+|other <br/> |Indicates if the user has used Yammer on another client, not listed previously. This includes Yammer Embed, SharePoint Web Part, Viva Engage, and select Outlook emails. <br/>|

+|||

+## Watch: Install and use the admin mobile app

+[!VIDEO https://www.microsoft.com/videoplayer/embed/05c1d439-9ec2-415f-9178-250f64dec64c]

+- **Technology experiences:** Your organization depends on reliable and well-performing technology, as well as the efficient use of Microsoft 365. [Endpoint analytics](https://aka.ms/endpointanalytics) helps you understand how your organization can be impacted by performance and health issues with your hardware and software. [Network connectivity](../../enterprise/microsoft-365-networking-overview.md) helps you understand Exchange, SharePoint, and Microsoft Teams performance on your network architecture. You can review and update network settings to improve connectivity. Microsoft 365 apps health helps you understand whether the devices in your organization are running Microsoft 365 apps on recommended channels.

+> [!NOTE]

+> All insights are calculated using data at the organizational level, not the individual level.

+## How to turn on Adoption Score

+To enable Adoption Score:

+1. Login to the Microsoft 365 admin center as a Global Administrator and go to **Reports** > **Adoption Score**

+2. Select **Enable Adoption Score**. It can take up to 24 hours for insights to become available.

+> Only an IT professional with the Global Administrator role can opt-in for Adoption Score.

+Visit [privacy controls for Adoption Score](privacy.md) to understand more about options to configure people experiences for your organization.

+## Adoption Score Prerequisites

+For people experiences data, you need a Microsoft 365 for business or Office 365 for enterprise subscription. For endpoint analytics data for your tenant, you need to add Microsoft Intune to your subscription. Intune helps protect your organization's data by managing devices and apps. Once you have Intune, you can turn on endpoint analytics within the Intune experience. To learn more about Microsoft Intune, see the [Microsoft Intune documentation](/mem/intune/).

+> [!NOTE]

+> A license to Viva Insights is not required to get the Adoption Score features.

+- User Experience Success Manager

+### Score categories

+ Title: "Microsoft Adoption Score - Meetings (New)"

+f1.keywords: NOCSH

+audience: Admin

+ms.localizationpriority: medium

+- M365-subscription-management

+- scotvorg

+- highpri

+search.appverid: MET150

+description: "Details of new Meetings insights score - people experiences Adoption Score."

+# Meetings insights score ΓÇô People experiences (New)

+Adoption Score provides insights into your organization's digital transformation journey through its use of Microsoft 365 and the technology experiences that support it. Your organization's score reflects people and technology experience measurements and can be compared to benchmarks from organizations similar to yours. The meetings category is part of the people experiences measures. To learn more, check out the [Adoption Score overview](adoption-score.md) and read [Microsoft's Privacy Statement](https://privacy.microsoft.com/privacystatement).

+## Prerequisites

+To get started with Meetings insights, people in your organization need to be licensed for:

+- Microsoft Teams

+For more information, seeΓÇ»[assign licenses to users](../manage/assign-licenses-to-users.md).

+After people have been active in Teams at least once in the last 28 days, you will start to see the insights.

+## Why your organization's meetings score matters

+Meetings, where people explore ideas, plan, solve problems, and make decisions, are a fundamental pillar for organizational productivity. Research indicates that when people use online meeting tools effectively, they tend to save up to 104 minutes per week.

+## How we calculate the meetings score

+Microsoft Teams integrates with Outlook calendar and provides a host of capabilities to make your meetings more engaging and effective. We provide an overall score for Meetings and then sub scores for each of the best practices in the Set up, Meet up and Follow up sections.

+## Overall score

+The overall meeting score is calculated by averaging out the scores across the three phases i.e., Set up, Meet up and Follow up. We take into account the number of attendees and the duration of the meeting when tallying the final averaged scores.

+For each meeting:

+1. We compute the three sub-scores (Pre, During, Post), by averaging the features, for each meeting. For example, Set Up: 30, Meet up: 40, Follow up: 20

+1. We then compute the average of the three sub-scores for the meeting. From the above example, 30+40+20/3 = 30

+1. We compute the weight of each meeting based on the meeting duration and meeting size. The longer or bigger a meeting, the more impact it has in the final score.

+1. We then perform a weighted sum average on scores from all meetings of the tenant based on meeting weights to compute the final meeting score for the tenant.

+1. **Header**: Shows the score, out of 100, based on the average of Set Up, Meet Up and Follow Up phases for online meetings on Microsoft Teams held in the past 28 days.

+1. **Body**: Provides more information on how using online meeting tools effectively can make meetings more effective.

+1. **Visualization (current state)**: In this horizontal bar chart, the blue (colored) portion represents the score (out of 100) shown in the header.

+## Trend visualization of the score

+The following chart shows the trend-line of score over the selected period. Each data point on the line chart is an aggregate of activity for the last 28 days.

+## What makes up my score?

+We provide you with supporting data on each of the Set Up, Meet up and Follow Up phases. The score for each insight is calculated out of 100.

+## Set up

+This represents the phase that involves scheduling and sharing the details of the meeting and participants joining the meeting.

+- **Communication shared ahead of time**: This represents the score for Microsoft Teams meetings that had a Teams conversation meeting chat started before conducting the meeting. For this to be tracked, a user must go to the meeting chat with the participants and send a message to the participants, before the scheduled meeting time.

+- **Scheduled with at least 24 hours notice**: This represents the score for Microsoft Teams meetings that were scheduled at least 24 hours earlier than their start time.

+- **Invitation accepted at a high rate (>50%)**: This represents the score for Microsoft Teams meetings that had more than 50% of invited participants accept the meeting invite.

+- **Joined within 5 minutes of start time (>50%)**: This represents the score for Microsoft Teams meetings that had more than 50% of invited participants join the meeting within 5 minutes of the start time.

+## Meet up

+This represents the phase of when attendees are in the meeting.

+- **Used at least one interactive feature**: This represents the score for Microsoft Teams meetings that had attendees use at least one interactive feature. These interactive features include raising hand, sending a meeting chat message, or sending a reaction in the meeting. The score is calculated out of 100.

+- **Participated with audio or chat at a high rate (>33%)**: This represents the score for Microsoft Teams meetings that had more than 33% of the participants either speak in a meeting, send a meeting chat, or both. The score is calculated out of 100.

+- **Shared visual content**: This represents the score for Microsoft Teams meetings that had attendees share any visual content in the meeting by either turning on their video, sharing screen, or both. The score is calculated out of 100.

+## Follow up

+- **Created recording**: This represents the score for Microsoft Teams meetings that had the meeting recorded. The score is calculated out of 100.

+- **Sent out post-meeting communication**: This represents the score for Microsoft Teams meetings that had attendee(s) share any chat messages on the meeting chat thread after the conclusion of that meeting. The score is calculated out of 100.

+## How can I impact my score?

+This section helps understand two insights for the organization:

+1. **Most significant growth**: This section depicts the part of the score that had the highest growth in the past 28 days.

+1. **Biggest area for improvement**: This section depicts the part of the score that has the biggest room to improve and impact the org's Adoption Score in the future.

+## Dig deeper into meetings

+This section consists of three sub-sections:

+1. **Additional insights**: Here we provide additional insights which help organizations identify trends and user behaviors across meetings.

+1. **Interesting findings**: Here we provide some interesting facts about meetings being conducted in the organization.

+1. **Microsoft Research**: Here we reference Microsoft blogs and public research which provide recommended practices and their impacts to have effective meetings.

+> [!NOTE]

+> The 'Dig deeper into meetings' section does not contribute to the overall score of the Meetings Page in Adoption Score People Experiences, however some insights in this section may expand on a primary insight used to calculate a score.

+## Related content

+[Microsoft 365 apps health ΓÇô Technology experiences](apps-health.md) (article)\

+[Communication ΓÇô People experiences](communication.md) (article)\

+[Content collaboration ΓÇô People experiences](content-collaboration.md) (article)\

+[Mobility ΓÇô People experiences](mobility.md) (article)\

+[Privacy controls for Adoption Score](privacy.md) (article)\

+[Teamwork ΓÇô People experiences](teamwork.md) (article)

+- Flexible admin roles to control who can see the information in Adoption Score

+- The capability to remove users and groups from people experience calculations

+- The capability to opt out of the people experiences area

+- User Experience Success Manager

+Global admin can assign the Reports Reader role, Usage Summary Reports Reader role, or User Experience Success Manager role to anyone who's responsible for change management and adoption, but not necessarily an IT administrator.

+Users with the Reports Reader role can view usage reporting data and the reports dashboard in Microsoft 365 admin center and the adoption context pack in Power BI. Users with Usage Summary Reports Reader role can see only tenant level aggregates and group level aggregates in Microsoft 365 Usage Analytics and Adoption Score. The User Experience Success Manager role includes the permissions of the Usage Summary Reports Reader role, and can get access to more Adoption-related information such as Message Center, Product Feedback, and Service Health. See [Azure AD built-in roles](/azure/active-directory/roles/permissions-reference) to learn more about different roles.

+## Capability to choose specific users or certain groups

+You can choose the users and groups whose data will be used to determine your org's people experiences insights. Omitting some groups will affect the insights calculations. You have to be a Global admin to opt your organization out of the people experiences reports. It can take up to 24 hours for change to apply.

+To omit certain groups:

+1. In the admin center, go to **Settings** > **Org Settings** > **Adoption Score**.

+2. Select **Exclude specific users via group**.

+3. Choose one or multiple Admin Center AAD groups to omit.

+4. Select **Save changes**.

+You can also opt out of the people experiences area of Adoption Score. If you opt out, no one from your organization will be able to view these metrics, and your organization will be removed from any calculations that involve communication, meetings, teamwork, content collaboration, and mobility. You have to be a Global admin to opt your organization out of the people experiences reports. It can take up to 24 hours for change to apply. You can revert your change before the end of the day in UTC time to keep historical data.

+2. Select **Don't calculate for any users**.

+|Require password when accessing application store|Yes|No|No|

+|Block cloud backup|Yes|Yes|Yes|Block Google backup on Android (grayed out), cloud backup on supervised iOS.|

+|Block document synchronization|No|No|Yes|iOS: Block documents in the cloud on supervised iOS devices.|

+|Block video conference |No|No|Yes|FaceTime blocked on supervised iOS devices, not on Skype or others.|

+|Block access to app store |No|Yes|Yes|App store icon missing on Android home page, disabled on Windows, and supervised iOS devices.|

+> The Microsoft 365 updates described in this article apply to OneDrive for Business, SharePoint Online, Office for the web, Microsoft 365 admin center and some components of Exchange Online. These release options are targeted, best effort ways to release changes to Microsoft 365 but cannot be guaranteed at all times or for all updates. They do not currently apply to services other than those listed previously. For information about release options for Microsoft 365 Apps, see [Overview of update channels for Microsoft 365 Apps](/deployoffice/overview-update-channels).

+Any new release is first tested and validated by the feature team, then by the entire Microsoft 365 feature team, followed by all of Microsoft. After internal testing and validation, the next step is a **Targeted release** (formerly known as First release) to customers who opt in. At each release ring, Microsoft collects feedback and further validates quality by monitoring key usage metrics. This series of progressive validation is in place to make sure the worldwide-release is as robust as possible. The releases are pictured in the following figure.

+A good practice is to leave the majority of users in **Standard release** and IT Pros and power users in **Targeted release** to evaluate new features and prepare teams to support business users and executives.

+> If you switch from targeted release back to standard release track, your users may lose access to features that haven't reached standard release yet.

+> Large or complex updates may take longer than others so that no users are adversely affected. There is no guarantee on the exact timeline of a release. Targeted release is not currently available for customers with either the Office 365 GCC plan or the Office 365 GCC High and DoD plan.

+If you [Set up the release option in the admin center](#set-up-the-release-option-in-the-admin-center) for this option, all your users will get the Targeted release experience. For organizations with more than 300 users, we recommend using a test subscription for this option. For test subscription information, please reach out to your Microsoft contact.

+> It can take up to 24 hours for the below changes to take effect in Microsoft 365. If you opt out of targeted release after enabling it, your users may lose access to features that haven't reached the scheduled release yet.

+5. To disable targeted release, select **Standard release**, then select **Save changes**.

+6. To enable targeted release for all users in your organization, select **Targeted release for everyone**, then select **Save changes**.

+7. To enable targeted release for some people in your organization, select **Targeted release for selected users**, then select **Save changes**.

+> Password expiration notifications are no longer supported in the Microsoft 365 admin center and the Office apps or Office web apps.

+ Title: "Conformance metadata for Message Center posts"

+f1.keywords:

+- CSH

+audience: Admin

+ms.localizationpriority: medium

+description: "Get an overview of conformance metadata for Message center posts"

+# Conformance metadata for Message Center posts

+> [!IMPORTANT]

+> This private document is only for Change Management: Conformance metadata users. Don't share this document beyond those who are directly involved in the pilot.

+When planning for new features or service deployments, you would like to understand and assess the changes for conformance to your industry, region and country. We've heard your feedback when there's insufficient conformance information about a new or changing feature, you have to conduct your own research about the feature or reach out to the Compliance Program with questions.

+In this pilot program, we want to proactively provide metadata for new and updated Microsoft 365 features and services. Our goal is to help you efficiently assess your compliance requirements and help you with adoption and change management decisions.

+For example, if for a feature the metadata has the following values, feature adoption decision should be quick.

+- Customer data is stored? **No**

+- Change to customer data storage? **No**

+- Changes to existing data flow? **No**

+- Feature integrates with third party services? **No**

+> [!NOTE]

+> The above list is slightly different from what you previously saw in the pilot conformance posts. We've updated the list based on feedback we've received from pilot customers.

+For features where the metadata is different from the list above, the Message center post may provide you with documentation.

+## Understanding conformance metadata

+|**Metadata name**|**Values**|**Definition and questions asked**|**Example: Yes**|**Example: No**|

+|||||

+|**Customer data is stored**|Yes/No|Does this change store or process any net new data (classified as customer or personal data) which wasn't previously stored or processed by the service/previous version of this feature?|Teams Meetings recordings capturing and collecting customer data and is now stored in.|Message Center Service monthly active users (MAU) feature shows the aggregated service monthly active users for a tenant ID which isn't classified as customer or personal data.|

+|**Change to customer data storage**|Yes/No|Does this change use a new or different service to store data|Teams Meetings Recordings capturing/collecting customer data/content and is now stored in.|Expanded reactions in Teams. Expanding message reactions in Teams to a larger set. The newer reactions being stored are customer data, however, there's no change in how data is stored or processed.|

+|**Changes to existing data flow**|Yes/No|Does this feature process data via a new or different processing pipeline? <br> Or <br> Is the feature just extending an existing processing pipeline to newer data or exposing data already exposed on one surface to another surface? (**Answer = No**).|When Bing for Business started using text from Word to send to Bing then bring data back to Word, the flow of data changed.|Productivity score being used on the Experience Insights page in admin center, the data is shown on a new surface, but storage and processing is the same. <br> Suggested Reply in Group Chats on Teams Desktop (an extension of 1:1 chats) doesn't have any net new data. It's an extension of the pipeline already set up for Suggested Reply in 1:1 chats.|

+|**Feature integrates with third party services**|Yes/No|Does this feature utilize a net new service or app (first party or third party) that customer data could potentially be stored or processed outside of Microsoft 365?|Bing for Business may receive customer content in the form of "search" data to present a user with potentially relevant information/content.|Message Center Service monthly active users (MAU) feature shows the service monthly active users using Usage Report Graph API which is within Microsoft 365 boundary.|

+|

+## Join the pilot program

+You can join by completing this [questionnaire](https://go.microsoft.com/fwlink/p/?linkid=2211581).

+When a Message center post is delivered, you'll receive an additional Message Center post that says: **Additional Conformance Information for MC######**. This post contains more conformance metadata. You can provide feedback directly on the extra post or you can email: MCSHDPMS@Microsoft.com. You can also send feedback on the [Teams channel](https://go.microsoft.com/fwlink/p/?linkid=2211676).

+> [!NOTE]

+> WeΓÇÖll start with features from Microsoft Teams, OneDrive for Business and SharePoint Online.

+- Maintain a 14-character minimum length requirement

+Microsoft 365 Business Premium offers a number of ways for you to protect your business data. See [Overview of Microsoft 365 Business Premium](../../admin/admin-overview/what-is-microsoft-365.md) for more about the various protections that are automatically set up, and what you can set up yourself to further protect your business. You can also onboard devices to Microsoft Defender for Business to protect your Windows devices and the data in your mobile devices. For more information, see [Onboard enrolled devices to Microsoft Defender for Business](/microsoft-365/business-premium/m365bp-onboard-devices-mdb).

+Microsoft 365 Business Premium lets you set up policies that protect data on your Windows 10 and 11 devices. When a device is under mobile device management, you control the entire device, and can wipe data from it, and also reset it to factory settings. For more information, see [Choose the device management solution that's right for you](/mem/intune/fundamentals/what-is-device-management#choose-the-device-management-solution-thats-right-for-you) and [Set up and secure managed devices](/microsoft-365/business-premium/m365bp-protect-devices).

+Mobile application management lets you control your business data in your users' personal devices, such as iPhones and Androids, and their personal Windows computers. You can use application management policies to prevent your users from copying business data from Office apps to their personal apps. You can also remove all data from the Office apps on their personal devices. For more information, see [Choose the device management solution that's right for you](/mem/intune/fundamentals/what-is-device-management#choose-the-device-management-solution-thats-right-for-you) and [Set up and secure managed devices](/microsoft-365/business-premium/m365bp-protect-devices).

+2. On the **Invoices** tab, choose the invoice that you want to view. If you don't see an invoice, use the date filter and select **Past 3 months**, **Past 6 months**, or **Specify date range**.

+3. On the **Invoice summary** page, you see invoice details including the list of items, the price for each item, and the total cost for all items in the invoice.

+- View the default state of the **AllowSelfServicePurchase** parameter valueΓÇöwhether it's enabled, disabled, or allows trials without a payment method

+- View a list of applicable products and whether self-service purchase is enabled, disabled, or allows trials without a payment method

+- View or modify the setting for trials without payment methods

+This command connects the current PowerShell session to an Azure Active Directory tenant. The command prompts you for a username and password for the tenant you want to connect to. If multi-factor authentication is enabled for your credentials, you use the interactive option to sign in.

+The following table lists the available products and their **ProductId**. It also indicates which products have a trial available and don't require a payment method. If applicable, all other trials require a payment method. For the products that have trial without payment method enabled, you can enable the trial, while keeping the ability to purchase the product disabled. For sample commands, see View or set the status for **AllowSelfServicePurchase**.

