Updates from: 01/29/2021 04:12:15
Category Microsoft Docs article Related commit history on GitHub Change details
admin https://docs.microsoft.com/en-us/microsoft-365/admin/manage/use-qr-code-download-outlook https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/use-qr-code-download-outlook.md new file mode 100644 /dev/null
@@ -0,0 +1,45 @@
+
+ Title: "Use a QR code to sign-in to the Outlook mobile apps"
+f1.keywords:
+- NOCSH
+++
+audience: Admin
++
+localization_priority: Normal
+
+- Adm_O365
+- Adm_TOC
+
+- AdminSurgePortfolio
+description: "Learn how to use a QR code to authenticate and download Outlook mobile."
++
+# Use a QR code to sign-in to the Outlook mobile apps
+
+> [!IMPORTANT]
+> This Microsoft 365 feature is in public preview. Public preview provides early access to Microsoft 365 features.
+
+As the Microsoft 365 administrator, you can enable your users to sign in to Outlook for Android or iOS app on their mobile devices without having to enter their username and password. By scanning a QR code, users can securely authenticate and sign in to Outlook mobile.
+
+In Outlook on the web or other desktop Outlook applications, users may see notifications informing them that they can use Outlook on their mobile device. These notifications can be managed by the administrator using Exchange Powershell. If users choose to send themselves an SMS text message to download the app on their mobile device, a QR code will appear on their computer. They will be able to scan the QR code to log into Outlook on their phone or tablet. This QR code is a short lived token that can only be redeemed once.
+
+> [!NOTE]
+> In some cases, your users will have to re-authenticate on their computer to generate the QR code.
+
+## Use Exchange PowerShell
+
+This experience is on by default. To disable this feature, follow the steps below.
+
+1. [Connect to Exchange PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-exchange-online-powershell?view=exchange-ps).
+2. Using PowerShell, you can disable the notifications informing your users about the Outlook mobile apps. This will also prevent the QR code sign-in flow from being shown.
+
+```powershell
+Set-Organization -MobileAppEducationEnabled <Boolean>
+```
+
+Related topics
+
+[Set-OrganizationConfig](https://docs.microsoft.com/powershell/module/exchange/set-organizationconfig?view=exchange-ps)
\ No newline at end of file
business https://docs.microsoft.com/en-us/microsoft-365/business/set-up https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business/set-up.md
@@ -36,6 +36,8 @@ description: "Discover the setup steps for Microsoft 365 Business Premium, inclu
Watch this video for an overview of Microsoft 365 Business Premium setup.<br><br>
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4jZwg]
+ ## Add your domain, users, and set up policies When you purchase Microsoft 365 Business Premium, you have the option of using a domain you own, or buying one during the [sign-up](sign-up.md).
campaigns https://docs.microsoft.com/en-us/microsoft-365/campaigns/create-communications-site https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/create-communications-site.md
@@ -22,33 +22,33 @@ search.appverid:
- BCS160 - MET150 - MOE150
-description: "Create a communications site for your campaign."
+description: "Create a communications site for your campaign or business."
-# Create a communications site for your campaign
+# Create a communications site
-A great way to communicate priorities, share strategy documents, and highlight upcoming events is to use a communications site in SharePoint. Communications sites are for sharing things broadly across your whole campaign; it's your internal campaign site.
+A great way to communicate priorities, share strategy documents, and highlight upcoming events is to use a communications site in SharePoint. Communications sites are for sharing things broadly across your whole business or campaign; it's your internal strategy site.
## Best practices Include the following elements in your Communications site:
-1. Add your campaign logo and colors as a header image and theme
+1. Add your logo and colors as a header image and theme.
2. Lead with your strategy, message, important documents, a directory, and FAQ in a **Hero web part**.
-3. Include a candidate statement to the team in a **Text web part**.
-4. Add campaign events to an **Events web part** so everyone can see what's coming up.
+3. Include a CEO or candidate statement to the team in a **Text web part**.
+4. Add events to an **Events web part** so everyone can see what's coming up.
5. Add photos that people can use or share to an **Image gallery web part**. ![Diagram of a SharePoint Communications page with space for common elements that a campaign would need](../media/m365-democracy-comms-site.png)
-## Infographic: Create a Communications Site infographic
+## Infographic: Create a Communications Site infographic
+ The following links for PowerPoint and PDF can be downloaded and printed in tabloid format (also known as ledger, 11 x 17, or A3). [![Image for communications site infographic](../media/M365-Campaigns-CreateCommunicationSite-358-201.png)](downloads/M365CampaignsCreateCommunicationSite.pdf) [PDF](downloads/M365CampaignsCreateCommunicationSite.pdf) | [PowerPoint](downloads/M365CampaignsCreateCommunicationSite.pptx) - ## Set it up 1. Sign in to https://Office.com.
@@ -57,8 +57,6 @@ The following links for PowerPoint and PDF can be downloaded and printed in tabl
Learn all [about Communications sites](https://support.office.com/article/What-is-a-SharePoint-communication-site-94A33429-E580-45C3-A090-5512A8070732) and how to [create a communication site in SharePoint Online](https://support.microsoft.com/en-us/office/create-a-communication-site-in-sharepoint-online-7fb44b20-a72f-4d2c-9173-fc8f59ba50eb). - ## Admin settings
-If you don't see the **+ Create** site link, self-service site creation might not be available in Microsoft 365. To create a team site, contact the person administering Microsoft 365 in your organization. If you're a Microsoft 365 admin, see [Manage site creation in SharePoint Online](https://docs.microsoft.com/sharepoint/manage-site-creation) to enable self-service site creation for your organization or [Manage sites in the new SharePoint admin center](https://docs.microsoft.com/sharepoint/manage-sites-in-new-admin-center) to create a site from the SharePoint Online admin center.
-
+If you don't see the **+ Create** site link, self-service site creation might not be available in Microsoft 365. To create a team site, contact the person administering Microsoft 365 in your organization. If you're a Microsoft 365 admin, see [Manage site creation in SharePoint Online](https://docs.microsoft.com/sharepoint/manage-site-creation) to enable self-service site creation for your organization or [Manage sites in the new SharePoint admin center](https://docs.microsoft.com/sharepoint/manage-sites-in-new-admin-center) to create a site from the SharePoint Online admin center.
campaigns https://docs.microsoft.com/en-us/microsoft-365/campaigns/create-teams-for-collaboration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/create-teams-for-collaboration.md
@@ -31,15 +31,26 @@ Microsoft Teams is a collaboration app that helps your staff stay organized and
## Best practices
-As an example, campaigns can create the following teams to communicate and collaborate securely:
+1. Create private teams for sensitive information.
+1. Create an org-wide team for communication with everyone across your organization.
+1. Create teams for specific projects and apply the right amount of protection based on who should be included.
+1. Create specific teams for communication with external partners to keep them separate from anything sensitive for your business.
-1. **A Campaign Leads team:** Set this up as a private team so that only your key campaign members can access it and discuss potentially sensitive concerns.
-2. **A general Campaign team:** This is for everyone to use for day to day communications and work. Individuals, groups, or committees can set up channels in this team to do their work. For example, the event planning people can set up a channel to chat and coordinate logistics for campaign events.
-3. **A partners team:** This is a team where you can coordinate with your vendors, partners, or volunteers without allowing them into anything sensitive.
+For example, a business, legal firm, or healthcare practice could create the following teams:
-You can also create teams for specific projects and apply the right amount of protection based on who should be included.
+1. **A business-, firm-, or practice-wide team:** This is for everyone to use for day to day communications and work across your business. You can use this team to post announcements or share information of interest for your whole firm or practice.
+1. **Individual teams:** Set up teams for smaller groups to collaborate about their day to day work.
+1. **An external communications team or teams:** Coordinate with your vendors, partners, or clients without allowing them into anything sensitive. Set up different channels for specific groups.
-![Diagram of a Microsoft Teams window with three separate teams to allow for secure communication and collaboration](../media/m365-democracy-teams-collab.png)
+![Diagram of a Microsoft Teams window with three separate teams to allow for secure communication and collaboration within a business](../media/m365-democracy-teams-business-collab.png)
+
+And campaigns could create the following teams to communicate and collaborate securely:
+
+1. **A campaign Leads team:** Set this up as a private team so that only your key campaign members can access it and discuss potentially sensitive concerns.
+2. **A general campaign team:** This is for everyone to use for day to day communications and work. Individuals, groups, or committees can set up channels in this team to do their work. For example, the event planning people can set up a channel to chat and coordinate logistics for campaign events.
+3. **A partners team:** Coordinate with your vendors, partners, or volunteers without allowing them into anything sensitive.
+
+![Diagram of a Microsoft Teams window with three separate teams to allow for secure communication and collaboration within a campaign](../media/m365-democracy-teams-collab.png)
When you create a team, here's what else gets created:
@@ -50,29 +61,25 @@ When you create a team, here's what else gets created:
- Ties into other Office 365 apps such as Planner and Power BI Inside Microsoft Teams, you can find:
-1. **Teams:** Find channels to belong to or create your own. Inside channels you can hold on-the-spot meetings, have conversations, and share files.
+1. **Teams:** Find channels to belong to or create your own. Inside channels you can hold on-the-spot meetings, have conversations, and share files.
2. **Meetings:** See everything you've got lined up for the day or week. Or, schedule a meeting. This calendar syncs with your Outlook calendar.
-
3. **Calls:** In some cases, if your organization has it set up, you can call anyone from Microsoft Teams, even if they're not using Microsoft Teams.-
-4. **Activity:** Catch up on all your unread messages, @mentions, replies, and more.
+4. **Activity:** Catch up on all your unread messages, @mentions, replies, and more.
Use the command box at the top to search for specific items or people, take quick actions, and launch apps. - ## Set it up -
-Create a private team for just the campaign manager and candidate like this.
+Create a private team for just the business owner and managers, or campaign manager and candidate like this.
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RWeqWA]
-Create an organization-wide team that everyone in the campaign can use to communicate and share files.
+Create an organization-wide team that everyone in the business or campaign can use to communicate and share files.
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE2GCG9]
-Create a team that you share with guests outside the campaign, such as advertising of financing.
+Create a team that you share with guests outside your organization, such as for advertising or finances.
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE1FQMp]
@@ -81,4 +88,3 @@ Learn more about Microsoft Teams at [Microsoft Teams technical documentation](ht
## Admin settings You must be an admin to create an organization-wide team. For more information, see [What is an Admin in Microsoft 365?](https://support.office.com/article/what-is-an-admin-e123627e-4892-4461-b9aa-1b6d57a5cfa4?ui=en-US&rs=en-US&ad=US).
-
campaigns https://docs.microsoft.com/en-us/microsoft-365/campaigns/get-microsoft-365-campaigns https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/get-microsoft-365-campaigns.md
@@ -29,33 +29,40 @@ description: "Get Microsoft 365 for Campaigns so you can protect your campaign f
# Get Microsoft 365 for Campaigns Anybody with Microsoft 365 Business Premium can use this guidance to configure extra security for email and collaboration. However, campaigns and political parties in the USA are eligible for special pricing for Microsoft 365. Currently this special pricing is available to:-- US federal political campaigns (for example, campaigns seeking office for the US House, US Senate, or President)-- National-level political parties in the United States.
-If your campaign or political party qualifies, Microsoft 365 for Campaigns is the least expensive plan available through Microsoft.
+- National-level political parties in the United States, Canada, and New Zealand
+- National or federal political campaigns in the United States and New Zealand
+- U.S. State-wide political campaigns (eg: campaigns seeking office for governor, state legislature, or attorney general)*
-If you're not eligible for special pricing, Microsoft 365 Business Premium is still the most cost-effective way obtain comprehensive security for a collaboration environment. See [Sign up for Microsoft 365 for Campaigns](m365-campaigns-sign-up.md). Then use this library to configure extra security and to help your team collaborate securely.
+ *Due to local regulations, we are unable to offer M365 for Campaigns in the following states at this time: CO, DE, IL, OK, WI & WY. We encourage campaigns in those states to explore additional offerings at [Microsoft 365 for business](https://www.office.com/business).
+
+- State-level political parties in the United States
+
+If your campaign or political party qualifies, Microsoft 365 for Campaigns is the least expensive plan available through Microsoft. See [Sign up for Microsoft 365 for Campaigns](m365-campaigns-sign-up.md).
+
+If you're not eligible for special pricing, Microsoft 365 Business Premium is still the most cost-effective way obtain comprehensive security for a collaboration environment. See [Set up Microsoft 365 Business Premium](../business/set-up.md?toc=/microsoft-365/campaigns/toc.json&bc=/microsoft-365/campaigns/breadcrumb/toc.json) and then use this library to configure extra security and to help your team collaborate securely.
## What does Microsoft 365 for Campaigns include?
-This configuration of Microsoft 365 Business Premium includes simple controls that help you and your staff work together securely:
+
+This configuration of Microsoft 365 Business Premium includes simple controls that help you and your staff work together securely:
+ - **Protect user identity**: Make sure that users are who they say they are when they sign in to send email or to access files (multifactor authentication). - **Protect sensitive information**: Protect sensitive information to monitor information that gets shared outside your organization (data loss prevention). - **Protect mobile devices**: Protect data on mobile devices (mobile app protection policy). - **Guard against malicious content**: Prevent access to malicious content by scanning email attachments (Defender for Office 365).-- **Protect passwords**: Set passwords to never expire which is more secure and helps prevent work stoppages (password policy). -
+- **Protect passwords**: Set passwords to never expire which is more secure and helps prevent work stoppages (password policy).
+- **AccountGuard Program Access**: Microsoft AccountGuard is a security service offered at no additional cost to customers in the political space. The service is designed to inform and help these highly targeted customers protect themselves from cybersecurity threats across their organizational and personal Microsoft email accounts. View more information at [Microsoft AccountGuard](https://www.microsoftaccountguard.com/).
