records-management.md) |
+
+## Connectors for third-party data
+
+Extend your compliance tools to imported and archived third-party data from social media platforms, instant messaging platforms, and document collaboration platforms:
+
+|Capability|What problems does it solve?|Get started|
+|:|:|:--|:--|
+|[Data connectors](archiving-third-party-data.md)| Import, archive, and apply compliance solutions to third-party data from social media platforms, instant messaging platforms, and document collaboration platforms| [Third-party connectors](archiving-third-party-data.md#third-party-data-connectors)|
## Licensing requirements
-License requirements for Microsoft Information Governance depend on the scenarios and features you use, rather than set licensing requirements for each capability listed on this page. To understand your licensing requirements and options, see the [Information Governance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#information-governance) and [Records Management](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#records-management) sections from the Microsoft 365 licensing documentation, and download the related PDF or Excel.
+License requirements for Microsoft Information Governance depend on the scenarios and features you use, rather than set licensing requirements for each capability listed on this page. To understand your licensing requirements and options, see the following sections from the [Microsoft 365 licensing documentation](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance):
+- [Information Governance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#information-governance)
+- [Records Management](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#records-management)
+- [Data connectors](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#data-connectors)
+
+Any additional licensing requirements will be included in the documentation instructions. For example, licensing specific to managing mailboxes might require licenses from Exchange Online.
+
compliance Named Entities Use https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/named-entities-use.md
To create or edit a DLP policy, use the procedures in [Create, test, and tune a
|Office WAC clients policy tip |supported | |OWA policy tip |not supported | |Outlook policy tip |not supported |
-|Endpoints (Windows 10 devices) |not supported |
+|Endpoints (Windows 10 devices) |supported |
|Exchange Transport rules |not supported | |OneDrive for Business data-at-rest |supported | |SharePoint Online data-at-rest |supported |
compliance Put An In Place Hold On A Soft Deleted Mailbox https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/put-an-in-place-hold-on-a-soft-deleted-mailbox.md
- Title: "Put an In-Place Hold on a soft-deleted mailbox in Exchange Online"-- NOCSH-------- seo-marvel-apr2020-
-description: "Learn how to create an In-Place Hold for a soft-deleted mailbox to make it inactive and preserve its contents."
--
-# Put an In-Place Hold on a soft-deleted mailbox in Exchange Online
-
-Learn how to create an In-Place Hold for a soft-deleted mailbox to make it inactive and preserve its contents. Then you can use Microsoft eDiscovery tools to search the inactive mailbox.
-
-> [!IMPORTANT]
-> As we continue to invest in different ways to preserve mailbox content, we're announcing the retirement of In-Place Holds in the Exchange admin center (EAC). Starting July 1, 2020 you won't be able to create new In-Place Holds in Exchange Online. But you'll still be able to manage In-Place Holds in the EAC or by using the **Set-MailboxSearch** cmdlet in Exchange Online PowerShell. However, starting October 1, 2020, you won't be able to manage In-Place Holds. You'll only be remove them in the EAC or by using the **Remove-MailboxSearch** cmdlet. For more information about the retirement of In-Place Holds, see [Retirement of legacy eDiscovery tools](legacy-ediscovery-retirement.md).
-
-You might have a situation where a person has left your organization, and their corresponding user account and mailbox were deleted. Afterwards, you realize there's information in the mailbox that needs to be preserved. What can you do? If the deleted mailbox retention period hasn't expired, you can put an In-Place Hold on the deleted mailbox (called a soft-deleted mailbox) and make it an inactive mailbox. An *inactive mailbox* is used to preserve a former employee's email after he or she leaves your organization. The contents of an inactive mailbox are preserved for the duration of the In-Place Hold that was is placed on the soft-deleted mailbox when it was made inactive. After the mailbox is made inactive, you can search the mailbox by using an eDiscovery tool in the Microsoft 365 compliance center.
-
-> [!NOTE]
-> In Exchange Online, a soft-deleted mailbox is a mailbox that's been deleted but can be recovered within a specific retention period. The soft-deleted mailbox retention period in Exchange Online is 30 days. This means that the mailbox can be recovered (or made an inactive mailbox) within 30 days of being deleted. After 30 days, a soft-deleted mailbox is marked for permanent deletion and can't be recovered or made inactive.
-
-## Requirements for In-Place Holds
--- You have to use the **New-MailboxSearch** cmdlet in Windows PowerShell to put an In-Place Hold on a soft-deleted mailbox. You can't use the Exchange admin center (EAC) or the eDiscovery Center in SharePoint Online.--- To learn how to use Windows PowerShell to connect to Exchange Online, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell).--- Run the following command to get identity information about the soft-deleted mailboxes in your organization.-
- ```powershell
- Get-Mailbox -SoftDeletedMailbox | FL Name,WhenSoftDeleted,DistinguishedName,ExchangeGuid,PrimarySmtpAddress
- ```
--- For more information about inactive mailboxes, see [Learn about inactive mailboxes](inactive-mailboxes-in-office-365.md).-
-## Put an In-Place Hold on a soft-deleted mailbox to make it an inactive mailbox
-
-Use the **New-MailboxSearch** cmdlet to make a soft-deleted mailbox an inactive mailbox. For more information, see [New-MailboxSearch](/powershell/module/exchange/new-mailboxsearch).
-
-1. Create a variable that contains the properties of the soft-deleted mailbox.
-
- ```powershell
- $SoftDeletedMailbox = Get-Mailbox -SoftDeletedMailbox -Identity <identity of soft-deleted mailbox>
- ```
-
- > [!IMPORTANT]
- > In the previous command, use the value of the **DistinguishedName** or **ExchangeGuid** property to identify the soft-deleted mailbox. These properties are unique for each mailbox in your organization, whereas it's possible that an active mailbox and a soft-deleted mailbox might have the same primary SMTP address.