+| Product | ProductId | Is trial without payment method enabled? |

+|--|--|--|

+| Power Apps per user* | CFQ7TTC0LH2H | No |

+| Power Automate per user | CFQ7TTC0KP0N | No |

+| Power Automate RPA | CFQ7TTC0KXG6 | No |

+| Power BI Premium (standalone) | CFQ7TTC0KXG7 | No |

+| Power BI Pro | CFQ7TTC0L3PB | No |

+| Project Plan 1* | CFQ7TTC0HDB1 | Yes |

+| Project Plan 3* | CFQ7TTC0HDB0 | No |

+| Visio Plan 1* | CFQ7TTC0HD33 | No |

+| Visio Plan 2* | CFQ7TTC0HD32 | No |

+| Windows 365 Enterprise | CFQ7TTC0HHS9 | No |

+| Windows 365 Business | CFQ7TTC0J203 | No |

+| Windows 365 Business with Windows Hybrid Benefit | CFQ7TTC0HX99 | No |

+| Microsoft 365 F3 | CFQ7TTC0LH05 | No |

+| Dynamics 365 Marketing | CFQ7TTC0LH3N | No |

+| Dynamics 365 Marketing Attach | CFQ7TTC0LHWP | No |

+| Dynamics 365 Marketing Additional Application | CFQ7TTC0LHVK | No |

+| Dynamics 365 Marketing Additional Non-Prod Application | CFQ7TTC0LHWM | No |

+*These IDs have changed. If you previously blocked products using the old IDs, they're automatically blocked using the new IDs. No other work is required.

+You can set the **Value** parameter for **AllowSelfServicePurchase** to allow or prevent users from making a self-service purchase. You can also use the **OnlyTrialsWithoutPaymentMethod** value to allow users to try products that have no payment required trials. Refer to the product list above to see which products have these trials enabled. Users can only buy the product after the trial is over if **AllowSelfServicePurchase** is enabled.

+> [!NOTE]

+> Changing the value for **AllowSelfServicePurchase** or **OnlyTrialsWithoutPaymentMethod** only impacts trials or purchases made for the specified product from that point forward. Existing trials or purchases for the specified product aren't affected.

+The following table describes the settings for the **Value** parameter.

+| **Setting** | **Impact** |

+|||

+| Enabled | Users can make self-service purchases and acquire trials for the product. |

+| OnlyTrialsWithoutPaymentMethod | Users can't make self-service purchases but can acquire free trials for products that don't require them to add a payment method. After the trial expires, a user can't buy the paid version of the product. |

+| Disabled | Users can't make self-service purchases or acquire trials for the product. |

+Update-MSCommerceProductPolicy -PolicyId AllowSelfServicePurchase -ProductId CFQ7TTC0KP0N -Value "Enabled"

+Update-MSCommerceProductPolicy -PolicyId AllowSelfServicePurchase -ProductId CFQ7TTC0KP0N -Value "Disabled"

+```

+To allow users to try a specific product without a payment method, run the following command:

+```powershell

+Update-MSCommerceProductPolicy -PolicyId AllowSelfServicePurchase -ProductId CFQ7TTC0KP0N -Value "OnlyTrialsWithoutPaymentMethod"

+Update-MSCommerceProductPolicy -PolicyId AllowSelfServicePurchase -ProductId $product.ProductID -Value "Disabled"

+Update-MSCommerceProductPolicy -PolicyId AllowSelfServicePurchase -ProductId $product[0].ProductID -Value "Disabled"

+Update-MSCommerceProductPolicy -PolicyId AllowSelfServicePurchase -ProductId $product[1].ProductID -Value "Disabled"

+This may be due to an older version of Transport Layer Security (TLS). When you connect to this service, you must use TLS 1.2 or greater

+[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12

+[Manage self-service purchases (Admin)](manage-self-service-purchases-admins.md) (article)\

+ Title: "Automatically apply a retention label to Microsoft 365 items"

+ - Files shared by users who don't have access to those files at the time of sharing.

+2. Regularly, BlackBerry items are collected by the DataParser. The DataParser also converts the content of a message to an email message format.

+- This 17a-4 data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to <https://compliance.microsoft.com> and then select **Data connectors** > **BlackBerry DataParser**.

+2. On the **BlackBerry DataParser** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector and then select **Next**.

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the BlackBerry DataParser connector that you created to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud.

+2. Regularly, Bloomberg items are collected by the DataParser. The DataParser also converts the content of a message to an email message format.

+- This 17a-4 data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to <https://compliance.microsoft.com> and then select **Data connectors** > **Bloomberg DataParser**.

+2. On the **Bloomberg DataParser** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector and then select **Next**.

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the Bloomberg DataParser connector that you created to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+- This 17a-4 data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to <https://compliance.microsoft.com> and then select **Data connectors** > **Cisco Jabber DataParser**.

+2. On the **Cisco Jabber DataParser** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector and then select **Next**.

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the Cisco Jabber DataParser connector that you created to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+2. Regularly, FactSet items are collected by the DataParser. The DataParser also converts the content of a message to an email message format.

+- This 17a-4 data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to <https://compliance.microsoft.com> and then select **Data connectors** > **FactSet DataParser**.

+2. On the **FactSet DataParser** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector and then select **Next**.

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the FactSet DataParser connector that you created to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+2. Regularly, Fuze items are collected by the DataParser. The DataParser also converts the content of a message to an email message format.

+- This 17a-4 data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to <https://compliance.microsoft.com> and then select **Data connectors** > **Fuze DataParser**.

+2. On the **Fuze DataParser** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector and then select **Next**.

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the Fuze DataParser connector that you created to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+2. Regularly, FX Connect items are collected by the DataParser. The DataParser also converts the content of a message to an email message format.

+- This 17a-4 data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to <https://compliance.microsoft.com> and then select **Data connectors** > **FX Connect DataParser**.

+2. On the **FX Connect DataParser** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector and then select **Next**.

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the FX Connect DataParser connector that you created to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+2. Regularly, ICE Connect Chat items are collected by the DataParser. The DataParser also converts the content of a message to an email message format.

+- This 17a-4 data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to <https://compliance.microsoft.com> and then select **Data connectors** > **ICE DataParser**.

+2. On the **ICE DataParser** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector and then select **Next**.

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the ICE DataParser connector that you created to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+2. Regularly, InvestEdge items are collected by the DataParser. The DataParser also converts the content of a message to an email message format.

+- This 17a-4 data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to <https://compliance.microsoft.com> and then select **Data connectors** > **InvestEdge DataParser**.

+2. On the **InvestEdge DataParser** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector and then select **Next**.

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the InvestEdge DataParser connector that you created to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+2. Regularly, LivePerson Conversational Cloud items are collected by the DataParser. The DataParser also converts the content of a message to an email message format.

+- This 17a-4 data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to <https://compliance.microsoft.com> and then select **Data connectors** > **LivePerson Conversational Cloud DataParser**.

+2. On the **LivePerson Conversational Cloud DataParser** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector and then select **Next**.

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the LivePerson Conversational Cloud DataParser connector that you created to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+2. Regularly, Quip items are collected by the DataParser. The DataParser also converts the content of a message to an email message format.

+- This 17a-4 data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to <https://compliance.microsoft.com> and then select **Data connectors** > **Quip DataParser**.

+2. On the **Quip DataParser** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector and then select **Next**.

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the Quip DataParser connector that you created to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+- This 17a-4 data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP-compliant.

+1. Go to <https://compliance.microsoft.com> and then select **Data connectors** > **Refinitiv Eikon Messenger DataParser**.

+2. On the **Refinitiv Eikon Messenger DataParser** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector and then select **Next**.

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the Refinitiv Eikon Messenger DataParser connector that you created to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+2. Regularly, ServiceNow items are collected by the DataParser. The DataParser also converts the content of a message to an email message format.

+- This 17a-4 data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to <https://compliance.microsoft.com> and then select **Data connectors** > **ServiceNow DataParser**.

+2. On the **ServiceNow DataParser** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector and then select **Next**.

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the ServiceNow DataParser connector that you created to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+2. Regularly, Skype for Business Server items are collected by the DataParser. The DataParser also converts the content of a message to an email message format.

+- This 17a-4 data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to <https://compliance.microsoft.com> and then select **Data connectors** > **Skype for Business Server DataParser**.

+2. On the **Skype for Business Server DataParser** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector and then select **Next**.

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the Skype for Business Server DataParser connector that you created to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+2. Regularly, Slack items are collected by the DataParser. The DataParser also converts the content of a message to an email message format.

+- This 17a-4 data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to <https://compliance.microsoft.com> and then select **Data connectors** > **Slack DataParser**.

+2. On the **Slack DataParser** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector and then select **Next**.

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the Slack DataParser connector that you created to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+2. Regularly, SQL items are collected by the DataParser. The DataParser also converts the content of a message to an email message format.

+- This 17a-4 data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to <https://compliance.microsoft.com> and then select **Data connectors** > **SQL DataParser**.

+2. On the **SQL DataParser** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector and then select **Next**.

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the SQL DataParser connector that you created to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+2. Regularly, Symphony items are collected by the DataParser. The DataParser also converts the content of a message to an email message format.

+- This 17a-4 data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to <https://compliance.microsoft.com> and then select **Data connectors** > **Symphony DataParser**.

+2. On the **Symphony DataParser** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector and then select **Next**.

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the Symphony DataParser connector that you created to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+2. Regularly, Cisco Webex items are collected by the DataParser. The DataParser also converts the content of a message to an email message format.

+- This 17a-4 data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to <https://compliance.microsoft.com> and then select **Data connectors** > **Cisco Webex DataParser**.

+2. On the **Cisco Webex DataParser** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector and then select **Next**.

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the Cisco Webex DataParser connector that you created to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+2. Regularly, Zoom items are collected by the DataParser. The DataParser also converts the content of a message to an email message format.

+- This 17a-4 data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to <https://compliance.microsoft.com> and then select **Data connectors** > **Zoom DataParser**.

+2. On the **Zoom DataParser** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector and then select **Next**.

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the Zoom DataParser connector that you created to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+- This TeleMessage data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com) and select **Data connectors** > **Android Archiver**.

+2. On the **Android Archiver** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. On the **Login to TeleMessage** page, under Step 3, enter the required information in the following boxes and then select **Next**.

+5. After the connector is created, close the pop-up window and select **Next**.

+6. On the **User mapping** page, enable automatic user mapping and select **Next**. In case you need custom mapping upload a CSV file, and select **Next**.

+7. Review your settings, and then select **Finish** to create the connector.

+- This TeleMessage data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and then select **Data connectors** \ **AT&T Network**.

+2. On the **AT&T Network product** description page, select **Add connector**

+3. On the **Terms of service** page, select **Accept**.

+4. On the **Login to TeleMessage** page, under Step 3, enter the required information in the following boxes and then select **Next**.

+6. On the **User mapping** page, enable automatic user mapping. To enable custom mapping, upload a CSV file that contains the user mapping information, and then select **Next**.

+7. Review your settings, and then select **Finish** to create the connector.

+- This TeleMessage data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com) and then select **Data connectors** > **Bell SMS/MMS Network Archiver**.

+2. On the **Bell Network** product description page, select **Add connector**

+3. On the **Terms of service** page, select **Accept**.

+4. On the **Login to TeleMessage** page, under Step 3, enter the required information in the following boxes and then select **Next**.

+6. On the **User mapping** page, enable automatic user mapping. To enable custom mapping, upload a CSV file that contains the user mapping information, and then select **Next**.

+7. Review your settings, and then select **Finish** to create the connector.

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** in the left nav.

+2. On the **Data connectors** page under **Bloomberg Message**, select **View**.

+3. On the **Bloomberg Message** product description page, select **Add connector**

+4. On the **Terms of service** page, select **Accept**.

+5. On the **Add credentials for content source** page, select **I want to use PGP and SSH public keys provided by Microsoft**.

+6. Under step 1, select the **Download SSH key**, **Download PGP key**, and **Download IP address** links to save a copy of each file to your local computer.

+7. Select **Cancel** to close the wizard. You come back to this wizard in Step 3 to create the connector.

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** in the left nav.

+2. On the **Data connectors** page under **Bloomberg Message**, select **View**.

+3. On the **Bloomberg Message** product description page, select **Add connector**

+4. On the **Terms of service** page, select **Accept**.

+5. On the **Add credentials for content source** page, select **I want to use PGP and SSH public keys provided by Microsoft**.

+6. Under Step 3, enter the required information in the following boxes and then select **Validate connection**.

+7. After the connection is successfully validated, select **Next**.

+10. Select **Next**, review your settings, and then select **Finish** to create the connector.

+11. Go to the **Data connectors** page to see the progress of the import process for the new connector. Select the connector to display the flyout page, which contains information about the connector.

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** in the left nav.

+2. On the **Data connectors** page under **Bloomberg Message**, select **View**.

+3. On the **Bloomberg Message** product description page, select **Add connector**

+4. On the **Terms of service** page, select **Accept**.

+5. On the **Add credentials for content source** page, select **I want to use PGP and SSH private keys**.

+6. Under step 1, select **Download IP address** to save a copy of the IP address file to your local computer.

+7. Select **Cancel** to close the wizard. You come back to this wizard in Step 2 to create the connector.

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** in the left nav.

+2. On the **Data connectors** page under **Bloomberg Message**, select **View**.

+3. On the **Bloomberg Message** product description page, select **Add connector**

+4. On the **Terms of service** page, select **Accept**.

+5. On the **Add credentials for content source** page, select **I want to use PGP and SSH private keys**.

+6. Under Step 3, enter the required information in the following boxes and then select **Validate connection**.

+7. After the connection is successfully validated, select **Next**.

+10. Select **Next**, review your settings, and then select **Finish** to create the connector.

+11. Go to the **Data connectors** page to see the progress of the import process for the new connector. Select the connector to display the flyout page, which contains information about the connector.

+- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and then select **Data connectors** \> **CellTrust**.

+2. On the **CellTrust** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector and then select **Next**.

+After you select **Save & Finish**, the **User mapping** page in the connector wizard in the compliance portal is displayed.

+2. Select **Next**, review your settings, and go to the **Data connectors** page to see the progress of the import process for the new connector.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the **CellTrust** connector to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/)and then select **Data connectors** > **Cisco Jabber on MS SQL**.

+2. On the **Cisco Jabber on MS SQL** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector and then select **Next**.

+After you select **Save & Finish**, the **User mapping** page in the connector wizard in the compliance portal is displayed.

+2. Select **Next**, review your settings, and go to the **Data connectors** page to see the progress of the import process for the new connector.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com) and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the **Cisco Jabber on MS SQL** connector to display the flyout page. This page contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to <https://compliance.microsoft.com> and then select **Data connectors** > **Cisco Jabber on Oracle**.

+2. On the **Cisco Jabber on Oracle** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector, and then select **Next**.

+After you select **Save & Finish**, the **User mapping** page in the connector wizard in the compliance portal is displayed.

+2. Select **Next**, review your settings, and then go to the **Data connectors** page to see the progress of the import process for the new connector.

+1. Go to <https://compliance.microsoft.com/> and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the **Cisco Jabber on Oracle** connector to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to <https://compliance.microsoft.com> and then select **Data connectors** &gt; **Cisco Jabber on PostgreSQL**.

+2. On the **Cisco Jabber on PostgreSQL** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector, and then select **Next**.

+After you select **Save & Finish**, the **User mapping** page in the connector wizard in the compliance portal is displayed.

+2. Select **Next**, review your settings, and then go to the **Data connectors** page to see the progress of the import process for the new connector.

+1. Go to <https://compliance.microsoft.com/> and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the **Cisco Jabber on PostgreSQL** connector to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+- This CellTrust data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** on the left navigation pane.

+2. On the **Overview** tab, select **Filter** and select **By CellTrust**, and then apply the filter.

+3. Select **CellTrust SL2 (preview)**.

+4. On the **CellTrust SL2 (preview)** product description page, select **Add connector**.

+5. On the **Terms of service** page, select **Accept**.

+6. Enter a unique name that identifies the connector and then select **Next**. The name you enter will identify the connector on the **Data connectors** page after you create it.

+7. On the **Sign in to your CellTrust account** page, select **Sign into CellTrust**. You'll be redirected to the **CellTrust Portal for Microsoft 365** in a new browser window.

+2. Select **Next**, review your settings, and then select **Finish** to create the connector.

+- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and then select **Data connectors** > **EML**.

+2. On the **EML** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector, and then select **Next**.

+After you select **Save & Finish**, the **User mapping** page in the connector wizard in the compliance portal is displayed.

+2. Select **Next**, review your settings, and then go to the **Data connectors** page to see the progress of the import process for the new connector.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com) and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the **EML** connector to display the flyout page. This page contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+- This TeleMessage data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and then select **Data connectors** \> **Enterprise Number Archiver**.

+2. On the **Enterprise Number Archiver** product description page, select **Add connector**

+3. On the **Terms of service** page, select **Accept**.

+4. On the **Login to TeleMessage** page, under Step 3, enter the required information in the following boxes and then select **Next**.

+6. On the **User mapping** page, enable automatic user mapping. To enable custom mapping, upload a CSV file that contains the user mapping information, and then select **Next**.

+7. Review your settings, and then select **Finish** to create the connector.

+- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and then select **Data connectors** > **FX Connect**.

+2. On the **FX Connect** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector, and then select **Next**.

+After you select **Save & Finish**, the **User mapping** page in the connector wizard in the compliance portal is displayed.

+2. Select **Next**, review your settings, and then go to the **Data connectors** page to see the progress of the import process for the new connector.

+1. Go to <https://compliance.microsoft.com/> and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the **FX Connect** connector to display the flyout page. This page contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com) and select **Data connectors** in the left nav.

+2. On the **Data connectors** page under **ICE Chat**, select **View**.

+3. On the **ICE Chat** page, select **Add connector**.

+4. On the **Terms of service** page, select **Accept**.

+5. On the **Add credentials for content source** page, select **I want to use PGP and SSH public keys provided by Microsoft**.

+6. Under step 1, select the **Download SSH key**, **Download PGP key**, and **Download IP address** links to save a copy of each file to your local computer.

+7. Select **Cancel** to close the wizard. You come back to this wizard in Step 3 to create the connector.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com) and select **Data connectors** in the left nav.

+2. On the **Data connectors** page under **ICE Chat**, select **View**.

+3. On the **ICE Chat** page, select **Add connector**.

+4. On the **Terms of service** page, select **Accept**.

+5. On the **Add credentials for content source** page, select **I want to use PGP and SSH public keys**.

+6. Under Step 3, enter the required information in the following boxes and then select **Validate connection**.

+7. After the connection is successfully validated, select **Next**.

+10. Select **Next**, review your settings, and then select **Finish** to create the connector.

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** in the left nav.

+2. On the **Data connectors** page under **ICE Chat**, select **View**.

+3. On the **ICE Chat** product description page, select **Add connector**

+4. On the **Terms of service** page, select **Accept**.

+5. On the **Add credentials for content source** page, select **I want to use PGP and SSH private keys**.

+6. Under step 1, select **Download IP address** to save a copy of the IP address file to your local computer.

+7. Select **Cancel** to close the wizard. You come back to this wizard in Step 2 to create the connector.

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** in the left nav.

+2. On the **Data connectors** page under **ICE Chat**, select **View**.

+3. On the **ICE Chat** product description page, select **Add connector**

+4. On the **Terms of service** page, select **Accept**.

+5. On the **Add credentials for content source** page, select **I want to use PGP and SSH private keys**.

+6. Under Step 3, enter the required information in the following boxes and then select **Validate connection**.

+7. After the connection is successfully validated, select **Next**.

+10. Select **Next**, review your settings, and then select **Finish** to create the connector.

+11. Go to the **Data connectors** page to see the progress of the import process for the new connector. Select the connector to display the flyout page, which contains information about the connector.

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** in the left nav.

+2. On the **Data connectors** page under **Instant Bloomberg**, select **View**.

