Updates from: 01/31/2024 05:49:28
Category Microsoft Docs article Related commit history on GitHub Change details
admin Microsoft365 Apps Usage Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/microsoft365-apps-usage-ww.md
Title: "Microsoft 365 admin center apps usage reports"
Previously updated : 09/09/2019 Last updated : 01/30/2024 audience: Admin
For example, you can understand the activity of each user licensed to use Micros
## How to get to the Microsoft 365 Apps usage report 1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page.
-2. From the dashboard homepage, click on the **View more** button on the Active users - Microsoft 365 Apps card.
+2. From the dashboard homepage, under Reports, select **Microsoft 365 apps** > **Usage**.
## Interpret the Microsoft 365 Apps usage report
admin Office 365 Groups Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/office-365-groups-ww.md
Title: "Microsoft 365 admin center groups reports"
Previously updated : 12/07/2020 Last updated : 01/30/2024 audience: Admin
The Microsoft 365 Reports dashboard shows you the activity overview across the p
1. In the admin center, select **Reports**, and then select **Usage**.
-2. From the dashboard homepage, click on the **View more** button on the Active users - Microsoft 365 Apps or the Active users - Microsoft 365 Services card to get to the Office 365 report page.
+2. From the dashboard homepage, under Reports, select **Microsoft 365 apps** then **Groups activity** to get to the Office 365 report page.
## Interpret the groups report
admin Onedrive For Business Usage Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/onedrive-for-business-usage-ww.md
Title: "Microsoft 365 OneDrive for Business usage reports"
+ Title: "Microsoft 365 OneDrive usage reports"
f1.keywords: - NOCSH Previously updated : 10/20/2020 Last updated : 01/30/2024 audience: Admin
search.appverid:
- MST160 - MET150 - MOE150
-description: "Get the OneDrive for Business Usage Report to learn more about the total number of files and storage used across your organization."
+description: "Get the OneDrive Usage Report to learn more about the total number of files and storage used across your organization."
-# Microsoft 365 Reports in the admin center - OneDrive for Business usage
+# Microsoft 365 Reports in the admin center - OneDrive usage
The Microsoft 365 Reports dashboard shows you the activity overview across the products in your organization. It enables you to drill in to individual product level reports to give you more granular insight about the activities within each product. Check out [the Reports overview topic](activity-reports.md).
-For example, the OneDrive card on the dashboard gives you a high-level view of the value you are getting from OneDrive for Business in terms of the total number of files and storage used across your organization. You can then drill into it to understand the trends of active OneDrive accounts, how many files are users interacting with as well as the storage used. It also gives you details for each user's OneDrive.
+For example, the OneDrive card on the dashboard gives you a high-level view of the value you are getting from OneDrive in terms of the total number of files and storage used across your organization. You can then drill into it to understand the trends of active OneDrive accounts, how many files are users interacting with as well as the storage used. It also gives you details for each user's OneDrive.
## How do I get to the OneDrive usage report?
-1. In the admin center, go to the **Reports**, and then select **Usage**.
-2. From the dashboard homepage, click on the **View more** button on the OneDrive card.
+1. In the admin center, go to the **Reports**, and then select **Usage**.
+2. From the dashboard homepage, under Reports, select **OneDrive**.
## Interpret the OneDrive usage report
Select **Choose columns** to add or remove columns from the report.
You can also export the report data into an Excel .csv file by selecting the **Export** link. This exports data of all users and enables you to do simple sorting and filtering for further analysis.
-The **OneDrive for Business usage** report can be viewed for trends over the last 7 days, 30 days, 90 days, or 180 days. However, if you select a particular day in the report, the table will show data for up to 28 days from the current date (not the date the report was generated).
+The **OneDrive usage** report can be viewed for trends over the last 7 days, 30 days, 90 days, or 180 days. However, if you select a particular day in the report, the table will show data for up to 28 days from the current date (not the date the report was generated).
|Item|Description| |:--|:--| |**Metric**|**Definition**|
-|URL <br/> |The web address for the user's OneDrive. Note: URL will be empty temporarily. <br/> |
-|Deleted <br/> |The deletion status of the OneDrive. It takes at least 7 days for accounts to be marked as deleted. <br/> |
-|Owner <br/> |The username of the primary administrator of the OneDrive. <br/> |
-|Owner principal name <br/> |The email address of the owner of the OneDrive. <br/> |
-|Last activity date (UTC) <br/> | The latest date a file activity was performed in the OneDrive. If the OneDrive has had no file activity, the value will be blank. <br/> |
-|Files <br/> |The number of files in the OneDrive. <br/>|
-|Active files <br/> | The number of active files within the time period.<br/> NOTE: If files were removed during the specified time period for the report, the number of active files shown in the report may be larger than the current number of files in the OneDrive. > Deleted users will continue to appear in reports for 180 days. <br/> |
-|Storage used (MB) <br/> |The amount of storage the OneDrive uses in MB. |
-| Site ID <br/> | The site ID of the site. |
+|URL |The web address for the user's OneDrive. Note: URL will be empty temporarily. |
+|Deleted |The deletion status of the OneDrive. It takes at least seven days for accounts to be marked as deleted. |
+|Owner |The username of the primary administrator of the OneDrive. |
+|Owner principal name |The email address of the owner of the OneDrive. |
+|Last activity date (UTC) | The latest date a file activity was performed in the OneDrive. If the OneDrive has had no file activity, the value will be blank. |
+|Files |The number of files in the OneDrive. |
+|Active files | The number of active files within the time period. NOTE: If files were removed during the specified time period for the report, the number of active files shown in the report may be larger than the current number of files in the OneDrive. > Deleted users will continue to appear in reports for 180 days. |
+|Storage used (MB) |The amount of storage the OneDrive uses in MB. |
+| Site ID | The site ID of the site. |
|||
-
+ > [!NOTE]
-> The report only includes users who have a valid OneDrive for Business license.
+> The report only includes users who have a valid OneDrive license.
admin Sharepoint Site Usage Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/sharepoint-site-usage-ww.md
f1.keywords:
Previously updated : 10/20/2020 Last updated : 01/30/2024 audience: Admin
As a Microsoft 365 admin, the Reports dashboard shows you the activity overview
## How to get to the SharePoint site usage report
-1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page.
-2. From the dashboard homepage, click on the **View more** button on the SharePoint card.
+1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page.
+2. From the dashboard homepage, under Reports, select **Sharepoint**.
## Show user details in the reports
enterprise O365 Data Locations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/o365-data-locations.md
description: "Determine where your Microsoft 365 customer data is stored worldwi
> The **Italy** local data center region launched on October 3, 2023. If your organization requires the migration of your Microsoft 365 customer data to Italy, and data residency commitments for Italy, see [Advanced Data Residency](advanced-data-residency.md). > [!NOTE]
-> For tenants in Australia, Brazil, Canada, France, Germany, India, Japan, Qatar, South Korea, Norway, South Africa, Sweden, Switzerland, United Arab Emirates, and the United Kingdom, additional workloads are available for data residency commitments. For more information, see [Advanced Data Residency](advanced-data-residency.md).
+> For tenants in Australia, Brazil, Canada, France, Germany, India, Israel, Italy, Japan, Norway, Poland, Qatar, South Africa, South Korea, Sweden, Switzerland, United Arab Emirates, and the United Kingdom, additional workloads are available for data residency commitments. For more information, see [Advanced Data Residency](advanced-data-residency.md).
See the following links to understand how you can determine current data residency and data residency commitments.
enterprise Office 365 Network Mac Perf Nppdata https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/office-365-network-mac-perf-nppdata.md
Title: "Microsoft 365 network provider assessments (PREVIEW)"
+ Title: "Microsoft 365 network provider assessments."
description: "Microsoft 365 network provider assessments"
-# Microsoft 365 network provider assessments (PREVIEW)
+# Microsoft 365 network provider assessments.
Microsoft measures network performance and availability between client applications on user machines and Microsoft's network.
Read about the network performance assessment calculation method at [Microsoft 3
## Network availability
-Network availability is measured from the client and is defined using this formula.
+The reliability of Microsoft 365 services as experienced by the client is shown by the network availability metric. It is measured as the length of time that Exchange and SharePoint are working, and for Microsoft Teams as a proportion of calls that connected successfully both expressed as a percentage.
+### Exchange and SharePoint Network availability
+
+Exchange and Sharepoint availability are the proportion of minutes without any major user errors out of the total user minutes. This is how it is calculated:
+ We receive notification of unsuccessful connections after network connectivity is restored.
