Updates from: 01/30/2021 04:14:12
Category Microsoft Docs article Related commit history on GitHub Change details
admin https://docs.microsoft.com/en-us/microsoft-365/admin/basic-mobility-security/choose-between-basic-mobility-and-security-and-intune https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/choose-between-basic-mobility-and-security-and-intune.md
@@ -22,10 +22,10 @@ description: "Basic Mobility and Security are part of the Microsoft 365 plans."
# Choose between Basic Mobility and Security or Intune
-[Microsoft Intune](https://docs.microsoft.com/mem/intune/) is a standalone product included with certain Microsoft 365 plans, while Basic Mobility and Security is part of the Microsoft 365 plans.
+[Microsoft Intune](https://docs.microsoft.com/mem/intune/) is a standalone product included with certain Microsoft 365 plans, while Basic Mobility and Security is part of the Microsoft 365 plans.
## Availability of Basic Mobility and Security and Intune
-
+ Both Basic Mobility and Security and Intune are included in a variety of plans, described in the following table. | Plan | Basic Mobility and Security | Microsoft Intune |
admin https://docs.microsoft.com/en-us/microsoft-365/admin/email/about-shared-mailboxes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/about-shared-mailboxes.md
@@ -54,6 +54,10 @@ Before you [create a shared mailbox](create-a-shared-mailbox.md), here are some
- **Message deletion:** Unfortunately, you can't prevent people from deleting messages in a shared mailbox. The only way around this is to create a Microsoft 365 group instead of a shared mailbox. A group in Outlook is like a shared mailbox. For a comparison of the two, see [Compare groups](../create-groups/compare-groups.md). To learn more about groups, see [Learn more about groups](https://support.microsoft.com/office/b565caa1-5c40-40ef-9915-60fdb2d97fa2). +
+> [!NOTE]
+> To access a shared mailbox, a user must have an Exchange Online license, but the shared mailbox doesn't require a separate license. Without a license, shared mailboxes are limited to 50 GB. To increase the size limit to 100 GB, the shared mailbox must be assigned an Exchange Online Plan 2 license or an Exchange Online Plan 1 license with an Exchange Online Archiving add-on license. This will also let you enable auto-expanding archiving for an unlimited amount of archive storage capacity. Similarly, if you want to place a shared mailbox on litigation hold, the shared mailbox must have an Exchange Online Plan 2 license or an Exchange Online Plan 1 license with an Exchange Online Archiving add-on license. If you want to apply advanced features such as Microsoft Defender for Office 365, Advanced eDiscovery, or automatic retention policies, the shared mailbox must be licensed for those features.
+ ## Related articles [Create a shared mailbox](create-a-shared-mailbox.md)
admin https://docs.microsoft.com/en-us/microsoft-365/admin/manage/change-address-contact-and-more https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/change-address-contact-and-more.md
@@ -48,9 +48,9 @@ To change other information on your company's profile page:
2. On the **Organization profile** tab, select **Organization information**.
-3. Update your organization's information, then select **Save changes**.
+3. Update your organization's information, then select **Save changes**. Be sure to fill in all required fields marked with an * to enable saving your changes.
- An explanation of each field is provided below.
+An explanation of each field is provided below.
## What do these fields mean?
admin https://docs.microsoft.com/en-us/microsoft-365/admin/manage/manage-office-scripts-settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-office-scripts-settings.md
@@ -46,7 +46,7 @@ Office ScriptsΓÇÄ allows users to automate tasks by recording, editing, and runn
4. If you previously turned off Office Scripts for your organization and you want to turn it back on, select **Let users automate their tasks in Excel on the web**, and then specify who can access and use the feature:
- - To allow all users in your organization to access and use Office Scripts, leave **Everyone** (the default) selected.
+ - To allow all users in your organization to access and use Office Scripts, leave **Everyone** (the default) selected.
- To allow only members of a specific group to access and use Office Scripts, select **Specific group**, and then enter the name or email alias of the group to add it to the allow list. You may add only one group to the allow list, and it must be one of the following types: - Microsoft 365 group
@@ -73,7 +73,21 @@ Office ScriptsΓÇÄ allows users to automate tasks by recording, editing, and runn
To learn more about the different types of groups, see [Compare groups](../create-groups/compare-groups.md).
-7. Select **Save**.
+7. To allow users to run their Office Scripts inside Power Automate flows, select **Let users with access to Office Scripts run their scripts with Power Automate**. This allows users to add flow steps with the [Excel Online (Business) Connector's](/connectors/excelonlinebusiness) **Run script** option.
+
+ - To allow all users with access to Office Scripts to use their scripts in flows, leave **Everyone** (the default) selected.
+
+ - To allow only members of a specific group with access to Office Scripts to use their scripts in flows, select **Specific group**, and then enter the name or email alias of the group to add it to the allow list. You may add only one group to the allow list, and it must be one of the following types:
+ - Microsoft 365 group
+ - Distribution group
+ - Security group
+ - Mail-enabled security group
+
+ To learn more about the different types of groups, see [Compare groups](../create-groups/compare-groups.md).
+
+ - To learn more about using Office Scripts with Power Automate, including how your data loss prevention policies may be impacted, see [Run Office Scripts with Power Automate](/office/dev/scripts/develop/power-automate-integration).
+
+8. Select **Save**.
It can take up to 48 hours for changes to Office Scripts settings to take effect.
@@ -86,4 +100,4 @@ Because Office Scripts works with Power Automate, we recommend that you review y
[Office Scripts technical documentation](/office/dev/scripts/) (link page)\ [Introduction to Office Scripts in Excel](https://support.microsoft.com/office/9fbe283d-adb8-4f13-a75b-a81c6baf163a) (article)\ [Sharing Office Scripts in Excel for the Web](https://support.microsoft.com/office/226eddbc-3a44-4540-acfe-fccda3d1122b) (article)\
-[Record, edit, and create Office Scripts in Excel on the web](/office/dev/scripts/tutorials/excel-tutorial) (article)
\ No newline at end of file
+[Record, edit, and create Office Scripts in Excel on the web](/office/dev/scripts/tutorials/excel-tutorial) (article)
admin https://docs.microsoft.com/en-us/microsoft-365/admin/manage/search-in-the-mac https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/search-in-the-mac.md /dev/null
@@ -0,0 +1,95 @@
+
+ Title: "Search for tasks or documentation in the Microsoft 365 admin center"
+f1.keywords:
+- NOCSH
+++
+audience: Admin
++
+localization_priority: Normal
+
+- Adm_O365
+
+search.appverid:
+- BCS160
+- MET150
+- MOE150
+description: "Learn how to use the search feature in the admin center for better and faster results."