## What does it cost, who needs it, and what is the commitment?
-If your campaign qualifies for special pricing Microsoft 365 for Campaigns costs $5 per user per month.
+
+If your campaign qualifies for special pricing Microsoft 365 for Campaigns costs $5 per user per month.
To protect your campaign, we recommend a license for the candidate, the campaign manager, all senior staff who are part of the campaign or party, and usually all full-time staff. Certain volunteer employees might also need a license. In general, assign a license to anyone in your campaign who needs protected email and devices. There's no minimum time commitment when you sign up for Microsoft 365 for Campaigns. You can pay monthly for the licenses you need and stop using the service anytime. ## How do I qualify for special pricing?
-1. Go to https://m365forcampaigns.microsoft.com/ and provide a few details about your organization. The details you provide help us to verify that you represent a national-level political campaign or party in the United States. There's no commitment when you complete this form.
-2. After you've completed the form, it takes us a few days to review your information.
-3. After we've verified that you represent a national-level political campaign or party, you'll receive an email invitation from Microsoft. Your invite includes a sign-up link specific to your organization.
+1. Go to [aka.ms/m365forcampaigns](https://aka.ms/m365forcampaigns/) and provide a few details about your organization. The details you provide help us to verify that you represent a national-level political campaign or party in the United States. There's no commitment when you complete this form.
+2. After you've completed the form, it takes us a few days to review your information.
+3. After we've verified that you represent a national-level political campaign or party, you'll receive an email invitation from Microsoft. Your invite includes a sign-up link specific to your organization.
When you receive your invitation, [Sign up for Microsoft 365 for Campaigns](m365-campaigns-sign-up.md).--
campaigns https://docs.microsoft.com/en-us/microsoft-365/campaigns/index https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/index.md
@@ -1,5 +1,5 @@
Title: "Microsoft 365 for campaigns"
+ Title: "Microsoft 365 for smaller businesses and campaigns"
f1.keywords: - NOCSH
@@ -24,28 +24,39 @@ search.appverid:
- BCS160 - MET150 ms.assetid: 5abfef7b-5957-484a-b06b-a7c55e013e44
-description: "Microsoft 365 for campaigns"
+description: "Microsoft 365 guidance for smaller businesses, including smaller firms, practices, and political campaigns."
-Microsoft 365 for Campaigns
+Microsoft 365 for smaller businesses and campaigns
===========================
-In our current world, keeping data and communications secure is a priority, particularly for political campaigns, medical and legal practices, and many other businesses. Microsoft 365 for Campaigns comes with a set of recommendations designed to help protect you and your data. This library includes help for setting up and using this recommended environment, even if you're not a campaign.
+In our current world, keeping data and communications secure is a priority, particularly for medical and legal practices, political campaigns, and many other smaller businesses. This solution provides a set of recommendations designed to help protect you and your data. This library includes help for setting up and using this recommended environment, no matter your business type.
-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE3clbH]
-What is Microsoft 365 for Campaigns?
+![Microsoft 365 Business Premium protects your productivity tools, collaboration tools, file storage, email, devices, and identity](../media/M365-WhatIsIt-SecurityFocus.png)
+
+This configuration includes the following guidance for productivity, collaboration, file storage, email, devices, and identity to protect your business:
+
+| Protection for | Description | Links |
+| -- | -- | -- | -- |
+|Email | Use multi-factor authentication, and ATP Advanced Phishing Protection, and ATP Safe Links and Safe Attachments, and use encrypted email for sensitive information.| [Set up multi-factor authentication](m365-campaigns-multifactor-authenication.md), [Protect against phishing attacks](m365-campaigns-phishing-and-attacks.md), [Encrypt or label your sensitive email](send-encrypted-email.md) |
+|iPhones and Android devices |Use multi-factor authentication, and set up Microsoft mobile apps, and require a PIN | [Set up multi-factor authentication](m365-campaigns-multifactor-authenication.md), [Set up mobile devices](../business/set-up-mobile-devices.md?toc=/microsoft-365/campaigns/toc.json)|
+|Bring-your-own-devices (BYOD) Macs and Windows 10 PCs |Keep Office up to date, keep operating systems updated, and enable security features. | [Protect unmanaged Windows 10 PCs and Macs](m365-campaigns-protect-pcs-macs.md) |
+|Storing and sharing files securely | Share files and videos from Microsoft Teams, OneDrive, SharePoint, and Microsoft Stream, and protect sensitive data.| [Share files and videos](share-files-and-videos.md) |
+|Managed Windows 10 devices |Use managed devices for key staff and secure these devices. | [Set up managed devices](../business/set-up-windows-devices.md?toc=/microsoft-365/campaigns/toc.json) |
+
+A recommended security configuration for Microsoft 365 Business Premium
-It's a recommended secure configuration that includes Microsoft 365 Business Premium so that you can:
+This recommended secure configuration for Microsoft 365 Business Premium lets you:
- Rely on trusted business productivity and collaboration tools, such as Outlook, Word, Excel, and other Office products. - Protect your work files on all of your iOS, Android, and Windows 10 devices with enterprise-grade security that is simple to manage. - Apply extra protection for user accounts and identity.
-![Microsoft 365 Business Premium protects your productivity tools, collaboration tools, file storage, email, devices, and identity](../media/M365-WhatIsIt-SecurityFocus.png)
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE3clbH]
-While federal election campaigns in the United States qualify for special pricing for Microsoft 365 Business Premium, any organization with this plan can take advantage of this guidance to configure increased security and learn how to collaborate securely.
+While federal and some state election campaigns in the United States qualify for [special pricing](get-microsoft-365-campaigns.md) for the Microsoft 365 for Campaigns offering of Microsoft 365 Business Premium, any organization with the Business Premium plan can take advantage of this guidance to configure increased security and learn how to collaborate securely.
This library includes the following:
@@ -60,11 +71,11 @@ Get started
Follow these steps to get started: -- [Get Microsoft 365 campaigns](get-microsoft-365-campaigns.md)-- [Learn how your users will work with Microsoft 365](m365-campaigns-users.md)-- [Set up Microsoft 365 campaigns](microsoft-365-campaigns-setup-overview.md)
+- For campaigns: [Get Microsoft 365 campaigns](get-microsoft-365-campaigns.md)
+- For any business: [Learn how your users will work with Microsoft 365](m365-campaigns-users.md)
+- For any business: [Set up Microsoft 365](microsoft-365-campaigns-setup-overview.md)
-Solutions for your campaign or small business
+Solutions for your business
-- After you set up your secure Microsoft 365 environment, you can use the following solutions to get working:
@@ -72,15 +83,14 @@ After you set up your secure Microsoft 365 environment, you can use the followin
| Create teams for collaboration | Set up online meetings | | - | - | | ![a SharePoint communication site](../media/sm-m365-democracy-teams-collab.png) | ![an online meeting](../media/m365-democracy-teams-meetings.png) |
-| Collaborate with teams for key staff, all staff, and partners or vendors. [Create your team](create-teams-for-collaboration.md) | Schedule a meeting with audio, video, and sharing with Microsoft Teams. [Set up a meeting](set-up-meetings.md) |
+| Collaborate with teams for key staff, all staff, and partners or vendors.<br>[Create your team](create-teams-for-collaboration.md) | Schedule a meeting with audio, video, and sharing with Microsoft Teams.<br>[Set up a meeting](set-up-meetings.md) |
| Encrypt or label your sensitive email | Create a communications site | | - | - | | ![Encrypted and labeled email](../media/sm-m365-campaign-email-encrypt.png) | ![a SharePoint communications site](../media/sm-m365-democracy-comms-site.png) |
-| Use encryption and sensitivity labels to protect email that contains confidential or sensitive information. [Send encrypted email](send-encrypted-email.md) | Share events, message, images, and more with your team in an internal communications site created with SharePoint. [Create your site](create-communications-site.md) |
+| Use encryption and sensitivity labels to protect email that contains confidential or sensitive information.<br>[Send encrypted email](send-encrypted-email.md) | Share events, message, images, and more with your team in an internal communications site created with SharePoint.<br>[Create your site](create-communications-site.md) |
| Share files and videos | | - | | ![sharing a file in Microsoft Teams](../media/m365-democracy-teams-sharefiles.png) |
-| Save your files and videos to the cloud so they're available to all <br><br>of the appropriate people. [Start sharing](share-files-and-videos.md) |
-
+| Save your files and videos to the cloud so they're available <br>to all of the appropriate people.<br>[Start sharing](share-files-and-videos.md) |
campaigns https://docs.microsoft.com/en-us/microsoft-365/campaigns/m365-campaigns-conditional-access https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/m365-campaigns-conditional-access.md
@@ -30,21 +30,21 @@ description: "Learn how to require MFA and set up conditional access policies fo
You protect access to your data with multi-factor authentication and conditional access policies. These add substantial additional security. Microsoft provides a set of baseline conditional access policies that are recommended for all customers. Baseline policies are a set of predefined policies that help protect organizations against many common attacks. These common attacks can include password spray, replay, and phishing.
-These policies require admins and users to enter a second form of authentication (called multi-factor authentication, or MFA) when certain conditions are met. For example, if a user in your organization tries to sign in to Microsoft 365 from a different country or from an unknown device, the sign-in might be considered risky. The user must provide an extra form of authentication (such as a fingerprint or a code) to prove their identity.
+These policies require admins and users to enter a second form of authentication (called multi-factor authentication, or MFA) under certain conditions. For example, if a user in your organization tries to sign in to Microsoft 365 from a different country or from an unknown device, the sign-in might be considered risky. The user must provide an extra form of authentication (such as a fingerprint or a code) to prove their identity.
+
+Currently, the baseline policies include the following policies:
-Currently, baseline policies include the following:
- Set up in Microsoft 365 admin center:
- - **Require MFA for admins** ΓÇö Requires multi-factor authentication for the most privileged administrator roles, including global administrator.
- - **End user protection** ΓÇö Requires multi-factor authentication for users only when a sign-in is risky.
+ - **Require MFA for admins**: Requires multi-factor authentication for the most privileged administrator roles, including global administrator.
+ - **End-user protection**: Requires multi-factor authentication for users only when a sign-in is risky.
- Set up in Azure Active Directory portal:
- - **Block legacy authentication** ΓÇö Older client apps and some new apps don't use newer, more secure, authentication protocols. These older apps can bypass conditional access policies and gain unauthorized access to your environment. This policy blocks access from clients that don't support conditional access.
- - **Require MFA for Service Management** ΓÇö Requires multi-factor authentication for access to management tools, including Azure portal (where you configure baseline policies).
+ - **Block legacy authentication**: Older client apps and some new apps don't use newer, more secure, authentication protocols. These older apps can bypass conditional access policies and gain unauthorized access to your environment. This policy blocks access from clients that don't support conditional access.
+ - **Require MFA for Service Management**: Requires multi-factor authentication for access to management tools, including Azure portal (where you configure baseline policies).
-Microsoft recommends that you enable all of these baseline policies. After these policies are enabled, admins and users will be prompted to register for Azure AD Multi-Factor authentication.
+We recommend that you enable all of these baseline policies. After these policies are enabled, admins and users will be prompted to register for Azure AD Multifactor Authentication.
For more information about these policies, see [What are baseline policies](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-baseline-protection)? - ## Require MFA To require that all users sign in with a second form of ID:
@@ -53,13 +53,12 @@ To require that all users sign in with a second form of ID:
2. On the Setup page, choose **View** in the **Make sign-in more secure** card. - ![Make sign-in more secure card.](../media/setupmfa.png) 3. On the Make sign-in more secure page, choose **Get started**.
-
+ 4. On the Strengthen sign-in security pane, select the check boxes next to **Require multi-factor authentication for admins** and **Require users to register for multi-factor authentication and block access if risk is detected**. Be sure to exclude the [emergency](m365-campaigns-protect-admin-accounts.md#create-an-emergency-admin-account) or "break-glass" admin account from the MFA requirement in the **Find users** box.
-
+ ![Strengthen sing-in security page.](../media/requiremfa.png) 5. Choose **Create policy** on the bottom of the page.
@@ -73,9 +72,8 @@ See the following specific instructions for each policy: <br>
- [Require MFA for users](https://docs.microsoft.com/azure/active-directory/conditional-access/howto-baseline-protect-end-users) <br> - [Block legacy authentication](https://docs.microsoft.com/azure/active-directory/conditional-access/howto-baseline-protect-legacy-auth) <br> - [Require MFA for service management](https://docs.microsoft.com/azure/active-directory/conditional-access/howto-baseline-protect-azure)
-
+ > [!NOTE] > Preview policies no longer exist and users will need to create their own policies. - You can set up extra policies, such as requiring approved client apps. For more information, see the [Conditional Access documentation](https://docs.microsoft.com/azure/active-directory/conditional-access/).
campaigns https://docs.microsoft.com/en-us/microsoft-365/campaigns/m365-campaigns-increase-protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/m365-campaigns-increase-protection.md
@@ -139,9 +139,9 @@ To create an anti-phishing policy in Defender for Office 365, watch [this short
|Setting or option|Recommended setting| |||
-|Name|Domain and most valuable campaign staff|
+|Name|Domain and most valuable staff|
|Description|Ensure most important staff and our domain are not being impersonated.|
-|Add users to protect|Select **+ Add a condition, The recipient is**. Type user names or enter the email address of the candidate, campaign manager, and other important staff members. You can add up to 20 internal and external addresses that you want to protect from impersonation.|
+|Add users to protect|Select **+ Add a condition, The recipient is**. Type user names or enter the email address of the business owners, partners, or candidate, managers, and other important staff members. You can add up to 20 internal and external addresses that you want to protect from impersonation.|
|Add domains to protect|Select **+ Add a condition, The recipient domain is**. Enter the custom domain associated with your Microsoft 365 subscription, if you defined one. You can enter more than one domain.| |Choose actions|If email is sent by an impersonated user: Choose **Redirect message to another email address**, and then type the email address of the security administrator; for example, *Alice<span><span>@contoso.com*. <br/> If email is sent by an impersonated domain: Choose **Quarantine message**.| |Mailbox intelligence|By default, mailbox intelligence is selected when you create a new anti-phishing policy. Leave this setting **On** for best results.|
campaigns https://docs.microsoft.com/en-us/microsoft-365/campaigns/m365-campaigns-multifactor-authenication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/m365-campaigns-multifactor-authenication.md
@@ -30,10 +30,10 @@ description: "Set up multifactor authentication."
