Updates from: 01/05/2021 04:11:04
Category Microsoft Docs article Related commit history on GitHub Change details
admin https://docs.microsoft.com/en-us/microsoft-365/admin/add-users/about-guest-users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/about-guest-users.md
@@ -25,12 +25,12 @@ description: "Learn how the Guest users list is populated in the Microsoft 365 a
# Guest users in Microsoft 365 admin center
-When you add guests to your Microsoft Teams, or SharePoint, those users are added to the Guest users list in the admin center. You can also add guest users in the Azure Active Directory so they can collaborate with your organization's users. Guest users can attend meetings, view documents and chat in Teams they are invited to.
-Once a user is added to the Guest users list, you can remove their access there.
+Any guests you add to your Microsoft Teams, SharePoint, or Azure Active Directory are also added to the **Guest users** list in the Microsoft admin center. Guests can attend meetings, view documents and chat in Teams they're invited to.
+Once a user shows up in the **Guest users** list, you can remove their access there.
To view guest users, in the Microsoft 365 admin center, in the left nav, expand **Users**, and then choose **Guest users**.
-## Add guest users to Teams
+## Add guests to Teams
To see how to add a guest to Teams, see the following video: <br><br>
@@ -42,19 +42,17 @@ To join a team as a guest, see the following video:<br><br>
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4tyys]
-## Add guest users in Azure Active Directory
+## Add guests in Azure Active Directory
-To add guest users in the Azure Active Directory, see [add guest users](https://docs.microsoft.com/azure/active-directory/b2b/b2b-quickstart-add-guest-users-portal).
+To add guests in the Azure Active Directory, see [add guest users](https://docs.microsoft.com/azure/active-directory/b2b/b2b-quickstart-add-guest-users-portal).
-When you add a user you can also assign them to a group, or give them access to an app in your organization. Once you have added a user in the Azure AD portal, that user will also be listed on the Guest users page in the Microsoft 365 admin center.
-After a user is added to the Guest users list, they can be [added to Groups](../create-groups/manage-guest-access-in-groups.md#add-guests-to-a-microsoft-365-group-from-the-admin-center) in the Microsoft 365 admin center.
+After you add a user you can also assign them to a group, or give them access to an app in your organization. Once you have added a user in the Azure AD portal, that user will also be listed on the **Guest users** page in the Microsoft 365 admin center.
+After a user is added to the **Guest users** list, they can be [added to Groups](../create-groups/manage-guest-access-in-groups.md#add-guests-to-a-microsoft-365-group-from-the-admin-center) in the Microsoft 365 admin center.
-See [add guest users in bulk](https://docs.microsoft.com/azure/active-directory/b2b/tutorial-bulk-invite) to invite multiple guests to collaborate with your organization.
+See [add guests in bulk](https://docs.microsoft.com/azure/active-directory/b2b/tutorial-bulk-invite) to invite multiple guests to collaborate with your organization.
-## Remove a guest user
-
-To remove a guest user:
+## Remove a guest
1. In the Microsoft 365 admin center, expand **Users** and then choose **Guest users**. 1. On the **Guest users** page, choose the user you want to remove and then choose **Delete a user**.
admin https://docs.microsoft.com/en-us/microsoft-365/admin/manage/set-password-expiration-policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/set-password-expiration-policy.md
@@ -58,7 +58,7 @@ Follow the steps below if you want to set user passwords to expire after a speci
3. Select **Password expiration policy**.
-4. If you don't want users to have to change passwords, select the checkbox next to **Set user passwords to expire after a number of days**.
+4. If you don't want users to have to change passwords, uncheck the box next to **Set user passwords to expire after a number of days**.
5. Type how often passwords should expire. Choose a number of days from 14 to 730.
@@ -96,4 +96,4 @@ To learn how to update password policy for a specific domain or tenant, see [Set
[Let users reset their own passwords](../add-users/let-users-reset-passwords.md)
-[Reset passwords](../add-users/reset-passwords.md)
\ No newline at end of file
+[Reset passwords](../add-users/reset-passwords.md)
admin https://docs.microsoft.com/en-us/microsoft-365/admin/misc/cortana-integration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/cortana-integration.md
@@ -32,7 +32,7 @@ Moving forward, we're focusing Cortana on enterprise productivity.
- Consistent with other Office 365 services, Cortana enterprise services meet the same enterprise-level privacy, security, and compliance promises as reflected in the [Online Services Terms (OST)](https://www.microsoft.com/licensing/product-licensing/products). -- New Microsoft 365 experiences, such as the Briefing email and Play My Emails, will be enabled using Cortana enterprise services and fully comply with those promises. These features are currently available in the English (United States) market for users with mailboxes in the US geo, and for employees of multi-national corporations with US-based mailboxes. For more information on finding the usage location, please visit [View additional property values for accounts](https://docs.microsoft.com/microsoft-365/enterprise/view-user-accounts-with-microsoft-365-powershell?view=o365-worldwide#view-additional-property-values-for-accounts).
+- New Microsoft 365 experiences, such as the Briefing email and Play My Emails, will be enabled using Cortana enterprise services and fully comply with those promises. These features are currently available worldwide (standard multi-tenant). For more information on finding the usage location, please visit [View additional property values for accounts](https://docs.microsoft.com/microsoft-365/enterprise/view-user-accounts-with-microsoft-365-powershell?view=o365-worldwide#view-additional-property-values-for-accounts).
- Users may connect to Cortana enterprise services described here through Cortana in Windows 10 (version 2004 and later), as well as client applications, such as Outlook for iOS and Android, subject to separate licensing terms.
bookings https://docs.microsoft.com/en-us/microsoft-365/bookings/bookings-faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/bookings-faq.md
@@ -30,6 +30,10 @@ Bookings is available and active by default for Microsoft 365 Business Premium,
Your customers will only see the Bookings calendar that you publish online for the services, times, and staff that you choose to register.
+### How do I change a bookable attribute under Manage staff?
+
+When staff members were added, they would have received an email to accept or reject the request. They can open the same email and select "Reject" to make them non-bookable. We currently do not have a way to toggle this from inside the app.
+ ### How do end users access the Bookings app? Anyone who is licensed for Microsoft 365 Business Premium, Microsoft 365 Business Standard, A3, A5, E3, E5, or is added as a staff member in either the Administrator or Viewer roles can access Bookings in the app chooser within the Microsoft 365 Web experience. There is also a companion app available for iOS and Android.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/add-remove-members https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/add-remove-members.md deleted file mode 100644
@@ -1,42 +0,0 @@
-title: "Add or remove members from a data investigation"
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-ms.assetid:
-
-description: Learn how to add or remove the members who can access an investigation when managing a data investigation.
-ms.custom: seo-marvel-mar2020
-
-# Add or remove members from a data investigation
-
-You can add or remove members to manage who can access the investigation. To see and access data investigations, members must be part of Data Investigator role group or a custom role group with Data Investigation Management role assigned. Data investigator who created the investigation is automatically added as a member.
-
-1. From the **Data Investigations (preview)** page, go to your investigation.
-
-2. Go to **Settings** and select "Access & Permissions".
-
-3. Select **Update**.
-
-4. Under **Manage members**, select Add Icon Add to add members to the investigation. You can also choose to add a role group to the investigation. Under **Manage role groups**, select Add Icon Add.
- Keep in mind that role groups control permission to access the investigation. That means you can only add people who are assigned Data Investigator role group or custom role groups with Data Investigation Management role.
-
-5. In the list of people or role groups that can be added as members of the investigation, select the check box next to the names of the people or role groups that you want to add.
-
-6. After you've selected the people or role groups to add as members of the group, select **Add**.
-
-7. In **Manage this investigation**, select **Save** to save the new list of investigation members.
-
-8. Select **Save** to save the new list of investigation members.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/analyzing-data-in-review-set https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/analyzing-data-in-review-set.md
@@ -24,15 +24,15 @@ ms.custom: seo-marvel-mar2020
When the number of collected documents is large, it can be difficult to review them all. Advanced eDiscovery provides a number of tools to analyze the documents to reduce the volume of documents to be reviewed without any loss in information, and to help you organize the documents in a coherent manner. To learn more about these capabilities, see: -- [Near duplicate detection](near-duplicates.md)
+- [Near duplicate detection](near-duplicate-detection-in-advanced-ediscovery.md)
-- [Email threading](email-threading.md)
+- [Email threading](email-threading-in-advanced-ediscovery.md)
-- [Themes](themes.md)
+- [Themes](themes-in-advanced-ediscovery.md)
To analyze data in a review set:
-1. Configure analytics settings for your case. For more information, see [Configure search and analytics settings](configure-search-analytics-settings.md).
+1. Configure analytics settings for your case. For more information, see [Configure search and analytics settings](configure-search-and-analytics-settings-in-advanced-ediscovery.md).
2. Open the review set you want to analyze.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/annotate-and-redact-documents https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/annotate-and-redact-documents.md deleted file mode 100644
@@ -1,24 +0,0 @@
-title: "Annotate and redact documents in evidence"
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-ms.assetid:
-ROBOTS: NOINDEX, NOFOLLOW
-description: "You can annotate and redact evidence documents in Data Investigations (preview)."
-
-# Annotate and redact documents in evidence
-
-Content coming soon.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-retention-labels-automatically https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/apply-retention-labels-automatically.md
@@ -124,7 +124,7 @@ You can apply retention labels to content automatically when that content contai
#### Auto-apply labels to content with specific types of sensitive information
-When you create auto-apply retention label policies for sensitive information, you see the same list of policy templates as when you create a data loss prevention (DLP) policy. Each template is preconfigured to look for specific types of sensitive information. For example, the template shown here looks for U.S. ITIN, SSN, and passport numbers from the **Privacy** category, and **U.S Personally Identifiable Information (PII) Data template**:
+When you create auto-apply retention label policies for sensitive information, you see the same list of policy templates as when you create a data loss prevention (DLP) policy. Each template is preconfigured to look for specific types of sensitive information. For example, the template shown here looks for U.S. ITIN, SSN, and passport numbers from the **Privacy** category, and **U.S Personally Identifiable Information (PII) Data** template:
![Policy templates with sensitive information types](../media/dafd87d4-c7bb-439a-ac7b-193c018f98a5.png)
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/apply-sensitivity-label-automatically.md
@@ -123,11 +123,13 @@ When you select the **Sensitive info types** option, you see the same list of se
![Sensitive info types for auto-labeling in Office apps](../media/sensitivity-labels-sensitive-info-types.png)
-After you select your sensitive information types, you can refine your condition by changing the instance count or match accuracy. For more information, see [Tuning rules to make them easier or harder to match](data-loss-prevention-policies.md#tuning-rules-to-make-them-easier-or-harder-to-match).
+Similarly to when you configure DLP policies, you can then refine your condition by changing the instance count and match accuracy. For example:
-Further, you can choose whether a condition must detect all sensitive information types, or just one of them. And to make your conditions more flexible or complex, you can add groups and use logical operators between the groups. For more information, see [Grouping and logical operators](data-loss-prevention-policies.md#grouping-and-logical-operators).
+![Options for match accuracy and instance count](../media/sensitivity-labels-instance-count-match-accuracy.png)
-![Options for instance count and match accuracy](../media/Sensitivity-labels-instance-count-match-accuracy.png)
+You can learn more about these configuration options from the DLP documentation: [Tuning rules to make them easier or harder to match](data-loss-prevention-policies.md#tuning-rules-to-make-them-easier-or-harder-to-match).
+
+Also similarly to DLP policy configuration, you can choose whether a condition must detect all sensitive information types, or just one of them. And to make your conditions more flexible or complex, you can add [groups and use logical operators between the groups](data-loss-prevention-policies.md#grouping-and-logical-operators).
### Configuring trainable classifiers for a label
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/build-search-queries https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/build-search-queries.md deleted file mode 100644
@@ -1,43 +0,0 @@
-title: Build search queries in Data investigations
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-ms.assetid:
-ms.custom: seo-marvel-mar2020
-description: "Use keywords and conditions to narrow the search scope when searching for data using Data Investigation in Microsoft 365."
-
-# Build search queries in Data Investigations (preview)
-
-When building search queries, you can use keywords to find specific content and conditions to narrow the scope of the search to return items that are most relevant to your investigation.
-
-![Use keywords and conditions to narrow the results of a search](../media/SearchQueryBox.png)
-
-## Keyword searches
-
-Type a keyword query in the **Keywords** box in the search query. You can specify keywords, email message properties, such as sent and received dates, or document properties, such as file names or the date that a document was last changed. You can use more complex queries that use a Boolean operator, such as **AND**, **OR**, **NOT**, and **NEAR**. You can also search for sensitive information, such as social security numbers, in documents in SharePoint and OneDrive (not in email messages), or search for documents that have been shared externally. If you leave the **Keywords** box empty, all content located in the specified content locations is included in the search results.
-
-Alternatively, you can select the **Show keyword list** check box and then type a keyword or keyword phrase in each row. If you do this, the keywords in each row are connected by a logical operator (represented as *c:s*) that is similar in functionality to the **OR** operator in the search query that's created. This means that items that contain any keyword in any row are included in the search results.
-
-![Use the keyword list to get statistics on each keyword in the query](../media/KeywordListSearch.png)
-
-Why use the keyword list? You can get statistics that show how many items match each keyword in the keyword list. This can help you quickly identify the keywords that are the most (and least) effective. You can also use a keyword phrase (surrounded by parentheses) in a row in the keywords list. For more information about search statistics, see [Search statistics](search-statistics.md).
-
-> [!NOTE]
-> To help reduce issues caused by large keyword lists, you're limited to a maximum of 20 rows in the keyword list.
-
-## Conditions
-
-You can add search conditions to narrow the scope of a search and return a more refined set of results. Each condition adds a clause to the search query that is created and run when you start the search. A condition is logically connected to the keyword query (specified in the keyword box) by a logical operator (which is represented as *c:c*) that is similar in functionality to the **AND** operator. This means that items have to satisfy both the keyword query and one or more conditions to be included in the search results. This is how conditions help to narrow your results. For a list and description of conditions you can use in a search query, see the "Search conditions" section in [Keyword queries and search conditions](keyword-queries-and-search-conditions.md#search-conditions).
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/building-search-queries https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/building-search-queries.md
@@ -34,7 +34,7 @@ Alternatively, you can select the **Show keyword list** check box and the type a
![Use the keyword list to get statistics on each keyword in the query](../media/KeywordListSearch.png)
-Why use the keyword list? You can get statistics that show how many items match each keyword in the keyword list. This can help you quickly identify the keywords that are the most (and least) effective. You can also use a keyword phrase (surrounded by parentheses) in a row in the keywords list. For more information about search statistics, see [Search statistics](search-statistics.md).
+Why use the keyword list? You can get statistics that show how many items match each keyword in the keyword list. This can help you quickly identify the keywords that are the most (and least) effective. You can also use a keyword phrase (surrounded by parentheses) in a row in the keywords list. For more information about search statistics, see [Search statistics](search-statistics-in-advanced-ediscovery.md).
## Conditions
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/classifier-get-started-with https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/classifier-get-started-with.md
@@ -1,5 +1,5 @@
---
-title: "Get started with trainable classifiers (preview)"
+title: "Get started with trainable classifiers"
f1.keywords: - NOCSH ms.author: chrfox
@@ -20,13 +20,13 @@ search.appverid:
description: "A Microsoft 365 classifier is a tool you can train to recognize various types of content by giving it samples to look at. This article shows you how to create and train a custom classifier and how to retrain them to increase accuracy." ---
-# Get started with trainable classifiers (preview)
+# Get started with trainable classifiers
A Microsoft 365 trainable classifier is a tool you can train to recognize various types of content by giving it samples to look at. Once trained, you can use it to identify item for application of Office sensitivity labels, Communications compliance policies, and retention label policies. Creating a custom trainable classifier first involves giving it samples that are human picked and positively match the category. Then, after it has processed those, you test the classifiers ability to predict by giving it a mix of positive and negative samples. This article shows you how to create and train a custom classifier and how to improve the performance of custom trainable classifiers and pre-trained classifiers over their lifetime through retraining.
-To learn more about the different types of classifiers, see [Learn about trainable classifiers (preview)](classifier-learn-about.md).
+To learn more about the different types of classifiers, see [Learn about trainable classifiers](classifier-learn-about.md).
## Prerequisites
@@ -39,7 +39,7 @@ Classifiers are a Microsoft 365 E5, or E5 Compliance feature. You must have one
To access classifiers in the UI: - the Global admin needs to opt in for the tenant to create custom classifiers.-- Compliance Administrator or Data Investigation role is required to train a classifier.
+- Compliance Administrator role is required to train a classifier.
You'll need accounts with these permissions to use classifiers in these scenarios:
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/classifier-how-to-retrain-comms-compliance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/classifier-how-to-retrain-comms-compliance.md
@@ -1,5 +1,5 @@
---
-title: "How to retrain a classifier in communications compliance (preview)"
+title: "How to retrain a classifier in communications compliance"
f1.keywords: - NOCSH ms.author: chrfox
@@ -17,13 +17,13 @@ search.appverid:
description: "Learn how to provide feedback to a trainable classifier in Communications compliance." ---
-# How to retrain a classifier in communications compliance (preview)
+# How to retrain a classifier in communications compliance
A Microsoft 365 trainable classifier is a tool you can train to recognize various types of content by giving it samples to look at. Once trained, you can use it to identify item for application of Office sensitivity labels, communications compliance policies, and retention label policies. This article shows you how to improve the performance of custom trainable classifiers and some pre-trained classifiers by providing them additional feedback.
-To learn more about the different types of classifiers, see [Learn about trainable classifiers (preview)](classifier-learn-about.md).
+To learn more about the different types of classifiers, see [Learn about trainable classifiers](classifier-learn-about.md).
## Permissions
@@ -47,7 +47,7 @@ To understand more about the overall workflow of retraining a classifier, see [P
> [!NOTE] > A classifier must already be published and in use before it can be retrained.
-## How to retrain a classifier in communication compliance policies (preview)
+## How to retrain a classifier in communication compliance policies
1. Open the Communication compliance policy that uses a classifier as a condition and choose one of the identified items from the **Pending** list. 2. Choose the ellipsis and **Improve classification**.
@@ -63,7 +63,7 @@ To understand more about the overall workflow of retraining a classifier, see [P
> This information goes to the classifier in your tenant, **it does not go back to Microsoft**. 6. Open the **Data classification** page in the **Microsoft 365 compliance center**.
-7. Open **Trainable classifiers (preview)**.
+7. Open **Trainable classifiers**.
8. The classifier that was used in your Communications compliance policy will appear under the **Re-training** heading. ![classifier in retraining status](../media/classifier-retraining.png)
@@ -89,5 +89,5 @@ We compare the performance numbers on both sets of items for the retrained and p
## See also -- [Learn about trainable classifiers (preview)](classifier-learn-about.md)
+- [Learn about trainable classifiers](classifier-learn-about.md)
- [Default crawled file name extensions and parsed file types in SharePoint Server](https://docs.microsoft.com/sharepoint/technical-reference/default-crawled-file-name-extensions-and-parsed-file-types)
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/classifier-how-to-retrain-content-explorer https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/classifier-how-to-retrain-content-explorer.md
@@ -1,5 +1,5 @@
---
-title: "How to retrain a classifier in content explorer (preview)"
+title: "How to retrain a classifier in content explorer"
f1.keywords: - NOCSH ms.author: chrfox
@@ -17,13 +17,13 @@ search.appverid:
description: "Learn how to provide feedback to a trainable classifier in Content explorer." ---
-# How to retrain a classifier in content explorer (preview)
+# How to retrain a classifier in content explorer
A Microsoft 365 trainable classifier is a tool you can train to recognize various types of content by giving it samples to look at. Once trained, you can use it to identify item for application of Office sensitivity labels, communications compliance policies, and retention label policies. This article shows you how to improve the performance of custom trainable classifiers and some pre-trained classifiers by providing them additional feedback.
-To learn more about the different types of classifiers, see [Learn about trainable classifiers (preview)](classifier-learn-about.md).
+To learn more about the different types of classifiers, see [Learn about trainable classifiers](classifier-learn-about.md).
## Permissions
@@ -47,7 +47,7 @@ To understand more about the overall workflow of retraining a classifier, see [P
> [!NOTE] > A classifier must already be published and in use before it can be retrained.
-## How to retrain a classifier in content explorer (preview)
+## How to retrain a classifier in content explorer
1. Sign in to Microsoft 365 compliance center with compliance admin or security admin role access and open **Microsoft 365 compliance center** > **Data classification** > **Content explorer**. 2. Under the **Filter on labels, info types, or categories** list, expand **Trainable classifiers**.
@@ -73,7 +73,7 @@ To understand more about the overall workflow of retraining a classifier, see [P
> [!IMPORTANT] > This information goes to the classifier in your tenant, **it does not go back to Microsoft**.
-9. Open **Trainable classifiers (preview)**.
+9. Open **Trainable classifiers**.
10. The classifier that was used in your Communications compliance policy will appear under the **Re-training** heading. ![classifier in retraining status](../media/classifier-retraining.png)
@@ -99,5 +99,5 @@ We compare the performance numbers on both sets of items for the retrained and p
## See also -- [Learn about trainable classifiers (preview)](classifier-learn-about.md)
+- [Learn about trainable classifiers](classifier-learn-about.md)
- [Default crawled file name extensions and parsed file types in SharePoint Server](https://docs.microsoft.com/sharepoint/technical-reference/default-crawled-file-name-extensions-and-parsed-file-types)
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/classifier-learn-about https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/classifier-learn-about.md
@@ -1,5 +1,5 @@
---
-title: "Learn about trainable classifiers (preview)"
+title: "Learn about trainable classifiers"
f1.keywords: - NOCSH ms.author: chrfox
@@ -20,7 +20,7 @@ search.appverid:
description: "A Microsoft 365 trainable classifier is a tool you can train to recognize various types of content by giving it positive and negative samples to look at. Once the classifier is trained, you confirm that its results are accurate. Then you use it to search through your organization's content and classify it to apply retention or sensitivity labels or include it in data loss prevention (DLP) or retention policies." ---
-# Learn about classifiers (preview)
+# Learn about classifiers
Classifying and labeling content so it can be protected and handled properly is the starting place for the information protection discipline. Microsoft 365 has three ways to classify content.
@@ -98,7 +98,7 @@ Microsoft 365 comes with five pre-trained classifiers:
- **Profanity**: detects a specific category of offensive language text items that contain expressions that embarrass most people - **Threat**: detects a specific category of offensive language text items related to threats to commit violence or do physical harm or damage to a person or property
-These appear in the **Microsoft 365 compliance center** > **Data classification (preview)** > **Trainable classifiers** view with the status of `Ready to use`.
+These appear in the **Microsoft 365 compliance center** > **Data classification** > **Trainable classifiers** view with the status of `Ready to use`.
![classifiers-pre-trained-classifiers](../media/classifiers-ready-to-use-classifiers.png)
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/close-or-delete-investigation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/close-or-delete-investigation.md deleted file mode 100644
@@ -1,44 +0,0 @@
-title: "Close or delete a data investigation"
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-ms.assetid:
-
-description: Learn how to close a data investigation case while retaining the information and evidence for future use.
-ms.custom: seo-marvel-mar2020
-
-# Close or delete an investigation
-
-## Close an investigation
-
- After you've completed the investigation and taken appropriate remedial actions, you may want to preserve the evidence that you collected but close the case so that you can easily refer back to it in the future. Once you close the investigation, it's still listed on the Data investigations page in the Security & Compliance Center. The details, holds, searches, and members of a closed case are retained. At a later date, you can reopen closed investigations.
-
-To close an investigation:
-
-1. On the **Settings** tab, select **Investigation information**.
-
-2. Select **Close investigation**.
--
-## Delete an investigation
-
-Sometimes you may want to destroy the evidence because it contains sensitive or confidential data that you don't want to keep. To avoid further data spillage, you should consider deleting the investigation.
-
-To delete an investigation:
-
-1. On the **Settings** tab, select **Investigation information**.
-
-2. Select **Delete investigation**.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/collecting-data-for-ediscovery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/collecting-data-for-ediscovery.md
@@ -42,7 +42,7 @@ Once the search estimate is completed, select the search to display the flyout p
- Top locations - Queries
-For more information about search statistics, see [Search statistics](search-statistics.md).
+For more information about search statistics, see [Search statistics](search-statistics-in-advanced-ediscovery.md).
Once preview is completed, the **Preview** button will be active. Select it to preview a sampled subset of the results.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/configure-search-analytics-settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/configure-search-analytics-settings.md deleted file mode 100644
@@ -1,56 +0,0 @@
-title: Configure search and analytics settings - Data investigations
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-ms.assetid:
-description: Learn how to configure search and analytics settings, like near duplicates, email threading, and themes when managing data investigations.
-ms.custom: seo-marvel-mar2020
-
-# Configure search and analytics settings in Data Investigations
-
-## Near duplicates and email threading
-
-In this section, you can set parameters for duplicate detection, near duplicate detection, and email threading.
--- Enable/disable: include duplicate detection, near duplicate detection, and email threading as part of analytics flow if enabled. Because they build on top of each other, you must enable all of them or disable all of them.--- Threshold: if the similarity level of two documents is above the threshold, they will be put in the same near duplicate set.--- Hide duplicates by default: if this setting is on, a filter to hide duplicate documents will be applied in the working set by default. The filter can be removed manually in the working set if necessary.--- Minimum/maximum number of words: near duplicates and email threading will run only on documents that have at least the minimum number of words and at most the maximum number of words.-
-For more information, see [Near duplicate detection](near-duplicates.md) and [Email threading](email-threading.md).
-
-## Themes
-
-In this section, you can set parameters for themes.
--- Enable/disable: include themes clustering as part of analytics flow if enabled.--- Adjust maximum number of themes dynamically: in certain cases, there are not enough documents to produce the desired number of themes. If this setting is turned on, then rather than trying to force the desired maximum number of themes, the system adjusts maximum number of themes dynamically.--- Maximum number of themes: desired number of themes.--- Include numbers in themes: When enabled, it will include numbers in when generating themes. -
-## Optical character recognition (OCR)
-
-When this setting is turned on, OCR will be run on images that are ingested into working sets so that they can be searchable.
-
-## Ignore text
-
-There are instances where certain texts will diminish the quality of analytics, such as lengthy disclaimers that get added to certain emails regardless of the content of the email. If you are aware of such cases, you can exclude this text from analytics by specifying the text (RegEx is supported) and which modules that text should be excluded for.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/configure-search-and-analytics-settings-in-advanced-ediscovery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/configure-search-and-analytics-settings-in-advanced-ediscovery.md
@@ -45,7 +45,7 @@ To configure search and analytics settings for a case:
## Near duplicates and email threading
-In this section, you can set parameters for duplicate detection, near duplicate detection, and email threading. For more information, see [Near duplicate detection](near-duplicates.md) and [Email threading](email-threading.md).
+In this section, you can set parameters for duplicate detection, near duplicate detection, and email threading. For more information, see [Near duplicate detection](near-duplicate-detection-in-advanced-ediscovery.md) and [Email threading](email-threading-in-advanced-ediscovery.md).
- **Near duplicates/email threading:** When turned on, duplicate detection, near duplicate detection, and email threading are included as part of the workflow when you run analytics on the data in a review set.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/create-new-investigation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-new-investigation.md deleted file mode 100644
@@ -1,48 +0,0 @@
-title: "Create a new investigation in Data Investigations (preview)"
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-ms.assetid:
-description: "Learn how to create, configure, and save a new investigation in Data Investigations (preview) in the Microsoft 365 compliance center."
-ms.custom: seo-marvel-mar2020
-
-# Create a new investigation in Data Investigations (preview)
-
-1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com).
-
-2. Sign in using your work or school account.
-
-3. In the compliance center, click **Data Investigations**.
-
-4. On the **Data Investigations (preview)** page, click **Create new investigation**.
-
-5. On the **New data investigation** flyout page, give the investigation a name (required), and then type an optional investigation number and description. The investigation name must be unique in your organization.
-
-6. Under **Do you want to configure additional settings after creating this investigation?**, do one of the following:
-
- - Click **Yes** to create the investigation, and display the **Settings** page in the new investigation. This allows you to add members to the investigation.
-
- - Click **No** to just create the investigation and display it in the list of investigations on the **Data Investigations (preview)** page. If you choose this option, you will be added as the only member of the investigation and the default search and analytics settings will be used. You can add members or change settings anytime after the investigation is created.
-
-7. Click **Save** to create the investigation.
-
- The new investigation is displayed in the list of investigations on the **Data Investigations (preview)** page.
-
-8. To open an investigation, click the name of the investigation.
-
- The **Home** tab for the investigation is displayed. For example, here's a new investigation named *Critical: Tax document and finance data leakage*.
-
- ![The Home tab for a new investigation in Data Investigations](../media/NewDataInvestigations.png)
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/customer-key-tenant-level https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/customer-key-tenant-level.md
@@ -54,7 +54,7 @@ You'll complete most of these tasks by remotely connecting to Azure PowerShell.
Before you get started, make sure of the following: - You'll need to use a work or school account that has the compliance admin role to set up Customer Key at the tenant level.-- Ensure that you have the appropriate licensing for your organization. Use a paid, invoiced Azure Subscription using either an Enterprise Agreement or a Cloud Service Provider. Azure Subscriptions purchased using Pay As You Go plans or using a credit card aren't supported for Customer Key. Starting April 1, 2020, Customer Key in Office 365 is offered in Office 365 E5, M365 E5, M365 E5 Compliance, and M365 E5 Information Protection & Governance SKUs. Office 365 Advanced Compliance SKU is no longer available for procuring new licenses. Existing Office 365 Advanced Compliance licenses will continue to be supported. While the service can be enabled with a minimum of one license under the tenant having the appropriate license, you should still make sure all users that benefit from the service have appropriate licenses. You'll need one of the following licenses:
+- Ensure that you have the appropriate licensing for your organization. Use a paid, invoiced Azure Subscription using either an Enterprise Agreement or a Cloud Service Provider. Azure Subscriptions purchased using Pay As You Go plans or using a credit card aren't supported for Customer Key. Starting April 1, 2020, Customer Key in Office 365 is offered in Office 365 E5, M365 E5, M365 E5 Compliance, and M365 E5 Information Protection & Governance SKUs. Office 365 Advanced Compliance SKU is no longer available for procuring new licenses. Existing Office 365 Advanced Compliance licenses will continue to be supported. While the service can be enabled with a minimum of one license under the tenant having the appropriate license, you should still make sure all users that benefit from the service have appropriate licenses.
### Create two new Azure subscriptions
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/data-investigations-permissions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/data-investigations-permissions.md deleted file mode 100644
@@ -1,39 +0,0 @@
-title: "Assign permissions for Data Investigations (preview)"
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-ms.assetid:
-
-description: "This article describes how to set up the permissions necessary to use the Data Investigations tool in Microsoft 365."
-
-# Assign permissions for Data Investigations (preview)
-
-To access a data investigation in the Office 365 or Microsoft 365 compliance center, you need be a member of the Data Investigator role group. To add members to a role group, you must be a member of the Organization Management role group or assigned the Role Management role in the Security & Compliance Center. After a user becomes a member of the Data Investigator role group, they can create, access, and conduct investigations in the data investigations that you are a member of.
-
-To assign data investigations permissions:
-
-1. Go to [https://protection.office.com](https://protection.office.com) and sign in using the credentials for an admin account in your organization.
-
-2. In the Security & Compliance Center, click **Permissions**.
-
-3. Click the **Data Investigator** role group, and then next to **Members** on the flyout page, click **Edit**.
-
-4. Click **Choose members** and then click **Add**. Select the users that you want to add as data investigators, and then click **Add**.
-
-5. After you've added all the users, click **Done** and then click **Save** to save the changes to the role group.
-
-> [!NOTE]
-> The Data Investigation Management role that is assigned to the Data Investigator role group provides the necessary permissions to access the Data Investigations tool in the Office 365 or Microsoft 365 compliance center. By default, this role is not assigned to the Organization Management role group, which means that global admins in your organization may not be able to access the Data Investigations tool by default. To fix this, you can add global admins to the Data Investigator role group or add the Data Investigation Management role to the Organization Management role group. A third option would be to create a custom role group and assign the Data Investigation Management role (and other roles) and then add appropriate members. For more information about role groups and roles, see [Permissions in the Security & Compliance Center](https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center).
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/data-investigations-release-notes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/data-investigations-release-notes.md deleted file mode 100644
@@ -1,48 +0,0 @@
-title: "Release notes for Data Investigations (preview) in Microsoft 365"
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-ms.assetid:
-ms.custom:
-- seo-marvel-mar2020-- seo-marvel-apr2020
-description: "In this article, you will find release notes that contain changes and new features for the Data Investigations (preview) tool in Microsoft 365."