-
-2. Create an In-Place Hold and place it on the soft-deleted mailbox. In this example, no hold duration is specified. This means items will be held indefinitely or until the hold is removed from the inactive mailbox.
-
- ```powershell
- New-MailboxSearch -Name "InactiveMailboxHold" -SourceMailboxes $SoftDeletedMailbox.DistinguishedName -InPlaceHoldEnabled $true
- ```
-
- You can also specify a hold duration when you create the In-Place Hold. This example holds items in the inactive mailbox for approximately 7 years.
-
- ```powershell
- New-MailboxSearch -Name "InactiveMailboxHold" -SourceMailboxes $SoftDeletedMailbox.DistinguishedName -InPlaceHoldEnabled $true -ItemHoldPeriod 2777
- ```
-
-3. After a few moments, run one of the following commands to verify that the soft-deleted mailbox is an inactive mailbox.
-
- ```powershell
- Get-Mailbox -InactiveMailboxOnly
- ```
-
- Or
-
- ```powershell
- Get-Mailbox -InactiveMailboxOnly -Identity $SoftDeletedMailbox.DistinguishedName | FL IsInactiveMailbox
- ```
-
-## More information
-
-After you make a soft-deleted mailbox an inactive mailbox, there are a number of ways you can manage the mailbox. For more information, see:
--- [Change the hold duration for an inactive mailbox](change-the-hold-duration-for-an-inactive-mailbox.md)--- [Recover an inactive mailbox](recover-an-inactive-mailbox.md)--- [Restore an inactive mailbox](restore-an-inactive-mailbox.md)--- [Delete an inactive mailbox](delete-an-inactive-mailbox.md) (by removing the hold)
compliance Record Versioning https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/record-versioning.md
You can now do the following things:
> [!TIP] > When you use record versioning with a retention label that has a delete action, consider configuring the retention setting **Start the retention period based on:** to be **When items were labeled**. With this label setting, the start of the retention period is reset for each new record version, which ensures that older versions will be deleted before newer versions.
-Record versioning is automatically available for any document that has a retention label applied that marks the item as a record, and that label is [published to the site](create-apply-retention-labels.md#step-2-publish-retention-labels). When a user views the document properties by using the details pane, they can toggle the **Record status** from **Locked** to **Unlocked**. This action creates a record in the Records folder in the Preservation Hold library, where it resides for the remainder of its retention period.
+Record versioning is automatically available for any document that has a retention label applied that marks the item as a record, and that label is [published to the site](create-apply-retention-labels.md). When a user views the document properties by using the details pane, they can toggle the **Record status** from **Locked** to **Unlocked**. This action creates a record in the Records folder in the Preservation Hold library, where it resides for the remainder of its retention period.
While the document is unlocked, any user with standard edit permissions can edit the file. However, users can't delete the file, because it's still a record. When editing is complete, a user can then toggle the **Record status** from **Unlocked** to **Locked**, which prevents further edits while in this status. <br/><br/>
For more information about searching for these events, see [Search the audit log
## Next steps
-For other scenarios supported by records management, see [Common scenarios for records management](get-started-with-records-management.md#common-scenarios-for-records-management).
+For other scenarios supported by records management, see [Common scenarios for records management](get-started-with-records-management.md#common-scenarios).
compliance Recover An Inactive Mailbox https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/recover-an-inactive-mailbox.md
Title: "Recover an inactive mailbox" f1.keywords: - NOCSH--++ Last updated audience: Admin
compliance Restore An Inactive Mailbox https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/restore-an-inactive-mailbox.md
Title: "Restore an inactive mailbox" f1.keywords: - NOCSH--++ Last updated audience: Admin
compliance Retention Policies Exchange https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-policies-exchange.md
When the retention settings no longer apply because the data is permanently dele
## Configuration guidance
-If you're new to configuring retention in Microsoft 365, see [Get started with retention policies and retention labels](get-started-with-retention.md).
+If you're new to configuring retention in Microsoft 365, see [Get started with information governance](get-started-with-information-governance.md).
If you're ready to configure a retention policy or retention label for Exchange, see the following instructions: - [Create and configure retention policies](create-retention-policies.md)
compliance Retention Policies Sharepoint https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-policies-sharepoint.md
When the retention period expires and the retention settings included a delete a
## Configuration guidance
-If you're new to configuring retention in Microsoft 365, see [Get started with retention policies and retention labels](get-started-with-retention.md).
+If you're new to configuring retention in Microsoft 365, see [Get started with information governance](get-started-with-information-governance.md).
If you're ready to configure a retention policy or retention label for Exchange, see the following instructions: - [Create and configure retention policies](create-retention-policies.md)
compliance Retention Policies Teams https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-policies-teams.md
If the user stored any files in Teams, see the [equivalent section](retention-po
## Configuration guidance
-If you're new to configuring retention in Microsoft 365, see [Get started with retention policies and retention labels](get-started-with-retention.md).
+If you're new to configuring retention in Microsoft 365, see [Get started with information governance](get-started-with-information-governance.md).
If you're ready to configure a retention policy for Teams, see [Create and configure retention policies](create-retention-policies.md).
compliance Retention Policies Yammer https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-policies-yammer.md
Yammer retention policies are currently in preview and we're continuously workin
## Configuration guidance
-If you're new to configuring retention in Microsoft 365, see [Get started with retention policies and retention labels](get-started-with-retention.md).
+If you're new to configuring retention in Microsoft 365, see [Get started with information governance](get-started-with-information-governance.md).
If you're ready to configure a retention policy for Yammer, see [Create and configure retention policies](create-retention-policies.md).
compliance Retention https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention.md
With these two retention actions, you can configure retention settings for the f
These retention settings work with content in place that saves you the additional overheads of creating and configuring additional storage when you need to retain content for compliance reasons. In addition, you don't need to implement customized processes to copy and synchronize this data.