+### Teams Network availability
+
+By using telemetry data from the actual calls, Microsoft Teams availability is computed as a percentage of calls that failed compared to total calls. This is how it is calculated:
+++ ## Detecting network providers Network providers are detected from network attributes in Office 365 network telemetry. Network attributes that may be used for detection include:
Network providers will additionally not be shown in a tenant or location view if
## Network Provider Index Chart
-The Network Provider Index Chart (NPI Chart) shows aggregated performance and availability for network providers for a given State (or Province) and Country/region. The chart shows the largest network providers in that geography ordered by network performance. The chart also includes a Target Baseline entry, which shows average performance and availability for the best performing five network providers in the geography, excluding network providers with insignificant Office 365 usage.
+The NPI Chart shows the network providers with the highest performance for Office 365 applications for customers who are in the same country/region and state as your office. We show availability and performance data related to these providers. This chart also has a target baseline that shows the best performance observed in the same country/region and state.
+
+Note: NPI Chart is currently available only for United States of America, the chart will be expanded soon to all locations globally.
## Related topics
enterprise Office 365 Network Mac Perf Nppux https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/office-365-network-mac-perf-nppux.md
Title: "Network provider connectivity attribution in the Microsoft 365 Admin Center (PREVIEW)"
+ Title: "Network provider connectivity attribution in the Microsoft 365 Admin Center"
description: "Network provider connectivity attribution in the Microsoft 365 Adm
-# Network provider connectivity attribution in the Microsoft 365 Admin Center (PREVIEW)
+# Network provider connectivity attribution in the Microsoft 365 Admin Center.
## The network provider table
The table of locations can be filtered by specific network providers. The table
A network providers column is included in the table where network providers are shown as fit. The network providers are all shown in the details tab.
-## Network Provider Index Chart for the location
+## Top Providers for a location (Network Provider Index or NPI chart)
-The Network Provider Index Chart (NPI Chart) shows in an office location summary and lists large network providers that are being used by Office 365 customers in the same country/region and state as your office. We include availability and performance information attributed to these providers. This chart also shows a target baseline that shows what good performance observed in the same country/region and state looks like.
+The NPI chart shows the network providers with the highest performance for Office 365 applications for customers who are in the same country/region and state as your office. We show availability and performance data related to these providers. This chart also has a target baseline that shows the best performance observed in the same country/region and state.
+
+Note: NPI chart is currently available only for United States of America, the chart will be expanded soon to all locations globally.
+
+## Providers used at this location
Below the NPI Chart is a list of network providers detected for your users at this specific office location. The Table of network providers for this location has the following fields: + * Network provider name * Solution name * Percent of requests
Below the NPI Chart is a list of network providers detected for your users at th
[Microsoft 365 network assessment](office-365-network-mac-perf-score.md)
-[Microsoft 365 network connectivity test tool](office-365-network-mac-perf-onboarding-tool.md)
+[Microsoft 365 network connectivity test tool](office-365-network-mac-perf-onboarding-tool.md)
enterprise Office 365 Network Mac Perf Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/office-365-network-mac-perf-overview.md
Title: "Network connectivity in the Microsoft 365 Admin Center"
Previously updated : 06/15/2022 Last updated : 01/30/2024 audience: Admin
- Ent_O365 - Strat_O365_Enterprise - m365initiative-coredeploy
+- must-keep
description: "Overview of network connectivity in the Microsoft 365 Admin Center"
The Microsoft 365 Admin Center now includes aggregated network connectivity metr
> [!NOTE] > Network connectivity in the Admin Center supports tenants in WW Commercial but not GCC Moderate, GCC High, DoD or China.
-When you first navigate to the network performance page, you'll have to configure your locations in order to see the map of global network performance, a network assessment scoped to the entire tenant, percentage of your users working remotely vs onsite, and a list of current issues to take action on and/or to research further. From the overview pane, you can drill down to view specific network performance metrics and issues by location. For more information, see [Network performance overview in the Microsoft 365 Admin Center](#network-connectivity-overview-in-the-microsoft-365-admin-center).
+When you first navigate to the network performance page, you have to configure your locations in order to see the map of global network performance, a network assessment scoped to the entire tenant, percentage of your users working remotely vs onsite, and a list of current issues to take action on and/or to research further. From the overview pane, you can drill down to view specific network performance metrics and issues by location. For more information, see [Network performance overview in the Microsoft 365 Admin Center](#network-connectivity-overview-in-the-microsoft-365-admin-center).
To access the network connectivity page, you must be an administrator for the organization within Microsoft 365. The Report Reader administrative role will have read access to this information. To configure locations and other elements of network connectivity an administrator must have the Service Support Administrator role.
-## Pre-requisites for network connectivity assessments to appear
+## Prerequisites for network connectivity assessments to appear
-To get started, turn on your location opt-in setting to automatically collect data from devices using Windows Location Services, go to your Locations list to add or upload location data, or run the Microsoft 365 network connectivity test from your office locations. These three options for office location information are detailed below. Whilst network connectivity can be evaluated across the organization, any network design improvements will need to be done for specific office locations. Network connectivity information is provided for each office location once those locations can be determined. There are three options for getting network assessments from your office locations:
+To get started, turn on your location opt-in setting to automatically collect data from devices using Windows Location Services, go to your Locations list to add or upload location data, or run the Microsoft 365 network connectivity test from your office locations. These three options for office location information are detailed below. Whilst network connectivity can be evaluated across the organization, any network design improvements need to be done for specific office locations. Network connectivity information is provided for each office location once those locations can be determined. There are three options for getting network assessments from your office locations:
### 1. Enable Windows Location Services
-For this option, you must have at least two computers running at each office location that support the pre-requisites. OneDrive for Windows version must be up-to-date and installed on each computer. Network tests are only run no more than once a day at a random time. Network measurements are planned to be added to other Office 365 client applications soon.
+For this option, you must have at least two computers running at each office location that support the prerequisites. OneDrive for Windows version must be up-to-date and installed on each computer. Network tests are only run no more than once a day at a random time. Network measurements will be added to other Office 365 client applications soon.
Windows Location Service must be consented on the machines. You can test this by running the **Maps** app and locating yourself. It can be enabled on a single machine with **Settings | Privacy | Location** where the setting _Allow apps to access your location_ must be enabled. Windows Location Services consent can be deployed to PCs using MDM or Group Policy with the setting _LetAppsAccessLocation_.
You don't need to add locations in the Admin Center with this method as they're
The machines should have Wi-Fi networking rather than an ethernet cable. Machines with an ethernet cable don't have accurate location information.
-Measurement samples and office locations should start to appear 24 hours after these pre-requisites have been met. Office locations discovered from Windows Location Services are aggregated per City and are retained in your view for 90 days after samples are no longer received. If you choose to switch to office locations added by the Administrator with LAN subnet information you can disable Windows Location Services and hide all of the discovered locations. They will be removed after the 90 day period.
+Measurement samples and office locations should start to appear 24 hours after these prerequisites have been met. Office locations discovered from Windows Location Services are aggregated per City and are retained in your view for 90 days after samples are no longer received. If you choose to switch to office locations added by the Administrator with LAN subnet information you can disable Windows Location Services and hide all of the discovered locations. They'll be removed after the 90 day period.
### 2. Add locations and provide LAN subnet information For this option, neither Windows Location Services nor Wi-Fi is required. Your OneDrive for Windows version must be up-to-date and installed on at least one computer at the location and you must know your LAN subnet information for each of your offices. This option allows multiple office locations per city and you can name your office locations. You can also upload them from other sources.
-Make sure that you also add locations in the **locations page** or import those from a CSV file. The locations added must include your office LAN subnet information. In the dialog for adding or editing a location, you can specify a number of LAN subnets and a number of public egress IP subnets. The LAN subnets are required and one of them must match the LAN subnet attribute on a received network assessment for results to show up. Super nets aren't supported so the LAN subnet must match exactly.
+Make sure that you also add locations in the **locations page** or import those from a CSV file. The locations added must include your office LAN subnet information. In the dialog for adding or editing a location, you can specify a number of LAN subnets and a number of public egress IP subnets. The LAN subnets are required and one of them must match the LAN subnet attribute on a received network assessment for results to show up. We now support matching of all subnets under a given network when you add locations using LAN subnets. The main advantage with this is, you no longer need to define exact matches for LAN subnets when you add locations. For example, you added a location using /20 as the LAN subnet definition, in the network assessment we received a LAN subnet attribute containing /24 which is part of the supernet you defined using /20 and there is no other specific match for the /24 subnet, we will map this network assessment to the location you added using the /20 LAN subnet definition.