Multi-factor authentication provides more security for your business. After your admin has required you to use MFA, you can set up the Microsoft Authenticator app to let you log into key apps securely with your phone.
-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE2MmQR]
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE2MmQR]
See more at [Set up multifactor authentication in Microsoft 365](https://support.office.com/article/a32541df-079c-420d-9395-9d59354f7225) ## Use the Outlook app in your devices
-After your admin has required you to use MFA and you've set up an authenticator app as a second form of authentication, we recommend that you install and only use the Outlook app to access your Microsoft 365 for Campaigns email. See [Set up mobile devices](../business/set-up-mobile-devices.md) for how to install Office apps, including Outlook, on your phone.
+After your admin has required you to use MFA and you've set up an authenticator app as a second form of authentication, we recommend that you install and only use the Outlook app to access your Microsoft 365 email. See [Set up mobile devices](../business/set-up-mobile-devices.md) for how to install Office apps, including Outlook, on your phone.
campaigns https://docs.microsoft.com/en-us/microsoft-365/campaigns/m365-campaigns-phishing-and-attacks https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/m365-campaigns-phishing-and-attacks.md
@@ -23,7 +23,7 @@ search.appverid:
- BCS160 - MET150 - MOE150
-description: "Protect against phishing and other attacks with Microsoft 365 for campaigns."
+description: "Protect against phishing and other attacks with Microsoft 365."
# Protect yourself against phishing and other attacks
@@ -37,17 +37,18 @@ Microsoft 365 includes many protections to guard against attacks, but there are
## Best practices
-**Reduce spam mail**
+### Reduce spam mail
Follow these [10 tips on how to help reduce spam](https://support.microsoft.com/en-us/office/10-tips-on-how-to-help-reduce-spam-55f756e8-688b-41c3-a086-8f68ccc592f6).
-**Report it!**
+### Report it!
Report any phishing or other scam emails you receive. Select the message, and choose **Report message** on the ribbon. Here's more information about [reporting junk and phishing emails](https://support.office.com/article/Use-the-Report-Message-add-in-b5caa9f1-cdf3-4443-af8c-ff724ea719d2).
-**Avoid phishing**
+### Avoid phishing
+ - Never reply to an email that asks you to send personal or account information. - If you receive an email that looks suspicious or asks you for this type of information, never click links that supposedly take you to a company website. - Never open any file attached to a suspicious-looking email.
@@ -56,7 +57,7 @@ Here's more information about [reporting junk and phishing emails](https://suppo
Read about five common types of scams in [Deal with abuse, phishing, or spoofing](https://support.office.com/article/Deal-with-abuse-phishing-or-spoofing-in-Outlook-com-0d882ea5-eedc-4bed-aebc-079ffa1105a3).
-**Make sure your emails look legitimate to others**
+### Make sure your emails look legitimate to others
Help your customers trust your communications by adding a digital signature to prove that it's coming from you. See [Secure messages by using a digital signature](https://support.office.com/article/secure-messages-by-using-a-digital-signature-549ca2f1-a68f-4366-85fa-b3f4b5856fc6).
@@ -71,6 +72,7 @@ Download this infographic with tips for you and the members of your campaign tea
## Set it up Learn more about how to:+ - [Keep your files and communications safe with Office](https://support.microsoft.com/en-us/office/keep-your-files-and-communications-safe-with-office-c4ddc381-7395-42da-887c-8836a3bb975f). - [Stay secure and private at work](https://support.office.com/article/stay-secure-and-private-at-work-104c7d91-b25a-453d-beee-ba64b6c6fc2d).
campaigns https://docs.microsoft.com/en-us/microsoft-365/campaigns/m365-campaigns-protect-admin-accounts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/m365-campaigns-protect-admin-accounts.md
@@ -30,9 +30,8 @@ Because admin accounts come with elevated privileges, they're valuable targets f
- How to set up an additional administrator account for emergencies. - How to protect these accounts.
-
-When you sign up for Microsoft 365 and enter your information, you automatically become the global admin. A global admin has the ultimate control of user accounts and all the other settings in the Microsoft admin center, but there are many different kinds of admin accounts with varying degrees of access. See [about admin roles](https://docs.microsoft.com/office365/admin/add-users/about-admin-roles) for information about the different access levels for each kind of admin role.
+When you sign up for Microsoft 365 and enter your information, you automatically become the global admin. A global admin has the ultimate control of user accounts and all the other settings in the Microsoft admin center, but there are many different kinds of admin accounts with varying degrees of access. See [about admin roles](https://docs.microsoft.com/office365/admin/add-users/about-admin-roles) for information about the different access levels for each kind of admin role.
## Create additional admin accounts
@@ -46,14 +45,14 @@ To create additional admin accounts:
![Choose Users and then Active users in the left nav](../media/Activeusers.png)
-2. On the **Active users** page, select **Add a user** at the top of the page, and on the **New user** panel, enter the name and other information.
-3. Expand the **Roles** section, and choose **Global administrator** to give this user global admin access. You can also choose **Customized administrator** and choose any of the roles that are displayed.
+ 2. On the **Active users** page, select **Add a user** at the top of the page, and on the **New user** panel, enter the name and other information.
+ 3. Expand the **Roles** section, and choose **Global administrator** to give this user global admin access. You can also choose **Customized administrator** and choose any of the roles that are displayed.
Enter an alternate email in the **Alternative email address** text box. You can use this address to recover your password information if you get locked out. For global admins, a billing statement will also be sent to this address. ![Choose the administrator role](../media/adminroles.png)
-
-4. In the **Product licenses** section, move the selector for **Microsoft 365 Business** to **Off** and the **Create user without product license** to **On**.
+
+ 4. In the **Product licenses** section, move the selector for **Microsoft 365 Business** to **Off** and the **Create user without product license** to **On**.
![Choose the product license](../media/productlicense.png)
@@ -66,13 +65,15 @@ You should also create a backup account that isn't set up with multi-factor auth
Use your user account to participate in collaboration with your organization, including checking mail. This means your admin credentials might be similar to *Alice.Chavez<span></span>@Contoso.org* and your regular user account might be similar to *Alice<span></span>@Contoso.com*. To create a new user account:+ 1. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=837890" target="_blank">admin center</a> and then choose **Users** \> **Active users** in the left nav. 2. On the **Active users** page, select **Add a user** at the top of the page, and on the **New user** panel, enter the name and other information. 3. Expand the **Roles** section, and choose **User (no administrative access)**.
-1. In the **Product licenses** section, move the selector for **Microsoft 365 Business** to **On**.
+4. In the **Product licenses** section, move the selector for **Microsoft 365 Business** to **On**.
## Register each of these accounts for multi-factor authentication
+Make sure these accounts are using [multifactor authentication](m365-campaigns-multifactor-authenication.md).
## Additional recommendations
campaigns https://docs.microsoft.com/en-us/microsoft-365/campaigns/m365-campaigns-protect-campaign-infographic https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/m365-campaigns-protect-campaign-infographic.md
@@ -26,7 +26,8 @@ search.appverid:
description: "What you can do to help protect your campaign from digital attacks."
-# Infographic: Help protect yourself and your campaign from digital threats
+# Infographic: Help protect yourself and your campaign from digital threats
+ The following links for PowerPoint and PDF can be downloaded and printed in tabloid format (also known as ledger, 11 x 17, or A3). [![Image for secure your help protect your campaign info graphic](../media/M365-Campaigns-WhatCanUsersDoToSecure-358x201.png)](downloads/M365CampaignsWhatCanUsersDoToSecure.pdf)
campaigns https://docs.microsoft.com/en-us/microsoft-365/campaigns/m365-campaigns-protect-pcs-macs https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/m365-campaigns-protect-pcs-macs.md
@@ -23,12 +23,12 @@ search.appverid:
- BCS160 - MET150 - MOE150
-description: "Protect against phishing and other attacks with Microsoft 365 for campaigns."
+description: "Protect unmanaged or bring-your-own devices (BYOD) with Microsoft 365."
# Protect unmanaged Windows 10 PCs and Macs
-You can manage Windows 10 PCs and Macs by enrolling them in Microsoft Intune, which allows you to ensure they're healthy and secure before accessing data in your environment. However, many campaigns and small businesses include staff who bring their own devices (byod), which will not be managed by the organization. For these unmanaged PCs and Macs, use this article to ensure that minimum security capabilities are configured.
+You can manage Windows 10 PCs and Macs by enrolling them in Microsoft Intune, which allows you to ensure they're healthy and secure before accessing data in your environment. However, many campaigns and small businesses include staff who bring their own devices (BYOD), which will not be managed by the organization. For these unmanaged PCs and Macs, use this article to ensure that minimum security capabilities are configured.
<!--A Windows 10 PC is considered managed after you have completed the following two steps:
@@ -44,13 +44,13 @@ You can manage Windows 10 PCs and Macs by enrolling them in Microsoft Intune, wh
If your Windows 10 PC or Mac is not managed by your organization, be sure to configure these security capabilities. ## [Windows 10](#tab/Windows10)+ **Turn on device encryption**<p> Device encryption is available on a wide range of Windows devices and helps protect your data by encrypting it. If you turn on device encryption, only authorized individuals will be able to access your device and data. See [turn on device encryption](https://support.microsoft.com/help/4028713/windows-10-turn-on-device-encryption) for instructions. If device encryption isn't available on your device, you can turn on standard [BitLocker encryption](https://support.microsoft.com/help/4028713/windows-10-turn-on-device-encryption) instead. (BitLocker isn't available on Windows 10 Home edition.) - **Protect your device with Windows Security**<p> If you have Windows 10, you'll get the latest antivirus protection with Windows Security. When you start up Windows 10 for the first time, Windows Security is on and actively helping to protect your PC by scanning for malware (malicious software), viruses, and security threats. Windows Security uses real-time protection to scan everything you download or run on your PC.
@@ -62,6 +62,7 @@ If you have an earlier version of Windows and are using Microsoft Security Essen
You should always run Windows Firewall even if you have another firewall turned on. Turning off Windows Firewall might make your device (and your network, if you have one) more vulnerable to unauthorized access. See [Turn Windows Firewall on or off](https://support.microsoft.com/help/4028544/windows-10-turn-windows-defender-firewall-on-or-off) for instructions ## [Mac](#tab/Mac)+ **Use FileVault to encrypt your Mac disk**<p> Disk encryption protects data when devices are lost or stolen. FileVault full-disk encryption helps prevent unauthorized access to the information on your startup disk. See [use FileVault to encrypt the startup disk on your Mac](https://support.apple.com/HT204837) for instructions.
campaigns https://docs.microsoft.com/en-us/microsoft-365/campaigns/m365-campaigns-security-overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/m365-campaigns-security-overview.md
@@ -1,5 +1,5 @@
Title: "Bump up security protection for your campaign"
+ Title: "Bump up security protection for your campaign or business"
f1.keywords: - NOCSH
@@ -23,23 +23,23 @@ search.appverid:
- BCS160 - MET150 - MOE150
-description: "Learn how to protect your campaign by increasing your security with Microsoft 365 for Campaigns."
+description: "Learn how to protect your campaign or business by increasing your security with Microsoft 365."
-# Bump up security protection for your campaign
+# Bump up security protection for your campaign or business
## Overview
-Watch this video to see how you can protect your campaign:
+Watch this video to see how you can protect your campaign or business:
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE3cfV1] Then follow the steps to:+ - [Protect against malware and other threats](m365-campaigns-increase-protection.md) - [Protect access to your campaign data](m365-campaigns-conditional-access.md) by protecting your accounts and apps - [Protect admin accounts](m365-campaigns-protect-admin-accounts.md) - [Set up mobile devices](../business/set-up-mobile-devices.md?toc=/microsoft-365/campaigns/toc.json)-- [Train your users](m365-campaigns-users.md) -
+- [Train your users](m365-campaigns-users.md)
campaigns https://docs.microsoft.com/en-us/microsoft-365/campaigns/m365-campaigns-sign-in https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/m365-campaigns-sign-in.md
@@ -1,5 +1,5 @@
Title: "Sign in to Microsoft 365 for Campaigns"
+ Title: "Sign in to Microsoft 365"
f1.keywords: - NOCSH
@@ -22,19 +22,21 @@
search.appverid: - BCS160 - MET150
-description: "Sign in to Microsoft 365 for Campaigns. Protect your campaign from cybersecurity threats to email, data, and communication."
+description: "Sign in to Microsoft 365. Protect your business, practice, or campaign from cybersecurity threats to email, data, and communication."
-# Sign in to Microsoft 365 for campaigns
+# Sign in to Microsoft 365
+
+## For business or campaign admins
+
+If you signed up for Microsoft 365, you're the Microsoft 365 admin. Here's how to sign in:
-## For campaign admins
-If you signed up for Microsoft 365 for Campaigns, you're the Microsoft 365 admin. Here's how to sign in:
1. Find the username and password that we sent to the email address that you gave us in step 2 of [Steps to sign up](m365-campaigns-sign-up.md#steps-to-sign-up).
-2. In the browser, go to the Microsoft 365 admin center at <a href="https://go.microsoft.com/fwlink/p/?linkid=837890" target="_blank">https://admin.microsoft.com</a>.
+2. In the browser, go to the Microsoft 365 admin center at <a href="https://go.microsoft.com/fwlink/p/?linkid=837890" target="_blank">https://admin.microsoft.com</a>.