-Use the following sections to learn more about how retention policies and retention labels work, when to use them, and how they supplement each other. But if you're ready to get started and deploy retention settings for some common scenarios, see [Get started with retention policies and retention labels](get-started-with-retention.md).
+Use the following sections to learn more about how retention policies and retention labels work, when to use them, and how they supplement each other. But if you're ready to get started and deploy retention settings for some common scenarios, see [Get started with information governance](get-started-with-information-governance.md).
## How retention settings work with content in place
With retention labels, you can:
- **Apply a default retention label to a document library, folder, or document set** in SharePoint, so that all documents that are stored in that location inherit the default retention label.
-Additionally, retention labels support [records management](records-management.md) for email and documents across Microsoft 365 apps and services. You can use a retention label to mark items as a record. When this happens and the content remains in Microsoft 365, the label places further restrictions on the content that might be needed for regulatory reasons. For more information, see [Compare restrictions for what actions are allowed or blocked](records-management.md#compare-restrictions-for-what-actions-are-allowed-or-blocked).
+- **Mark items as a record** as part of your [records management](records-management.md) strategy. When this labeled content remains in Microsoft 365, further restrictions are placed on the content that might be needed for regulatory reasons. For more information, see [Compare restrictions for what actions are allowed or blocked](records-management.md#compare-restrictions-for-what-actions-are-allowed-or-blocked).
Retention labels, unlike [sensitivity labels](sensitivity-labels.md), do not persist if the content is moved outside Microsoft 365.
If you have configured SharePoint sites for content type policies or information
## Configuration guidance
-See [Get started with retention policies and retention labels](get-started-with-retention.md). This article has information about subscriptions, permissions, and links to end-to-end configuration guidance for retention scenarios.
+See [Get started with information governance](get-started-with-information-governance.md). This article has information about subscriptions, permissions, and links to end-to-end configuration guidance for retention scenarios.
compliance Sensitivity Labels Office Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-office-apps.md
The numbers listed are the minimum Office application versions required for each
**Footnotes:** <sup>\*</sup>
-Currently, doesn't include justification text to remove a label or lower the classification level
+Currently rolling out justification text to remove a label or lower the classification level
### Sensitivity label capabilities in Outlook
compliance Set Up An Archive And Deletion Policy For Mailboxes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/set-up-an-archive-and-deletion-policy-for-mailboxes.md
Title: "Set up an archive and deletion policy for mailboxes in your organization"
+ Title: "Customize an archive and deletion policy (MRM) for mailboxes in your organization"
f1.keywords: - NOCSH--++ audience: Admin
ms.assetid: ec3587e4-7b4a-40fb-8fb8-8aa05aeae2ce
- seo-marvel-apr2020 - admindeeplinkEXCHANGE
-description: "Learn how to create an archiving and deletion policy in Microsoft 365 that automatically moves items to a user's archive mailbox."
+description: "How to create a custom Messaging Records Management (MRM) archiving and deletion policy to automatically move items to a user's archive mailbox."
-# Set up an archive and deletion policy for mailboxes in your organization
+# Customize an archive and deletion policy for mailboxes in your organization
-In Microsoft 365, admins can create an archiving and deletion policy that automatically moves items to a user's archive mailbox and automatically deletes items from the mailbox. The admin does this by creating a retention policy that's assigned to mailboxes, and moves items to a user's archive mailbox after a certain period of time and that also deletes items from the mailbox after they reach a certain age limit. The actual rules that determine what items are moved or deleted and when that happens are called retention tags. Retention tags are linked to a retention policy, that in turn is assigned to a user's mailbox. A retention tag applies retention settings to individual messages and folders in a user's mailbox. It defines how long a message remains in the mailbox and what action is taken when the message reaches the specified retention age. When a message reaches its retention age, it's either moved to the user's archive mailbox or it's deleted.
+Microsoft 365 compliance admins can create an archiving and deletion policy that automatically moves items to a user's [archive mailbox](archive-mailboxes.md) and automatically deletes items from the mailbox.
+
+You do this by by creating a Messaging Records Management (MRM) retention policy that's assigned to mailboxes, and moves items to a user's archive mailbox after a certain period of time and that also deletes items from the mailbox after they reach a certain age limit.
+
+The actual rules that determine what items are moved or deleted and when that happens are called retention tags. Retention tags are linked to an MRM retention policy, that in turn is assigned to a user's mailbox. A retention tag applies retention settings to individual messages and folders in a user's mailbox. It defines how long a message remains in the mailbox and what action is taken when the message reaches the specified retention age. When a message reaches its retention age, it's either moved to the user's archive mailbox or it's deleted.
-The steps in this article will set up an archiving and retention policy for a fictitious organization named Alpine House. Setting up this policy includes the following tasks:
+The steps in this article set up an archiving and retention policy for a fictitious organization named Alpine House. Setting up this policy includes the following tasks:
- Enabling an archive mailbox for every user in the organization. This gives users additional mailbox storage, and is required so that a retention policy can move items to the archive mailbox. It also lets a user store archival information by moving items to their archive mailbox.
contentunderstanding Apply A Retention Label To A Model https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/apply-a-retention-label-to-a-model.md
Retention labels let you apply retention settings to the documents that your mod
You can apply a pre-existing retention label to your model through your model settings on your model's home page. > [!Important]
-> For retention labels to be available to apply to your document understanding models, they need to be [created and published in the Microsoft 365 Compliance Center](../compliance/create-apply-retention-labels.md#how-to-create-and-publish-retention-labels).
+> For retention labels to be available to apply to your document understanding models, they need to be [created](../compliance/file-plan-manager.md#create-retention-labels) and [published](../compliance/create-apply-retention-labels.md#how-to-publish-retention-labels) in the Microsoft 365 compliance center.