-Usually, LAN subnets are private IP address ranges as defined in RFC1918 such that the use of public IP addresses as the LAN subnets is likely to be incorrect. The dialog will show suggestions of LAN subnets that have been seen in recent network assessment tests for your organization so that you can choose.
+Usually, LAN subnets are private IP address ranges as defined in RFC1918 such that the use of public IP addresses as the LAN subnets is likely to be incorrect. The dialog shows suggestions of LAN subnets that have been seen in recent network assessment tests for your organization so that you can choose.
-If you add public egress IP addresses, these are used as a secondary differentiator and are intended for when you have multiple sites using the same LAN subnet IP address ranges. To make sure your test results show up, you should start by leaving the public egress IP address ranges blank. If they are included, then a test result must match both one of the LAN subnet IP address ranges and one of the public egress IP address ranges.
+If you add public egress IP addresses, these are used as a secondary differentiator and are intended for when you have multiple sites using the same LAN subnet IP address ranges. To make sure your test results show up, you should start by leaving the public egress IP address ranges blank. If they're included, then a test result must match both one of the LAN subnet IP address ranges and one of the public egress IP address ranges.
This option allows you to have multiple offices defined within a city.
-All test measurements from client machines include the LAN subnet information, which is correlated with the office location details that you've entered. Measurement samples and office locations should start to appear 24 hours after these pre-requisites have been met.
+All test measurements from client machines include the LAN subnet information, which is correlated with the office location details that you've entered. Measurement samples and office locations should start to appear 24 hours after these prerequisites have been met.
### 3. Manually gather test reports with the Microsoft 365 network connectivity test tool For this option, you need to identify a person at each location. Ask them to browse to [Microsoft 365 network connectivity test](https://connectivity.office.com) on a Windows machine on which they have administrative permissions. On the web site, they need to sign in to their Office 365 account for the same organization that you want to see the results. Then they should click **Run test**. During the test there's a downloaded Connectivity test EXE. They need to open and execute that. Once the tests are completed, the test result is uploaded to the Admin Center.
-Test reports are linked to a location if it was added with LAN subnet information, otherwise they are shown at the discovered City location only.
+Test reports are linked to a location if it was added with LAN subnet information, otherwise they're shown at the discovered City location only.
Measurement samples and office locations should start to appear 2-3 minutes after a test report is completed. For more information, see [Microsoft 365 network connectivity test](office-365-network-mac-perf-onboarding-tool.md).
Measurement samples and office locations should start to appear 2-3 minutes afte
**Network assessments** distill an aggregate of many network performance metrics into a snapshot of your enterprise network health, represented by a points value from 0 - 100. Network assessments are scoped to both the entire tenant and for each geographic location from which users connect to your tenant, providing Microsoft 365 administrators with an easy way to instantly grasp a gestalt of the enterprise's network health and quickly drill down into a detailed report for any global office location.
-Complex enterprises with multiple office locations and non-trivial network perimeter architectures can benefit from this information either during their initial onboarding to Microsoft 365 or to remediate network performance issues discovered with usage growth. This is usually not necessary for small businesses using Microsoft 365, or any enterprises who already have simple and direct network connectivity. Enterprises with over 500 users and multiple office locations are expected to benefit the most.
+Complex enterprises with multiple office locations and nontrivial network perimeter architectures can benefit from this information either during their initial onboarding to Microsoft 365 or to remediate network performance issues discovered with usage growth. This is usually not necessary for small businesses using Microsoft 365, or any enterprises who already have simple and direct network connectivity. Enterprises with over 500 users and multiple office locations are expected to benefit the most.
## Enterprise network connectivity challenges
You can view a table view of the locations where they can be filtered, sorted, a
We classify network traffic logs as remote or onsite users and show their percentages in the user connection metrics section of the overview pane. For cities where you have remote users, you'll find the location specific remote network assessment score when you open that location's page. The locations list will have both office locations and remote worker cities, which can be filtered and sorted. We provide the remote worker assessment score, with points breakdown for Exchange, SharePoint and Teams.
-Home user networking insights are aggregated and reported at a city level and limited to cities with a minimum of 5 remote employees. We are not identifying individual employees working from home.
+Home user networking insights are aggregated and reported at a city level and limited to cities with a minimum of five remote employees. We are not identifying individual employees working from home.
Locations are auto classified as onsite or remote, however, you have the option to enter all your onsite egress IP addresses manually to ensure a 100% classification. If you decide to go this route, you'll have to check the **Enter all onsite egress IP addresses manually** checkbox in the Locations Settings flyout after adding all your egress IP addresses. When this is done, all network traffic logs from egress IP addresses you've marked as onsite will always be classified as offices and every other egress IP address will be classified as remote.
Selecting an office location opens a location-specific summary page showing deta
A map of the perimeter network for your organization users at the location is shown with some or all of these elements: -- **Office location** - The office location for the page you are looking at
+- **Office location** - The office location for the page you're looking at
- **Network perimeter** - The location of the source IP Address for connections from the office location. This depends on the accuracy of geo-IP location databases - **Exchange optimal service front door** - One of the recommended Exchange service front doors that users in this office location should connect to-- **Exchange sub-optimal front door** - An Exchange service front door that users are connected to, but is not recommended
+- **Exchange sub-optimal front door** - An Exchange service front door that users are connected to, but isn't recommended
- **SharePoint optimal service front door** - One of the recommended SharePoint service front doors that users in this office location should connect to-- **SharePoint sub-optimal service front door** - A SharePoint service front door that users are connected to, but is not recommended
+- **SharePoint sub-optimal service front door** - A SharePoint service front door that users are connected to, but isn't recommended
- **DNS recursive resolver server** - The location from a geo IP database of the detected DNS recursive resolver used for Exchange Online (if available) - **Your proxy server** - The location from a geo IP database of the detected proxy server (if available)
Comparisons between customers in the same city are based on the expectation that
Location names can be customized when adding a new location or editing an existing location in the location flyout. This provides you with the flexibility to customize your location names at any time. Also, when adding LAN subnets directly in the location flyout, we show a drop-down list of soft-matched LAN subnets that you can select from. Circuit names for specific office egress IP addresses can be added and edited as well.
-The details tab on the office location page shows the specific measurement results that were used to come up with any insights, recommendations, and the network assessment. This is provided so that network engineers can validate the recommendations and factor in any constraints or specifics in their environment. You will also find the estimated number of users for collected samples at that office locations as well as the remote workers in that city.
+The details tab on the office location page shows the specific measurement results that were used to come up with any insights, recommendations, and the network assessment. This is provided so that network engineers can validate the recommendations and factor in any constraints or specifics in their environment. You'll also find the estimated number of users for collected samples at that office locations as well as the remote workers in that city.
> [!div class="mx-imgBorder"] > ![Location-specific details.](../media/m365-mac-perf/m365-mac-perf-locations-plan-details-all.png) ## Sharing network assessment data with Microsoft
-By default, the network assessments for your organization and the network insights are shared with Microsoft employees. This does not include any personal data from your staff but only the specific network assessment metrics and network insights shown in the admin center for your office locations. It also does not include your office location names or street addresses so you would need to tell them the city and support ID of the office you want to discuss. If this is turned off, the Microsoft engineers that you are discussing your network connectivity with cannot view any of this information. Enabling this setting only shares future data starting the day after you enable it.
+By default, the network assessments for your organization and the network insights are shared with Microsoft employees. This doesn't include any personal data from your staff but only the specific network assessment metrics and network insights shown in the admin center for your office locations. It also doesn't include your office location names or street addresses so you would need to tell them the city and support ID of the office you want to discuss. If this is turned off, the Microsoft engineers that you're discussing your network connectivity with can't view any of this information. Enabling this setting only shares future data starting the day after you enable it.
## CSV Import for LAN subnet office locations
In the CSV file, a discovered city location shows in the userEntered column as b
> [!div class="mx-imgBorder"] > ![CSV import message.](../media/m365-mac-perf/m365-mac-perf-import.png)
-1. Click the **Download current office locations (.csv)** link to export the current locations list to a CSV file, and save it to your local hard disk. This will provide you with a correctly formatted CSV with column headings to which you can add locations. You can leave the existing exported locations as they are; they will not be duplicated when you import the updated CSV. If you wish to change the address of an existing location, it will be updated when you import the CSV. You cannot change the address of a discovered city.