++
+# Search in the Microsoft 365 admin center
+
+As the administrator of a Microsoft 365 organization, you can use search to find users, perform actions, navigate to different settings, and read documentation. With new search functionality, search speed has improved, and you can now search from every page in the admin center. The search box has moved to the banner area at the top of the admin center. You can use the **Alt+S shortcut** to use search from any page.
+
+:::image type="content" source="../../media/search-bar.png" alt-text="Screenshot: Search bar in the Microsoft 365 admin center":::
+
+Search results are organized into different categories. Most of the categories are items in the admin center. For example, users, groups, shared mailboxes or domains. Other categories show you places you can navigate to, actions you can take or app level settings that you can change. And there's also a category related to documentation.
+
+The following sections describe the different areas and categories in the admin center that are searchable.
+
+## Before you begin
+
+You need to be an administrator to search in the admin center. Search results are scoped to administrator permissions the logged in user has. For example, if SharePoint admin doesn't see an area or category in the admin center, they won't see it in search.
+
+## Users
+
+Users can be found by display name, last name, first name, username, primary email address, or email aliases. Select the user's name edit to edit the userΓÇÖs details.
+
+:::image type="content" source="../../media/User-search-stock-picture-domain-blanked.png" alt-text="Screenshot: Search for a user Felix Henderson":::
+
+If you select the "More actions" menu next to their name, you can reset their password.
+
+:::image type="content" source="../../media/User-search-stock-picture-reset-password-domain-blanked.png" alt-text="Screenshot: User search with the option to reset password from search result":::
+
+**Tips to improve user search results**
+
+- Make sure you spell the users' names correctly as user searches are matched exactly against the earlier mentioned properties. For example, in the above example, Jus or Malz will work but a misspelling, like, Jostin instead of Justin will not find this user.
+- To get an exact match, search by primary email address or username.
+
+## Groups
+
+You can search for Groups by group name or group email address. You can select the Group and edit the group from any page.
+
+:::image type="content" source="../../media/search-for-groups-mac.png" alt-text="Screenshot: Search results for groups in the admin center":::
+
+**Tips to improve Group search results**
+
+Make sure you spell the group name correctly.
+
+## Actions
+
+You can search for Actions category contains frequently used actions in M365 Admin Center. Think of actions as verb in the system. For example, you can also search "reset password" from any page and then reset one or more passwords for users. You can search for ΓÇ£delete a userΓÇ¥ and delete the user from the Delete user page.
+
+:::image type="content" source="../../media/search-for-actions-mac.png" alt-text="Screenshot: Search results showing actions you can perform in the admin center":::
+
+## Navigation
+
+Results provides a way to quickly navigate to a specific page in the admin center. For example, searching for RBAC will take you to the Roles page for Azure AD roles.
+
+:::image type="content" source="../../media/search-for-navigation-mac.png" alt-text="Screenshot: Search results showing navigation path in the admin center":::
+
+## Settings
+
+Search for supported app level settings related to your organization, the services you subscribe to, and security and privacy settings.
+
+:::image type="content" source="../../media/search-for-settings-mac.png" alt-text="Screenshot: Search results showing settings in the admin center":::
+
+## Domain
+
+You can find quick links to your domains, and then the link will take you to that domain's overview page.
+
+:::image type="content" source="../../media/search-for-domains-mac.png" alt-text="Search results showing domains owned in the admin center":::
+
+## Documentation
+
+A documentation search provides relevant help documentation based on your search phrase. Click on the topic to learn more.
+
+:::image type="content" source="../../media/search-for-docs-mac.png" alt-text="Screenshot: Search showing documentation results in the admin center":::
+
+## Send us feedback
+
+Use this section to submit feedback on the search experience. We can't respond to all feedback, but we read all of it, and use your feedback to improve the search experience. Make sure to provide as much detail as you can in your feedback.
+
+:::image type="content" source="../../media/search-feedback-mac.png" alt-text="Screenshot: Send feedback on search in the admin center":::
\ No newline at end of file
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/communication-compliance-feature-reference https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-feature-reference.md
@@ -43,7 +43,7 @@ Policy templates are pre-defined policy settings that you can use to quickly cre
| **Regulatory compliance** | Monitor communications for info related to financial regulatory compliance | - Locations: Exchange Online, Microsoft Teams, Yammer, Skype for Business <br> - Direction: Inbound, Outbound <br> - Review Percentage: 10% <br> - Conditions: custom dictionary option, attachments larger than 1 MB | | **Conflict of interest** | Monitor communications between two groups or two users to help avoid conflicts of interest | - Locations: Exchange Online, Microsoft Teams, Yammer, Skype for Business <br> - Direction: Internal <br> - Review Percentage: 100% <br> - Conditions: None |
-Communications are scanned every 24 hours from the time policies are created. For example, if you create an offensive language policy at 11:00 AM, the policy will gather communication compliance signals every 24 hours at 11:00 AM daily. Editing a policy doesn't change this time. To view the last scan date and time for a policy, navigate to the *Last policy scan* column on the **Policy** page.
+Communications are scanned every 24 hours from the time policies are created. For example, if you create an offensive language policy at 11:00 AM, the policy will gather communication compliance signals every 24 hours at 11:00 AM daily. Editing a policy doesn't change this time. To view the last scan date and time for a policy, navigate to the *Last policy scan* column on the **Policy** page. The date and time of the last scan will be converted to the time zone of your local system.
## Permissions
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/create-sensitivity-labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-sensitivity-labels.md
@@ -54,7 +54,8 @@ The global admin for your organization has full permissions to create and manage
![Create a sensitivity label](../media/create-sensitivity-label-full.png)
- Note: By default, tenants don't have any labels and you must create them. The labels in the example picture show default labels that were [migrated from Azure Information Protection](https://docs.microsoft.com/azure/information-protection/configure-policy-migrate-labels).
+ > [!NOTE]
+ > By default, tenants don't have any labels and you must create them. The labels in the example picture show default labels that were [migrated from Azure Information Protection](https://docs.microsoft.com/azure/information-protection/configure-policy-migrate-labels).