3. Type in your username and password. Select **Sign in**. 4. In the top right of the page, find the **Preview on** control. Select **Preview on** so you can use all the controls described in [Bump up protection for your campaign](m365-campaigns-security-overview.md).
-## For campaign staff
-Set up campaign staff as described in [Add users](../business/add-users-m365b.md?toc=/microsoft-365/campaigns/toc.json)
-You can also reset and resend passwords on the **Add users** page.
-All campaign staff can sign in at <a href="https://office.com" target="_blank">https://Office.com</a>.
+## For staff
+Set up staff as described in [Add users](../business/add-users-m365b.md?toc=/microsoft-365/campaigns/toc.json)
+You can also reset and resend passwords on the **Add users** page.
+All staff can sign in at <a href="https://office.com" target="_blank">https://Office.com</a>.
campaigns https://docs.microsoft.com/en-us/microsoft-365/campaigns/m365-campaigns-sign-up https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/m365-campaigns-sign-up.md
@@ -30,13 +30,14 @@ description: "Step-by-step sign-up for Microsoft 365 for Campaigns. Protect your
Here's how to complete your sign-up for Microsoft 365 for Campaigns.
-## Before you start:
-- Get your invite to Microsoft 365 for Campaigns by completing the steps in [Get Microsoft 365 for Campaigns](get-microsoft-365-campaigns.md#get-microsoft-365-for-campaigns).
+## Before you start:
+
+- Get your invite to Microsoft 365 for Campaigns by completing the steps in [Get Microsoft 365 for Campaigns](get-microsoft-365-campaigns.md#get-microsoft-365-for-campaigns).
- Open your email invitation from Microsoft. The invite has a unique sign-up link for your organization. You need this to get campaigns special pricing.-- Have your business credit card and a phone ready.
+- Have your business credit card and a phone ready.
> [!TIP]
- > Your sign-up link is unique to your campaign. It only works once, so make sure you have enough time to complete sign-up. You need about ten minutes.
+ > Your sign-up link is unique to your campaign. It only works once, so make sure you have enough time to complete sign-up. You need about ten minutes.
## Steps to sign up
@@ -48,7 +49,7 @@ Here's how to complete your sign-up for Microsoft 365 for Campaigns.
1. In **Username**, enter the name or alias you want for your email address. For example, you might want to be known as just Alice, or Rob. In a larger campaign, AliceC or AliceChavez might make more sense. 2. In **Your company**, enter the name of the campaign you work for. For example, ContosoCampaign. If you already own a domain, use that name here. 3. In **Select a domain**, select **.onmicrosoft.com** for now. We can set you up with a domain later, or help you get Microsoft 365 connected to a domain that you already own.
- 4. Create a password and select **Create my account**.
+ 4. Create a password and select **Create my account**.
> [!NOTE] > If your campaign or party doesn't own a domain, and you have decided what domain you want, you can buy one now by selecting it.
@@ -84,8 +85,8 @@ If you already have and existing subscription to Microsoft 365 for business, for
After you have completed these steps, you're ready to [assign the new licenses](../admin/manage/assign-licenses-to-users.md) to your campaign staff. - ## What's next?-- [Set up Microsoft 365](../business/set-up.md?toc=/microsoft-365/campaigns/toc.json) to complete your Microsoft 365 for Campaigns set up. +
+- [Set up Microsoft 365](../business/set-up.md?toc=/microsoft-365/campaigns/toc.json) to complete your Microsoft 365 for Campaigns set up.
- [Add users](../business/add-users-m365b.md?toc=/microsoft-365/campaigns/toc.json) to your plan. Include the campaign candidate, all senior campaign staff, and anyone who will have access to sensitive campaign or party information. - [Bump up protection for your campaign](m365-campaigns-security-overview.md)\ No newline at end of file
campaigns https://docs.microsoft.com/en-us/microsoft-365/campaigns/m365-campaigns-users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/m365-campaigns-users.md
@@ -1,5 +1,5 @@
Title: "How Microsoft 365 for campaigns affects your users"
+ Title: "How these security recommendations affect your users"
f1.keywords: - NOCSH
@@ -23,52 +23,58 @@ search.appverid:
- BCS160 - MET150 - MOE150
-description: "Learn how Microsoft 365 for campaigns affects your users."
+description: "Learn how these security recommendations for Microsoft 365 Business Premium affects your users and protects your data."
-# How Microsoft 365 for Campaigns affects your users
+# How these security recommendations affect your users
-Microsoft 365 for Campaigns makes it much harder for hackers to gain access to your environment. The tradeoff is that your users will need to be aware of how to work within this more secure environment. We understand a little extra patience is required, but it's worth it to keep your organization protected.
+The security recommendations for Microsoft 365 in this solution make it much harder for hackers to gain access to your environment. The tradeoff is that your users will need to be aware of how to work within this more secure environment. We understand a little extra patience is required, but it's worth it to keep your organization protected.
-![Illustration that sums up key points from below for iPhones, Android devices, Macs, Windows 10, sharing, and key staff](../media/M365-democracy-Users_700px.png)
+![Illustration that sums up key points from below for iPhones, Android devices, Macs, Windows 10, sharing, and key staff](../media/M365-democracy-Users_900px.png)
## Use secure email practices+ All users should be aware of and use these email practices to help keep their email secure:+ - Set up email to use multi-factor authentication with the authenticator app. - Verify legitimate emails and look for safety tips from Advanced Phishing in Defender for Office 365 Protection. - Open only safe links and attachments, as verified by Safe Links and Safe Attachments.
-Learn more about [phishing and other attacks](m365-campaigns-phishing-and-attacks.md).
+Learn more about [multi-factor authentication](m365-campaigns-multifactor-authenication.md) and [phishing and other attacks](m365-campaigns-phishing-and-attacks.md).
-Download an [infographic](m365-campaigns-protect-campaign-infographic.md) with tips for you and the members of your campaign team.
+Download an [infographic](m365-campaigns-protect-campaign-infographic.md) with tips for you and the members of your team.
## Set up iPhones and Android devices+ All users you add to your environment will need to take a few minutes to [setup iPhones and Android devices](../business/set-up-mobile-devices.md?toc=%2Fmicrosoft-365%2Fcampaigns%2Ftoc.json) to work securely:+ - Set up devices to use multi-factor authentication with the authenticator app. - Use Microsoft mobile apps, including Outlook Mobile, Word, OneDrive, and other Microsoft apps from the app store. The native mail apps that are included on iPhones and Android devices aren't supported. - Require a PIN for users to unlock their device.
-After setting these up, your users will be prompted to use the authenticator app when accessing your organization data on these devices, including mail.
+After setting these up, your users will be prompted to use the authenticator app when accessing your organization data on these devices, including mail.
+
+## Keep BYOD Macs and Windows 10 PCs fresh
-## Keep BYOD Macs and Windows 10 PCs fresh
It's also important that users keep their primary work device up to date:-- Install the latest versions of Office desktop apps and keep these fresh with updates, when prompted. +
+- Install the latest versions of Office desktop apps and keep these fresh with updates, when prompted.
- Stay on top of operating system updates, such as Windows updates. For [unmanaged Windows 10 and Mac devices](m365-campaigns-protect-pcs-macs.md), users have the responsibility to ensure that basic security features are enabled. **Enable basic security capabilities on BYOD Windows 10 and Mac devices**
-||||
+| |**Windows 10**|**Mac**|
|:--|:--|:|
-||**Windows 10**|**Mac**|
|Security capabilities|Turn on BitLocker device protection<p><p> Ensure Windows Defender remains on <p>Turn on Windows Firewall| Use FileVault to encrypt the Mac disk <p><p>Use a reliable antivirus software <p>Turn on firewall protection| To learn more about these recommendations, see [Protect your account and devices from hackers and malware](https://support.office.com/article/Protect-your-account-and-devices-from-hackers-and-malware-066d6216-a56b-4f90-9af3-b3a1e9a327d6#ID0EAABAAA=Windows_10). ## Collaborate using Microsoft Teams, OneDrive, SharePoint Online, and other tools
-Your users might be tempted to share and store your organization files in places other than Microsoft 365. Microsoft 365 makes it as easy as possible to collaborate and share securely. You can [share files and videos](share-files-and-videos.md) directly from Microsoft Teams, OneDrive, Stream, and even from within a file. Sharing from within these tools helps keep your data from leaking. You can add additional protection to sensitive data to prevent sharing outside your organization.
+Your users might be tempted to share and store your organization files in places other than Microsoft 365. Microsoft 365 makes it as easy as possible to collaborate and share securely. You can [share files and videos](share-files-and-videos.md) directly from Microsoft Teams, OneDrive, Stream, and even from within a file. Sharing from within these tools helps keep your data from leaking. You can add additional protection to sensitive data to prevent sharing outside your organization.
## Set up managed Windows 10 devices
-We recommend that your most important staff members use freshly acquired Windows 10 devices that you manage. We'll show you how to [manage and secure these devices](../business/set-up-windows-devices.md?toc=/microsoft-365/campaigns/toc.json). This ensures that staff members who are the highest value target to hackers receive the most protection.
+
+We recommend that your most important staff members use freshly acquired Windows 10 devices that you manage. We'll show you how to [manage and secure these devices](../business/set-up-windows-devices.md?toc=/microsoft-365/campaigns/toc.json). This ensures that staff members who are the highest value target to hackers receive the most protection.
campaigns https://docs.microsoft.com/en-us/microsoft-365/campaigns/m365-customize-sign-in https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/m365-customize-sign-in.md
@@ -21,14 +21,14 @@
search.appverid: - BCS160 - MET150
-description: "Customize your sign-in page with a privacy and consent notice for Microsoft 365 for campaigns."
+description: "Customize your sign-in page with a privacy and consent notice for Microsoft 365."
# Customize your sign-in page with a privacy and consent notice
-Your political campaign can make it easier for law enforcement agencies to file legal charges against online criminals by adding a privacy and consent notice to your sign-in page.
+Your business or campaign can make it easier for law enforcement agencies to file legal charges against online criminals by adding a privacy and consent notice to your sign-in page.
-You can customize your sign-in page with your branding. You can also add text to help your users sign in, or to point out legal requirements or restrictions for getting access to Microsoft 365 for campaigns resources.
+You can customize your sign-in page with your branding. You can also add text to help your users sign in, or to point out legal requirements or restrictions for getting access to Microsoft 365 resources.
## Design customization the text on your sign-in page
@@ -37,7 +37,6 @@ To update the customizable elements on the sign-in page, you have to be a global
The elements you can update are: - **Sign-in page text**- An easy place to add the privacy and consent statement. - Sign-in page background image - Banner logo
campaigns https://docs.microsoft.com/en-us/microsoft-365/campaigns/microsoft-365-campaigns-setup-overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/microsoft-365-campaigns-setup-overview.md
@@ -1,5 +1,5 @@
Title: "Setup overview for Microsoft 365 for Campaigns"
+ Title: "Setup overview for Microsoft 365 Business Premium"
f1.keywords: - NOCSH
@@ -24,17 +24,18 @@ search.appverid:
- BCS160 - MET150 ms.assetid: 496e690b-b75d-4ff5-bf34-cc32905d0364
-description: "Setup overview for Microsoft 365 for Campaigns"
+description: "Setup overview for Microsoft 365 Business Premium for campaigns or other businesses"
-# Set up Microsoft 365 for Campaigns
+# Set up Microsoft 365
-This article describes the process of setting up Microsoft 365 for Campaigns. Anybody with Microsoft 365 Business Premium can use this guidance to step up security.
+This article describes the process of setting up Microsoft 365. Anybody with Microsoft 365 Business Premium can use this guidance to step up security.
-## Admins: Set up Microsoft 365 for Campaigns
-The following diagram describes how admins set up Microsoft 365 for Campaigns.
+## Admins: Set up Microsoft 365
-![Steps to set up Microsoft 365 for Campaigns](../media/M365-democracy-SetUpProcess.png)
+The following diagram describes how admins set up Microsoft 365.
+
+![Steps to set up Microsoft 365](../media/M365-democracy-SetUpProcess.png)
For campaigns that qualify for special pricing, get started by [requesting an invite from Microsoft](https://m365forcampaigns.microsoft.com/), then [signing up for Microsoft 365 for Campaigns](m365-campaigns-sign-up.md). To complete setup, [run the setup wizard](../business/set-up.md?toc=/microsoft-365/campaigns/toc.json) to configure the core settings.
@@ -42,17 +43,17 @@ For all other organizations, after you've [signed up for Microsoft 365 Business
For all organizations, bump up security protection by: [protecting admin accounts](m365-campaigns-protect-admin-accounts.md), [protecting access to mail and data](m365-campaigns-conditional-access.md), and [increasing threat protection](m365-campaigns-increase-protection.md).
+## Everyone: Set up your devices
- ## Everyone: Set up your devices
-
-Users will need to take a few minutes to set up devices to work with this environment. For your key users (those who are the highest value targets for hackers), you can set up and pre-configure new devices. This helps them to get started when they sign in with their Microsoft 365 credentials.
+Users will need to take a few minutes to set up devices to work with this environment. For your key users (those who are the highest value targets for hackers), you can set up and pre-configure new devices. This helps them to get started when they sign in with their Microsoft 365 credentials.
![User device setup process](../media/m365-democracy-user-device-setup.png)
-To set up user devices:
-1. Each user [sets up their mobile devices](../business/set-up-mobile-devices.md?toc=%2Fmicrosoft-365%2Fcampaigns%2Ftoc.json).
-2. For unmanaged devices, users set up their [PCs and Macs](m365-campaigns-protect-pcs-macs.md).
-For key staff, we recommend that you use [managed devices](../business/set-up-windows-devices.md?toc=/microsoft-365/campaigns/toc.json) for even better protection. For all devices, you'll want to set up [multifactor authentication](m365-campaigns-multifactor-authenication.md).