-
-# Release notes for Data Investigations (preview) in Microsoft 365
-
-You can use the new Data Investigations (preview) tool in Microsoft 365 to triage, investigate, and remediate data-related incidents, such as a data spillage incident or an internal investigation. The Public Preview of Data Investigations provides you with early access to the upcoming functionality and updates. To get early access to the newest features, create a new investigation in Data Investigations (preview) in the Security & Compliance Center. To learn how, see [Manage a data spillage incident in Microsoft 365](manage-data-spillage-incidents.md).
-
-## What's new
--- **Investigations** - You can group searches and incidents by creating an investigation. Manage who can access the investigation by adding or removing members. You can also select and mark your favorite investigations. Track and monitor activity within and across investigations using new dashboards. After you complete your investigation, you can close or delete it.--- **People of interest** ΓÇô When you add users to investigations as people of interest, you can see their mailbox, OneDrive for Business account, and Microsoft Teams sites. You can use them to scope your investigative content searches. To further investigate a person of interest, you can also view audit records related to their activities in Microsoft 365 and other Microsoft services.--- **Searches** ΓÇô Create an organization-wide search using various search conditions. If you know users or sites that you want to search, you can do so by adding those users as people of interest or specifying site locations in search creation wizard. --- **Evidence** ΓÇô Create a new evidence set and add search results that you want to review. You can review individual documents, annotate to leave investigation notes, and export results to move to a different environment. --- **Review** ΓÇô Use a native, text, and near-native views to review the documents added to an incident. You can also apply analytics to documents to group items by duplicates, email threads, and themes, which can help assist your review of the incident. --- **Redact, tag, and annotate** ΓÇô Redact text, apply tags, and make annotations as you review documents.
-
-- **Advanced indexing** ΓÇô If there are any partially indexed items, they will be reindexed on demand so that all data will be available for searching.--- **Error remediation** ΓÇô Remediate or download processing errors. This includes remediation support for large file types, password protected files, and other issues related to indexing errors. --- **Jobs** ΓÇô Track status of long-running processes.--- **Hard-delete mailbox items** - In urgent situations, you may need to permanently delete misplaced items. To do this, you can run the **New-ComplianceSearchAction -Purge -PurgeType HardDelete** command in Security & Compliance Center PowerShell to permanently remove items from mailboxes. For more information, see [New-ComplianceSearchAction](https://docs.microsoft.com/powershell/module/exchange/new-compliancesearchaction).
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/delete-items-from-original-locations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/delete-items-from-original-locations.md deleted file mode 100644
@@ -1,96 +0,0 @@
-title: "Delete items from their original location"
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-ms.audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection:
-- M365-security-compliance-- SPO_Content
-search.appverid:
-- MOE150-- MET150
-ms.assetid:
-
-description: "This article describes how to use the new Data Investigations (preview) tool in the Security & Compliance Center to delete items from their original locations."
-ms.custom: seo-marvel-apr2020
-
-# Delete items from their original location (Preview)
-
-The feature to delete items from their original location is in Preview.
-
-Using data investigations, you can delete items from their original locations. This means you can delete items from Exchange mailboxes, SharePoint sites, and OneDrive accounts across your organization. Because you collected items as evidence, you have copies of the items retained in the evidence set for further investigation or keep as reference.
-
-## Before you delete items
--- To delete items, you have to be assigned the **Search And Purge** role in the Security & Compliance Center. This role is assigned by default to the built-in Data Investigator role group.--- The procedure in this topic assumes that you have run a search associated with an investigation and added the search results to an evidence set. After the search results are in evidence, you can select one or more items to delete. For more information, see [Search for data in an investigation](search-for-data.md).--- It's important to keep in mind that only the items in the original content locations (such as Exchange mailboxes, SharePoint sites, and OneDrive accounts) are deleted. These items aren't deleted from the evidence set. That's because the items in an evidence set are copies of the original. These items are copied when you added the results of a search to an evidence set.-
-## Delete items
-
-Perform the following steps to delete items from their original location:
-
-1. In the **Data Investigations** tool, open the data investigation that contains the items you want to delete, and then click the **Evidence** tab.
-
-2. Select the items that you want to delete. You can select all items in the evidence set or select just a subset of items.
-
- > [!NOTE]
- > If you select the attachments of an email or a file attached to a document in SharePoint and OneDrive, the parent item will be also be selected and deleted when the item is deleted from its original location. Similarly, if you select an item that has attachments, the parent item item and all attachments are deleted.
-
-2. Click **Action** and then click **Delete items from original locations**.
-
- ![Click Action and then click Delete items from original locations](../media/DataInvestigationsDeleteItems1.png)
-
-3. On the flyout page, verify the number of items and related child documents that will be deleted, and then click **Delete**.
-
- ![The flyout page displays the number of items and any attached documents that are selected for deletion](../media/DataInvestigationsDeleteItems2.png)
-
- > [!NOTE]
- > In the previous screenshot, the number of items indicates the number of items that are selected for deletion. The number of documents indicates to total number of items including any files that are attached to a parent item. For example, if you select one email message and that message has an attached Word document, the number of items and documents displayed under **Selected documents only** would be **1 items (2 documents)**.
-
-You can track the progress of the **Delete items from original locations** job on the **Jobs** tab. Click the job to display the flyout page.
-
-![Flyout page for Delete items from original locations job](../media/DataInvestigationsDeleteItems3.png)
-
-When the items in the job are deleted, the job status is set to **Successful**. The time and date of the completed job is also displayed.
-
-![Completed delete items job](../media/DataInvestigationsDeleteItems4.png)
-
-> [!NOTE]
-> You may receive a status of **Partially Successful** for the **Delete items from original locations** job. There are a number of situations that result in this job status. For more information, see the [Partially successful deletions](#partially-successful-deletions) section in this article.
-
-## What happens when you delete items
-
-At this time, when you delete items from their original content location, the items are *soft-deleted*. This means that items are moved to special location and retained until the deleted item retention period expires and an item is marked for permanent deletion from Microsoft 365. Soft-deleting items means that users can still recover these items until the retention period expires. Here are descriptions about what happens when items are soft-deleted from Exchange mailboxes and SharePoint and OneDrive for Business sites, and what users can do after items are deleted from their original locations.
--- **Mailboxes:** When a mailbox item is soft-deleted, it's moved to the Recoverable Items folder in the mailbox. This behavior is similar to when a user deletes an item from the Deleted Items folder or permanently deletes an item by pressing Shift + Delete. At this point, the user can recover the item up until the deleted item retention period expires. In Microsoft 365, the deleted item retention period is 14 days by default, but an admin can increase the retention period to 30 days. After the retention period expires, the item is moved to a hidden folder (called the *Purges* folder). The item is permanently removed from Microsoft 365 the next time the mailbox is processed. Mailboxes are processed once every seven days).--- **SharePoint and OneDrive sites:** When a file or document on a site is soft-deleted, it's moved to the site's Recycle Bin (also called the *first-stage* Recycle Bin). The item remains in the Recycle Bin for 93 days (the deleted item retention period for sites in Microsoft 365). During the 93-day period, deleted items can still be recovered by a site collection administrator in SharePoint or by the user or admin in OneDrive. Items can also be deleted from the first-stage recycle bin. When that happens, the items are moved to the Recycle Bin for the site collection, which is called the *second-stage* Recycle Bin. The retention period is 93 days for both the first-stage and second-stage recycle bins. That means the second-stage Recycle Bin retention starts when the item is initially deleted. That means the total maximum retention time is 93 days for both recycle bins. If an item is deleted from the second-stage Recycle Bin (either manually by an admin or automatically when the retention period expires), it's no longer accessible by an admin.-
-## What happens if a content location is on hold
-
-In Microsoft 365, mailboxes and sites can be placed on hold or assigned to a retention policy. This means that nothing is permanently removed until the retention period for an item expires or until the hold is removed. Even if you delete an item from its original location, the item may not be permanently removed from Office 365. For example, if a mailbox is on hold, soft-deleted items are eventually moved to Purges or DiscoveryHold subfolders in the Recoverable Items folder and retained until the hold duration or retention period expires. For sites, a copy of the item that's moved to the Recycle Bin is copied to the Preservation Hold library that's created when a hold or retention policy is placed on a site.
-
-## Partially successful deletions
-
-After the **Delete items from original locations** job has completed running, you may received a job status of **Partially Successful**. In general, this status indicates that the job ran successfully, but not all items were soft-deleted. Here's a list of reasons that result in partially successful deletions:
--- A mailbox item was already located in the Recoverable Items folder in the source mailbox.--- A mailbox item was purged from the Recoverable Items folder in the source mailbox.--- A document was already located in the first-stage Recycle Bin in a SharePoint or OneDrive site.--- A document was moved to a different SharePoint site after it was added to the evidence set. In this case, the document isn't moved to the Recycle Bin in the site it was moved to.--- A document was permanently deleted in SharePoint or OneDrive (moved to the second-stage Recycle Bin) after it was added to the evidence set.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/document-metadata-fields https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/document-metadata-fields.md deleted file mode 100644
@@ -1,128 +0,0 @@
-title: "Document metadata fields in Data Investigations (preview)"
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: reference
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-ms.assetid:
-
-description: View a table listing the metadata fields for documents in an evidence set in Data Investigations (preview).
-ms.custom: seo-marvel-mar2020
-
-# Document metadata fields in Data Investigations (preview)
-
-The following table lists the metadata fields for documents in a evidence set in an investigation in Data Investigations (preview). The table indicates the name of the metadata field, whether the field can be searched when running a query in an evidence set, whether the field is present when viewing the file metadata of a selected document in an evidence set, and whether the field is included when documents are exported.
-
-> [!NOTE]
-> The values in parentheses in the **Searchable in evidence set** column is the name of the property that you can search for. The values in parentheses in the **Viewable in file metadata** column is the name of the property that's displayed when you're viewing the file metadata.
-
-|**Field name** </br>|**Searchable in evidence set** |**Viewable in file metadata** |**Exported** |
-|:-------------------------- |:---------------------------------------- |:------------------------|:------------------|
-|Case tags | Yes (tags) | | Yes |
-|Compliance labels | | | Yes |
-|Compound path | | | Yes |
-|Container ID | | | Yes |
-|Conversation index | | | Yes |
-|Custodian | Yes (custodian) | Yes (Custodian) | Yes |
-|Data source | Yes (source) | Yes (Workload) | Yes |
-|Date | Yes (date) | Yes (Date UTC) | Yes |
-|Deduped compound path | | | Yes |
-|Deduped custodians | | | Yes |
-|Deduped file IDs | | | Yes |
-|Doc authors | Yes (author)* | Yes (Author) | Yes |
-|Doc comments | Yes (comments) | | Yes |
-|Doc company | | | Yes |
-|Doc date created | Yes (createdTime)* | Yes (Created Time) | Yes |
-|Doc date modified | Yes (lastModifiedDate)* | | Yes |
-|Doc keywords | | | Yes |
-|Doc last saved by | | | Yes |
-|Doc modified by | | | Yes |
-|Doc subject | | Yes (Subject/Title) | Yes |
-|Doc template | | | Yes |
-|Doc title | Yes (title) | Yes (Title) | Yes |
-|Doc version | | | Yes |
-|Dominant theme | Yes (dominantTheme) | Yes (Dominant theme) | Yes |
-|Duplicate subset | | | Yes |
-|Email action | | | Yes |
-|Email bcc | Yes (bcc) | | Yes |
-|Email cc | Yes (cc) | | Yes |
-|Email conversation ID | | | Yes |
-|Email date received | Yes (received) | Yes (Received) | Yes |
-|Email date sent | Yes (sent) | Yes (Sent) | Yes |
-|Email has attachment | | | Yes |
-|Email importance | | | Yes |
-|Email internet headers | | | Yes |
-|Email level | | | Yes |
-|Email message ID | | | Yes |
-|Email participant domains | Yes (participantDomains) | | Yes |
-|Email participants | Yes (participants) | | Yes |
-|Email recipient domains | Yes (recipientDomains) | | Yes |
-|Email recipients | Yes (recipients) | | Yes |
-|Email security | | | Yes |
-|Email sender | Yes (sender) | Yes (Sender) | Yes |
-|Email sender domain | Yes (senderDomain) | | Yes |
-|Email sensitivity | | | Yes |
-|Email set | Yes (emailSetId) | Yes (EmailSetID) | Yes |
-|Email subject | Yes (subject) | Yes (Subject/Title) | Yes |
-|Email thread | | | Yes |
-|Email to | Yes (to) | | Yes |
-|Error code | Yes (processingStatus) | | Yes |
-|Export native path | | | Yes |
-|Extracted text length | | | Yes |
-|Extracted text path | | | Yes |
-|Family ID | Yes (familyId) | Yes (FamilyId) | Yes |
-|Family size | | | Yes |
-|File class | Yes (fileClass) | Yes (File class) | Yes |
-|File ID | Yes (fileId) | Yes (Id) | Yes |
-|Has text | | | Yes |
-|Inclusive type | Yes (inclusiveType) | Yes (Inclusive type) | Yes |
-|Input date modified | | | Yes |
-|Input file ID | | | Yes |
-|Input path | | | Yes |
-|Internet Message ID | | | Yes |
-|Is representative | Yes (markAsRepresentative) | | Yes |
-|Item class | | | Yes |
-|Load ID | Yes (loadId) | | Yes |
-|Location name | | | Yes |
-|Marked as pivot | Yes (markAsPivot) | Yes (Marked as Pivot) | Yes |
-|Message kind | Yes (messageKind) | | Yes |
-|Native extension | | | Yes |
-|Native file name | | Yes (FileName) | Yes |
-|Native MD5 | | | Yes |
-|Native SHA 256 | | | Yes |
-|Native size | Yes (size) | Yes (NativeSize) | Yes |
-|Native type | Yes (fileType) | Yes (File type) | Yes |
-|ND ET sort excl attach | | | Yes |
-|ND ET sort incl attach | | | Yes |
-|ND set | | | Yes |
-|O365 authors | Yes (author)* | Yes (Sender/Author) | Yes |
-|O365 created by | | | Yes |
-|O365 date created | Yes (createdTime)* | | Yes |
-|O365 date modified | Yes (lastModifiedDate)* | Yes (Last Modified Date) | Yes |
-|O365 modified by | | | Yes |
-|Parent node | | | Yes |
-|Pivot ID | Yes (pivotId) | Yes (PivotID) | Yes |
-|Recipient count | | | Yes |
-|Row number | | | Yes |
-|Set ID | | | Yes |
-|Set order inclusives first | | | Yes |
-|Similarity percent | | | Yes |
-|Themes list | Yes (themesList) | Yes (Themes list) | Yes |
-|Word count | Yes (wordCount) | | Yes |
-|Relevance score (issue) | Yes (relevanceScore_issueNum) | | |
-|Read percentile (issue) | Yes (readPercentile_issueNum) | | |
-|Relevance tag (issue) | Yes (relevanceTag_issueNum) | | |
-|||||
-
- \* For these fields, if there are embedded values within a document, search will prioritize those values; otherwise, it will try to display the value from Office 365.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/download-export-jobs-from-a-data-investigation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/download-export-jobs-from-a-data-investigation.md deleted file mode 100644
@@ -1,111 +0,0 @@
-title: Download export jobs for an investigation
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-ms.assetid:
-description: "Install and use the Azure Storage Explorer to download documents that were exported from evidence in a data investigation."
-ms.custom: seo-marvel-mar2020
--
-# Download export jobs
-
-When you export documents from evidence in a data investigation, the documents are uploaded to a Microsoft-provided Azure Storage location or to an Azure Storage location managed by your organization. The type of Azure Storage location used depends on which option was selected when the documents were exported.
-
-This article provides instructions for how to use the Microsoft Azure Storage Explorer to connect to an Azure Storage location to browse and download the exported documents. For more information about Azure Storage Explorer, see [Quickstart: Use Azure Storage Explorer](https://docs.microsoft.com/azure/storage/blobs/storage-quickstart-blobs-storage-explorer).
-
-## Step 1: Install the Azure Storage Explorer
-
-The first step is to download and install the Azure Storage Explorer. For instructions, see [Azure Storage Explorer tool](https://go.microsoft.com/fwlink/p/?LinkId=544842). You use this tool to connect to and download the exported documents in Step 3.
-
-## Step 2: Obtain the SAS URL from the export job
-
-The next step is to obtain the shared access signature (SAS) URL that's generated when you created the export job to [export documents from a review set](export-documents-from-review-set.md). You can copy the SAS URL for documents that are uploaded to a Microsoft-provided Azure Storage location or an Azure Storage location managed by your organization. In either case, you use the SAS URL to connect to the Azure Storage location in Step 3.
-
-1. On the **Data investigations** page, go to the investigation, and then click the **Exports** tab.
-
-2. On the **Exports** tab, click the export job that you want to download.
-
-3. On the flyout page, under **Locations**, copy the SAS URL that's displayed. If necessary, you can save it to a file so you can access it in Step 3.
-
- ![Copy the SAS URL displayed under Locations](../media/eDiscoExportJob.png)
-
-## Step 3: Connect to the Azure Storage location
-
-The final step is to use the Azure Storage Explorer and the SAS URL to connect to the Azure Storage location and download the documents that you exported to a local computer.
-
-1. Open the Azure Storage Explorer that you installed in Step 1.
-
-2. Click the **Add account** icon. Alternatively, you can right-click **Storage Accounts**.
-
- ![Click the Add account icon](../media/AzureStorageConnect.png)
-
-3. On the **Connect to Azure Storage** page, click **Use a shared access signature (SAS) URI** and then click **Next**.
-
- ![Click Use a shared access signature (SAS) URI and then click Next](../media/AzureStorageConnect2.png)
-
-4. On the **Attach with SAS URI** page, click in the URI box, and then paste the SAS URL that you obtained in Step 2.
-
- ![Paste the SAS URL in the URI box](../media/AzureStorageConnect3.png)
-
- Notice that a portion of the SAS URL is displayed in the **Display name** box. This will be used as the display name of the container that's created under the **Storage accounts** after you connect to the storage location. This name consists of the ID of the data investigation is from and a unique identifier. You can keep the default display name or change it. If you change it, the display name must be unique.
-
-5. Click **Next**.
-
- The **Connection summary** page is displayed.
-
- ![Click Connect on the Connection summary page to connect to the Azure Storage location](../media/AzureStorageConnect4.png)
-
-6. On the **Connection summary** page, review the connection information, and then click **Connect**.
-
- The **Blob containers** node (under **Storage Accounts** > **(Attached Containers)** \> is opened.
-
- ![Export jobs in the Blobs containers node](../media/AzureStorageConnect5.png)
-
- It contains a container named with the display name from step 4. This container contains a folder for each export job that you've created. These folders are named with an ID that corresponds to the ID of the export job. You can find these export IDs (and the name of the export) under **Support information** on the flyout page for each **Preparing data for export** job listed on the **Jobs** tab.
-
-7. Double-click the export job folder to open it.
-
- A list of folders and export reports is displayed.
-
- ![The export folder contains exported files and export reports](../media/AzureStorageConnect6.png)
-
- The export job folder contains the following items. The actual items in the export folder are determined by the export options configured when the export job was created. For more information, see [Export documents from a review set](export-documents-from-review-set.md).
-
- - Export_load_file.csv: This CSV file is a detail export report that contains information about each exported document. The file consists of a column for each metadata property for a document. For a list and description of the metadata that's included in this report, see the **Exported field name** column in the table in [Document metadata fields in Advanced eDiscovery](document-metadata-fields.md).
-
- - Summary.txt: A text file that contains a summary of the export including export statistics.
-
- - Extracted_text_files: This folder contains a text file version of each exported document.
-
- - NativeFiles: This folder contains a native file version of each exported document.
-
- - Error_files: This folder includes the following items when the export job contains any error files:
-
- - ExtractionError.csv: This CSV file contains the available metadata for files that weren't properly extracted from their parent item.
-
- - ProcessingError: This folder contains documents with processing errors. This content is at an item level, which means if an attachment had a processing error, the document that contains the attachment will also be included in this folder.
-
-8. To export all contents in the export, select the export folder, and then click **Download**.
-
-9. Specify the location where you want to download the exported files, and then click **Select folder**.
-
- The Azure Storage Explorer starts the export process. The status of the downloading the exported items is displayed in the **Activities** pane. A message is displayed when the download is finished.
-
- ![A message is displayed when the download is finished](../media/AzureStorageConnect8.png)
-
-> [!NOTE]
-> Instead of downloading the entire export job, you can select specific items to download. And instead of downloading items, you can double-click an item to view it.
-
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/download-export-jobs https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/download-export-jobs.md
@@ -83,7 +83,7 @@ The final step is to use the Azure Storage Explorer and the SAS URL to connect t
The export job folder contains the following items. The actual items in the export folder are determined by the export options configured when the export job was created. For more information, see [Export documents from a review set](export-documents-from-review-set.md).
- - Export_load_file.csv: This CSV file is a detail export report that contains information about each exported document. The file consists of a column for each metadata property for a document. For a list and description of the metadata that's included in this report, see the **Exported field name** column in the table in [Document metadata fields in Advanced eDiscovery](document-metadata-fields.md).
+ - Export_load_file.csv: This CSV file is a detail export report that contains information about each exported document. The file consists of a column for each metadata property for a document. For a list and description of the metadata that's included in this report, see the **Exported field name** column in the table in [Document metadata fields in Advanced eDiscovery](document-metadata-fields-in-advanced-ediscovery.md).
- Summary.txt: A text file that contains a summary of the export including export statistics.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/email-threading https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/email-threading.md deleted file mode 100644
@@ -1,42 +0,0 @@
-title: Email threading - Data investigations
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-ms.assetid:
-description: When managing a data investigation, email threading parses an email conversation and separates each message into different categories.
-ms.custom: seo-marvel-mar2020
-
-# Email threading
-
-Consider an email conversation that has been going on for a while. In most cases, the last email on the thread will include the contents of all the preceding emails; reviewing the last email will give a complete context of the conversation that happened in the thread. Email threading identifies such emails so that reviewers can review a fraction of collected documents without losing any context.
-
-## What does email threading do?
-
-Email threading parses each email and deconstructs it to individual messages; each email is a chain of individual messages. Then, it analyzes all emails in the working set to determine whether an email has unique content or if the chain is wholly contained in a different email. In the end emails are divided into four categories:
--- **Inclusive**: the last message in the email has unique content, and the email has all of the attachments that were included in other emails of which the content is wholly contained in this email.---- **Inclusive minus**: the last message in the email has unique content, but the email does not contain some of the attachments that were included in other emails of which the content is wholly contained in this email.--- **Inclusive copy**: an exact copy of an inclusive/inclusive minus email--- **None**: The content of this email is wholly contained in at least one email that is marked as inclusive/inclusive minus.-
-## How is it different from conversations in Outlook?
-At a glance, this sounds similar to conversation groupings in Outlook. However, there are some important distinctions. Consider an email conversation that got forked into two conversations; for instance, someone responded to an email that is not the latest in the conversation so the last two emails in the conversation both have unique content.
-
-Outlook would still group the emails into a single conversation; reading only the last email would mean missing the context of the second-to-last email, which also contains unique content. Because email threading parses out each email into individual components and compares them, email threading would mark both of the last two emails as inclusive, ensuring that you won't miss any context as long as you read all emails marked as inclusive.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/error-remediation-when-processing-data-in-advanced-ediscovery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/error-remediation-when-processing-data-in-advanced-ediscovery.md
@@ -89,7 +89,7 @@ Use the following workflow to remediate files with errors in Advanced eDiscovery
10. Copy the predefined command by clicking **Copy to clipboard**. Open a Windows Command Prompt, paste the AzCopy command, and then press **Enter**. upload the files.
- ![ff2ff691-629f-4065-9b37-5333f937daf6.png](../media/ff2ff691-629f-4065-9b37-5333f937daf6.png)
+ ![Results of successful upload of remediated files in Azcopy](../media/ff2ff691-629f-4065-9b37-5333f937daf6.png)
11. After you run the AzCopy command, click **Next: Process files**.
@@ -117,4 +117,4 @@ When remediated files are uploaded, the original metadata is preserved except fo
- WordCount - WorkingsetId
-For a definition of all metadata fields in Advanced eDiscovery, see [Document metadata fields](document-metadata-fields.md).
+For a definition of all metadata fields in Advanced eDiscovery, see [Document metadata fields](document-metadata-fields-in-advanced-ediscovery.md).
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/error-remediation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/error-remediation.md deleted file mode 100644
@@ -1,100 +0,0 @@
-title: "Error remediation when processing data for an investigation"
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-description: "Learn how to use error remediation to correct data issues in Data Investigations (preview) that might prevent proper processing of content."
-ms.custom:
- - seo-marvel-mar2020
- - seo-marvel-apr2020
-
-# Error remediation when processing data for an investigation
-
-Error remediation allows investigators the ability to rectify data issues that prevent Data Investigations (preview) from properly processing the content. For example, files that are password protected cannot be processed since the files are locked or encrypted. Using error remediation, investigators can download files with such errors, remove the password protection, and upload the remediated files.
-
-Use the following workflow to remediate files with errors in Data Investigations (preview) cases.
-
-## Creating an error remediation session to remediate files with processing errors
-
->[!NOTE]
->If the the error remediation wizard is closed at any time during the following procedure, you can return to the error remediation session from the **Processing** tab by selecting **Error remediations** in the **View** drop down menu.
-
-1. On the **Processing** tab in a data investigation, select **Errors** in the **View** dropdown menu.
-
-2. Select the errors you want to remediate by clicking the radio button next to either the error type or file type. In the following example, we're remediating a password protected file.
-
-3. Click **+ New error remediation**.
-
- ![Click the New error remediation button](../media/8c2faf1a-834b-44fc-b418-6a18aed8b81a.png)
-
- The error remediation session begins, starting with a preparation stage where the files with errors are copied to a secure Azure location so that they can be downloaded.
-
- ![Preparing for error remediation](../media/390572ec-7012-47c4-a6b6-4cbb5649e8a8.png)
-
-4. After the preparation is completed, click **Next: Download files** to proceed with download.
-
- ![Download the files that need remediation](../media/6ac04b09-8e13-414a-9e24-7c75ba586363.png)
-
-5. To download files, specify the **Destination path for download**. This is a path on your local computer where the file should be downloaded. The default path, %USERPROFILE%\Downloads\errors, points to the logged-in user's downloads folder; this can be changed as needed.
-
- >[!NOTE]
- >We recommend that you use a local file path instead of a remote network path for optimal performance.
-
- > [!NOTE]
- > If you haven't installed AzCopy, go to [Get started with AzCopy](https://docs.microsoft.com/azure/storage/common/storage-use-azcopy) to install it.
-
-6. Copy the predefined command by clicking **Copy to clipboard**. Start a windows command prompt, paste the command, and then press **Enter**.
-
- The files will be downloaded.
-
- ![Info about the downloaded files in the command prompt](../media/f364ab4d-31c5-4375-b69f-650f694a2f69.png)
-
- > [!NOTE]
- > If you have issues running this command, see [Troubleshoot AzCopy in Advanced eDiscovery](troubleshooting-azcopy.md).
-
-7. After downloading the files, you can remediate them with an appropriate tool. For password protected files, there are several password cracking tools you can use. If you know the passwords for the files, you can open them and remove the password protection.
-
- > [!NOTE]
- > It's important that you retain the directory structure and file names of the remediated files. The path names of the downloaded files and folders make it possible to associate the remediated files with the original files. If the directory structure or file names are changed, you'll receive the following error: `Cannot apply Error Remediation to the current Evidenceset`.
-
-8. Now, return to Data Investigations (preview) and click **Next: Upload files**. This will move to the next step where you can now upload the files.
-
- ![The Upload files tab](../media/af3d8617-1bab-4ecd-8de0-22e53acba240.png)
-
-9. Specify the location of the remediated files in the **Path to location of files** text box, then click **Copy to clipboard**.
-
-10. Paste the command into a Windows Command Prompt and press **Enter** to upload the files.
-
- ![Info about uploaded files in the command prompt](../media/ff2ff691-629f-4065-9b37-5333f937daf6.png)
-
-11. Finally, return to Data Investigations (preview) and click **Next: Process files**.
-
-12. When processing is complete. You can return to the working set and see the remediated file.
-
-## What happens when files are remediated
-
-When remediated files are uploaded, the original metadata is preserved except for the following fields:
--- ExtractedTextSize-- HasText-- IsErrorRemediate-- LoadId-- ProcessingErrorMessage-- ProcessingStatus-- Text-- WordCount-- WorkingsetId-
-For a definition of all document metadata fields in Data Investigations (preview), see [Document metadata fields](document-metadata-fields.md).
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/evidence-query https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/evidence-query.md deleted file mode 100644
@@ -1,38 +0,0 @@
-title: "Query the data in evidence"
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-ms.assetid:
-
-description: Learn how to create and run a query within your evidence in a data investigation, adding conditions and filters to narrow your results.
-ms.custom: seo-marvel-mar2020
-
-# Query the data in evidence
-
-In most cases, it will be useful to be able to dig deeper into what is there in a evidence and organize them to review more efficiently. Queries within a evidence enables you to do so by letting you focus on a subset of documents that meet the criteria defined by you at once.
-
-## Creating and running a query within a evidence
-
-In order to create and run a query within your evidence, click on "New Query" in your evidence. After you name your query and define the conditions, click "Save" to run the query. To run a query that has been previously saved, simply click on the saved query.
-
-## Conditions
-
-You can use a number of conditions to define your queries. They range from metadata such as sent date and participants to analytics results, such as inclusive types and dominant themes. You must first analyze your evidence before using analytics results as conditions. The conditions can be OR'ed or AND'ed; in order to mix connectors, you can use condition groups.
-
-## Filters
-Filters act as querying within a query; You can overly filter conditions on your search condition.
--
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/export-data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/export-data.md deleted file mode 100644
@@ -1,24 +0,0 @@
-title: "Export data from an investigation"
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-ms.assetid:
-
-description: ""
-
-# Export data from an investigation
-
-Content coming soon.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-advanced-ediscovery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/get-started-with-advanced-ediscovery.md
@@ -148,7 +148,7 @@ To get you started using Advanced eDiscovery, here's a simple workflow that alig
2. **[Search custodial data sources for data relevant to the case](collecting-data-for-ediscovery.md)**. After you add custodians to a case, use the built-in search tool to search the custodian data locations for data that may be relevant to the case. You use keywords, properties, and conditions to [build search queries](building-search-queries.md) that return search results with the data that's most likely relevant to the case. You can also:
- - View [search statistics](search-statistics.md) that may help you refine a search query to narrow the results.
+ - View [search statistics](search-statistics-in-advanced-ediscovery.md) that may help you refine a search query to narrow the results.
- Preview the search results to quickly verify whether the relevant data is being found.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/index-data-people-of-interest https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/index-data-people-of-interest.md deleted file mode 100644
@@ -1,47 +0,0 @@
-title: "Advanced indexing of data for an investigation"
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-ms.assetid:
-description: "Learn how to use Advanced indexing to make sure your search captures all the data you want to investigate."
-ms.custom: seo-marvel-mar2020
-
-# Advanced indexing of data for an investigation
-
-Content in the live system can be partially indexed for a number of reasons including the existence of images, unsupported file types or when indexing file size limits are encountered. When you are dealing with high risk data spill, you want to make sure that your search captured all data that you want to investigate. When a person of interest is added to a Data investigation, any content that was deemed as partially indexed is reprocessed to make it fully searchable. This process is called *Advanced indexing*.
-
-To learn more about processing support and partially indexed items, see:
--- [Supported file types in Data Investigations](supported-filetypes-datainvestigations.md)--- [Partially indexed items in Content Search in Office 365](partially-indexed-items-in-content-search.md)--- [File formats indexed by Exchange Search](https://docs.microsoft.com/exchange/file-formats-indexed-by-exchange-search-exchange-2013-help)--- [Default crawled file name extensions and parsed file types in SharePoint Server](https://docs.microsoft.com/SharePoint/technical-reference/default-crawled-file-name-extensions-and-parsed-file-types)-
-## Viewing Advanced indexing results
-
-After the Advanced indexing process is completed, you can get an understanding of the effectiveness of reprocessing. In the People of interest indexing view, the graph lists all items added to the *hybrid index*. The hybrid index is where Data Investigations (preview) stores the reprocessed content.
-
-The graph also includes the number of items that require remediation and another graph of errors by file type. For more information, see [Error remediation when processing data](error-remediation.md).
-
-## Updating Advanced indexes for people of interest
-
-When a person of interest is added to a data investigation, all partially indexed items are reprocessed. However, as time passes, more partially indexed items may be added to a user's mailbox or OneDrive account. When needed, you can update the indexes.