## To add a retention label to a document understanding model
For example, all *Insurance notice* documents that your model identifies will al
## To add a retention label to a form processing model > [!Important]
-> For retention labels to be available to apply to your form processing model, they need to be [created and published in the Microsoft 365 Compliance Center](../compliance/create-apply-retention-labels.md#how-to-create-and-publish-retention-labels).
+> For retention labels to be available to apply to your form processing model, they need to be [created](../compliance/file-plan-manager.md#create-retention-labels) and [published](../compliance/create-apply-retention-labels.md#how-to-publish-retention-labels) in the Microsoft 365 compliance center.
You can either apply a retention label to a form processing model when you are creating a model, or apply it to an existing model.
enterprise Cross Tenant Mailbox Migration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/cross-tenant-mailbox-migration.md
To obtain the tenant ID of a subscription, sign in to the [Microsoft 365 admin c
> You will need the application ID of the mailbox migration app you just created and the password (the secret) you configured during this process. Also depending on the Microsoft 365 Cloud Instance you use your endpoint may be different. Please refer to the [Microsoft 365 endpoints](/microsoft-365/enterprise/microsoft-365-endpoints) page and select the correct instance for your tenant and review the Exchange Online Optimize Required address and replace as appropriate. ```powershell
+
+ # Enable customization if tenant is dehydrated
+ $dehydrated=Get-OrganizationConfig | fl isdehydrated
+ if ($dehy -eq $true) {Enable-OrganizationCustomization}
+
$AppId = "[guid copied from the migrations app]" $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $AppId, (ConvertTo-SecureString -String "[this is your secret password you saved in the previous steps]" -AsPlainText -Force)
enterprise Exchange 2013 End Of Support https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/exchange-2013-end-of-support.md
ms.assetid: e150e7b9-c432-4c8d-a0ae-c11847129a7d f1.keywords: - NOCSH
-description: "Exchange 2013 will reach its end of support in April 2023. Use this planning roadmap to prepare to upgrade to Exchange Online or a newer version of Exchange Server on-premises."
+description: "Exchange 2013 will reach its end of support in April 2023. Use this planning roadmap to prepare to upgrade to Exchange Online or to a later version of Exchange Server on-premises."
# Exchange 2013 end of support roadmap
Most Microsoft products have a support lifecycle during which they get new featu
- Security fixes for vulnerabilities that may make the server vulnerable to security breaches. - Time zone updates.
-Your installation of Exchange 2013 will continue to run after this date. But because of the changes listed above, we strongly recommend that you migrate from Exchange 2019 as soon as possible.
+Your installation of Exchange 2013 will continue to run after this date. But because of the changes listed above, we strongly recommend that you migrate from Exchange 2013 to Exchange 2019 as soon as possible.
## What are my options? It's a great time to explore your options and prepare a migration plan. You can: -- Migrate fully to Microsoft 365. Migrate mailboxes using cutover, minimal hybrid, or full hybrid migration. Then remove on-premises Exchange servers and Active Directory.-- Migrate your Exchange 2013 servers to Exchange 2019 on your on-premises servers.
+- Migrate to Microsoft 365. Migrate mailboxes, public folders, and other data using cutover, minimal hybrid, or full hybrid migration. Then, remove on-premises Exchange servers and Active Directory.
+- Upgrade Exchange 2013. Move to Exchange 2019 for your on-premises servers.
> [!IMPORTANT]
-> If your organization chooses to migrate mailboxes to Microsoft 365 but plans to keep DirSync or Azure AD Connect in place to continue managing user accounts from on-premises Active Directory, you need to keep at least one Microsoft Exchange server on-premises. If you remove all Exchange servers, you won't be able to make changes to Exchange recipients in Exchange Online because the source of authority remains in your on-premises Active Directory. Changes need to be made there. In this scenario, you have the following options:
+> If your organization chooses to migrate mailboxes to Microsoft 365 but plans to keep using Azure AD Connect to manage user accounts in Active Directory, you need to keep at least one Microsoft Exchange server on-premises. If you remove all Exchange servers, you won't be able to make changes to Exchange recipients in Exchange Online because the source of authority is your on-premises Active Directory. In this scenario, you have the following options:
>
->- *Recommended:* If you migrate your mailboxes to Microsoft 365 and upgrade your servers by April 11, 2023, use Exchange 2013 to connect to Microsoft 365 and migrate mailboxes. Next, migrate Exchange 2013 to Exchange 2019, and decommission any remaining Exchange 2013 servers.
->- If you don't complete the mailbox migration and on-premises server upgrade by April 11, 2023, upgrade your on-premises Exchange 2013 servers to Exchange 2019 first. Then use Exchange 2019 to connect to Microsoft 365 and migrate mailboxes.
+>- *Recommended:* Migrate your mailboxes to Microsoft 365 and upgrade your environment to Exchange 2019 by April 11, 2023. Use Exchange 2013 to connect to Microsoft 365 and migrate mailboxes. Next, upgrade from Exchange 2013 to Exchange 2019, and decommission servers running Exchange 2013.
+>- If you can't complete a migration to Exchange Online and upgrade your on-premises servers by April 11, 2023, upgrade from Exchange 2013 to Exchange 2019 first and then use Exchange 2019 to migrate mailboxes to Microsoft 365.
-> [!NOTE]
-> It's a little more complicated, but you can also migrate mailboxes to Microsoft 365 while migrating your on-premises Exchange 2013 servers to Exchange 2016.
-
-Here are the three paths you can take to avoid the end of support for Exchange Server 2010.
+Here are the three paths you can take to avoid the end of support for Exchange Server 2013.