+To set up user devices:
+
+1. Each user [sets up their mobile devices](../business/set-up-mobile-devices.md?toc=%2Fmicrosoft-365%2Fcampaigns%2Ftoc.json).
+2. For unmanaged devices, users set up their [PCs and Macs](m365-campaigns-protect-pcs-macs.md).
+For key staff, we recommend that you use [managed devices](../business/set-up-windows-devices.md?toc=/microsoft-365/campaigns/toc.json) for even better protection. For all devices, you'll want to set up [multifactor authentication](m365-campaigns-multifactor-authenication.md).
3. All users should learn how to protect themselves and your campaign by learning about [phishing and other attacks](m365-campaigns-phishing-and-attacks.md). This [infographic](m365-campaigns-protect-campaign-infographic.md) can also help your users understand how to help protect your campaign from online threats. ## Contact support
@@ -60,5 +61,3 @@ For key staff, we recommend that you use [managed devices](../business/set-up-wi
**If you need to contact support:** As a Microsoft 365 admin, you have access to our customer support team, **[Contact support for business products - Admin Help](https://docs.microsoft.com/microsoft-365/admin/contact-support-for-business-products)**
-
-
campaigns https://docs.microsoft.com/en-us/microsoft-365/campaigns/send-encrypted-email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/send-encrypted-email.md
@@ -31,7 +31,6 @@ description: "Learn how to send encrypted email using Outlook."
Your data and campaign information is important and often confidential. Help protect this sensitive information by using encryption and sensitivity labels so you and your email recipients treat the information with the sensitivity it requires. - ## Best practices Before you send email with confidential or sensitive information, consider turning on:
@@ -41,7 +40,6 @@ Before you send email with confidential or sensitive information, consider turni
![Diagram of an email with callouts for labels and encryption](../media/m365-campaign-email-encrypt.png) - ## Set it up If you want to encrypt a message that doesn't meet a pre-defined rule or your admin hasn't set up any rules, you can apply a variety of different encryption rules before you send the message. To send an encrypted message from Outlook 2013 or 2016, or Outlook 2016 for Mac, select **Options > Permissions**, then select the protection option you need. You can also send an encrypted message by selecting the **Protect** button in Outlook on the web. For more information, see [Send, view, and reply to encrypted messages in Outlook for PC](https://support.microsoft.com/en-us/office/send-view-and-reply-to-encrypted-messages-in-outlook-for-pc-eaa43495-9bbb-4fca-922a-df90dee51980).
@@ -52,17 +50,16 @@ You can learn all about setting up email encryption at [Email encryption in Micr
### Automatically encrypt email messages
-Admins can create mail flow rules to automatically protect email messages that are sent and received from your campaign. Set up rules to encrypt any outgoing email messages, and remove encryption from encrypted messages coming from inside your organization or from replies to encrypted messages sent from your organization. 
+Admins can create mail flow rules to automatically protect email messages that are sent and received from your campaign. Set up rules to encrypt any outgoing email messages, and remove encryption from encrypted messages coming from inside your organization or from replies to encrypted messages sent from your organization.
You create mail flow rules to encrypt email messages with the new Office 365 Message Encryption (OME) capabilities. Define mail flow rules for triggering message encryption with the new OME capabilities by using the Exchange Admin Center (EAC).
-1. In a web browser, using a work or school account that has been granted global administrator permissions, sign in.
-2. Choose the Admin tile.
-3. In the admin center, choose **Admin centers > Exchange**.
+1. In a web browser, using a work or school account that has been granted global administrator permissions, sign in.
+2. Choose the Admin tile.
+3. In the admin center, choose **Admin centers > Exchange**.
For more information, see [Define mail flow rules to encrypt email messages](https://docs.microsoft.com/microsoft-365/compliance/define-mail-flow-rules-to-encrypt-email). ### Brand your encryption messages You can also apply your campaign branding to customize the look and the text in the email messages. For more information, see [Add your organization's brand to your encrypted messages](https://docs.microsoft.com/microsoft-365/compliance/email-encryption).-
campaigns https://docs.microsoft.com/en-us/microsoft-365/campaigns/set-up-meetings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/set-up-meetings.md
@@ -29,7 +29,7 @@ description: "Set up online meetings with Microsoft Teams."
# Set up meetings
-Meetings in Microsoft Teams include audio, video, and sharing. And because they're online, you'll always have a meeting space and never need a room or projector for your campaign. Microsoft Teams meetings are a great way to come together with your staff and volunteers both inside and outside of your organization. You don’t need to be a member of your organization or even have an account to join a meeting. For your political campaign, you can schedule and run online meetings using Microsoft Teams. You can include staff, volunteers, and guests outside your organization. During a meeting, you can share your screen, share files, assign tasks, and more.
+Meetings in Microsoft Teams include audio, video, and sharing. And because they're online, you'll always have a meeting space (without needing a room or projector!), even if your staff is geographically distributed or working remotely. Microsoft Teams meetings are a great way to come together with your staff both inside and outside of your organization. You don’t need to be a member of your organization or even have an account to join a meeting. You can schedule and run online meetings using Microsoft Teams. During a meeting, you can share your screen, share files, assign tasks, and more. Political campaigns can include staff, volunteers, and guests outside your organization in the meeting. Small firms or practices can meet with their staff, or meet with clients or partners over Microsoft Teams.
[![An illustration of two users in a meeting](../media/HostOnlineMeeting-thumb-358x201.png)](https://go.microsoft.com/fwlink/?linkid=2078712)
@@ -38,9 +38,9 @@ Download an infographic in [PDF](https://go.microsoft.com/fwlink/?linkid=2078712
## Best practices Follow these best practices for your online meetings:-- Schedule your online meetings right in Microsoft Teams. You can choose a team and channel, and Teams will invite the participants in that team or channel automatically.-- Need an impromptu meeting? If you're in a one-on-one chat, choose **Meet now** to start a video or audio call with the person you're chatting with.
+- Schedule your online meetings right in Microsoft Teams. You can choose a team and channel, and Teams will invite the participants in that team or channel automatically.
+- Need an impromptu meeting? If you're in a one-on-one chat, choose **Meet now** to start a video or audio call with the person you're chatting with.
## Schedule a meeting
campaigns https://docs.microsoft.com/en-us/microsoft-365/campaigns/share-files-and-videos https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/share-files-and-videos.md
@@ -29,32 +29,31 @@ description: "Share files and videos inside your campaign with Microsoft Teams a
# Share files and videos
-When you need to control who can view and who can edit your files, you need to store the files in a secure location, where you can make sure permissions are applied appropriately. You can use Microsoft Teams to store your files, and then share the files either inside or outside of your campaign by using Microsoft Teams or by sending SharePoint links. Sending a link rather than an email attachment means that you know who is viewing and modifying the files, and they can't be viewed or modified without your permission.
+When you need to control who can view and who can edit your files, you need to store the files in a secure location, where you can make sure permissions are applied appropriately. You can use Microsoft Teams to store your files, and then share the files either inside or outside of your firm, practice, or campaign by using Microsoft Teams or by sending SharePoint links. Sending a link rather than an email attachment means that you know who is viewing and modifying the files, and they can't be viewed or modified without your permission.
![Diagram of a Microsoft Teams window, showing Files tab and Get link on the menu](../media/m365-democracy-teams-sharefiles.png)
-With your files in Microsoft Teams and SharePoint, you can also work on the files together and review each other's changes. Use Microsoft Teams to share files inside of a political campaign. If you need to share externally with people outside the campaign, you can add them as guests to a team or send them a secure SharePoint link.
+With your files in Microsoft Teams and SharePoint, you can also work on the files together and review each other's changes. Use Microsoft Teams to share files inside of a firm, practice, or campaign. If you need to share externally with people outside your organization, you can add them as guests to a team or send them a secure SharePoint link.
-You can also use Microsoft Stream to store and share videos for your campaign. These videos are not viewable to the public so they are ideal for internal campaign messaging.
+You can also use Microsoft Stream to store and share videos internally. These videos are not viewable to the public so they are ideal for internal campaign messaging.
## Best practices Use these methods to share files and videos securely:
-1. Store files in Microsoft Teams or SharePoint, and make sure that only the people who need access to those files have them.
+1. Store files in Microsoft Teams or SharePoint, and make sure that only the people who need access to those files have them.
2. When you want to share, don't attach files to an email. Instead, choose **Get link** from Microsoft Teams or SharePoint and send the link in email. 3. To share a file externally, add the user as a guest to your team, or use SharePoint to get a secure link to share just that file.
-4. Use Microsoft Stream to host videos you want your campaign to see.
+4. Use Microsoft Stream to host videos you want your campaign to see.
5. Use Microsoft Teams or SharePoint to store video files you need your team to collaborate on or share.
-
## Set up To create a team and add guests, like advertisers or financing partners, to it, follow these steps. > [!VIDEO https://www.microsoft.com/videoplayer/embed/RE1FQMp]
-To share a secure link with a guest, without using Microsoft Teams, follow these steps
+To share a secure link with a guest, without using Microsoft Teams, follow these steps.
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE22Yf0]
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/apply-sensitivity-label-automatically.md
@@ -133,7 +133,7 @@ Also similarly to DLP policy configuration, you can choose whether a condition m
### Configuring trainable classifiers for a label
-This option is currently in preview.
+This option is currently in preview. If you use this option, make sure you have published in your tenant at least one other sensitivity label that's configured for auto-labeling and the [sensitive info types option](#configuring-sensitive-info-types-for-a-label).
When you select the **Trainable classifiers** option, select one or more of the built-in trainable classifiers from Microsoft. If you've created your own custom trainable classifiers, these are also available to select:
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager-faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-faq.md
@@ -76,4 +76,10 @@ No. Your compliance score measures your progress in completing recommended actio
## Can I use Compliance Manager for non-Microsoft products?
-While Compliance Manager provides continuous monitoring and recommended actions only for Microsoft cloud services, you can add custom assessments in Compliance Manager for your third-party services. In this way, you can use Microsoft Compliance Manager as a SaaS compliance management tool to help you manage all the controls across your digital assets.
\ No newline at end of file
+While Compliance Manager provides continuous monitoring and recommended actions only for Microsoft cloud services, you can add custom assessments in Compliance Manager for your third-party services. In this way, you can use Microsoft Compliance Manager as a SaaS compliance management tool to help you manage all the controls across your digital assets.
+
+## WhatΓÇÖs happening to Compliance Manager (classic) in the Service Trust Portal?
+
+The classic version of Compliance Manager, which resides in the Microsoft Service Trust Portal, will soon be retired. A Microsoft 365 Message Center notice will go out at least 60 days before the final retirement of Compliance Manager (classic). Customers who are managing their compliance activities in Compliance Manager (classic) will need to move their data, including assessments and controls, over to the new Compliance Manager solution in the Microsoft 365 compliance center. Customer data will not automatically transfer over to Compliance Manager in the Microsoft 365 compliance center when Compliance Manager (classic) is retired.
+
+To learn how you can quickly set up the new Compliance Manager, read our [Compliance Manager quickstart](compliance-manager-quickstart.md) guide.
\ No newline at end of file
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/ediscovery-decryption https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ediscovery-decryption.md
@@ -34,7 +34,7 @@ Microsoft eDiscovery tools support items encrypted with Microsoft encryption tec
## eDiscovery activities that support encrypted items
-The following table identifies the supported tasks that can be performed in Microsoft 365 eDiscovery tools on encrypted files attached to email massages and encrypted documents in SharePoint and OneDrive. These supported tasks can be performed on an encrypted files that match the criteria of a search. A value of "N/A" indicates the functionality isn't available in the corresponding eDiscovery tool.
+The following table identifies the supported tasks that can be performed in Microsoft 365 eDiscovery tools on encrypted files attached to email massages and encrypted documents in SharePoint and OneDrive. These supported tasks can be performed on encrypted files that match the criteria of a search. A value of `N/A` indicates the functionality isn't available in the corresponding eDiscovery tool.
|eDiscovery task |Content search |Core eDiscovery |Advanced eDiscovery | |:|:|:|:|
@@ -46,6 +46,16 @@ The following table identifies the supported tasks that can be performed in Micr
|Export encrypted documents in SharePoint and OneDrive |No |No |Yes | |||||
+**Note:** eDiscovery doesn't support encrypted files in SharePoint and OneDrive when a sensitivity label that applied the encryption is configured with either of the following settings:
+
+- Users can assign permissions when they manually apply the label to a document. This is sometimes referred to as *user-defined permissions*.<br/>
+
+- User access to the document has an expiration setting that is set to a value other than **Never**.
+
+For more information about these settings, see the "Configure encryption settings" section in [Restrict access to content by using sensitivity labels to apply encryption](encryption-sensitivity-labels.md#configure-encryption-settings).
+
+Documents encrypted with the previous settings can still be returned by an eDiscovery search. This may happen when a document property (such as the title, author, or modified date) matches the search criteria. Although these documents might be included in search results, they can't be previewed or reviewed. These documents will also remain encrypted when they're exported in Advanced eDiscovery.