+1. Click the **Download current office locations (.csv)** link to export the current locations list to a CSV file, and save it to your local hard disk. This will provide you with a correctly formatted CSV with column headings to which you can add locations. You can leave the existing exported locations as they are; they won't be duplicated when you import the updated CSV. If you wish to change the address of an existing location, it is updated when you import the CSV. You can't change the address of a discovered city.
1. Open the CSV and add your locations by filling out the following fields on a new line for each location you want to add. Leave all other fields blank; values you enter in other fields will be ignored.
In the CSV file, a discovered city location shows in the userEntered column as b
1. **Address** (required): The physical address of the office 1. **Latitude** (optional): Populated from Bing maps lookup of the address if blank 1. **Longitude** (optional): Populated from Bing maps lookup of the address if blank
- 1. **Egress IP Address ranges 1-5** (optional): For each range, enter the circuit name followed by a space separated list of valid IPv4 CIDR addresses. These values are used to differentiate multiple office locations where you use the same LAN subnet IP Addresses. Egress IP Address ranges all must be /24 network size and the /24 is not included in the input.
+ 1. **Egress IP Address ranges 1-5** (optional): For each range, enter the circuit name followed by a space separated list of valid IPv4 CIDR addresses. These values are used to differentiate multiple office locations where you use the same LAN subnet IP Addresses. Egress IP Address ranges all must be /24 network size and the /24 isn't included in the input.
1. **LanIps** (required): List the LAN subnet ranges in use at this office location. LAN subnet IDs need to have a CIDR network size included where the network size can be between /8 and /29. Multiple LAN subnet ranges can be separated by a comma or a semicolon. 1. When you have added your office locations and saved the file, click the **Browse** button next to the **Upload the completed** field and select the saved CSV file.
-1. The file will be automatically validated. If there are validation errors, you will see the error message: _There are some errors in the import file. Review the errors, correct the import file, and then try again._ Click the link **Open error details** for a list of specific field validation errors.
+1. The file will be automatically validated. If there are validation errors, you'll see the error message: _There are some errors in the import file. Review the errors, correct the import file, and then try again._ Click the link **Open error details** for a list of specific field validation errors.
> [!div class="mx-imgBorder"] > ![CSV import error message.](../media/m365-mac-perf/m365-mac-perf-import-error.png)
-1. If there are no errors in the file, you will see the message: _The report is ready. Found x locations to add and x locations to update._ Click the **Import** button to upload the CSV.
+1. If there are no errors in the file, you'll see the message: _The report is ready. Found x locations to add and x locations to update._ Click the **Import** button to upload the CSV.
> [!div class="mx-imgBorder"] > ![CSV import ready message.](../media/m365-mac-perf/m365-mac-perf-import-ready.png)
If you've uploaded building data to your Call Quality Dashboard, you can add tho
> [!div class="mx-imgBorder"] > ![Add locations from Call Quality Dashboard flyout.](../media/m365-mac-perf/m365-mac-perf-import-cqd-add-locations.png)
-4. Click the **Browse** button next to the **Select a .tsv file to upload** field and select the saved TSV file. Please make sure the value in the file is tab separated.
+4. Click the **Browse** button next to the **Select a .tsv file to upload** field and select the saved TSV file. Make sure the value in the file is tab separated.
5. The file will be automatically validated and parsed to the list of office locations. If there are validation errors, the **We couldn't upload your file** flyout appears to list the errors. > [!div class="mx-imgBorder"] > ![We couldnt upload your file flyout.](../media/m365-mac-perf/m365-mac-perf-import-cqd-couldnt-upload.png)
-6. If there are no errors in the file, you will see the message: _Your file test.tsv is uploaded and ready. Select Import to upload your information._
+6. If there are no errors in the file, you'll see the message: _Your file test.tsv is uploaded and ready. Select Import to upload your information._
> [!div class="mx-imgBorder"] > ![Select a .tsc file to upload.](../media/m365-mac-perf/m365-mac-perf-import-cqd-select-tsv.png)
If you've uploaded building data to your Call Quality Dashboard, you can add tho
## Understanding test sampling -- ## FAQ
+### What role is needed to access Network Connectivity in Microsoft 365 Admin Center?
+You will need Network Administrator or Global Administrator role.
+ ### What is a Microsoft 365 service front door?
-The Microsoft 365 service front door is an entry point on Microsoft's global network where Office clients and services terminate their network connection. For an optimal network connection to Microsoft 365, it is recommended that your network connection is terminated into the closest Microsoft 365 front door.
+The Microsoft 365 service front door is an entry point on Microsoft's global network where Office clients and services terminate their network connection. For an optimal network connection to Microsoft 365, it's recommended that your network connection is terminated into the closest Microsoft 365 front door.
> [!NOTE] > Microsoft 365 service front door has no direct relationship to the Azure Front Door Service product available in the Azure marketplace. ### What is an optimal Microsoft 365 service front door?
-An optimal Microsoft 365 service front door is one that is closest to your network egress, generally in your city or metro area. Use the [Microsoft 365 connectivity test tool](office-365-network-mac-perf-onboarding-tool.md) to determine the location of your in-use Microsoft 365 service front door and optimal service front door. If the tool determines your in-use front door is optimal, you are optimally connecting to Microsoft's global network.
+An optimal Microsoft 365 service front door is one that is closest to your network egress, generally in your city or metro area. Use the [Microsoft 365 connectivity test tool](office-365-network-mac-perf-onboarding-tool.md) to determine the location of your in-use Microsoft 365 service front door and optimal service front door. If the tool determines your in-use front door is optimal, you're optimally connecting to Microsoft's global network.
### What is an internet egress location?
The internet egress location is the location where your network traffic exits yo
You require a license that provides access to the Microsoft 365 admin center.
-## Related topics
+## Related articles
[Microsoft 365 network insights](office-365-network-mac-perf-insights.md)
enterprise View Account License And Service Details With Microsoft 365 Powershell https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/view-account-license-and-service-details-with-microsoft-365-powershell.md
Title: "View Microsoft 365 account license and service details with PowerShell"
Previously updated : 12/18/2023 Last updated : 01/24/2024 audience: Admin
- Ent_Office_Other - LIL_Placement - has-azure-ad-ps-ref
+ - azure-ad-ref-level-one-done
ms.assetid: ace07d8a-15ca-4b89-87f0-abbce809b519 description: "Explains how to use PowerShell to determine the Microsoft 365 services that have been assigned to users."
In Microsoft 365, licenses from licensing plans (also called SKUs or Microsoft 3
For more information about licensing plans, license, and services, see [View licenses and services with PowerShell](view-licenses-and-services-with-microsoft-365-powershell.md).
-## Use the Microsoft Graph PowerShell SDK
+## View account license and service details using Microsoft Graph PowerShell
First, [connect to your Microsoft 365 tenant](/graph/powershell/get-started#authentication).
Get-MgSubscribedSku
Use these commands to list the services that are available in each licensing plan. ```powershell- $allSKUs = Get-MgSubscribedSku -Property SkuPartNumber, ServicePlans $allSKUs | ForEach-Object { Write-Host "Service Plan:" $_.SkuPartNumber $_.ServicePlans | ForEach-Object {$_} }- ``` Use these commands to list the licenses that are assigned to a user account.
$allLicenses | ForEach-Object {
Write-Host "License:" $_.SkuPartNumber $_.ServicePlans | ForEach-Object {$_} }-
-```
-
-## Use the Azure Active Directory PowerShell for Graph module
-
-First, [connect to your Microsoft 365 tenant](connect-to-microsoft-365-powershell.md#connect-with-the-azure-active-directory-powershell-for-graph-module).
-
-Next, list the license plans for your tenant with this command.
-
-```powershell
-Get-AzureADSubscribedSku | Select SkuPartNumber
-```
-
-Use these commands to list the services that are available in each licensing plan.
-
-```powershell
-$allSKUs=Get-AzureADSubscribedSku
-$licArray = @()
-for($i = 0; $i -lt $allSKUs.Count; $i++)
-{
-$licArray += "Service Plan: " + $allSKUs[$i].SkuPartNumber
-$licArray += Get-AzureADSubscribedSku -ObjectID $allSKUs[$i].ObjectID | Select -ExpandProperty ServicePlans
-$licArray += ""
-}
-$licArray
-```
-
-Use these commands to list the licenses that are assigned to a user account.