+3. On the **Instant Bloomberg** product description page, select **Add connector**

+4. On the **Terms of service** page, select **Accept**.

+5. On the **Add credentials for content source** page, select **I want to use PGP and SSH public keys provided by Microsoft**.

+6. Under step 1, select the **Download SSH key**, **Download PGP key**, and **Download IP address** links to save a copy of each file to your local computer.

+7. Select **Cancel** to close the wizard. You come back to this wizard in Step 3 to create the connector.

+1. Go to <https://compliance.microsoft.com> and then select **Data connectors** > **Instant Bloomberg**.

+2. On the **Instant Bloomberg** product description page, select **Add connector**

+3. On the **Terms of service** page, select **Accept**.

+4. On the **Add credentials for Bloomberg SFTP site** page, under Step 3, enter the required information in the following boxes and then select **Next**.

+7. Select **Next**, review your settings, and then select **Finish** to create the connector.

+8. Go to the **Data connectors** page to see the progress of the import process for the new connector. Select the connector to display the flyout page, which contains information about the connector.

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** in the left nav.

+2. On the **Data connectors** page under **Instant Bloomberg**, select **View**.

+3. On the **Instant Bloomberg** product description page, select **Add connector**

+4. On the **Terms of service** page, select **Accept**.

+5. On the **Add credentials for content source** page, select **I want to use PGP and SSH private keys**.

+6. Under step 1, select **Download IP address** to save a copy of the IP address file to your local computer.

+7. Select **Cancel** to close the wizard. You come back to this wizard in Step 2 to create the connector.

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** in the left nav.

+2. On the **Data connectors** page under **Instant Bloomberg**, select **View**.

+3. On the **Instant Bloomberg** product description page, select **Add connector**

+4. On the **Terms of service** page, select **Accept**.

+5. On the **Add credentials for content source** page, select **I want to use PGP and SSH private keys**.

+6. Under Step 3, enter the required information in the following boxes and then select **Validate connection**.

+7. After the connection is successfully validated, select **Next**.

+10. Select **Next**, review your settings, and then select **Finish** to create the connector.

+11. Go to the **Data connectors** page to see the progress of the import process for the new connector. Select the connector to display the flyout page, which contains information about the connector.

+1. Go to <https://compliance.microsoft.com> and then select **Data connectors** > **LinkedIn Company pages**.

+2. On the **LinkedIn company pages** product page, select **Add connector**.

+4. On the **Sign in with LinkedIn** page, select **Sign in with LinkedIn**.

+5. On the LinkedIn sign in page, enter the email address (or phone number) and password for the LinkedIn account associated with the company page that you want to archive, and then select **Sign in**.

+6. Select the company page that you want to archive items from, and then select **Next**.

+7. On the **Choose storage location** page, select in the box, select the email address of a Microsoft 365 mailbox that the LinkedIn items will be imported to, and then select **Next**. Items are imported to the inbox folder in this mailbox. The mailbox used must have an Exchange Online Plan 1 or Plan 2 license.

+8. Select **Next** to review the connector settings and then select **Finish** to complete the connector setup.

+- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com) and then select **Data connectors** > **MS SQL Database Importer**.

+2. On the **MS SQL Database Importer** product description page, select **Add new connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector, and then select **Next**.

+After you select **Save & Finish**, the **User mapping** page in the connector wizard in the compliance portal is displayed.

+2. Select **Next**, review your settings, and go to the **Data connectors** page to see the progress of the import process for the new connector.

+1. Go to <https://compliance.microsoft.com/> and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the **MS SQL Database** **Importer** connector to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+- This TeleMessage data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and then select **Data connectors** \> **O2 Network**.

+2. On the **O2 Network** product description page, select **Add connector**

+3. On the **Terms of service** page, select **Accept**.

+4. On the **Login to TeleMessage** page, under Step 3, enter the required information in the following boxes and then select **Next**.

+6. On the **User mapping** page, enable automatic user mapping and select **Next**. In case you need custom mapping upload a CSV file, and select **Next**.

+7. Review your settings, and then select **Finish** to create the connector.

+- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and then select **Data connectors** > **Pivot**.

+2. On the **Pivot** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector and then select **Next**.

+After you select **Save & Finish**, the **User mapping** page in the connector wizard in the compliance portal is displayed.

+2. Select **Next**, review your settings, and go to the **Data connectors** page to see the progress of the import process for the new connector.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com) and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the **Pivot** connector to display the flyout page. This page contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and then select **Data connectors** > **Reuters Dealing**.

+2. On the **Reuters Dealing** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector, and then select **Next**.

+After you select **Save & Finish**, the **User mapping** page in the connector wizard in the compliance portal is displayed.

+2. Select **Next**, review your settings, and go to the **Data connectors** page to see the progress of the import process for the new connector.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the **Reuters Dealing** connector to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and then select **Data connectors** > **Reuters Eikon**.

+2. On the **Reuters Eikon** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector, and then select **Next**.

+After you select **Save & Finish**, the **User mapping** page in the connector wizard in the compliance portal is displayed.

+2. Select **Next**, review your settings, and then go to the **Data connectors** page to see the progress of the import process for the new connector.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com) and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the **Reuters Eikon** connector to display the flyout page. This page contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and then select **Data connectors** > **Reuters FX**.

+2. On the **Reuters FX** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector, and then select **Next**.

+After you select **Save & Finish**, the **User mapping** page in the connector wizard in the compliance portal is displayed.

+2. Select **Next**, review your settings, and go to the **Data connectors** page to see the progress of the import process for the new connector.

+1. Go to <https://compliance.microsoft.com/> and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the **Reuters FX** connector to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to <https://compliance.microsoft.com> and then select **Data connectors** > **RingCentral**.

+2. On the **RingCentral** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector, and then select **Next**.

+After you select **Save & Finish,** the **User mapping** page in the connector wizard in the compliance portal is displayed.

+2. Select **Next**, review your settings, and then go to the **Data connectors** page to see the progress of the import process for the new connector.

+1. Go to <https://compliance.microsoft.com/> and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the **RingCentral** connector to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+- This TeleMessage data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to <https://compliance.microsoft.com> and then select **Data connectors** > **Rogers Network Archiver**.

+2. On the **Rogers Network Archiver** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. On the **Login to TeleMessage** page, under Step 3, enter the required information in the following boxes and then select **Next**.

+6. On the **User mapping** page, enable automatic user mapping. To enable custom mapping, upload a CSV file that contains the user mapping information, and then select **Next**.

+7. Review your settings, and then select **Finish** to create the connector.

+- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and then select **Data connectors** > **Salesforce Chatter**.

+2. On the **Salesforce Chatter** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector, and then select **Next**.

+After you select **Save & Finish,** the **User mapping** page in the connector wizard in the compliance portal is displayed.

+2. select **Next**, review your settings, and then go to the **Data connectors** page to see the progress of the import process for the new connector.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and select **Data connectors** in the left nav.

+2. select the **Connectors** tab and then select the **Salesforce Chatter** connector to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains data that's been imported to the Microsoft cloud.

+- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and then select **Data connectors** > **ServiceNow**.

+2. On the **ServiceNow** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector, and then select **Next**.

+After you select **Save & Finish,** the **User mapping** page in the connector wizard in the compliance portal is displayed.

+2. Select **Next**, review your settings, and then go to the **Data connectors** page to see the progress of the import process for the new connector.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the **ServiceNow** connector to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+- This TeleMessage data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to <https://compliance.microsoft.com> and then select **Data connectors** > **Signal Archiver**.

+2. On the **Signal Archiver** product description page, select **Add connector.**

+3. On the **Terms of service** page, select **Accept**.

+4. On the **Login to TeleMessage** page, under Step 3, enter the required information in the following boxes and then select **Next**.

+6. On the **User mapping** page, enable automatic user mapping. To enable custom mapping, upload a CSV file that contains the user mapping information, and then select **Next**.

+7. Review your settings, and then select **Finish** to create the connector.

+- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** > **Skype for Business**.

+2. On the **Skype for Business** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector, and then select **Next**.

+After you select **Save & Finish**, the **User mapping** page in the connector wizard in the compliance portal is displayed.

+2. Select **Next**, review your settings, and then go to the **Data connectors** page to see the progress of the import process for the new connector.

+1. Go to <https://compliance.microsoft.com/> and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the **Skype for Business** connector to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** on the left navigation pane.

+2. On the **Overview** tab, select **Filter** and select **By Microsoft**, and then apply the filter.

+3. Select **Slack eDiscovery (preview)**.

+4. On the **Slack eDiscovery (preview)** product description page, select **Add connector**.

+5. On the **Terms of service** wizard page, select **Accept**.

+6. Enter a unique name that identifies the connector and then select **Next**. The name you enter will identify the connector on the **Data connectors** page after you create it.

+1. On the **Sign into Slack** wizard page, select **Sign into Slack** to sign into your organization's Slack workspace.

+2. On the Slack **Sign into your workspace** page, type the name of the workspace that you want to archive data from, and then select **Continue**.

+3. Select the link in the string **Org Owners can also sign in here**.

+4. On the workspace sign-in page, enter the email address and password for your organization's Slack enterprise account, and then select **Sign in**.

+5. Select **Allow** to allow the app to administer your organization.

+ After you select **Allow**, the Slack page closes and the **Map Slack eDiscovery users to Microsoft 365 users** page in the connector wizard is displayed.

+ - **Custom user mapping**. You also have the option to use custom user mapping instead of (or in addition to) automatic user mapping. With this option, you have to create and then upload a CSV file that maps users' Slack member ID to their Microsoft 365 email address. To do this, select **Download CSV mapping template**, populate the CSV file with the Slack member ID and Microsoft 365 email address for all users in your organization, then select and upload the CSV file to the wizard. Be sure not to change the column headings in the CSV file. Here's an example of the CSV mapping file:

+ > Member IDs for users can be obtained by selecting the ... More button in a user's profile and then selecting **Copy member ID**. Alternatively, you can use the Slack [users.list API method](https://api.slack.com/methods/users.list) to obtain the IDs for all members of a Slack team.

+3. After you configure the data types to import, select **Next**, review the connector settings, and then select **Finish** to create the connector.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the **Slack eDiscovery** connector to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and then select **Data connectors** > **Slack eDiscovery**.

+2. On the **Slack eDiscovery** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector, and then select **Next**.

+After you select **Save & Finish**, the **User mapping** page in the connector wizard in the compliance portal is displayed.

+2. Select **Next**, review your settings, and go to the **Data connectors** page to see the progress of the import process for the new connector.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com) and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the **Slack eDiscovery** connector to display the flyout page. This page contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and then select **Data connectors** > **Symphony**.

+2. On the **Symphony** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector, and then select **Next**.

+After you select **Save & Finish**, the **User mapping** page in the connector wizard in the compliance portal is displayed.

+2. Select **Next**, review your settings, and then go to the **Data connectors** page to see the progress of the import process for the new connector.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com) and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the **Symphony** connector to display the flyout page. This page contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+- This TeleMessage data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to <https://compliance.microsoft.com> and then select **Data connectors** > T**elegram Archiver**.

+2. On the **Telegram Archiver** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. On the **Login to TeleMessage** page, under Step 3, enter the required information in the following boxes and then select **Next**.

+6. On the **User mapping** page, enable automatic user mapping. To enable custom mapping, upload a CSV file that contains the user mapping information, and then select **Next**.

+7. Review your settings, and then select **Finish** to create the connector.

+- This TeleMessage data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and then select **Data connectors** > **TELUS Network**.

+2. On the **TELUS Network** product description page, select **Add connector**

+3. On the **Terms of service** page, select **Accept**.

+4. On the **Login to TeleMessage** page, under Step 3, enter the required information in the following boxes and then select **Next**.

+6. On the **User mapping** page, enable automatic user mapping and select **Next**. In case you need custom mapping upload a CSV file, and select **Next**.

+7. Review your settings, and then select **Finish** to create the connector.

+- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and then select **Data connectors** > **Text-Delimited**.

+2. On the **text-delimited** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector, and then select **Next**.

+After you select **Save & Finish**, the **User mapping** page in the connector wizard in the compliance portal is displayed.

+2. Select **Next**, review your settings, and then go to the **Data connectors** page to see the progress of the import process for the new connector.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com) and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the **Text- Delimited** connector to display the flyout page. This page contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+2. Select **Deploy to Azure**.

+- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to <https://compliance.microsoft.com> and then select **Data connectors** > **Twitter**.

+2. On the **Twitter** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector, and then select **Next**.

+After you select **Save & Finish,** the **User mapping** page in the connector wizard in the compliance portal is displayed.

+2. Select **Next**, review your settings, and then go to the **Data connectors** page to see the progress of the import process for the new connector.

+1. Go to <https://compliance.microsoft.com/> and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the **Twitter** connector to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+- This TeleMessage data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com) and then select **Data connectors** > **Verizon Network**.

+2. On the **Verizon Network** product description page, select **Add connector**

+3. On the **Terms of service** page, select **Accept**.

+4. On the **Login to TeleMessage** page, under Step 3, enter the required information in the following boxes and then select **Next**.

+6. On the **User mapping** page, enable automatic user mapping and select **Next**. In case you need custom mapping upload a CSV file, and select **Next**.

+7. Review your settings, and then select **Finish** to create the connector.

+- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and then select **Data connectors** > **Webex Teams**.

+2. On the **Webex Teams** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector, and then select **Next**.

+After you select **Save & Finish**, the **User mapping** page in the connector wizard in the compliance portal is displayed.

+2. Select **Next**, review your settings, and then go to the **Data connectors** page to see the progress of the import process for the new connector.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com) and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the **Webex Teams** connector to display the flyout page. This page contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and then select **Data connectors** > **Webpage Capture**.

+2. On the **Webpage Capture** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector, and then select **Next**.

+After you select **Save & Finish**, the **User mapping** page in the connector wizard in the compliance portal is displayed.

+2. Select **Next**, review your settings, and go to the **Data connectors** page to see the progress of the import process for the new connector.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com) and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the **Webpage Capture** connector to display the flyout page. This page contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+- This TeleMessage data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to <https://compliance.microsoft.com> and then select **Data connectors** > **WeChat Archiver**.

+2. On the **WeChat Archiver** product description page, select **Add connector**

+3. On the **Terms of service** page, select **Accept**.

+4. On the **Login to TeleMessage** page, under Step 3, enter the required information in the following boxes and then select **Next**.

+7. Select **Next**, review your settings, and then select **Finish** to create the connector.

+- This TeleMessage data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and then select **Data connectors** > **WhatsApp Archiver**.

+2. On the **WhatsApp Archiver** product description page, select **Add connector**

+3. On the **Terms of service** page, select **Accept**.

+4. On the **Login to TeleMessage** page, under Step 3, enter the required information in the following boxes and then select **Next**.

+6. On the **User mapping** page, enable automatic user mapping and select **Next**. In case you need custom mapping upload a CSV file, and select **Next**.

+7. Review your settings, and then select **Finish** to create the connector.

+- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and then select **Data connectors** > **Workplace from Facebook**.

+2. On the **Workplace from Facebook** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector, and then select **Next**.

+After you select **Save & Finish**, the **User mapping** page in the connector wizard in the compliance portal is displayed.

+2. Select **Next**, review your settings, and then go to the **Data connectors** page to see the progress of the import process for the new connector.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com) and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the **Workplace from Facebook** connector to display the flyout page. This page contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and then select **Data connectors** \> **XIP**.

+2. On the **XIP** product description page, select **Add new connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector, and then select **Next**.

+After you select **Save & Finish**, the **User mapping** page in the connector wizard in the compliance portal is displayed.

+2. Select **Next**, review your settings, and go to the **Data connectors** page to see the progress of the import process for the new connector.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the **XIP** connector to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and then select **Data connectors** > **XSLT/XML**.

+2. On the **XSLT/XML** product description page, select **Add new connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector, and then select **Next**.

+After you select **Save & Finish**, the **User mapping** page in the connector wizard in the compliance portal is displayed.

+3. Select **Next**, review your settings, and go to the **Data connectors** page to see the progress of the import process for the new connector.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com) and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the **XSLT/XML** connector to display the flyout page. This page contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and then select **Data connectors** &gt; **Yieldbroker**.

+2. On the **Yieldbroker** product description page, select **Add new connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector, and then select **Next**.

+After you select **Save & Finish**, the **User mapping** page in the connector wizard in the compliance portal is displayed.

+2. Select **Next**, review your settings, and go to the **Data connectors** page to see the progress of the import process for the new connector.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the **Yieldbroker** connector to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+1. Go to <https://compliance.microsoft.com> and then select **Data connectors** > **YouTube**.

+2. On the **YouTube** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector, and then select **Next**.

+After you select **Save & Finish,** the **User mapping** page in the connector wizard in the compliance portal is displayed.

+2. Select **Next**, review your settings, and then go to the **Data connectors** page to see the progress of the import process for the new connector.

+1. Go to <https://compliance.microsoft.com/> and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the **YouTube** connector to display the flyout page, which contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+- This Veritas data connector is in public preview in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and then select **Data connectors** > **Zoom Meetings**.

+2. On the **Zoom Meetings** product description page, select **Add connector**.

+3. On the **Terms of service** page, select **Accept**.

+4. Enter a unique name that identifies the connector, and then select **Next**.

+After you select **Save & Finish**, the **User mapping** page in the connector wizard in the compliance portal is displayed.

+2. Select **Next**, review your settings, and go to the **Data connectors** page to see the progress of the import process for the new connector.

+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com) and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the **Zoom Meetings** connector to display the flyout page. This page contains the properties and information about the connector.

+3. Under **Connector status with source**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about the data that's been imported to the Microsoft cloud. For more information, see [View admin logs for data connectors](data-connector-admin-logs.md).

+>[!IMPORTANT]

+>Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance violations (for example SEC or FINRA), such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to ensure user-level privacy.

+There are five role groups used to configure permissions to manage communication compliance features. To make **Communication compliance** available as a menu option in Microsoft Purview compliance portal and to continue with these configuration steps, Contoso administrators are assigned the *Communication Compliance Admins* role.

+| **Communication Compliance Admins** | Use this role group to initially configure communication compliance and later to segregate communication compliance administrators into a defined group. Users assigned to this role group can create, read, update, and delete communication compliance policies, global settings, and role group assignments. Users assigned to this role group can't view message alerts. |

+| **Communication Compliance Analysts** | Use this group to assign permissions to users that will act as communication compliance analysts. Users assigned to this role group can view policies where they're assigned as Reviewers, view message metadata (not message content), escalate to additional reviewers, or send notifications to users. Analysts can't resolve pending alerts. |

+| **Communication Compliance Investigators** | Use this group to assign permissions to users that will act as communication compliance investigators. Users assigned to this role group can view message metadata and content, escalate to additional reviewers, escalate to an eDiscovery (Premium) case, send notifications to users, and resolve the alert. |

+| **Communication Compliance Viewers** | Use this group to assign permissions to users that will manage communication reports. Users assigned to this role group can access all reporting widgets on the communication compliance home page and can view all communication compliance reports. |

+>[!IMPORTANT]

+>Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance violations (for example SEC or FINRA), such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to ensure user-level privacy.

+>[!IMPORTANT]

+>Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance violations (for example SEC or FINRA), such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to ensure user-level privacy.