-
-> [!NOTE]
-> Updating people of interest indexes is a long running process. It's recommended that you don't update indexes more than once per day in an investigation.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/indexing-custodian-data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/indexing-custodian-data.md
@@ -38,7 +38,7 @@ After the Advanced indexing process is completed, you can get an understanding o
This view also includes the number of items that require remediation and another graph of errors by file type. For more information, see: -- [Error remediation when processing data](error-remediation.md)
+- [Error remediation when processing data](error-remediation-when-processing-data-in-advanced-ediscovery.md)
- [Single item error remediation](single-item-error-remediation.md)
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/legacy-ediscovery-retirement https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/legacy-ediscovery-retirement.md
@@ -106,7 +106,7 @@ The following table describes other tools that you can use to replace the existi
</li> <li> <p>Searching for content in for Exchange Online, SharePoint Online, OneDrive for Business, Skype for Business, Microsoft Teams, Yammer Groups, Microsoft 365 Groups, and other content stored in Office 365 applications</p></li></ul>
-<p>For more information, see <a href="https://docs.microsoft.com/microsoft-365/compliance/manage-legal-investigations"> Manage legal investigations in Office 365</a>.</td>
+</td>
</tr> <tr class="even"> <td>Hold for retention purposes</td>
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/limits-datainvestigations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/limits-datainvestigations.md deleted file mode 100644
@@ -1,58 +0,0 @@
-title: "Data Investigations limits"
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: reference
-ms.service: o365-administration
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-ms.assetid:
-
-description: Find information about description, indexing, search, export, and download limits in Data Investigations (preview).
-ms.custom: seo-marvel-mar2020
-
-# Limits in Data Investigations (preview)
-
-This article describes the limits in Data Investigations (preview).
-
-## Investigation limits
-
-The following table lists the limits for investigations in Data Investigations (preview).
-
- |**Description of limit**|**Limit**|
- |:-----|:-----|
- |Maximum number of investigations. <br/> |50 <br/> |
- |Total number of documents that can be added to an investigation (for all evidence sets in the investigation). <br/> |1 million <br/> |
- |Total file size per load. <br/> |100 GB <br/> |
- |Maximum size of a single file. <br/> |100 MB <sup>1</sup> <br/> |
- |Maximum number of characters extracted from a single file. <br/> |10 million <sup>1</sup> <br/> |
- |Depth of embedded items in a single file. <br/> |25 <sup>1</sup> <br/> |
-|||
-> [!NOTE]
-><sup>1</sup> Any items that exceed a single file limit will show up as processing errors.
-
-## Indexing limits
-
-Content coming soon.
-
-## Search limits
-
-Content coming soon.
-
-## Export limits
-
-Content coming soon.
-
-## Download limits
-
-Content coming soon.
-
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/load-non-office365-data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/load-non-office365-data.md deleted file mode 100644
@@ -1,70 +0,0 @@
-title: "Load non-Microsoft 365 data into evidence"
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-description: "Learn how to use the Non-Office 365 content import feature to upload non-Office 365 documents into evidence in a data investigation."
-ms.custom:
- - seo-marvel-mar2020
- - seo-marvel-apr2020
-
-# Load non-Microsoft 365 data into evidence
-
-Not all documents that you may need to analyze in a data investigation will be located in Microsoft 365. With the Non-Microsoft 365 content import feature you can upload documents that don't live in Microsoft 365 into evidence so they can be analyzed in a data investigation.
-
-## Requirements to upload non-Office 365 content
-
-Using the upload Non-Microsoft 365 feature as described in this procedure requires that you have:
--- A Microsoft 365 or Office 365 E5 subscription.--- All people of interest whose non-Microsoft 365 content will be uploaded must have the appropriate E5 or E5 add-on license.--- An existing eDiscovery case.--- All the files for uploading gathered into folders where there is one folder per custodian and the folders' name is in this format *alias@domainname*. The *alias@domainname* must be user's alias and domain. You can collect all the *alias@domainname* folders into a root folder. The root folder can only contain the *alias@domainname* folders, there must be no loose files in the root folder.--- An account that is either an eDiscovery Manager or eDiscovery Administrator
-Microsoft Azure Storage Tools installed on a computer that has access to the non-Microsoft 365 content folder structure.
--- Install AzCopy, which you can do from [Get started with AzCopy](https://docs.microsoft.com/azure/storage/common/storage-use-azcopy).-
-## Upload non-Microsoft 365 content in to a data investigation
-
-1. Open **Data Investigations** and go to the investigation that the non-Microsoft 365 data will be uploaded to. Click the **Evidence** tab, then select the evidence set you wish to load the data to. If you have not already created an evidence set, you can do so now. Finally, click **Manage evidence** then **View uploads** in the data section
-
-2. Click the **Upload files** button to start the Non-Microsoft 365 data import wizard.
-
-![Upload files](../media/574f4059-4146-4058-9df3-ec97cf28d7c7.png)
-
-3. The first step in the wizard simply prepares a secure Azure blob for the files to be uploaded. After the preparation is complete, click the **Next: Upload files** button.
-
-![Prepare for non-Microsoft 365 data import](../media/0670a347-a578-454a-9b3d-e70ef47aec57.png)
-
-4. In the **Upload files** step, specify the **Path to location of files**, this is where the Non-Microsoft 365 data you plan on importing is located. Setting the correct location ensures the AzCopy command is properly updated.
-
-> [!NOTE]
-> If you have not already installed AzCopy, you can do this from here: https://docs.microsoft.com/azure/storage/common/storage-use-azcopy
-
-5. Copy the predefined command by clicking the **Copy to clipboard** link. Start a windows command prompt, paste the command and press enter. The files will be uploaded to the secure Azure blob storage for the next step.
-
-![Upload files for non-Microsoft 365 data import](../media/3ea53b5d-7f9b-4dfc-ba63-90a38c14d41a.png)
-
-![Use AzCopy to import non-Microsoft 365 data](../media/504e2dbe-f36f-4f36-9b08-04aea85d8250.png)
-
-6. Finally, return back to the Security & Compliance and click the **Next: Process files** button. This initiates processing, text extraction, and indexing of the uploaded files. You can track the progress of processing here or in the **Jobs** tab. Once completed, the new files are available in the evidence set. After processing is complete, you can dismiss the wizard.
-
-![Non-Microsoft 365 Import process files](../media/218b1545-416a-4a9f-9b25-3b70e8508f67.png)
-
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/manage-data-spillage-incidents https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/manage-data-spillage-incidents.md deleted file mode 100644
@@ -1,142 +0,0 @@
-title: "Manage a data spillage incident in Microsoft 365"
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-ms.audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-ms.assetid:
-
-description: "This article describes using the new Data Investigations (preview) tool in the Security & Compliance Center to manage a data spillage incident."
-
-# Manage a data spillage incident in Microsoft 365
-
-Data spillage is when a document containing confidential, sensitive, or malicious information is released in an untrusted environment. When a data spillage incident is detected, it's important to quickly contain the environment, assess the size and locations of the spillage, examine user activities around it, and then delete the spilled data from the service. Using the Data Investigations (preview) tool, you can search for sensitive, malicious, or misplaced data across Office 365, investigate to find out what happened, and then take appropriate actions.
-
-## Scope of this article
-
-This article provides a list of instructions on how to permanently delete items from Microsoft 365 mailboxes so they are no longer accessible or recoverable by users or admins.
-
-> [!NOTE]
-> When you delete items located in a SharePoint or OneDrive for Business site, they are retained for 93 days from the time you delete them from their original location.
-
-## Scenario
-
-You're informed of a data spillage incident where an employee unknowingly shared a highly confidential document with multiple people through email. You want to quickly assess who received this document, both inside and outside of your organization. After you've investigate the incident, you plan to share your findings with other investigators to review, and then permanently remove the spilled data from your organization. After the investigation is complete, you want to remove all evidence.
-
-> [!IMPORTANT]
-> While you'll be able to permanently remove the spilled data within your own organization, any data spilled outside your organization can't be removed with these capabilities.
-
-## Workflow
-
-Here's the workflow for using Data Investigations (preview) to manage a data spillage incident:
-
-1. Create a data investigation.
-
-2. Search for sensitive, malicious, or misplaced data and collect them as evidence.
-
-3. Review and investigate the evidence.
-
-4. Permanently delete the spilled data.
-
-5. Close or delete the investigation.
--
-## Before you begin
--- To create a data investigation, search for content, and delete spilled data, you have to be a member of the Data Investigator role group in the Security & Compliance Center.--- To control which user mailboxes and OneDrive accounts an investigator can search, your organization can set up compliance boundaries. For more information, [Set up compliance boundaries for eDiscovery investigations](tagging-and-assessment-in-advanced-ediscovery.md). -
-## Step 1: Create a data investigation
-
-To create an investigation in the Data Investigations (preview) tool:
-
-1. Go to [https://protection.office.com](https://protection.office.com).
-
-2. Sign in using an account that is a member of the Data Investigator role group.
-
-3. In the security and compliance center, click **Data Investigations**.
-
-4. On the **Data Investigations (preview)** page, click **Create new investigation**.
-
-5. On the **New data investigation** flyout page, give the investigation a name (required), and then type an optional investigation number and description. The name must be unique in your organization.
-
-6. Under **Do you want to configure additional settings after creating this investigation?**, do one of the following:
-
- - Click **Yes** to create the investigation, and display the **Settings** page in the new case. This allows you to add members to the investigation.
-
- - Click **No** to create the investigation and display it in the list of cases on the **Data Investigations (preview)** page. If you choose this option, you will be added as the only member of the investigation and the default search and analytics settings will be used. You can add members or change settings anytime after the investigation is created.
-
-7. Click **Save** to create the investigation.
-
- The new investigation is displayed in the list on the **Data Investigations (preview)** page.
-
-8. To open an investigation, click the name of the investigation.
-
- The **Home** tab for the investigation is displayed.
-
-> [!TIP]
-> Consider establishing a naming convention for investigations and provide as much information as you can in the name and description so you can locate and refer to them in the future if necessary.
-
-## Step 2: Search for the spilled data
-
-If you know which users you want to search for spilled data, you can add them as people of interest to map their data sources to the investigation and quickly search their mailbox and OneDrive account. To add people of interest to the investigation, click **People of interest**, and then click **Add people of interest**. For more information, see [Manage people of interest](manage-people-of-interest.md).
-
-On the **Searches** tab, you can create searches to find the spilled data. For more information about creating searches, see [Search for data in an investigation](search-for-data.md).
-
-After you run the search, you can preview samples of search results and view search statistics to evaluate the effectiveness of your search query. After you identify the items that you want to delete from Office 365, you can add the search results to an evidence set. To do this, click the search that you want to investigate. On the flyout page, click **Add results to evidence** and follow the instructions. Then in the evidence set, you can review individual documents, investigate who had access to documents, and export the documents. To delete the documents (or a subset of documents) instead of reviewing them, go to [Step 4](#step-4-delete-the-spilled-data).
-
-> [!IMPORTANT]
-> The keywords that you use in the search query may contain the actual spilled data that you're searching for. For example, if you search for documents containing a social security number and you use it as a keyword in the search query, you must delete the query afterwards to avoid further spillage. You can delete the search or delete the entire investigation in [Step 5](#step-5-close-or-delete-the-investigation).
-
-## Step 3: Review and investigate
-
-In the investigation, go to the **Evidence** tab and click the evidence set that you created in the previous step. After the processing job is completed and the search results are added to the evidence, you can review individual documents in their native format, text format, or a near-native format. You can create additional queries to narrow the list of documents, and tag documents to indicate findings from your investigation. For more information, see [Review data in evidence](review-data-in-evidence.md)
-
-To group documents and get more assistance for your review, click **Manage evidence**. In the **Analytics** tile, click **Analyze**. This runs advanced analytics such as duplicate detection, email threading, and theme analysis. For more information, see:
--- [Run analytics to investigate faster](run-analytics-to-investigate-faster.md)-- [Near duplicate detection](near-duplicates.md)-- [Email threading](email-threading.md)-- [Themes](themes.md)-
-To determine which users are involved in the data spillage, you can create a query in the evidence set and then use the Sender/Author and Recipients conditions. This creates a list of all senders, recipients, and authors found in collected data that was added to the evidence. Be sure to examine the list to determine if there are any external users. For more information about using conditions to narrow search results, see [Search conditions](keyword-queries-and-search-conditions.md#search-conditions).
-
-## Step 4: Delete the spilled data
-
-Using the data investigations tool, you can delete items from their original locations. For example, you can delete items from mailboxes, SharePoint sites, and OneDrive accounts across your organization. Keep in mind that because you collected items as evidence (by adding the search results to the evidence set in Step 2), you have copies of the items in the evidence set to further investigate or preserve them.
-
-To delete items from their original locations:
-
-1. In the evidence set, select the items that you want to delete. If you select items that are attached to an email message, the parent email message will also be selected and deleted.
-
-2. Click **Action** and then click **Delete items from original locations**.
-
- ![Click Action and then click Delete items from original locations](../media/DataInvestigationsDeleteItems1.png)
-
-3. On the flyout page, verify the number of items and related child documents that will be deleted, and then click **Delete**.
-
-At this time, when you delete items from their original location, the items are soft-deleted. This means that the deleted items will be retained until the deleted item recovery period for the item expires. This also means it's possible for users to recover these items. For more information about what happens when items are deleted from mailboxes and sites, see [Delete items from their original location](delete-items-from-original-locations.md).
-
-## Step 5: Close or delete the investigation
-
-After you delete documents in the source content locations (mailboxes or sites) in the live service, you will still have copies of these documents that you added to evidence as part of your investigation. To avoid further data spillage, you should consider deleting the investigation itself.
-
-To delete an investigation:
-
-1. On the **Settings** tab, click **Investigation information**.
-
-2. Click **Delete investigation**.
-
-If you don't need to delete the investigation or if you want to save the information that you collected during the investigation, you can click **Close case**. Then later, you can reopen closed investigations.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/manage-incidents https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/manage-incidents.md deleted file mode 100644
@@ -1,23 +0,0 @@
-title: "Manage evidence sets in Data Investigations"
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-ROBOTS: NOINDEX, NOFOLLOW
-description: "Manage evidence that you've added to a data investigation."
-
-# Manage evidence sets in Data Investigations (preview)
-
-Content coming soon.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/manage-jobs https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/manage-jobs.md deleted file mode 100644
@@ -1,56 +0,0 @@
-title: "Manage jobs in Data Investigations"
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-ms.assetid:
-
-description: "You can track the status of long-running processes that result when performing tasks in the Data Investigations tool in the Security & Compliance Center."
-
-# Manage jobs in Data Investigations (preview)
-
-Here's a list of the jobs (which are typically long-running processes) that are tracked on the **Jobs** tab of an investigation in Data Investigations (preview). These jobs are triggered by user actions when using and managing investigations.
-
-| Job type | Description |
-| :----------------- | :---------- |
-|Adding data to an evidence set | A user adds the results of a search to an evidence set. For more information, see [Search for data in an investigation](search-for-data.md). |
-|Adding data to another evidence set | A user adds documents from one evidence set to a different evidence set in the same case.|
-|Adding non-Microsoft 365 data to an evidence set | A user uploads non-Microsoft 365 data to an evidence set. The data is also indexed during this process. For example, files from an on-premises file server or a client computer are uploaded to an evidence set. For more information, see [Load non-Microsoft 365 data into evidence](load-non-office365-data.md).|
-|Adding remediated data to an evidence set | Data with processing errors is remediated and loaded back into an evidence set. For more information, see [Error remediation when processing data for an investigation](error-remediation.md). |
-|Comparing load sets | A user looks at the differences between different load sets in an evidence set. A load set is an instance of adding data to an evidence set. For example, if you add the results of two different searches to the same evidence set, each would represent a load set. For more information, see [Manage load sets](manage-load-sets.md). |
-|Converting redacted documents to PDF|After a user annotates a document in an evidence set and redacts a portion of it, they can choose to convert the redacted document to a PDF file. This ensures that the redacted portion will not be visible when the document is exported for presentation. For more information, see [Review data in evidence](review-data-in-evidence.md). |
-|Delete items from original locations | This job is triggered when a user selects mailbox and site items in an evidence set and then clicks **Delete items from original locations** in the **Action** menu to delete them. This job tracks the progress of soft-deleting the selected items from their original content locations. For more information, see [Delete items from their original location](delete-items-from-original-locations.md).|
-|Estimating search results | After a user creates and runs a new search (or reruns an existing search), the search tool searches the index for items that match the search query and prepares an estimate that includes the number and total size of all items by the search, and the number of data sources searched. For more information, see [Search for data in an investigation](search-for-data.md). |
-|Preparing data for export | A user exports documents from an evidence set. When the export process is complete, they can download the exported data to a local computer. For more information, see [Export data from an investigation](export-data.md). |
-|Preparing for error resolution |When a user selects a file and creates an error remediation in the Error view on the **Processing** tab of an investigation, the first step in the process is to upload the file that has the processing error to an Azure Storage location in the Microsoft cloud. This job tracks the progress of the upload process. For more information about the error remediation workflow, see [Error remediation when processing data for an investigation](error-remediation.md).|
-|Preparing search preview | After a user creates and runs a new search (or reruns an existing search), the search tool prepares a sample subset of items (that match the search query) that can be previewed. Previewing search results can help you determine the effectiveness of the search. For more information, see [Search for data in an investigation](search-for-data.md). |
-|Re-indexing data of people of interest | When you add a person of interest to an investigation, all partially indexed items in the person of interest's selected data sources are re-indexed by a process called *Advanced indexing*. This job is also triggered when you click **Update index** in Index view on the **Processing** tab of an investigation. For more information, see [Advanced indexing of data for an investigation](index-data-people-of-interest.md).
-|Running analytics | A user analyzes data in an evidence set by running analytics tools such as near duplicate detection, email threading analysis, and themes analysis. For more information, see [Run analytics to investigate faster](run-analytics-to-investigate-faster.md). |
-|Tagging documents | This job is triggered when a user clicks **Start tagging job** in the **Tagging panel** when reviewing documents in an evidence set. A user can start this job after tagging documents in an evidence set and then bulk-selecting them in the view document panel. For more information, see [Tag documents in evidence](tag-documents.md). |
-|||
-
-## Job status
-
-The following table describes the different status states for jobs.
-
-| Status | Description |
-| :----------------- | :---------- |
-| Submitted | A new job was created. The date and time that the job was submitted is displayed in the **Created** column on the **Jobs** tab. |
-| Submission failed | The job submission failed. You should attempt to rerun the action that triggered the job. |
-| In progress | The job is in progress. You can monitor the progress of the job in the **Jobs** tab. |
-| Successful | The job was successfully completed. The date and time that the job completed is displayed in the **Completed** column on the **Jobs** tab. |
-| Partially successful | The job was partially successful. |
-| Failed | The job failed. You should attempt to rerun the action that triggered the job. If the job fails a second time, we recommend that you contact Microsoft Support and provide the support information from the job. |
-|||
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/manage-load-sets https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/manage-load-sets.md deleted file mode 100644
@@ -1,23 +0,0 @@
-title: "Manage load sets in Data Investigations (preview)"
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-ROBOTS: NOINDEX, NOFOLLOW
-description: "Learn about managing load sets in Data Investigations (preview)."
-
-# Manage load sets in Data Investigations (preview)
-
-Content coming soon.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/manage-people-of-interest https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/manage-people-of-interest.md deleted file mode 100644
@@ -1,91 +0,0 @@
-title: "Manage people of interest in Data Investigations (preview)"
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-ms.assetid:
-description: Learn how to manage people of interest to scope your search or view information such as contact, location, and activity logs.
-ms.custom: seo-marvel-mar2020
-# Manage people of interest in Data Investigations (preview)
-
-Data investigations often involve people of interest. Usually they are people who own the misplaced, sensitive, or malicious data that you're investigating or looking to remediate. In **Data Investigations (preview)**, you can add them to discover their data sources to use in scoping your search or view additional information such as contact, location, and activity logs.
--
-## Add people of interest
-
-In **People of interest** tab, you can add people of interest and discover their data sources such as Exchange mailboxes or OneDrive for Business site that you can use to scope your search. When scoped down by people of interest, searches are more performant and accurate because the tool reprocesses any unindexed data such as images or unsupported file types. You can also see their contact information, location information and activity logs that you can use to initiate communications or further investigate their activities.
-
-To add people of interest to an investigation:
-
-1. From the **Data Investigations (preview)** page, go to your investigation.
-
-2. After you have selected an investigation, go to the **People of interest** tab and click **+ Add people of interest**.
-
-3. Choose people that you want to add to the investigation. You can start by typing to search and select the users from your organization's Azure Active Directory.
-
-4. After you have finalized the list of people of interest, click **Next** to map their data sources.
-
-5. [Optional] For each person, select **Exchange** to add person's primary Exchange mailbox, and **OneDrive** to add person's primary OneDrive for Business site.
-
-6. [Optional] Click **Next** to add any additional data sources that you want to associate with your people of interest.
-
-7. [Optional] Select **Update** to assign content locations, like mailboxes, sites, and Teams to a person.
-
-8. [Optional] In the flyout:
-
- - **Exchange Mailboxes** - Click **Choose users, groups, or Teams** and then click **Choose users, groups, or teams** again. To add more mailboxes, use the search box to find user mailboxes and distribution groups. You can also add mailboxes used to store a Microsoft 365 Group or a Microsoft Team information. Select the user, group, team check box, click **Choose**, and then click **Done**.
-
- > [!NOTE]
- > When you click Choose users, groups, or teams to specify mailboxes, the mailbox picker that's displayed is empty. This is by design to enhance performance. To add people to this list, type a name (a minimum of 3 characters) in the search box.
-
- - **SharePoint Sites** - Click **Choose sites** and then click **Choose sites** again to specify additional SharePoint and OneDrive for Business sites that you want to add to a person. You can also add the URL for the SharePoint site for a Microsoft 365 Group or a Microsoft Team. Type the URL for each site that you want to assign. Click **Choose**, and then click **Done**.
- - **Microsoft Teams** ΓÇô Click **Choose Teams** and then click **Choose Teams** again to view a list of Microsoft Team groups that the person is a member of today. Select the Teams that you want to add to the person. Once selected, the system will automatically identify & select the associated SharePoint site and Group Mailbox associated to that Microsoft Team. Click **Choose**, and then click **Done**.
-
- > [!NOTE]
- > To add additional Microsoft Teams, you will need to separately add the mailbox and SharePoint site as shown above.
-
-After you have finished mapping data sources to people of interest, you can see the summary of total mailboxes, sites, and Teams that you just added. If you map any additional data sources to people of interest and scope your search by people of interest, the mapping of document to people of interest persist throughout the investigation, making it easier to organize evidence or generate report by people of interest.
-
-## View additional people of interest information
-
-In **People of interest** tab, click on a person that you added. In a flyout, you'll see:
--- Contact information-
- - **Display Name**: The person's name displayed in the address book. This is usually the combination of first name, middle initial, and last name.
- - **Mail/SMTP**: The SMTP address of the person, for example, jeff@contoso.onmicrosoft.com.
- - **Title**: Job title.
- - **Department**: The name of the department in which the person works.
- - **Manager**: The person's manager. Manager receives any escalation communications for this person.
-
-- Location information-
- - **City**: The city in which the person is located.
- - **State**: The state or province in which the person is located.
- - **Country/Region**: The country/region in which the person is located; for example, "US" or "UK".
- - **Office**: The office location of the person.
--- Processing status-
- - **Indexing status**: Status of deep indexing the data sources
- - **Indexing Last Updated Time**: Timestamp of when the deep indexing job was last triggered.
- - **Data sources**: Shows the count of mailboxes, sites, and Teams mapped to the person
--- Update index
- - You can reindex this person's data sources.
--- View activity -
- - You can view and search user's activity logs. For more information, see [View people of interest activity](view-people-of-interest-activity.md)
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/managing-jobs-ediscovery20 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/managing-jobs-ediscovery20.md
@@ -25,14 +25,14 @@ Here's a list of the jobs (which are typically long-running processes) that are
| :----------------- | :---------- | |Adding data to a review set | A user adds the results of a search to a review set. This job consists of two sub jobs: </br>ΓÇó **GatheringItems** - A list of items that match the search query (and the Microsoft 365 data source that they're located in) is generated. </br>ΓÇó **Ingestion & Indexing** - The items that match the search query are copied to an Azure Storage location (in a process called *ingestion*) and then those items in the Azure Storage location are reindexed. This new index is used when querying and analyzing items in the data set. </br></br>For more information, see [Add search results to a review set](add-data-to-review-set.md). | |Adding data to another review set | A user adds documents from one review set to a different review set in the same case. For more information, see [Add data to a review set from another review set](add-data-to-review-set-from-another-review-set.md).|
-|Adding non-Microsoft 365 data to a review set | A user uploads non-Microsoft 365 data to a review set. The data is also indexed during this process. For example, files from an on-premises file server or a client computer are uploaded to a review set. For more information, see [Load non-Microsoft 365 data into a review set](load-non-office365-data.md).|
+|Adding non-Microsoft 365 data to a review set | A user uploads non-Microsoft 365 data to a review set. The data is also indexed during this process. For example, files from an on-premises file server or a client computer are uploaded to a review set. For more information, see [Load non-Microsoft 365 data into a review set](load-non-office-365-data-into-a-review-set.md).|
|Adding remediated data to a review set | Data with processing errors is remediated and loaded back into a review set. For more information, see:</br>ΓÇó [Error remediation when processing data](error-remediation-when-processing-data-in-advanced-ediscovery.md)</br>ΓÇó [Single item error remediation](single-item-error-remediation.md)|
-|Comparing load sets | A user looks at the differences between different load sets in a review set. A load set is an instance of adding data to a review set. For example, if you add the results of two different searches to the same review set, each would represent a load set. For more information, see [Manage load sets](manage-load-sets.md). |
+|Comparing load sets | A user looks at the differences between different load sets in a review set. A load set is an instance of adding data to a review set. For example, if you add the results of two different searches to the same review set, each would represent a load set. |
|Conversation reconstruction|When a user adds the results of a search to a conversation review set, instant message conversations (also called *threaded conversations*) in services like Microsoft Teams are reconstructed in a PDF file. This job is also triggered when a user clicks **Action > Create conversation PDFs** in a review set. For more information, see [Review conversations in Advanced eDiscovery](conversation-review-sets.md). |Converting redacted documents to PDF|After a user annotates a document in a review set and redacts a portion of it, they can choose to convert the redacted document to a PDF file. This ensures that the redacted portion will not be visible if the document is exported for presentation. For more information, see [View documents in a review set](annotating-and-redacting-documents.md). | |Estimating search results | After a user creates and runs a new search (or reruns an existing search) the search tool searches the index for items that match the search query and prepares an estimate that includes the number and total size of all items by the search, and the number of data sources searched. For more information, see [Collect data for a case](collecting-data-for-ediscovery.md). | |Preparing data for export | A user exports documents from a review set. When the export process is complete, they can download the exported data to a local computer. For more information, see [Export case data](exporting-data-ediscover20.md). |
-|Preparing for error resolution |When a user selects a file and creates a new error remediation in the Error view on the **Processing** tab of a case, the first step in the process is to upload the file that has the processing error to an Azure Storage location in the Microsoft cloud. This job tracks the progress of the upload process. For more information about the error remediation workflow, see [Error remediation when processing data](error-remediation.md). |
+|Preparing for error resolution |When a user selects a file and creates a new error remediation in the Error view on the **Processing** tab of a case, the first step in the process is to upload the file that has the processing error to an Azure Storage location in the Microsoft cloud. This job tracks the progress of the upload process. For more information about the error remediation workflow, see [Error remediation when processing data](error-remediation-when-processing-data-in-advanced-ediscovery.md). |
|Preparing search preview | After a user creates and runs a new search (or reruns an existing search), the search tool prepares a sample subset of items (that match the search query) that can be previewed. Previewing search results help you determine the effectiveness of the search. For more information, see [Collect data for a case](collecting-data-for-ediscovery.md#view-search-results-and-statistics). | |Re-indexing custodian data | When you add a custodian to a case, all partially indexed items in the custodian's selected data sources are reindexed by a process called *Advanced indexing*. This job is also triggered when you click **Update index** on the **Processing** tab of a case, and when you update the index for a specific custodian on the custodian properties flyout page. For more information, see [Advanced indexing of custodian data](indexing-custodian-data.md). |Running analytics | A user analyzes data in a review set by running Advanced eDiscovery analytics tools such as near duplicate detection, email threading analysis, and themes analysis. For more information, see [Analyze data in a review set](analyzing-data-in-review-set.md). |
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/microsoft-365-compliance-center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/microsoft-365-compliance-center.md
@@ -57,7 +57,7 @@ In addition to links in cards on the home page, you'll see a navigation pane on
| | | |---------|---------|
-|![Navigation in the Microsoft 365 compliance center](../media/m365-compliance-center-leftnav.png) | Select **Home** to return to the Microsoft 365 compliance center main page. <br><br>Visit **Compliance Manager** to check your compliance score and start [managing compliance](compliance-manager.md) for your organization. <br><br> Select the **Data classification** section to access [trainable classifiers](classifier-learn-about.md), [Sensitive information type entity definitions](sensitive-information-type-entity-definitions.md), content and [activity](data-classification-activity-explorer.md) explorers. <br/><br/> Select **Data connectors** to [configure connectors](archiving-third-party-data.md) to import and archive data in your Microsoft 365 subscription. <br><br> Go to **Alerts** to view and resolve [alerts](alert-policies.md) <br/><br/>Visit **Reports** to view data about [label usage and retention](sensitivity-labels.md), [DLP policy matches and overrides](view-the-dlp-reports.md), [shared files](https://docs.microsoft.com/cloud-app-security/file-filters), [third-party apps in use](https://docs.microsoft.com/cloud-app-security/discovered-apps), and more. <br/><br/> Go to **Policies** to set up policies to govern data, manage devices, and receive [alerts](../security/office-365-security/alerts.md). You can also access your [DLP](data-loss-prevention-policies.md) and [retention](retention.md) policies.<br/><br/> Select **Permissions** to manage who in your organization has access to the Microsoft 365 compliance center to view content and complete tasks. <br/><br/> Use the links in the **Solutions** section to access your organization's compliance solutions. These include: <br/><br/> [Catalog](microsoft-365-solution-catalog.md) <br> Discover, learn about, and start using the intelligent compliance and risk management solutions available to your organization. <br/><br/> [Audit](search-the-audit-log-in-security-and-compliance.md) <br> Use the Audit log to investigate common support and compliance issues. <br/><br/> [Content search](search-for-content.md) <br> Use Content search to quickly find email in Exchange mailboxes, documents in SharePoint sites and OneDrive locations, and instant messaging conversations in Microsoft Teams and Skype for Business. <br/><br/> [Communication compliance](communication-compliance.md) <br> Minimize communication risks by automatically capturing inappropriate messages, investigating possible policy violations, and taking steps to remediate. <br/><br/> [Data investigations](overview-data-investigations.md) <br/> Search across content locations to identify sensitive, malicious, or misplaced data across Microsoft 365 so you can investigate and remediate any incidents, such as data spillage. <br/><br/> [Data loss prevention](data-loss-prevention-policies.md) <br> Detect sensitive content as it's used and shared throughout your organization, in the cloud and on devices, and helps prevent accidental data loss. <br/><br/> [Data subject requests](manage-gdpr-data-subject-requests-with-the-dsr-case-tool.md) <br> Find and export a user's personal data to help you respond to data subject requests for the General Data Protection Regulation (GDPR). <br/><br/> [eDiscovery](overview-ediscovery-20.md) <br> Expand this section to use the core and Advanced eDiscovery for preserving, collecting, reviewing, analyzing, and exporting content that's responsive to your organization's internal and external investigations. <br/><br/> [Information governance](manage-information-governance.md) <br> Manage your content lifecycle using features to import, store, and classify business-critical data so you can keep what you need and delete what you don't. <br/><br/> [Information protection](information-protection.md) <br> Discover, classify, and protect sensitive and business-critical content throughout its lifecycle across your organization. <br/><br/> [Insider risk management](insider-risk-management.md) <br> Detect risky activity across your organization to help you quickly identify, investigate, and take action on insider risks and threats. <br/><br/> [Records management](records-management.md) <br> Automate and simplify the retention schedule for regulatory, legal and business-critical records in your organization.