-
-```powershell
-$userUPN="<user account UPN, such as belindan@contoso.com>"
-$licensePlanList = Get-AzureADSubscribedSku
-$userList = Get-AzureADUser -ObjectID $userUPN | Select -ExpandProperty AssignedLicenses | Select SkuID
-$userList | ForEach { $sku=$_.SkuId ; $licensePlanList | ForEach { If ( $sku -eq $_.ObjectId.substring($_.ObjectId.length - 36, 36) ) { Write-Host $_.SkuPartNumber } } }
-```
-
-## Use the Microsoft Azure Active Directory module for Windows PowerShell
-
-First, [connect to your Microsoft 365 tenant](connect-to-microsoft-365-powershell.md#connect-with-the-microsoft-azure-active-directory-module-for-windows-powershell).
-
-Next, run this command to list the licensing plans that are available in your organization.
-
-```powershell
-Get-MsolAccountSku
-```
->[!Note]
->PowerShell Core does not support the Microsoft Azure Active Directory module for Windows PowerShell module and cmdlets with **Msol** in their name. To continue using these cmdlets, you must run them from Windows PowerShell.
->
-
-Next, run this command to list the services that are available in each licensing plan, and the order in which they are listed (the index number).
-
-```powershell
-(Get-MsolAccountSku | where {$_.AccountSkuId -eq "<AccountSkuId>"}).ServiceStatus
-```
-
-Use this command to list the licenses that are assigned to a user, and the order in which they are listed (the index number).
-
-```powershell
-Get-MsolUser -UserPrincipalName <user account UPN> | Format-List DisplayName,Licenses
-```
-
-### To view services for a user account
-
-To view all the Microsoft 365 services that a user has access to, use the following syntax:
-
-```powershell
-(Get-MsolUser -UserPrincipalName <user account UPN>).Licenses[<LicenseIndexNumber>].ServiceStatus
-```
-
-This example shows the services to which the user BelindaN@litwareinc.com has access. This shows the services that are associated with all licenses that are assigned to her account.
-
-```powershell
-(Get-MsolUser -UserPrincipalName belindan@litwareinc.com).Licenses.ServiceStatus
-```
-
-This example shows the services that user BelindaN@litwareinc.com has access to from the first license that's assigned to her account (the index number is 0).
-
-```powershell
-(Get-MsolUser -UserPrincipalName belindan@litwareinc.com).Licenses[0].ServiceStatus
-```
-
-To view all the services for a user who has been assigned *multiple licenses*, use the following syntax:
-
-```powershell
-$userUPN="<user account UPN>"
-$AllLicenses=(Get-MsolUser -UserPrincipalName $userUPN).Licenses
-$licArray = @()
-for($i = 0; $i -lt $AllLicenses.Count; $i++)
-{
-$licArray += "License: " + $AllLicenses[$i].AccountSkuId
-$licArray += $AllLicenses[$i].ServiceStatus
-$licArray += ""
-}
-$licArray
``` ## See also
includes Office 365 Worldwide Endpoints https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/office-365-worldwide-endpoints.md
<!--THIS FILE IS AUTOMATICALLY GENERATED. MANUAL CHANGES WILL BE OVERWRITTEN.--> <!--Please contact the Office 365 Endpoints team with any questions.-->
-<!--Worldwide endpoints version 2023120100-->
-<!--File generated 2023-11-30 17:00:11.7706-->
+<!--Worldwide endpoints version 2024013000-->
+<!--File generated 2024-01-30 08:00:03.7751-->
## Exchange Online
ID | Category | ER | Addresses | Ports
2 | Allow<BR>Optional<BR>**Notes:** POP3, IMAP4, SMTP Client traffic | Yes | `outlook.office365.com, smtp.office365.com`<BR>`13.107.6.152/31, 13.107.18.10/31, 13.107.128.0/22, 23.103.160.0/20, 40.96.0.0/13, 40.104.0.0/15, 52.96.0.0/14, 131.253.33.215/32, 132.245.0.0/16, 150.171.32.0/22, 204.79.197.215/32, 2603:1006::/40, 2603:1016::/36, 2603:1026::/36, 2603:1036::/36, 2603:1046::/36, 2603:1056::/36, 2620:1ec:4::152/128, 2620:1ec:4::153/128, 2620:1ec:c::10/128, 2620:1ec:c::11/128, 2620:1ec:d::10/128, 2620:1ec:d::11/128, 2620:1ec:8f0::/46, 2620:1ec:900::/46, 2620:1ec:a92::152/128, 2620:1ec:a92::153/128` | **TCP:** 587, 993, 995, 143 8 | Default<BR>Required | No | `*.outlook.com, autodiscover.<tenant>.onmicrosoft.com` | **TCP:** 443, 80 9 | Allow<BR>Required | Yes | `*.protection.outlook.com`<BR>`40.92.0.0/15, 40.107.0.0/16, 52.100.0.0/14, 52.238.78.88/32, 104.47.0.0/17, 2a01:111:f400::/48, 2a01:111:f403::/48` | **TCP:** 443
-10 | Allow<BR>Required | Yes | `*.mail.protection.outlook.com`<BR>`40.92.0.0/15, 40.107.0.0/16, 52.100.0.0/14, 104.47.0.0/17, 2a01:111:f400::/48, 2a01:111:f403::/48` | **TCP:** 25
+10 | Allow<BR>Required | Yes | `*.mail.protection.outlook.com, *.mx.microsoft`<BR>`40.92.0.0/15, 40.107.0.0/16, 52.100.0.0/14, 104.47.0.0/17, 2a01:111:f400::/48, 2a01:111:f403::/48` | **TCP:** 25
## SharePoint Online and OneDrive for Business
ID | Category | ER | Addresses | Ports
50 | Default<BR>Optional<BR>**Notes:** OneNote notebooks (wildcards) | No | `*.microsoft.com` | **TCP:** 443 51 | Default<BR>Required | No | `*cdn.onenote.net` | **TCP:** 443 53 | Default<BR>Required | No | `ajax.aspnetcdn.com, apis.live.net, officeapps.live.com, www.onedrive.com` | **TCP:** 443
-56 | Allow<BR>Required | Yes | `*.auth.microsoft.com, *.msftidentity.com, *.msidentity.com, account.activedirectory.windowsazure.com, accounts.accesscontrol.windows.net, adminwebservice.microsoftonline.com, api.passwordreset.microsoftonline.com, autologon.microsoftazuread-sso.com, becws.microsoftonline.com, ccs.login.microsoftonline.com, clientconfig.microsoftonline-p.net, companymanager.microsoftonline.com, device.login.microsoftonline.com, graph.microsoft.com, graph.windows.net, login.microsoft.com, login.microsoftonline.com, login.microsoftonline-p.com, login.windows.net, logincert.microsoftonline.com, loginex.microsoftonline.com, login-us.microsoftonline.com, nexus.microsoftonline-p.com, passwordreset.microsoftonline.com, provisioningapi.microsoftonline.com`<BR>`20.20.32.0/19, 20.190.128.0/18, 20.231.128.0/19, 40.126.0.0/18, 2603:1006:2000::/48, 2603:1007:200::/48, 2603:1016:1400::/48, 2603:1017::/48, 2603:1026:3000::/48, 2603:1027:1::/48, 2603:1036:3000::/48, 2603:1037:1::/48, 2603:1046:2000::/48, 2603:1047:1::/48, 2603:1056:2000::/48, 2603:1057:2::/48` | **TCP:** 443, 80
-59 | Default<BR>Required | No | `*.hip.live.com, *.microsoftonline.com, *.microsoftonline-p.com, *.msauth.net, *.msauthimages.net, *.msecnd.net, *.msftauth.net, *.msftauthimages.net, *.phonefactor.net, enterpriseregistration.windows.net, policykeyservice.dc.ad.msft.net` | **TCP:** 443, 80
+56 | Allow<BR>Required | Yes | `*.auth.microsoft.com, *.msftidentity.com, *.msidentity.com, account.activedirectory.windowsazure.com, accounts.accesscontrol.windows.net, adminwebservice.microsoftonline.com, api.passwordreset.microsoftonline.com, autologon.microsoftazuread-sso.com, becws.microsoftonline.com, ccs.login.microsoftonline.com, clientconfig.microsoftonline-p.net, companymanager.microsoftonline.com, device.login.microsoftonline.com, graph.microsoft.com, graph.windows.net, login-us.microsoftonline.com, login.microsoft.com, login.microsoftonline-p.com, login.microsoftonline.com, login.windows.net, logincert.microsoftonline.com, loginex.microsoftonline.com, nexus.microsoftonline-p.com, passwordreset.microsoftonline.com, provisioningapi.microsoftonline.com`<BR>`20.20.32.0/19, 20.190.128.0/18, 20.231.128.0/19, 40.126.0.0/18, 2603:1006:2000::/48, 2603:1007:200::/48, 2603:1016:1400::/48, 2603:1017::/48, 2603:1026:3000::/48, 2603:1027:1::/48, 2603:1036:3000::/48, 2603:1037:1::/48, 2603:1046:2000::/48, 2603:1047:1::/48, 2603:1056:2000::/48, 2603:1057:2::/48` | **TCP:** 443, 80
+59 | Default<BR>Required | No | `*.hip.live.com, *.microsoftonline-p.com, *.microsoftonline.com, *.msauth.net, *.msauthimages.net, *.msecnd.net, *.msftauth.net, *.msftauthimages.net, *.phonefactor.net, enterpriseregistration.windows.net, policykeyservice.dc.ad.msft.net` | **TCP:** 443, 80