+- *Communication Compliance Admins* role group

+Members of the following roles have the same solution permissions included with the *Communication Compliance Admins* role group:

+> Make sure you always have at least one user in the *Communication Compliance* or *Communication Compliance Admins* role groups (depending on the option you choose) so that your communication compliance configuration doesn't get in to a 'zero administrator' scenario if specific users leave your organization.

+| **Communication Compliance Admins** | Use this role group to initially configure communication compliance and later to segregate communication compliance administrators into a defined group. Users assigned to this role group can create, read, update, and delete communication compliance policies, global settings, and role group assignments. Users assigned to this role group can't view message alerts. Users that create policies as a communication compliance administrator must have their mailbox hosted on Exchange Online.|

+| **Communication Compliance Analysts** | Use this group to assign permissions to users that will act as communication compliance analysts. Users assigned to this role group can view policies where they're assigned as Reviewers, view message metadata (not message content), escalate to additional reviewers, or send notifications to users. Analysts can't resolve pending alerts. |

+| **Communication Compliance Investigators** | Use this group to assign permissions to users that will act as communication compliance investigators. Users assigned to this role group can view message metadata and content, escalate to additional reviewers, escalate to an eDiscovery (Premium) case, send notifications to users, and resolve the alert. |

+| **Communication Compliance Viewers** | Use this group to assign permissions to users that will manage communication reports. Users assigned to this role group can access all reporting widgets on the communication compliance home page and can view all communication compliance reports. |

+>[!IMPORTANT]

+>Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance violations (for example SEC or FINRA), such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to ensure user-level privacy.

+- **Plain text**: Text view that displays a line-numbered text-only view of the message and includes keyword highlighting in messages and attachments for sensitive info type terms, terms identified by built-in classifiers assigned to a policy, or for terms included in a dedicated keyword dictionary assigned to a policy. Keyword highlighting, which is currently available for English language only, can help direct you to the area of interest in long messages and attachments. In some cases, highlighted text might be only in attachments for messages matching policy conditions. Embedded files aren't displayed and the line numbering in this view is helpful for referencing pertinent details among multiple reviewers.

+1. Sign into the [Microsoft Purview compliance portal](https://compliance.microsoft.com) using credentials for a user assigned to the *Communication Compliance Analysts* or *Communication Compliance Investigators* role groups in your Microsoft 365 organization.

+>[!IMPORTANT]

+>Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance violations (for example SEC or FINRA), such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to ensure user-level privacy.

+- *Communication Compliance Admins* role group

+Members of the following roles have the same solution permissions included with the *Communication Compliance Admins* role group:

+> Make sure you always have at least one user in the *Communication Compliance* or *Communication Compliance Admins* role groups (depending on the option you choose) so that your communication compliance configuration doesn't get in to a 'zero administrator' scenario if specific users leave your organization.

+| **Communication Compliance Admins** | Use this role group to initially configure communication compliance and later to segregate communication compliance administrators into a defined group. Users assigned to this role group can create, read, update, and delete communication compliance policies, global settings, and role group assignments. Users assigned to this role group can't view message alerts. Users that create policies as a communication compliance administrator must have their mailbox hosted on Exchange Online. |

+| **Communication Compliance Analysts** | Use this group to assign permissions to users that will act as communication compliance analysts. Users assigned to this role group can view policies where they're assigned as Reviewers, view message metadata (not message content), escalate to additional reviewers, or send notifications to users. Analysts can't resolve pending alerts. |

+| **Communication Compliance Investigators** | Use this group to assign permissions to users that will act as communication compliance investigators. Users assigned to this role group can view message metadata and content, escalate to additional reviewers, escalate to an eDiscovery (Premium) case, send notifications to users, and resolve the alert. |

+| **Communication Compliance Viewers** | Use this group to assign permissions to users that will manage communication reports. Users assigned to this role group can access all reporting widgets on the communication compliance home page and can view all communication compliance reports. |

+When you create a communication compliance policy, you must determine who reviews the messages of the supervised users. In the policy, user email addresses identify individuals or groups of people to review supervised communications. All reviewers must have mailboxes hosted on Exchange Online, must be assigned to either the *Communication Compliance Analysts* or *Communication Compliance Investigators* role groups, and must be assigned in the policy they need to investigate. When reviewers are added to a policy, they automatically receive an email message that notifies them of the assignment to the policy and provides links to information about the review process.

+- **Show anonymized versions of usernames**: User names are anonymized to prevent users in *Communication Compliance Analysts* role group from seeing who is associated with policy alerts. Users in the *Communication Compliance Investigators* role group will always see user names, not the anonymized versions. For example, a user 'Grace Taylor' would appear with a randomized pseudonym such as 'AnonIS8-988' in all areas of the communication compliance experience. Choosing this setting anonymizes all users with current and past policy matches and applies to all policies. User profile information in the communication compliance alert details won't be available when this option is chosen. However, user names are displayed when adding new users to existing policies or when assigning users to new policies. If you choose to turn off this setting, user names are displayed for all users that have current or past policy matches.

+>[!IMPORTANT]

+>Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance violations (for example SEC or FINRA), such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to ensure user-level privacy.

+You create communication compliance policies for Microsoft 365 organizations in the Microsoft Purview compliance portal. Communication compliance policies define which communications and users are subject to review in your organization, define which custom conditions the communications must meet, and specify who should do reviews. Users assigned the *Communication Compliance Admins* role can set up policies, and anyone who has this role assigned can access the **Communication compliance** page and global settings in the Microsoft Purview compliance portal. If needed, you can export the history of modifications to a policy to a .csv (comma-separated values) file that also includes the status of alerts pending review, escalated items, and resolved items. Policies can't be renamed and can be deleted when no longer needed.

+## Policy for insider risk management integration (preview)

+When users experience employment stressors, they may become disgruntled. This feeling may lead to uncharacteristic or malicious behavior by some users that could surface as potentially inappropriate behavior on your organization's messaging systems. Communication compliance can provide disgruntlement signals detected in applicable messages to [insider risk management](/microsoft-365/compliance/insider-risk-management) disgruntlement policies by using a dedicated [Detect inappropriate text](#policy-templates) policy. This policy is automatically created (if selected as an option) during configuration of a [Data leaks by disgruntled employees](/microsoft-365/compliance/insider-risk-management-policies#data-leaks-by-disgruntled-users-preview) or [Security policy violations by disgruntled employees](/microsoft-365/compliance/insider-risk-management-policies#security-policy-violations-by-disgruntled-users-preview) policy in insider risk management.

+When configured for an insider risk management disgruntlement policy, a dedicated policy named *Disgruntlement in messages - (date created)* is created in communication compliance and automatically includes all organization users in the policy. This policy starts detecting disgruntlement behavior in messages by using the built-in [Threat, Harassment, and Discrimination classifiers](#classifiers) and automatically sends these signals to insider risk management. If needed, this policy can be edited to update the scope of included users and the policy conditions and classifiers.

+Users that send 5 or more messages classified as disgruntled within 24 hours are automatically brought in-scope for insider risk management policies that include this option. Once in-scope, the insider risk management detect risky activities configured in the policy and generate alerts as applicable. It may take up to 48 hours from the time disgruntlement messages are sent until the time a user is brought in-scope in an insider risk management policy. If an alert is generated for a risky activity detected by the insider risk management policy, the triggering event for the alert is identified as being sourced from the communication compliance disgruntlement activity.

+All users assigned to the [Insider Risk Management Investigators](/microsoft-365/compliance/insider-risk-management-plan#plan-for-the-review-and-investigation-workflow) role group are automatically assigned as reviewers in the dedicated communication compliance policy. If inside risk management investigators need to review the associated disgruntlement alert directly on the communication compliance alerts page (linked from the insider risk management alert details), they must be manually added to the *Communication Compliance Investigators* role group.

+Before integrating communication compliance with insider risk management, you should also consider the following guidance when detecting messages containing potentially inappropriate text:

+- **For organizations without an existing *Detect inappropriate text* policy**. The new *Disgruntlement in messages - (date created)* policy will be automatically created by the insider risk management policy wizard. In most cases, no further actions are needed.

+- **For organizations with an existing *Detect inappropriate text* policy**. The new *Disgruntlement in messages - (date created)* policy will be automatically created by the insider risk management policy wizard. Although you'll have two communication compliance policies for potentially inappropriate text in messages, investigators will not see duplicate alerts for the same activity. Insider risk management investigators will only see alerts for the dedicated integration policy and communication compliance investigators will only see the alerts for the existing policy. If needed, you can edit the dedicated policy to change the in-scope users or individual policy conditions as applicable.

+After you've created a communication compliance policy, the policy may be temporarily paused if needed. Pausing a policy may be used for testing or troubleshooting policy matches, or for optimizing policy conditions. Instead of deleting a policy in these circumstances, pausing a policy also preserves existing policy alerts and messages for ongoing investigations and reviews. Pausing a policy prevents inspection and alert generation for all user message conditions defined in the policy for the time the policy is paused. To pause or restart a policy, users must be a member of the *Communication Compliance Admins* role group.

+To copy a policy, users must be a member of the *Communication Compliance* or *Communication Compliance Admins* role groups. After a new policy is created from an existing policy, it may take up to 24 hours to view messages that match the new policy configuration.

+Each communication compliance policy has a storage limit size of 100 GB or 1 million messages, whichever is reached first. As the policy approaches these limits, notification emails are automatically sent to users assigned to the *Communication Compliance* or *Communication Compliance Admins* role groups. Notifications messages are sent when the storage size or message count reach 80, 90, and 95 percent of the limit. When the policy limit is reached, the policy is automatically deactivated, and the policy stops processing messages for alerts.

+| **Message is received from any of these domains** <br><br> **Message is not received from any of these domains** | Apply the policy to include or exclude specific domains in received messages. Enter each domain and separate multiple domains with a comma. Each domain entered is applied separately, only one domain must apply for the policy to apply to the message. If you want to use **Message is received from any of these domains** to look for messages from specific emails address you need to combine this with another condition like **Message contains any of these words** or **Content matches any of these classifiers** or you might get unexpected results. <br><br> If you want to scan all email from a specific domain, but want to exclude messages that don't need review (newsletters, announcements, and so on), you must configure a **Message is not received from any of these domains** condition that excludes the email address (example newsletter@contoso.com). |

+>[!IMPORTANT]

+>Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance violations (for example SEC or FINRA), such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to ensure user-level privacy.

+To view communication compliance policy update activities, select the **Export policy updates** control on the main page for any policy. You must be assigned the *Global Admin* or *Communication Compliance Admins* roles to export update activities. This action generates an audit file in the .csv format that contains the following information:

+To view communication compliance review activities for a policy, select the **Export review activities** control on the **Overview** page for a specific policy. You must be assigned the *Global Admin* or *Communication Compliance Admins* roles to export review activities. This action generates an audit file in the .csv format that contains the following information:

+>[!IMPORTANT]

+>Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance violations (for example SEC or FINRA), such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to ensure user-level privacy.

+>[!IMPORTANT]

+>Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance violations (for example SEC or FINRA), such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to ensure user-level privacy.

+>[!IMPORTANT]

+>Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance violations (for example SEC or FINRA), such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to ensure user-level privacy.

+## Integration with insider risk management (preview)

+Communication compliance can provide disgruntlement signals detected in messages to insider risk management disgruntlement policies. Using a dedicated [Detect inappropriate text](/microsoft-365/compliance/communication-compliance-policies#policy-templates) policy in communication compliance, you can choose to add this policy to a [Data leaks by disgruntled employees](/microsoft-365/compliance/insider-risk-management-policies#data-leaks-by-disgruntled-users-preview) or [Security policy violations by disgruntled employees](/microsoft-365/compliance/insider-risk-management-policies#security-policy-violations-by-disgruntled-users-preview) policy in insider risk management. Disgruntlement detected in messages by the communication compliance policy act as a triggering event to bring users into scope for the insider risk management policies.

+To learn more about integration with insider risk management, see [Create and manage communication compliance policies](/microsoft-365/compliance/communication-compliance-policies#integration-with-insider-risk-management-preview).

+To learn more about insider risk management, see [Learn about insider risk management](/microsoft-365/compliance/insider-risk-management).

+- **Detect inappropriate text**: Use this template to quickly create a policy that uses built-in classifiers to automatically detect text in messages that may be considered inappropriate, abusive, or offensive.

+- **Detect inappropriate images**: Use this template to quickly create a policy that uses built-in classifiers to automatically detect content that contains adult and racy images that may be considered as inappropriate in your organization.

+- Valid file path that ends with `\*`, which means only files under subfolders. Files directly under the folder aren't excluded. <br/>For example: `C:\Temp\*`

+##### Recommended file path exclusions (preview)

+Restricted app groups are collections of apps that you create in DLP settings and then add to a rule in a policy. When you add a restricted app group to a policy, you can take the actions defined in this table.

+If Notepad.exe is added to **Restricted apps** and **File activities for all apps** is configured to **Apply restrictions to specific activity** and both are configured like this:

+If an app isn't in **File activities for apps in restricted app groups** or isn't in the **Restricted app activities** list or is in the **Restricted app activities** list with an action of `Audit only`, or 'Block with override`, any restrictions defined in the **File activities for all apps** are applied in the same rule.

+For Windows devices, you add browsers, identified by their executable names, that will be blocked from accessing files that match the conditions of an enforced a DLP policy where the upload to cloud services restriction is set to block or block override. When these browsers are blocked from accessing a file, the end users will see a toast notification asking them to open the file through Microsoft Edge.

+If the list mode is set to **Block**, then user won't be able to upload sensitive items to those domains. When an upload action is blocked because an item matches a DLP policy, DLP will either generate a warning or block the upload of the sensitive item.

+| **CONTOSO.COM** |**Matches the specified domain name, and any subsite**: <p>*://contoso.com<p>*://contoso.com/ <p>*://contoso.com/anysubsite1 <p>*://contoso.com/anysubsite1/anysubsite2 (etc.) <p>**Does not match sub-domains or unspecified domains**: <p>*://anysubdomain.contoso.com <p>*://anysubdomain.contoso.com.AU |

+| ***.CONTOSO.COM** |**Matches the specified domain name, any subdomain, and any site**: <p>*://contoso.com <p>*://contoso.com/anysubsite <p>*://contoso.com/anysubsite1/anysubsite2 <p>*://anysubdomain.contoso.com/ <p>*://anysubdomain.contoso.com/anysubsite/ <p>*://anysubdomain1.anysubdomain2.contoso.com/anysubsite/ <p>*://anysubdomain1.anysubdomain2.contoso.com/anysubsite1/anysubsite2 (etc.) <p>**Does not match unspecified domains** <p>*://anysubdomain.contoso.com.AU/ |

+- upload a sensitive file to an excluded website (this is configured in the policy)

+For the print, copy data and save actions, each website must be listed in a website group and the user must be accessing the website through Microsoft Edge. For the upload action, the user can be using Microsoft Edge or Google Chrome with the Purview extension. Sensitive service domains is used in conjunction with a DLP policy for Devices. You can also define website groups that you want to assign policy actions to that are different from the global website group actions. See, [Scenario 6 Monitor or restrict user activities on sensitive service domains](endpoint-dlp-using.md#scenario-6-monitor-or-restrict-user-activities-on-sensitive-service-domains) for more information.

+> [!IMPORTANT]

+> Before you can use [Printer groups (preview)](#printer-groups-preview), [Removable storage device groups](#removable-storage-device-groups-preview), [Network share groups](#network-share-groups-preview), and [VPN settings](#vpn-settings-preview) you must register [here](https://forms.office.com/r/GNVTFvxuZv).

+### Printer groups (preview)

+Use this setting to define groups of printers that you want to assign policy actions to that are different from the global printing actions. For example, say you want your DLP policy to block printing of contracts to all printers, except for printers that are in the legal department.

+This feature is available for devices running any of the following Windows versions :

+- Windows 10 and later (20H2, 21H1, 21H2)

+- Win 11 21H2, 22H2

+- Windows Server 2022

+You define a printer by these parameters:

+- Friendly printer name - Get the Friendly printer name value from the printer device property details in device manager.

+- USB product ID - Get the Device Instance path value from the printer device property details in device manager. Convert it to Product ID and Vendor ID format, see [Standard USB identifiers](/windows-hardware/drivers/install/standard-usb-identifiers).

+- USB vendor ID - Get the Device Instance path value from the printer device property details in device manager. Convert it to Product ID and Vendor ID format, see [Standard USB identifiers](/windows-hardware/drivers/install/standard-usb-identifiers).

+- IP range

+- Print to file - For example Microsoft Print to PDF or Microsoft XPS Document Writer.

+- Universal print deployed on a printer - See, [Set up Universal Print](/universal-print/fundamentals/universal-print-getting-started.md) for more information on universal printers

+- Corporate printer - is a print queue shared through on-premises Windows print server in your domain. Its path might look like \\print-server\contoso.com\legal_printer_001

+- Print to local

+You assign each printer in the group a **Display name**. The name only appears in the Purview console. So, continuing with the example, you would create a printer group named **Legal printers** and add individual printers (with an alias) by their friendly name, like `legal_printer_001`, `legal_printer_002` and `legal_color_printer`.

+You can multi-select the parameters to help you unambiguously identify a specific printer.

+You can assign these policy actions to the group in a DLP policy:

+- Allow (audit with no user notifications or alerts)

+- Audit only (you can add notifications and alerts)

+- Block with override (blocks the action, but the user can override)

+- Block (blocks no matter what)

+#### Create a Printer group

+1. Open [Microsoft Purview compliance portal](https://compliance.microsoft.com) > **Data loss prevention** > **Endpoint DLP settings** > **Printer groups**.

+1. Select **Create printer group**.

+1. Give the group a name.

+1. Select **Add printer**.

+1. Give the printer an **Alias that will only appear here.

+1. Select the parameters and provide the values to unambiguously identify the specific printer.

+1. Select **Add**.

+1. Add other printers as needed.

+1. Select **Close**.

+The most common use case is to use printers groups as an allowlist as in the above example for allowing the printing of contracts only to printers that are in the legal department. After you define a printer group here, it's available to be used in your policies that are scoped to **Devices**. See, [Scenario 7 Authorization groups](endpoint-dlp-using.md#scenario-7-authorization-groups-preview) for more information on configuring policy actions to use authorization groups.

+### Removable storage device groups (preview)

+Use this setting to define groups of removable storage devices, like USB thumb drives, that you want to assign policy actions to that are different from the global printing actions. For example, say you want your DLP policy to block copying of items with engineering specifications to all removeable storage devices, except for USB connected hard drives that are used to back up data and are then sent offsite.

+This feature is available for devices running any of the following Windows versions :

+- Windows 10 and later (20H2, 21H1, 21H2)

+- Win 11 21H2, 22H2

+- Windows 10 RS5 (KB 5006744) and Windows Server 2022

+You can define removeable storage devices by these parameters:

+- Storage device friendly name - Get the Friendly name value from the storage device property details in device manager.

+- USB product ID - Get the Device Instance path value from the printer device property details in device manager. Convert it to Product ID and Vendor ID format, see [Standard USB identifiers](/windows-hardware/drivers/install/standard-usb-identifiers).

+- USB vendor ID - Get the Device Instance path value from the printer device property details in device manager. Convert it to Product ID and Vendor ID format, see [Standard USB identifiers](/windows-hardware/drivers/install/standard-usb-identifiers).