3. On the **Define the scope for this label** page, the options selected determine the label's scope for the settings that you can configure and where they will be visible when they are published:
@@ -83,7 +84,7 @@ This button starts the **Edit sensitivity label** wizard, which lets you change
Don't delete a label unless you understand the impact for users. For more information, see the [Removing and deleting labels](#removing-and-deleting-labels) section. > [!NOTE]
-> If you edit a label that's already published by using a label policy, no extra steps are needed when you finish the wizard. For example, you don't need to add it to a new label policy for the changes to become available to the same users. However, allow up to 24 hours for the changes to replicate to users and services.
+> If you edit a label that's already published by using a label policy, no extra steps are needed when you finish the wizard. For example, you don't need to add it to a new label policy for the changes to become available to the same users. However, allow up to 24 hours for the changes to replicate to all apps and services.
Until you publish your labels, they won't be available to select in apps or for services. To publish the labels, they must be [added to a label policy](#publish-sensitivity-labels-by-creating-a-label-policy).
@@ -150,7 +151,8 @@ Set-Label -Identity $Label -LocaleSettings (ConvertTo-Json $DisplayNameLocaleSet
![Publish labels](../media/publish-sensitivity-labels-full.png)
- Note: By default, tenants don't have any label policies and you must create them.
+ > [!NOTE]
+ > By default, tenants don't have any label policies and you must create them.
3. In the wizard, select **Choose sensitivity labels to publish**. Select the labels that you want to make available in apps and to services, and then select **Add**.
@@ -179,7 +181,7 @@ To edit an existing label policy, select it, and then select the **Edit Policy**
This button starts the **Create policy** wizard, which lets you edit which labels are included and the label settings. When you complete the wizard, any changes are automatically replicated to the selected users and services.
-Users see new labels in their Office apps within one hour. However, allow up to 24 hours for changes to existing labels to replicate to all users and services.
+When you use built-in labeling for Windows, macOS, iOS and Android, users see new labels in their Office apps within four hours, and within one hour for Office on the web. However, allow up to 24 hours for changes to replicate to all apps and services.
### Additional label policy settings with Security & Compliance Center PowerShell
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/customer-key-overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/customer-key-overview.md
@@ -57,6 +57,9 @@ A data encryption policy defines the encryption hierarchy to encrypt data using
Later, you can either refresh the DEP or assign a different DEP to the mailbox as described in [Manage Customer Key for Office 365](customer-key-manage.md). Each mailbox must have appropriate licenses in order to assign a DEP. For more information about licensing, see [Before you set up Customer Key](customer-key-set-up.md#before-you-set-up-customer-key).
+> [!NOTE]
+> The DEP can be applied to a shared mailbox, public folder mailbox, and Microsoft 365 group mailbox for tenants that meet the licensing requirement for user mailboxes, even though some of these mailbox types cannot be an assigned license (public folder mailbox and Microsoft 365 group mailbox) or need a license for increasing storage (shared mailbox).
+ **SharePoint Online, OneDrive for Business, and Teams files** If you're using the multi-geo feature, you can create up to one DEP per geo for your organization. You can use different Customer Keys for each geo. If you're not using the multi-geo feature, you can only create one DEP per tenant. When you assign the DEP, encryption begins automatically but can take some time to complete. Refer to the details in [Set up Customer Key](customer-key-set-up.md). ## Leaving the service
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/customer-key-set-up https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/customer-key-set-up.md
@@ -492,7 +492,7 @@ To create a DEP, you need to remotely connect to SharePoint Online by using Wind
### Validate file encryption
- To validate encryption of SharePoint Online, OneDrive for Business, and Teams files, [connect to SharePoint Online PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-exchange-online-powershell), and then use the Get-SPODataEncryptionPolicy cmdlet to check the status of your tenant. The _State_ property returns a value of **registered** if Customer Key encryption is enabled and all files in all sites have been encrypted. If encryption is still in progress, this cmdlet provides information on what percentage of sites is complete.
+ To validate encryption of SharePoint Online, OneDrive for Business, and Teams files, [connect to SharePoint Online PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-exchange-online-powershell), and then use the Get-SPODataEncryptionPolicy cmdlet to check the status of your tenant. The _State_ property returns a value of **registered** if Customer Key encryption is enabled and all files in all sites have been encrypted. If encryption is still in progress, this cmdlet returns a value of **registering**.
## Related articles
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/double-key-encryption https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/double-key-encryption.md
@@ -6,7 +6,7 @@ description: DKE enables you to protect highly sensitive data while maintaining
Previously updated : 09/22/2020 Last updated : 01/29/2021 audience: Admin
@@ -33,19 +33,19 @@ For more information about the default, cloud-based tenant root keys, see [Plann
## When your organization should adopt DKE
-Double Key Encryption is intended for your most sensitive data that is subject to the strictest protection requirements. DKE is not intended for all data. In general, you'll be using Double Key Encryption to protect only a very small part of your overall data. You should do due diligence in identifying the right data to cover with this solution before you deploy. In some cases, you might need to narrow your scope and make use of other solutions for the majority of your data such as Microsoft Information Protection with Microsoft-managed keys or BYOK. These solutions are sufficient for documents that aren't subject to enhanced protections and regulatory requirements. Also, these solutions enable you to use the most powerful Office 365 services; services that you can't use with DKE encrypted content. For example:
+Double Key Encryption is intended for your most sensitive data that is subject to the strictest protection requirements. DKE is not intended for all data. In general, you'll be using Double Key Encryption to protect only a small part of your overall data. You should do due diligence in identifying the right data to cover with this solution before you deploy. In some cases, you might need to narrow your scope and make use of other solutions for most your data such as Microsoft Information Protection with Microsoft-managed keys or BYOK. These solutions are sufficient for documents that aren't subject to enhanced protections and regulatory requirements. Also, these solutions enable you to use the most powerful Office 365 services; services that you can't use with DKE encrypted content. For example:
- Transport rules including anti-malware and spam that require visibility into the attachment - Microsoft Delve - eDiscovery - Content search and indexing-- Office Web Apps including co-authoring functionality
+- Office Web Apps including coauthoring functionality
Any external applications or services that are not integrated with DKE through the MIP SDK will be unable to perform actions on the encrypted data. The Microsoft Information Protection SDK 1.7+ supports Double Key Encryption; applications that integrate with our SDK will be able to reason over this data with sufficient permissions and integrations in place.
-We recommend organizations use Microsoft Information protection capabilities (classification and labeling) to protect most of their sensitive data and only use DKE for their mission-critical data. Double Key Encryption is particularly relevant for extremely sensitive data in highly regulated industries such as Financial services and Healthcare.