+|![Navigation in the Microsoft 365 compliance center](../media/m365-compliance-center-leftnav.png) | Select **Home** to return to the Microsoft 365 compliance center main page. <br><br>Visit **Compliance Manager** to check your compliance score and start [managing compliance](compliance-manager.md) for your organization. <br><br> Select the **Data classification** section to access [trainable classifiers](classifier-learn-about.md), [Sensitive information type entity definitions](sensitive-information-type-entity-definitions.md), content and [activity](data-classification-activity-explorer.md) explorers. <br/><br/> Select **Data connectors** to [configure connectors](archiving-third-party-data.md) to import and archive data in your Microsoft 365 subscription. <br><br> Go to **Alerts** to view and resolve [alerts](alert-policies.md) <br/><br/>Visit **Reports** to view data about [label usage and retention](sensitivity-labels.md), [DLP policy matches and overrides](view-the-dlp-reports.md), [shared files](https://docs.microsoft.com/cloud-app-security/file-filters), [third-party apps in use](https://docs.microsoft.com/cloud-app-security/discovered-apps), and more. <br/><br/> Go to **Policies** to set up policies to govern data, manage devices, and receive [alerts](../security/office-365-security/alerts.md). You can also access your [DLP](data-loss-prevention-policies.md) and [retention](retention.md) policies.<br/><br/> Select **Permissions** to manage who in your organization has access to the Microsoft 365 compliance center to view content and complete tasks. <br/><br/> Use the links in the **Solutions** section to access your organization's compliance solutions. These include: <br/><br/> [Catalog](microsoft-365-solution-catalog.md) <br> Discover, learn about, and start using the intelligent compliance and risk management solutions available to your organization. <br/><br/> [Audit](search-the-audit-log-in-security-and-compliance.md) <br> Use the Audit log to investigate common support and compliance issues. <br/><br/> [Content search](search-for-content.md) <br> Use Content search to quickly find email in Exchange mailboxes, documents in SharePoint sites and OneDrive locations, and instant messaging conversations in Microsoft Teams and Skype for Business. <br/><br/> [Communication compliance](communication-compliance.md) <br> Minimize communication risks by automatically capturing inappropriate messages, investigating possible policy violations, and taking steps to remediate. <br/><br/> [Data loss prevention](data-loss-prevention-policies.md) <br> Detect sensitive content as it's used and shared throughout your organization, in the cloud and on devices, and helps prevent accidental data loss. <br/><br/> [Data subject requests](manage-gdpr-data-subject-requests-with-the-dsr-case-tool.md) <br> Find and export a user's personal data to help you respond to data subject requests for the General Data Protection Regulation (GDPR). <br/><br/> [eDiscovery](overview-ediscovery-20.md) <br> Expand this section to use the core and Advanced eDiscovery for preserving, collecting, reviewing, analyzing, and exporting content that's responsive to your organization's internal and external investigations. <br/><br/> [Information governance](manage-information-governance.md) <br> Manage your content lifecycle using features to import, store, and classify business-critical data so you can keep what you need and delete what you don't. <br/><br/> [Information protection](information-protection.md) <br> Discover, classify, and protect sensitive and business-critical content throughout its lifecycle across your organization. <br/><br/> [Insider risk management](insider-risk-management.md) <br> Detect risky activity across your organization to help you quickly identify, investigate, and take action on insider risks and threats. <br/><br/> [Records management](records-management.md) <br> Automate and simplify the retention schedule for regulatory, legal and business-critical records in your organization.
## How do I get the compliance center?
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/microsoft-365-solution-catalog https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/microsoft-365-solution-catalog.md
@@ -64,7 +64,6 @@ The **Discovery & response** section on the home page shows you at a glance how
From here, you'll see cards for the following solutions: - [Audit](search-the-audit-log-in-security-and-compliance.md): Records user and admin activity from your organization so you can search the audit log and investigate a comprehensive list of activities across all locations and services.-- [Data investigations](overview-data-investigations.md): Searches across content locations to identify sensitive, malicious, or misplaced data across Microsoft 365 locations so you can investigate and remediate any incidents, such as data spillage. - [Data subject requests](manage-gdpr-data-subject-requests-with-the-dsr-case-tool.md): Finds and exports a user's personal data to help you respond to data subject requests for GDPR. - [eDiscovery](manage-legal-investigations.md) - [Core eDiscovery](ediscovery-cases.md): Searches across content locations to identify, preserve, and export data in response to legal discovery requests and eDiscovery cases.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/near-duplicates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/near-duplicates.md deleted file mode 100644
@@ -1,27 +0,0 @@
-title: Near duplicate detection - Data investigation
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-description: "When managing data investigations, use near duplicate detection to group textually similar documents when analyzing evidence in Data Investigations (preview)."
-ms.custom: seo-marvel-mar2020
-
-# Near duplicate detection
-
-Consider a set of documents to be reviewed in which a subset is based on the same template and has mostly the same boilerplate language, with a few differences here and there. If a reviewer could identify this subset, review one of them thoroughly, and review the differences for the rest, they would not have missed any unique information while taking only a fraction of time that would have taken them to read all documents cover to cover. Near duplicate detection groups textually similar documents together to help you make your review process more efficient.
-
-## How does it work?
-
-When near duplicate detection is run, the system parses every document with text. Then, it compares every document against each other to determine whether their similarity is greater than the set threshold. If it is, the documents are grouped together. Once all documents have been compared and grouped, a document from each group is marked as the "pivot"; in reviewing your documents, you can review a pivot first and review the other documents in the same near duplicate set, focusing on the difference between the pivot and the document that is in review.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/overview-data-investigations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/overview-data-investigations.md deleted file mode 100644
@@ -1,77 +0,0 @@
-title: "Overview of Data Investigations (preview) in Microsoft 365"
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-ms.assetid:
-ms.custom:
-- seo-marvel-mar2020
-description: In this article, you'll learn about the Data Investigations (preview) tool in Microsoft 365. The Data Investigations tool helps you assess and remediate the data spillage.
-
-# Overview of Data Investigations (preview) in Microsoft 365
-
-> [!IMPORTANT]
-> After much deliberation and discussions with our customers, we've decided not to release the Data Investigations tool to General Availability. As a result, we will remove this tool and any data associated with existing Data Investigations cases on December 31, 2020. To manage data investigations in your organization, we recommend that you use Core eDiscovery cases. If you need to search for and purge content from Microsoft 365, please see the following articles:
-> - [eDiscovery solution series: Data spillage scenario - Search and purge](data-spillage-scenariosearch-and-purge.md)
-> - [Search for and delete email messages](search-for-and-delete-messages-in-your-organization.md)
-
-A data spill occurs when a document containing confidential, sensitive, or malicious content is released into an untrusted environment. When a data spill is detected, it's important to quickly contain the environment, assess the size and locations of the spillage, examine user activities around it, and then delete the spilled data from the service. Using the new Data Investigations (preview) tool, you can search for sensitive, malicious, or misplaced data across Office 365, investigate what happened, and take the appropriate actions to remediate the spillage.
-
-This article describes using the capabilities in the new Data Investigations (preview) tool to address a data spillage scenario.
-
-## Permissions
-
-To access and conduct a data investigation, you need be a member of the Data investigator role group. For more information, see [Assign permissions for Data Investigations](data-investigations-permissions.md).
-
-## Data Investigations (preview) workflow
-
-The following sections describe each step in the built-in workflow in Data Investigations (preview). The following screenshot shows the **Home** tab of an investigation named *High Risk: Finance Documents Leakage*.
-
-![Workflow in the Data Investigations tool](../media/DataInvestigationsWorkflow.png)
-
-## Search for sensitive, malicious, or misplaced data
-
-Use the **Searches** tab to create searches to find the Microsoft 365 for data that you want to remediate. You can create and run query-based searches to identify a set email messages and documents that might contain spilled data, and then collect them as evidence to review and analyze. Also, you can use the search tool to preview sample documents and view search statistics that can help you refine and improve the search results. Once you're satisfied that the search results contain the all the data relevant to the investigation, you add the search results to the evidence set to further review, impact assessment, and taking remedial actions as necessary. For more information, see [Search for data in an investigation](search-for-data.md).
-
-## Review and investigate evidence
-
-Use the **Evidence** tab to investigate the data that you've collected from the live service, which in this case is Office 365. The data in the evidence set is a snapshot of search results that you collected. When you add search results as evidence a process is triggered to extract files, metadata, and text. When this process is complete, the Data Investigations tool builds a new index of all the data and adds it to an evidence set. For any time-sensitive investigations, this allows you to quickly contain the environment by deleting data located in the original content locations (in the live service) while investigating the evidence that you collected in a quarantined environment. After evidence is collected, you can run more queries to narrow the data by time range, file types, data owners, and other types of conditions. For example, by using the Author, Sender, and Recipient conditions you can quickly identify those who were are involved in the data spill and if any of the spilled data was shared with people outside of your organization.
-
-You can also run advanced analytics on the evidence you collect. This can provide you with general themes, and organize evidence by email threads, exact duplicates, and near duplicates to facilitate your investigation. You can review documents in extracted text view or in the native file format, and tag them with investigation results. For more information, see:
-
- - [Review data in evidence](review-data-in-evidence.md)
-
- - [Run analytics to investigate faster](run-analytics-to-investigate-faster.md)
--
-## Managing people of interest
-
-Use the **People of interest** tab to add and manage the people that you've identified as persons of interest during your investigation of the evidence. When you add people of interest, their data sources, such as their mailbox and OneDrive account, are identified and mapped. Then you can scope searches by searching only the content locations of those people. When scoped by people of interest, searches are more efficient and accurate because the tool reprocesses any unindexed data such as images or unsupported file types. On the **People of interest** tab, you can also view and search the audit log activity of those people to further help your investigation. You can add more people of interest throughout the investigation. For more information, see [Manage people of interest an investigation](manage-people-of-interest.md).
-
-## Indexing the data of people of interest
-
-Adding a person of interest to an investigation re-indexes any partially indexed items from the person's data sources. This process is called *Advanced indexing*. Advanced indexing reprocesses data such as images and unsupported file types so that this data is fully discoverable when you run searches to collect data for an investigation. Use the **Processing** tab to monitor the status of Advanced indexing and fix any processing errors that may occur using a process called *error remediation*. For more information, see [Error remediation when processing data for an investigation](error-remediation.md).
-
-## Exporting data
-
-If you want to export data, use the **Exports** tab to manage an export job and download data from the evidence set. When you export evidence, the data is uploaded to an Azure Storage location and then is available to download to a local computer. On the **Exports** tab, you can obtain the Azure Storage location URL and the storage assess key, which are both necessary to download the exported data. For more information, see [Export data from an investigation](export-data.md).
-
-## Managing jobs
-
-Use the **Jobs** tab to monitor the long-running processes for tasks related to the investigation. This includes jobs for running searches, adding data to an evidence set, reindexing data, and exporting evidence. For example, you might create a search on the **Searches** tab that includes many data sources. The status of this search process is displayed on the **Jobs** tab. For more information, see [Manage jobs in a data investigation](manage-jobs.md).
-
-## Configuring investigation settings
-
-Use the **Settings** tab to configure investigation-wide settings. This includes adding members to an investigation, closing or deleting an investigation, and configuring search and analytics behavior.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/process-data-for-investigation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/process-data-for-investigation.md deleted file mode 100644
@@ -1,33 +0,0 @@
-title: "Process data for an investigation"
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-ms.assetid:
-description: "Process data for a data investigation."
-
-# Process data for an investigation
-
-Processing is the process of file identification, expansion of embedded documents and attachments, text extraction, OCR (Optical Character Recognition) of image files and indexing of that content.
-
-When a person is added in **People of interest** tab, all partially indexed items from Microsoft 365 are processed to make them fully searchable. Likewise, when data is added to the **Evidence** tab from Microsoft 365 or non-Microsoft 365 data sources, the content is also processed.
-
-The **Processing** tab in Data Investigations (preview) provides transparency into the status of *Advanced Indexing* for all of these scenarios.
-
-See the following articles for more details.
--- [Advanced indexing of data for an investigation](index-data-people-of-interest.md)--- [Error remediation when processing data](error-remediation.md)
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/processing-data-for-case https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/processing-data-for-case.md
@@ -32,6 +32,6 @@ For more information, see the following articles:
- [Advanced indexing of custodian data](indexing-custodian-data.md) -- [Error remediation when processing data](error-remediation.md)
+- [Error remediation when processing data](error-remediation-when-processing-data-in-advanced-ediscovery.md)
- [Single item error remediation](single-item-error-remediation.md)
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/review-data-in-evidence https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/review-data-in-evidence.md deleted file mode 100644
@@ -1,102 +0,0 @@
-title: "Review the data in evidence"
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: how-to
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-description: "Learn about methods to review the data in your evidence, such as viewing in native, text, or near-native formats."
-ms.custom: seo-marvel-mar2020
-
-# Review the data in evidence
-
-The data in an evidence set in a data investigation is a snapshot of the search results that you collected and added to the evidence set. When you add search results to evidence, a process is triggered to extract files, metadata, and text from the items returned by the search. Then the Data Investigations (preview) tool then builds a new index (by a process called *Advanced indexing*) of all the data and adds to an evidence set on the **Evidence** tab.
-
-For time-sensitive investigations, this allows you to quickly contain the environment by deleting the actual spilled or malicious data located in the at original data source, while at the same time allowing you to investigate the re-created evidence in a quarantined environment, which in this case is the data copied to the evidence set). After the evidence is collected and added to the evidence set, you can review individual documents in their native format, text format, or a near-native format that you can use to annotate and redact documents. Additionally, you can run queries to narrow the data set by time range, file types, data owners, and many other properties and search conditions. For example, by using the Author, Sender, or Recipient conditions, you can quickly identify the people are involved in the incident and if any data from your organization has been shared with external users. For more information about searching through data in an evidence set, see [Query the data in evidence](evidence-query.md).
-
-To group documents and get more assistance for your review, select an evidence set on the **Evidence** tab, and then click **Manage evidence**. In the **Analytics** tile, click **Rebuild analytics for the whole set**. This will run advanced analytics such as duplicate detection, email threading, and theme analysis. Afterwards, you can see the general themes of the data and also organize documents by email threads, near duplicates, and exact duplicates to help your investigation. For more information, see [Run analytics to investigate faster](run-analytics-to-investigate-faster.md).
-
-## View documents in evidence
-
-The Data Investigations (preview) tool allows you to display content in several different viewers, with each viewer having a different purpose. These viewers are:
--- File metadata-- Native view-- Text view-- Annotate view-
-To access any of these viewers, just select a document in an evidence set.
-
-## File metadata
-
-This view displays various metadata properties associated with the selected document. You can toggle this view on and off by clicking **File metadata**. When reviewing a document, you can view the file metadata and still change between the different viewers.
-
-Here's an example of the file metadata for a document. For more information about the metadata fields, see [Document metadata fields in Data Investigations (preview)](document-metadata-fields.md).
-
-![File metadata panel](../media/Reviewimage2.png)
-
-## Native view
-
-The Native viewer displays the most accurate view of a document in its native format. Native view is supported for hundreds of file types and is meant to display documents in the truest native experience possible. For Microsoft Office files, the Native viewer uses the web version of Office apps. This allows you to view content such as comments in different Office documents, formulas and hidden rows/columns in Excel, and the Notes view in PowerPoint.
-
-![Native view
-](../media/Reviewimage3.png)
-
-## Text view
-
-The Text viewer provides a view of the extracted text of a file. It ignores any embedded images and formatting, but this view is useful if you're trying to quickly review and understand the content in a document. Text view also includes these features:
-
- - A line counter, which makes it easier to reference specific portions of a document.
-
- - Search hit highlighting that highlight terms in the document as well as on the scrollbar
-
- - A diff view provides a comparison view that highlights the text differences when viewing documents using the **Near duplicates** panel.
-
-**Example of line counter and search hit highlighting in text and scrollbar**
-
-![Text view
-](../media/Reviewimage4.png)
-
-**Example of the diff view**
-
-![Diff view
-](../media/Reviewimage5.png)
-
-## Annotate view
-
-The Annotate view provides features that allow you to apply markup on a document during the review process; this includes these tools:
-
- - **Area redactions** ΓÇô You can draw an opaque box on the document that hides sensitive content.
-
- - **Pencil** ΓÇô You can free-hand draw on a document to bring attention to certain portions of the content
-
- - **Select annotations** - You can select and delete annotations in a document.
-
- - **Toggle annotation transparency** ΓÇô You can toggle the transparency of annotations (between opaque and semi-transparent) so you can view the content behind the annotation. This includes toggling the transparency of pencil annotations and redactions.
-
-The Annotate view also provides the following navigation functionality:
-
- - **Previous page**, **Next page**, and **Go to page** - Navigation controls to use for multi-page documents.
-
- - **Zoom** ΓÇô Increases or decreases the size of documents in Annotate view.
-
- - **Rotate** ΓÇô Rotate documents clockwise.
-
- - **Search** ΓÇô Search for keywords in a document, and then use Previous and Next controls to view the hits (which are highlighted) within the document.
-
-**Example of Annotate view**
-
-![Annotate view](../media/Reviewimage1.png)
-
-> [!NOTE]
-> Annotations are applied to a copy of the document that was added to the evidence set. The original documents in the live service aren't annotated.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/run-analytics-to-investigate-faster https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/run-analytics-to-investigate-faster.md deleted file mode 100644
@@ -1,70 +0,0 @@
-title: "Run analytics to investigate faster"
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-ms.assetid:
-
-description: Learn how to use analytical tools like near duplicate detection, email threading, and themes to speed up your investigations.
-ms.custom: seo-marvel-mar2020
-
-# Run analytics to investigate faster
-
-When an evidence collection is large, it can be difficult to review them all. A set of evidence often includes multiple copies of the same or similar email messages or documents. Data Investigations (preview) provides a number of analytics tools that can help you reduce the volume of documents that need to be reviewed without any loss in information. To learn more about these capabilities, see:
--- [Near duplicate detection](near-duplicates.md)--- [Email threading](email-threading.md)--- [Themes](themes.md)-
-To analyze data in an evidence set:
-
-1. Configure the analytics settings for your investigation. For more information, see [Configure search and analytics settings](configure-search-analytics-settings.md).
-
-2. Open the evidence set.
-
-3. Click **Manage evidence**.
-
-4. Under **Analytics**, click **Analyze**.
-
-You can check the progress of analysis on the **Jobs** tab in your investigation. The job type that's triggered is named **Running analytics**.
-
- After analysis is completed, you can see a list of exact duplicates or near-duplicates of the document that you're reviewing located in the panel on the right. To select all duplicates of the document you're viewing, you can easily do so using this panel. To learn more about other features on this panel, see [Review data in evidence](review-data-in-evidence.md).
-
-You can also run additional queries within your evidence using the outputs of the analysis such as themes. For more information, see [Query the data in evidence](evidence-query.md).
-
-## Analytics report
-
-To view an analytics report for your evidence:
-
-1. Open the evidence set.
-
-2. Click **Manage evidence**.
-
-3. Under **Analytics**, click **View report**.
-
-The report has four components from analysis:
--- **Breakdown** - The number of raw emails, attachments, and documents found in the evidence set.--- **Emails** - The number of eamil messages that are inclusives, inclusive minuses, inclusive copies, or none of the above.
- - Inclusives: The last message in the email thread that contains all previous history and requires review.
- - Inclusive minuses: The message in the thread that contains one or more different attachments that requires review.
- - Inclusive copies: The message that is a copy of another inclusive or inclusive minus message (subject and body).
--- **Attachments** - The number of email attachments that are unique or duplicates of a different email attachment within the same evidence same.--- **Documents (excluding email attachments)** - The number of unique documents that require review, for example, the most representative document of the near-duplicate set or an exact duplicate of another document).
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/search-for-data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/search-for-data.md deleted file mode 100644
@@ -1,86 +0,0 @@
-title: "Search for data in an investigation"
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-ms.assetid:
-
-description: Learn how to create, save, and run a search to identify data relevant to your investigation, then add the results to your evidence.
-ms.custom: seo-marvel-mar2020
-
-# Search for data in an investigation
-
-On the **Search** tab in a data investigation, you can search for misplaced, confidential, or sensitive data in content locations using keywords and conditions.
-
-After you run a search, you can view statistics on the items returned by the search, such as the content locations that had the most items that matched the search query. You can also preview a subset of the results. After you've identified the set of documents to investigate further, you can add the results of the search to an evidence set to further process and analyze.
-
-## Create a search
-
-1. In an investigation, click the **Searches** tab, and then click **New search**.
-
- A wizard is displayed that guides you through the process of creating a search.
-
-2. Enter a search name and an optional description for the search.
-
-3. Define your search criteria. You can add conditions for the search by using the pre-built condition cards or by using search property names in the keyword query. For more information, see [Build search queries](build-search-queries.md).
-
-4. Choose the content locations (data sources) to search. You can scope the search by selecting the content locations of specific people of interest (if you added any to the investigation). If you have added people of interest to the investigation, you can add them by following the steps in [Manage people of interest](manage-people-of-interest.md#add-people-of-interest).
-
- Sometimes you may first need to search all content locations in your organization. Alternatively, you may need to search locations that aren't owned by a specific person. In this scenario, you can choose to search your entire organization, or all locations for a specific services (such as Exchange, SharePoint, OneDrive of Business, or Teams.
-
-5. Save and run the search.
-
-After the search is created, a flyout page is displayed with details about the search. The **Statistics** and **Preview** buttons are initially grayed out because the search hasn't completed. You can track the progress of the search by monitoring the **Status** column on the **Searches** tab.
-
-## View statistics and search results
-
-After you create and start a data investigation search, the tool uses the search criteria (the search query and content locations) that you defined and searches an index in the live service for items that match your search criteria. There are three components of a search that are returned when the search is complete:
--- **Estimate** ΓÇô Because the search only searches an index (rather than the actual content locations), the results of a search are an estimate (based on what was found in the index that matched the search results). A summary of the estimate is displayed on the search flyout page under **Status**. The status for the estimate process for a search is displayed on the **Searches** tab in the **Estimate status** column. When the search estimate is complete, this status is set to **Successful**.--- **Statistics** ΓÇô Statistics provide more detailed information about the search results. This includes the following:-
- - Summary ΓÇô Statistics similar to the search estimate results displayed on the flyout page.
- - Top locations - Statistics about the number of items that match the search query in each content location that was searched.
- - Queries ΓÇô Detailed statistics about the search query, including the number of items that match each condition in a search query.
-
- Click **Statistics** on the flyout page to view these statistics. This button is inactive until the value of the **Estimate status** on the **Searches** tab is set to **Successful**. For more information about search statistics, see [Search statistics](search-statistics.md).
--- **Preview** ΓÇô When the search is complete, you can view the actual items from a sample subset of the search results returned by the search. YOu can view in the native view of the item type, any you can also view metadata about the item. This is a good way to quickly determine if your search results are what you expected or if you need to edit the search and run it again. Click **Preview** on the flyout page to view items from the search results. This button is inactive until the value of the **Preview status** on the **Searches** tab is set to **Successful**.
-
-> [!NOTE]
-> The status values for the **Estimate status** and **Preview status** columns on the **Searches** tab are **Submitted**, **In progress**, and **Successful**. If there is an error with the search, the status of **Failed** is displayed.
-
-## Add search results to evidence
-
-When you're satisfied with the results of a search and you're ready to analyze and remediate those search results, you can add them to an evidence set in the investigation. When you add items to an evidence set on the **Evidence** tab, the following three things occur:
--- The search is run again, and the latest results of the search are added to the evidence set. That means the items that are added to evidence may be different than the estimated search results displayed on the search flyout page. This might happen if some time has passed between the last time you ran the search and when you add the search results to evidence.--- All items in the search results are copied from the data source in the live service, and copied to a secure Azure Storage location in the Microsoft cloud.--- All items (including the content and metadata) are re-indexed so that all data in the evidence set is fully searchable during your investigation. Re-indexing the data results in thorough and fast searches when you search the data in the evidence set during your investigation.-
-One advantage of copying the live data to an evidence set in Azure is that for time-sensitive or critical incidents, you can quickly contain the damage by immediately deleting suspicious content in the original data source in the live service and then investigating the incident by analyzing the evidence that was copied to the quarantined environment of the Azure Storage location.
-
-Copying the original data to the evidence set also facilitates your investigation by providing you with advanced analytics tools such as themes detection, near-duplicate detection, and email thread identification.
-
-If necessary, you can also add data from non-Microcsoft 365 data sources to an evidence set so that it's stored along with the data you collect from Microsoft 365.
-
-To add data to an evidence set, select a search on the **Searches** tab, and then clicking **Add results to evidence** on the flyout page. You can add data to an existing evidence set or create a new evidence set on the fly.
-
-### Tracking the progress of adding search results to evidence
-
-Adding data to an evidence set is a long-running process. The process includes collecting the items the original data source from Microsoft 365 (for example, from mailboxes and sites), copying them to the Azure Storage location (this copying process is also called *ingestion*), and then re-indexing the items. You can either track the progress on the **Jobs** tab or on the **Searches** tab in the **Added data to evidence** column. After the processing of evidence processing is completed, you can go to the **Evidence** tab, click the evidence set, and then start your investigation by searching, reviewing, tagging, and exporting the relevant data as necessary.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/search-statistics-in-advanced-ediscovery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/search-statistics-in-advanced-ediscovery.md
@@ -3,7 +3,7 @@ title: "Search statistics in Advance eDiscovery"
f1.keywords: - NOCSH ms.author: markjjo
-author: esclee
+author: markjjo
manager: laurawi ms.date: audience: Admin
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/search-statistics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/search-statistics.md deleted file mode 100644
@@ -1,86 +0,0 @@
-title: "Search statistics"
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-description: "Search statistics are an effective way to validate your search results, and display under Status on the search details flyout page."
-ms.custom: seo-marvel-mar2020
-
-# Search statistics in Data Investigations (preview)
-
-An effective way to validate your search results when investigation a data incident is to view the statistics about your search results to make sure they align with your expectations. When a search as finished running, the following high-level statistics are displayed under **Status** on the search details flyout page:
-
-![Search statisics on search details flyout page](../media/SearchDetailsFlyout.png)
--- The estimated number and size of items that matched the search criteria.--- The number and size of partially indexed items (also called *unindexed items*) that aren't searchable but that were found in the content locations that were included in the search.--- The number of mailboxes and sites that were searched.-
-To view more detailed statistics, click **Statistics** on the search details flyout page. On the **Search statistics** page, you can view the search summary, the top location that contained items that matched the search results, and detailed statistics about the search query.
-
-![Search statistics dropdown list](../media/SearchStatisticsDropDownList.png)
-
-## Summary
-
-In the **Summary** view, you can see the search results broken down by location type (for example, locations include Exchange mailboxes and SharePoint sites). The following information is displayed for each location type:
--- The number of locations that had items that matched the search criteria.--- The total number of items from each location type that matched the search criteria.--- The total size of items from each location type that matched the search criteria.-
-## Top locations
-
-In the **Top locations** view, you see the individual content locations with the most items that matched the search criteria. For each content location, the following information is displayed:
--- The name of the location; the email address for mailboxes and the URL for SharePoint sites--- The location type--- Number of items that matched the search criteria--- The total size of all items that matched the search criteria.-
-## Queries
-
-In the **Queries** view, you can see detailed statistics for each component of the search query. If you used the keyword list in the search query, you can view enhanced statistics in the **Queries** view that show how many items match each keyword or keyword phrase. This can help you quickly identify which parts of the query are the most (and least) effective.
-
-The following information is displayed in the **Queries** view:
-
- - **Location type** - The type of content location for the statistics displayed in the row.
--- **Part** - This column will display one of the following values: **Primary** or **Keyword**. **Primary** means the row presents statistics on the entire query; **Keyword** means the statistics in the row are for one of the query components.--- **Condition** - The actual query component of the search query the row refers to. If the value in the **Part** column is **Primary**, then the statistics for the entire search query are displayed; if the value is **Keyword**, then the statistics for the component of the query shown in the **Query** column are displayed. For example, if the keyword list was used, then the statistics one of the keywords are displayed.-
- Here are some other things to know about the statistics displayed in the **Queries** column:
-
- - When you search for all content in mailboxes (by not specifying any keywords), the actual query is **(size >= 0)** so that all items are returned
-
- - When you search SharePoint and OneDrive sites, the two following components are added to the search query:
-
- **NOT IsExternalContent:1** - This excludes any content from an on-premises SharePoint organization
-
- **NOT isOneNotePage:1** - This excludes all OneNote files because these would be duplicates of any document that matches the search query.
--- **Locations in search** The number of content locations that had items that matched the search query for the part/condition displayed in the row. Note that archive mailboxes are counted as a separate location if they contain items that match the search criteria.--- **Items** - The total number of items that matched the search criteria for the part/condition displayed in the row.--- **Size** - The total number of items that matched the search criteria for the part/condition displayed in the row.-
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitive-information-type-entity-definitions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitive-information-type-entity-definitions.md
@@ -867,7 +867,6 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- personalausweis republik österreich ## Austria passport number
-This sensitive information type entity is only available in the EU Passport Number sensitiveinformation type.
### Format
@@ -887,26 +886,42 @@ not applicable
### Definition
+A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression `Regex_austria_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_austria_eu_passport_number` is found.
+- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found
+ A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters: - The regular expression `Regex_austria_eu_passport_number` finds content that matches the pattern. -- A keyword from `Keywords_austria_eu_passport_number` is found.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_austria_eu_passport_number` is found.
```xml
- <!-- EU Passport Number -->
-<Entity id="21883626-6245-4f3d-9b61-5cbb43e625ee" patternsProximity="300" recommendedConfidence="75">
+ <!-- Austria Passport Number -->
+ <Entity id="1c96ae4e-303b-447d-86c7-77113ac266bf" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_austria_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_austria_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_eu_passport_date1" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
<Pattern confidenceLevel="75"> <IdMatch idRef="Regex_austria_eu_passport_number" /> <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number_common" />
+ <Match idRef="Keywords_eu_passport_number" />
<Match idRef="Keywords_austria_eu_passport_number" /> </Any> </Pattern>
-</Entity>
+ </Entity>
``` ### Keywords
-#### Keywords_eu_passport_number_common
+#### Keywords_eu_passport_number
- passport# - passport #
@@ -929,8 +944,8 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- Passnummer - reisepässe
-## Austria social security number or equivalent identification
-This sensitive information type entity is only available in the EU Social Security Number or Equivalent ID sensitive information type.
+
+## Austria social security number
### Format
@@ -951,43 +966,56 @@ Yes
### Definition A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The function `Func_austria_eu_-- _or_equivalent` finds content that matches the pattern.
+- The function `Func_austria_eu_ssn_or_equivalent` finds content that matches the pattern.
- a keyword from `Keywords_austria_eu_ssn_or_equivalent` is found. A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters: - The function `Func_austria_eu_ssn_or_equivalent` finds content that matches the pattern. ```xml
- <!-- EU SSN or Equivalent Number -->
-<Entity id="d24e32a4-c0bb-4ba8-899d-6303b95742d9" patternsProximity="300" recommendedConfidence="75">
+ <!-- Austria Social Security Number -->
+ <Entity id="6896a906-86c9-4d19-a2da-6e43ccd19b7b" patternsProximity="300" recommendedConfidence="85">
<Pattern confidenceLevel="85"> <IdMatch idRef="Func_austria_eu_ssn_or_equivalent" /> <Match idRef="Keywords_austria_eu_ssn_or_equivalent" /> </Pattern>
-<Pattern confidenceLevel="75">
- <IdMatch idRef="Func_austria_eu_ssn_or_equivalent" />
- </Pattern>
-</Entity>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_austria_eu_ssn_or_equivalent" />
+ <Any minMatches="0" maxMatches="0">
+ <Match idRef="Keywords_austria_eu_telephone_number" />
+ <Match idRef="Keywords_austria_eu_mobile_number" />
+ </Any>
+ </Pattern>
+ </Entity>
``` ### Keywords #### Keywords_austria_eu_ssn_or_equivalent -- social security no-- social security number-- social security code-- insurance number - austrian ssn-- ssn#-- ssn
+- ehic number
+- ehic no
- insurance code-- insurance code#
+- insurancecode#
+- insurance number
+- insurance no
+- krankenkassennummer
+- krankenversicherung
+- socialsecurityno
- socialsecurityno#
+- social security no
+- social security number
+- social security code
- sozialversicherungsnummer
+- sozialversicherungsnummer#
- soziale sicherheit kein
+- sozialesicherheitkein#
+- ssn#
+- ssn
+- versicherungscode
- versicherungsnummer
+- zdravstveno zavarovanje
## Austria tax identification number
@@ -1873,7 +1901,6 @@ A DLP policy is 65% confident that it's detected this type of sensitive informat
- tin# ## Belgium passport number
-This sensitive information type entity is only available in the EU Passport Number sensitive information type.
### Format
@@ -1889,26 +1916,44 @@ not applicable
### Definition
+ A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression `Regex_belgium_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_belgium_eu_passport_number` is found.
+- The regular expression `Regex_eu_passport_date2` finds date in the format DD MM YY or a keyword from `Keywords_eu_passport_date` or `Keywords_belgium_eu_passport_number` is found
+ A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters: - The regular expression `Regex_belgium_eu_passport_number` finds content that matches the pattern. -- A keyword from `Keywords_belgium_eu_passport_number` is found.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_belgium_eu_passport_number` is found.
```xml
- <!-- EU Passport Number -->
-<Entity id="21883626-6245-4f3d-9b61-5cbb43e625ee" patternsProximity="300" recommendedConfidence="75">
+ <!-- Belgium Passport Number -->
+ <Entity id="d7b1315b-21ca-4774-a32a-596010ff78fd" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_belgium_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_belgium_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_eu_passport_date2" />
+ <Match idRef="Keywords_eu_passport_date" />
+ <Match idRef="Keywords_belgium_eu_passport_date" />
+ </Any>
+ </Pattern>
<Pattern confidenceLevel="75"> <IdMatch idRef="Regex_belgium_eu_passport_number" /> <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number_common" />
+ <Match idRef="Keywords_eu_passport_number" />
<Match idRef="Keywords_belgium_eu_passport_number" /> </Any> </Pattern>
-</Entity>
+ </Entity>
+ ``` ### Keywords
-#### Keywords_eu_passport_number_common
+#### Keywords_eu_passport_number
- passport# - passport #
@@ -1934,66 +1979,6 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- Passnummer - reisepass kein
-## Belgium social security number or equivalent identification
-This sensitive information type entity is only available in the EU Social Security Number or Equivalent ID sensitive information type.
