-|Admin Management: Recycle bin |**Not Yet Available**: <br>End user Recycle bin for deleted content.|**Not Yet Available**: <br>End user Recycle bin for deleted content. <br>End user Recycle bin for deleted Loop workspaces.|

- > - You have Defender for Business or Defender for Endpoint (but not both); or

- > - The ability to change your subscription settings hasn't rolled out to your organization yet.

- > - Make sure you have enough licenses for the subscription you're using for all users in your organization. If you choose Defender for Endpoint Plan 2, you're no longer using your Defender for Business licenses.

- > - Make sure to review your security policies and settings. To get help with Defender for Endpoint policies and settings, see [Configure Microsoft Defender for Endpoint capabilities](../defender-endpoint/onboard-configure.md). If you're keeping Defender for Business, see [Set up, review, and edit your security policies and settings in Microsoft Defender for Business](mdb-configure-security-settings.md).

-The license usage report is estimated based on sign-in activities on the device. Defender for Endpoint Plan 2 licenses are per user, and each user can have up to five concurrent, onboarded devices. To learn more about license terms, see [Microsoft Licensing](https://www.microsoft.com/en-us/licensing/default).

-1. In your Microsoft Defender XDR navigation pane, go to **Settings** > **Defender Experts** and then select **Sample DEN**.

-2. Select **Generate a sample DEN**. A green status message appears, confirming that your sample notification is ready for review.

-3. Under **Recently generated Defender Experts Notifications**, select a link from the list to view its corresponding generated sample notification. The most recent sample appears on the top of the list. Selecting a link redirects you to the **Incidents** page.

-Microsoft has shifted to a new naming taxonomy for threat actors aligned with the theme of weather. With the new taxonomy, we intend to bring better clarity to customers and other security researchers already confronted with an overwhelming amount of threat intelligence data and offer a more organized, articulate, and easy way to reference threat actors so that organizations can better prioritize and protect themselves.

-**Nation-state actors:** cyber operators acting on behalf of or directed by a nation/state-aligned program, irrespective of whether for espionage, financial gain, or retribution. Microsoft has observed that most nation state actors continue to focus operations and attacks on government agencies, intergovernmental organizations, non-governmental organizations, and think tanks for traditional espionage or surveillance objectives.

-**Financially motivated actors:** cyber campaigns/groups directed by a criminal organization/person with motivations of financial gain and haven't been associated with high confidence to a known non-nation state or commercial entity. This category includes ransomware operators, business email compromise, phishing, and other groups with purely financial or extortion motivations.

-**Private sector offensive actors (PSOAs):** cyber activity led by commercial actors that are known/legitimate legal entities, that create and sell cyberweapons to customers who then select targets and operate the cyberweapons. These tools threaten many global human rights efforts, as they have been observed targeting and surveilling dissidents, human rights defenders, journalists, civil society advocates, and other private citizens.

-**Groups in development:** a temporary designation given to an unknown, emerging, or developing threat activity that allows Microsoft to track it as a discrete set of information until we can reach high confidence about the origin or identity of the actor behind the operation. Once criteria are met, a group in development is converted to a named actor or merged into existing names.

-In our new taxonomy, a weather event or *family name* represents one of the above categories. In the case of nation-state actors, we have assigned a family name to a country/region of origin tied to attribution, like Typhoon indicates origin or attribution to China. For other actors, the family name represents a motivation. For example, Tempest indicates financially motivated actors. Threat actors within the same weather family are given an adjective to distinguish actor groups with distinct tactics, techniques, and procedures (TTPs), infrastructure, objectives, or other identified patterns. For groups in development, where there is a newly discovered, unknown, emerging, or developing cluster of threat activity, we use a temporary designation of Storm and a four-digit number, allowing us to track it as a unique set of information until we can reach high confidence about the origin or identity of the actor behind the operation.

-The table below shows how the new family names map to a sampling of the threat actors that we track.

-Use the following reference table below to understand how our previously publicly disclosed old threat actor names translate to our new taxonomy.

-[Intel profiles in Microsoft Defender Threat Intelligence](../defender/defender-threat-intelligence.md) bring crucial threat actor insights directly into defenders' hands so that they can get the context they need as they prepare for and respond to threats.

-Additionally, to further operationalize the threat intelligence you get from Microsoft, the Microsoft Defender Threat Intelligence Intel Profiles API provides the most up-to-date threat actor infrastructure visibility in the industry today, enabling threat intelligence and security operations (SecOps) teams to streamline their advanced threat hunting and analysis workflows. Learn more about this API in the documentation: [Use the threat intelligence APIs in Microsoft Graph (preview)](/graph/api/resources/security-threatintelligence-overview).