+ ## Requirements for decryption in eDiscovery You have to be assigned the RMS Decrypt role to preview, review, and export files encrypted with Microsoft encryption technologies. You also have to be assigned this role to review and query encrypted files that are added to a review set in Advanced eDiscovery.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/limits-ediscovery20 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/limits-ediscovery20.md
@@ -56,20 +56,20 @@ The limits described in this section are related to using the search tool on the
| Description of limit | Limit | |:--|:--|
-|Maximum number of mailboxes or sites that can be searched in a single search. <br/> |No limit <br/> |
-|Maximum number of searches that can run at the same time. <br/> |No limit <br/> |
-|Maximum number of searches that a single user can start at the same time. <br/> |10 <br/> |
-|Maximum number of characters for a search query (including operators and conditions). <br/> |**Mailboxes**: 10,000<br/>**Sites**: 4,000 when searching all sites or 2,000 when searching up to 20 sites <sup>2</sup> <br/> |
-|Minimum number of alpha characters for prefix wildcards; for example, **one\*** or **set\***. <br/> |3 <br/> |
-|Maximum variants returned when using prefix wildcard to search for an exact phrase or when using a prefix wildcard and the **NEAR** Boolean operator. <br/> |10,000 <sup>3</sup> <br/> |
-|Maximum number of items per user mailbox that are displayed on preview page for searches. The newest items are displayed. <br/> |100 <br/> |
-|Maximum number of items from all mailboxes displayed on preview page for searches. <br/> |1,000 <br/> |
-|Maximum number of mailboxes that can be previewed for search results. If there are more than 1000 mailboxes that contain items that match the search query, only the top 1,000 mailboxes with the most results are available for preview.<br/> |1,000 <br/> |
-|Maximum number of items from SharePoint and OneDrive for Business sites displayed on preview page for searches. The newest items are displayed. <br/> |200 <br/> |
-|Maximum number of SharePoint and OneDrive for Business sites that can be previewed for search results. If there are more than 200 sites that contain items that match the search query, only the top 200 sites with the most results are available for preview. <br/> |200 <br/> |
-|Maximum number of items per public folder mailbox displayed on preview page for searches. <br/> |100 <br/> |
-|Maximum number of items found in all public folder mailbox items displayed on preview page for searches. <br/> |200 <br/> |
-|Maximum number of public folder mailboxes that can be previewed for search results. If there are more than 500 public folder mailboxes that contain items that match the search query, only the top 500 mailboxes with the most results are available for preview. <br/> |500 <br/> |
+|Maximum number of mailboxes or sites that can be searched in a single search. |No limit|
+|Maximum number of searches that can run at the same time. |No limit |
+|Maximum number of searches that a single user can start at the same time. |10 |
+|Maximum number of characters for a search query (including operators and conditions). |10,000&nbsp;<sup>2</sup>|
+|Minimum number of alpha characters for prefix wildcards; for example, **one\*** or **set\***.|3 |
+|Maximum variants returned when using prefix wildcard to search for an exact phrase or when using a prefix wildcard and the **NEAR** Boolean operator. |10,000&nbsp;<sup>3</sup>|
+|Maximum number of items per user mailbox that are displayed on preview page for searches. The newest items are displayed. |100|
+|Maximum number of items from all mailboxes displayed on preview page for searches.|1,000|
+|Maximum number of mailboxes that can be previewed for search results. If there are more than 1000 mailboxes that contain items that match the search query, only the top 1,000 mailboxes with the most results are available for preview.|1,000|
+|Maximum number of items from SharePoint and OneDrive for Business sites displayed on preview page for searches. The newest items are displayed. |200|
+|Maximum number of SharePoint and OneDrive for Business sites that can be previewed for search results. If there are more than 200 sites that contain items that match the search query, only the top 200 sites with the most results are available for preview.|200|
+|Maximum number of items per public folder mailbox displayed on preview page for searches. |100|
+|Maximum number of items found in all public folder mailbox items displayed on preview page for searches. |200|
+|Maximum number of public folder mailboxes that can be previewed for search results. If there are more than 500 public folder mailboxes that contain items that match the search query, only the top 500 mailboxes with the most results are available for preview.|500|
||| ## Viewer limits
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/meet-data-protection-and-regulatory-reqs-using-microsoft-cloud https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/meet-data-protection-and-regulatory-reqs-using-microsoft-cloud.md
@@ -21,7 +21,7 @@
# Microsoft Compliance Manager (classic) > [!IMPORTANT]
-> **Compliance Manager is now generally available in the [Microsoft 365 compliance center](https://compliance.microsoft.com/). We highly recommend customers discontinue using Compliance Manager (classic) and move to the new Compliance Manager to benefit from its rich user experience and updated control mapping. Please refer to our [Compliance Manager documentation](compliance-manager.md) to set up and start using the new Compliance Manager in the Microsoft 365 compliance center.**
+> **Compliance Manager (classic) will soon be removed from the Microsoft Service Trust Portal.** We recommend that you transition to the new [Compliance Manager in the Microsoft 365 compliance center](https://compliance.microsoft.com/), which provides an enhanced user experience and updated control mapping. Customers who have assessments in the classic version will need to create new assessments in the new Compliance Manager. Any existing data, including your assessments, controls, and other data, will not be transferred over to the new Compliance Manager. [Learn more about the transition](compliance-manager-faq.md#whats-happening-to-compliance-manager-classic-in-the-service-trust-portal).
*Compliance Manager isn't available in Office 365 operated by 21Vianet, Office 365 Germany, Office 365 U.S. Government Community High (GCC High), or Office 365 Department of Defense.*
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/retention-policies-teams https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-policies-teams.md
@@ -42,13 +42,21 @@ Teams messages in private channels are not included, and reactions from others i
Emails and files that you use with Teams aren't included in retention policies for Teams. These items have their own retention policies.
+The following mailboxes by RecipientTypeDetails are supported for Teams retention policies:
+
+- MailUser
+- UserMailbox
+- GroupMailbox
+- ArbitrationMailbox
+- SharedMailbox
+ ## How retention works with Microsoft Teams
-You can use a retention policy to retain data from chats and channel messages in Teams. Data from Teams chats is stored in a hidden folder in the mailbox of each user included in the chat, and data from Teams channel messages is stored in a similar hidden folder in the group mailbox for the team.
+You can use a retention policy to retain and delete data from chats and channel messages in Teams. Behind the scenes, Exchange mailboxes are used to store these messages. Data from Teams chats is stored in a hidden folder in the mailbox of each user included in the chat, and a similar hidden folder in a group mailbox is used for Teams channel messages.
-It's important to understand that Teams uses an Azure-powered chat service that also stores this data, and by default this service stores the data indefinitely. For this reason, we recommend that you create a retention policy that uses the Teams locations to retain and delete this Teams data. This retention policy can permanently delete this data from both the Exchange mailboxes and the underlying Azure-powered chat service. For more information, see [Security and compliance in Microsoft Teams](https://go.microsoft.com/fwlink/?linkid=871258) and specifically, the [Information Protection Architecture](https://docs.microsoft.com/MicrosoftTeams/security-compliance-overview#information-protection-architecture) section.
+It's important to understand that Teams uses an Azure-powered chat service that also stores this data, and by default this service stores the data indefinitely. For this reason, if you need to delete Teams messages for compliance reasons, we recommend that you use retention policies for Teams that can permanently delete this data from both the Exchange mailboxes and the underlying Azure-powered chat service. For more information about the underlying architecture, see [Security and compliance in Microsoft Teams](https://go.microsoft.com/fwlink/?linkid=871258) and specifically, the [Information Protection Architecture](https://docs.microsoft.com/MicrosoftTeams/security-compliance-overview#information-protection-architecture) section.
-Teams chats and channel messages are not affected by retention policies that are configured for user or group mailboxes. Even though Teams chats and channel messages are stored in Exchange, this Teams data is included only by a retention policy that's configured for the **Teams channel messages** and **Teams chats** locations.
+Although Teams chats and channel messages are stored in mailboxes, this Teams data is included only by a retention policy that's configured for the **Teams channel messages** and **Teams chats** locations. Teams chats and channel messages are not affected by retention policies that are configured for Exchange user or group mailboxes.
> [!NOTE] > If a user is included in an active retention policy that retains Teams data and you a delete a mailbox of a user who is included in this policy, to retain the Teams data, the mailbox is converted into an [inactive mailbox](inactive-mailboxes-in-office-365.md). If you don't need to retain this Teams data for the user, exclude the user account from the retention policy before you delete their mailbox.
contentunderstanding https://docs.microsoft.com/en-us/microsoft-365/contentunderstanding/index https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/index.md
@@ -67,7 +67,7 @@ The resources in this section help your users learn how to create and configure
| If you're looking for this information: | Go to this resource: | |:--|:--|
-|Learn how to work with models|[Create a content center](https://docs.microsoft.com/microsoft-365/contentunderstanding/create-a-content-center)<br><br>[Create a classifier](https://docs.microsoft.com/microsoft-365/contentunderstanding/create-a-classifier)<br><br>[Create an extractor](https://docs.microsoft.com/microsoft-365/contentunderstanding/create-an-extractor)<br><br>[Create a form processing model](https://docs.microsoft.com/microsoft-365/contentunderstanding/create-a-form-processing-model)<br><br>[Explanation types](https://docs.microsoft.com/microsoft-365/contentunderstanding/form-processing-overview)<br><br>[Apply a document understanding model](https://docs.microsoft.com/microsoft-365/contentunderstanding/apply-a-model)<br><br>[Learn about document understanding models through the sample model](https://docs.microsoft.com/microsoft-365/contentunderstanding/learn-about-document-understanding-models-through-the-sample-model)<br><br>|
+|Learn how to work with models|[Create a content center](https://docs.microsoft.com/microsoft-365/contentunderstanding/create-a-content-center)<br><br>[Create a classifier](https://docs.microsoft.com/microsoft-365/contentunderstanding/create-a-classifier)<br><br>[Create an extractor](https://docs.microsoft.com/microsoft-365/contentunderstanding/create-an-extractor)<br><br>[Create a form processing model](https://docs.microsoft.com/microsoft-365/contentunderstanding/create-a-form-processing-model)<br><br>[Explanation types](https://docs.microsoft.com/microsoft-365/contentunderstanding/explanation-types-overview)<br><br>[Apply a document understanding model](https://docs.microsoft.com/microsoft-365/contentunderstanding/apply-a-model)<br><br>[Learn about document understanding models through the sample model](https://docs.microsoft.com/microsoft-365/contentunderstanding/learn-about-document-understanding-models-through-the-sample-model)<br><br>|
|Apply a retention label to your model|[Apply a retention label to a document understanding model](https://docs.microsoft.com/microsoft-365/contentunderstanding/apply-a-retention-label-to-a-model)| |Use Managed Metadata services term store taxonomy when creating an extractor|[Leverage term store taxonomy when creating an extractor](https://docs.microsoft.com/microsoft-365/contentunderstanding/leverage-term-store-taxonomy)| |Learn how to see data about your models|[Model usage analytics](https://docs.microsoft.com/microsoft-365/contentunderstanding/model-usage-analytics)|
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/cross-tenant-mailbox-migration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/cross-tenant-mailbox-migration.md
@@ -266,6 +266,22 @@ MailboxMovePublishedScopes : {MigScope}
OAuthApplicationId : sd9890342-3243-3242-fe3w2-fsdade93m0 ```
+#### Verify Setup Script
+
+If you receive any errors during the configuration of the source or target tenants, you can run the VerifySetup.ps1 script located [on GitHub](https://github.com/microsoft/cross-tenant/releases/tag/Preview) and review the output.
+
+Here's an example of running VerifySetup.ps1 on the target tenant:
+
+```powershell
+VerifySetup.ps1 -PartnerTenantId <SourceTenantId> -ApplicationId <AADApplicationId> -ApplicationKeyVaultUrl <appKeyVaultUrl> -PartnerTenantDomain <PartnerTenantDomain> -Verbose
+```
+
+Here's an example of VerifySetup.ps1 on the source tenant:
+
+```powershell
+VerifySetup.ps1 -PartnerTenantId <TargetTenantId> -ApplicationId <AADApplicationId>
+```
+ ### Move mailboxes back to the original source If a mailbox move back to the original source tenant is required, the same set of steps and scripts will need to be run in both new source and new target tenants. The existing Organization Relationship object will be updated or appended, not recreated.
@@ -545,6 +561,34 @@ x500:/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn
> [!Note] > In addition to this X500 proxy, you will need to copy all X500 proxies from the mailbox in the source to the mailbox in the target.
+**Where do I start troubleshooting if moves do not work?**
+
+Start by running the VerifySetup.ps1 script located [on GitHub](https://github.com/microsoft/cross-tenant/releases/tag/Preview) and review the output.
+
+Here's an example of running VerifySetup.ps1 on the target tenant:
+
+```powershell
+VerifySetup.ps1 -PartnerTenantId <SourceTenantId> -ApplicationId <AADApplicationId> -ApplicationKeyVaultUrl <appKeyVaultUrl> -PartnerTenantDomain <PartnerTenantDomain> -Verbose
+```
+
+Here's an eExample of running VerifySetup.ps1 on the source tenant:
+
+```powershell
+VerifySetup.ps1 -PartnerTenantId <TargetTenantId> -ApplicationId <AADApplicationId>
+```
+
+**Can the source and target tenant utilize the same domain name?**
+
+No. The source and target tenant domain names must be unique. For example, a source domain of contoso.com and the target domain of fourthcoffee.com.
+
+**Will shared mailboxes move and still work?**
+
+Yes, however we only keep the store permissions as described in these articles:
+
+- [Microsoft Docs | Manage permissions for recipients in Exchange Online](https://docs.microsoft.com/exchange/recipients-in-exchange-online/manage-permissions-for-recipients)
+
+- [Microsoft Support | How to grant Exchange and Outlook mailbox permissions in Office 365 dedicated](https://support.microsoft.com/topic/how-to-grant-exchange-and-outlook-mailbox-permissions-in-office-365-dedicated-bac01b2c-08ff-2eac-e1c8-6dd01cf77287)
+ **Is Azure Key Vault required and when are transactions made?** Yes, an Azure subscription is required to use Key Vault to store the certificate to authorize migration. Unlike onboarding migrations which use username & password to authenticate to the source, cross-tenant mailbox migrations use OAuth and this certificate as the secret/credential. Access to the Key Vault must be maintained throughout all mailbox migrations as it is accessed once at the beginning and once end of migration, as well as once every 24 hours during incremental sync times. You can review AKV costing details [here]( https://azure.microsoft.com/en-us/pricing/details/key-vault/).