64 | Allow<BR>Required | Yes | `*.compliance.microsoft.com, *.protection.office.com, *.security.microsoft.com, compliance.microsoft.com, defender.microsoft.com, protection.office.com, security.microsoft.com`<BR>`13.107.6.192/32, 13.107.9.192/32, 52.108.0.0/14, 2620:1ec:4::192/128, 2620:1ec:a92::192/128` | **TCP:** 443 66 | Default<BR>Required | No | `*.portal.cloudappsecurity.com` | **TCP:** 443 67 | Default<BR>Optional<BR>**Notes:** Security and Compliance Center eDiscovery export | No | `*.blob.core.windows.net` | **TCP:** 443
ID | Category | ER | Addresses | Ports
96 | Default<BR>Optional<BR>**Notes:** Outlook for Android and iOS: Authentication | No | `login.windows-ppe.net` | **TCP:** 443 97 | Default<BR>Optional<BR>**Notes:** Outlook for Android and iOS: Consumer Outlook.com and OneDrive integration | No | `account.live.com, login.live.com` | **TCP:** 443 105 | Default<BR>Optional<BR>**Notes:** Outlook for Android and iOS: Outlook Privacy | No | `www.acompli.com` | **TCP:** 443
-114 | Default<BR>Optional<BR>**Notes:** Office Mobile URLs | No | `*.appex.bing.com, *.appex-rf.msn.com, c.bing.com, c.live.com, d.docs.live.net, docs.live.net, partnerservices.getmicrosoftkey.com, signup.live.com` | **TCP:** 443, 80
+114 | Default<BR>Optional<BR>**Notes:** Office Mobile URLs | No | `*.appex-rf.msn.com, *.appex.bing.com, c.bing.com, c.live.com, d.docs.live.net, docs.live.net, partnerservices.getmicrosoftkey.com, signup.live.com` | **TCP:** 443, 80
116 | Default<BR>Optional<BR>**Notes:** Office for iPad URLs | No | `account.live.com, auth.gfx.ms, login.live.com` | **TCP:** 443, 80 117 | Default<BR>Optional<BR>**Notes:** Yammer | No | `*.yammer.com, *.yammerusercontent.com` | **TCP:** 443 118 | Default<BR>Optional<BR>**Notes:** Yammer CDN | No | `*.assets-yammer.com` | **TCP:** 443
security Faq Managed Response https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/faq-managed-response.md
- tier1 search.appverid: met150 Previously updated : 01/15/2024 Last updated : 01/30/2024 # Understanding managed response
The following section lists down questions you or your SOC team might have regar
||| | **What is managed response?** | Microsoft Defender Experts for XDR offers **Managed response** where our experts manage the entire remediation process for incidents that require them. This process includes investigating the incident to identify the root cause, determining the required response actions, and taking those actions on your behalf.| | **What actions are in scope for managed response?** | All actions found below are in scope for managed response for any device and user that isn't excluded.<br><br>*For devices* *(Available now)*<ul><li>Isolate machine<br><li>Release machine from isolation<br><li>Run antivirus scan<br><li>Stop and quarantine file<br><li>Restrict app execution<br><li>Remove app restriction</ul><br>*For users (Coming soon)*<ul><li>Force password reset<br><li>Disable user<br><li>Enable user<br><li>Soft delete emails </ul><br> |
-| **Can I customize the extent of managed response?** | You can configure the extent to which our experts do managed response actions on your behalf by excluding certain devices and users (individually or by groups) either during onboarding or later by modifying your service's settings. [Read more about excluding device and user groups](../defender/get-started-xdr.md#exclude-devices-and-users-from-remediation) |
+| **Can I customize the extent of managed response?** | You can configure the extent to which our experts do managed response actions on your behalf by excluding certain devices and users (individually or by groups) either during onboarding or later by modifying your service's settings. [Read more about excluding device groups](../defender/get-started-xdr.md#exclude-devices-from-remediation) |
| **What support do Defender Experts offer for excluded assets?** | If our experts determine that you need to perform response actions on excluded devices or users, we notify you through various customizable methods and direct you to your Microsoft Defender XDR portal. From your portal, you can then view a detailed summary of our investigation process and the required response actions in the portal, and perform these required actions directly. Similar capabilities are also available through Defender APIs, in case you prefer using a security information and event management (SIEM), IT service management (ITSM), or any other third-party tool. | | **How am I going to be informed about the response actions?** | Response actions that our experts have completed on your behalf and any pending ones that you need to perform on your excluded assets are displayed in the **Managed response** panel in your Microsoft Defender XDR portal's **Incidents** page. <br><br>In addition, you'll also receive an email containing a link to the incident and instructions to view the managed response in the portal. Moreover if you have integration with Microsoft Sentinel or APIs, you'll also be notified within those tools by looking for DEX statuses. For more information, see [FAQs related to Microsoft Defender Experts for XDR incident notifications](../defender/faq-incident-notifications-xdr.md).| | **Can I customize managed response based on actions?** | No. If you have devices or users that are considered high-value or sensitive, you can add them to your exclusion list. Our experts will NOT take any action on them and will only provide guidance if they're impacted by an incident.|
security Get Started Xdr https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/get-started-xdr.md
- essentials-get-started search.appverid: met150 Previously updated : 01/23/2024 Last updated : 01/30/2024 # Get started with Microsoft Defender Experts for XDR
You also need to grant our experts one or both of the following permissions:
**To grant our experts permissions:** 1. In the same Defender Experts settings setup, under **Permissions**, choose the access level(s) you want to grant our experts.
-1. If you wish to [exclude device and user groups](#exclude-devices-and-users-from-remediation) in your organization from remediation actions, select **Manage exclusions**.
+1. If you wish to [exclude device and user groups](#exclude-devices-from-remediation) in your organization from remediation actions, select **Manage exclusions**.
1. Select **Next** to [add contact persons or groups](#tell-us-who-to-contact-for-important-matters). To edit or update permissions after the initial setup, go to **Settings** > **Defender Experts** > **Permissions**.
-## Exclude devices and users from remediation
+## Exclude devices from remediation
-Defender Experts for XDR lets you exclude devices and users from remediation actions taken by our experts and instead get remediation guidance for those entities. These exclusions are based on identified [device groups](../defender-endpoint/machine-groups.md) in Microsoft Defender for Endpoint and identified [user groups](/entra/fundamentals/concept-learn-about-groups) in Microsoft Entra ID.
+Defender Experts for XDR lets you exclude devices and users from remediation actions taken by our experts and instead get remediation guidance for those entities. These exclusions are based on identified [device groups](../defender-endpoint/machine-groups.md) in Microsoft Defender for Endpoint<!--and identified [user groups](/entra/fundamentals/concept-learn-about-groups) in Microsoft Entra ID-->.
**To exclude device groups:**
Defender Experts for XDR lets you exclude devices and users from remediation act
:::image type="content" source="../../media/xdr/exclude-device-groups.png" alt-text="Screenshot of option to exclude device groups." lightbox="../../media/xdr/exclude-device-groups.png":::
-**To exclude user groups:**
+<!--**To exclude user groups:**
1. In the same Defender Experts settings setup, under **Exclusions**, go to the **User groups** tab. 2. Select **+ Add user groups**, then search for and choose the user group(s) that you wish to exclude.