+We recommend organizations use Microsoft Information protection capabilities (classification and labeling) to protect most of their sensitive data and only use DKE for their mission-critical data. Double Key Encryption is relevant for sensitive data in highly regulated industries such as Financial services and Healthcare.
If your organizations have any of the following requirements, you can use DKE to help secure your content:
@@ -59,7 +59,7 @@ If your organizations have any of the following requirements, you can use DKE to
**Azure Information Protection**. DKE works with sensitivity labels and requires Azure Information Protection.
-DKE sensitivity labels are made available to end-users through the sensitivity ribbon in Office Desktop Apps. Install these prerequisites on each client computer where you want to protect and consume protected documents.
+DKE sensitivity labels are made available to end users through the sensitivity ribbon in Office Desktop Apps. Install these prerequisites on each client computer where you want to protect and consume protected documents.
**Microsoft Office Apps for enterprise** version *.12711 or later (Desktop versions of Word, PowerPoint, and Excel) on Windows.
@@ -73,7 +73,7 @@ DKE sensitivity labels are made available to end-users through the sensitivity r
## Overview of deploying DKE
-You'll follow these general steps to set up DKE. Once you've completed these steps, your end users will be able to protect your highly sensitive data with Double Key Encryption.
+You'll follow these general steps to set up DKE. Once you've completed these steps, your end users will can protect your highly sensitive data with Double Key Encryption.
1. Deploy the DKE service as described in this article.
@@ -149,16 +149,14 @@ The following instructions are intended for inexperienced git or Visual Studio C
5. In the **Select Folder** dialog that appears, browse to and select a location to store the repository. At the prompt, select **Open**.
- The repository opens in Visual Studio Code, and displays the current Git branch at the bottom left. The branch should be **master**.
+ The repository opens in Visual Studio Code, and displays the current Git branch at the bottom left. For example, The branch should be **main**. For example:
- For example:
-
- ![Visual Studio Code master branch](../media/dke-vscode-master.png)
+ ![Screenshot of the DKE repo in Visual Studio Code displaying the main branch](../media/dke-vscode-main-branch.jpg)
-6. Select the word **master** from the list of branches.
+6. If you're not on the main branch, you'll need to select it. In Visual Studio Code, select the branch and choose **main** from the list of branches that displays.
> [!IMPORTANT]
- > Selecting the master branch ensures that you have the correct files to build the project. If you do not choose the correct branch your deployment will fail.
+ > Selecting the main branch ensures that you have the correct files to build the project. If you don't choose the correct branch your deployment will fail.
You now have your DKE source repository set up locally. Next, [modify application settings](#modify-application-settings) for your organization.
@@ -452,6 +450,8 @@ key_store_tester.ps1 https://mydkeservice.com/mykey
Ensure that no errors appear in the output. When you're ready, [register your key store](#register-your-key-store).
+The key name is case sensitive. Enter the key name as it appears in the appsettings.json file.
+ ## Register your key store The following steps enable you to register your DKE service. Registering your DKE service is the last step in deploying DKE before you can start creating labels.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/exchange-online-uses-tls-to-secure-email-connections https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/exchange-online-uses-tls-to-secure-email-connections.md
@@ -20,6 +20,7 @@
description: "Learn how Exchange Online and Microsoft 365 use Transport Layer Security (TLS) and Forward Secrecy (FS) to secure email communications. Also get information about the certificate issued by Microsoft for Exchange Online." + # How Exchange Online uses TLS to secure email connections Learn how Exchange Online and Microsoft 365 use Transport Layer Security (TLS) and Forward Secrecy (FS) to secure email communications. Also provides information about the certificate issued by Microsoft for Exchange Online.
@@ -31,6 +32,8 @@ Transport Layer Security (TLS), and SSL that came before TLS, are cryptographic
If you want to encrypt the message you need to use an encryption technology that encrypts the message contents, for example, something like Office Message Encryption. See [Email encryption in Office 365](email-encryption.md) and [Office 365 Message Encryption (OME)](ome.md) for information on message encryption options in Office 365. We recommend using TLS in situations where you want to set up a secure channel of correspondence between Microsoft and your on-premises organization or another organization, such as a partner. Exchange Online always attempts to use TLS first to secure your email but cannot always do this if the other party does not offer TLS security. Keep reading to find out how you can secure all mail to your on-premises servers or important partners by using *connectors*. +
+To provide the best-in-class encryption to our customers, Microsoft has deprecated Transport Layer Security (TLS) versions 1.0 and 1.1 in [Office 365](tls-1.0-and-1.1-deprecation-for-office-365.md) and [Office 365 GCC](tls-1-2-in-office-365-gcc.md). However, you can continue to use an unencrypted SMPT connection without any TLS. We don't recommend email transmission without any encryption.
## How Exchange Online uses TLS between Exchange Online customers
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/information-barriers.md
@@ -28,20 +28,22 @@ Microsoft Teams, SharePoint Online, and OneDrive for Business support informatio
- Finance personnel working on confidential company information should not communicate or share files with certain groups within their organization - An internal team with trade secret material should not call or chat online with people in certain groups within their organization - A research team should only call or chat online with a product development team
+- A site for day trader group should not be shared or accessed by anyone outside the day trader group
> [!IMPORTANT]
-> Information barriers ***only supports*** two way restrictions. One way restrictions, such as marketing can communicate with day traders, but day traders cannot communicate with marketing ***is not supported***.
+> Information barriers ***only supports*** two way restrictions. One way restrictions, such as marketing can communicate and collaborate with day traders, but day traders cannot communicate and collaborate with marketing ***is not supported***.
-For all of these example scenarios (and more), information barrier policies can be defined to prevent or allow communications in Microsoft Teams. Such policies can prevent people from calling or chatting with those people they shouldn't, or enable people to communicate only with specific groups in Microsoft Teams. With information barrier policies in effect, whenever users who are covered by those policies attempt to communicate with others in Microsoft Teams, checks are done to prevent (or allow) communication (as defined by information barrier policies). To learn more about the user experience with information barriers, see [information barriers in Microsoft Teams](https://docs.microsoft.com/MicrosoftTeams/information-barriers-in-teams).