+- Serial number ID - Get the serial number ID value from the storage device property details in device manager.

+- Device ID - Get the device ID value from the storage device property details in device manager.

+- Instance path ID - Get the device ID value from the storage device property details in device manager.

+- Hardware ID - Get the hardware ID value from the storage device property details in device manager.

+You assign each removable storage device in the group an **Alias**. The alias is a name that only appears in the Purview console. So, continuing with the example, you would create a removable storage device group named **Backup** and add individual devices (with an alias) by their friendly name, like `backup_drive_001`, and `backup_drive_002`.

+You can multi-select the parameters and the printer group will include all devices that satisfy those parameters.

+You can assign these policy actions to the group in a DLP policy:

+- Allow (audit with no user notifications or alerts)

+- Audit only (you can add notifications and alerts)

+- Block with override (blocks the action, but the user can override)

+- Block (blocks no matter what)

+#### Create a Removable storage device group

+1. Open [Microsoft Purview compliance portal](https://compliance.microsoft.com) > **Data loss prevention** > **Endpoint DLP settings** > **Removable storage device groups**.

+1. Select **Create removable storage device group**.

+1. Provide a **Group name**.

+1. Select **Add removable storage device**.

+1. Provide an **Alias**.

+1. Select the parameters and provide the values to unambiguously identify the specific device.

+1. Select **Add**.

+1. Add other devices to the group as needed.

+1. Select **Close**.

+The most common use case is to use removable storage devices groups as an allowlist as in the above example for allowing the copying of files only to devices that are in the **Backup** group. After you define a removable storage device group here, it's available to be used in your policies that are scoped to **Devices**. See, [Scenario 7 Authorization groups](endpoint-dlp-using.md#scenario-7-authorization-groups-preview) for more information on configuring policy actions to use authorization groups. While scenario 7 uses printer authorization groups as an example, the principles are identical. The only thing that changes are the names of the groups and the actions you select.

+### Network share groups (preview)

+Use this setting to define groups of network share paths that you want to assign policy actions to that are different from the global network share path actions. For example, say you want your DLP policy to block when users attempt to save or copy protected files to network shares except the network shares in this group.

+This feature is available for devices running any of the following Windows versions:

+- Windows 10 and later (20H2, 21H1, 21H2)

+- Win 11 21H2, 22H2

+- Windows 10 RS5 (KB 5006744) and Windows Server 2022

+You include network share paths by defining the prefix that they all start with. For example:

+- '\\Library' will match:

+ - \Library folder and all its subfolders.

+- You can use Wildcards, for example '\\Users\*\Desktop' will match:

+ - '\\USers\user1\Desktop'

+ - '\\USers\user1\user2\Desktop'

+ - '\\Users\*\Desktop'

+- You can use Environmental variables, for example:

+ - %AppData%\app123

+You can assign these policy actions to the group in a DLP policy:

+- Allow (audit with no user notifications or alerts)

+- Audit only (you can add notifications and alerts)

+- Block with override (blocks the action, but the user can override)

+- Block (blocks no matter what)

+#### Create a Network Share group

+1. Open [Microsoft Purview compliance portal](https://compliance.microsoft.com) > **Data loss prevention** > **Endpoint DLP settings** > **Network share groups**.

+1.Select **Create network share group**.

+1. Provide a **Group name**.

+1. Add the file path to the share.

+1. Select **Add**.

+1. Add other share paths to the group as needed.

+1. Select **Close**.

+The most common use case is to use network share group as an allowlist as in the above example for allowing users to save or copy protected files only to the network shares that are defined in the group. After you define a networks share group here, it's available to be used in your policies that are scoped to **Devices**. See, [Scenario 7 Authorization groups](endpoint-dlp-using.md#scenario-7-authorization-groups-preview) for more information on configuring policy actions to use authorization groups.

+### VPN settings (preview)

+Use the VPN list to control only those actions that are being carried out over that VPN.

+This feature is available for devices running any of these versions of Windows:

+

+- Windows 10 and later (20H2, 21H1, 21H2)

+- Windows 11 21H2, 22H2

+- Windows 10 RS5 (KB 5006744)

+When you list a VPN in **VPN Settings** you can assign these policy actions to them:

+- Allow (audit with no user notifications or alerts)

+- Audit only (you can add notifications and alerts)

+- Block with override (blocks the action, but the user can override)

+- Block (blocks no matter what)

+These actions can be applied individually or collectively to these user activities:

+- Copy to clipboard

+- Copy to a USB removable device

+- Copy to a network share

+- Print

+- Copy or move using unallowed Bluetooth app

+- Copy or move using RDP

+When configuring a DLP policy to restrict activity on devices, you can control what happens to each activity performed when users are connected to your organization within any of the VPNs listed.

+You define VPN by these parameters **Server address** or **Network address**.

+#### Get the Server address or Network address

+1. On a DLP monitored Windows device, open a **Windows PowerShell** window as an administrator.

+1. Run this cmdlet

+```powershell-interactive

+Get-VpnConnection

+```

+3. Running this cmdlet returns multiple fields and values.

+1. Find the **ServerAddress** field and record that value. You'll use this when you create a VPN entry in the VPN list.

+1. Find the **Name** field and record that value. The **Name** field maps to the **Network address** field when you create a VPN entry in the VPN list.

+#### Add a VPN

+1. Open [Microsoft Purview compliance portal](https://compliance.microsoft.com) > **Data loss prevention** > **Endpoint DLP settings** > **VPN settings**.

+1. Select **Add or edit VPN addresses**.

+1. Provide either the **Server address** or **Network address** from running Get-VpnConnection.

+1. Select **Save**.

+1. Close the item.

+> [!IMPORTANT]

+> When you use the VPN list in defining the actions of a policy, you will also see **Corporate network** as an option. **Corporate network** connections are are all connections to your organizations resources.These connections can include VPNs.

+See, [Scenario 8 Network exceptions](endpoint-dlp-using.md#scenario-8-network-exceptions-preview)for more information on configuring policy actions to use network exceptions.

+## Before you begin scenario 4

+With Endpoint DLP and Microsoft Edge Web browser, you can restrict unintentional sharing of sensitive items to unallowed cloud apps and services. Edge understands when an item is restricted by an Endpoint DLP policy and enforces access restrictions.

+1. Create a rule that uses the **The user accessed a sensitive site from Edge**, and the action **Audit or restrict activities on devices**.

+1. In **Service domain and browser activities** select **Upload to a restricted cloud service domain or access from an unallowed browser** and set the action to **Audit only**. This sets the overall action for all the site groups.

+1. OPTIONAL: If you want to create an exception (usually an allowlist) to the overall action for one or more site groups, select **Configure sensitive service domain exceptions**, add the site group you want the exception for, configure the desired action and **Save** the configuration.

+## Scenario 7 Authorization groups (preview)

+> [!IMPORTANT]

+> Before you can use **Printer groups**, **Removable storage device groups**, **Network share groups**, and **Network exceptions/VPN** you must register [here](https://forms.office.com/r/GNVTFvxuZv).

+These scenarios require that you already have devices onboarded and reporting into Activity explorer. If you haven't onboarded devices yet, see [Get started with Endpoint data loss prevention](endpoint-dlp-getting-started.md).

+Authorization groups are mostly used as allow lists. You assigned policy actions to the group that are different than the global policy actions. In this scenario, we'll go through defining a printer group and then configuring a policy with block actions for all print activities except for the printers in the group. These procedures are essentially the same for **Removeable storage device groups**, and **Network share groups**.

+In this scenario, we'll define a group of printers that the legal department uses for printing contracts. Printing contracts to any other printers is blocked.

+### Create and use printer groups

+1. In the Microsoft Purview compliance portal open **Data loss prevention** > **Endpoint DLP settings** > **Printer groups**.

+1. Select **Create printer group** and give the group a name. In this scenarion, we'll use `Legal printers`.

+1. Select **Add printer** and provide a name. You can define printers by:

+ 1. Friendly printer name

+ 1. USB product ID

+ 1. USB vendor ID

+ 1. IP range

+ 1. Print to file

+ 1. Universal print deployed on a printer

+ 1. Corporate printer

+ 1. Print to local

+1. Select **Close**.

+### Configure policy printing actions

+1. Open the **Policies** tab.

+1. Select **Create policy** and select the custom policy template.

+1. Scope the location to only **Devices**.

+1. Create a rule where:

+ 1. **Content contains** = **Trainable classifiers**, **Legal Affairs**

+ 1. **Actions** = **Audit or restrict activities on devices**

+ 1. Then pick **File activities on all apps**

+ 1. The select **Apply restrictions to specific activity**

+ 1. Select **Print** = **Block**

+1. Select **Choose different print restrictions**

+1. Under **Printer group restrictions**, select **Add group** and select **Legal printers**.

+1. Set **Action** = **Allow**.

+ > [!TIP]

+ > The **Allow** action wil record and audit event to the audit log, but not generate an alert or notification.

+10. Save.

+11. Accept the default **I'd like to test it out first** value and choose **Show policy tips while in test mode**. Choose **Next**.

+12. Review your settings and choose **Submit**.

+13. The new DLP policy will appear in the policy list.

+## Scenario 8 Network exceptions (preview)

+> [!IMPORTANT]

+> Before you can use **Printer groups**, **Removable storage device groups**, **Network share groups**, and **Network exceptions/VPN** you must register [here](https://forms.office.com/r/GNVTFvxuZv).

+These scenarios require that you already have devices onboarded and reporting into Activity explorer. If you haven't onboarded devices yet, see [Get started with Endpoint data loss prevention](endpoint-dlp-getting-started.md).

+In this scenario, we'll define a list of VPNs that hybrid workers use for accessing organization resources.

+### Create and use a Network exception

+Network exceptions enables you to configure Allow, Audit only, Block with override, and Block actions to the file activities based on the network that users are accessing the file from. You can select from the [VPN settings](dlp-configure-endpoint-settings.md#vpn-settings-preview) list you defined and **Corporate network** option. The actions can be applied individually or collectively to these user activities:

+- Copy to clipboard

+- Copy to a USB removable device

+- Copy to a network share

+- Print

+- Copy or move using unallowed Bluetooth app

+- Copy or move using RDP

+#### Get the Server address or Network address

+1. On a DLP monitored Windows device, open a **Windows PowerShell** window as an administrator.

+1. Run this cmdlet

+```powershell-interactive

+Get-VpnConnection

+```

+3. Running this cmdlet returns multiple fields and values.

+1. Find the **ServerAddress** field and record that value. You'll use this when you create a VPN entry in the VPN list.

+1. Find the **Name** field and record that value. The **Name** field maps to the **Network address** field when you create a VPN entry in the VPN list.

+#### Add a VPN

+1. Open [Microsoft Purview compliance portal](https://compliance.microsoft.com) > **Data loss prevention** > **Endpoint DLP settings** > **VPN settings**.

+1. Select **Add or edit VPN addresses**.

+1. Provide either the **Server address** or **Network address** from running Get-VpnConnection.

+1. Select **Save**.

+1. Close the item.

+#### Configure policy actions

+1. Open the **Policies** tab.

+1. Select **Create policy** and select the custom policy template.

+1. Scope the location to only **Devices**.

+1. Create a rule where:

+ 1. **Content contains** = **Trainable classifiers**, **Legal Affairs**

+ 1. **Actions** = **Audit or restrict activities on devices**

+ 1. Then pick **File activities on all apps**

+ 1. The select **Apply restrictions to specific activity**

+ 1. Select the actions that you want to configure **Network exceptions** for.

+1. Select **Copy to clipboard** and the **Audit only** action

+1. Select **Choose different copy to clipboard restrictions**.

+1. Select **VPN** and set the action to **Block with override**.

+> [!IMPORTANT]

+> When you want to control the activities of a user when they're connected through a VPN *you must* select the VPN and make the VPN the top priority in the **Network exceptions** configuration. Otherwise, if the **Corporate network** option is selected, then that action defined for the **Corporate network** entry will be enforced.

+> [!CAUTION]

+> The **Apply to all activities** option will copy the network exceptions that are defined here and apply them to all the other configured specific activities, like **Print**, and **Copy to a network share**. ***This will overwrite the network exceptions on the other activities The last saved configuration wins.***

+8. Save.

+1. Accept the default **I'd like to test it out first** value and choose **Show policy tips while in test mode**. Choose **Next**.

+1. Review your settings and choose **Submit**.

+1. The new DLP policy will appear in the policy list.

+

+

+- **Is unlocked by default** identifies if the item marked as a record is unlocked when the label is applied. Valid values:

+- **Relabel to** identifies if the label is configured to apply another label at the end of the retention period. Valid values:

+If you have [Azure Information Protection](/azure/information-protection/what-is-information-protection) and are still using Azure Information Protection labels that were managed from the Azure portal, you must migrate these labels to the [unified labeling platform](/azure/information-protection/faqs#how-can-i-determine-if-my-tenant-is-on-the-unified-labeling-platform). We then recommend you disable the AIP add-in for Office apps, to benefit from the newer, built-in labeling experience. For more information, see [Migrate the Azure Information Protection (AIP) add-in to built-in labeling for Office apps](sensitivity-labels-aip.md).

+1. Go to <https://compliance.microsoft.com> and then select **Data connectors** in the left nav.

+2. On the **Data connectors** page under **Epic connector**, select **View**.

+3. On the **Epic connector** page, select **Add connector**.

+4. On the **Setup the connection** page, do the following and then select **Next**:

+5. On the **Review** page, review your settings and then select **Finish** to create the connector.

+ 3. **Link to sample script.** Select the **here** link to go to the GitHub site to access the sample script (the link opens a new window). Keep this window open so that you can copy the script in Step 4. Alternatively, you can bookmark the destination or copy the URL so you can access it again when you run the script. This link is also available on the connector flyout page.

+6. Select **Done**.

+7. Select the Epic connector that you just created to display the flyout page, which contains properties and other information about the connector.

+You can also select **Edit** to change the Azure App ID or the column header names that you defined on the **File mapping** page.

+2. Select the **Raw** button to display the script in text view.

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the Epic connector to display the flyout page. This page contains the properties and information about the connector.

+3. Under **Last import**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about each time the script runs and uploads the data from the text file to the Microsoft cloud.

+1. On your local computer, select the Windows **Start** button and then type **Task Scheduler**.

+2. Select the **Task Scheduler** app to open it.

+3. In the **Actions** section, select **Create Task**.

+6. Select the **Triggers** tab, select **New**, and then do the following things:

+ 3. Select **Ok**.

+7. Select the **Actions** tab, select **New**, and then do the following things:

+ 2. In the **Program/script** box, select **Browse**, and go to the following location and select it so the path is displayed in the box: C:.0.exe.

+ 5. Select **Ok** to save the settings for the new action.

+8. In the **Create Task** window, select **Ok** to save the scheduled task. You might be prompted to enter your user account credentials.

+ The last time the script ran and the next time it's scheduled to run is displayed. You can double-select the task to edit it.

+1. Go to <https://compliance.microsoft.com> and then select **Data connectors** in the left nav.

+2. On the **Overview** tab, select **Healthcare (preview)**.

+3. On the **Healthcare (preview)** page, select **Add connector**.

+5. On the **Authentication credentials** page, do the following and then select **Next**:

+6. On the **File mapping method** page, select one of the following options and then select **Next**.

+ - **Upload a sample file**. If you select this option, select **Upload sample file** to upload the file that you prepared in Step 2. This option allows you to quickly select column names in your text file from a drop-down list to map the columns to the required schema for the healthcare connector.

+8. On the **Review** page, review your settings and then select **Finish** to create the connector.

+ - **Link to sample script.** Select the **here** link to go to the GitHub site to access the sample script (the link opens a new window). Keep this window open so that you can copy the script in Step 4. Alternatively, you can bookmark the destination or copy the URL so you can access it again when you run the script. This link is also available on the connector flyout page.

+9. Select **Done**.

+10. Select the Healthcare connector that you just created to display the flyout page, which contains properties and other information about the connector.

+You can also select **Edit** to change the Azure App ID or the column header names that you defined on the **File mapping** page.

+2. Select the **Raw** button to display the script in text view.

+1. Go to <https://compliance.microsoft.com> and select **Data connectors** in the left nav.

+2. Select the **Connectors** tab and then select the Healthcare connector to display the flyout page. This page contains the properties and information about the connector.

+3. Under **Last import**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about each time the script runs and uploads the data from the text file to the Microsoft cloud.

+1. On your local computer, select the Windows **Start** button and then type **Task Scheduler**.

+2. Select the **Task Scheduler** app to open it.

+3. In the **Actions** section, select **Create Task**.

+6. Select the **Triggers** tab, select **New**, and then do the following things:

+ 3. Select **Ok**.

+7. Select the **Actions** tab, select **New**, and then do the following things:

+ 2. In the **Program/script** box, select **Browse**, and go to the following location and select it so the path is displayed in the box: C:.0.exe.

+ 5. Select **Ok** to save the settings for the new action.

+8. In the **Create Task** window, select **Ok** to save the scheduled task. You might be prompted to enter your user account credentials.

+ The last time the script ran and the next time it's scheduled to run is displayed. You can double-select the task to edit it.

+2. On the **Data connectors** page under **HR**, select **View**.

+3. On the **HR** page, select **Add connector**.

+4. On the **Authentication credentials** page, do the following and then select **Next**:

+6. On the **Review** page, review your settings and then select **Finish** to create the connector.

+ 1. **Link to sample script.** Select the **here** link to go to the GitHub site to access the sample script (the link opens a new window). Keep this window open so that you can copy the script in Step 4. Alternatively, you can bookmark the destination or copy the URL so you can access it again in Step 4. This link is also available on the connector flyout page.

+7. Select **Done**.

+8. Select the HR connector that you just created to display the flyout page, which contains properties and other information about the connector.

+ You can also select **Edit** to change the Azure App ID or the column header names that you defined on the **File mapping** page.

+2. Select the **Raw** button to display the script in text view.

+2. Select the **Connectors** tab and then select the HR connector to display the flyout page. This page contains the properties and information about the connector.

+3. Under **Progress**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about each time the script runs and uploads the data from the CSV file to the Microsoft cloud.

+1. On your local computer, select the Windows **Start** button and then type **Task Scheduler**.

+2. Select the **Task Scheduler** app to open it.

+3. In the **Actions** section, select **Create Task**.

+6. Select the **Triggers** tab, select **New**, and then do the following things:

+ 1. Select **Ok**.

+7. Select the **Actions** tab, select **New**, and then do the following things:

+ 1. In the **Program/script** box, select **Browse**, and go to the following location and select it so the path is displayed in the box: `C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe`.

+ 1. Select **Ok** to save the settings for the new action.

+8. In the **Create Task** window, select **Ok** to save the scheduled task. You might be prompted to enter your user account credentials.

+ The last time the script ran and the next time it's scheduled to run is displayed. You can double-select the task to edit it.

+> A new version of the HR connector is now available for public preview. To create a new HR connector or to import data for the [new employee profile scenario](#csv-file-for-employee-profile-data-preview) for the healthcare policy scenario for insider risk management, go to the **Data connectors** page in the compliance portal, select the **Connectors** tab, and then select **Add a connector > HR (preview)** to start the set up. Existing HR connectors will continue to work without any disruption.

+- Determine how to retrieve or export the data from your organization's HR system (and regularly) and add it to the CSV files that you create in Step 1. The script that you run in Step 4 will upload the HR data in the CSV files to the Microsoft cloud.