-recommendations: false

-description: "Learn how to create a B2B extranet site or team with managed guests from a partner organization."

-# Create a B2B extranet with managed guests

-You can use [Entitlement Management](/azure/active-directory/governance/entitlement-management-overview) to create a B2B extranet to collaborate with a partner organization that uses Microsoft Entra ID. This allows users to self-enroll in the extranet site or team and receive access via an approval workflow.

-With this method of sharing resources for collaboration, the partner organization can help maintain and approve the guests on their end, reducing the burden on your IT department and allowing those most familiar with the collaboration agreement to manage user access.

-This article walks through the steps to create a package of resources (in this case, a site or team) that you can share with a partner organization through a self-service access registration model.

-Before you begin, create the site or team that you want to share with the partner organization and enable it for guest sharing. See [Collaborate with guests in a site](collaborate-in-site.md) or [Collaborate with guests in a team](collaborate-as-team.md) for more information. We also recommend that you review [Create a secure guest sharing environment](create-secure-guest-sharing-environment.md) for information about security and compliance features that you can use to help maintain your governance policies when collaborating with guests.

-## License requirements

-Using this feature requires Microsoft Entra ID Governance licenses. To find the right license for your requirements, see [Compare generally available features of Microsoft Entra ID](https://www.microsoft.com/security/business/identity-access-management/azure-ad-pricing).

-Specialized clouds, such as Azure Germany and Azure China 21Vianet, aren't currently available for use.

-## Video demonstration

-This video demonstrates the procedures covered in this article.

-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4wKUj?autoplay=false]

-## Connect the partner organization

-In order to invite guests from a partner organization, you need to add the partner's domain as a connected organization in Microsoft Entra ID.

-To add a connected organization

-1. In the [Microsoft Entra admin center](https://aad.portal.azure.com), select **Identity Governance**.

-2. Select **Connected organizations**.

-4. Select **Add connected organization**.

-5. Type a name and description for the organization, and then select **Next: Directory + domain**.

-6. Select **Add directory + domain**.

-7. Type the domain for the organization that you want to connect, and then select **Add**.

-8. Select **Connect**, and then Select **Next: Sponsors**.

-9. Add people from your organization or the organization that you're connecting to who you want to approve access for guests.

-10. Select **Next: Review + Create**.

-11. Review the settings that you've chosen and then select **Create**.

- 

-## Choose the resources to share

-The first step in selecting resources to share with a partner organization is to create a catalog to contain them.

-To create a catalog

-1. In the [Microsoft Entra admin center](https://aad.portal.azure.com), select **Identity Governance**.

-2. Select **Catalogs**.

-3. Select **New catalog**.

-4. Type a name and description for the catalog and ensure that **Enabled** and **Enabled for external users** are both set to **Yes**.

-5. Select **Create**.

- 

-Once the catalog has been created, you add the SharePoint site or team that you want to share with the partner organization.

-To add resources to a catalog

-1. In the Microsoft Entra Admin Center, select **Catalogs**, and then select the catalog where you want to add resources.

-2. Select **Resources** and then select **Add resources**.

-3. Select the teams or SharePoint sites that you want to include in your extranet, and then select **Add**.

- 

-Once you've defined the resources that you want to share, the next step is to create an access package, which defines the type of access that partner users are granted and the approval process for new partner users requesting access.

-To create an access package

-1. In the Microsoft Entra Admin Center, select **Catalogs**, and then select the catalog where you want to create an access package.

-2. Select **Access packages**, and then select **New access package**.

-3. Type a name and description for the access package, and then select **Next: Resource roles**.

-4. Choose the resources from the catalog that you want to use for your extranet.

-5. For each resource, in the **Role** column, choose the user role you want to grant to the guests who use the extranet.

-6. Select **Next: Requests**.

-7. Under **Users who can request access**, choose **For users not in your directory**.

-8. Ensure that the **Specific connected organizations** option is selected, and then select **Add directories**.

-9. Choose the connected organization that you add earlier, and then select **Select**

-10. Under **Approval**, choose **Yes** for **Require approval**.

-11. Under **First approver**, choose one of the sponsors that you added earlier or choose a specific user.

-12. CliSelectck **Add fallback** and select a fallback approver.

-13. Under **Enable**, choose **Yes**.

-14. Select **Next: Lifecycle**.

-15. Choose the expiration and access review settings that you want to use, and then select **Next: Review + Create**.

-16. Review your settings, and then select **Create**.