Defender Experts for XDR lets you exclude devices and users from remediation act
:::image type="content" source="../../media/xdr/exclude-user-groups.png" alt-text="Screenshot of option to exclude user groups in Defender Experts for XDR service." lightbox="../../media/xdr/exclude-user-groups.png"::: To edit or update exclusions after the initial setup, go to **Settings** > **Defender Experts** > **Exclusions**, then go to the **Device groups** or **User groups** tab.-
+-->
+<!--
### Exclude all high-value devices or users automatically Defender Experts for XDR also lets you exclude automatically identified high-value devices and users, such as key executives, or sensitive admins, from remediation actions by our experts:
Similar to the other excluded device or user groups, you instead get remediation
> [!NOTE] > Unlike the other excluded device and user groups, excluded high-value entities aren't listed in the **Device groups** or **User groups** tab.
+-->
## Tell us who to contact for important matters
The readiness assessment has two parts:
> [!IMPORTANT] > Defender Experts for XDR reviews your readiness assessment periodically, especially if there are any changes to your environment, such as the addition of new devices and identities. It's important that you regularly monitor and run the readiness assessment beyond the initial onboarding to ensure that your environment has strong security posture to reduce risk.- After you complete all the required tasks and met the onboarding targets in your readiness assessment, your service delivery manager (SDM) initiates the monitoring phase of the Defender Experts for XDR service, where, for a few days, our experts start monitoring your environment closely to identify latent threats, sources of risk, and normal activity. As we get better understanding of your critical assets, we can streamline the service and fine-tune our responses. Once our experts begin to perform comprehensive response work on your behalf, youΓÇÖll start receiving [notifications about incidents](../defender/start-using-mdex-xdr.md#incident-updates) that require remediation steps and targeted recommendations on critical incidents. You can also chat with our experts or your SDMs regarding important queries and regular business and security posture reviews, and [view real-time reports](../defender/start-using-mdex-xdr.md#understand-the-defender-experts-for-xdr-report) on the number of incidents weΓÇÖve investigated and resolved on your behalf.
security Start Using Mdex Xdr https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/start-using-mdex-xdr.md
The **Determination** field corresponding to each classification is also updated
If an incident is classified as _False Positive_ or _Informational_, _Expected Activity_, then the incident's **Status** field gets updated to _Resolved_. Our experts then conclude their work on this incident and the **Assigned to** field gets updated to _Unassigned_. Our experts may share updates from their investigation and their conclusion when resolving an incident. These updates are posted in the incident's **Comments and history** flyout panel. > [!NOTE]
-> Incident comments are one-way posts. Defender Experts can't respond to any comments or questions you add in the **Comments and history** panel. If you wish to correspond with our experts, reply to the email Defender Experts sent you instead.
-
-Otherwise, if an incident is classified as _True Positive_, our experts then identify the required response actions that need to be performed. The method in which the actions are performed depends on the permissions and access levels you have given the Defender Experts for XDR service. [Learn more about granting permissions to our experts](get-started-xdr.md#grant-permissions-to-our-experts).
+> Incident comments are one-way posts. Defender Experts can't respond to any comments or questions you add in the **Comments and history** panel. For more information about how to correspond with our experts, see [Communicating with experts in the Microsoft Defender Experts for XDR service](communicate-defender-experts-xdr.md).
+>
+>Otherwise, if an incident is classified as _True Positive_, our experts then identify the required response actions that need to be performed. The method in which the actions are performed depends on the permissions and access levels you have given the Defender Experts for XDR service. [Learn more about granting permissions to our experts](get-started-xdr.md#grant-permissions-to-our-experts).
- If you have granted Defender Experts for XDR the recommended Security Operator access permissions, our experts could perform the required response actions on the incident on your behalf. These actions, along with an **Investigation summary**, show up in the incident's [Managed response](#how-to-use-managed-response-in-microsoft-365-defender) flyout panel in your Microsoft Defender portal for you or your SOC team to review. All actions that are completed by Defender Experts for XDR appear under the **Completed actions** section. Any pending actions that require you or you SOC team to complete are listed under the **Pending actions** section. For more information, see the [Actions](#actions) section. Once our experts have taken all the necessary actions on the incident, its **Status** field is then updated to _Resolved_ and the **Assigned to** field is updated to _Unassigned_.
security Whats New https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/whats-new.md
ms.localizationpriority: medium Previously updated : 01/22/2024 Last updated : 01/30/2024 audience: ITPro
You can also get product updates and important notifications through the [messag
- **Microsoft Defender XDR Unified role-based access control (RBAC)** is now generally available. Unified (RBAC) allows administrators to manage user permissions across different security solutions from a single, centralized location. This offering is also available to GCC Moderate customers. To learn more, see [Microsoft Defender XDR Unified role-based access control (RBAC)](manage-rbac.md). -- Microsoft Defender Experts for XDR now lets you [exclude devices and users](get-started-xdr.md#exclude-all-high-value-devices-or-users-automatically) from remediation actions taken by our experts and instead get remediation guidance for those entities.
+- Microsoft Defender Experts for XDR now lets you [exclude devices](get-started-xdr.md#exclude-devices-from-remediation) from remediation actions taken by our experts and instead get remediation guidance for those entities.
- The Microsoft Defender portal's incident queue has updated filters, search, and added a new function where you can create your own filter sets. For details, see [Available filters](incident-queue.md#available-filters).
security Configuration Analyzer For Security Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configuration-analyzer-for-security-policies.md
f1.keywords:
- NOCSH -+ audience: ITPro
- m365-security - tier1
-description: Admins can learn how to use the configuration analyzer to find and fix security policies that are below the settings in Standard protection and Strict protection in preset security policies.
+description: Admins can learn how to use the configuration analyzer to find and fix security policies that are less secure than Standard protection and Strict protection in preset security policies.
Previously updated : 11/2/2023 Last updated : 1/29/2024 appliesto: - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a> - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/mdo-security-comparison#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>
appliesto:
[!INCLUDE [MDO Trial banner](../includes/mdo-trial-banner.md)]
-Configuration analyzer in the Microsoft Defender portal provides a central location to find and fix security policies where the settings are below the Standard protection and Strict protection profile settings in [preset security policies](preset-security-policies.md).
+Configuration analyzer in the Microsoft Defender portal provides a central location to find and fix security policies where the settings are less secure than the Standard protection and Strict protection profile settings in [preset security policies](preset-security-policies.md).
The following types of policies are analyzed by the configuration analyzer:
The following types of policies are analyzed by the configuration analyzer:
The Standard and Strict policy setting values that are used as baselines are described in [Recommended settings for EOP and Microsoft Defender for Office 365 security](recommended-settings-for-eop-and-office365.md).
+The configuration analyzer also checks the following non-policy settings:
+
+- **DKIM**: Whether [SPF](email-authentication-spf-configure.md) and [DKIM](email-authentication-dkim-configure.md) records for the specified domain are detected in DNS.
+- **Outlook**: Whether native Outlook external sender identifiers are [enabled](/powershell/module/exchange/set-externalinoutlook) in the organization.
+ ## What do you need to know before you begin? - You open the Microsoft Defender portal at <https://security.microsoft.com>. To go directly to the **Configuration analyzer** page, use <https://security.microsoft.com/configurationAnalyzer>.
The first section of the tab displays the number of settings in each type of pol
- **Anti-malware** - **Safe Attachments** (if your subscription includes Microsoft Defender for Office 365) - **Safe Links** (if your subscription includes Microsoft Defender for Office 365)
+- **DKIM**
+- **Built-in Protection** (if your subscription includes Microsoft Defender for Office 365)
+- **Outlook**
If a policy type and number isn't shown, then all of your policies of that type meet the recommended settings of Standard or Strict protection.
-The rest of the tab is the table of settings that need to be brought up to the level Standard or Strict protection. The table contains the following columns:
+The rest of the tab is the table of settings that need to be brought up to the level Standard or Strict protection. The table contains the following columns<sup>\*</sup>:
- **Recommendations**: The value of the setting in the Standard or Strict protection profile. - **Policy**: The name of the affected policy that contains the setting.
The rest of the tab is the table of settings that need to be brought up to the l
- **Last modified**: The date that the policy was last modified. - **Status**: Typically, this value is **Not started**.
-### Change a policy setting to the recommended value
+<sup>\*</sup> To see all columns, you likely need to do one or more of the following steps:
+
+- Horizontally scroll in your web browser.
+- Narrow the width of appropriate columns.
+- Zoom out in your web browser.