+- This connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore aren't covered by the Microsoft Purview and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant. For step-by-step instructions for setting up an HR connector in a GCC environment, see [Set up a connector to import HR data in US Government](import-hr-data-US-government.md).

+> The capability to create an HR connector for employee profile data is in public preview. To create an HR connector that supports employee profile data, go to the **Data connectors** page in the compliance portal, select the **Connectors** tab, and then select **Add a connector** > **HR (preview)**. Follow the steps to create a connector in [Step 3: Create the HR connector](#step-3-create-the-hr-connector).

+Based on your organization's HR systems and how you'll export HR data to CSV file, you might have to create multiple CSV files that contain a single HR data type. In this case, you can still create a single HR connector to import data from different CSV files. To do this, you'll just have to add an HRScenario column to the CSV file and specify the HR data type. Then you can run the script for each CSV file, but use the same job ID for the connector. See [Step 4](#step-4-run-the-sample-script-to-upload-your-hr-data).

+- Azure AD application ID (also called the *app ID* or *client ID*)

+- Tenant ID (also called the *directory Id*)

+2. On the **Data connectors** page, select **HR (preview)**.

+3. On the **HR (preview)** page, select **Add connector**.

+4. On the **Setup the connection** page, do the following and then select **Next**:

+5. On the HR scenarios page, select one or more HR scenarios that you want to import data for and then select **Next**.

+6. On the file mapping method page, select a file type if necessary, and then select one of the following options and then select **Next**.

+ - **Upload a sample file**. If you select this option, select **Upload sample file** to upload the CSV file that you prepared in Step 1. This option allows you to quickly select column names in your CSV file from a drop-down list to map them to the data types for the HR scenarios that you previously selected.

+ - If you selected a single HR scenario in the previous step, then type the column header names (also called *parameters*) from the CSV file that you created in Step 1 in each of the appropriate boxes. The column names that you type aren't case-sensitive, but be sure to include spaces if the column names in your CSV file include spaces. As previously explained, the names you type in these boxes must match the parameter names in your CSV file. For example, the following screenshot shows the parameter names from the sample CSV file for the employee resignation HR scenario shown in Step 1.

+8. On the **Review** page, review your settings and then select **Finish** to create the connector.

+ 2. **Link to sample script.** Select the **here** link to go to the GitHub site to access the sample script (the link opens a new window). Keep this window open so that you can copy the script in Step 4. Alternatively, you can bookmark the destination or copy the URL so you can access it again when you run the script. This link is also available on the connector flyout page.

+9. Select **Done**.

+10. Select the HR connector that you just created to display the flyout page, which contains properties and other information about the connector.

+You can also select **Edit** to change the Azure App ID or the column header names that you defined on the **File mapping** page.

+2. Select the **Raw** button to display the script in text view.

+ |`tenantId`|This is the ID for your Microsoft 365 organization that you obtained in Step 2. You can also obtain the tenant ID for your organization on the **Overview** blade in the Azure AD admin center. This is used to identify your organization.|

+ |`appId` |This is the Azure AD application ID for the app that you created in Azure AD in Step 2. This is used by Azure AD for authentication when the script attempts to access your Microsoft 365 organization. |

+After you create the HR connector and run the script to upload your HR data, you can view the connector and upload status in the compliance portal. If you schedule the script to run automatically regularly, you can also view the current status after the last time the script ran.

+2. Select the **Connectors** tab and then select the HR connector to display the flyout page. This page contains the properties and information about the connector.

+3. Under **Progress**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about each time the script runs and uploads the data from the CSV file to the Microsoft cloud.

+1. On your local computer, select the Windows **Start** button and then type **Task Scheduler**.

+2. Select the **Task Scheduler** app to open it.

+3. In the **Actions** section, select **Create Task**.

+6. Select the **Triggers** tab, select **New**, and then do the following things:

+ 1. Select **Ok**.

+7. Select the **Actions** tab, select **New**, and then do the following things:

+ 1. In the **Program/script** box, select **Browse**, and go to the following location and select it so the path is displayed in the box: `C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe`.

+ 1. Select **Ok** to save the settings for the new action.

+8. In the **Create Task** window, select **Ok** to save the scheduled task. You might be prompted to enter your user account credentials.

+ The last time the script ran and the next time it's scheduled to run is displayed. You can double-select the task to edit it.

+## (Optional) Step 7: Upload data using Power Automate templates

+You can upload HR data using Power Automate templates and define triggers. For example, you can configure a Power Automate template to trigger when new HR connector files are available in SharePoint or OneDrive locations. You can also streamline this process by storing confidential information like Azure AD application secret (created in **Step 2**) in Azure Key Vault and using it with Power Automate for authentication.

+Complete the following steps to automatically upload HR data when new files become available on OneDrive for Business:

+1. Download the *ImportHRDataforIRM.zip* package from the [GitHub site](https://github.com/microsoft/m365-compliance-connector-sample-scripts/blob/main/ImportHRDataforIRM.zip).

+2. In [Power Automate](https://make.preview.powerautomate.com), navigate to **My flows**.

+3. Select **Import** and upload the *ImportHRDataforIRM.zip* package.

+4. After the package gets uploaded, update the content (name & OneDrive for Business connection), and select **Import**.

+ 

+5. Select **Open flow** and update the parameters. The following table describes the parameters to use in this Power Automate Flow and their required values. The information you obtained in the previous steps is used in the values for these parameters.

+ |**Parameter**|**Description**|

+ |:|:--|

+ | App ID | This is the Azure AD application ID for the app that you created in Azure AD in **Step 2**. This is used by Azure AD for authentication when the script attempts to access your Microsoft 365 organization. |

+ | App Secret | This is the Azure AD application secret for the app that you created in Azure AD in **Step 2**. This used for authentication. |

+ | File location | This is the OneDrive for Business location where Power Automate monitors for 'new file created' activities to trigger this flow.|

+ | Job ID | Identifier for the HR connector created in **Step 3**. This is used to associate the HR data uploaded to the Microsoft cloud with the HR connector. |

+ | Tenant ID | Identifier for your Microsoft 365 organization obtained in **Step 2**. You can also obtain the tenant ID for your organization on the **Overview** blade in the Azure AD admin center. This is used to identify your organization. |

+ | URI | Verify that the value for this parameter is *https://webhook.ingestion.office.com/api/signals* |

+ 

+6. Select **Save**.

+7. Navigate to **Flow overview** and select **Turn on**.

+ 

+8. Test the flow manually by uploading a new file to your OneDrive for Business folder and verify that it ran successfully. This may take a few minutes after the upload before the flow is triggered.

+ 

+9. You can now monitor the HR connector as described in **Step 5**.

+If needed, you can update the flow to create triggers based on file availability and modification events on SharePoint and other data sources supported by Power Automate Flows.

+On December 13, 2021, we released the employee profile data scenario for HR connectors. If you created an HR connector before this date, we'll migrate the existing instances or your organization's HR connectors so your HR data continues to be imported to the Microsoft cloud. You don't have to do anything to maintain this functionality. You can keep using these connectors without disruption.

+2. On the **Data connectors** page under **Physical badging**, select **View**.

+3. On the **Physical badging** page, select **Add connector**.

+4. On the **Authentication credentials** page, do the following and then select **Next**:

+5. On the **Review** page, review your settings and then select **Finish** to create the connector.

+7. Select **Done**.

+8. Select the physical badging connector that you just created to display the flyout page, which contains properties and other information about the connector.

+2. Select the **Raw** button to display the script in text view

+2. Select the **Connectors** tab and then select the physical badging connector to display the flyout page. This page contains the properties and information about the connector.

+3. Under **Last import**, select the **Download log** link to open (or save) the status log for the connector. This log contains information about each time the script runs and uploads the data from the JSON file to the Microsoft cloud.

+1. On your local computer, select the Windows **Start** button and then type **Task Scheduler**.

+2. Select the **Task Scheduler** app to open it.

+3. In the **Actions** section, select **Create Task**.

+6. Select the **Triggers** tab, select **New**, and then do the following things:

+ 3. Select **Ok**.

+7. Select the **Actions** tab, select **New**, and then do the following things:

+ 2. In the **Program/script** box, select **Browse**, and go to the following location and select it so the path is displayed in the box: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe.

+ 5. Select **Ok** to save the settings for the new action.

+8. In the **Create Task** window, select **Ok** to save the scheduled task. You might be prompted to enter your user account credentials.

+The last time the script ran and the next time it's scheduled to run is displayed. You can double-select the task to edit it.

+>[!IMPORTANT]

+>Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage and security violations. Insider risk management enables customers to create policies to manage security and compliance. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

+- **Triggering event**: Displays the most recent triggering event that prompted the policy to start assigning risk scores to the user's activity. If you've configured [integration with communication compliance](/microsoft-365/compliance/communication-compliance-policies#integration-with-insider-risk-management-preview) for *Data leaks by disgruntled users* or *Security policy violations by disgruntled users* policies, the triggering event for these alerts will be scoped to communication compliance activity.

+Alerts generated from policies scoped to only activities that include [priority content](/microsoft-365/compliance/insider-risk-management-policies#prioritize-content-in-policies) include the *Only activity with priority content was scored for this alert* notification in this section.

+4. **Risk sequence**: The chronological order of risky activities is an important aspect of risk investigation and identifying these related activities is an important part of evaluating overall risk for your organization. Alert activities that are related are displayed with connecting lines to highlight that these activities are associated with a larger risk area. Sequences are also identified in this view by an icon positioned above the sequence activities relative to the risk score for the sequence. Hover over the icon to see the date and time of the risky activity associated with this sequence. This view of activities can help investigators literally 'connect the dots' for risk activities that could have been viewed as isolated or one-off events. Select the icon or any bubble in the sequence to display details for all the associated risk activities. Details include:

+- **Enable inline alert customization (preview)**: Enabling [inline alert customization](/microsoft-365/compliance/insider-risk-management-settings#inline-alert-customization-preview) allows analysts and investigators to quickly edit policies when reviewing alerts. They can update thresholds for activity detection with Microsoft recommendations, configure custom thresholds, or choose to ignore the type of activity that created the alert. If this is not enabled, then only users assigned to the *Insider Risk Management* role group can use inline alert customization.

+>[!IMPORTANT]

+>Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage and security violations. Insider risk management enables customers to create policies to manage security and compliance. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

+>[!IMPORTANT]

+>Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage and security violations. Insider risk management enables customers to create policies to manage security and compliance. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

+>[!IMPORTANT]

+>Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage and security violations. Insider risk management enables customers to create policies to manage security and compliance. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

+>[!IMPORTANT]

+>Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage and security violations. Insider risk management enables customers to create policies to manage security and compliance. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

+ - **Name (required)**: Enter a friendly name for the policy. This name can't be changed after the policy is created.

+ - **I want to prioritize content**. Selecting this option will enable you to prioritize *SharePoint sites*, *Sensitivity labels*, *Sensitive info types*, and *File extensions* content types. If you choose this option, you must select at least one priority content type.

+ - **I don't want to specify priority content right now**. Selecting this option will skip the priority content detail pages in the wizard.

+11. If you've selected **I want to prioritize content** in the previous step, you'll see the detail pages for *SharePoint sites*, *sensitive info types*, *sensitivity labels*, *file extensions*, and *Scoring*. Use these detail pages to define the SharePoint, sensitive info types, sensitivity labels, and file extensions to prioritize in the policy. The *Scoring* detail page allows you to scope the policy to only assign risk scores and generate alerts for specified activities that include priority content.

+ - **File extensions**: Add up to 50 file extensions. You can include or omit the '.' with the file extension. For example, *.py* or *py* would prioritize Python files.

+ - **Scoring**: Decide whether to assign risk scores to all activities detected by this policy or only for activities that include priority content. Choose **Get alerts for all activity** or **Get alerts only for activity that includes priority content**.

+13. If you've selected the *General data leaks* or *Data leaks by priority users* templates, you'll see options on the **Triggers for this policy** page for custom-triggering events and policy indicators. You have the choice to select a DLP policy or indicators for triggering events that bring users assigned to the policy in-scope for activity scoring. If you select the **User matches a data loss prevention (DLP) policy triggering event** option, you must select a DLP policy from the DLP policy dropdown list to enable triggering indicators for the DLP Policy for this insider risk management policy. If you select the **User performs an exfiltration activity triggering event** option, you must select one or more of the listed indicators for the policy triggering event.

+ > If you're unable to select a listed indicator or sequence, it's because they aren't currently enabled for your organization. To make them available to select and assign to the policy, select the **Turn on indicators** prompt.

+14. If you've selected the *Data leaks by disgruntled users* or *Security policy violations by disgruntled users* templates, you'll see options on the **Triggers for this policy** page for integration with communication compliance and HR data connector events. You have the choice to assign risk scores when users send messages that contain potentially threatening, harassing, or discriminatory language or to bring users into the the policy scope after disgruntlement events are reported in your HR system. If you select the **Disgruntlement triggers from communication compliance (preview)** option, you can accept the default communication compliance policy (automatically created), choose a previously created policy scope for this trigger, or create another scoped policy. If you select **HR data connector events**, you must configure a HR data connector for your organization.

+15. Select **Next** to continue.

+16. If you've selected the *General data leaks* or *Data leaks by priority users* templates and have selected the **User performs an exfiltration activity and associated indicators**, you can choose custom or default thresholds for the indicator triggering events that you've selected. Choose either the **Use default thresholds (Recommended)** or **Use custom thresholds for the triggering events**.

+17. Select **Next** to continue.

+18. If you've selected **Use custom thresholds for the triggering events**, for each triggering event indicator that you selected in Step 13, choose the appropriate level to generate the desired level of activity alerts. You can use the recommended thresholds, custom thresholds, or thresholds based on anomalous activities (for certain indicators) above the daily norm for users.

+19. Select **Next** to continue.

+20. On the **Policy indicators** page, you'll see the [indicators](insider-risk-management-settings.md#indicators) that you've defined as available on the **Insider risk settings** > **Indicators** page. Select the indicators you want to apply to the policy.

+21. Select **Next** to continue.

+22. On the **Decide whether to use default or custom indicator thresholds** page, choose custom or default thresholds for the policy indicators that you've selected. Choose either the **Use default thresholds for all indicators** or **Specify custom thresholds** for the selected policy indicators. If you've selected Specify custom thresholds, choose the appropriate level to generate the desired level of activity alerts for each policy indicator.

+23. Select **Next** to continue.

+24. On the **Review** page, review the settings you've chosen for the policy and any suggestions or warnings for your selections. Select **Edit** to change any of the policy values or select **Submit** to create and activate the policy.

+>[!IMPORTANT]

+>Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage and security violations. Insider risk management enables customers to create policies to manage security and compliance. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

+>[!IMPORTANT]

+>Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage and security violations. Insider risk management enables customers to create policies to manage security and compliance. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

+>[!IMPORTANT]

+>Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage and security violations. Insider risk management enables customers to create policies to manage security and compliance. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

+When users experience employment stressors, they may become disgruntled, which may increase the chances of insider risk activity. This template starts scoring user activity when an indicator associated with disgruntlement is identified. Examples may include performance improvement notifications, poor performance reviews, changes to job level status, or email and other messages that may signal disgruntlement. Data leaks for disgruntled users may include downloading files from SharePoint Online and copying data to personal cloud messaging and storage services near employment stressor events.

+When using this template, you must either configure a HR connector, select the option to [integrate communication compliance disgruntlement signals](/microsoft-365/compliance/communication-compliance-policies#policy-for-insider-risk-management-integration-preview) from user messages, or choose both. The HR connector enables the periodic import of performance improvement notifications, poor performance review statuses, or job level change information for users in your organization. Communication compliance disgruntlement integration imports signals for user messages that may contain potentially threatening, harassing, or discriminatory text content. Associated alerts generated in Communication Compliance do not need to be triaged, remediated, or changed in status to be integrated with the insider risk management policy.

+To configure a HR connector, see the [Import data with the HR connector](import-hr-data.md) article. To configure integration with communication compliance, you'll select this option in the wizard when you configure the policy.

+Users that experience employment stressors may be at a higher risk for inadvertent or malicious security policy violations. These stressors may result in behaviors that result in the user being placed on a performance improvement plan, a poor performance review status, being demoted from their current position, or the user sending email and other messages that may signal disgruntlement. This policy template starts risk scoring based on these indicators and activities associated with these events for these users.

+When using this template, you must configure a HR connector, or select the option to [integrate communication compliance disgruntlement signals](/microsoft-365/compliance/communication-compliance-policies#policy-for-insider-risk-management-integration-preview) from user messages, or both. The HR connector enables the periodic import of performance improvement notifications, poor performance review statuses, or job level change information for users in your organization. Communication compliance disgruntlement integration imports signals for user messages that may contain potentially threatening, harassing, or discriminatory text content. Associated alerts generated in Communication Compliance do not need to be triaged, remediated, or changed in status to be integrated with the insider risk management policy. To configure a HR connector, see the [Import data with the HR connector](import-hr-data.md) article. To configure integration with communication compliance, you'll select this option in wizard when you configure the policy.

+| **Data leaks by disgruntled users** | - Performance improvement, poor performance, or job level change indicators from HR connector. <br> - Messages containing potentially threatening, harassing, or discriminatory language | Microsoft 365 HR connector configured for disgruntlement indicators <br><br> AND/OR <br><br> Communication Compliance integration and dedicated disgruntlement policy |

+| **Security policy violations by disgruntled user** | - Performance improvement, poor performance, or job level change indicators from HR connector. <br> - Messages containing potentially threatening, harassing, or discriminatory language | Microsoft 365 HR connector configured for disgruntlement indicators <br><br> AND/OR <br><br> Communication Compliance integration and dedicated disgruntlement policy <br><br> AND <br><br> Active Microsoft Defender for Endpoint subscription <br><br> Microsoft Defender for Endpoint integration with Microsoft Purview compliance portal configured |

+Insider risk management policies support specifying a higher priority for content depending on where it's stored, the type of content, or how it's classified. You can also choose whether to assign risk scores to all activities detected by a policy or only activities that include priority content. Specifying content as a priority increases the risk score for any associated activity, which in turn increases the chance of generating a high severity alert. However, some activities won't generate an alert at all unless the related content contains built-in or custom sensitive info types or was specified as a priority in the policy.

+Additionally, you can choose to focus this policy for SharePoint site activity that only includes priority content for this project. Risk scores will be assigned and alerts will be generated only when specified activities include priority content. Activities without priority content won't be scored, but you'll still be able to review them if an alert is generated.

+>[!NOTE]

+>If you configure a policy to generate alerts only for activity that includes priority content, no changes are applied to risk score boosters.

+Risky activities may not occur as isolated events. These risks are frequently part of a larger sequence of events. A sequence is a group of two or more user activities performed one after the other that might suggest an elevated risk. Identifying these related activities is an important part of evaluating overall risk. When sequence detection is selected for data theft or data leaks policies, insights from sequence information activities are displayed on the **User activity** tab within an insider risk management case. The following policy templates support sequence detection:

+These insider risk management policies can use specific indicators and the order that they occur to detect each step in a sequence of risk. For policies created from the *General data leaks* and *Data leaks by priority user* templates, you can also select which sequences trigger the policy. File names are used when mapping activities across a sequence. These risks are organized into four main categories of activity:

+> Sequence detection uses indicators that are enabled in the global settings for insider risk management. If appropriate indicators are not selected, you'll be able to turn on these indicators in the sequence detection step in the policy wizard.