- 

-If you're partnering with a large organization, you may want to hide the access package. If the package is hidden, then users in the partner organization won't see the package on their *My Access* portal. Instead, they must be sent a direct link to sign up for the package. Hiding the access package can reduce the number of inappropriate access requests and can also help keep available access packages organized in the partner organization's portal.

-To set an access package to hidden

-1. In the Microsoft Entra admin center, select **Access packages**, and then select your access package.

-2. On the **Overview** page, select **Edit**.

-3. Under **Properties**, choose **Yes** for **Hidden**, and then select **Save**.

- 

-## Invite partner users

-If you set the access package to hidden, you need to send a direct link to the partner organization so that they can request access to your site or team.

-To find the access portal link

-1. In the Microsoft Entra Admin Center, select **Access packages**, and then select your access package.

-2. On the **Overview** page, select **Copy to clipboard** link for the **My Access portal link**.

- 

-Once you have copied the link, you can share it with your contact at the partner organization, and they can send it to the users on their collaboration team.

-## See Also

-[Create a secure guest sharing environment](create-secure-guest-sharing-environment.md)

-description: "In this article, you'll learn about the best practices for sharing files and folders with unauthenticated users."

-## Set an expiration date for Anyone links

-1. Type a number of days in the box, and then click **Save**.

-Note that once an *Anyone* link expires, the file or folder can be re-shared with a new *Anyone* link.

-By default, *Anyone* links for a file allow people to edit the file, and *Anyone* links for a folder allow people to edit and view files, and upload new files to the folder. You can change these permissions for files and for folders independently to view-only.

-1. Under **Advanced settings for "Anyone" links**, select the file and folder permissions that you want to use.</br>

-With *Anyone* links set to **View**, users can still share files and folders with guests and give them edit permissions by using *Specific people* links. These links require people outside your organization to authenticate as guests, and you can track and audit guest activity on files and folders shared with these links.

-## Set default link type to only work for people in your organization

-You can use [Microsoft Purview Data Loss Prevention (DLP)](../compliance/dlp-learn-about-dlp.md) to prevent unauthenticated sharing of sensitive content. Data loss prevention can take action based on a file's sensitivity label, retention label, or sensitive information in the file itself.

-1. In the Microsoft Purview admin center, go to the [Data loss prevention page](https://compliance.microsoft.com/datalossprevention).

-2. Click **Create policy**.

-3. Choose **Custom** and click **Next**.

-4. Type a name for the policy and click **Next**.

-5. On the **Locations to apply the policy** page turn off all settings except **SharePoint sites** and **OneDrive accounts**, and then click **Next**.

-6. On the **Define policy settings** page, click **Next**.

-7. On the **Customize advanced DLP rules** page, click **Create rule** and type a name for the rule.

-8. Under **Conditions**, click **Add condition**, and choose **Content contains**.

-9. Click **Add** and choose the type of information for which you want to prevent unauthenticated sharing.

-10. Under **Actions** click **Add an action** and choose **Restrict access or encrypt the content in Microsoft 365 locations**.

-11. Select the **Restrict access or encrypt the content in Microsoft 365 locations** check box and then choose the **Only people who were given access to the content through the "Anyone with the link" options** option.

-12. Click **Save** and then click **Next**.

-13. Choose your test options and click **Next**.

-14. Click **Submit**, and then click **Done**.

-When you allow anonymous users to upload files, you're at an increased risk of someone uploading a malicious file. In organizations with Microsoft Defender for Office 365 Plan 1 or Plan 2 licenses (for example, in Microsoft 365 E5 or as an add-on), you can use the *Safe Attachments* feature to detonate uploaded files in a sandboxed virtual environment, and quarantine files that are found to be unsafe.

-For instructions, see [Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](../security/office-365-security/safe-attachments-for-spo-odfb-teams-configure.md).

-If you have Microsoft 365 A5 or E5 Security licenses, you can also turn on (and use) the *Safe Documents* feature. For more information, see [Safe Documents in Microsoft 365 A5 or E5 Security](../security/office-365-security/safe-documents-in-e5-plus-security-about.md).

-If you use sensitivity labels in the Microsoft Purview admin center, you can configure your labels to add a watermark or a header or footer automatically to your organization's Office documents. In this way, you can make sure that shared files contain copyright or other ownership information.

-2. In the left navigation, under **Solutions**, click **Information protection**.

-3. Click the label that you want to have add a footer, and then click **Edit label**.

-4. Click **Next** to reach the **Content marking** tab, and then turn **On** content marking.

-5. Select the check box for the type of text you want to add, and then click **Customize text**.