## Migrate to Microsoft 365
-Migrating your email to Microsoft 365 is the best and simplest option to help you retire your Exchange 2013 deployment. With a migration to Microsoft 365, you can make a single hop from old technology to current features, including:
+Migrating to Microsoft 365 is the best and simplest option to help you retire your Exchange 2013 deployment. With a migration to Microsoft 365, you can make a single hop from old technology to current features, including:
-- Compliance capabilities such as Retention Policies, In-Place and Litigation Hold, in-place eDiscovery, and more.-- Microsoft Teams.-- Power BI.-- Focused Inbox.-- MyAnalytics.
+- Larger mailboxes with greater data resilience;
+- Security capabilities such as anti-spam and antimalware protection,
+- Compliance capabilities such as Data Loss Prevention, Retention Policies, In-Place and Litigation Hold, in-place eDiscovery, and more;
+- Integration with SharePoint Online, OneDrive, Teams, Power BI, and other Microsoft 365 services;
+- Focused Inbox; and
+- Advanced analytics and Viva Insights.
Microsoft 365 also gets new features and experiences first, so your organization can start using them right away. Also, you won't have to worry about: -- Purchasing and maintaining hardware.-- Paying to heat and cool your servers.-- Keeping up to date on security, product, and time-zone fixes.-- Maintaining storage and software to support compliance requirements.-- Upgrading to a new version of Exchange. You're always on the latest version of Exchange in Microsoft 365.
+- Purchasing and maintaining hardware;
+- Paying to run and cool your servers;
+- Keeping servers up to date on security, product, and time-zone fixes;
+- Maintaining server storage and software to support compliance requirements; or
+- Upgrading to a new version of Exchange; you're always on the latest version with Microsoft 365.
### How should I migrate to Microsoft 365? Depending on your organization, you have a few options to get to Microsoft 365. First, you need to consider a few things, such as: -- The number of seats or mailboxes you need to move.-- How long you want the migration to last.-- Whether you need a seamless integration between your on-premises installation and Microsoft 365 during the migration.
+- The number of mailboxes you need to move;
+- How long you want the migration to last; and
+- Whether you need a seamless integration between your on-premises environment and Microsoft 365 during the migration.
This table shows your migration options and the most important factors that determine which method to use.
This table shows your migration options and the most important factors that dete
|Migration option|Organization size|Duration| ||||
-|Cutover migration|Fewer than 150 seats|A week or less|
-|Minimal hybrid migration|Fewer than 150 seats|A few weeks or less|
-|Full hybrid migration|More than 150 seats|A few weeks or more|
+|Cutover migration|Fewer than 150 mailboxes|A week or less|
+|Minimal hybrid migration|Fewer than 150 mailboxes|A few weeks or less|
+|Full hybrid migration|More than 150 mailboxes|A few weeks or more|
| The following sections give you an overview of these methods. For more information, see [Decide on a migration path](https://support.office.com/article/Decide-on-a-migration-path-0d4f2396-9cef-43b8-9bd6-306d01df1e27).
Things to consider about full-hybrid migration:
- Users don't need to set up a new Outlook profile on most of their devices, although some older Android phones might need a new profile. Users won't need to redownload their email. > [!IMPORTANT]
-> If your organization chooses to migrate mailboxes to Microsoft 365 but plans to keep DirSync or Azure AD Connect in place to continue managing user accounts from on-premises Active Directory, you need to keep at least one Exchange server on-premises. If all Exchange servers are removed, you won't be able to make changes to Exchange recipients in Exchange Online. This is because the source of authority remains in your on-premises Active Directory and changes need to be made there.
+> If your organization chooses to migrate mailboxes to Microsoft 365 but plans to keep Azure AD Connect to manage user accounts in Active Directory, you need to keep at least one Exchange server on-premises. If all Exchange servers are removed, you won't be able to make changes to Exchange recipients. This is because the source of authority is Active Directory and changes need to be made there.
If a full hybrid migration sounds right for you, see the following helpful resources:
If a full hybrid migration sounds right for you, see the following helpful resou
## Upgrade to a newer version of Exchange Server on-premises
-We strongly believe that you get the best value and user experience by migrating fully to Microsoft 365. But we understand that some organizations need to keep some Exchange Servers on-premises. This might be because of regulatory requirements, to guarantee data isn't stored in a foreign datacenter, because you have unique settings or requirements that can't be met in the cloud, or because you need Exchange to manage cloud mailboxes because you still use Active Directory on-premises. In any case, if you keep Exchange on-premises, you should ensure your Exchange 2013 environment is upgraded to at least Exchange 2016 or Exchange 2019.
-
-For the best experience, we recommend that you upgrade your remaining on-premises environment to Exchange 2019. You don't need to install Exchange Server 2016 if you want to go straight from Exchange Server 2013 to Exchange Server 2019.
+We strongly believe that you get the best value and user experience by migrating fully to Microsoft 365. But we understand that some organizations need to keep some Exchange servers on-premises. This might be because of regulatory requirements, to guarantee data isn't stored in a foreign datacenter, because you have unique settings or requirements that can't be met in the cloud, or because you need Exchange to manage cloud mailboxes because you still use Active Directory on-premises. In any case, if you keep Exchange on-premises, you should ensure your Exchange 2013 environment is upgraded.
-Exchange 2019 includes all the features of previous releases of Exchange. It most closely matches the experience available with Microsoft 365, although some features are available only in Microsoft 365. Check out just a few of the things you've been missing:
+For the best experience, we recommend that you upgrade your remaining on-premises environment to Exchange 2019. You don't need to install Exchange Server 2016 because you can go directly from Exchange Server 2013 to Exchange Server 2019. Exchange 2019 most closely matches the experience available with Microsoft 365, although some features are available only in Microsoft 365.