+ - **I want to prioritize content**. Selecting this option will enable you to prioritize *SharePoint sites*, *Sensitivity labels*, *Sensitive info types*, and *File extensions* content types. If you choose this option, you must select at least one priority content type.

+ - **I don't want to specify priority content right now**. Selecting this option will skip the priority content detail pages in the wizard.

+11. If you've selected **I want to prioritize content** in the previous step, you'll see the detail pages for *SharePoint sites*, *sensitive info types*, *sensitivity labels*, *file extensions*, and *Scoring*. Use these detail pages to define the SharePoint, sensitive info types, sensitivity labels, and file extensions to prioritize in the policy. The *Scoring* detail page allows you to scope the policy to only assign risk scores to priority content.

+ - **Scoring**: Decide whether to assign risk scores to all activities detected by this policy or only for activities that include priority content. Choose **Get alerts for all activity** or **Get alerts only for activity that includes priority content**.

+13. If you've selected the *General data leaks* or *Data leaks by priority users* templates, you'll see options on the **Triggers for this policy** page for custom triggering events and policy indicators. You have the choice to select a DLP policy or indicators for triggering events that bring users assigned to the policy in-scope for activity scoring. If you select the **User matches a data loss prevention (DLP) policy triggering event** option, you must select a DLP policy from the DLP policy dropdown list to enable triggering indicators for the DLP Policy for this insider risk management policy. If you select the **User performs an exfiltration activity triggering event** option, you must select one or more of the listed indicators for the policy triggering event.

+14. If you've selected the *Data leaks by disgruntled users* or *Security policy violations by disgruntled users* templates, you'll see options on the **Triggers for this policy** page for integration with communication compliance and HR data connector events. You have the choice to assign risk scores when users send messages that contain potentially threatening, harassing, or discriminatory language or to bring users into the the policy scope after disgruntlement events are reported in your HR system. If you select the **Disgruntlement triggers from communication compliance (preview)** option, you can accept the default communication compliance policy (automatically created), choose a previously created policy scope for this trigger, or create another scoped policy. If you select **HR data connector events**, you must configure a HR data connector for your organization.

+15. Select **Next** to continue.

+16. If you've selected the *General data leaks* or *Data leaks by priority users* templates and have selected the **User performs an exfiltration activity and associated indicators**, you can choose custom or default thresholds for the indicator triggering events that you've selected. Choose either the **Use default thresholds (Recommended)** or **Use custom thresholds for the triggering events**.

+17. Select **Next** to continue.

+18. If you've selected **Use custom thresholds for the triggering events**, for each triggering event indicator that you selected in Step 13, choose the appropriate level to generate the desired level of activity alerts.

+19. Select **Next** to continue.

+20. On the **Policy indicators** page, you'll see the [indicators](insider-risk-management-settings.md#indicators) that you've defined as available on the **Insider risk settings** > **Indicators** page. Select the indicators you want to apply to the policy.

+21. Select **Next** to continue.

+22. On the **Decide whether to use default or custom indicator thresholds** page, choose custom or default thresholds for the policy indicators that you've selected. Choose either the **Use default thresholds for all indicators** or **Specify custom thresholds** for the selected policy indicators. If you've selected Specify custom thresholds, choose the appropriate level to generate the desired level of activity alerts for each policy indicator.

+23. Select **Next** to continue.

+24. On the **Review** page, review the settings you've chosen for the policy and any suggestions or warnings for your selections. Select **Edit** to change any of the policy values or select **Submit** to create and activate the policy.

+ - **I want to prioritize content**. Selecting this option will enable you to prioritize *SharePoint sites*, *Sensitivity labels*, *Sensitive info types*, and *File extensions* content types. If you choose this option, you must select at least one priority content type.

+ - **I don't want to specify priority content right now**. Selecting this option will skip the priority content detail pages in the wizard.

+11. If you've selected **I want to prioritize content** in the previous step, you'll see the detail pages for *SharePoint sites*, *sensitive info types*, *sensitivity labels*, *file extensions*, and *Scoring*. Use these detail pages to define the SharePoint, sensitive info types, sensitivity labels, and file extensions to prioritize in the policy. The *Scoring* detail page allows you to scope the policy to only assign risk scores to priority content.

+ - **Scoring**: Decide whether to assign risk scores to all activities detected by this policy or only for activities that include priority content. Choose **Get alerts for all activity** or **Get alerts only for activity that includes priority content**.

+13. If you've selected the *General data leaks* or *Data leaks by priority users* templates, you'll see options on the **Triggers for this policy** page for custom triggering events and policy indicators. You have the choice to select a DLP policy or indicators for triggering events that bring users assigned to the policy in-scope for activity scoring. If you select the **User matches a data loss prevention (DLP) policy triggering event** option, you must select a DLP policy from the DLP policy dropdown list to enable triggering indicators for the DLP Policy for this insider risk management policy. If you select the **User performs an exfiltration activity triggering event** option, you must select one or more of the listed indicators for the policy triggering event.

+14. If you've selected the *Data leaks by disgruntled users* or *Security policy violations by disgruntled users* templates, you'll see options on the **Triggers for this policy** page for [integration with communication compliance](/microsoft-365/compliance/communication-compliance-policies#policy-for-insider-risk-management-integration-preview) and HR data connector events. You have the choice to assign risk scores when users send messages that contain potentially threatening, harassing, or discriminatory language or to bring users into the the policy scope after disgruntlement events are reported in your HR system. If you select the **Disgruntlement triggers from communication compliance (preview)** option, you can accept the default communication compliance policy (automatically created), choose a previously created policy scope for this trigger, or create another scoped policy. If you select **HR data connector events**, you must configure a HR data connector for your organization.

+15. Select **Next** to continue.

+16. If you've selected the *General data leaks* or *Data leaks by priority users* templates and have selected the **User performs an exfiltration activity and associated indicators**, you can choose custom or default thresholds for the indicator triggering events that you've selected. Choose either the **Use default thresholds (Recommended)** or **Use custom thresholds for the triggering events**.

+17. Select **Next** to continue.

+18. If you've selected **Use custom thresholds for the triggering events**, for each triggering event indicator that you selected in Step 13, choose the appropriate level to generate the desired level of activity alerts.

+19. Select **Next** to continue.

+20. On the **Policy indicators** page, you'll see the [indicators](insider-risk-management-settings.md#indicators) that you've defined as available on the **Insider risk settings** > **Indicators** page. Select the indicators you want to apply to the policy.

+21. Select **Next** to continue.

+22. On the **Decide whether to use default or custom indicator thresholds** page, choose custom or default thresholds for the policy indicators that you've selected. Choose either the **Use default thresholds for all indicators** or **Specify custom thresholds** for the selected policy indicators. If you've selected Specify custom thresholds, choose the appropriate level to generate the desired level of activity alerts for each policy indicator.

+23. Select **Next** to continue.

+24. On the **Review** page, review the settings you've chosen for the policy and any suggestions or warnings for your selections. Select **Edit** to change any of the policy values or select **Submit** to create and activate the policy.

+>[!IMPORTANT]

+>Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage and security violations. Insider risk management enables customers to create policies to manage security and compliance. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

+Certain policy indicators and sequences may also be used for customizing triggering events for specific policy templates. When configured in the policy wizard for the *General data leaks* or *Data leaks by priority users* templates, these indicators or sequences allow you more flexibility and customization for your policies and when users are in-scope for a policy. Additionally, you can define individual activity thresholds for these triggering indicators for more fine-grained control in a policy.

+## Inline alert customization (preview)

+Inline alert customization allows you to quickly tune an insider risk management policy directly from the **Alert dashboard** while reviewing the alert. Alerts are generated when an activity meets the thresholds configured in the related policy. To reduce the number of alerts you get from this activity, you can change the activity's thresholds or remove the activity from the policy altogether.

+You can enable inline alert customization to allow users assigned to the *Insider Risk Management Analysts* and *Insider Risk Management Investigators* role groups to edit policy thresholds and to disable specific indicators. If inline alert customization isn't enabled, only users assigned to the *Insider Risk Management Admin* or *Insider Risk Management* role groups can edit these policy conditions. Inline alert customization is supported for alerts regardless of the current alert status, allowing analysts and investigators to update policies for *Dismissed* and *Resolved* alerts if needed.

+Complete the following steps to enable inline alert customization:

+1. In the [Microsoft Purview compliance portal](https://compliance.microsoft.com), go to **Insider risk management** > **Insider risk settings**.

+2. Select the **Inline alert customization (preview)** page.

+3. Enable inline alert customization for insider risk management.

+4. Select **Save** to configure and exit.

+> [!NOTE]

+> Enabling inline alert customization will take approximately one hour before being available in new and existing policy alerts.

+When enabled, analysts and investigators can select **Reduce alerts for this activity** for an alert on the **Alert dashboard** and can view details about the activity and indicators associated with the alert. Additionally, the current policy thresholds are displayed for the number of events used to create low, medium, and high severity alerts. If **Reduce alerts for this activity** is selected and a previous policy edit has been made that changes the threshold or has removed the associated indicator, you'll see a notification message detailing previous changes to the policy.

+Analysts and investigators can choose from the following options on the **Reduce alerts for this activity** pane to quickly edit the policy that created the alert:

+- **Reduce alerts using Microsoft's recommended thresholds**: We'll automatically increase the thresholds in the policy for you. You'll be able to review the new recommended threshold settings before changing the policy.

+- **Reduce alerts by choosing your own thresholds**: You can manually increase the thresholds for this type of activity for the current and future alerts. You'll be able to review the current threshold settings and configure the new threshold settings before changing the policy.

+- **Stop getting alerts for this activity**: This removes this indicator from the policy and this activity will no longer be detected by the policy. This applies to all indicators, regardless of if the indicator is threshold-based.

+After choosing an option, analysts and investigators can choose two options to update the policy:

+- **Save and dismiss alert**: Saves the changes to the policy and updates the alert status to *Resolved*.

+- **Save only**: Saves the changes to the policy, but the alert status remains the same.

+>[!IMPORTANT]

+>Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage and security violations. Insider risk management enables customers to create policies to manage security and compliance. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

+>[!IMPORTANT]

+>Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage and security violations. Insider risk management enables customers to create policies to manage security and compliance. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

+>[!IMPORTANT]

+>Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage and security violations. Insider risk management enables customers to create policies to manage security and compliance. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

+Employment stressor events can impact user behavior in several ways that relate to insider risks. These stressors may be a poor performance review, a position demotion, or the user being placement on a performance review plan. Stressors may also result in potentially inappropriate behavior such as users sending potentially threatening, harassing, or discriminatory language in email and other messages. Though most users don't respond maliciously to these events, the stress of these actions may result in some users to behave in ways they may not normally consider during normal circumstances. To help identify these types of risky activities, the following insider risk management policy templates can use the HR connector and/or integration with a [dedicated communication compliance policy](/microsoft-365/compliance/communication-compliance-policies#integration-with-insider-risk-management-preview) to bring users into scope for insider risk management policies and start scoring risk indicators relating to behaviors that may occur near employment stressor events:

+All instances of Dynamics 365 use [Microsoft SQL Server Transparent Data Encryption](/sql/relational-databases/security/encryption/transparent-data-encryption) (TDE) to perform real-time encryption of data when written to disk (at rest). TDE encrypts SQL Server, Azure SQL Database, and Azure SQL Data Warehouse data files. By default, Microsoft stores and manages the database encryption keys for your instances of Dynamics 365. (The keys that are used by Dynamics 365 for Financials are generated by the .NET Framework Data Protection API.)

+The manage keys feature in the Power Platform Administration Center gives administrators the ability to self-manage the database encryption keys that are associated with instances of Dynamics 365. See [Manage the encryption keys for your Dynamics 365 (online) instance](/dynamics365/customer-engagement/admin/manage-encryption-keys-instance). The key management feature supports both PFX and BYOK encryption key files, such as those stored in an HSM. (For more information about generating and transferring an HSM-protected key over the Internet, see [How to generate and transfer HSM-protected keys for Azure Key Vault](/azure/key-vault/key-vault-hsm-protected-keys).)

+When a user changes an item that's subject to retention from a retention policy or a retention label that marks items as a record, or deletes any item subject to retention, the original content is copied to the Preservation Hold library. This behavior lets the user to change or delete the content in their app, while keeping a copy of the original for compliance reasons.

+After retention settings are assigned to content in a OneDrive account or SharePoint site, the paths the content takes depend on whether the retention settings are to retain and delete, to retain only, or delete only. In the explanations that follow, modified content is moved to the Preservation Hold library for retention policies, and retention labels that mark items as records (and the content is unlocked). Items that are modified with retention labels that don't mark items as records don't create copies in the Preservation Hold library, but do when items are deleted.

+- See the important callout for [Auto-apply labels to content with specific types of sensitive information](apply-retention-labels-automatically.md#auto-apply-labels-to-content-with-specific-types-of-sensitive-information).

+- [All credentials](sit-defn-all-creds.md)

+- [Amazon S3 Client Secret Access Key](sit-defn-amazon-s3-client-secret-access-key.md)

+- [ASP.NET machine Key](sit-defn-asp-net-machine-key.md)

+- [Azure AD client access token](sit-defn-azure-ad-client-access-token.md)

+- [Azure AD client secret](sit-defn-azure-ad-client-secret.md)

+- [Azure AD User Credentials](sit-defn-azure-ad-user-credentials.md)

+- [Azure App Service deployment password](sit-defn-azure-app-service-deployment-password.md)

+- [Azure Batch shared access key](sit-defn-azure-batch-shared-access-key.md)

+- [Azure Bot Framework secret key](sit-defn-azure-bot-framework-secret-key.md)

+- [Azure Bot service app secret](sit-defn-azure-bot-service-app-secret.md)

+- [Azure Cognitive Search API key](sit-defn-azure-cognitive-search-api-key.md)

+- [Azure Cognitive Service key](sit-defn-azure-cognitive-service-key.md)

+- [Azure Container Registry access key](sit-defn-azure-container-registry-access-key.md)

+- [Azure COSMOS DB account access key](sit-defn-azure-cosmos-db-account-access-key.md)

+- [Azure Databricks personal access token](sit-defn-azure-databricks-personal-access-token.md)

+- [Azure DevOps app secret](sit-defn-azure-devops-app-secret.md)

+- [Azure DevOps personal access token](sit-defn-azure-devops-personal-access-token.md)

+- [Azure EventGrid access key](sit-defn-azure-eventgrid-access-key.md)

+- [Azure Function Master / API key](sit-defn-azure-function-master-api-key.md)

+- [Azure IoT shared access key](sit-defn-azure-iot-shared-access-key.md)

+- [Azure Logic app shared access signature](sit-defn-azure-logic-app-shared-access-signature.md)

+- [Azure Machine Learning web service API key](sit-defn-azure-machine-learning-web-service-api-key.md)

+- [Azure Maps subscription key](sit-defn-azure-maps-subscription-key.md)

+- [Azure Redis cache connection string password](sit-defn-azure-redis-cache-connection-string-password.md)

+- [Azure service bus shared access signature](sit-defn-azure-service-bus-shared-access-signature.md)

+- [Azure Shared Access key / Web Hook token](sit-defn-azure-shared-access-key-web-hook-token.md)

+- [Azure SignalR access key](sit-defn-azure-signalr-access-key.md)

+- [Azure SQL connection string](sit-defn-azure-sql-connection-string.md)

+- [Azure storage account access key](sit-defn-azure-storage-account-access-key.md)

+- [Azure Storage account shared access signature](sit-defn-azure-storage-account-shared-access-signature.md)

+- [Azure Storage account shared access signature for high risk resources](sit-defn-azure-storage-account-shared-access-signature-high-risk-resources.md)

+- [Azure subscription management certificate](sit-defn-azure-subscription-management-certificate.md)

+- [Client secret / API key](sit-defn-client-secret-api-key.md)

+- [General password](sit-defn-general-password.md)

+- [General Symmetric key](sit-defn-general-symmetric-key.md)

+- [GitHub Personal Access Token](sit-defn-github-personal-access-token.md)

+- [Google API key](sit-defn-google-api-key.md)

+- [Http authorization header](sit-defn-http-authorization-header.md)

+- [Microsoft Bing maps key](sit-defn-microsoft-bing-maps-key.md)

+- [Slack access token](sit-defn-slack-access-token.md)

+- [User login credentials](sit-defn-user-login-credentials.md)

+- [X.509 certificate private key](sit-defn-x-509-certificate-private-key.md)

+ Title: "Migrate the Azure Information Protection (AIP) add-in to Microsoft Purview Information Protection built-in labeling for Office apps"

+description: For Office 365 apps, understand the migration of the Azure Information Protection (AIP) add-in to built-in labeling to protect sensitive data.

+# Migrate the Azure Information Protection (AIP) add-in to built-in labeling for Office apps

+When you use [sensitivity labels](sensitivity-labels.md) in Microsoft 365 Apps on Windows computers, we recommend you use you labeling that's built into Office apps, even if you have the [Azure Information Protection (AIP) unified labeling client](/azure/information-protection/rms-client/aip-clientv2) installed. Moving forward, the AIP add-in will be disabled by default in the latest versions of Office apps.

+To prepare for this change, use this article to understand the benefits of using built-in labeling, which main features have parity, and how to control the migration from the AIP add-in to the newer labeling experience.

+## Built-in labeling vs. the AIP client

+Built-in labeling forms the cornerstone of a [Microsoft Purview Information Protection deployment](information-protection-solution.md) because this labeling technology extends across platforms (Windows, macOS, iOS, Android, and web), as well as across Microsoft apps and services, and beyond. Built-in labeling is also designed to work with other Microsoft Purview capabilities, such as data classification and Microsoft Purview Data Loss Prevention (DLP).

+Because built-in labels don't use an Office add-in, they benefit from more stability and better performance. They also support the latest Microsoft Purview features, such as advanced classifiers.

+Up until recently, built-in labeling was turned off by default in Office for Windows apps when the AIP client was installed. This default will no longer be the case for newer versions of Office. You can control the default behavior by using the instructions in the following section, [How to disable the AIP add-in to use built-in labeling for Office apps](#how-to-disable-the-aip-add-in-to-use-built-in-labeling-for-office-apps). For example, disable the add-in for initial testing on a couple of computers, and then move onto a pilot for a few users. When you're ready, migrate all users to the newer labeling experience.

+> [!NOTE]

+> Built-in labels require a subscription edition of Office apps. If you have standalone editions of Office, sometimes called "Office Perpetual", upgrade to Microsoft 365 Apps for Enterprise to benefit from the latest labeling capabilities.

+## Benefits of using built-in labeling for Office apps vs. the AIP add-in

+The AIP client is in [maintenance mode](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/announcing-aip-unified-labeling-client-maintenance-mode-and/ba-p/3043613) and we don't recommend you use the AIP add-in for Office apps for the following reasons:

+- As an add-in, it runs [more slowly](/deployoffice/fieldnotes/performance-recommendations#office-add-ins), and can be disabled by users to bypass labeling requirements.

+- There are new Office labeling features released that are [only supported by built-in labeling](#features-supported-only-by-built-in-labeling-for-office-apps), and the list is growing all the time.