+
+To filter the entries, select :::image type="icon" source="../../media/m365-cc-sc-filter-icon.png" border="false"::: **Filter**. The following filters are available in the **Filters** flyout that opens:
+
+- **Anti-spam**
+- **Anti-phishing**
+- **Anti-malware**
+- **Safe Attachments**
+- **Safe Links**
+- **ATP Built-in Protection rule**
+- **DKIM**
+- **Outlook**
+
+When you're finished in the **Filters** flyout, select **Apply**. To clear the filters, select :::image type="icon" source="../../media/m365-cc-sc-clear-filters-icon.png" border="false"::: **Clear filters**.
+
+Use the :::image type="icon" source="../../media/m365-cc-sc-search-icon.png" border="false"::: **Search** box and a corresponding value to find specific entries.
+
+#### View details about a recommended policy setting
+
+On the **Standard protection** or **Strict protection** tab of the configuration analyzer, select an entry by clicking anywhere in the row other than the check box next to the recommendation name. In the details flyout that opens, the following information is available:
+
+- **Policy**: The name of the affected policy.
+- **Why?**: Information about why we recommend the value for the setting.
+- The specific setting to change and the value to change it to.
+- **View policy**: The link takes you to the details flyout of the affected policy in the Microsoft Defender portal where you can manually update the setting.
+- A link to [Recommended settings for EOP and Microsoft Defender for Office 365 security](recommended-settings-for-eop-and-office365.md).
+
+> [!TIP]
+> To see details about other recommendations without leaving the details flyout, use :::image type="icon" source="../../media/updownarrows.png" border="false"::: **Previous** and **Next** at the top of the flyout.
+
+When you're finished in the details flyout, select **Close**.
++
+#### Take action on a recommended policy setting
+
+On the **Standard protection** or **Strict protection** tab of the configuration analyzer, select an entry by selecting the check box next to the recommendation name. The following actions appear on the page:
+
+- :::image type="icon" source="../../media/m365-cc-sc-edit-icon.png" border="false"::: **Apply recommendation**: If the recommendation requires multiple steps, this action is grayed out.
-On the **Standard protection** or **Strict protection** tab of the configuration analyzer, select the row in the table. The following buttons appear:
+ When you select this action, a confirmation dialog (with the option to not show the dialog again) opens. When you select **OK**, the following things happen:
-- **Apply recommendation**-- **View policy**-- **Refresh**:
+ - The setting is updated to the recommended value.
+ - The recommendation is still selected, but the only available action is :::image type="icon" source="../../media/m365-cc-sc-refresh-icon.png" border="false"::: **Refresh**.
+ - The **Status** value for the row changes to **Complete**.
-If you select a row and click **Apply recommendation**, a confirmation dialog (with the option to not show the dialog again) appears. If you click **OK**, the following things happen:
+- :::image type="icon" source="../../media/m365-cc-sc-view-policy-icon.png" border="false":::**View policy**: You're taken to the details flyout of the affected policy in the Microsoft Defender portal where you can manually update the setting.
-- The setting is updated to the recommended value.-- The **Apply recommendation** and **View policy** disappear (only the **Refresh** button remains).-- The **Status** value for the row changes to **Complete**.
+- :::image type="icon" source="../../media/m365-cc-sc-download-icon.png" border="false"::: **Export**: Exports the selected recommendation to a .csv file, select :::image type="icon" source="../../media/m365-cc-sc-download-icon.png" border="false"::: **Export**.
-If you select a row and click **View policy** you're taken to the details flyout of the affected policy in the Microsoft Defender portal where you can manually update the setting.
+ You can also export recommendations after you select multiple recommendations or after you select all recommendations by selecting the check box next to the **Recommendations** column header.
-After you automatically or manually update the setting, click **Refresh** to see the reduced number of recommendations and the removal of the updated row from the results.
+After you automatically or manually update the setting, select :::image type="icon" source="../../media/m365-cc-sc-refresh-icon.png" border="false"::: **Refresh** to see the reduced number of recommendations and the removal of the updated row from the results.
### Configuration drift analysis and history tab in the configuration analyzer > [!NOTE] > [Unified Auditing](/purview/audit-log-enable-disable) needs to be enabled for drift analysis.
-This tab allows you to track the changes that have been made to your security policies and how those changes compare to the Standard or Strict settings. By default, the following information is displayed:
+This tab allows you to track the changes to your security policies and how those changes compare to the Standard or Strict settings. By default, the following information is displayed:
- **Last modified** - **Modified by**
This tab allows you to track the changes that have been made to your security po
- **Configuration change**: The old value and the new value of the setting - **Configuration drift**: The value **Increase** or **Decrease** that indicates the setting increased or decreased security compared to the recommended Standard or Strict setting.
-To filter the results, click **Filter**. In the **Filters** flyout that appears, you can select from the following filters:
+To filter the entries, select :::image type="icon" source="../../media/m365-cc-sc-filter-icon.png" border="false"::: **Filter**. The following filters are available in the **Filters** flyout that opens:
-- **Start time** and **End time** (date): You can go back as far as 90 days from today.-- **Standard protection** or **Strict protection**
+- **Date**: **Start time** and **End time**. You can go back as far as 90 days from today.
+- **Type**: **Standard protection** or **Strict protection**.
-When you're finished, click **Apply**.
+When you're finished in the **Filters** flyout, select **Apply**. To clear the filters, select :::image type="icon" source="../../media/m365-cc-sc-clear-filters-icon.png" border="false"::: **Clear filters**.
-To export the results to a .csv file, click **Export**.
+Use the ::image type="icon" source="../../media/m365-cc-sc-search-icon.png" border="false"::: **Search** box to filter the entries by a specific **Modified by**, **Setting name**, or **Type** value.
-To filter the results by a specific **Modified by**, **Setting name**, or **Type** value, use the **Search** box.
+To export the entries shown on the **Configuration drift analysis and history** tab to a .csv file, select :::image type="icon" source="../../media/m365-cc-sc-download-icon.png" border="false"::: **Export**.
:::image type="content" source="../../media/configuration-analyzer-configuration-drift-analysis-view.png" alt-text="The Configuration drift analysis and history view in the Configuration analyzer" lightbox="../../media/configuration-analyzer-configuration-drift-analysis-view.png":::
security Outbound Spam Protection About https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/outbound-spam-protection-about.md
description: Admins can learn about the outbound spam controls in Exchange Online Protection (EOP), and what to do if you need to send mass mailings. Previously updated : 9/18/2023 Last updated : 1/29/2024 appliesto: - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a> - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/mdo-security-comparison#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a>
As described in the [Exchange Online Service Description](/office365/servicedesc
- Don't send a large rate or volume of email that causes you to run afoul of the [sending limits](/office365/servicedescriptions/exchange-online-service-description/exchange-online-limits#sending-limits-1) in the service. This recommendation also includes not sending email to a large list of Bcc recipients. - Avoid using addresses in your primary email domain (for example, contoso.com) as senders for bulk email. Doing so can affect the delivery of regular email from senders in the domain. Consider using a custom subdomain exclusively for bulk email. For example, use `m.contoso.com` for marketing email and `t.contoso.com` for transactional email. - Configure any custom subdomains with email authentication records in DNS ([SPF](email-authentication-spf-configure.md), [DKIM](email-authentication-dkim-configure.md), and [DMARC](email-authentication-dmarc-configure.md)). Many email service providers (for example, Gmail, Yahoo!, and Outlook.com) are configured to reject messages that don't meet email authentication standards.
+- Marketing email (especially newsletters) should always include a way to unsubscribe from future messages. Some senders require recipients to send an email to a specified alias with the value "Unsubscribe" in the Subject line. However, a one-click option to unsubscribe is preferable for a smoother process.
+- Eliminate incorrect and non-existent email aliases from your databases. Any email alias causing a bounce-back is not only unnecessary but also poses a risk to your outbound emails, potentially triggering increased scrutiny from email filtering services. Keep your email database current and devoid of redundant or useless email addresses to maintain deliverability and reputation.
Use the following resources outside of EOP to send bulk email:
syntex Backup Limitations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/backup/backup-limitations.md
During the preview, we're enforcing self-service restore limits while we gain a
|Number of artifacts (active and completed) restored in a day per workload | Not applicable | > 10,000 | *Customer can call into support to lift the safety restrictions.+
+Follow these steps:
+
+1. As an administrator, select the following link, which will populate a help query in the admin center: [M365 Backup Limit Request](https://aka.ms/M365BackupLimit).
+
+2. At the bottom of the pane, select **Contact Support**, and then select **New Service Request**.
+
+3. Leave **Description** blank.