-
-### Format
-
-11 digits without spaces or delimiters
-
-### Pattern
-
-11 digits
-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
-
-- The function `Func_belgium_eu_ssn_or_equivalent` finds content that matches the pattern. -- A keyword from `Keywords_belgium_eu_ssn_or_equivalent` is found.
-
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
-- The function `Func_belgium_eu_ssn_or_equivalent` finds content that matches the pattern.
-
-```xml
- <!-- EU SSN or Equivalent Number -->
-<Entity id="d24e32a4-c0bb-4ba8-899d-6303b95742d9" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_belgium_eu_ssn_or_equivalent" />
- <Match idRef="Keywords_belgium_eu_ssn_or_equivalent" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_belgium_eu_ssn_or_equivalent" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keywords_belgium_eu_ssn_or_equivalent
--- belgian national number-- national number-- social security number-- nationalnumber#-- ssn#-- ssn-- nationalnumber-- bnn#-- bnn-- personal id number-- personalidnumber#-- numéro national-- numéro de sécurité-- numéro d'assuré-- identifiant national-- identifiantnational#-- numéronational#- ## Belgium value added tax number This sensitive information type is only available for use in:
@@ -2530,7 +2515,6 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
## Bulgaria passport number
-This sensitive information type entity is only available in the EU Passport Number sensitive information type.
### Format
@@ -2546,25 +2530,41 @@ No
### Definition
+A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression `Regex_bulgaria_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_bulgaria_eu_passport_number` is found.
+- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found
+ A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters: - The regular expression `Regex_bulgaria_eu_passport_number` finds content that matches the pattern. -- A keyword from `Keywords_bulgaria_eu_passport_number` or `Keywords_eu_passport_number_common`is found.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_bulgaria_eu_passport_number` is found.
```xml
- <!-- EU Passport Number -->
-<Entity id="21883626-6245-4f3d-9b61-5cbb43e625ee" patternsProximity="300" recommendedConfidence="75">
+ <!-- Bulgaria Passport Number -->
+ <Entity id="f7172b82-c588-4216-845e-4e54e397f29a" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_bulgaria_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_bulgaria_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_eu_passport_date1" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
<Pattern confidenceLevel="75"> <IdMatch idRef="Regex_bulgaria_eu_passport_number" /> <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number_common" />
+ <Match idRef="Keywords_eu_passport_number" />
<Match idRef="Keywords_bulgaria_eu_passport_number" /> </Any> </Pattern>
-</Entity>
+ </Entity>
``` ### Keywords
-#### Keywords_eu_passport_number_common
+#### Keywords_eu_passport_number
- passport# - passport #
@@ -2583,6 +2583,11 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- номер на паспорт - паспорт №
+#### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
+ ## Canada bank account number ### Format
@@ -3817,7 +3822,6 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
## Croatia passport number
-This sensitive information type entity is only available in the EU Passport Number sensitive information type.
### Format
@@ -3833,21 +3837,37 @@ No
### Definition
+A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression `Regex_croatia_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_croatia_eu_passport_number` is found.
+- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found
+ A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters: - The regular expression `Regex_croatia_eu_passport_number` finds content that matches the pattern. -- A keyword from `Keywords_eu_passport_number_common` or `Keywords_croatia_eu_passport_number` is found.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_croatia_eu_passport_number` is found.
```xml
- <!-- EU Passport Number -->
-<Entity id="21883626-6245-4f3d-9b61-5cbb43e625ee" patternsProximity="300" recommendedConfidence="75">
+ <!-- Croatia Passport Number -->
+ <Entity id="7d7a729d-32d8-4204-8d01-d5e6a6c25581" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_croatia_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_croatia_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_eu_passport_date1" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
<Pattern confidenceLevel="75"> <IdMatch idRef="Regex_croatia_eu_passport_number" /> <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number_common" />
+ <Match idRef="Keywords_eu_passport_number" />
<Match idRef="Keywords_croatia_eu_passport_number" /> </Any> </Pattern>
-</Entity>
+ </Entity>
``` ### Keywords
@@ -3943,68 +3963,7 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- tin no - tin#
-## Croatia social security number or equivalent identification
-This sensitive information type entity is only available in the EU Social Security Number or Equivalent ID sensitive information type.
-
-### Format
-
-11 digits without spaces and delimiters
-
-### Pattern
-
-11 digits:
-
-- ten digits-- one check digit
-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
-
-- The function `Func_croatia_eu_ssn_or_equivalent` finds content that matches the pattern. -- A keyword from `Keywords_croatia_eu_ssn_or_equivalent` is found.
-
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
-
-- The function `Func_croatia_eu_ssn_or_equivalent` finds content that matches the pattern.
-
-```xml
- <!-- EU SSN or Equivalent Number -->
-<Entity id="d24e32a4-c0bb-4ba8-899d-6303b95742d9" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_croatia_eu_ssn_or_equivalent" />
- <Match idRef="Keywords_croatia_eu_ssn_or_equivalent" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_croatia_eu_ssn_or_equivalent" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keywords_croatia_eu_ssn_or_equivalent
-- personal identification number-- master citizen number-- national identification number-- social security number-- nationalnumber#-- ssn#-- ssn-- nationalnumber-- bnn#-- bnn-- personal id number-- personalidnumber#-- oib-- osobni identifikacijski broj-
-
## Cyprus drivers license number ### Format
@@ -4217,7 +4176,6 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
## Cyprus passport number
-This sensitive information type entity is only available in the EU Passport Number sensitive information type.
### Format
@@ -4233,21 +4191,37 @@ No
### Definition
+A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression `Regex_cyprus_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_cyprus_eu_passport_number` is found.
+- The regular expression `Regex_cyprus_eu_passport_date` finds date in the format DD/MM/YYYY or a keyword from `Keywords_cyprus_eu_passport_date` is found
+ A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_cyprus_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number_common` or `Keywords_cyprus_eu_passport_number` is found.
+- The regular expression `Regex_cyprus_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_cyprus_eu_passport_number` is found.
```xml
- <!-- EU Passport Number -->
-<Entity id="21883626-6245-4f3d-9b61-5cbb43e625ee" patternsProximity="300" recommendedConfidence="75">
+ <!-- Cyprus Passport Number -->
+ <Entity id="9193e2e8-7f8c-43c1-a274-ac40d651936f" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_cyprus_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_cyprus_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_cyprus_eu_passport_date" />
+ <Match idRef="Keywords_cyprus_eu_passport_date" />
+ </Any>
+ </Pattern>
<Pattern confidenceLevel="75"> <IdMatch idRef="Regex_cyprus_eu_passport_number" /> <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number_common" />
+ <Match idRef="Keywords_eu_passport_number" />
<Match idRef="Keywords_cyprus_eu_passport_number" /> </Any> </Pattern>
-</Entity>
+ </Entity>
``` ### Keywords
@@ -4279,6 +4253,12 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- Pasaport no. - Αρ. Διαβατηρίου
+#### Keywords_cyprus_eu_passport_date
+
+- expires on
+- issued on
++ ## Cyprus tax identification number This sensitive information type is only available for use in: - data loss prevention policies
@@ -4526,7 +4506,6 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
## Czech passport number
-This sensitive information type entity is only available in the EU Passport Number sensitive information type.
### Format
@@ -4542,21 +4521,37 @@ No
### Definition
+A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression `Regex_czech_republic_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_czech_republic_eu_passport_number` is found.
+- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found
+ A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters: - The regular expression `Regex_czech_republic_eu_passport_number` finds content that matches the pattern. -- A keyword from `Keywords_eu_passport_number_common` or `Keywords_czech_republic_eu_passport_number` is found.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_czech_republic_eu_passport_number` is found.
```xml
- <!-- EU Passport Number -->
-<Entity id="21883626-6245-4f3d-9b61-5cbb43e625ee" patternsProximity="300" recommendedConfidence="75">
+ <!-- Czech Republic Passport Number -->
+ <Entity id="7bcd8ce8-5e92-4bbe-bc92-fa669f0369fa" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_czech_republic_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_czech_republic_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_eu_passport_date1" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
<Pattern confidenceLevel="75"> <IdMatch idRef="Regex_czech_republic_eu_passport_number" /> <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number_common" />
+ <Match idRef="Keywords_eu_passport_number" />
<Match idRef="Keywords_czech_republic_eu_passport_number" /> </Any> </Pattern>
-</Entity>
+ </Entity>
``` ### Keywords
@@ -4582,6 +4577,11 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- passeport no - čísla pasu
+#### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
+ ## Czech personal identity number
@@ -4684,68 +4684,6 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- unique identification number
-## Czech social security number or equivalent identification
-
-This sensitive information type entity is only available in the EU Social Security Number or Equivalent ID sensitive information type.
-
-### Format
-
-ten digits and a backslash in the specified pattern
-
-### Pattern
-
-ten digits and a backslash:
-
-- six digits that correspond to the birth date (YYMMDD): -- a backslash-- three digits that correspond to a serial number that separates persons born on the same date-- one check digit
-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
-- The function `Func_czech_republic_eu_ssn_or_equivalent` finds content that matches the pattern. -- A keyword from `Keywords_czech_republic_eu_ssn_or_equivalent` is found.
-
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
-- The function `Func_czech_republic_eu_ssn_or_equivalent` finds content that matches the pattern. -
-```xml
- <!-- EU SSN or Equivalent Number -->
-<Entity id="d24e32a4-c0bb-4ba8-899d-6303b95742d9" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_czech_republic_eu_ssn_or_equivalent" />
- <Match idRef="Keywords_czech_republic_eu_ssn_or_equivalent" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_czech_republic_eu_ssn_or_equivalent" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keywords_czech_republic_eu_ssn_or_equivalent
--- birth number-- national identification number-- personal identification number-- social security number-- nationalnumber#-- ssn#-- ssn-- national number-- personal id number-- personalidnumber#-- rč-- rodné číslo-- rodne cislo-- ## Denmark driver's license number ### Format
@@ -4909,7 +4847,6 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
## Denmark passport number
-This sensitive information type entity is only available in the EU Passport Number sensitive information type.
### Format
@@ -4925,21 +4862,38 @@ No
### Definition
+A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression `Regex_denmark_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_denmark_eu_passport_number` is found.
+- The regular expression `Regex_eu_passport_date2` finds date in the format DD MM YY or a keyword from `Keywords_eu_passport_date` is found
+ A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters: - The regular expression `Regex_denmark_eu_passport_number` finds content that matches the pattern. -- A keyword from `Keywords_eu_passport_number_common` or `Keywords_denmark_eu_passport_number` is found.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_denmark_eu_passport_number` is found.
```xml
- <!-- EU Passport Number -->
-<Entity id="21883626-6245-4f3d-9b61-5cbb43e625ee" patternsProximity="300" recommendedConfidence="75">
+ <!-- Denmark Passport Number -->
+ <Entity id="25e8c47e-e6fe-4884-a211-74898f8c0196" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_denmark_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_denmark_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_eu_passport_date2" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
<Pattern confidenceLevel="75"> <IdMatch idRef="Regex_denmark_eu_passport_number" /> <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number_common" />
+ <Match idRef="Keywords_eu_passport_number" />
<Match idRef="Keywords_denmark_eu_passport_number" /> </Any> </Pattern>
-</Entity>
+ </Entity>
+ ``` ### Keywords
@@ -4963,6 +4917,11 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- Passeport n┬░ - pasnumre
+#### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
+ ## Denmark personal identification number
@@ -5081,64 +5040,6 @@ A DLP policy is 65% confident that it's detected this type of sensitive informat
- sygesikringsnummer
-## Denmark social security number or equivalent identification
-This sensitive information type entity is only available the EU Social Security Number or Equivalent ID sensitive information type.
-
-### Format
-
-ten digits and a hyphen in the specified pattern
-
-### Pattern
-
-ten digits and a hyphen:
-
-- six digits that correspond to the birth date (DDMMYY) -- a hyphen-- four digits that correspond to a sequence number-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
-- The function `Func_denmark_eu_ssn_or_equivalent` finds content that matches the pattern. -- A keyword from `Keywords_denmark_eu_ssn_or_equivalent` is found.
-
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
-- The function `Func_denmark_eu_ssn_or_equivalent` finds content that matches the pattern.
-
-```xml
- <!-- EU SSN or Equivalent Number -->
-<Entity id="d24e32a4-c0bb-4ba8-899d-6303b95742d9" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_denmark_eu_ssn_or_equivalent" />
- <Match idRef="Keywords_denmark_eu_ssn_or_equivalent" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_denmark_eu_ssn_or_equivalent" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keywords_denmark_eu_ssn_or_equivalent
--- personal identification number-- national identification number-- social security number-- nationalnumber#-- ssn#-- ssn-- national number-- personal id number-- personalidnumber#-- cpr-nummer-- personnummer-- ## Drug Enforcement Agency (DEA) number ### Format
@@ -5452,7 +5353,6 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
## Estonia passport number
-This sensitive information type entity is only available in the EU Passport Number sensitive information type.
### Format
@@ -5468,21 +5368,37 @@ No
### Definition
+A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression `Regex_estonia_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_estonia_eu_passport_number` is found.
+- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found
+ A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters: - The regular expression `Regex_estonia_eu_passport_number` finds content that matches the pattern. -- A keyword from `Keywords_eu_passport_number_common` or `Keywords_estonia_eu_passport_number` is found.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_estonia_eu_passport_number` is found.
```xml
- <!-- EU Passport Number -->
-<Entity id="21883626-6245-4f3d-9b61-5cbb43e625ee" patternsProximity="300" recommendedConfidence="75">
+ <!-- Estonia Passport Number -->
+ <Entity id="61f7073a-509e-425b-a754-bc01bb5d5b8c" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_estonia_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_estonia_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_eu_passport_date1" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
<Pattern confidenceLevel="75"> <IdMatch idRef="Regex_estonia_eu_passport_number" /> <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number_common" />
+ <Match idRef="Keywords_eu_passport_number" />
<Match idRef="Keywords_estonia_eu_passport_number" /> </Any> </Pattern>
-</Entity>
+ </Entity>
``` ### Keywords
@@ -5509,6 +5425,12 @@ document number
document no dokumendi nr
+#### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
++ ## EU debit card number ### Format
@@ -5964,19 +5886,19 @@ These are the entities in the EU passport number sensitive information typeThese
These are the entities that are in the EU Social Security Number or equivalent identification sensitive information type. -- [Austria](#austria-social-security-number-or-equivalent-identification)-- [Belgium](#belgium-social-security-number-or-equivalent-identification)-- [Croatia](#croatia-social-security-number-or-equivalent-identification)-- [Czech](#czech-social-security-number-or-equivalent-identification)-- [Denmark](#denmark-social-security-number-or-equivalent-identification)-- [Finland](#finland-social-security-number-or-equivalent-identification)
+- [Austria](#austria-social-security-number)
+- [Belgium](#belgium-national-number)
+- [Croatia](#croatia-personal-identification-oib-number)
+- [Czech](#czech-personal-identity-number)
+- [Denmark](#denmark-personal-identification-number)
+- [Finland](#finland-national-id)
- [France](#france-social-security-number-insee-or-equivalent-identification) - [Germany](#germany-identity-card-number) - [Greece](#greece-national-id-card)-- [Hungary](#hungary-social-security-number-or-equivalent-identification)
+- [Hungary](#hungary-social-security-number-taj)
- [Portugal](#portugal-citizen-card-number) - [Spain](#spain-social-security-number-ssn)-- [Sweden](#sweden-social-security-number-or-equivalent-identification)
+- [Sweden](#sweden-national-id)
## EU Tax identification number
@@ -6342,7 +6264,6 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
## Finland passport number
-This sensitive information type entity is available in the EU Passport Number sensitive information type and is available as a stand alone sensitive information type entity.
### Format combination of nine letters and digits
@@ -6400,78 +6321,6 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- passi number
-## Finland social security number or equivalent identification
-This sensitive information type entity is only available in the EU Social Security Number or Equivalent ID sensitive information type.
-
-### Format
-
-An 11-character combination in the specified format
-
-### Pattern
-
-an 11-character combination in the specified format:
-
-- six digits -- one instance of one of the following:
- - plus symbol
- - minus symbol
- - the letter "A" (not case-sensitive)
-- three digits-- one letter or one digit
-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
-- The function `Func_finland_eu_ssn_or_equivalent` finds content that matches the pattern. -- A keyword from `Keywords_finland_eu_ssn_or_equivalent` is found.
-
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
-- The function `Func_finland_eu_ssn_or_equivalent` finds content that matches the pattern.
-
-```xml
- <!-- EU SSN or Equivalent Number -->
-<Entity id="d24e32a4-c0bb-4ba8-899d-6303b95742d9" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_finland_eu_ssn_or_equivalent" />
- <Match idRef="Keywords_finland_eu_ssn_or_equivalent" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_finland_eu_ssn_or_equivalent" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keywords_finland_eu_ssn_or_equivalent
--- identification number-- personal id-- identity number-- finnish national id number-- personalidnumber#-- national identification number-- id number-- national id no.-- national id number-- id no-- tunnistenumero-- henkil├╢tunnus-- yksil├╢llinen henkil├╢kohtainen tunnistenumero-- ainutlaatuinen henkil├╢kohtainen tunnus-- identiteetti numero-- suomen kansallinen henkil├╢tunnus-- henkil├╢tunnusnumero#-- kansallisen tunnistenumero-- tunnusnumero-- kansallinen tunnus numero-- hetu-- ## France driver's license number ### Format
@@ -7252,7 +7101,6 @@ A DLP policy is 65% confident that it's detected this type of sensitive informat
## Germany passport number
-This sensitive information type entity is included in the EU Passport Number sensitive information type and is available as a stand alone sensitive information type entity.
### Format
@@ -7274,12 +7122,12 @@ Yes
A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters: - The function Func_german_passport finds content that matches the pattern.-- A keyword from `Keyword_german_passport` is found.
+- A keyword from `Keyword_german_passport` or `Keywords_eu_passport_number_common` is found.
- The checksum passes. A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters: - The function Func_german_passport_data finds content that matches the pattern.-- A keyword from `Keyword_german_passport` is found.
+- A keyword from `Keyword_german_passport` or `Keywords_eu_passport_number_common` is found.
- The checksum passes. ```xml
@@ -7287,11 +7135,17 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
<Entity id="2e3da144-d42b-47ed-b123-fbf78604e52c" patternsProximity="300" recommendedConfidence="75"> <Pattern confidenceLevel="85"> <IdMatch idRef="Func_german_passport" />
- <Match idRef="Keyword_german_passport" />
+ <Any minMatches="1">
+ <Match idRef="Keyword_german_passport" />
+ <Match idRef="Keywords_eu_passport_number_common" />
+ </Any>
</Pattern> <Pattern confidenceLevel="75"> <IdMatch idRef="Func_german_passport_data" />
- <Match idRef="Keyword_german_passport" />
+ <Any minMatches="1">
+ <Match idRef="Keyword_german_passport" />
+ <Match idRef="Keywords_eu_passport_number_common" />
+ </Any>
</Pattern> </Entity> ```
@@ -7310,6 +7164,20 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- passeport no. - passeport no
+#### Keywords_eu_passport_number_common
+
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
++ ## Germany tax identification number ### Format
@@ -7672,8 +7540,6 @@ A DLP policy is 65% confident that it's detected this type of sensitive informat
## Greece passport number
-This sensitive information type entity is only available in the EU Passport Number sensitive information type.
- ### Format Two letters followed by seven digits with no spaces or delimiters
@@ -7688,27 +7554,42 @@ No
### Definition
+A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression `Regex_greece_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_greece_eu_passport_number` is found.
+- The regular expression `Regex_greece_eu_passport_date` finds date in the format DD MMM YY (Example - 28 Aug 19) or a keyword from `Keywords_greece_eu_passport_date` is found
+ A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
-
- The regular expression `Regex_greece_eu_passport_number` finds content that matches the pattern. -- A keyword from `Keywords_eu_passport_number_common` or `Keywords_greece_eu_passport_number` is found.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_greece_eu_passport_number` is found.
```xml
- <!-- EU Passport Number -->
-<Entity id="21883626-6245-4f3d-9b61-5cbb43e625ee" patternsProximity="300" recommendedConfidence="75">
+ <!-- Greece Passport Number -->
+ <Entity id="7e65eb47-cdf9-4f52-8f90-2a27d5ee67e3" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_greece_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_greece_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_greece_eu_passport_date" />
+ <Match idRef="Keywords_greece_eu_passport_date" />
+ </Any>
+ </Pattern>
<Pattern confidenceLevel="75"> <IdMatch idRef="Regex_greece_eu_passport_number" /> <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number_common" />
+ <Match idRef="Keywords_eu_passport_number" />
<Match idRef="Keywords_greece_eu_passport_number" /> </Any> </Pattern>
-</Entity>
+ </Entity>
``` ### Keywords
-#### Keywords_eu_passport_number_common
+#### Keywords_eu_passport_number
- passport# - passport #
@@ -7727,6 +7608,65 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- αριθμούς διαβατηρίου - αριθμός διαβατηριο +
+## Greece Social Security Number (AMKA)
+This sensitive information type is only available for use in:
+- data loss prevention policies
+- communication compliance policies
+- information governance
+- records management
+- Microsoft cloud app security
+
+### Format
+
+Eleven digits without spaces and delimiters
+
+### Pattern
+
+- 6 digits as date of birth YYMMDD
+- 4 digits
+- a check digit
+
+### Checksum
+
+Yes
+
+### Definition
+
+A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The function `Func_greece_eu_ssn` finds content that matches the pattern.
+- A keyword from `Keywords_greece_eu_ssn_or_equivalent` is found.
+
+A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The function `Func_greece_eu_ssn` finds content that matches the pattern.
+
+```xml
+ <!-- Greece Social Security Number (AMKA) -->
+ <Entity id="e39b03f4-50ea-41ae-af7a-a4b9539596ad" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_greece_eu_ssn" />
+ <Match idRef="Keywords_greece_eu_ssn_or_equivalent" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_greece_eu_ssn" />
+ </Pattern>
+ </Entity>
+```
+
+### Keywords
+
+#### Keywords_greece_eu_ssn_or_equivalent
+
+- ssn
+- ssn#
+- social security no
+- socialsecurityno#
+- social security number
+- amka
+- a.m.k.a.
+- Αριθμού Μητρώου Κοινωνικής Ασφάλισης
++ ## Greece tax identification number This sensitive information type is only available for use in: - data loss prevention policies
@@ -8115,8 +8055,6 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
## Hungary passport number
-This sensitive information type entity is only available in the EU Passport Number sensitive information type.
- ### Format Two letters followed by six or seven digits with no spaces or delimiters
@@ -8131,26 +8069,41 @@ No
### Definition
+A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression `Regex_hungary_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_hungary_eu_passport_number` is found.
+- The regular expression `Regex_hungary_eu_passport_date` finds date in the format DD MMM/MMM YY (Example - 01 MÁR/MAR 12) or a keyword from `Keywords_eu_passport_date` is found
+ A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
-
- The regular expression `Regex_hungary_eu_passport_number` finds content that matches the pattern. -- A keyword from `Keywords_eu_passport_number_common` or `Keywords_hungary_eu_passport_number` is found.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_hungary_eu_passport_number` is found.
```xml
- <!-- EU Passport Number -->
-<Entity id="21883626-6245-4f3d-9b61-5cbb43e625ee" patternsProximity="300" recommendedConfidence="75">
+ <!-- Hungary Passport Number -->
+ <Entity id="5b483910-9aa7-4c99-9917-f4001464bda7" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_hungary_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_hungary_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_hungary_eu_passport_date" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
<Pattern confidenceLevel="75"> <IdMatch idRef="Regex_hungary_eu_passport_number" /> <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number_common" />
+ <Match idRef="Keywords_eu_passport_number" />
<Match idRef="Keywords_hungary_eu_passport_number" /> </Any> </Pattern>
-</Entity>
+ </Entity>
``` ### Keywords
-#### Keywords_eu_passport_number_common
+#### Keywords_eu_passport_number
- passport# - passport #
@@ -8169,9 +8122,8 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- Útlevelek száma - útlevél szám
-## Hungary social security number or equivalent identification
-This sensitive information type entity is only available in the EU Social Security Number or Equivalent ID sensitive information type.
+## Hungary social security number (TAJ)
### Format
@@ -8197,16 +8149,16 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- The function `Func_hungary_eu_ssn_or_equivalent` finds content that matches the pattern. ```xml
- <!-- EU SSN or Equivalent Number -->
-<Entity id="d24e32a4-c0bb-4ba8-899d-6303b95742d9" patternsProximity="300" recommendedConfidence="75">
+ <!-- Hungarian Social Security Number (TAJ) -->
+ <Entity id="0de78315-9537-47f5-95ab-b3e77eba3993" patternsProximity="300" recommendedConfidence="85">
<Pattern confidenceLevel="85"> <IdMatch idRef="Func_hungary_eu_ssn_or_equivalent" /> <Match idRef="Keywords_hungary_eu_ssn_or_equivalent" />
- </Pattern>
- <Pattern confidenceLevel="75">
+ </Pattern>
+ <Pattern confidenceLevel="75">
<IdMatch idRef="Func_hungary_eu_ssn_or_equivalent" />
- </Pattern>
-</Entity>
+ </Pattern>
+ </Entity>
``` ### Keywords
@@ -8887,8 +8839,6 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
## Ireland passport number
-This sensitive information type entity is only available in the EU Passport Number sensitive information type.
- ### Format Two letters or digits followed by seven digits with no spaces or delimiters
@@ -8906,22 +8856,37 @@ No
### Definition
+A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression `Regex_ireland_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_ireland_eu_passport_number` is found.
+- The regular expression `Regex_ireland_eu_passport_date` finds date in the format DD MMM/MMM YYYY (Example - 01 BEA/MAY 1988) or a keyword from `Keywords_eu_passport_date` is found
+ A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
-
- The regular expression `Regex_ireland_eu_passport_number` finds content that matches the pattern. -- A keyword from `Keywords_eu_passport_number_common` or `Keywords_ireland_eu_passport_number` is found.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_ireland_eu_passport_number` is found.
```xml
- <!-- EU Passport Number -->
-<Entity id="21883626-6245-4f3d-9b61-5cbb43e625ee" patternsProximity="300" recommendedConfidence="75">
+ <!-- Ireland Passport Number -->
+ <Entity id="a2130f27-9ee2-4103-84f9-a6b1ee7d0cbf" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_ireland_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_ireland_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_ireland_eu_passport_date" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
<Pattern confidenceLevel="75"> <IdMatch idRef="Regex_ireland_eu_passport_number" /> <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number_common" />
+ <Match idRef="Keywords_eu_passport_number" />
<Match idRef="Keywords_ireland_eu_passport_number" /> </Any> </Pattern>
-</Entity>
+ </Entity>
``` ### Keywords
@@ -8949,6 +8914,12 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- uimhir cárta - uimhir chárta
+#### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
++ ## Ireland personal public service (PPS) number ### Format
@@ -9284,7 +9255,6 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
## Italy passport number
-This sensitive information type entity is only available in the EU Passport Number sensitive information type.
### Format
@@ -9303,21 +9273,37 @@ not applicable
### Definition
+A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression `Regex_italy_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_italy_eu_passport_number` is found.
+- The regular expression `Regex_italy_eu_passport_date` finds date in the format DD MMM/MMM YYYY (Example - 01 GEN/JAN 1988) or a keyword from `Keywords_eu_passport_date` is found
+ A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters: - The regular expression `Regex_italy_eu_passport_number` finds content that matches the pattern. -- A keyword from `Keywords_eu_passport_number_common` or `Keywords_italy_eu_passport_number` is found.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_italy_eu_passport_number` is found.
```xml
- <!-- EU Passport Number -->
-<Entity id="21883626-6245-4f3d-9b61-5cbb43e625ee" patternsProximity="300" recommendedConfidence="75">
+ <!-- Italy Passport Number -->
+ <Entity id="39811019-4750-445f-b26d-4c0e6c431544" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_italy_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_italy_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_italy_eu_passport_date" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
<Pattern confidenceLevel="75"> <IdMatch idRef="Regex_italy_eu_passport_number" /> <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number_common" />
+ <Match idRef="Keywords_eu_passport_number" />
<Match idRef="Keywords_italy_eu_passport_number" /> </Any> </Pattern>
-</Entity>
+ </Entity>
``` ### Keywords
@@ -9345,6 +9331,12 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- numeri del passaporto - passeport italien
+#### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
++ ## Italy value added tax number This sensitive information type is only available for use in: - data loss prevention policies
@@ -10207,7 +10199,6 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- voter’s number ## Latvia passport number
-This sensitive information type entity is only available in the EU Passport Number sensitive information type.
### Format
@@ -10226,21 +10217,37 @@ No
### Definition
+A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression `Regex_latvia_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_latvia_eu_passport_number` is found.
+- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found
+ A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters: - The regular expression `Regex_latvia_eu_passport_number` finds content that matches the pattern. -- A keyword from `Keywords_eu_passport_number_common` or `Keywords_latvia_eu_passport_number` is found.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_latvia_eu_passport_number` is found.
```xml
- <!-- EU Passport Number -->
-<Entity id="21883626-6245-4f3d-9b61-5cbb43e625ee" patternsProximity="300" recommendedConfidence="75">
+ <!-- Latvia Passport Number -->
+ <Entity id="23ae25ec-cc28-421b-b77a-3054eadf1ede" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_latvia_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_latvia_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_eu_passport_date1" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
<Pattern confidenceLevel="75"> <IdMatch idRef="Regex_latvia_eu_passport_number" /> <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number_common" />
+ <Match idRef="Keywords_eu_passport_number" />
<Match idRef="Keywords_latvia_eu_passport_number" /> </Any> </Pattern>
-</Entity>
+ </Entity>
``` ### Keywords
@@ -10267,6 +10274,12 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- passeport no - n┬░ du Passeport
+#### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
++ ## Lithuania driver's license number ### Format
@@ -10519,7 +10532,6 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- uniqueidentityno# ## Lithuania passport number
-This sensitive information type entity is only available in the EU Passport Number sensitive information type.
### Format
@@ -10535,26 +10547,42 @@ not applicable
### Definition
+A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression `Regex_lithuania_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_lithuania_eu_passport_number` is found.
+- The regular expression `Regex_eu_passport_date3` finds date in the format DD MM YYYY or a keyword from `Keywords_eu_passport_date` is found
+ A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters: - The regular expression `Regex_lithuania_eu_passport_number` finds content that matches the pattern. -- A keyword from `Keywords_eu_passport_number_common` or `Keywords_lithuania_eu_passport_number` is found.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_lithuania_eu_passport_number` is found.
```xml
- <!-- EU Passport Number -->
-<Entity id="21883626-6245-4f3d-9b61-5cbb43e625ee" patternsProximity="300" recommendedConfidence="75">
+ <!-- Lithuania Passport Number -->
+ <Entity id="1b79900f-047b-4c3f-846f-7d73b5534bce" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_lithuania_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_lithuania_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_eu_passport_date3" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
<Pattern confidenceLevel="75"> <IdMatch idRef="Regex_lithuania_eu_passport_number" /> <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number_common" />
+ <Match idRef="Keywords_eu_passport_number" />
<Match idRef="Keywords_lithuania_eu_passport_number" /> </Any> </Pattern>
-</Entity>
+ </Entity>
``` ### Keywords
-#### Keywords_eu_passport_number_common
+#### Keywords_eu_passport_number
- passport# - passport #
@@ -10573,6 +10601,12 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- paso numeriai - paso nr
+#### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
++ ## Luxemburg driver's license number ### Format
@@ -10811,7 +10845,6 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- uniqueidkey# ## Luxemburg passport number
-This sensitive information type entity is only available in the EU Passport Number sensitive information type.
### Format
@@ -10827,28 +10860,76 @@ No
### Definition
+A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression `Regex_luxemburg_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_luxemburg_eu_passport_number` is found.
+- The regular expression `Regex_eu_passport_date3` finds date in the format DD MM YYYY or a keyword from `Keywords_eu_passport_date` is found
+ A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:-- The regular expression `Regex_nation_eu_passport_number` finds content that matches the pattern. -- A keyword from `Keywords_nation_eu_passport_number` is found.
+- The regular expression `Regex_luxemburg_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_luxemburg_eu_passport_number` is found.