****
+Below are important things to know about upgrading Exchange 2013:
|Item|More information| |||
-|End of support dates|Like Exchange 2013, each version of Exchange has its own end-of-support date: <p> Exchange 2013 - April 2023 <p> Exchange 2016 - October 2025 <p> The earlier the end-of-support date, the sooner you'll need to perform another migration. April 2023 is a lot closer than you think!|
-|Migration path to Exchange 2016 or 2019|The migration path from Exchange 2013 to a newer version is the same whether you choose Exchange 2016 or Exchange 2019: <p> Install Exchange 2016 or 2019 into your existing Exchange 2013 organization. <p> Move services and other infrastructure to Exchange 2016 or 2019. <p> Move mailboxes and public folders to Exchange 2013 or 2016 Decommission remaining Exchange 2013 servers.|
-|Version coexistence|When migrating to Exchange 2016 or Exchange 2019, you can install either version into an existing Exchange 2013 organization. This enables you to install one or more Exchange 2016 or Exchange 2019 servers and do your migration.|
-|Server hardware|Server hardware requirements have changed from Exchange 2013. Make sure your hardware is compatible. Find out more about hardware requirements for each version here: <p> - [Exchange 2016 system requirements](/Exchange/plan-and-deploy/system-requirements?view=exchserver-2016&preserve-view=true) </br> - [Exchange 2019 system requirements](/exchange/plan-and-deploy/system-requirements?view=exchserver-2019) <p>With the significant improvements in Exchange performance and the increased computing power and storage capacity in newer servers, you'll likely need fewer servers to support the same number of mailboxes.|
-|Operating system version|The minimum supported operating system versions for each version are: <p>- Exchange 2016 - Windows Server 2012 </br>- Exchange 2019 - Windows Server 2019 <p> You can find more information about operating system support at [Exchange Supportability Matrix](/exchange/plan-and-deploy/supportability-matrix).|
-|Active Directory forest functional level|The minimum supported Active Directory forest functional levels for each version are: <p>- Exchange 2016 - Windows Server 2008 R2 SP1 </br>- Exchange 2019 - Windows Server 2012 R2 Active Directory servers <p> You can find more information about forest functional level support at [Exchange Supportability Matrix](/exchange/plan-and-deploy/supportability-matrix).|
-|Office client versions|The minimum supported Office client versions for each version are: <p> Exchange 2016 - Office 2010 (with the latest updates) <p> Find more information about Office client support at [Exchange Supportability Matrix](/exchange/plan-and-deploy/supportability-matrix).|
+|End of support dates|Like Exchange 2013, each version of Exchange has its own end-of-support date: <p> Exchange 2013 - April 2023 <p> April 2023 is a lot closer than you think!|
+|Migration path to Exchange 2019|The migration path from Exchange 2013 to a newer version is simple: <p> Install Exchange 2019 into your existing Exchange 2013 organization. <p> Move services and data from Exchange 2013 to Exchange 2019 and decommission Exchange 2013 servers.|
+|Server hardware|Server hardware requirements have changed from Exchange 2013. Make sure your hardware is compatible. Find out more about hardware requirements here: <p> [Exchange 2019 system requirements](/exchange/plan-and-deploy/system-requirements?view=exchserver-2019) <p>With the significant improvements in Exchange performance and the increased computing power and storage capacity in newer servers, you'll likely need fewer servers to support the same number of mailboxes.|
+|Operating system version|The minimum supported operating system version for Exchange 2019 is Windows Server 2019. Windows Server 2022 support is coming soon <p> You can find more information about operating system support at [Exchange Supportability Matrix](/exchange/plan-and-deploy/supportability-matrix).|
+|Active Directory forest functional level|The minimum supported Active Directory forest functional level is Windows Server 2012 R2. You can find more information about forest functional level support at [Exchange Supportability Matrix](/exchange/plan-and-deploy/supportability-matrix).|
+|Office client versions|The minimum supported Office client version is also documented in the [Exchange Supportability Matrix](/exchange/plan-and-deploy/supportability-matrix?view=exchserver-2019#clients).|
| Use the following resources to help with your migration: - [Exchange Deployment Assistant](/exchange/exchange-deployment-assistant)-- Active Directory schema changes for Exchange [2016](/exchange/plan-and-deploy/active-directory/ad-schema-changes?view=exchserver-2016&preserve-view=true), [2013](/Exchange/exchange-2013-active-directory-schema-changes-exchange-2013-help)-- System requirements for Exchange [2016](/exchange/plan-and-deploy/system-requirements?view=exchserver-2016&preserve-view=true), [2013](/Exchange/exchange-2013-system-requirements-exchange-2013-help)-
+- Active Directory [schema changes for Exchange 2019](/exchange/plan-and-deploy/active-directory/ad-schema-changes?view=exchserver-2019)
+- System [requirements for Exchange 2019](/exchange/plan-and-deploy/system-requirements?view=exchserver-2019)
## What if I need help?
enterprise Move Sharepoint Between Geo Locations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/move-sharepoint-between-geo-locations.md
You can schedule SharePoint site moves in advance (described later in this artic
- You can schedule up to 4,000 moves at a time. - As the moves begin, you can schedule more, with a maximum of 4,000 pending moves in the queue and any given time.
+- The maximum size of a SharePoint site that can be moved is 1 terabyte (1 TB).
To schedule a SharePoint site geo move for a later time, include one of the following parameters when you start the move:
enterprise Setup Guides For Microsoft 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/setup-guides-for-microsoft-365.md
The [Microsoft Defender for Office 365 setup guide](https://aka.ms/oatpsetup) sa
The [Microsoft Defender for Identity setup guide](https://aka.ms/DefenderforIdentitysetup) provides security solution set-up guidance to identify, detect, and investigate advanced threats that might compromise user identities. These include detecting suspicious user activities and malicious insider actions directed at your organization. YouΓÇÖll create a Defender for Identity instance, connect to your organization's Active Directory, and then set up sensors, alerts, notifications, and configure your unique portal preferences.