-6. Type the text that you want added to your documents, select the text options that you want, and then click **Save**.</br>

-7. Click **Next** to reach the end of the wizard, and then click **Save label**.

-## See Also

-[Overview of sensitivity labels](/microsoft-365/compliance/sensitivity-labels)

-[Limit accidental exposure to files when sharing with guests](share-limit-accidental-exposure.md)

-[Create a secure guest sharing environment](create-secure-guest-sharing-environment.md)

-|Visit Compliance Manager to assess your compliance posture.| The next step is knowing which data protection regulations apply to your organization so you know what your obligations are.<p><p>Keeping up with new and updated laws and regulations can be a full-time job in itself, and many organizations struggle with manual processes for monitoring, updating, and reporting on their state of compliance. Compliance Manager helps manage the complexities of implementing controls through built-in control mapping, versioning, and continuous control assessments. This automation and continuous monitoring helps you to stay current with regulations and certifications, and eases reporting to auditors. <p><p>Use Compliance Manager to quickly assess your current environment and get an initial compliance score based on the Microsoft data protection baseline assessment. From there, you can create assessments that cover your multicloud environment and keep you on track with the regulations that are most relevant to your organization. | [Learn more about Compliance Manager](../compliance/compliance-manager.md)<br><br>[Start a premium assessments trial](../compliance/compliance-manager-setup.md#start-a-premium-assessments-trial)<br><br>[Learn about multicloud support](../compliance/compliance-manager-multicloud.md)|

- ΓÇïSelect **Data profile** underneath **Privacy risk management** on the left navigation of the Purview compliance portal. On this page, you can explore and document all the personal data types detected across repositories. Based on this information, you can decide if all the data types you're concerned about are successfully detected. If you find something missing, you can [create custom sensitive information types (SITs)](../compliance/create-a-custom-sensitive-information-type.md) and come back to the data profile page in the next 24-48 hours.

-|Identify sensitive information types so you know what needs protection.| Identifying and categorizing sensitive items managed by your organization is the first step in the Information Protection discipline. <p><p>Microsoft Purview provides three ways of identifying items so that they can be categorized a) manually by users, b) automated pattern recognition, like sensitive information types, and c) machine learning.<p><p>Sensitive information types (SIT) are pattern-based classifiers. They detect sensitive information like social security, credit card, or bank account numbers to identify sensitive items.| [Learn more about sensitive information types](../compliance/sensitive-information-type-learn-about.md)<br><br> [View the full list of sensitive information types](../compliance/sensitive-information-type-entity-definitions.md)|

-|Categorize and label your content so you can apply features to protect it.| Categorizing and labeling content so it can be protected and handled properly is the starting place for the information protection discipline. Microsoft 365 has three ways to classify content.| [Learn more about trainable classifiers](../compliance/classifier-learn-about.md)|

-|Apply sensitivity labels to protect data, even if it roams.| When youΓÇÖve identified your sensitive data, youΓÇÖll want to protect it. ThatΓÇÖs often challenging when people collaborate with others both inside and outside the organization. That data can roam everywhere, across devices, apps, and services. And when it roams, you want it to do so in a secure, protected way that meets your organization's business and compliance policies. <p><p>Sensitivity labels from Microsoft Purview Information Protection let you classify and protect your organization's data, while making sure that user productivity and their ability to collaborate isn't hindered.| [Learn more about sensitivity labels](../compliance/sensitivity-labels.md)|

-|Use data loss prevention policies to prevent the sharing of personal data.| Organizations have sensitive information under their control such as financial data, proprietary data, credit card numbers, health records, or social security numbers. To help protect sensitive information and reduce risk, they need a way to prevent their users from inappropriately sharing it with people who shouldn't have it. This practice is called data loss prevention (DLP).<p><p>Using Microsoft Purview Data Loss Prevention, you implement data loss prevention by defining and applying DLP policies to identify, monitor, and automatically protect sensitive items across Microsoft 365 services such as Teams, Exchange, SharePoint, and OneDrive; Office applications such as Word, Excel, and PowerPoint; Windows 10, Windows 11, and macOS (the current version and the previous two versions of macOS) endpoints; non-Microsoft cloud apps; and on-premises file shares and on-premises SharePoint.<p><p>This DLP solution detects sensitive items by using deep content analysis, not by just a simple text scan. Content is analyzed for primary data matches to keywords, by the evaluation of regular expressions, by internal function validation, and by secondary data matches that are in proximity to the primary data match. Beyond that, DLP also uses machine learning algorithms and other methods to detect content that matches your DLP policies.| [Learn more about data loss prevention](../compliance/dlp-learn-about-dlp.md)|