+For all of these example scenarios (and more), information barrier policies can be defined to prevent or allow communications and collaboration in Microsoft Teams, SharePoint Online and OneDrive. Such policies can prevent people from calling or chatting with those they shouldn't, or enable people to communicate only with specific groups in Microsoft Teams. With information barrier policies in effect, whenever users who are covered by those policies attempt to communicate and collaborate with others in Microsoft Teams, SharePoint Online or OneDrive checks are done to prevent (or allow) communication and collaboration (as defined by information barrier policies). To learn more about the user experience with information barriers, see [information barriers in Microsoft Teams](https://docs.microsoft.com/MicrosoftTeams/information-barriers-in-teams) and [information barriers in SharePoint Online](https://docs.microsoft.com/sharepoint/information-barriers)
> [!IMPORTANT] > Currently, information barriers do not apply to email communications. In addition, information barriers are independent from [compliance boundaries](set-up-compliance-boundaries.md).<p> Before you define and apply information barrier policies, make sure your organization does not have [Exchange address book policies](https://docs.microsoft.com/exchange/address-books/address-book-policies/address-book-policies) in effect. (Information barriers are based on address book policies.) ## What happens with information barriers
-When information barrier policies are in place, people who should not communicate or share files with other specific users won't be able to find, select, chat, or call those users. With information barriers, checks are in place to prevent unauthorized communication.
+When information barrier policies are in place, people who should not communicate or share files with other specific users won't be able to find, select, chat, or call those users. With information barriers, checks are in place to prevent unauthorized communication and collaboration.
-Initially, information barriers apply to Microsoft Teams chats and channels only. In Microsoft Teams, information barrier policies determine and prevent the following kinds of unauthorized communications:
+Information barriers applies to Microsoft Teams (chats and channels), SharePoint Online and OneDrive.
+In Microsoft Teams, information barrier policies determine and prevent the following kinds of unauthorized communications:
- Searching for a user - Adding a member to a team
@@ -57,6 +59,15 @@ If the people involved are included in an information barrier policy to prevent
To learn more about the user experience with information barriers, see [information barriers in Microsoft Teams](https://docs.microsoft.com/MicrosoftTeams/information-barriers-in-teams).
+In SharePoint Online and OneDrive, information barrier policies determine and prevent the following kinds of unauthorized collaborations:
+
+- Adding a member to a site
+- Accessing site or content by a user
+- Sharing site or content with another user
+- Searching a site
+
+To learn more about the user experience with information barriers, see [information barriers in SharePoint Online](https://docs.microsoft.com/sharepoint/information-barriers)
+ ## Required licenses and permissions Information barriers are rolling out now, and are included in subscriptions, such as:
@@ -87,4 +98,4 @@ You must be familiar with PowerShell cmdlets in order to define, validate, or ed
- [Define policies for information barriers](information-barriers-policies.md) - [Edit (or remove) information barrier policies](information-barriers-edit-segments-policies.md) - [Learn more about Information barriers in SharePoint Online](https://docs.microsoft.com/sharepoint/information-barriers)-- [Learn more about Information barriers in OneDrive for Business](https://docs.microsoft.com/onedrive/information-barriers)\ No newline at end of file
+- [Learn more about Information barriers in OneDrive for Business](https://docs.microsoft.com/onedrive/information-barriers)
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/office-365-service-encryption https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/office-365-service-encryption.md
@@ -18,7 +18,7 @@ description: "Summary: Understand data resiliency in Microsoft Office 365."
# Service Encryption
-In addition to using volume-level encryption, Exchange Online, Skype for Business, SharePoint Online, and OneDrive for Business also use Service Encryption to encrypt customer data. Service Encryption allows for two key management options:
+In addition to using volume-level encryption, Exchange Online, Microsoft Teams, SharePoint Online, and OneDrive for Business also use Service Encryption to encrypt customer data. Service Encryption allows for two key management options:
## Microsoft-managed keys Microsoft manages all cryptographic keys including the root keys for service encryption. This option is currently enabled by default for Exchange Online, SharePoint Online, OneDrive for Business. Microsoft-managed keys provide default service encryption unless you decide to onboard using Customer Key. If, at a later date, you decide to stop using Customer Key without following the data purge path, then your data stays encrypted using the Microsoft-managed keys. Your data is always encrypted at this default level at a minimum.
@@ -40,7 +40,7 @@ Using Customer Key, you can generate your own cryptographic keys using either an
Another benefit of Customer Key is the control you have over the ability of Microsoft to process your data. If you want to remove data from Office 365, such as if you want to terminate service with Microsoft or remove a portion of your data stored in the cloud, you can do so and use Customer Key as a technical control. Removing data ensures that no one, including Microsoft, can access or process the data. Customer Key is in addition and complementary to Customer Lockbox that you use to control access to your data by Microsoft personnel.
-To learn how to set up Customer Key for Microsoft 365 for Exchange Online, Skype for Business, SharePoint Online, including Team Sites, and OneDrive for Business, see these articles:
+To learn how to set up Customer Key for Microsoft 365 for Exchange Online, Microsoft Teams, SharePoint Online, including Team Sites, and OneDrive for Business, see these articles:
- [Service encryption with Customer Key](customer-key-overview.md)
@@ -51,4 +51,3 @@ To learn how to set up Customer Key for Microsoft 365 for Exchange Online, Skype
- [Roll or rotate a customer key or an availability key](customer-key-availability-key-roll.md) - [Understand the availability key](customer-key-availability-key-understand.md)-
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/ome-faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ome-faq.md
@@ -175,6 +175,10 @@ Admins can set up a mail flow rule to remove encryption from outgoing mail. You
Not at this time.
+## Can I send as a shared mailbox and encrypt emails?
+
+When someone sends an email message that matches an encryption mail flow rule, the message is encrypted before it's sent.
+ ## Can I open encrypted messages sent to a shared mailbox? Yes! Encrypted messages are supported for a shared mailbox.
@@ -209,6 +213,10 @@ There are currently two known limitations:
```powershell Add-MailboxPermission -Identity support@contoso.onmicrosoft.com -User ayla@contoso.com -AccessRights FullAccess -AutoMapping $true ```
+
+ ## Can I open encrypted messages sent to another user's mailbox with Fullaccess?
+
+Users can open encrypted messages as long as they are given direct access and automapping is turned ON. Access is not allowed if the access is granted via an email-enabled security group.
## What do I do if I donΓÇÖt receive the one-time pass code after I requested it?
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels.md
@@ -38,6 +38,11 @@ Example showing available sensitivity labels in Excel, from the **Home** tab on
To apply sensitivity labels, users must be signed in with their Microsoft 365 work or school account.
+> [!NOTE]
+> Sensitivity labels are newly supported For US Government tenants (GCC and GCC-H). For more information, see the release notes for Microsoft 365 Apps for enterprise, [Version 2101: January 26](https://docs.microsoft.com/officeupdates/current-channel#version-2101-january-26).