```xml
- <!-- EU Passport Number -->
-<Entity id="21883626-6245-4f3d-9b61-5cbb43e625ee" patternsProximity="300" recommendedConfidence="75">
+ <!-- Luxemburg Passport Number -->
+ <Entity id="81d5c027-bed9-4421-91a0-3b2e55b3eb85" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_luxemburg_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_luxemburg_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_eu_passport_date3" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
<Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_nation_eu_passport_number" />
- <Match idRef="Keywords_nation_eu_passport_number" />
+ <IdMatch idRef="Regex_luxemburg_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_luxemburg_eu_passport_number" />
+ </Any>
</Pattern>
-</Entity>
+ </Entity>
``` ### Keywords
-#### Keywords_nation_eu_passport_number
+#### Keywords_eu_passport_number
-- passport number-- latvian passport number-- passport no
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
+
+#### Keywords_luxemburg_eu_passport_number
+- ausweisnummer
+- luxembourg pass
+- luxembourg passeport
+- luxembourg passport
+- no de passeport
+- no-reisepass
+- nr-reisepass
+- numéro de passeport
+- pass net
+- pass nr
- passnummer
+- passeport nombre
+- reisepässe
+- reisepass-nr
+- reisepassnummer
+
+#### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
+ ## Luxemburg national identification number (non natural persons)
@@ -11243,7 +11324,6 @@ A DLP policy is 65% confident that it's detected this type of sensitive informat
## Malta passport number
-This sensitive information type entity is only available in the EU Passport Number sensitive information type.
### Format
@@ -11259,26 +11339,39 @@ No
### Definition
+A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression `Regex_malta_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_malta_eu_passport_number` is found.
+- A keyword from `Keywords_eu_passport_date` is found
+ A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters: - The regular expression `Regex_malta_eu_passport_number` finds content that matches the pattern. -- A keyword from `Keywords_eu_passport_number_common` or `Keywords_malta_eu_passport_number` is found.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_malta_eu_passport_number` is found.
```xml
- <!-- EU Passport Number -->
-<Entity id="21883626-6245-4f3d-9b61-5cbb43e625ee" patternsProximity="300" recommendedConfidence="75">
+ <!-- Malta Passport Number -->
+ <Entity id="b2b21198-48f9-4d13-b2a5-03969bff0fb8" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_malta_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_malta_eu_passport_number" />
+ </Any>
+ <Match idRef="Keywords_eu_passport_date" />
+ </Pattern>
<Pattern confidenceLevel="75"> <IdMatch idRef="Regex_malta_eu_passport_number" /> <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number_common" />
+ <Match idRef="Keywords_eu_passport_number" />
<Match idRef="Keywords_malta_eu_passport_number" /> </Any> </Pattern>
-</Entity>
+ </Entity>
``` ### Keywords
-#### Keywords_eu_passport_number_common
+#### Keywords_eu_passport_number
- passport# - passport #
@@ -11297,6 +11390,12 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- numri tal-passaport - Nru tal-passaport
+#### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
++ ## Malta tax identification number ### Format
@@ -11616,7 +11715,6 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
## Netherlands passport number
-This sensitive information type entity is only available in the EU Passport Number sensitive information type.
### Format
@@ -11632,31 +11730,57 @@ not applicable
### Definition
+A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression `Regex_netherlands_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_netherlands_eu_passport_number` is found.
+- The regular expression `Regex_netherlands_eu_passport_date` finds date in the format DD MMM/MMM YYYY (Example - 26 MAA/MAR 2012)
+ A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters: - The regular expression `Regex_netherlands_eu_passport_number` finds content that matches the pattern. -- A keyword from `Keywords_netherlands_eu_passport_number` is found.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_netherlands_eu_passport_number` is found.
```xml
- <!-- EU Passport Number -->
-<Entity id="21883626-6245-4f3d-9b61-5cbb43e625ee" patternsProximity="300" recommendedConfidence="75">
+ <!-- Netherlands Passport Number -->
+ <Entity id="61786727-bafd-45f6-94d9-888d815e228e" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_netherlands_eu_passport_number" />
+ <Match idRef="Regex_netherlands_eu_passport_date" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_netherlands_eu_passport_number" />
+ </Any>
+ </Pattern>
<Pattern confidenceLevel="75"> <IdMatch idRef="Regex_netherlands_eu_passport_number" />
- <Match idRef="Keywords_netherlands_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_netherlands_eu_passport_number" />
+ </Any>
</Pattern>
-</Entity>
+ </Entity>
``` ### Keywords
+#### Keywords_eu_passport_number
+
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
+ #### Keywords_netherlands_eu_passport_number -- dutch passport number-- passport number-- netherlands passport number-- nederlanden paspoort nummer-- paspoort-- nederlanden paspoortnummer
+- paspoort nummer
+- paspoortnummers
- paspoortnummer
+- paspoort nr
## Netherlands tax identification number This sensitive information type is only available for use in:
@@ -12937,7 +13061,6 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- carta de condução ## Portugal passport number
-This sensitive information type entity is only available in the EU Passport Number sensitive information type.
### Format
@@ -12956,26 +13079,42 @@ No
### Definition
+A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression `Regex_portugal_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_portugal_eu_passport_number` is found.
+- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found
+ A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters: - The regular expression `Regex_portugal_eu_passport_number` finds content that matches the pattern. -- A keyword from `Keywords_eu_passport_number_common` or `Keywords_portugal_eu_passport_number` is found.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_portugal_eu_passport_number` is found.
```xml
- <!-- EU Passport Number -->
-<Entity id="21883626-6245-4f3d-9b61-5cbb43e625ee" patternsProximity="300" recommendedConfidence="75">
+ <!-- Portugal Passport Number -->
+ <Entity id="080a52fd-a7bc-431e-b54d-51f08f59db11" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_portugal_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_portugal_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_eu_passport_date1" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
<Pattern confidenceLevel="75"> <IdMatch idRef="Regex_portugal_eu_passport_number" /> <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number_common" />
+ <Match idRef="Keywords_eu_passport_number" />
<Match idRef="Keywords_portugal_eu_passport_number" /> </Any> </Pattern>
-</Entity>
+ </Entity>
``` ### Keywords
-#### Keywords_eu_passport_number_common
+#### Keywords_eu_passport_number
- passport# - passport #
@@ -13001,6 +13140,12 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- n├║mero passaporte - n├║meros passaporte
+#### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
++ ## Portugal tax identification number ### Format
@@ -13336,7 +13481,6 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- uniqueidentityno ## Romania passport number
-This sensitive information type entity is only available in the EU Passport Number sensitive information type.
### Format
@@ -13352,26 +13496,42 @@ No
### Definition
+A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression `Regex_romania_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_romania_eu_passport_number` is found.
+- The regular expression `Regex_romania_eu_passport_date` finds date in the format DD MMM/MMM YY (Example- 01 FEB/FEB 10) or a keyword from `Keywords_eu_passport_date` is found
+ A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters: - The regular expression `Regex_romania_eu_passport_number` finds content that matches the pattern. -- A keyword from `Keywords_eu_passport_number_common` or `Keywords_romania_eu_passport_number` is found.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_romania_eu_passport_number` is found.
```xml
- <!-- EU Passport Number -->
-<Entity id="21883626-6245-4f3d-9b61-5cbb43e625ee" patternsProximity="300" recommendedConfidence="75">
+ <!-- Romania Passport Number -->
+ <Entity id="5d31b90c-7fe2-4a76-a14b-767b8fd19d6c" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_romania_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_romania_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_romania_eu_passport_date" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
<Pattern confidenceLevel="75"> <IdMatch idRef="Regex_romania_eu_passport_number" /> <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number_common" />
+ <Match idRef="Keywords_eu_passport_number" />
<Match idRef="Keywords_romania_eu_passport_number" /> </Any> </Pattern>
-</Entity>
+ </Entity>
``` ### Keywords
-#### Keywords_eu_passport_number_common
+#### Keywords_eu_passport_number
- passport# - passport #
@@ -13391,6 +13551,12 @@ numarul pasaportului
numerele pașaportului Pașaport nr
+#### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
++ ## Russia passport number domestic This sensitive information type is only available for use in: - data loss prevention policies
@@ -13872,7 +14038,6 @@ A DLP policy is 65% confident that it's detected this type of sensitive informat
- tin# ## Slovakia passport number
-This sensitive information type entity is only available in the EU Passport Number sensitive information type.
### Format
@@ -13888,26 +14053,42 @@ No
### Definition
+A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression `Regex_slovakia_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_slovakia_eu_passport_number` is found.
+- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found
+ A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters: - The regular expression `Regex_slovakia_eu_passport_number` finds content that matches the pattern. -- A keyword from `Keywords_eu_passport_number_common` or `Keywords_slovakia_eu_passport_number` is found.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_slovakia_eu_passport_number` is found.
```xml
- <!-- EU Passport Number -->
-<Entity id="21883626-6245-4f3d-9b61-5cbb43e625ee" patternsProximity="300" recommendedConfidence="75">
+ <!-- Slovakia Passport Number -->
+ <Entity id="238e1f08-d80e-4793-af33-9b57918335b7" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_slovakia_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_slovakia_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_eu_passport_date1" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
<Pattern confidenceLevel="75"> <IdMatch idRef="Regex_slovakia_eu_passport_number" /> <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number_common" />
+ <Match idRef="Keywords_eu_passport_number" />
<Match idRef="Keywords_slovakia_eu_passport_number" /> </Any> </Pattern>
-</Entity>
+ </Entity>
``` ### Keywords
-#### Keywords_eu_passport_number_common
+#### Keywords_eu_passport_number
- passport# - passport #
@@ -13928,6 +14109,12 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- Passeport n┬░ - n┬░ Passeport
+#### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
++ ## Slovenia driver's license number ### Format
@@ -14171,7 +14358,6 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- uniqueidentityno# ## Slovenia passport number
-This sensitive information type entity is only available in the EU Passport Number sensitive information type.
### Format
@@ -14191,26 +14377,42 @@ No
### Definition
+A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression `Regex_slovenia_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_slovenia_eu_passport_number` is found.
+- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found
+ A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters: - The regular expression `Regex_slovenia_eu_passport_number` finds content that matches the pattern. -- A keyword from `Keywords_eu_passport_number_common` or `Keywords_slovenia_eu_passport_number` is found.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_slovenia_eu_passport_number` is found.
```xml
- <!-- EU Passport Number -->
-<Entity id="21883626-6245-4f3d-9b61-5cbb43e625ee" patternsProximity="300" recommendedConfidence="75">
+ <!-- Slovenia Passport Number -->
+ <Entity id="235b7976-7bbe-4df5-bb40-08678e749d1a" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_slovenia_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_slovenia_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_eu_passport_date1" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
<Pattern confidenceLevel="75"> <IdMatch idRef="Regex_slovenia_eu_passport_number" /> <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number_common" />
+ <Match idRef="Keywords_eu_passport_number" />
<Match idRef="Keywords_slovenia_eu_passport_number" /> </Any> </Pattern>
-</Entity>
+ </Entity>
``` ### Keywords
-#### Keywords_eu_passport_number_common
+#### Keywords_eu_passport_number
- passport# - passport #
@@ -14232,6 +14434,12 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- potni list - številke potnih listov
+#### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
++ ## Slovenia tax identification number This sensitive information type is only available for use in: - data loss prevention policies
@@ -14673,7 +14881,6 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- uniqueid# ## Spain passport number
-This sensitive information type entity is only available in the EU Passport Number sensitive information type.
### Format
@@ -14693,26 +14900,42 @@ Not applicable
### Definition
+A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression `Regex_spain_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_spain_eu_passport_number` is found.
+- The regular expression `Regex_spain_eu_passport_date` finds date in the format DD-MM-YYYY or a keyword from `Keywords_eu_passport_date` is found
+ A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters: - The regular expression `Regex_spain_eu_passport_number` finds content that matches the pattern. -- A keyword from `Keywords_eu_passport_number_common` or `Keywords_spain_eu_passport_number` is found.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_spain_eu_passport_number` is found.
```xml
- <!-- EU Passport Number -->
-<Entity id="21883626-6245-4f3d-9b61-5cbb43e625ee" patternsProximity="300" recommendedConfidence="75">
+ <!-- Spain Passport Number -->
+ <Entity id="d17a57de-9fa5-4e9f-85d3-85c26d89686e" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_spain_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_spain_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_spain_eu_passport_date" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
<Pattern confidenceLevel="75"> <IdMatch idRef="Regex_spain_eu_passport_number" /> <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number_common" />
+ <Match idRef="Keywords_eu_passport_number" />
<Match idRef="Keywords_spain_eu_passport_number" /> </Any> </Pattern>
-</Entity>
+ </Entity>
``` ### Keywords
-#### Keywords_eu_passport_number_common
+#### Keywords_eu_passport_number
- passport# - passport #
@@ -14740,9 +14963,13 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- pasaporte n┬░ - spain passport
+#### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
+ ## Spain social security number (SSN)
-This sensitive information type entity is included in the EU Social Security Number or Equivalent ID sensitive information type and is available as a stand alone sensitive information type entity.
### Format
@@ -15277,66 +15504,6 @@ A DLP policy is 75% confident that it's detected this type of sensitive informat
- PasseportNon - Passeportn ┬░
-## Sweden social security number or equivalent identification
-This sensitive information type entity is only available in the EU Social Security Number or Equivalent ID sensitive information type.
-
-### Format
-
-12 digits without spaces and delimiters
-
-### Pattern
-
-12 digits:
-
-- eight digits that correspond to the birth date (YYYYMMDD) -- three digits that correspond to a serial number where:
- - the last digit in the serial number indicates gender by the assignment of an odd number for male and an even number for female
- - up to 1990, the assignment of serial number corresponded to the county where the bearer of the number was born or (if born before 1947) where he/she had been living, according to tax records, on January 1, 1947, with a special code (usually 9 as the 7th digit) for immigrants
-- one check digit
-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
-- The function `Func_sweden_eu_ssn_or_equivalent` finds content that matches the pattern. -- A keyword from `Keywords_sweden_eu_ssn_or_equivalent` is found.
-
-A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
-- The function `Func_sweden_eu_ssn_or_equivalent` finds content that matches the pattern.
-
-```xml
- <!-- EU SSN or Equivalent Number -->
-<Entity id="d24e32a4-c0bb-4ba8-899d-6303b95742d9" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_sweden_eu_ssn_or_equivalent" />
- <Match idRef="Keywords_sweden_eu_ssn_or_equivalent" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_sweden_eu_ssn_or_equivalent" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keywords_sweden_eu_ssn_or_equivalent
--- personal id number-- identification number-- personal id no-- identity no-- identification no-- personal identification no-- personnummer id-- personligt id-nummer-- unikt id-nummer-- personnummer-- identifikationsnumret-- personnummer#-- identifikationsnumret# ## Sweden tax identification number This sensitive information type is only available for use in:
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/single-item-error-remediation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/single-item-error-remediation.md
@@ -72,7 +72,7 @@ To remediate a single document, follow these steps:
![You can view the remediated file in the native format in the review set](../media/SIERimage9.png)
-For more information about what happens when a document is remediated, see [What happens when files are remediated](error-remediation.md#what-happens-when-files-are-remediated).
+For more information about what happens when a document is remediated, see [What happens when files are remediated](error-remediation-when-processing-data-in-advanced-ediscovery.md#what-happens-when-files-are-remediated).
## Search for remediated documents
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/supported-filetypes-datainvestigations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/supported-filetypes-datainvestigations.md deleted file mode 100644
@@ -1,68 +0,0 @@
-title: "Supported file types in Data Investigations (preview)"
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: reference
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-description: "A table listing the supported file types and what viewers they can be viewed in for Data Investigations (preview)."
-ms.custom: seo-marvel-mar2020
-
-# Supported file types in Data Investigations (preview)
-
-The Data Investigations (preview) tool supports many file types in several different ways, which are described in the following table. This list isn't finalized, and we'll add new file types as we continue our validation testing. The table also indicates if a file type can be viewed in the available viewers when you're reviewing evidence.
-
-| Mime type | File class | Native viewer | Text viewer | Annotate viewer | Container extraction | Extensions |
-|:------|:------|:------|:------|:------|:------|:------|
-|application/msword | Document | Yes | Yes | Yes | No | .doc; .dat |
-|application/pdf | Document | Yes | Yes | Yes | No | .pdf |
-|application/rtf | Document | Yes | Yes | Yes | No | .rtf; .doc |
-|application/vnd.ms-excel | Document | Yes | Yes | Yes | No | .xls; .dat |
-|application/vnd.ms-excel.sheet.binary.macroenabled.12 | Productivity / Open Document Format | Yes | Yes | No | No | .xlsb |
-|application/vnd.ms-excel.sheet.macroenabled.12 | Document | Yes | Yes | Yes | No | .xlsm |
-|application/vnd.ms-excel.template.macroenabled.12 | Productivity / Open Document Format | No | Yes | No | No | .xltm |
-|application/vnd.ms-outlook | Productivity | No | No | No | No | .msg |
-|application/vnd.ms-outlook-pst | Productivity / Collaboration | No | No | No | Yes | .pst |
-|application/vnd.ms-powerpoint | Document | Yes | Yes | Yes | No | .ppt; .pps; .pot |
-|application/vnd.ms-word.document.macroenabled.12 | Document | Yes | Yes | Yes | No | .docm |
-|application/vnd.ms-word.template.macroenabled.12 | Document | Yes | Yes | Yes | No | .dotm |
-|application/vnd.oasis.opendocument.text | Document | Yes | Yes | Yes | No | .odt; |
-|application/vnd.openxmlformats-officedocument.presentationml.presentation | Document | Yes | Yes | Yes | No | .pptx |
-|application/vnd.openxmlformats-officedocument.presentationml.slideshow | Productivity / Open Document Format | Yes | Yes | Yes | No | .ppsx |
-|application/vnd.openxmlformats-officedocument.presentationml.template | Document | Yes | Yes | Yes | No | .potx |
-| apadsheetml.sheet | Document | Yes | Yes | Yes | No | .xlsx |
-|application/vnd.openxmlformats-officedocument.spreadsheetml.template | Document | Yes | Yes | Yes | No | .xltx |
-|application/vnd.openxmlformats-officedocument.wordprocessingml.document | Document | Yes | Yes | Yes | No | .docx |
-|application/vnd.openxmlformats-officedocument.wordprocessingml.template | Document | Yes | Yes | Yes | No | .dotx |
-|application/vnd.visio | Document | Yes | Yes | Yes | No | .vsd |
-|application/x-7z-compressed | Archive / Container | No | No | No | Yes | .7z |
-|application/xhtml+xml | Document | Yes | Yes | Yes | No | .xhtml |
-|application/xml | Document | Yes | Yes | Yes | No | .xml |
-|application/x-msaccess | Document | Yes | Yes | Yes | No | .mdb |
-|application/x-mspublisher | Document | Yes | Yes | Yes | No | .pub |
-|application/x-rar-compressed | Archive / Container | No | No | No | Yes | .rar |
-| application/zip | Archive / Container | No | No | No | Yes | .zip |
-|image/bmp | Image | Yes | Yes | Yes | No | .bmp |
-|image/emf | Image | Yes | Yes | Yes | No | .emf |
-|image/gif | Document | Yes | Yes | Yes | No | .gif |
-|image/jpeg | Image | Yes | Yes | Yes | No | .jpg; .jpeg; .dat; .jpgt |
-|image/png | Image | Yes | Yes | Yes | No | .png |
-|image/tiff | Image | Yes | Yes | Yes | No | .tif |
-|image/vnd.dwg | Document | Yes | Yes | Yes | No | .dwg; .dxf; |
-|image/wmf | Document | Yes | Yes | Yes | No | .wmf |
-| message/rfc822 | Productivity / Collaboration | No | No | No | No | .eml |
-|text/csv | Document | Yes | Yes | Yes | No | .csv |
-|text/html | Document | Yes | Yes | Yes | No | .html; .shtml; .htm |
-|text/plain | Document | Yes | Yes | Yes | No | .txt; .css;.con; .pl; .csv; .dat |
-|text/vcard-contact | Document | Yes | Yes | Yes | No | .vcf |
-||||||||
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/tag-documents https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/tag-documents.md deleted file mode 100644
@@ -1,24 +0,0 @@
-title: "Tag documents in evidence"
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-ms.assetid:
-ROBOTS: NOINDEX, NOFOLLOW
-description: "Tag documents in an evidence set to identify their relevance to your investigation."
-
-# Tag documents in evidence
-
-Content coming soon.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/themes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/themes.md deleted file mode 100644
@@ -1,28 +0,0 @@
-title: Themes - Data investigations
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-ms.assetid:
-description: During a data investigation, use Themes to organize documents by finding common ideas or concepts.
-ms.custom: seo-marvel-mar2020
-
-# Themes in Data Investigations (preview)
-
-When someone composes a document, they do not choose words randomly; they are trying to convey some ideas or concepts, and the words are chosen accordingly. Themes modules clusters documents that discuss similar subject matters so that reviewers can be more efficient in going through documents.
-
-## How does Themes work?
-
-Themes analyzes documents with text in a working set to parse out common themes that appear across the documents. Then, it assigns those themes to the documents in which they appear. It also labels each with words used in the documents that are representative of the theme. Since a document can be about more than one subject matter, in many cases a document has more than one themes assigned to it. The theme that appears most prominently in a document is designated as its dominant theme.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/use-relevance-module https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/use-relevance-module.md deleted file mode 100644
@@ -1,141 +0,0 @@
-title: "Use the Relevance module to analyze data in evidence"
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-ms.assetid:
-description: Learn how the Relevance module analyzes data in evidence with a description of the Relevance workflow and training steps in Data Investigations (preview).
-ms.custom: seo-marvel-mar2020
-
-# Use the Relevance module to analyze data in evidence
-
-In Data Investigations (preview), the Relevance module includes the Relevance training and review of files related to an investigation. The Relevance workflow is shown and described as follows:
-
-![Relevance workflow](../media/44c67dd2-7a20-40a9-b0ed-784364845c77.gif)
-
-- **Cycles of assessment and tracking**:-
- - **Assessment**: Enables early assessment based on a random sample of files and uses this assessment to apply decisions to determine the performance of the predictive coding process.
-
- - **Track**: Calculate and display interim results of the assessment while monitoring statistical validity of the process.
--- **Cycles of training and tracking**-
- - **Tag**: Data Investigations (preview) learns the Relevance criteria specific to each issue based on the expert's iterative review and tagging of individual files.
-
- - **Track**: Calculate and display interim results of the Relevance training while monitoring statistical validity of the process.
-
-- **Batch calculation**: The accumulated and learned Relevance criteria is applied to the entire file collection, and a Relevance score is generated for each file.
-
-- **Decide**: The results of the analysis applied to the entire case are displayed after Batch calculation, and data used to make document review decisions is displayed.
-
-- **Test**: Results can be tested to verify the validity and effectiveness of the Data Investigations (preview) processing.--- **Search**: Once the Relevance workflow is complete, you can use the output such as read percentile of a document for your issue when you run a query within your working set.
-
-## Guidelines for Relevance training and review
-
-Following is an overview of guidelines for Relevance training and review:
-
-- **Errors and inconsistencies**: If tagging errors are made during training, return to previous file samples to correct them. If there are too many errors to correct or there is a new perspective of the case or issue, the Relevance criteria should be redefined by the Administrator, and the Relevance training restarted.
-
-- **Tagging and training**:
-
- - Files should be tagged based on content only. Do not consider metadata, such as custodian, date, or file path.
-
- - Do not consider date range indications in the text when tagging files.
-
- - Do not consider embedded graphical images when tagging files.
-
- - Ignore text applied to Relevance will be removed in the displayed file content in the text view in Relevance. If the values for Ignore text were defined after Relevance training already started, the new ignored text will be applied to sample files created from the point in which it was defined. The Ignore Text feature should be used cautiously, as its use may reduce the performance of file analysis
-
- - Use the **Skip tagging** option only when necessary. Data Investigations (preview) doesn't train based on skipped files. In assessment, if it's hard to tell whether a file is relevant, it is better to tag as Relevant (R) or Not relevant (NR) whenever possible rather than selecting **Skip**. When Data Investigations (preview) evaluates training, it can then be seen how well these types of files were processed.
-
- - Even files with a small amount of extracted text should be tagged in training as R/NR, rather than as "Skip", when possible.
-
- - Tagging can impact the classifier as long as the file is readable and can be tagged as R/NR.
-
- - The file sequence number on the displayed Sample files list on the **Tag** tab allows the user to return to the original displayed order of the files.
-
- - You can go back to any sample and change the tagging of the assessment and training set files. The changes will be applied when creating the next sample.
-
- - Scanned Excel files in PDF format should be treated the same as native Excel files when tagging files.
-
- - When in doubt regarding the Relevance tagging of a file, consult an expert. Incorrect tagging during the Relevance training can lead to lost time later in the process and may also have a negative impact on the quality of the overall results.
-
- - Keywords that were defined in Keyword lists will be displayed in colors to help the user identify relevant files while tagging.
-
-- **Batch calculation**: Files that were tagged as R/NR by the expert will receive a score of either 0 or 100. This applies to tagging made before Batch calculation. If the expert switched the issue to Idle after Batch Calculation and continued tagging this issue, the newly tagged scores will not be 100/0 but rather the original score.
-
-- **Issues and sampling mode**: Issues are turned Off when work on them is completed (Relevance training is stabilized and Batch calculation was performed), when the issues are canceled, or when another user is working on the issues.
-
-## Steps in Relevance training
-
-In the **Relevance \> Track** tab, Data investigations provides recommendations on how to proceed in the processing, with the following next steps. The implications are described below when each of the following steps is recommended in the Relevance training process.
-
-- Tagging / Continue tagging: File review and Relevance tagging performed by an expert for each file and issue within a sample.
-
- - Implication: An existing sample needs to be tagged.
-
-- Assessment / Continue assessment: Enables early validation of case issue relevance and a preliminary view of the relevance of the file population imported for the current case.
-
- - Implication: More assessment is required or recommended.
-
-- Training / Continue training: Process during which Data investigations learns from the expert who is tagging the file samples and acquires the ability to identify Relevance criteria pertinent to each issue within the context of each case.
-
- - Implication: The issue needs more training; the next sample should be created and tagged.
-
-- Batch calculation: Relevance process in which Data investigations take the knowledge acquired during the training stage and applies it to the entire file population. All files in the pertinent file group are assessed for relevance and assigned a Relevance score.
-
- - Implication: The issue has stabilized, and Batch calculation can be performed.
-
-- Catch-up: Relevance indicates when an expert reviews and tags a sample of files selected from an additional file load during a Rolling Loads scenario.
-
- - Implication: A new load has been added, and Catch-up is required to continue working.
-
-- Tag inconsistencies: Process identifies, via a Data investigations algorithm, inconsistencies in the file tagging process that may negatively impact the analysis.
-
- - Implication: The next sample will include files that have been tagged in previous samples, and their tagging must be redone.
-
-- Update classifier: Allows the user to apply tagging or seeding changes.
-
- - Implication: Tagging and seeding changes can be applied without needing to manually run another Relevance sample.
-
-- On hold: The Relevance training process is completed.
-
- - Implication: No Relevance training is required at this point.
-
-Although Data investigations guide you through the process, with recommended Next steps at different stages, it also allows you to navigate between tabs and pages, and to make choices to address situations that may be pertinent to your individual case, issue, or document review process.
-
-It is possible to accept or override Data investigations Next step processing choices. If you want to perform a step other than the recommended Next step, click the **Next step** listed in the expanded issue display in the dialog, click the **Modify** button next to the Next step, and select another Next step option.
-
-> [!NOTE]
-> Some options may remain disabled after unlocking as they are not supported for use at that point in the process.
-
-## More information
-
-[Understanding Assessment in Relevance](assessment-in-relevance-in-advanced-ediscovery.md)
-
-[Tagging and assessment](tagging-and-assessment-in-advanced-ediscovery.md)
-
-[Tagging and Relevance training](tagging-and-relevance-training-in-advanced-ediscovery.md)
-
-[Tracking Relevance analysis](track-relevance-analysis-in-advanced-ediscovery.md)
-
-[Deciding based on the results](decision-based-on-the-results-in-advanced-ediscovery.md)
-
-[Testing Relevance analysis](test-relevance-analysis-in-advanced-ediscovery.md)
-
-[Query the data in evidence](evidence-query.md)
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/view-people-of-interest-activity https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/view-people-of-interest-activity.md deleted file mode 100644
@@ -1,103 +0,0 @@
-title: "View the audit activity of people of interest"
-f1.keywords:
-- NOCSH
-ms.author: markjjo
-author: markjjo
-manager: laurawi
-ms.date:
-audience: Admin
-ms.topic: article
-ms.service: O365-seccomp
-localization_priority: Normal
-ms.collection: M365-security-compliance
-search.appverid:
-- MOE150-- MET150
-ms.assetid:
-ms.custom:
- - seo-marvel-mar2020
- - seo-marvel-apr2020
-description: Use the Data Investigations (preview) People of interest Management tool in your investigation by accessing and searching the activity for people of interest.
-# View the audit activity of people of interest
-
-Need to find if a user viewed a specific document or purged an item from their mailbox? Data Investigations (preview) is now integrated with the existing audit log search tool in the Security & Compliance Center. Using this embedded experience, you can use the Data Investigations (preview) People of interest Management tool to facilitate your investigation by easily accessing and searching the activity for people of interest within your investigation.
-
-## Get permissions
-
-You have to be assigned the View-Only Audit Logs or Audit Logs role in Exchange Online to search the audit log. By default, these roles are assigned to the Compliance Management and Organization Management role groups on the Permissions page in the Exchange admin center. To give a user the ability to search the Data Investigations (preview) audit log with the minimum level of privileges, you can create a custom role group in Exchange Online, add the View-Only Audit Logs or Audit Logs role, and then add the user as a member of the new role group. For more information, see Manage role groups in Exchange Online.
-
-> [!IMPORTANT]
-> If you assign a user the View-Only Audit Logs or Audit Logs role on the Permissions page in the Security & Compliance Center, they won't be able to search the audit log. You have to assign the permissions in Exchange Online. This is because the underlying cmdlet used to search the audit log is an Exchange Online cmdlet.
-
-## Step 1: Create an Data Investigations (preview) audit log search
-
- 1. Select an existing investigation from the **Security & Compliance Center > Data Investigations (preview)**.
-
- 2. Navigate to the **People of interest** tab and select a person.
-
- 3. Once you have selected a person, click **View Activity** from the details panel.
-
- 4. Configure the following search criteria:
-
- a. **Activities** - Click the drop-down list to display the activities that you can search for. After you run the search, only the audit records for the selected activities are displayed. Selecting **Show results for all activities** will display results for all activities that meet the other search criteria.
-
- b. **Start date and End date** - Select a date and time range to display the events that occurred within that period. The last seven days are selected by default. The date and time are presented in Coordinated Universal Time (UTC) format. The maximum date range that you can specify is one year.
-
- c. **People of interest** - Click in this box and then select a specific custodian to display search results for. Audit records for the selected activity performed by the users you select in this box are displayed in the list of results.
-
- 5. Click **Search** to run the search using your search criteria. The search results are loaded, and after a few moments they are displayed under Results on the People of interest Activities search page.
-
-## Step 2: View the audit log search results
-
-The results of an audit log search are displayed under Results on the People of interest Audit log page. A maximum of 5,000 (newest) events are displayed in increments of 150 events. To display more events you can use the scroll bar in the Results pane or you can press Shift + End to display the next 150 events.
-
-The results contain the following information about each event returned by the search.
--- **Date**: The date and time (in UTC format) when the event occurred.--- **IP address**: The IP address of the device that was used when the activity was logged. The IP address is displayed in either an IPv4 or IPv6 address format.--- **User**: The user (or service account) who performed the action that triggered the event.--- **Activity**: The activity performed by the user. This value corresponds to the activities that you selected in the Activities drop down list. For an event from the Exchange admin audit log, the value in this column is an Exchange cmdlet.--- **Item**: The object that was created or modified as a result of the corresponding activity. For example, the file that was viewed or modified or the user account that was updated. Not all activities have a value in this column.--- **Detail**: Additional detail about an activity. Again, not all activities will have a value.-
-## Step 3: Filter the search results
-
-In addition to sorting, you can also filter the results of an audit log search. This can help you quickly filter the results for a specific user or activity.
-
-To filter the results:
-
-1. Create and run an audit log search.
-
-2. When the results are displayed, click **Filter results**.
-
-3. Keyword boxes are displayed under each column header.
-
-4. Click one of the boxes under a column header and type a word or phrase, depending on the column you're filtering on. The results will dynamically readjust to display the events that match your filter.
-
-5. To clear a filter, click the **X** in the filter box or just click **Hide filtering**.
-
-## Export the search results to a file
-
-You can export the results of an audit log search to a comma separated value (CSV) file on your local computer. You can open this file in Microsoft Excel and use features such as search, sorting, filtering, and splitting a single column (that contains multi-value cells) into multiple columns.
-
-1. Run an audit log search, and then revise the search criteria until you have the desired results.