+### Insider risk solutions setup guide
+
+The [Insider risk solutions setup guide](https://aka.ms/Insiderrisksetup) helps you protect your organization against insider risks that can be challenging to identify and difficult to mitigate. Insider risks occur in a variety of areas and can cause major problems for organizations, ranging from the loss of intellectual property to workplace harassment, and more.
+
+The solutions in this guide will help you gain visibility into user activities, actions, and communications with native signals and enrichments from across your organization:
+
+* With the communication compliance solution, you can identify and act on communication risks for items like workplace violence, insider trading, harassment, code of conduct, and regulatory compliance violations.
+* The insider risk management solution helps you identify, investigate, and take action on risks for intellectual property theft, sensitive data leaks, security violations, data spillage, and confidentiality violations.
+ ### Microsoft information protection setup guide Get an overview of the capabilities you can apply to your Information Protection strategy so you can be confident your sensitive information is protected. Use a four-stage lifecycle approach in which you discover, classify, protect, and monitor sensitive information. The [Microsoft information protection setup guide](https://aka.ms/mipsetupguide) provides guidance for completing each of these stages.
lighthouse M365 Lighthouse Review Audit Logs https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-review-audit-logs.md
+
+ Title: "Review audit logs"
+f1.keywords: NOCSH
+++
+audience: Admin
+
+ms.localizationpriority: medium
+
+- M365-subscription-management
+- Adm_O365
+
+- AdminSurgePortfolio
+- M365-Lighthouse
+search.appverid: MET150
+description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthouse, learn how to review audit logs."
++
+# Review audit logs
+
+> [!NOTE]
+> The features described in this article are in Preview, are subject to change, and are only available to partners who meet the [requirements](m365-lighthouse-requirements.md). If your organization does not have Microsoft 365 Lighthouse, see [Sign up for Microsoft 365 Lighthouse](m365-lighthouse-sign-up.md).
+Microsoft 365 Lighthouse audit logs record actions that generate a change in Lighthouse or other Microsoft 365 services. Create, edit, delete, assign, and remote actions all create audit events that you can review. By default, auditing is enabled for all customers. It can't be disabled.
+
+## Before you begin
+
+To view audit logs, you must have one of the following permissions:
+
+- Azure AD role - Global Administrator of partner tenant
+
+- Partner Center role - Admin Agent
+
+## Review logs
+
+1. In the left navigation pane in Lighthouse, select **Audit logs**.
+
+ > [!NOTE]
+ > It might take up to 1 hour to see new logs. Go to the respective service to see the most recent changes.
+
+2. To filter the logs, refine the list using the following options:
+
+ - **Date range** - Previous month, week, or day.
+ - **Tenants** - Tenant tags or customer tenant names.
+ - **Area** - The area where the action was initiated. The area corresponds to the entries in the left navigation bar.
+ - **Activity** - Microsoft 365 activity type that corresponds to the action taken. For more information, see Activity Types table.
+ - **Initiated by** - Who initiated the action.
+
+3. Select a log from the list to see full details including the **Request** body.
+
+Select **Export**, to export log data to a comma-separated values (.csv) file.
+
+## Activity Types
+
+The following table is a list of activity types captured within Lighthouse audit logs. The list is subject to change as new actions are created. You can use the activity value from the audit log to see what action was initiated.
+
+| Activity name | Area in Microsoft 365 Lighthouse | Action initiated | Service impacted |
+||-|-|-|
+|**offboardTenant** | Tenants | Inactivate a customer | Microsoft 365 Lighthouse |
+|**resetTenantOnboardingStatus** | Tenants | Reactive a customer | Microsoft 365 Lighthouse |
+| **tenantTags** | Tenants | Create or delete a tag | Microsoft 365 Lighthouse |
+|**assignTag** | Tenants | Apply a tag from a customer | Microsoft 365 Lighthouse |
+|**unassignTag** | Tenants | Remove a tag from a customer | Microsoft 365 Lighthouse |
+|**tenantCustomizedInformation** | Tenants | Create, update, or delete customer website or contact information | Microsoft 365 Lighthouse |
+|**changeDeploymentStatus** | Tenants | Action plan status for a deployment plan | Microsoft 365 Lighthouse |
+| **conditionalAccessPolicy** | Tenants | Require MFA for admins | Azure AD |
+| **conditionalAccessPolicy** | Tenants | Require MFA for users | Azure AD |
+| **conditionalAccessPolicy** | Tenants | Block Legacy Authentication | Azure AD |
+| **deviceRegistrationPolicy** | Tenants | Set up device enrollment | Azure AD |
+|**deviceConfiguration** | Tenants | Configure Microsoft Defender | Microsoft Endpoint Manager |
+| **deviceCompliancePolicy** | Tenants | Configure a device compliance policy | Microsoft Endpoint Manager |
+| **confirmUsersCompromised** | Users | Confirm user compromised | Azure AD |
+| **dismissUsersRisk** | Users | Dismiss user risk | Azure AD |
+| **resetUserPassword** | Users | Reset password | Azure AD |
+| **blockUserSignin** | Users | Block sign-in | Azure AD |
+| **setCustomerSecurityDefaultsEnabledStatus** | Users | Enable MFA with Security Defaults | Azure AD |
+| **syncDevice** | Devices | Sync | Microsoft Endpoint Manager |
+|**restartDevice** | Devices | Restart | Microsoft Endpoint Manager |
+| **windowsDefenderScan** | Threat management | Full scan | Microsoft Endpoint Manager |
+| **windowsDefenderScan** | Threat management | Quick scan | Microsoft Endpoint Manager |
+| **rebootNow** | Threat management | Reboot | Microsoft Endpoint Manager |
+| **windowsDefenderUpdateSignatures** | Threat management | Update antivirus | Microsoft Endpoint Manager |
+| **reprovision** | Tenants | Retry Provisioning | Windows 365 |
+
+## Next steps
+
+If you need more information, you can use Microsoft Graph API to access more audit events. For more information, see [Overview for multi-tenant management using the Microsoft 365 Lighthouse API](/graph/managedtenants-concept-overview).