+>
+> For the Azure Information Protection unified labeling client and scanner, see [Azure Information Protection Premium Government Service Description](https://docs.microsoft.com/enterprise-mobility-security/solutions/ems-aip-premium-govt-service-description).
+ You can use sensitivity labels to: - **Provide protection settings that include encryption and content markings.** For example, apply a "Confidential" label to a document or email, and that label encrypts the content and applies a "Confidential" watermark. Content markings include headers and footers as well as watermarks, and encryption can also restrict what actions authorized people can take on the content.
@@ -190,7 +195,7 @@ When you configure a label policy, you can:
![Learn more link on Sensitivity button on Ribbon](../media/Sensitivity-label-learn-more.png)
-After you create a label policy that assigns new sensitivity labels to users and groups, users see those labels in their Office apps within 30 minutes. However, allow up to 24 hours for changes to those labels.
+After you create a label policy that assigns new sensitivity labels to users and groups, users start to see those labels in their Office apps. Allow up to 24 hours for the latest changes to replicate throughout your organization.
There is no limit to the number of sensitivity labels that you can create and publish, with one exception: If the label applies encryption, there is a maximum of 500 labels that you can create. However, as a best practice to lower admin overheads and reduce complexity for your users, try to keep the number of labels to a minimum. Real-world deployments have proved effectiveness to be noticeably reduced when users have more than five main labels or more than five sublabels per main label.
@@ -263,4 +268,4 @@ You can also learn about [partner solutions that are integrated with Microsoft I
## Deployment guidance
-For deployment planning and guidance that includes licensing information, permissions, deployment strategy, a list of supported scenarios, and end user documentation, see [Get started with sensitivity labels](get-started-with-sensitivity-labels.md).
+For deployment planning and guidance that includes licensing information, permissions, deployment strategy, a list of supported scenarios, and end-user documentation, see [Get started with sensitivity labels](get-started-with-sensitivity-labels.md).
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/office-365-network-mac-perf-insights https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/office-365-network-mac-perf-insights.md
@@ -25,6 +25,7 @@ Insights are intended to help in designing network perimeters for your office lo
There are six specific network insights that may be shown for each office location: - [Backhauled network egress](#backhauled-network-egress)
+- [Network intermediary device](#network-intermediary-device)
- [Better performance detected for customers near you](#better-performance-detected-for-customers-near-you) - [Use of a non-optimal Exchange Online service front door](#use-of-a-non-optimal-exchange-online-service-front-door) - [Use of a non-optimal SharePoint Online service front door](#use-of-a-non-optimal-sharepoint-online-service-front-door)
@@ -59,6 +60,18 @@ For this insight, we would recommend network egress closer to the office locatio
For more information about how to resolve this issue, see [Egress network connections locally](microsoft-365-network-connectivity-principles.md#egress-network-connections-locally) in [Office 365 Network Connectivity Principles](microsoft-365-network-connectivity-principles.md).
+## Network intermediary device
+
+This insight will be displayed if we detected devices between your users and Microsoft's network which may impact the Office 365 user experience. It is recommended that these be bypassed for specific Microsoft 365 network traffic that is destined for Microsoft datacenters. This recommendation is additionally described in [Microsoft 365 Network Connectivity Principles](microsoft-365-network-connectivity-principles.md)
+
+### What does this mean?
+
+Network intermediary devices such as proxy servers, VPNs, and data loss prevention devices can affect performance and stability of Microsoft 365 clients where traffic is intermediated.
+
+### What should I do?
+
+Configure the network intermediary device that was detected to bypass processing for Microsoft 365 network traffic.
+ ## Better performance detected for customers near you This insight will be displayed if the network insights service detects that a significant number of customers in your metro area have better performance than users in your organization at this office location.
@@ -73,7 +86,7 @@ This insight examines the aggregate performance of Microsoft 365 customers in th
### What should I do?
-There could be many reasons for this condition, including latency in your corporate network or ISP, bottlenecks, or architecture design issues. Examine the latency between each hop in the route between your office network and the current Microsoft 365 front door. For more information, see [Office 365 Network Connectivity Principles](microsoft-365-network-connectivity-principles.md).
+There could be many reasons for this condition, including latency in your corporate network or ISP, bottlenecks, or architecture design issues. Examine the latency between each hop in the route between your office network and the current Microsoft 365 front door. For more information, see [Microsoft 365 Network Connectivity Principles](microsoft-365-network-connectivity-principles.md).
## Use of a non-optimal Exchange Online service front door
@@ -140,7 +153,7 @@ Internet egress further away from users than these locations will reduce perform
### What should I do?
-For more information about how to mitigate performance issues related to this insight, see [Office 365 global tenant performance optimization for China users](microsoft-365-networking-china.md).
+For more information about how to mitigate performance issues related to this insight, see [Microsoft 365 global tenant performance optimization for China users](microsoft-365-networking-china.md).
## Exchange sampled connections impacted by connectivity issues
managed-desktop https://docs.microsoft.com/en-us/microsoft-365/managed-desktop/get-started/access-admin-portal https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/get-started/access-admin-portal.md
@@ -14,10 +14,10 @@
# Access the admin portal
-Your gateway to the Microsoft Managed Desktop service is the Microsoft [Azure portal](https://portal.azure.com). For more about using and customizing your Azure portal experience generally, see the [Azure portal documentation](https://docs.microsoft.com/azure/azure-portal/). Available in preview now, you can also find Microsoft Managed Desktop in the [Microsoft Endpoint Manager](https://endpoint.microsoft.com/). If you are unfamiliar with the capabilities of this portal for device management, see the [Microsoft Endpoint Manager documentation](https://docs.microsoft.com/mem/).
+Your gateway to the Microsoft Managed Desktop service is [Microsoft Endpoint Manager](https://endpoint.microsoft.com/). If you are unfamiliar with the capabilities of this portal for device management, see the [Microsoft Endpoint Manager documentation](https://docs.microsoft.com/mem/).