-
-2. Click Export results and select one of the following options:
-
- - **Save loaded results:** Choose this option to export only the entries that are displayed under **Results** on the **People of interest Audit log search** page. The CSV file that is downloaded contains the same columns (and data) displayed on the page (Date, User, Activity, Item, and Details). An additional column (titled **More**) is included in the CSV file that contains more information from the audit log entry. Because you're exporting the same results that are loaded (and viewable) on the Audit log search page, a maximum of 5,000 entries are exported.
-
- - **Download all results:** Choose this option to export all entries from the audit log that meet the search criteria. For a large set of search results, choose this option to download all entries from the audit log in addition to the 5,000 results that can be displayed on the **People of interest Audit log** search page. This option will download the raw data from the audit log to a CSV file, and contains additional information from the audit log entry in a column named AuditData. It may take longer to download the file if you choose this export option because the file may be much larger than the one that's downloaded if you choose the other option.
-
- > [!IMPORTANT]
- > You can download a maximum of 50,000 entries to a CSV file from a single audit log search. If 50,000 entries are downloaded to the CSV file, you can probably assume there are more than 50,000 events that met the search criteria. To export more than this limit, try using a date range to reduce the number of audit log entries. You might have to run multiple searches with smaller date ranges to export more than 50,000 entries.
-
-3. After you select an export option, a message is displayed at the bottom of the window that prompts you to open the CSV file, save it to the Downloads folder, or save it to a specific folder
-
-For more information about viewing, filtering, or exporting audit log search results, see [Search the audit log in the Office 365](search-the-audit-log-in-security-and-compliance.md).
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/what-is-stored-in-exo-mailbox https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/what-is-stored-in-exo-mailbox.md
@@ -21,7 +21,7 @@ description: "Data produced by cloud-based apps in Microsoft 365 is stored or as
# Content stored in Exchange Online mailboxes
-A mailbox in Exchange Online is primarily used to store email-related items such as messages, calendar items, tasks, and notes. But that's changing as more cloud-based apps also store their data in a user's mailbox. One advantage of storing data in a mailbox is that you can use the search tools in content search, Core eDiscovery, Advanced eDiscovery, and Data Investigations to find, view, and export the data from these cloud-based apps. The data from some of these apps is stored in hidden folders located in a non-interpersonal message (non-IPM) subtree in the mailbox. Data from other cloud-based apps might not be stored _in_ the mailbox, but it's _associated with_ the mailbox, and is returned in searches (if that data matches the search query). Regardless of whether cloud-based data is stored in or associated with a user mailbox, the data is typically not visible in an email client when a user opens their mailbox.
+A mailbox in Exchange Online is primarily used to store email-related items such as messages, calendar items, tasks, and notes. But that's changing as more cloud-based apps also store their data in a user's mailbox. One advantage of storing data in a mailbox is that you can use the search tools in content search, Core eDiscovery, Advanced eDiscovery to find, view, and export the data from these cloud-based apps. The data from some of these apps is stored in hidden folders located in a non-interpersonal message (non-IPM) subtree in the mailbox. Data from other cloud-based apps might not be stored _in_ the mailbox, but it's _associated with_ the mailbox, and is returned in searches (if that data matches the search query). Regardless of whether cloud-based data is stored in or associated with a user mailbox, the data is typically not visible in an email client when a user opens their mailbox.
The following table lists the apps that either stores or associates data with a cloud-based mailbox. The table also describes the type of content that each app produces.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/whats-new https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/whats-new.md
@@ -29,9 +29,41 @@ Whether it be adding new solutions to the [Microsoft 365 compliance center](micr
> [!TIP]
-> Interested in what's going on in other admin centers? Check out these articles:<br>[What's new in the Microsoft 365 admin center](https://docs.microsoft.com/office365/admin/whats-new-in-preview?view=o365-worldwide)<br>[What's new in the SharePoint admin center](https://docs.microsoft.com/sharepoint/what-s-new-in-admin-center)<br>[What's new in Microsoft 365 Defender](https://docs.microsoft.com/microsoft-365/security/mtp/whats-new)<br><br>
+> Interested in what's going on in other admin centers? Check out these articles:<br>[What's new in the Microsoft 365 admin center](https://docs.microsoft.com/office365/admin/whats-new-in-preview)<br>[What's new in the SharePoint admin center](https://docs.microsoft.com/sharepoint/what-s-new-in-admin-center)<br>[What's new in Microsoft 365 Defender](https://docs.microsoft.com/microsoft-365/security/mtp/whats-new)<br><br>
And visit the [Microsoft 365 Roadmap](https://www.microsoft.com/en-us/microsoft-365/roadmap) to learn about Microsoft 365 features that were launched, are rolling out, are in development, have been cancelled, or previously released.
+## November & December 2020
+Just a reminder that we often release new and updated features in a preview state to learn how they're being used so we can hone and improve them before releasing to general availability. Your feedback is critical during preview (and beyond), so be sure to let us know what you think by opening the Feedback card at the bottom right of the compliance center.
+
+![feedback](../media/Feedback_card_MCC.JPG)
+
+### Spotlight: Endpoint data loss prevention (DLP) released
+
+[Endpoint DLP](endpoint-dlp-learn-about.md) extends the activity monitoring and protection capabilities of DLP to sensitive info on Windows 10 devices. After devices are [onboarded](dlp-configure-endpoints.md) to the Microsoft 365 compliance center, you can set up DLP policies to protect the sensitive info on those devices.
+
+### Advanced eDiscovery
+
+To make it easier to manage encrypted content in the eDiscovery workflow, Microsoft 365 eDiscovery tools now incorporate [decryption of encrypted files](ediscovery-decryption.md) that are attached to email messages and sent in Exchange. Additionally, encrypted documents stored in SharePoint and OneDrive are decrypted in Advanced eDiscovery.
+
+### Compliance Manager
+
+- [Support for Microsoft 365 Government subscriptions](compliance-manager.md). Compliance Manager is now available to US Government Community (GCC) Moderate and High customers.
+- [Microsoft Compliance Configuration Analyzer for Compliance Manager](compliance-manager-mcca.md). New PowerShell-based tool that helps you get started with Compliance Manager by scanning your organizationΓÇÖs current configurations and validating them against Microsoft 365 recommended best practices.
+- [New templates](compliance-manager-templates-list.md). Added 56 new templates, bringing total Compliance Manager templates to over 230.
+
+### Data connectors
+
+[Five new Globanet connectors in preview](archiving-third-party-data.md#third-party-data-connectors). New connectors include Reuters Dealing, Reuters FX, CellTrust, XIP, generic MS SQL Database data.
+
+### Retention labels (disposition review)
+
+To view items during a disposition review, users must now be members of the [Content Explorer Content Viewer and Content Explorer List Viewer role groups](disposition.md#permissions-for-disposition). Although required to review items, these role groups arenΓÇÖt necessary for completing the disposition review.
+
+### Sensitivity labels
+
+- [(Preview) External sharing settings for SharePoint sites](sensitivity-labels-teams-groups-sites.md#how-to-configure-groups-and-site-settings). When creating a label that will be used for groups and sites, youΓÇÖll see an option to control external sharing for SharePoint sites that have the label applied. You can specify that sharing is allowed for anyone, new and existing guests, existing guests only, or just users in your organization. When the label is applied, the label settings will replace any external sharing settings [configured in the SharePoint admin center](https://docs.microsoft.com/sharepoint/change-external-sharing-site).
+- [Remove label and encryption from a labeled document](sensitivity-labels-sharepoint-onedrive-files.md#remove-encryption-for-a-labeled-document). To remove both a label and the encryption it enforces from a labeled document in SharePoint, global admins and SharePoint admins can run the new `Unlock-SPOSensitivityLabelEncryptedFile` cmdlet. This cmdlet runs even if the admin doesn't have access permissions to the site or file, or if the Azure Rights Management service is unavailable.
+ ## October 2020 ### Advanced eDiscovery
@@ -310,9 +342,6 @@ As you set up and validate these connectors, please leave us feedback about what
The wait is over. We're pleased to announce that the Microsoft 365 compliance center is available to all customers with Microsoft 365, Office 365, Enterprise Mobility + Security (EMS), and Windows 10 Enterprise plans. Any data or policies you were managing in the Security & Compliance Center are available in the compliance center, so no need to jump back and forth.
-> [!TIP]
-> Read through last month's update again for a refresher on some of the [new solutions](#new-compliance-solutions) we previewed recently, as well as a [roadmap](#updated-compliance-solutions) showing where compliance features from the Security & Compliance Center now live in Microsoft 365.
- Bookmark and head over now to [https://compliance.microsoft.com](https://compliance.microsoft.com) to tour your one-stop-shop for managing compliance across your org...or [read this article](microsoft-365-compliance-center.md) to dig in a bit more. ![Microsoft 365 compliance center home page](../media/mcc-home-ga.png)
@@ -364,63 +393,4 @@ Always working hard to help you get ahead of the ever-evolving compliance landsc
- Brazil General Data Protection Law (Lei Geral de Proteção de Dados - LGPD) - SOC 1 Type 2 and SOC 2 Type 2
-[Learn more about Compliance Score templates](compliance-score.md#templates)
-
-## November & December 2019
-
-Over the holidays, we started rolling out all the great compliance solutions that were demo'd at Ignite. Most are in a preview state, so test them out and be sure to let us know what you think by opening the Feedback card at the bottom right of the compliance center.
-
-![feedback](../media/Feedback_card_MCC.JPG)
-
-### Get to know the new neighborhood
-
-The new Microsoft 365 compliance center includes brand new solutions as well as the compliance features you know and love from the Office 365 Security & Compliance Center. Let's dig in a bit more…
-
-#### New compliance solutions
-
-You might be wondering what a *solution* is. As much as the cloud has revolutionized the way business is done, it's also opened the door for new methods of data theft and fraud and necessitated new regulations. Our compliance solutions are collections of integrated capabilities that can help you help you manage these evolving compliance requirements. A solution's capabilities might include a combination of policies, alerts, reports, and more.
-
-Here's a summary of the new solutions you'll find. Keep an eye out for others coming soon.
-
-> [!NOTE]
-> These solutions are located only in the Microsoft 365 compliance center. They can't be managed in the Office 365 Security & Compliance Center.
-<br/>
-
-|**New solution**|**Description**|**Learn more**|
-|:-----|:-----|:-----|
-|Microsoft Compliance Score (preview) <br/>|Built from [Compliance Manager](compliance-manager-overview.md), Compliance Score is a standalone feature with a simpler, more user-friendly design that helps you understand and improve your organization's compliance posture. It calculates a risk-based score measuring your progress in completing actions that help reduce risks around data protection and regulatory standards. <br/>|[Overview of Microsoft Compliance Score (preview)](compliance-score.md)|
-|Solution catalog (preview) <br/>|The solution catalog is your one-stop-shop for discovering, learning about, and quickly getting started with our compliance and risk management solutions. The catalog is organized into three compliance categories, each containing details about the solutions that make up that category. Categories include Information protection & governance, Insider risk management, and Discovery & response <br/>|[Overview of the solution catalog (preview)](microsoft-365-solution-catalog.md)|
-|Communication compliance (preview) <br/>|Communication compliance is part of the new insider risk management category that helps minimize communication risks by helping you detect, capture, and take remediation actions for inappropriate messages in your organization. The solution extends the capabilities of supervision policies in Office 365 by introducing several new enhancements such as intelligent templates, flexible remediation workflows, and actionable insights. <br/>|[Communication compliance in Microsoft 365 (preview)](communication-compliance.md)|
-|Data classification (preview) <br/>|Our new Data classification page contains powerful insights and tools to help you discover and evaluate how sensitive info and labels (retention and sensitivity) are being used in content across your organization. Review content that contains sensitive info or has labels applied, explore label activity across Microsoft 365 locations, create custom sensitive info types, and much more.<br/>|[Data classification overview (preview)](data-classification-overview.md)|
-|Trainable classifiers (preview) <br/>|This powerful new tool uses our machine learning engine to help identify categories of content in your org, like regulatory docs or employee agreements. Once created, classifiers can be used in several compliance solutions to detect related content and classify it, protect it, retain it, and more.<br/>|[Learn about trainable classifiers (preview)](classifier-learn-about.md)|
-
-#### Updated compliance solutions
-
-If you've been using the Office 365 Security & Compliance Center for your compliance needs, you might wonder where some features now live in the new Microsoft 365 compliance center. Here's a quick roadmap to help find their new homes.
-
-> [!NOTE]
-> Some features are still available only in the Office 365 Security & Compliance Center ΓÇô these are noted below. But we're working hard to preview these in the Microsoft 365 compliance center, so stay tuned for updates.
-<br/>
-
-|**Feature**|**Office 365 Security & Compliance Center**|**Microsoft 365 compliance center**|**Learn more**|
-|:-----|:-----|:-----|:-----|
-|Advanced eDiscovery|eDiscovery > Advanced eDiscovery <br/> https://protection.office.com/advancedediscoverycases |eDiscovery > Advanced <br/> https://compliance.microsoft.com/advancedediscovery | [Overview of the Advanced eDiscovery solution in Microsoft 365](overview-ediscovery-20.md) |
-|Alert policies|Alerts > Alert policies <br/> https://protection.office.com/alertpolicies |At this time, alert policies are managed only in the Office 365 Security & Compliance Center. |[Alert policies in the security and compliance center](alert-policies.md) |
-|Alerts|Alerts > View alerts <br/> https://protection.office.com/viewalerts |Alerts <br/> https://compliance.microsoft.com/compliancealerts |[Viewing alerts](alert-policies.md#viewing-alerts)|
-|Archive|Information governance > Archive <br/> https://protection.office.com/archiving |Information governance > Archive tab <br/> https://compliance.microsoft.com/informationgovernance?viewid=archive |[Enable archive mailboxes](enable-archive-mailboxes.md)|
-|Audit log search|Search > Audit log search <br/> https://protection.office.com/unifiedauditlog |Audit <br/> https://compliance.microsoft.com/auditlogsearch | [Search the audit log in the Security & Compliance Center](search-the-audit-log-in-security-and-compliance.md)|
-|Content search|Search > Content search <br/> https://protection.office.com/contentsearchbeta?ContentOnly=1 | Content search <br/> https://compliance.microsoft.com/contentsearch |[Search for content in Office 365](search-for-content.md) |
-|Data connectors|Information governance > Archive third-party data <br/> https://protection.office.com/nativeconnector | Data connectors <br/> https://compliance.microsoft.com/connectorlanding |[Archive third-party data](archiving-third-party-data.md)|
-|Data loss prevention|Data loss prevention <br/> https://protection.office.com/datalossprevention |Data loss prevention <br/> https://compliance.microsoft.com/datalossprevention |[Overview of data loss prevention](data-loss-prevention-policies.md)|
-|Data subject requests |Data privacy > Data subject requests <br/> https://protection.office.com/dsrcases |Data subject requests <br/> https://compliance.microsoft.com/datasubjectrequest |[Manage GDPR data subject requests with the DSR case tool](manage-gdpr-data-subject-requests-with-the-dsr-case-tool.md)|
-|eDiscovery|eDiscovery > eDiscovery <br/> https://protection.office.com/ediscoveryv1 |eDiscovery > Core <br/> https://compliance.microsoft.com/classicediscovery |[Manage eDiscovery cases](ediscovery-cases.md) |
-|Events|Records management > Events <br/> https://protection.office.com/events |Records management > Events tab <br/> https://compliance.microsoft.com/recordsmanagement?viewid=events |[Start retention when an event occurs](event-driven-retention.md)|
-|File plan|Records management > File plan <br/> https://protection.office.com/fileplan |Records management > File plan tab <br/> https://compliance.microsoft.com/recordsmanagement?viewid=fileplan |[Use file plan to manage retention labels](file-plan-manager.md)|
-|Import PST files|Information governance > Import PST files <br/> https://protection.office.com/importV2 |Information governance > Import tab <br/> https://compliance.microsoft.com/informationgovernance?viewid=import |[Overview of importing your organization's PST files](importing-pst-files-to-office-365.md)|
-|Label activity explorer|Information governance > Label activity explorer <br/> https://protection.office.com/labelexplorer |Data classification > Activity explorer tab <br/> https://compliance.microsoft.com/dataclassification?viewid=activitiesexplorer |[View activity on your labeled content (preview)](data-classification-activity-explorer.md)|
-|Retention labels and label policies |Classification > Retention labels > Labels and Label policies tabs <br/> https://protection.office.com/retentionlabels |Information governance > Labels and Label policies tabs <br/> https://compliance.microsoft.com/informationgovernance?viewid=labels <br/> https://compliance.microsoft.com/informationgovernance?viewid=labelpolicies | [Overview of retention labels](retention.md)|
-|Retention policies|Information governance > Retention <br/> https://protection.office.com/retention |Information governance > Retention tab <br/> https://compliance.microsoft.com/informationgovernance?viewid=retention |[Learn about retention policies and retention labels](retention.md)|
-|Sensitive info types|Classification > Sensitive info types <br/> https://protection.office.com/sensitivetypes |Data classification > Sensitive info types tab <br/> https://compliance.microsoft.com/dataclassification?viewid=sensitiveinfotypes |[Sensitive information type entity definitions](sensitive-information-type-entity-definitions.md)|
-|Sensitivity labels and label policies|Classification > Sensitivity labels > Labels and Label policies tabs <br/> https://protection.office.com/sensitivity |Information protection > Labels and Label policies tabs <br/> https://compliance.microsoft.com/informationprotection?viewid=sensitivitylabels <br/> https://compliance.microsoft.com/informationprotection?viewid=sensitivitylabelpolicies |[Learn about sensitivity labels](sensitivity-labels.md) |
-|Service assurance|Service assurance <br/> https://protection.office.com/serviceassurance/dashboard |At this time, service assurance resources can only be accessed in the Office 365 Security & Compliance Center. |[Service assurance in the Security & Compliance Center](service-assurance.md)|
-|Supervision|Supervision <br/> https://protection.office.com/supervisoryreviewv2 |Communication compliance <br/> https://compliance.microsoft.com/supervisoryreview |[Communication compliance in Microsoft 365 (preview)](communication-compliance.md) |
+[Learn more about Compliance Score templates](compliance-score.md#templates)
\ No newline at end of file
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/contoso-case-study https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/contoso-case-study.md
@@ -19,7 +19,7 @@ description: How a fictional but representative global organization adopted Micr
# Microsoft 365 for enterprise for the Contoso Corporation
-Microsoft 365 for enterprise is the Microsoft premier cloud offering that combines local and cloud-based productivity apps and services with Windows 10 Enterprise and advanced security features. It's a complete, intelligent solution that that enables everyone to work together creatively and securely.
+Microsoft 365 for enterprise is the Microsoft premier cloud offering that combines local and cloud-based productivity apps and services with Windows 10 Enterprise and advanced security features. It's a complete, intelligent solution that enables everyone to work together creatively and securely.
Contoso Corporation is a fictional but representative global manufacturing conglomerate with its headquarters in Paris. The company deployed Microsoft 365 for enterprise and addressed major design decisions and implementation details for networking, identity, Windows 10 Enterprise, Microsoft 365 Apps for enterprise, mobile device management, information protection, and security.
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/device-management-roadmap-microsoft-365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/device-management-roadmap-microsoft-365.md
@@ -44,8 +44,8 @@ To help you better assess which device management option is best for you, see [C
Based on your assessment, get started managing your devices with: -- [Intune](https://docs.microsoft.com/mem/intune/fundamentals/planning-guide).-- [Basic Mobility and Security](https://support.microsoft.com/office/set-up-basic-mobility-and-security-dd892318-bc44-4eb1-af00-9db5430be3cd).
+- [Intune](https://docs.microsoft.com/mem/intune/fundamentals/planning-guide)
+- [Basic Mobility and Security](https://support.microsoft.com/office/set-up-basic-mobility-and-security-dd892318-bc44-4eb1-af00-9db5430be3cd)
## Identity and device access recommendations
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-germany-endpoints https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-germany-endpoints.md
@@ -3,7 +3,7 @@ title: Office 365 endpoints for Germany
ms.author: josephd author: JoeDavies-MSFT manager: laurawi
-ms.date: 10/28/2020
+ms.date: 01/04/2021
audience: ITPro ms.topic: conceptual ms.service: o365-administration
@@ -32,7 +32,7 @@ Office 365 requires connectivity to the Internet. The endpoints below should be
||| |:-----|:-----|
-|**Last updated:** 10/28/2020 - ![RSS](../media/5dc6bb29-25db-4f44-9580-77c735492c4b.png) [Change Log subscription](https://endpoints.office.com/version/Germany?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7) |**Download:** all required and optional destinations in one [JSON formatted](https://endpoints.office.com/endpoints/Germany?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7) list. <br/> |
+|**Last updated:** 01/04/2021 - ![RSS](../media/5dc6bb29-25db-4f44-9580-77c735492c4b.png) [Change Log subscription](https://endpoints.office.com/version/Germany?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7) |**Download:** all required and optional destinations in one [JSON formatted](https://endpoints.office.com/endpoints/Germany?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7) list. <br/> |
Start with [Managing Office 365 endpoints](managing-office-365-endpoints.md) to understand our recommendations for managing network connectivity using this data. Endpoints data is updated at the beginning of each month with new IP Addresses and URLs published 30 days in advance of being active. This lets customers who do not yet have automated updates to complete their processes before new connectivity is required. Endpoints may also be updated during the month if needed to address support escalations, security incidents, or other immediate operational requirements. You can always refer to the [change log subscription](https://endpoints.office.com/version/Germany?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7).
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-u-s-government-dod-endpoints https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-u-s-government-dod-endpoints.md
@@ -3,7 +3,7 @@ title: Office 365 US Government DOD endpoints
ms.author: josephd author: JoeDavies-MSFT manager: laurawi
-ms.date: 10/28/2020
+ms.date: 01/04/2021
audience: ITPro ms.topic: conceptual ms.service: o365-administration
@@ -34,7 +34,7 @@ ms.custom: seo-marvel-mar2020
||| |:-----|:-----|
-|**Last updated:** 10/28/2020 - ![RSS](../media/5dc6bb29-25db-4f44-9580-77c735492c4b.png) [Change Log subscription](https://endpoints.office.com/version/USGOVDoD?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7) <br/> |**Download:** the full list in [JSON format](https://endpoints.office.com/endpoints/USGOVDoD?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7) <br/> |
+|**Last updated:** 01/04/2021 - ![RSS](../media/5dc6bb29-25db-4f44-9580-77c735492c4b.png) [Change Log subscription](https://endpoints.office.com/version/USGOVDoD?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7) <br/> |**Download:** the full list in [JSON format](https://endpoints.office.com/endpoints/USGOVDoD?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7) <br/> |
Start with [Managing Office 365 endpoints](managing-office-365-endpoints.md) to understand our recommendations for managing network connectivity using this data. Endpoints data is updated at the beginning of each month with new IP Addresses and URLs published 30 days in advance of being active. This lets customers who do not yet have automated updates to complete their processes before new connectivity is required. Endpoints may also be updated during the month if needed to address support escalations, security incidents, or other immediate operational requirements. The data shown on this page below is all generated from the REST-based web services. If you are using a script or a network device to access this data, you should go to the [Web service](microsoft-365-ip-web-service.md) directly.
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-u-s-government-gcc-high-endpoints https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-u-s-government-gcc-high-endpoints.md
@@ -3,7 +3,7 @@ title: "Office 365 U.S. Government GCC High endpoints"
ms.author: josephd author: JoeDavies-MSFT manager: laurawi
-ms.date: 10/28/2020
+ms.date: 01/04/2021
audience: ITPro ms.topic: conceptual ms.service: o365-administration
@@ -32,7 +32,7 @@ Office 365 requires connectivity to the Internet. The endpoints below should be
||| |:-----|:-----|
-|**Last updated:** 10/28/2020 - ![RSS](../media/5dc6bb29-25db-4f44-9580-77c735492c4b.png) [Change Log subscription](https://endpoints.office.com/version/USGOVGCCHigh?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7) <br/> |**Download:** the full list in [JSON format](https://endpoints.office.com/endpoints/USGOVGCCHigh?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7) <br/> |
+|**Last updated:** 01/04/2021 - ![RSS](../media/5dc6bb29-25db-4f44-9580-77c735492c4b.png) [Change Log subscription](https://endpoints.office.com/version/USGOVGCCHigh?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7) <br/> |**Download:** the full list in [JSON format](https://endpoints.office.com/endpoints/USGOVGCCHigh?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7) <br/> |
Start with [Managing Office 365 endpoints](managing-office-365-endpoints.md) to understand our recommendations for managing network connectivity using this data. Endpoints data is updated at the beginning of each month with new IP Addresses and URLs published 30 days in advance of being active. This lets customers who do not yet have automated updates to complete their processes before new connectivity is required. Endpoints may also be updated during the month if needed to address support escalations, security incidents, or other immediate operational requirements. The data shown on this page below is all generated from the REST-based web services. If you are using a script or a network device to access this data, you should go to the [Web service](microsoft-365-ip-web-service.md) directly.
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/multi-geo-user-experience https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/multi-geo-user-experience.md
@@ -39,7 +39,7 @@ Office applications such as Word, Excel, and PowerPoint will automatically detec
## OneDrive for Business Sync Client
-The OneDrive for Business Sync Client (version 17.3.6943.0625 and later) will automatically detect the correct OneDrive for Business geo location for the user. Synch client support includes the ability to sync groups-based sites regardless of their geo location. Note that the Groove sync client is not supported for multi-geo.
+The OneDrive for Business Sync Client (version 17.3.6943.0625 and later) will automatically detect the correct OneDrive for Business geo location for the user. Sync client support includes the ability to sync groups-based sites regardless of their geo location. Note that the Groove sync client is not supported for multi-geo.
## OneDrive for Business location
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/office-365-network-mac-perf-cpe https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/office-365-network-mac-perf-cpe.md
@@ -3,7 +3,7 @@ title: "Microsoft 365 informed network routing"
ms.author: kvice author: kelleyvice-msft manager: laurawi
-ms.date: 1/21/2020
+ms.date: 12/22/2020
audience: Admin ms.topic: conceptual ms.service: o365-administration
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges-21vianet https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/urls-and-ip-address-ranges-21vianet.md
@@ -3,7 +3,7 @@ title: "URLs and IP address ranges for Office 365 operated by 21Vianet"
ms.author: josephd author: JoeDavies-MSFT manager: laurawi
-ms.date: 10/28/2020
+ms.date: 01/04/2021
audience: ITPro ms.topic: conceptual ms.service: o365-administration
@@ -33,7 +33,7 @@ hideEdit: true
||| |:-----|:-----|
-|**Last updated:** 10/28/2020 - ![RSS](../media/5dc6bb29-25db-4f44-9580-77c735492c4b.png) [Change Log subscription](https://endpoints.office.com/version/China?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)|**Download:** all required and optional destinations in one [JSON formatted](https://endpoints.office.com/endpoints/China?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7) list. <br/> |
+|**Last updated:** 01/04/2021 - ![RSS](../media/5dc6bb29-25db-4f44-9580-77c735492c4b.png) [Change Log subscription](https://endpoints.office.com/version/China?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)|**Download:** all required and optional destinations in one [JSON formatted](https://endpoints.office.com/endpoints/China?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7) list. <br/> |
Start with [Managing Office 365 endpoints](managing-office-365-endpoints.md) to understand our recommendations for managing network connectivity using this data. Endpoints data is updated at the beginning of each month with new IP Addresses and URLs published 30 days in advance of being active. This allows for customers who do not yet have automated updates to complete their processes before new connectivity is required. Endpoints may also be updated during the month if needed to address support escalations, security incidents, or other immediate operational requirements. The data shown on this page below is all generated from the REST-based web services. If you are using a script or a network device to access this data, you should go to the [Web service](microsoft-365-ip-web-service.md) directly.
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/urls-and-ip-address-ranges.md
@@ -3,7 +3,7 @@ title: "Office 365 URLs and IP address ranges"
ms.author: josephd author: JoeDavies-MSFT manager: laurawi
-ms.date: 10/28/2020
+ms.date: 01/04/2021
audience: Admin ms.topic: conceptual ms.service: o365-administration
@@ -34,7 +34,7 @@ Office 365 requires connectivity to the Internet. The endpoints below should be
|||| |:-----|:-----|:-----|
-|**Last updated:** 10/28/2020 - ![RSS](../media/5dc6bb29-25db-4f44-9580-77c735492c4b.png) [Change Log subscription](https://endpoints.office.com/version/worldwide?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7) <br/> |**Download:** all required and optional destinations in one [JSON formatted](https://endpoints.office.com/endpoints/worldwide?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7) list. <br/> | **Use:** our proxy [PAC files](managing-office-365-endpoints.md#pacfiles) <br/> |
+|**Last updated:** 01/04/2021 - ![RSS](../media/5dc6bb29-25db-4f44-9580-77c735492c4b.png) [Change Log subscription](https://endpoints.office.com/version/worldwide?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7) <br/> |**Download:** all required and optional destinations in one [JSON formatted](https://endpoints.office.com/endpoints/worldwide?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7) list. <br/> | **Use:** our proxy [PAC files](managing-office-365-endpoints.md#pacfiles) <br/> |
Start with [Managing Office 365 endpoints](managing-office-365-endpoints.md) to understand our recommendations for managing network connectivity using this data. Endpoints data is updated at the beginning of each month with new IP Addresses and URLs published 30 days in advance of being active. This allows for customers who do not yet have automated updates to complete their processes before new connectivity is required. Endpoints may also be updated during the month if needed to address support escalations, security incidents, or other immediate operational requirements. The data shown on this page below is all generated from the REST-based web services. If you are using a script or a network device to access this data, you should go to the [Web service](microsoft-365-ip-web-service.md) directly.
includes https://docs.microsoft.com/en-us/microsoft-365/includes/office-365-u.s.-government-gcc-high-endpoints https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/office-365-u.s.-government-gcc-high-endpoints.md
@@ -1,7 +1,7 @@
<!--THIS FILE IS AUTOMATICALLY GENERATED. MANUAL CHANGES WILL BE OVERWRITTEN.--> <!--Please contact the Office 365 Endpoints team with any questions.-->
-<!--USGovGCCHigh endpoints version 2020102800-->
-<!--File generated 2020-10-28 11:00:07.4884-->
+<!--USGovGCCHigh endpoints version 2021010400-->
+<!--File generated 2021-01-04 11:00:05.0106-->
## Exchange Online
@@ -36,7 +36,7 @@ ID | Category | ER | Addresses | Ports
13 | Allow<BR>Required | Yes | `*.gov.us.microsoftonline.com, graph.microsoft.us, graph.microsoftazure.us, login.microsoftonline.us`<BR>`20.140.232.0/23, 52.126.194.0/23` | **TCP:** 443 14 | Default<BR>Required | No | `*.msauth.net, *.msauthimages.us, *.msftauth.net, *.msftauthimages.us, clientconfig.microsoftonline-p.net, graph.windows.net, login.microsoftonline.com, login.microsoftonline-p.com, login.windows.net, loginex.microsoftonline.com, login-us.microsoftonline.com, mscrl.microsoft.com, nexus.microsoftonline-p.com, secure.aadcdn.microsoftonline-p.com` | **TCP:** 443 15 | Default<BR>Required | No | `officehome.msocdn.us, prod.msocdn.us` | **TCP:** 443, 80
-16 | Allow<BR>Required | Yes | `portal.office365.us, webshell.suite.office365.us, www.office365.us`<BR>`13.72.179.48/32, 52.227.167.206/32, 52.227.170.242/32` | **TCP:** 443, 80
+16 | Allow<BR>Required | Yes | `portal.office365.us, www.office365.us`<BR>`13.72.179.48/32, 52.227.167.206/32, 52.227.170.242/32` | **TCP:** 443, 80
17 | Allow<BR>Required | Yes | `*.osi.office365.us, gcchigh.loki.office365.us, tasks.office365.us`<BR>`52.127.240.0/20, 2001:489a:2206::/48` | **TCP:** 443 18 | Default<BR>Required | No | `activation.sls.microsoft.com, crl.microsoft.com, go.microsoft.com, insertmedia.bing.office.net, ocsa.officeapps.live.com, ocsredir.officeapps.live.com, ocws.officeapps.live.com, office15client.microsoft.com, officecdn.microsoft.com, officecdn.microsoft.com.edgesuite.net, officepreviewredir.microsoft.com, officeredir.microsoft.com, ols.officeapps.live.com, r.office.microsoft.com` | **TCP:** 443, 80 19 | Default<BR>Required | No | `cdn.odc.officeapps.live.com, odc.officeapps.live.com, officeclient.microsoft.com` | **TCP:** 443, 80
includes https://docs.microsoft.com/en-us/microsoft-365/includes/office-365-worldwide-endpoints https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/office-365-worldwide-endpoints.md
@@ -1,7 +1,7 @@
<!--THIS FILE IS AUTOMATICALLY GENERATED. MANUAL CHANGES WILL BE OVERWRITTEN.--> <!--Please contact the Office 365 Endpoints team with any questions.-->
-<!--Worldwide endpoints version 2020102800-->
-<!--File generated 2020-10-28 11:00:02.2416-->
+<!--Worldwide endpoints version 2021010400-->
+<!--File generated 2021-01-04 11:00:02.1089-->
## Exchange Online
@@ -106,7 +106,6 @@ ID | Category | ER | Addresses | Ports
101 | Default<BR>Optional<BR>**Notes:** Outlook for Android and iOS: Box integration | No | `app.box.com` | **TCP:** 443 102 | Default<BR>Optional<BR>**Notes:** Outlook for Android and iOS: Facebook integration | No | `graph.facebook.com, m.facebook.com` | **TCP:** 443 103 | Default<BR>Optional<BR>**Notes:** Outlook for Android and iOS: Evernote integration | No | `www.evernote.com` | **TCP:** 443
-104 | Default<BR>Optional<BR>**Notes:** Outlook for Android and iOS: WunderList integration | No | `a.wunderlist.com, www.wunderlist.com` | **TCP:** 443
105 | Default<BR>Optional<BR>**Notes:** Outlook for Android and iOS: Outlook Privacy | No | `bit.ly, www.acompli.com` | **TCP:** 443 106 | Default<BR>Optional<BR>**Notes:** Outlook for Android and iOS: User voice integration | No | `by.uservoice.com, outlook.uservoice.com` | **TCP:** 443 109 | Default<BR>Optional<BR>**Notes:** Outlook for Android and iOS: Flurry log integration | No | `data.flurry.com` | **TCP:** 443
knowledge https://docs.microsoft.com/en-us/microsoft-365/knowledge/set-up-topic-experiences https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/knowledge/set-up-topic-experiences.md
@@ -15,18 +15,22 @@ description: "Learn how to set up topic experiences in Microsoft 365"
# Set up topic experiences in Microsoft 365
-</br>
-
-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4Li0E]
-
-</br>
- You can use the Microsoft 365 admin center to set up and configure [topic experiences](topic-experiences-overview.md). It is important to plan the best way to set up and configure topics in your environment. Be sure to read [Plan topic experiences](plan-topic-experiences.md) before you begin the procedures in this article. You must be a global administrator or SharePoint administrator to access the Microsoft 365 admin center and set up topic experiences.