@@ -565,7 +609,7 @@ Do remember that this feature is currently in preview and the SLA and any applic
## Known issues -- **Issue: Auto Expanded archives cannot be migrated.** The cross-tenant migration feature support migrations of the primary mailbox and archive mailbox for a specific user. If the user in the source however has an auto expanded archive ΓÇô meaning more than one archive mailbox, the feature is unable to migrate the additional archives.
+- **Issue: Auto Expanded archives cannot be migrated.** The cross-tenant migration feature support migrations of the primary mailbox and archive mailbox for a specific user. If the user in the source however has an auto expanded archive ΓÇô meaning more than one archive mailbox, the feature is unable to migrate the additional archives and should fail.
- **Issue: Cloud MailUsers with non-owned smtp proxyAddress block MRS moves background.** When creating target tenant MailUser objects, you must ensure that all SMTP proxy addresses belong to the target tenant organization. If an SMTP proxyAddress exists on the target mail user that does not belong to the local tenant, the conversion of the MailUser to Mailbox is prevented. This is due to our assurance that mailbox objects can only send mail from domains for which the tenant is authoritative (domains claimed by the tenant):
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/multi-geo-tenant-configuration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/multi-geo-tenant-configuration.md
@@ -105,7 +105,10 @@ We recommend that you include setting the user's Preferred Data Location as a pa
## OneDrive Provisioning and the effect of PDL
-If the user already has a OneDrive site created in the tenant, setting their PDL will not automatically move their existing OneDrive. To move a user's OneDrive, see [OneDrive for Business Geo Move](move-onedrive-between-geo-locations.md) please follow the instructions in Moving OneDrive between geo locations. (Note that the user's Exchange mailbox does move automatically when you set the user's PDL.)
+If the user already has a OneDrive site created in the tenant, setting their PDL will not automatically move their existing OneDrive. To move a user's OneDrive, see [OneDrive for Business Geo Move](move-onedrive-between-geo-locations.md).
+
+> [!NOTE]
+> Exchange Online automatically relocates the user's mailbox if the PLD changes and the MailboxRegion no longer matches the Mailbox Database Geo Location code. For more information, see [Administering Exchange Online mailboxes in a multi-geo environment](https://docs.microsoft.com/microsoft-365/enterprise/administering-exchange-online-multi-geo).
If the user does not have a OneDrive site within the tenant, OneDrive will be provisioned for them in accordance to their PDL value, assuming the PDL for the user matches one of the company's satellite locations.
includes https://docs.microsoft.com/en-us/microsoft-365/includes/office-365-u.s.-government-dod-endpoints https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/office-365-u.s.-government-dod-endpoints.md
@@ -1,13 +1,13 @@
<!--THIS FILE IS AUTOMATICALLY GENERATED. MANUAL CHANGES WILL BE OVERWRITTEN.--> <!--Please contact the Office 365 Endpoints team with any questions.-->
-<!--USGovDoD endpoints version 2020102800-->
-<!--File generated 2020-10-28 11:00:05.0962-->
+<!--USGovDoD endpoints version 2021012800-->
+<!--File generated 2021-01-28 14:00:05.0993-->
## Exchange Online ID | Category | ER | Addresses | Ports | -- | | - | -
-1 | Optimize<BR>Required | Yes | `outlook-dod.office365.us, webmail.apps.mil`<BR>`40.66.24.0/21, 131.253.80.0/24, 131.253.83.64/26, 131.253.84.0/26, 131.253.84.128/26, 131.253.87.0/25, 131.253.87.128/28, 131.253.87.160/27, 131.253.87.192/28, 131.253.87.224/28, 131.253.88.16/28, 131.253.88.64/28, 131.253.88.80/28, 131.253.88.112/28, 131.253.88.176/28, 131.253.88.208/28, 131.253.88.224/28, 2001:489a:2200:500::/56` | **TCP:** 443, 80
+-- | -- | | - | -
+1 | Optimize<BR>Required | Yes | `outlook-dod.office365.us, webmail.apps.mil`<BR>`40.66.24.0/21, 131.253.80.0/24, 131.253.83.64/26, 131.253.84.0/26, 131.253.84.128/26, 131.253.87.0/25, 131.253.87.128/28, 131.253.87.160/27, 131.253.87.192/28, 131.253.87.224/28, 131.253.88.16/28, 131.253.88.64/28, 131.253.88.80/28, 131.253.88.112/28, 131.253.88.176/28, 131.253.88.208/28, 131.253.88.224/28, 2001:489a:2200:2c::/62, 2001:489a:2200:38::/62, 2001:489a:2200:40::/62, 2001:489a:2200:68::/61, 2001:489a:2200:70::/61, 2001:489a:2200:78::/64, 2001:489a:2200:7a::/63, 2001:489a:2200:7c::/64, 2001:489a:2200:7e::/64, 2001:489a:2200:81::/64, 2001:489a:2200:84::/63, 2001:489a:2200:87::/64, 2001:489a:2200:8b::/64, 2001:489a:2200:8d::/64, 2001:489a:2200:8e::/64, 2001:489a:2200:500::/56` | **TCP:** 443, 80
4 | Default<BR>Required | Yes | `outlook-dod.office365.us, webmail.apps.mil` | **TCP:** 143, 25, 587, 993, 995 5 | Default<BR>Required | Yes | `attachments-dod.office365-net.us, autodiscover.<tenant>.mail.onmicrosoft.com, autodiscover.<tenant>.mail.onmicrosoft.us, autodiscover.<tenant>.onmicrosoft.com, autodiscover.<tenant>.onmicrosoft.us, autodiscover-s-dod.office365.us` | **TCP:** 443, 80 6 | Allow<BR>Required | Yes | `*.protection.apps.mil, *.protection.office365.us`<BR>`23.103.191.0/24, 23.103.199.0/25, 23.103.204.0/22, 52.181.167.52/32, 52.181.167.91/32, 52.182.95.219/32, 2001:489a:2202::/62, 2001:489a:2202:8::/62, 2001:489a:2202:2000::/63` | **TCP:** 25, 443
@@ -37,7 +37,7 @@ ID | Category | ER | Addresses | Ports
12 | Default<BR>Required | Yes | `*.dod.cdn.office365.us`<BR>`52.181.164.39/32, 52.182.95.191/32` | **TCP:** 443 13 | Allow<BR>Required | Yes | `*.gov.us.microsoftonline.com, adminwebservice.gov.us.microsoftonline.com, becws.gov.us.microsoftonline.com, dod-graph.microsoft.us, graph.microsoftazure.us, login.microsoftonline.us, provisioningapi.gov.us.microsoftonline.com`<BR>`20.140.232.0/23, 52.126.194.0/23` | **TCP:** 443 14 | Default<BR>Required | No | `*.msauth.net, *.msauthimages.us, *.msftauth.net, *.msftauthimages.us, clientconfig.microsoftonline-p.net, graph.windows.net, login.microsoftonline.com, login.microsoftonline-p.com, login.windows.net, loginex.microsoftonline.com, login-us.microsoftonline.com, mscrl.microsoft.com, nexus.microsoftonline-p.com, secure.aadcdn.microsoftonline-p.com` | **TCP:** 443
-15 | Allow<BR>Required | Yes | `portal.apps.mil, reports.apps.mil, webshell.dodsuite.office365.us, www.ohome.apps.mil`<BR>`52.127.72.42/32, 52.127.76.42/32, 52.180.251.166/32, 52.181.160.19/32, 52.181.160.113/32, 52.181.160.236/32, 52.182.54.237/32, 52.182.92.132/32` | **TCP:** 443
+15 | Allow<BR>Required | Yes | `portal.apps.mil, reports.apps.mil, webshell.dodsuite.office365.us, www.ohome.apps.mil`<BR>`52.127.72.42/32, 52.127.76.42/32, 52.180.251.166/32, 52.181.24.112/32, 52.181.160.19/32, 52.181.160.113/32, 52.181.160.236/32, 52.182.24.200/32, 52.182.54.237/32, 52.182.92.132/32` | **TCP:** 443
16 | Allow<BR>Required | Yes | `*.osi.apps.mil, dod.loki.office365.us`<BR>`52.127.72.0/21, 2001:489a:2206::/48` | **TCP:** 443 17 | Default<BR>Required | No | `activation.sls.microsoft.com, crl.microsoft.com, go.microsoft.com, insertmedia.bing.office.net, ocsa.officeapps.live.com, ocsredir.officeapps.live.com, ocws.officeapps.live.com, office15client.microsoft.com, officecdn.microsoft.com, officecdn.microsoft.com.edgesuite.net, officepreviewredir.microsoft.com, officeredir.microsoft.com, ols.officeapps.live.com, r.office.microsoft.com` | **TCP:** 443, 80 18 | Default<BR>Required | No | `cdn.odc.officeapps.live.com, odc.officeapps.live.com, officeclient.microsoft.com` | **TCP:** 443, 80
includes https://docs.microsoft.com/en-us/microsoft-365/includes/office-365-u.s.-government-gcc-high-endpoints https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/office-365-u.s.-government-gcc-high-endpoints.md
@@ -1,13 +1,13 @@
<!--THIS FILE IS AUTOMATICALLY GENERATED. MANUAL CHANGES WILL BE OVERWRITTEN.--> <!--Please contact the Office 365 Endpoints team with any questions.-->
-<!--USGovGCCHigh endpoints version 2021011500-->
-<!--File generated 2021-01-15 17:00:01.4418-->
+<!--USGovGCCHigh endpoints version 2021012800-->
+<!--File generated 2021-01-28 14:00:07.6325-->
## Exchange Online ID | Category | ER | Addresses | Ports | -- | | | -
-1 | Optimize<BR>Required | Yes | `outlook.office365.us`<BR>`40.66.16.0/21, 131.253.83.0/26, 131.253.84.64/26, 131.253.84.192/26, 131.253.86.0/24, 131.253.87.144/28, 131.253.87.208/28, 131.253.87.240/28, 131.253.88.0/28, 131.253.88.32/28, 131.253.88.48/28, 131.253.88.96/28, 131.253.88.128/28, 131.253.88.144/28, 131.253.88.160/28, 131.253.88.192/28, 131.253.88.240/28, 2001:489a:2200:28::/62, 2001:489a:2200:3c::/62, 2001:489a:2200:44::/62, 2001:489a:2200:400::/56` | **TCP:** 443, 80
+-- | -- | | | -
+1 | Optimize<BR>Required | Yes | `outlook.office365.us`<BR>`40.66.16.0/21, 131.253.83.0/26, 131.253.84.64/26, 131.253.84.192/26, 131.253.86.0/24, 131.253.87.144/28, 131.253.87.208/28, 131.253.87.240/28, 131.253.88.0/28, 131.253.88.32/28, 131.253.88.48/28, 131.253.88.96/28, 131.253.88.128/28, 131.253.88.144/28, 131.253.88.160/28, 131.253.88.192/28, 131.253.88.240/28, 2001:489a:2200:28::/62, 2001:489a:2200:3c::/62, 2001:489a:2200:44::/62, 2001:489a:2200:58::/61, 2001:489a:2200:60::/62, 2001:489a:2200:79::/64, 2001:489a:2200:7d::/64, 2001:489a:2200:7f::/64, 2001:489a:2200:80::/64, 2001:489a:2200:82::/63, 2001:489a:2200:86::/64, 2001:489a:2200:88::/63, 2001:489a:2200:8a::/64, 2001:489a:2200:8c::/64, 2001:489a:2200:8f::/64, 2001:489a:2200:400::/56` | **TCP:** 443, 80
4 | Default<BR>Required | Yes | `attachments.office365-net.us, autodiscover.<tenant>.mail.onmicrosoft.com, autodiscover.<tenant>.mail.onmicrosoft.us, autodiscover.<tenant>.onmicrosoft.com, autodiscover.<tenant>.onmicrosoft.us, autodiscover-s.office365.us` | **TCP:** 443, 80 5 | Default<BR>Required | Yes | `outlook.office365.us` | **TCP:** 143, 25, 587, 993, 995 6 | Allow<BR>Required | Yes | `*.manage.office365.us, *.protection.office365.us, *.scc.office365.us, manage.office365.us, scc.office365.us`<BR>`13.72.179.197/32, 13.72.183.70/32, 23.103.191.0/24, 23.103.199.128/25, 23.103.208.0/22, 52.227.170.14/32, 52.227.170.120/32, 52.227.178.94/32, 52.227.180.138/32, 52.227.182.149/32, 52.238.74.212/32, 52.244.65.13/32, 2001:489a:2202:4::/62, 2001:489a:2202:c::/62, 2001:489a:2202:2000::/63` | **TCP:** 25, 443
includes https://docs.microsoft.com/en-us/microsoft-365/includes/office-365-worldwide-endpoints https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/office-365-worldwide-endpoints.md
@@ -1,7 +1,7 @@
<!--THIS FILE IS AUTOMATICALLY GENERATED. MANUAL CHANGES WILL BE OVERWRITTEN.--> <!--Please contact the Office 365 Endpoints team with any questions.-->
-<!--Worldwide endpoints version 2021010400-->
-<!--File generated 2021-01-04 11:00:02.1089-->
+<!--Worldwide endpoints version 2021012800-->
+<!--File generated 2021-01-28 14:00:01.4382-->
## Exchange Online
@@ -59,7 +59,7 @@ ID | Category | ER | Addresses | Ports
43 | Default<BR>Optional<BR>**Notes:** Microsoft Stream 3rd party integration (including CDNs) | No | `nps.onyx.azure.net` | **TCP:** 443 44 | Default<BR>Optional<BR>**Notes:** Microsoft Stream - unauthenticated | No | `*.azureedge.net, *.media.azure.net, *.streaming.mediaservices.windows.net` | **TCP:** 443 45 | Default<BR>Optional<BR>**Notes:** Office 365 Video | No | `*.keydelivery.mediaservices.windows.net, *.streaming.mediaservices.windows.net` | **TCP:** 443
-46 | Allow<BR>Required | Yes | `*.online.office.com, *broadcast.officeapps.live.com, *excel.officeapps.live.com, *onenote.officeapps.live.com, *powerpoint.officeapps.live.com, *rtc.officeapps.live.com, *shared.officeapps.live.com, *view.officeapps.live.com, *visio.officeapps.live.com, *word-edit.officeapps.live.com, office.live.com`<BR>`13.107.6.171/32, 13.107.140.6/32, 52.108.0.0/14, 52.238.106.116/32, 52.244.37.168/32, 52.244.203.72/32, 52.244.207.172/32, 52.244.223.198/32, 52.247.150.191/32, 2603:1010:2::cb/128, 2603:1010:200::c7/128, 2603:1020:200::682f:a0fd/128, 2603:1020:201:9::c6/128, 2603:1020:600::a1/128, 2603:1020:700::a2/128, 2603:1020:800:2::6/128, 2603:1020:900::8/128, 2603:1030:7::749/128, 2603:1030:800:5::bfee:ad3c/128, 2603:1030:f00::17/128, 2603:1030:1000::21a/128, 2603:1040:200::4f3/128, 2603:1040:401::762/128, 2603:1040:601::60f/128, 2603:1040:a01::1e/128, 2603:1040:c01::28/128, 2603:1040:e00:1::2f/128, 2603:1040:f00::1f/128, 2603:1050:1::cd/128, 2620:1ec:8fc::6/128, 2620:1ec:a92::171/128, 2a01:111:f100:2000::a83e:3019/128, 2a01:111:f100:2002::8975:2d79/128, 2a01:111:f100:2002::8975:2da8/128, 2a01:111:f100:7000::6fdd:6cd5/128, 2a01:111:f100:a004::bfeb:88cf/128` | **TCP:** 443
+46 | Allow<BR>Required | Yes | `*.officeapps.live.com, *.online.office.com, office.live.com`<BR>`13.107.6.171/32, 13.107.140.6/32, 52.108.0.0/14, 52.238.106.116/32, 52.244.37.168/32, 52.244.203.72/32, 52.244.207.172/32, 52.244.223.198/32, 52.247.150.191/32, 2603:1010:2::cb/128, 2603:1010:200::c7/128, 2603:1020:200::682f:a0fd/128, 2603:1020:201:9::c6/128, 2603:1020:600::a1/128, 2603:1020:700::a2/128, 2603:1020:800:2::6/128, 2603:1020:900::8/128, 2603:1030:7::749/128, 2603:1030:800:5::bfee:ad3c/128, 2603:1030:f00::17/128, 2603:1030:1000::21a/128, 2603:1040:200::4f3/128, 2603:1040:401::762/128, 2603:1040:601::60f/128, 2603:1040:a01::1e/128, 2603:1040:c01::28/128, 2603:1040:e00:1::2f/128, 2603:1040:f00::1f/128, 2603:1050:1::cd/128, 2620:1ec:8fc::6/128, 2620:1ec:a92::171/128, 2a01:111:f100:2000::a83e:3019/128, 2a01:111:f100:2002::8975:2d79/128, 2a01:111:f100:2002::8975:2da8/128, 2a01:111:f100:7000::6fdd:6cd5/128, 2a01:111:f100:a004::bfeb:88cf/128` | **TCP:** 443, 80