> [!NOTE]
-> However you choose to access Microsoft Managed Desktop, in [Microsoft Endpoint Manager](https://endpoint.microsoft.com/) or the [Azure portal](https://portal.azure.com), the following browsers are supported:
+> In [Microsoft Endpoint Manager](https://endpoint.microsoft.com/) the following browsers are supported:
> - Microsoft Edge (latest version) > - Microsoft Internet Explorer 11 > - Safari (latest version, Mac only)
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-expert-training https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-expert-training.md
@@ -38,7 +38,15 @@ Boost your knowledge of advanced hunting quickly with _Tracking the adversary_,
| Episode 1: KQL fundamentals | This episode covers the basics of advanced hunting in Microsoft 365 Defender. Learn about available advanced hunting data and basic KQL syntax and operators. | [YouTube](https://youtu.be/0D9TkGjeJwM?t=351) (54:14) | [CSL file](https://github.com/microsoft/Microsoft-threat-protection-Hunting-Queries/blob/master/Webcasts/TrackingTheAdversary/Episode%201%20-%20KQL%20Fundamentals.csl) | | Episode 2: Joins | Continue learning about data in advanced hunting and how to join tables together. Learn about `inner`, `outer`, `unique`, and `semi` joins, and understand the nuances of the default Kusto `innerunique` join. | [YouTube](https://youtu.be/LMrO6K5TWOU?t=297) (53:33) | [CSL file](https://github.com/microsoft/Microsoft-threat-protection-Hunting-Queries/blob/master/Webcasts/TrackingTheAdversary/Episode%202%20-%20Joins.csl) | | Episode 3: Summarizing, pivoting, and visualizing data | Now that you've learned to filter, manipulate, and join data, itΓÇÖs time to summarize, quantify, pivot, and visualize. This episode discusses the `summarize` operator and various calculations, while introducing additional tables in the schema. You'll also learn to turn datasets into charts that can help you extract insight. | [YouTube](https://youtu.be/UKnk9U1NH6Y?t=296) (48:52) | [CSL file](https://github.com/microsoft/Microsoft-threat-protection-Hunting-Queries/blob/master/Webcasts/TrackingTheAdversary/Episode%203%20-%20Summarizing%2C%20Pivoting%2C%20and%20Joining.csl) |
-| Episode 4: LetΓÇÖs hunt! Applying KQL to incident tracking | In this episode, you learn to track some attacker activity. We use our improved understanding of Kusto and advanced hunting to track an attack. Learn actual tricks used in the field, including the ABCs of cybersecurity and how to apply them to incident response. | [YouTube](https://youtu.be/2EUxOc_LNd8?t=291) (59:36) | [CSL file](https://github.com/microsoft/Microsoft-threat-protection-Hunting-Queries/blob/master/Webcasts/TrackingTheAdversary/Episode%204%20-%20Lets%20Hunt.csl)
+| Episode 4: LetΓÇÖs hunt! Applying KQL to incident tracking | In this episode, you learn to track some attacker activity. We use our improved understanding of Kusto and advanced hunting to track an attack. Learn actual tricks used in the field, including the ABCs of cybersecurity and how to apply them to incident response. | [YouTube](https://youtu.be/2EUxOc_LNd8?t=291) (59:36) | [CSL file](https://github.com/microsoft/Microsoft-threat-protection-Hunting-Queries/blob/master/Webcasts/TrackingTheAdversary/Episode%204%20-%20Lets%20Hunt.csl)
++
+Get more expert training with *L33TSP3AK: Advanced hunting in Microsoft 365 Defender*, a webcast series for analysts looking to expand their technical knowledge and practical skills in conducting security investigations using advanced hunting in Microsoft 365 Defender.
+
+| Title | Description | Watch | Queries |
+|--|--|--|--|
+| Episode 1 | In this episode, you will learn different best practices in running advanced hunting queries. Among the topics covered are: how to optimize your queries, use advanced hunting for ransomware, handle JSON as a dynamic type, and work with external data operators. | [YouTube](https://www.youtube.com/watch?v=nMGbK-ALaVg&feature=youtu.be) (56:34) | [CSL file](https://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries/blob/master/Webcasts/l33tSpeak/Performance%2C%20Json%20and%20dynamics%20operator%2C%20external%20data.csl)
+ ## How to use the CSL file Before starting an episode, access the corresponding [Kusto CSL file on GitHub](https://github.com/microsoft/Microsoft-threat-protection-Hunting-Queries/tree/master/Webcasts/TrackingTheAdversary) and copy its contents to the advanced hunting query editor. As you watch an episode, you can use the copied contents to follow the speaker and run queries.
solutions https://docs.microsoft.com/en-us/microsoft-365/solutions/empower-people-to-work-remotely-remote-access https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/empower-people-to-work-remotely-remote-access.md
@@ -102,7 +102,7 @@ For more information, see this [overview of Windows Virtual Desktop](https://doc
## Protect your Remote Desktop Services connections with the Remote Desktop Services Gateway
-If you are using Remote Desktop Services (RDS) to allow employees to connect into Windows-based computers on your on-premises network, you should use a Microsoft Remote Desktop Services gateway in your edge network. The gateway uses Secure Sockets Layer (SSL) to encrypt communications and prevents the on-premises computer hosting RDS from being directly exposed to the Internet.
+If you are using Remote Desktop Services (RDS) to allow employees to connect into Windows-based computers on your on-premises network, you should use a Microsoft Remote Desktop Services gateway in your edge network. The gateway uses Transport Layer Security (TLS) to encrypt traffic and prevents the on-premises computer hosting RDS from being directly exposed to the Internet.
![Remote Desktop Services connections with the Remote Desktop Services Gateway](../media/empower-people-to-work-remotely-remote-access/empower-people-to-work-remotely-remote-access-remote-desktop.png)
solutions https://docs.microsoft.com/en-us/microsoft-365/solutions/empower-people-to-work-remotely-security-compliance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/empower-people-to-work-remotely-security-compliance.md
@@ -42,12 +42,12 @@ Here are the features of Microsoft 365 that provide security and compliance serv
Protect your applications and data with these security features of Microsoft 365.