+## Video demonstration
+
+This video shows the process for setting up topic experiences in Microsoft 365.
+
+<br>
+
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4Li0E]
+
+<br>
+ ## Set up topic experiences To set up topic experiences in Microsoft 365
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center.md
@@ -58,7 +58,7 @@ To see how to grant access to the Security & Compliance Center, check out [Give
|**Communication Compliance Analysts**|Analysts of communication compliance that can investigate policy matches, view message meta data, and take remediation actions.|Communication Compliance Analysis <p> Communication Compliance Case Management| |**Communication Compliance Investigators**|Analysts of communication compliance that can investigate policy matches, view message content, and take remediation actions.|Case Management <p> Communication Compliance Analysis <p> Communication Compliance Case Management <p> Communication Compliance Investigation <p> Data Classification Feedback Provider <p> View-Only Case| |**Communication Compliance Viewers**|Viewer of communication compliance that can access the available reports and widgets.|Communication Compliance Case Management <p> Communication Compliance Viewer|
-|**Compliance Administrator**<sup>1</sup>|Members can manage settings for device management, data loss prevention, reports, and preservation.|Case Management <p> Compliance Administrator <p> Compliance Search <p> Data Classification Feedback Provider <p> Data Classification Feedback Reviewer <p> Data Investigation Management <p> Device Management <p> Disposition Management <p> DLP Compliance Management <p> Hold <p> IB Compliance Management <p> Manage Alerts <p> Organization Configuration <p> RecordManagement <p> Retention Management <p> View-Only Audit Logs <p> View-Only Case <p> View-Only Device Management <p> View-Only DLP Compliance Management <p> View-Only IB Compliance Management <p> View-Only Manage Alerts <p> View-Only Recipients <p> View-Only Record Management <p> View-Only Retention Management|
+|**Compliance Administrator**<sup>1</sup>|Members can manage settings for device management, data loss prevention, reports, and preservation.|Case Management <p> Compliance Administrator <p> Compliance Search <p> Data Classification Feedback Provider <p> Data Classification Feedback Reviewer <p> Device Management <p> Disposition Management <p> DLP Compliance Management <p> Hold <p> IB Compliance Management <p> Manage Alerts <p> Organization Configuration <p> RecordManagement <p> Retention Management <p> View-Only Audit Logs <p> View-Only Case <p> View-Only Device Management <p> View-Only DLP Compliance Management <p> View-Only IB Compliance Management <p> View-Only Manage Alerts <p> View-Only Recipients <p> View-Only Record Management <p> View-Only Retention Management|
|**Compliance Data Administrator**|Members can manage settings for device management, data protection, data loss prevention, reports, and preservation.|Compliance Administrator <p> Compliance Search <p> Device Management <p> DLP Compliance Management <p> Disposition Management <p> IB Compliance Management <p> Manage Alerts <p> Organization Configuration <p> RecordManagement <p> Retention Management <p> Sensitivity Label Administrator <p> View-Only Audit Logs <p> View-Only Device Management <p> View-Only DLP Compliance Management <p> View-Only IB Compliance Management <p> View-Only Manage Alerts <p> View-Only Recipients <p> View-Only Record Management <p> View-Only Retention Management| |**Compliance Manager Administrators**|Manage template creation and modification.|Compliance Manager Administration <p> Compliance Manager Assessment <p> Compliance Manager Contribution <p> Compliance Manager Reader| |**Compliance Manager Assessors**|Create assessments, implement improvement actions, and update test status for improvement actions.|Compliance Manager Assessment <p> Compliance Manager Contribution <p> Compliance Manager Reader|
@@ -66,7 +66,6 @@ To see how to grant access to the Security & Compliance Center, check out [Give
|**Compliance Manager Readers**|View all Compliance Manager content except for administrator functions.|Compliance Manager Reader| |**Content Explorer Content Viewer**|View the contents files in Content explorer.|Data Classification Content Viewer| |**Content Explorer List Viewer**|View all items in Content explorer in list format only.|Data Classification List Viewer|
-|**Data Investigator**|Members can perform searches on mailboxes, SharePoint sites, and OneDrive accounts.|Communication <p> Compliance Search <p> Custodian <p> Data Investigation Management <p> Export <p> Preview <p> RMS Decrypt <p> Review <p> Search And Purge|
|**eDiscovery Manager**|Members can perform searches and place holds on mailboxes, SharePoint Online sites, and OneDrive for Business locations. Members can also create and manage eDiscovery cases, add and remove members to a case, create and edit Content Searches associated with a case, and access case data in Advanced eDiscovery. <p> An eDiscovery Administrator is a member of the eDiscovery Manager role group who has been assigned additional permissions. In addition to the tasks that an eDiscovery Manager can perform, an eDiscovery Administrator can:<ul><li>View all eDiscovery cases in the organization.</li><li>Manage any eDiscovery case after they add themselves as a member of the case.</li></ul> <p> The primary difference between an eDiscovery Manager and an eDiscovery Administrator is that an eDiscovery Administrator can access all cases that are listed on the **eDiscovery cases** page in the Security & Compliance Center. An eDiscovery manager can only access the cases they created or cases they are a member of. For more information about making a user an eDiscovery Administrator, see [Assign eDiscovery permissions in the Security & Compliance Center](../../compliance/assign-ediscovery-permissions.md).|Case Management <p> Communication <p> Compliance Search <p> Custodian <p> Export <p> Hold <p> Preview <p> Review <p> RMS Decrypt| |**Global Reader**|Members have read-only access to reports, alerts, and can see all the configuration and settings.<p> The primary difference between Global Reader and Security Reader is that a Global Reader can access **configuration and settings**.|Security Reader <p> Sensitivity Label Reader <p> Service Assurance View <p> View-Only Audit Logs <p> View-Only Device Management <p> View-Only DLP Compliance Management <p> View-Only IB Compliance Management <p> View-Only Manage Alerts <p> View-Only Recipients <p> View-Only Record Management <p> View-Only Retention Management| |**Insider Risk Management**|Use this role group to manage insider risk management for your organization in a single group. By adding all user accounts for designated administrators, analysts, and investigators, you can configure insider risk management permissions in a single group. This role group contains all the insider risk management permission roles. This is the easiest way to quickly get started with insider risk management and is a good fit for organizations that do not need separate permissions defined for separate groups of users.|Case Management <p> Insider Risk Management Admin <p> Insider Risk Management Analysis <p> Insider Risk Management Investigation <p> View-Only Case|
@@ -119,7 +118,6 @@ Note that the following roles aren't assigned to the Organization Management rol
- Data Classification Feedback Provider - Data Classification Feedback Reviewer - Data Classification List Viewer-- Data Investigation Management - Disposition Management - Export - Insider Risk Management Admin
@@ -146,8 +144,8 @@ Note that the following roles aren't assigned to the Organization Management rol
|**Attack Simulator Admin**|Used to create and manage all aspects of attack simulation campaigns.|| |**Attack Simulator Payload Author**|Used to create and manage attack payloads that can be deployed by attack simulator administrator.|| |**Audit Logs**|Turn on and configure auditing for the organization, view the organization's audit reports, and then export these reports to a file.|Organization Management <p> Security Administrator|
-|**Case Management**|Create, edit, delete, and control access to eDiscovery cases.|Communication Compliance <p> Communication Compliance Investigators <p> Compliance Administrator <p> eDiscovery Manager <p> Insider Risk Management <p> Insider Risk Management Admins <p> Insider Risk Management Analysts <p> Insider Risk Management Investigators <p> Organization Management|
-|**Communication**|Manage all communications with the custodians identified in an Advanced eDiscovery case. Create hold notifications, hold reminders, and escalations to management. Track custodian acknowledgment of hold notifications and manage access to the custodian portal that is used by each custodian in a case to track communications for the cases where they were identified as a custodian.|Data Investigator <p> eDiscovery Manager|
+|**Case Management**|Create, edit, delete, and control access to eDiscovery cases.|Communication Compliance <p> Communication Compliance Investigators <p> Compliance Administrator <p>eDiscovery Manager <p> Insider Risk Management <p> Insider Risk Management Admins <p> Insider Risk Management Analysts <p> Insider Risk Management Investigators <p> Organization Management|
+|**Communication**|Manage all communications with the custodians identified in an Advanced eDiscovery case. Create hold notifications, hold reminders, and escalations to management. Track custodian acknowledgment of hold notifications and manage access to the custodian portal that is used by each custodian in a case to track communications for the cases where they were identified as a custodian.|eDiscovery Manager|
|**Communication Compliance Admin**|Used to manage policies in the Communication Compliance feature.|Communication Compliance <p> Communication Compliance Administrators| |**Communication Compliance Analysis**|Used to perform investigation, remediation of the message violations in the Communication Compliance feature. Can only view message meta data.|Communication Compliance <p> Communication Compliance Analysts <p> Communication Compliance Investigators| |**Communication Compliance Case Management**|Used to access Communication Compliance cases.|Communication Compliance <p> Communication Compliance Administrators <p> Communication Compliance Analysts <p> Communication Compliance Investigators <p> Communication Compliance Viewers|
@@ -158,18 +156,17 @@ Note that the following roles aren't assigned to the Organization Management rol
|**Compliance Manager Assessment**|Create assessments, implement improvement actions, and update test status for improvement actions.|Compliance Manager Administrators <p> Compliance Manager Assessors| |**Compliance Manager Contribution**|Create assessments and perform work to implement improvement actions.|Compliance Manager Administrators <p> Compliance Manager Assessors <p> Compliance Manager Contributors| |**Compliance Manager Reader**|View all Compliance Manager content except for administrator functions.|Compliance Manager Administrators <p> Compliance Manager Assessors <p> Compliance Manager Contributors <p> Compliance Manager Readers|
-|**Compliance Search**|Perform searches across mailboxes and get an estimate of the results.|Compliance Administrator <p> Compliance Data Administrator <p> Data Investigator <p> eDiscovery Manager <p> Organization Management <p> Security Operator|
-|**Custodian**|Identify and manage custodians for Advanced eDiscovery cases and use the information from Azure Active Directory and other sources to find data sources associated with custodians. Associate other data sources such as mailboxes, SharePoint sites, and Teams with custodians in a case. Place a legal hold on the data sources associated with custodians to preserve content in the context of a case.|Data Investigator <p> eDiscovery Manager|
+|**Compliance Search**|Perform searches across mailboxes and get an estimate of the results.|Compliance Administrator <p> Compliance Data Administrator <p>eDiscovery Manager <p> Organization Management <p> Security Operator|
+|**Custodian**|Identify and manage custodians for Advanced eDiscovery cases and use the information from Azure Active Directory and other sources to find data sources associated with custodians. Associate other data sources such as mailboxes, SharePoint sites, and Teams with custodians in a case. Place a legal hold on the data sources associated with custodians to preserve content in the context of a case.|eDiscovery Manager|
|**Data Classification Content Viewer**|View in-place rendering of files in Content explorer.|Content Explorer Content Viewer| |**Data Classification Feedback Provider**|Allows providing feedback to classifiers in content explorer.|Communication Compliance <p> Communication Compliance Investigators <p> Compliance Administrator| |**Data Classification Feedback Reviewer**|Allows reviewing feedback from classifiers in feedback explorer.|Compliance Administrator| |**Data Classification List Viewer**|View the list of files in content explorer.|Content Explorer List Viewer|
-|**Data Investigation Management**|Create, edit, delete, and control access to data investigations.|Compliance Administrator <p> Data Investigator|
|**Device Management**|View and edit settings and reports for device management features.|Compliance Administrator <p> Compliance Data Administrator <p> Organization Management <p> Security Administrator| |**Disposition Management**|Control permissions for accessing Manual Disposition in the Security & Compliance Center.|Compliance Administrator <p> Compliance Data Administrator <p> Records Management| |**DLP Compliance Management**|View and edit settings and reports for data loss prevention (DLP) policies.|Compliance Administrator <p> Compliance Data Administrator <p> Organization Management <p> Security Administrator|
-|**Export**|Export mailbox and site content that's returned from searches.|Data Investigator <p> eDiscovery Manager|
-|**Hold**|Place content in mailboxes, sites, and public folders on hold. When on hold, a copy of the content is stored in a secure location. Content owners will still be able to modify or delete the original content.|Compliance Administrator <p> eDiscovery Manager <p> Organization Management|
+|**Export**|Export mailbox and site content that's returned from searches.|eDiscovery Manager|
+|**Hold**|Place content in mailboxes, sites, and public folders on hold. When on hold, a copy of the content is stored in a secure location. Content owners will still be able to modify or delete the original content.|Compliance Administrator <p>eDiscovery Manager <p> Organization Management|
|**IB Compliance Management**|View, create, remove, modify, and test Information Barrier policies.|Compliance Administrator <p> Compliance Data Administrator <p> Organization Management <p> Security Administrator| |**Insider Risk Management Admin**|Create, edit, delete, and control access to Insider Risk Management feature.|Insider Risk Management <p> Insider Risk Management Admins| |**Insider Risk Management Analysis**|Access all insider risk management alerts, cases, and notices templates.|Insider Risk Management <p> Insider Risk Management Analysts|
@@ -179,7 +176,7 @@ Note that the following roles aren't assigned to the Organization Management rol
|**Insider Risk Management Temporary contribution**|This role group is visible, but is used by background services only.|IRM Contributors| |**Manage Alerts**|View and edit settings and reports for alerts.|Compliance Administrator <p> Compliance Data Administrator <p> Organization Management <p> Security Administrator <p> Security Operator| |**Organization Configuration**|Run, view, and export audit reports and manage compliance policies for DLP, devices, and preservation.|Compliance Administrator <p> Compliance Data Administrator <p> Organization Management|
-|**Preview**|View a list of items that are returned from content searches, and open each item from the list to view its contents.|Data Investigator <p> eDiscovery Manager|
+|**Preview**|View a list of items that are returned from content searches, and open each item from the list to view its contents.|eDiscovery Manager|
|**Privacy Management Admin**|Used to manage policies in Privacy Management solution and has access to all functionality of the solution.|Privacy Management <p> Privacy Management Administrators| |**Privacy Management Analysis**|Used to perform investigation, remediation of the message violations in Privacy Management solution. Can only view messages meta data.|Privacy Management <p> Privacy Management Analysts| |**Privacy Management Investigation**|Used to perform investigation, remediation, review message violations in Privacy Management solution. Can view messages meta data & full message.|Privacy Management <p> Privacy Management Investigators|
@@ -189,10 +186,10 @@ Note that the following roles aren't assigned to the Organization Management rol
|**Quarantine**|Allows viewing and releasing quarantined email.|Quarantine Administrator <p> Security Administrator <p> Organization Management| |**RecordManagement**|View and edit the configuration of the records management feature.|Compliance Administrator <p> Compliance Data Administrator <p> Organization Management <p> Records Management| |**Retention Management**|Manage retention policies, retention labels, and retention label policies.|Compliance Administrator <p> Compliance Data Administrator <p> Organization Management <p> Records Management|
-|**Review**|Use Advanced eDiscovery to track, tag, analyze, and test documents that are assigned to them.|Data Investigator <p> eDiscovery Manager <p> Reviewer|
-|**RMS Decrypt**|Decrypt RMS-protected content when exporting search results.|Data Investigator <p> eDiscovery Manager|
+|**Review**|Use Advanced eDiscovery to track, tag, analyze, and test documents that are assigned to them.|eDiscovery Manager <p> Reviewer|
+|**RMS Decrypt**|Decrypt RMS-protected content when exporting search results.|eDiscovery Manager|
|**Role Management**|Manage role group membership and create or delete custom role groups.|Organization Management|
-|**Search And Purge**|Lets people bulk-remove data that matches the criteria of a content search.|Data Investigator <p> Organization Management|
+|**Search And Purge**|Lets people bulk-remove data that matches the criteria of a content search.|Organization Management|
|**Security Administrator**|View and edit the configuration and reports for Security features.|Organization Management <p> Security Administrator| |**Security Reader**|View the configuration and reports for Security features.|Global Reader <p> Organization Management <p> Security Operator <p> Security Reader| |**Sensitivity Label Administrator**|View, create, modify, and remove sensitivity labels.|Compliance Data Administrator <p> Organization Management <p> Security Administrator|
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/submit-spam-non-spam-and-phishing-scam-messages-to-microsoft-for-analysis https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/submit-spam-non-spam-and-phishing-scam-messages-to-microsoft-for-analysis.md
@@ -86,6 +86,10 @@ If a message was incorrectly identified as spam, you can submit the message to t
> [!TIP] > Admins have several different ways to allow specific messages to skip spam filtering. For details, see [Create safe sender lists in EOP](create-safe-sender-lists-in-office-365.md).
+## Where is the data from submissions to Microsoft stored?
+
+The data resides in the Office 365 compliance boundary in North American data centers. The data is reviewed by analysts on the engineering team to help improve the effectiveness of the filters.
+ ## Create a mail flow rule to receive copies of messages that are reported to Microsoft For instructions, see [Use mail flow rules to see what your users are reporting to Microsoft](use-mail-flow-rules-to-see-what-your-users-are-reporting-to-microsoft.md).
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-mail-flow-rules-to-see-what-your-users-are-reporting-to-microsoft https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/use-mail-flow-rules-to-see-what-your-users-are-reporting-to-microsoft.md
@@ -64,7 +64,7 @@ You can create the mail flow rule in the Exchange admin center (EAC) and PowerSh
- `junk@office365.microsoft.com` - `abuse@messaging.microsoft.com` - `phish@office365.microsoft.com`
- - `false_positive@messaging.microsoft.com`
+ - `not_junk@office365.microsoft.com`
To edit an entry, select it and click **Edit** ![Edit icon](../../media/ITPro-EAC-EditIcon.png). To remove an entry, select it and click **Remove** ![Remove icon](../../media/ITPro-EAC-DeleteIcon.png).
solutions https://docs.microsoft.com/en-us/microsoft-365/solutions/configure-teams-highly-sensitive-protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/configure-teams-highly-sensitive-protection.md
@@ -58,21 +58,26 @@ To create a sensitivity label
1. Open the [Microsoft 365 compliance center](https://compliance.microsoft.com). 2. Under **Solutions**, click **Information protection**. 3. Click **Create a label**.
-4. Give the label a name. We suggest **Highly sensitive**, but you can choose a different name if that one is already in use.
-5. Add a tool tip, and then click **Next**.
-6. On the **Encryption** page, in the **Encryption** dropdown, choose **Apply**.
-7. Under **Assign permissions to specific users and groups**, click **Assign permissions**.
-8. Click **Add all users and groups in your organization**.
-9. If there are guests who should have permissions to decrypt files, click **Add users or groups** and add them.
-10. Click **Save**, and then click **Next**.
-11. On the **Content marking** page, turn on content marking if you want to automatically add a header, footer, or watermark to files that are classified with this label.
-12. On the **Site and group settings** page, set **Site and group settings** to **On**.
-13. In the **Privacy of Office 365 group-connected team sites** dropdown, choose **Private - only members can access the site**.
-14. If you want to allow guest access, select the **Let Office 365 group owners add people outside the organization to the group** check box.
-15. Under **Unmanaged devices**, choose **Block access**.
-16. Click **Next**.
-17. On the **Auto-labeling for Office apps** page, click **Next**.
-18. Click **Submit**, and then click **Done**.
+4. Give the label a name. We suggest **Sensitive**, but you can choose a different name if that one is already in use.
+5. Add a display name and description, and then click **Next**.
+6. On the **Define the scope for this label page**, select **Files & emails** and **Groups & sites** and click **Next**.
+7. On the **Choose protection settings for files and emails** page, select **Encrypt files and emails**, and then click **Next**.
+8. On the **Encryption** page, choose **Configure encryption settings**.
+9. Under **Assign permissions to specific users and groups**, click **Assign permissions**.
+10. Click **Add all users and groups in your organization**.
+11. If there are guests who should have permissions to decrypt files, click **Add users or groups** and add them.
+12. Click **Save**, and then click **Next**.
+13. On the *Auto-labeling for files and emails** page, click **Next**.
+14. On the **Define protection settings for groups and sites** page, select **Privacy and external user access settings** and **Device access and external sharing settings** and click **Next**.
+15. On the **Define privacy and external user access settings** page, under **Privacy**, select the **Private** option.
+16. If you want to allow guest access, under **External user access**, select **Let Microsoft 365 Group owners add people outside your organization to the group as guests**.
+17. Click **Next**.
+18. On the **Define external sharing and device access settings** page, select **Control external sharing from labeled SharePoint sites**.
+19. Under **Content can be shared with**, choose **New and existing guests** if you're allowing guest access or **Only people in your organization** if not.
+20. Under **Access from unmanaged devices**, choose **Block access**.
+21. Click **Next**.
+22. On the **Auto-labeling for database columns** page, click **Next**.
+23. Click **Create label**, and then click **Done**.
Once you've created the label, you need to publish it to the users who will use it. For sensitive protection, we'll make the label available to all users. You publish the label in the Microsoft 365 compliance center, on the **Label policies** tab of the **Information protection** page. If you have an existing policy that applies to all users, add this label to that policy. If you need to create a new policy, see [Publish sensitivity labels by creating a label policy](https://docs.microsoft.com/microsoft-365/compliance/create-sensitivity-labels#publish-sensitivity-labels-by-creating-a-label-policy).
solutions https://docs.microsoft.com/en-us/microsoft-365/solutions/configure-teams-sensitive-protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/configure-teams-sensitive-protection.md
@@ -53,17 +53,21 @@ To create a sensitivity label
1. Open the [Microsoft 365 compliance center](https://compliance.microsoft.com). 2. Under **Solutions**, click **Information protection**. 3. Click **Create a label**.
-4. Give the label a name. We suggest **sensitive**, but you can choose a different name if that one is already in use.
-5. Add a tool tip, and then click **Next**.
-6. On the **Encryption** page, click **Next**.
-7. On the **Content marking** page, turn on content marking if you want to automatically add a header, footer, or watermark to files that are classified with this label.
-8. On the **Site and group settings** page, set **Site and group settings** to **On**.
-9. In the **Privacy of Office 365 group-connected team sites** dropdown, choose **Private - only members can access the site**.
-10. If you want to allow guest access, select the **Let Office 365 group owners add people outside the organization to the group** check box.
-11. Under **Unmanaged devices**, choose **Allow limited, web-only access**.
+4. Give the label a name. We suggest **Sensitive**, but you can choose a different name if that one is already in use.
+5. Add a display name and description, and then click **Next**.
+6. On the **Define the scope for this label page**, select **Files & emails** and **Groups & sites** and click **Next**.
+7. On the **Choose protection settings for files and emails** page, click **Next**.
+8. On the *Auto-labeling for files and emails** page, click **Next**.
+9. On the **Define protection settings for groups and sites** page, select **Privacy and external user access settings** and **Device access and external sharing settings** and click **Next**.
+10. On the **Define privacy and external user access settings** page, under **Privacy**, select the **Private** option.
+11. If you want to allow guest access, under **External user access**, select **Let Microsoft 365 Group owners add people outside your organization to the group as guests**.
12. Click **Next**.
-13. On the **Auto-labeling for Office apps** page, click **Next**.
-14. Click **Submit**, and then click **Done**.
+13. On the **Define external sharing and device access settings** page, select **Control external sharing from labeled SharePoint sites**.
+14. Under **Content can be shared with**, choose **New and existing guests** if you're allowing guest access or **Only people in your organization** if not.
+15. Under **Access from unmanaged devices**, choose **Allow limited, web-only access**.
+16. Click **Next**.
+17. On the **Auto-labeling for database columns** page, click **Next**.
+18. Click **Create label**, and then click **Done**.
Once you've created the label, you need to publish it to the users who will use it. For sensitive protection, we'll make the label available to all users. You publish the label in the Microsoft 365 compliance center, on the **Label policies** tab of the **Information protection** page. If you have an existing policy that applies to all users, add this label to that policy. If you need to create a new policy, see [Publish sensitivity labels by creating a label policy](https://docs.microsoft.com/microsoft-365/compliance/create-sensitivity-labels#publish-sensitivity-labels-by-creating-a-label-policy).
solutions https://docs.microsoft.com/en-us/microsoft-365/solutions/empower-people-to-work-remotely-manage-endpoints https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/empower-people-to-work-remotely-manage-endpoints.md
@@ -82,7 +82,7 @@ For more information, see this [overview of Windows Autopilot](https://docs.micr
- [How to enroll different types of devices for mobile device management](https://docs.microsoft.com/mem/intune/enrollment/device-enrollment) - [How to educate your end users about Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/end-user-educate)
-## Results of Step 3
+## Results of Step 4
You are using the suite of Endpoint Manager features and capabilities to manage mobile devices, desktop computers, virtual machines, embedded devices, and servers.
solutions https://docs.microsoft.com/en-us/microsoft-365/solutions/information-protection-deploy-monitor-respond https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/information-protection-deploy-monitor-respond.md
@@ -5,7 +5,7 @@ author: brendacarter
f1.keywords: - NOCSH manager: laurawi
-ms.date: 06/09/2020
+ms.date: 01/04/2021
audience: ITPro ms.topic: article ms.prod: microsoft-365-enterprise
@@ -73,9 +73,6 @@ See [Data Subject Requests for the GDPR and CCPA](../compliance/gdpr-dsr-office3
For Microsoft Stream, when a user is deleted from Azure Active Directory (Azure AD), if their name was associated with a posted Stream video prior to that point, their email address remains associated with the video. See [Manage deleted users from Microsoft Stream](https://docs.microsoft.com/stream/managing-deleted-users) to remove it.
-## Additional investigative tools
+## Insider risk management as an investigative tool
-Here are two additional tools that might be useful for monitoring, investigating, and remediating data privacy-related incidents in your organization:
--- [Insider risk management in Microsoft 365](../compliance/insider-risk-management.md), a feature of the Microsoft Compliance admin center to help minimize internal risk by enabling you to detect, investigate, and take action on risky activities in your organization.-- [Data investigations in Microsoft 365](../compliance/overview-data-investigations.md), a feature of the Microsoft Compliance admin center to search for sensitive, malicious, or misplaced data across Microsoft 365, and then investigate what happened to take the appropriate actions to remediate the incident.
+[Insider risk management in Microsoft 365](../compliance/insider-risk-management.md) is a feature of the Microsoft Compliance admin center to help you minimize internal risk by enabling you to detect, investigate, and take action on risky activities in your organization.
solutions https://docs.microsoft.com/en-us/microsoft-365/solutions/secure-teams-security-isolation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/secure-teams-security-isolation.md
@@ -97,33 +97,36 @@ To configure a team for security isolation, we'll be using a sensitivity label c
If you have an internal partner or stakeholder group who should be able to view encrypted documents but not edit them, you can add them to the label with view-only permissions. You can then add these people to the team's SharePoint site with Reader permissions, and they will have read-only access to the site where the documents are kept, but not the team itself. + To create a sensitivity label 1. Open the [Microsoft 365 compliance center](https://compliance.microsoft.com). 2. Under **Solutions**, click **Information protection**. 3. Click **Create a label**.
-4. Type a name for the label that is similar to your team name. For example, **Highly sensitive - Project Saturn**.
-5. Add a tool tip, and then click **Next**.
-6. On the **Encryption** page, in the **Encryption** dropdown, choose **Apply**.
-7. To add the team permissions:<br>
- a. Click **Assign permissions**.<br>
- b. Click **Add users or groups**, select the team that you created, and then click **Add**<br>
- c. Click **Choose permissions**.<br>
- d. Choose **Co-Author** from the dropdown list, and then click **Save**.<br>
-8. If you want to include users or groups with read-only access to files with the label:<br>
- a. Click **Assign permissions**.<br>
- b. Click **Add users or groups**, select the users or groups that you want to add, and then click **Add**.<br>
- c. Click **Choose permissions**.<br>
- d. Choose **Viewer** from the dropdown list, and then click **Save**.<br>
- e. Click **Save**.
-9. Click **Next**.
-10. On the **Content marking** page, turn on content marking if you want to automatically add a header, footer, or watermark to files that are classified with this label.
-11. On the **Site and group settings** page, set **Site and group settings** to **On**.
-12. In the **Privacy of Office 365 group-connected team sites** dropdown, choose **Private - only members can access the site**.
-13. If you want to allow guest access, select the **Let Office 365 group owners add people outside the organization to the group** check box.
-14. Under **Unmanaged devices**, choose **Block access**.
-15. Click **Next**.
-16. On the **Auto-labeling for Office apps** page, click **Next**.
-17. Click **Submit**, and then click **Done**.
+4. Give the label a name. We suggest **Sensitive**, but you can choose a different name if that one is already in use.
+5. Add a display name and description, and then click **Next**.
+6. On the **Define the scope for this label page**, select **Files & emails** and **Groups & sites** and click **Next**.
+7. On the **Choose protection settings for files and emails** page, select **Encrypt files and emails**, and then click **Next**.
+8. On the **Encryption** page, choose **Configure encryption settings**.
+9. Click **Add users or groups**, select the team that you created, and then click **Add**
+10. Click **Choose permissions**.
+11. Choose **Co-Author** from the dropdown list, and then click **Save**.
+12. If you want to include users or groups with read-only access to files with the label:
+ 1. Click **Assign permissions**.
+ 1. Click **Add users or groups**, select the users or groups that you want to add, and then click **Add**.
+ 1. Click **Choose permissions**.
+ 1. Choose **Viewer** from the dropdown list, and then click **Save**.
+13. Click **Save**, and then click **Next**.
+14. On the *Auto-labeling for files and emails** page, click **Next**.
+15. On the **Define protection settings for groups and sites** page, select **Privacy and external user access settings** and **Device access and external sharing settings** and click **Next**.
+16. On the **Define privacy and external user access settings** page, under **Privacy**, select the **Private** option.
+17. If you want to allow guest access, under **External user access**, select **Let Microsoft 365 Group owners add people outside your organization to the group as guests**.
+18. Click **Next**.
+19. On the **Define external sharing and device access settings** page, select **Control external sharing from labeled SharePoint sites**.
+20. Under **Content can be shared with**, choose **New and existing guests** if you're allowing guest access or **Only people in your organization** if not.
+21. Under **Access from unmanaged devices**, choose **Block access**.
+22. Click **Next**.
+23. On the **Auto-labeling for database columns** page, click **Next**.
+24. Click **Create label**, and then click **Done**.
Once you've created the label, you need to publish it to the users who will use it. In this case, we'll make the label available only to people in the team.
@@ -254,4 +257,4 @@ Retrain your users as needed.
## See also
-[Azure AD Privileged Identity Management](https://docs.microsoft.com/azure/active-directory/privileged-identity-management/pim-configure)
\ No newline at end of file
+[Azure AD Privileged Identity Management](https://docs.microsoft.com/azure/active-directory/privileged-identity-management/pim-configure)