+
+## Related content
+
+[Microsoft 365 Lighthouse FAQ](m365-lighthouse-faq.yml) (article)
managed-desktop Test Win11 Mmd https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/working-with-managed-desktop/test-win11-mmd.md
# Preview and test Windows 11 with Microsoft Managed Desktop
-How to enroll and participate in the Windows 11 compatibility testing program within your Microsoft Managed Desktop environment. For more about Windows 11 and Microsoft Managed Desktop generally, see [Windows 11 and Microsoft Managed Desktop](../intro/win11-overview.md).
+This article explains how to enroll and participate in the Windows 11 compatibility testing program within your Microsoft Managed Desktop environment. For more general information about Windows 11 and Microsoft Managed Desktop, see [Windows 11 and Microsoft Managed Desktop](../intro/win11-overview.md).
## Add devices to the Windows 11 test group
-We have created the device group (**Modern Workplace - Windows 11 Pre-Release Test Devices**) for testing and evaluating Windows 11. Despite "pre-release" in the name, devices in this group receive Windows 11 General Availability builds and Microsoft Managed Desktop baseline configurations as they become available, and are monitored for reliability issues.
+We've created the device group (**Modern Workplace - Windows 11 Pre-Release Test Devices**) for testing and evaluating Windows 11. Despite "pre-release" in the name, devices in this group receive Windows 11 General Availability builds, and Microsoft Managed Desktop baseline configurations as they become available. They're monitored for reliability issues.
-You can choose any of your existing or new devices for Windows 11 testing, but you shouldn't enroll production devices in this group until you are confident in the compatibility and overall experience on your test devices.
+You can use new devices or any existing devices for Windows 11 testing. However, you shouldn't enroll production devices in this group until youΓÇÖre confident in the test devices' compatibility and overall experience.
-## Prioritize applications to submit to Test Base
+## Prioritize applications to submit to the Test Base
-Business-critical applications are the best candidates for more validation in a closed Windows 11 environment. We can help you prioritize apps for Windows 11 testing based on usage and reliability data. To request our recommendations, follow these steps:
+Business-critical applications are the best candidates for more validation in a closed Windows 11 environment. We can help you decide on apps for Windows 11 testing based on usage and reliability data. To request our recommendations, follow these steps:
-1. Open a new service request with the Microsoft Managed Desktop Service Engineering team. If you need more info on how to file the request, see [Admin support](admin-support.md).
+1. Open a new support request with the Microsoft Managed Desktop Service Engineering team. If you need more info on how to file the request, see [Admin support](admin-support.md).
2. Use these values for the fields: - Title: Windows 11 Test Base candidates - Request type: Request for information
Business-critical applications are the best candidates for more validation in a
## Report issues
-If you encounter Windows 11 compatibility issues with your line-of-business or Microsoft 365 apps, report them to us for investigation and remediation. To report an issue, follow these steps:
+If you find Windows 11 compatibility issues with your line-of-business or Microsoft 365 apps, report them to us for investigation and remediation. To report an issue, follow these steps:
-1. Open a new service request with the Microsoft Managed Desktop Service Engineering team.
+1. Open a new support request with the Microsoft Managed Desktop Service Engineering team.
2. Use these values for the fields: - Title: Windows 11 compatibility testing - Request type: Incident - Category: Devices - Subcategory: Windows Upgrade/Update+ 3. Describe the behavior and how severely it would hinder your business in a production environment.
-Microsoft Managed Desktop triages and handles Windows 11 issues based on the effect on productivity. We'll confer with customer admins when the request is opened to ensure that issues that block user productivity are resolved prior to starting broader Windows 11 migration within any given tenant.
+Microsoft Managed Desktop triages and handles Windows 11 issues based on the effect on productivity. When the request is opened, we'll communicate, with customer admins, to ensure issues that block user productivity are resolved before starting broader Windows 11 migrations within any given tenant.
security Advanced Hunting Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-overview.md
ms.technology: m365d
Advanced hunting is a query-based threat hunting tool that lets you explore up to 30 days of raw data. You can proactively inspect events in your network to locate threat indicators and entities. The flexible access to data enables unconstrained hunting for both known and potential threats. <br><br>
-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4Bp7O]
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4G6DO]
You can use the same threat hunting queries to build custom detection rules. These rules run automatically to check for and then respond to suspected breach activity, misconfigured machines, and other findings.
security Advanced Hunting Query Language https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-query-language.md
ms.technology: m365d
- Microsoft 365 Defender - Microsoft Defender for Endpoint
-Advanced hunting is based on the [Kusto query language](/azure/kusto/query/). You can use Kusto operators and statements to construct queries that locate information in a specialized [schema](advanced-hunting-schema-tables.md). To understand these concepts better, run your first query.
+Advanced hunting is based on the [Kusto query language](/azure/kusto/query/). You can use Kusto operators and statements to construct queries that locate information in a specialized [schema](advanced-hunting-schema-tables.md).
+
+Watch this short video to learn some handy Kusto query language basics.
+
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RWRwfJ]
+
+To understand these concepts better, run your first query.
## Try your first query
-In the Microsoft 365 Defender portal, go to **Hunting** to run your first query. Use the following example:
+In the Microsoft 365 Defender portal, go to **Hunting** to run your first query. Use the following example:
```kusto // Finds PowerShell execution events that could involve a download