47 | Default<BR>Required | No | `*.cdn.office.net, contentstorage.osi.office.net` | **TCP:** 443 49 | Default<BR>Required | No | `*.onenote.com` | **TCP:** 443 50 | Default<BR>Optional<BR>**Notes:** OneNote notebooks (wildcards) | No | `*.microsoft.com, *.msecnd.net, *.office.net` | **TCP:** 443
managed-desktop https://docs.microsoft.com/en-us/microsoft-365/managed-desktop/get-ready/readiness-assessment-fix https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/get-ready/readiness-assessment-fix.md
@@ -21,7 +21,7 @@ For each check, the tool will report one of four possible results:
|Ready | No action is required before completing enrollment. | |Advisory | Follow the steps in the tool or this article for the best experience with enrollment and for users. You *can* complete enrollment, but you must fix these issues before you deploy your first device. | |Not ready | *Enrollment will fail if you don't fix these issues.* Follow the steps in the tool or this article to resolve them. |
-|Error | The Azure Active Director (AD) role you're using doesn't have sufficient permission to run this check. |
+|Error | The Azure Active Directory (AD) role you're using doesn't have sufficient permission to run this check. |
> [!NOTE] > The results reported by this tool reflect the status of your settings only at the specific point in time that you ran it. If you later make any changes to policies in Microsoft Intune, Azure Active Directory, or Microsoft 365, items that were "Ready" can become "Not ready." To avoid problems with Microsoft Managed Desktop operations, check the specific settings described in this article before you change any policies.
@@ -65,15 +65,15 @@ You have at least one certificate connector and no errors are reported. However,
### Conditional access policies
-Conditional access policies in your Azure AD organization must not target any Microsoft Manage Desktop service accounts.
+Conditional access policies must not prevent Microsoft Managed Desktop from managing your Azure AD organization (tenant) in Intune and Azure AD.
**Not ready**
-You have at least one conditional access policy that targets all users. Modify the policy to target a specific Azure AD group that does not include the Azure AD group of Microsoft Managed Desktop service accounts that will be created at enrollment. For steps, see [Conditional Access: Users and groups](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-conditional-access-users-groups).
+You have at least one conditional access policy that targets all users. During enrollment, we will exclude Microsoft Managed Desktop service accounts from relevant conditional access policies and apply new conditional access policies to restrict access to these accounts. After enrollment, you can review the Microsoft Managed Desktop conditional access policy in Microsoft Endpoint Manager. For more about these service accounts, see [Standard operating procedures](../service-description/operations-and-monitoring.md#standard-operating-procedures).
**Advisory**
-Make sure that any conditional access policies you have exclude the **Modern Workplace Service Accounts** Azure AD group. For steps, see [Adjust conditional access](https://docs.microsoft.com/microsoft-365/managed-desktop/get-started/conditional-access). The **Modern Workplace Service Accounts** Azure AD group is a dynamic group that we create for the service when you enroll. You'll have to come back to exclude this group after enrollment. For more about these service accounts, see [Standard operating procedures](../service-description/operations-and-monitoring.md#standard-operating-procedures).
+You have conditional access policies that could prevent Microsoft Managed Desktop from managing the Microsoft Managed Desktop service. During enrollment, we will exclude Microsoft Managed Desktop service accounts from relevant conditional access policies and apply new conditional access policies to restrict access to these accounts. For more about these service accounts, see [Standard operating procedures](../service-description/operations-and-monitoring.md#standard-operating-procedures).
**Error**
@@ -145,16 +145,16 @@ Microsoft Store for Business either isn't enabled or isn't synced with Intune. F
### Multifactor authentication
-Multifactor authentication must not be applied to Microsoft Managed Desktop service accounts.
+Multifactor authentication must not prevent Microsoft Managed Desktop from managing your Azure AD organization (tenant) in Intune and Azure AD.
**Not ready**
-You have some multifactor authentication policies set as **required** for conditional access policies that are assigned to all users. Change the policy to use an assignment that targets a specific Azure AD group that doesn't include any Microsoft Managed Desktop service accounts. For more information, see [Conditional access policies](#conditional-access-policies) and [Conditional Access: Require MFA for all users](https://docs.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa).
+You have some multifactor authentication policies set as **required** for conditional access policies that are assigned to all users. During enrollment, we will exclude Microsoft Managed Desktop service accounts from relevant conditional access policies and apply new conditional access policies to restrict access to these accounts. For more about these service accounts, see [Standard operating procedures](../service-description/operations-and-monitoring.md#standard-operating-procedures).
**Advisory**
-Make sure that any conditional access policies that require multifactor authentication exclude the **Modern Workplace -All** Azure AD group. For more information, see [Conditional access policies](#conditional-access-policies) and [Conditional Access: Require MFA for all users](https://docs.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa). The **Modern Workplace -All** Azure AD group is a dynamic group that we create when you enroll in Microsoft Managed Desktop, so you'll have to come back to exclude this group after enrollment.
+You have multifactor authentication required on conditional access policies that could prevent Microsoft Managed Desktop from managing the Microsoft Managed Desktop service. During enrollment, we will exclude Microsoft Managed Desktop service accounts from relevant conditional access policies and apply new conditional access policies to restrict access to these accounts. For more about these service accounts, see [Standard operating procedures](../service-description/operations-and-monitoring.md#standard-operating-procedures).
**Error**
@@ -334,4 +334,3 @@ The **Allow syncing only on PCs joined to specific domains** setting will confli
**Advisory** You're using the **Allow syncing only on PCs joined to specific domains** setting. This setting won't work with Microsoft Managed Desktop. Disable this setting, and instead set up OneDrive to use a conditional access policy. See [Plan a Conditional Access deployment](https://docs.microsoft.com/azure/active-directory/conditional-access/plan-conditional-access) for help.-
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/office-365-air https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/office-365-air.md
@@ -2,25 +2,24 @@
Title: Automated investigation and response in Microsoft Defender for Office 365 keywords: AIR, autoIR, ATP, automated, investigation, response, remediation, threats, advanced, threat, protection f1.keywords:
- - NOCSH
+- NOCSH
audience: ITPro Previously updated : 01/21/2021- Last updated : 01/28/2021 localization_priority: Normal search.appverid:
- - MET150
- - MOE150
+- MET150
+- MOE150
- - M365-security-compliance
- - m365initiative-defender-office365
+- M365-security-compliance
+- m365initiative-defender-office365
description: Get started using automated investigation and response capabilities in Microsoft Defender for Office 365.
- - air
- - seo-marvel-mar2020
+- air
+- seo-marvel-mar2020
ms.technology: mdo ms.prod: m365-security
@@ -121,7 +120,7 @@ Permissions are granted through certain roles, such as those that are described
|Task|Role(s) required| ||| |Set up AIR features|One of the following roles: <ul><li>Global Administrator</li><li>Security Administrator</li></ul> <p> These roles can be assigned in [Azure Active Directory](https://docs.microsoft.com/azure/active-directory/users-groups-roles/directory-assign-admin-roles) or in the [Security & Compliance Center](permissions-in-the-security-and-compliance-center.md).|
-|Start an automated investigation <p> or <p> Approve or reject recommended actions|One of the following roles, assigned in [Azure Active Directory](https://docs.microsoft.com/azure/active-directory/users-groups-roles/directory-assign-admin-roles) or in the [Security & Compliance Center](permissions-in-the-security-and-compliance-center.md): <ul><li>Global Administrator</li><li>Security Administrator</li><li>Security Reader <br> and </li><li>Search and Purge (this role is assigned only in the [Security & Compliance Center](permissions-in-the-security-and-compliance-center.md). You might have to create a new role group there and add the Search and Purge role to that new role group.</li></ul>|
+|Start an automated investigation <p> or <p> Approve or reject recommended actions|One of the following roles, assigned in [Azure Active Directory](https://docs.microsoft.com/azure/active-directory/users-groups-roles/directory-assign-admin-roles) or in the [Security & Compliance Center](permissions-in-the-security-and-compliance-center.md): <ul><li>Global Administrator</li><li>Security Administrator</li><li>Security Operator</li><li>Security Reader <br> and </li><li>Search and Purge (this role is assigned only in the [Security & Compliance Center](permissions-in-the-security-and-compliance-center.md). You might have to create a new role group there and add the Search and Purge role to that new role group.</li></ul>|
| ## Required licenses
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/secure-by-default https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/secure-by-default.md
@@ -48,13 +48,20 @@ Because Microsoft wants to keep our customers secure by default, some tenants ov
More information on these overrides can be found in [Create safe sender lists](create-safe-sender-lists-in-office-365.md).
+> [!NOTE]
+> We're in the process of deprecating the **Move message to Junk Email folder** action for a **High confidence phishing email** verdict in EOP anti-spam policies. Anti-spam policies that use this action for high confidence phishing messages will be converted to **Quarantine message**. The **Redirect message to email address** action for high confidence phishing messages is unaffected.
+ Secure by default is not a setting that can be turned on or off, but is the way our filtering works out of the box to keep potentially dangerous or unwanted messages out of your mailboxes. Malware and high confidence phishing messages should be quarantined. Only admins can manage messages that are quarantined as malware or high confidence phishing, and they can also report false positives to Microsoft from there. For more information, see [Manage quarantined messages and files as an admin in EOP](manage-quarantined-messages-and-files.md) ## More on why we're doing this
-The spirit of being secure by default is: we're taking the same action on the message that you would take if you knew the message malicious, even if there was an allow in place. This is the same approach that we've used on malware, and now we're extending this same behavior to high confidence phishing messages. Our data indicates that the false positive rate for high confidence phishing messages is very low, and admins can resolve any false positives with admin submissions. Our data also indicates that the allowed sender lists and allowed domain lists in anti-spam policies and Safe Senders in Outlook were too broad and causing more harm than good.
+The spirit of being secure by default is: we're taking the same action on the message that you would take if you knew the message malicious, even when a configured exception would otherwise allow the message to be delivered. This is the same approach that we've always used on malware, and now we're extending this same behavior to high confidence phishing messages.
+
+Our data indicates that a user is 30 times more likely to click a malicious link in messages in the Junk Email folder versus Quarantine. Our data also indicates that the false positive rate (good messages marked as bad) for high confidence phishing messages is very low, and admins can resolve any false positives with admin submissions.
+
+We also determined that the allowed sender and allowed domain lists in anti-spam policies and Safe Senders in Outlook were too broad and were causing more harm than good.
-To put it another way: as a security service, we're acting on your behalf to prevent your users from being compromised. In addition, secure by default is not a full takeover of your available options for high confidence phishing messages in anti-spam policies. Although we recommend Quarantine, the other actions that have always been available are still available (Move to Junk Email folder or Redirect to an email address).
+To put it another way: as a security service, we're acting on your behalf to prevent your users from being compromised.
## Exceptions