-| Capability or feature | Description | Licensing |
+| Capability or feature | Why I need it | Licensing |
|:-|:--|:-|
-| Microsoft Defender for Office 365 | Protect your Microsoft 365 apps and dataΓÇösuch as email messages, Office documents, and collaboration toolsΓÇöfrom attack. <br><br> Microsoft Defender for Office 365 collects and analyzes signals from your apps for detection, investigation, and remediation of security risks and safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools. | Microsoft 365 E3 or E5 |
+| Microsoft Defender for Office 365 | Protect your Microsoft 365 apps and dataΓÇösuch as email messages, Office documents, and collaboration toolsΓÇöfrom attack. <br><br> Microsoft Defender for Office 365 collects and analyzes signals from your apps for detection, investigation, and remediation of security risks and safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools. It also provides automated tenant configuration assessment and configuration tooling for standard and strict security postures. | Microsoft 365 E3 or E5 |
| Malware protection | ΓÇÄMicrosoft Defender Antivirus and Device Guard provides device-based malware protection. <br><br> SharePointΓÇÄ Online automatically scans file uploads for known malware. ΓÇÄ<br><br> Exchange Online ProtectionΓÇÄ (ΓÇÄEOPΓÇÄ) secures cloud mailboxes. | Microsoft 365 E3 or E5 | | Microsoft Defender for Endpoint | Protect your organizationΓÇÖs devices from cyber threats and data breaches and detect, investigate, and respond to advanced threats. | Microsoft 365 E5 |
-| Cloud App Security | Protect your cloud-based servicesΓÇöboth Microsoft 365 and other SaaS appsΓÇö from attack. | Microsoft 365 E5 or individual Cloud App Security licenses |
+| Cloud App Security | Protect your cloud-based servicesΓÇöboth Microsoft 365 and other SaaS appsΓÇöfrom attack. | Microsoft 365 E5 or individual Cloud App Security licenses |
| Azure AD Identity Protection | Automate detection and remediation of identity-based risks. <br><br>Create risk-based Conditional Access policies to require multi-factor authentication (MFA) for risky sign-ins. | Microsoft 365 E5 or E3 with Azure AD Premium P2 licenses | ||||
@@ -57,7 +57,7 @@ See [Top 12 tasks for security teams to support working from home](../security/t
Comply with internal policies or regulatory requirements with these compliance features of Microsoft 365.
-| Capability or feature | Description | Licensing |
+| Capability or feature | Why I need it | Licensing |
|:-|:--|:-| | Sensitivity labels | Classify and protect your organization's data without hindering the productivity of users and their ability to collaborate by placing labels with various levels of protection on email, files, or sites. | Microsoft 365 E3 or E5 | | Data Loss Protection (DLP) | Detect, warn, and block risky, inadvertent, or inappropriate sharing, such as sharing of data containing personal information, both internally and externally. | Microsoft 365 E3 or E5 |
solutions https://docs.microsoft.com/en-us/microsoft-365/solutions/empower-people-to-work-remotely-teams-productivity-apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/empower-people-to-work-remotely-teams-productivity-apps.md
@@ -23,10 +23,13 @@ description: Enable your users to be productive with Teams, Exchange, SharePoint
To be productive, people need to communicate and collaborate with one another. They need to meet, chat by voice and text, create new content and share information and files, exchange email, and manage calendars and tasks. Microsoft 365 provides cloud-based services for all of these key functions: -- To keep people connected while they work apart, use Microsoft Teams, which provides a common hub of communication for meetings, chats, and file storage for the organization, departments, and for small teams and individuals. -- For exchanging email and managing calendars, contacts, and tasks, use Exchange Online and the Outlook client.-- For storing and collaborating on files, use SharePoint and OneDrive. You can use them within a web browser or within Teams.-- For creating new content or collaborating on existing content, Microsoft 365 Apps are versions of Word, PowerPoint, Excel, and Outlook that are installed on your local computer and receive ongoing feature and security updates.
+| IT function | Microsoft 365 components | Description |
+|:-|:--|:-|
+| Email services | Exchange Online | Exchange email and manage calendars, contacts, and tasks with the Outlook client. |
+| Organizational chat, voice over IP (VOIP), and team-based collaboration | Microsoft Teams | Keep people connected while they work apart with a common hub of communication for meetings, chats, and file storage for the organization, departments, and for small teams and individuals. |
+| Intranet sites, document collaboration | SharePoint and OneDrive | Store and collaborate on files within a web browser or within Teams. |
+| Desktop and mobile device Office applications | Microsoft 365 Apps | Create new content or collaborate on existing content with versions of Word, PowerPoint, Excel, and Outlook that are installed on your local computer and receive ongoing feature and security updates. |
+||||
![Use Teams, Outlook, SharePoint, OneDrive, and Microsoft 365 Apps to stay productive](../media/empower-people-to-work-remotely/remote-workers-productivity-grid.png)
solutions https://docs.microsoft.com/en-us/microsoft-365/solutions/empower-people-to-work-remotely https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/empower-people-to-work-remotely.md
@@ -32,11 +32,16 @@ Microsoft 365 has the capabilities to empower your workers to work remotely.
![Empower your remote workers with Microsoft 365](../media/empower-people-to-work-remotely/2-m365-remoteworker-solution-businessoverview.png)
+>[!Note]
+>If you are new to Microsoft 365, see [these resources](https://www.microsoft.com/microsoft-365).
+>
+ Watch this video for an overview of the deployment process. <br>
+<br>
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4F1af]
-This solution provides these key capabilities.
+For IT professionals managing onsite and cloud-based infrastructure to enable worker productivity, this solution provides these key capabilities:
- Connected
solutions https://docs.microsoft.com/en-us/microsoft-365/solutions/productivity-illustrations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/productivity-illustrations.md
@@ -24,7 +24,7 @@ The logical architecture of productivity services in Microsoft 365, leading with
| Item | Description | |:--|:--|
-|[![Teams logical architecture poster](../downloads/msft-teams-logical-architecture-thumb.png)](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/msft-m365-teams-logical-architecture.pdf) <br/> [PDF](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/msft-m365-teams-logical-architecture.pdf) \| [Visio](https://github.com/MicrosoftDocs/OfficeDocs-Enterprise/raw/live/Enterprise/downloads/msft-m365-teams-logical-architecture.vsdx) <br>Updated January 2021 |Microsoft provides a suite of productivity services that work together to provide collaboration experiences with data governance, security, and compliance capabilities. <br/> <br/>This series of illustrations provides a view into the logical architecture of productivity services for enterprise architects, leading with Microsoft Teams.|
+|[![Teams logical architecture poster](../downloads/msft-teams-logical-architecture-thumb.png)](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/msft-m365-teams-logical-architecture.pdf) <br/> [PDF](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/msft-m365-teams-logical-architecture.pdf) \| [Visio](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/msft-m365-teams-logical-architecture.vsdx) <br>Updated January 2021 |Microsoft provides a suite of productivity services that work together to provide collaboration experiences with data governance, security, and compliance capabilities. <br/> <br/>This series of illustrations provides a view into the logical architecture of productivity services for enterprise architects, leading with Microsoft Teams.|
### Groups in Microsoft 365 for IT Architects