-|Govern your Microsoft 365 data for compliance or regulatory requirements| Information governance controls can be employed in your environment to help address data privacy compliance needs, including a number that are specific to General Data Protection Regulation (GDPR), HIPAA-HITECH (the United States health care privacy act), California Consumer Protection Act (CCPA), and the Brazil Data Protection Act (LGPD). Microsoft Purview Data Lifecycle Management and Microsoft Purview Records Management provide these controls in the form of retention policies, retention labels, and records management capabilities. | [Learn how to deploy a data governance solution with Microsoft Purview](../compliance/data-governance-solution.md)|

-Identifying sensitive information types (SITs), categorizing and labeling your content, and deploying data loss prevention (DLP) policies are key steps in an [information protection strategy](../compliance/information-protection-solution.md). The links in the table above take you to detailed guidance for carrying out these essential tasks.

-Research shows that there are over 250 daily updates to global regulations[*](#reference). Microsoft Purview Compliance Manager helps you keep up with the evolving compliance and risk landscape by providing continuous control assessments and regulatory updates. Choose from a library of 350+ templates that correspond to national, regional, and industry-specific requirements on the collection and use of data. Modify the templates for your needs, or create your own custom template for assessments that meet your unique needs. Explore the links below for detailed guidance on managing your organization's compliance activities with Compliance Manager.

-|Monitor progress and improve your compliance score. | Make sure you've set up assessments in Compliance Manger to help you stay on top of new and evolving data privacy regulations and laws that apply to your organization.| [Build and manage assessments in Compliance Manager](../compliance/compliance-manager-assessments.md)<br><br>[Raise your score by completing improvement actions](../compliance/compliance-manager-improvement-actions.md) |

-|Automatically test improvement actions. | To realize the full benefits of continuous control assessment, make sure your settings are configured to enable automatic testing of all eligible improvement actions.| [Set your testing source for automated testing](../compliance/compliance-manager-setup.md#testing-source-for-automated-testing)|

-|Set alerts for changes in Compliance Manager. | Compliance Manager can alert you to changes as soon as they happen so that you can stay on track with your compliance goals. Set up alerts for improvement action changes such as a score increase or decrease, an implementation or test status change, a reassignment, or the addition or removal of evidence.| [Create alert policies](../compliance/compliance-manager-alert-policies.md)|

-|Facilitate the work of assessors and auditors. | Make sure that individuals who oversee compliance activities in the organization have the right roles and can access evidence files and reporting. Compliance Manager allows scoped access to individual assessment for specific users. <br><br>You can upload evidence files to improvement actions that document your implementation and testing work. Assign improvement actions to users serving as assessors so they can determine a pass or fail status.<br><br>Provide reporting on your assessments to compliance stakeholders, auditors, and regulators. Exported reports contain details about control implementation status, test date, and test results.| [Grant user access to individual assessments](../compliance/compliance-manager-assessments.md#grant-user-access-to-individual-assessments)<br><br>[Store evidence documentation](../compliance/compliance-manager-improvement-actions.md#storing-evidence)<br><br>[Assign improvement actions to assessors](../compliance/compliance-manager-improvement-actions.md#assign-improvement-action-to-assessor-for-completion)<br><br>[Export an assessment report](../compliance/compliance-manager-assessments.md#export-an-assessment-report)|

-|Set up alerts for potential incidents.| You can set up alerts to help you respond quickly to an array of privacy incidents, whether they come through Priva, auditing, or other alert policies.| [Priva policy alerts](/privacy/priv)|

-|Use insider risk management as an investigative tool.| Microsoft Purview Insider Risk Management is a compliance solution that helps you minimize internal risk by enabling you detect, investigate, and act on malicious and inadvertent activities in your organization.<p><p>Insider risk policies allow you to define the types of risks to identify and detect in your organization. You can act on cases and escalate cases to Microsoft eDiscovery (Premium) if needed. Risk analysts in your organization can quickly take appropriate actions to make sure users are compliant with your organization's compliance standards.| [Learn more about insider risk management](../compliance/insider-risk-management.md)|

-Microsoft Purview and Microsoft Priva provide a unified platform to help you comply with data privacy regulations. The complementary features in Purview risk and compliance solutions and Priva privacy management solutions help you assess the personal data within your organization, and provide automation and scalability to help reduce the complexity in adequately safeguarding the data.

-Use the guidance in these articles to help you assess risks and take appropriate action to protect personal data in your Microsoft 365 environment. This guide comprises four overarching steps to help you understand how and when to use the appropriate Microsoft solution for meeting your organization's data privacy obligations.