+Use the AIP add-in for your Windows Office apps only if you've already deployed it to users and you need time to migrate them to built-in labeling. Or, if there's a key feature that users need that isn't yet available for their Office update channel.

+- [Sensitivity bar](sensitivity-labels-office-apps.md#sensitivity-bar) that is integrated into existing user workflows

+Watch a short demo to see some of these features in action:

+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE58yhH]

+For the latest Office apps, the AIP add-in is disabled by default, so there's nothing for you to configure:

+- **Build 16.0.15716.0+**: Currently in [Beta Channel](https://office.com/insider)

+- **Current Channel** and **Monthly Enterprise Channel**: Version 2211+ (not yet released)

+- **Semi-Annual Channel**: Version 2301+ (not yet released)

+If you have one of these versions, and need to use the AIP add-in rather than built-in labeling, you have to [configure a new setting to override the default](#how-to-configure-newer-versions-of-office-to-enable-the-aip-add-in).

+> [!IMPORTANT]

+> If youΓÇÖve previously used the AIP add-in as the default labeling client in Office apps and use Office versions listed in this section, the AIP add-in is automatically disabled and replaced by built-in labeling.

+To disable the AIP add-in for older versions, see the next section.

+Remember, when the AIP add-in is disabled, you can still use the AIP client to extend labeling beyond Office apps.

+### How to configure older versions of Office to disable the AIP add-in

+For Office apps older than the versions listed in the previous section, to prevent the AIP add-in from loading in Office apps, use the Group Policy setting **List of managed add-ins** as documented in [No Add-ins loaded due to group policy settings for Office 2013 and Office 2016 programs](https://support.microsoft.com/help/2733070/no-add-ins-loaded-due-to-group-policy-settings-for-office-2013-and-off).

+If after making these changes the **Sensitivity** button doesn't display on the Office ribbon, check whether sensitivity labeling has been [turned off](sensitivity-labels-office-apps.md#if-you-need-to-turn-off-built-in-labeling-in-office-apps-on-windows) with the **Use the Sensitivity feature in Office to apply and view sensitivity labels** setting. Although this isn't the default configuration for Office apps, an administrator might have explicitly set this configuration by using Group Policy or by directly editing the registry.

+### How to configure newer versions of Office to enable the AIP add-in

+> [!CAUTION]

+> If you've previously set the value of **Use the Sensitivity feature in Office to apply and view sensitivity labels** to **0** (or used the equivalent registry key of **UseOfficeForLabelling**ΓÇï) to disable built-in labeling because you wanted to use the AIP add-in: Going forward, if you don't configure the new setting that's described in this section, you won't be able to use sensitivity labeling with either the AIP add-in or built-in labeling.

+In the [newer versions of Office](#how-to-disable-the-aip-add-in-to-use-built-in-labeling-for-office-apps), the AIP add-in is disabled by default. To enable it, you must configure a new Office setting under **User Configuration/Administrative Templates/Microsoft Office 2016/Security Settings**:

+- **Use the Azure Information Protection add-in for sensitivity labeling**. Set the value to **1**.

+Deploy this setting by using Group Policy, or by using the [Office cloud policy service](/DeployOffice/overview-office-cloud-policy-service).

+Additional Office settings you might need to configure:

+1. The security setting **Use the Sensitivity feature in Office to apply and view sensitivity labels**, must be **0**, or not configured.

+2. If the list of managed add-ins block the AIP add-in, as described in the previous section, you'll need to either remove these entries for the AIP add-in, or set their value to **1: The add-in is always enabled.**

+## Feature parity for built-in labeling and the AIP add-in for Office apps

+Many of the labeling features supported by the AIP add-in are now supported by built-in labeling. For a more detailed list of available capabilities, minimum versions that might be needed, and configuration information, see [Manage sensitivity labels in Office apps](sensitivity-labels-office-apps.md). To support a specific feature, you might need to change your [Office update channel](/deployoffice/overview-update-channels).

+

+Use the following information to help you identify if the features you use with the AIP add-in is currently available with built-in labeling. Features that aren't yet available but in planning or deployment might delay your final migration for users, but you can begin testing the other features now to expedite a later migration.

+|Admin can disable labeling for all apps| |

+|Visibility of labels on a toolbar| [In preview](sensitivity-labels-office-apps.md#sensitivity-bar) |

+|Label colors| [In preview](sensitivity-labels-office-apps.md#label-colors) |

+Remember to use the [Microsoft 365 roadmap](https://www.microsoft.com/microsoft-365/roadmap?filters=Microsoft%20Information%20Protection&searchterms=label) to identify and track new features in development.

+The AIP client supports many customizations by using [PowerShell advanced settings](/azure/information-protection/rms-client/clientv2-admin-guide-customizations#configuring-advanced-settings-for-the-client-via-powershell). For the advanced settings applicable to Office apps that are also supported by built-in labeling, see the list in [New-Label](/powershell/module/exchange/new-label) or [Set-Label](/powershell/module/exchange/set-label), and [New-LabelPolicy](/powershell/module/exchange/new-labelpolicy) or [Set-LabelPolicy](/powershell/module/exchange/set-labelpolicy).

+However, you might find you don't need to use PowerShell to configure the supported settings because they're included in the standard configuration from the Microsoft Purview compliance portal. For example, UI configuration to choose label colors, and turn off mandatory labeling for Outlook.

+The following configurations from the AIP add-in that aren't yet supported by built-in labeling include:

+Although new capabilities for built-in labeling are being added all the time, the AIP Office add-in supports the following capabilities that aren't planned to be available in future releases for built-in labeling:

+## Migration planning for the AIP add-in for Office apps

+To smoothly transition to using built-in labeling for Office apps, use the information on this page to prepare a migration plan that includes the following tasks:

+- Identify the features that you currently use, and test them with built-in labeling to ensure you understand the configuration and user experience.

+- Identify any new features that you want to use, and decide whether to include them in the migration or at a later stage.

+- Make sure all dependencies are in place, such as Microsoft 365 Apps for Enterprise is deployed with the correct update channel and the AIP add-in disabled, and the correct [licenses are assigned to users](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-purview-information-protection-sensitivity-labeling).

+- Update any internal documentation and training, and prepare your help desk and users for change.

+To help you with your migration journey, we recommend the [migration guidance and playbook from Microsoft Purview Customer Experience Engineering (CxE)](https://microsoft.github.io/ComplianceCxE/playbooks/AIP2MIPPlaybook).

+ - Additionally, you're not using [Double Key Encryption](double-key-encryption.md) in the same tenant

+- Co-authoring and AutoSave aren't supported and don't work for labeled and encrypted Office documents that use either of the following [configurations for encryption](encryption-sensitivity-labels.md#configure-encryption-settings):

+ For labels with either of these encryption configurations, the labels display in Office apps. However, when users select these labels and nobody else is editing the document, they're warned that co-authoring and AutoSave won't be available. If somebody else is editing the document, users see a message that the labels can't be applied.

+The [Azure Information Protection (AIP) unified labeling client](/azure/information-protection/rms-client/aip-clientv2) is now in [maintenance mode](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/announcing-aip-unified-labeling-client-maintenance-mode-and/ba-p/3043613). If you currently use this client for labeling in Office apps, we recommend you move to built-in labeling. For more information, see [Migrate the Azure Information Protection (AIP) add-in to built-in labeling for Office apps](sensitivity-labels-aip.md).

+The following tables list the minimum Office version that introduced specific capabilities for sensitivity labels that are built in to Office apps. Or, if the label capability is in public preview or under review for a future release:

+- Table: [Sensitivity label capabilities in Word, Excel, and PowerPoint](#sensitivity-label-capabilities-in-word-excel-and-powerpoint)

+- Table: [Sensitivity label capabilities in Outlook](#sensitivity-label-capabilities-in-outlook)

+Use the [Microsoft 365 roadmap](https://www.microsoft.com/microsoft-365/roadmap?filters=Microsoft%20Information%20Protection&searchterms=label) for details about new capabilities that are planned for future releases.

+New capabilities that are in private preview are not included in the tables but you might be able to join these previews by nominating your organization for the [Microsoft Information Protection private preview program](https://aka.ms/mip-preview).

+|[AIP add-in disabled by default](sensitivity-labels-aip.md#how-to-configure-newer-versions-of-office-to-enable-the-aip-add-in)| Preview: Rolling out to [Beta Channel](https://office.com/insider) | Not relevant | Not relevant | Not relevant| Not relevant |

+|[AIP add-in disabled by default](sensitivity-labels-aip.md#how-to-configure-newer-versions-of-office-to-enable-the-aip-add-in)| Preview: Rolling out to [Beta Channel](https://office.com/insider) | Not relevant | Not relevant | Not relevant| Not relevant |

+If users have the [Azure Information Protection (AIP) client](/azure/information-protection/rms-client/aip-clientv2) installed on their Windows computers, built-in labels are the new default for the latest Windows Office apps that [support labeling](#labeling-client-for-desktop-apps). Because built-in labels don't use an Office add-in, as used by the AIP client, they have the benefit of more stability and better performance. They also support the latest features, such as advanced classifiers.

+> If you're not seeing the labeling features you expect on Windows computers, despite confirming the minimum supported versions for your Office update channel, it might be because you need to [disable the AIP add-in](sensitivity-labels-aip.md#how-to-disable-the-aip-add-in-to-use-built-in-labeling-for-office-apps) for older versions of Office.

+To learn more about labeling support with the AIP client, and how to disable this client just in Office apps, see [Migrate the Azure Information Protection (AIP) add-in to built-in labeling for Office apps](sensitivity-labels-aip.md).

+Generally, Office apps that have built-in labeling for Word, Excel, and PowerPoint files support the Open XML format (such as .docx and .xlsx) but not the Microsoft Office 97-2003 format (such as .doc and .xls), Open Document Format (such as .odt and .ods), or other formats. When a file type is not supported for built-in labeling, the **Sensitivity** button is not available in the Office app.

+For specific file types supported for SharePoint and OneDrive when these services are enabled for sensitivity labels, see [Enable sensitivity labels for Office files in SharePoint and OneDrive](sensitivity-labels-sharepoint-onedrive-files.md#supported-file-types).

+Use the Microsoft Purview compliance portal to select one of 10 standard colors for sensitivity labels. The **Label color** configuration is on the first page of the label configuration after the label name and description.

+If a label is configured for a different color from one of the 10 default colors, you see a **Use previously assigned customer color** checkbox selected, and the standard color options aren't available. You can change the custom color to one of the standard colors by first clearing the checkbox, and then you can select one of the standard colors.

+You can't use the compliance portal to configure a different custom color. Instead, use PowerShell, as described in the next section.

+You can use the [Security & Compliance PowerShell](/powershell/exchange/scc-powershell) advanced setting **color** to set a color for a sensitivity label. This configuration supports colors that you can't configure in the Microsoft Purview compliance portal.

+## Supported file types

+After you've enabled sensitivity labels for SharePoint and OneDrive, the following file types are supported for sensitivity labeling scenarios.

+Applying a sensitivity label in Office on the web or in SharePoint:

+- **Word**: .docx, .docm

+- **Excel**: .xlsx, .xlsm, .xlsb

+- **PowerPoint**: .pptx, .ppsx

+Uploading a labeled document, and then extracting and displaying that sensitivity label:

+- **Word**: doc, .docx, .docm, .dot, .dotx, .dotm

+- **Excel**: .xls, .xlt, .xla, .xlc, .xlm, .xlw, .xlsx, .xltx, .xlsm, .xltm, .xlam, .xlsb

+- **PowerPoint**: .ppt, .pot, .pps, .ppa, .pptx, .ppsx, .ppsxm, .potx, .ppam, .pptm, .potm, .ppsm

+- Authentication contexts

+- Site sharing settings (PowerShell-only configuration)

+ - **Choose an existing authentication context**: This option lets you enforce more stringent access conditions when users access SharePoint sites that have this label applied. These conditions are enforced when you select an existing authentication context that has been created and published for your organization's Conditional Access deployment. If users don't meet the configured conditions or if they use apps that don't support authentication contexts, they are denied access.

+Known limitations:

+The sensitivity labels that are built into Microsoft 365 Apps on Windows, macOS, iOS, and Android look and behave very similarly across these devices to provide users with a consistent labeling experience. However, on Windows computers, you can also use the [Azure Information Protection (AIP) client](/azure/information-protection/rms-client/aip-clientv2). This client is now in [maintenance mode](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/announcing-aip-unified-labeling-client-maintenance-mode-and/ba-p/3043613) and when installed, is no longer the default labeling client for the latest Office apps.

+If you're using the AIP client for labeling in Office apps, we recommend you move to built-in labeling. For more information, see [Migrate the Azure Information Protection (AIP) add-in to built-in labeling for Office apps](sensitivity-labels-aip.md).

+ Title: "All credentials entity definition"

+f1.keywords:

+- CSH

+audience: Admin

+search.appverid: MET150

+f1_keywords:

+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'

+ms.localizationpriority: medium

+- tier3

+- purview-compliance

+hideEdit: true

+feedback_system: None

+recommendations: false

+description: "All credentials sensitive information type entity definition."

+# All credential sensitive information types

+All credentials is a bundled entity sensitive information type (SIT). It detects credentials from all supported services and environments, which include Amazon, Azure, GitHub, Google, Microsoft general, Slack and more.

+## Format

+Various

+## Pattern

+Various

+## Checksum

+No

+## Description

+The All credentials SIT is a bundled SIT that scans for individual credential types. This includes checksum evaluated values and keyword/pattern combinations. The All credential entity scans for any of the underlying credential information type checksums and/or patterns are detected in a document.

+## Contains

+This bundled entity SIT contains these individual SITs:

+- [Amazon S3 Client Secret Access Key](sit-defn-amazon-s3-client-secret-access-key.md)

+- [ASP.NET Machine Key](sit-defn-asp-net-machine-key.md)

+- [Azure AD Client Access Token](sit-defn-azure-ad-client-access-token.md)

+- [Azure AD Client Secret](sit-defn-azure-ad-client-secret.md)

+- [Azure AD User Credentials](sit-defn-azure-ad-user-credentials.md)

+- [Azure App Service Deployment Password](sit-defn-azure-app-service-deployment-password.md)

+- [Azure Batch Shared Access Key](sit-defn-azure-batch-shared-access-key.md)

+- [Azure Bot Framework Secret Key](sit-defn-azure-bot-framework-secret-key.md)

+- [Azure Bot Service App Secret](sit-defn-azure-bot-service-app-secret.md)

+- [Azure Cognitive Search API Key](sit-defn-azure-cognitive-search-api-key.md)

+- [Azure Cognitive Service Key](sit-defn-azure-cognitive-service-key.md)

+- [Azure Container Registry Access Key](sit-defn-azure-container-registry-access-key.md)

+- [Azure COSMOS DB Account Access Key](sit-defn-azure-cosmos-db-account-access-key.md)

+- [Azure Databricks Personal Access Token](sit-defn-azure-databricks-personal-access-token.md)

+- [Azure DevOps App Secret](sit-defn-azure-devops-app-secret.md)

+- [Azure DevOps Personal Access Token](sit-defn-azure-devops-personal-access-token.md)

+- [Azure EventGrid Access Key](sit-defn-azure-eventgrid-access-key.md)

+- [Azure Function Master / API Key](sit-defn-azure-function-master-api-key.md)

+- [Azure IoT Shared Access Key](sit-defn-azure-iot-shared-access-key.md)

+- [Azure Logic App Shared Access Signature](sit-defn-azure-logic-app-shared-access-signature.md)

+- [Azure Machine Learning Web Service API Key](sit-defn-azure-machine-learning-web-service-api-key.md)

+- [Azure Maps Subscription Key](sit-defn-azure-maps-subscription-key.md)

+- [Azure Redis Cache Connection String Password](sit-defn-azure-redis-cache-connection-string-password.md)

+- [Azure Service Bus Shared Access Signature](sit-defn-azure-service-bus-shared-access-signature.md)

+- [Azure Shared Access Key / Web Hook Token](sit-defn-azure-shared-access-key-web-hook-token.md)

+- [Azure SignalR Access Key](sit-defn-azure-signalr-access-key.md)

+- [Azure SQL Connection String](sit-defn-azure-sql-connection-string.md)

+- [Azure Storage Account Access Key](sit-defn-azure-storage-account-access-key.md)

+- [Azure Storage Account Shared Access Signature](sit-defn-azure-storage-account-shared-access-signature.md)

+- [Azure Storage Account Shared Access Signature for High Risk Resources](sit-defn-azure-storage-account-shared-access-signature-high-risk-resources.md)

+- [Azure Subscription Management Certificate](sit-defn-azure-subscription-management-certificate.md)

+- [Client Secret / API Key](sit-defn-client-secret-api-key.md)

+- [General Password](sit-defn-general-password.md)

+- [General Symmetric Key](sit-defn-general-symmetric-key.md)

+- [GitHub Personal Access Token](sit-defn-github-personal-access-token.md)

+- [Google API key](sit-defn-google-api-key.md)

+- [Http Authorization Header](sit-defn-http-authorization-header.md)

+- [Microsoft Bing Maps Key](sit-defn-google-api-key.md)

+- [Slack Access Token](sit-defn-slack-access-token.md)

+- [User Login Credentials](sit-defn-user-login-credentials.md)

+- [X.509 Certificate Private Key](sit-defn-x-509-certificate-private-key.md)

+## Supported languages

+- English

+- Bulgarian

+- Chinese

+- Croatian

+- Czech

+- Danish

+- Estonian

+- Finnish

+- French

+- German

+- Hungarian

+- Icelandic

+- Irish

+- Italian

+- Japanese

+- Latvian

+- Lithuanian

+- Maltese

+- Dutch

+- Norwegian

+- Polish

+- Portuguese

+- Romanian

+- Slovak

+- Slovenian

+- Spanish

+- Swedish

+- Turkish

+ Title: "Amazon S3 client secret access key entity definition"

+# Amazon S3 client secret access key

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+`abcdefghijklmnopqrst0123456789/+ABCDEFGH;`

+## Credential example

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "ASP.NET machine key entity definition"

+# ASP.NET machine key

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`<machineKey validationKey="ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789" decryptionKey="ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789"`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Azure AD client access token entity definition"

+# Azure AD client access token

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+`eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ing0Nzh4eU9wbHNNMUg3TlhrN1N4MTd4MX...`

+## Credential example

+`Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ing0Nzh4eU9wbHNNMUg3TlhrN1N4MTd4MX...`

+> [!IMPORTANT]

+> This example has been truncated. ItΓÇÖs not a detectable example of this SIT.

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Azure AD client secret entity definition"

+# Azure AD client secret

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`"AppId=01234567-abcd-abcd-abcd-abcdef012345;AppSecret=abc7Q~defghijklmnopqrstuvwxyz-_.~0123"`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Azure AD user credentials entity definition"

+# Azure AD user credentials

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`username=user@tenant.onmicrosoft.com;password=ZYXWVU$1;`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+- Patterns of Plain-text username and password for Azure AD tenants.

+ Title: "Azure App Service Deployment Password entity definition"

+# Azure App Service deployment password

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`userPWD=abcdefghijklmnopqrstuvwxyz0123456789/+ABCDEFGHIJKLMNOPQRSTUV;`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Azure Batch Shared Access Key entity definition"

+# Azure Batch Shared Access Key

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`Account=account.batch.azure.net;AccountKey=abcdefghijklmnopqrstuvwxyz0123456789/+ABCDE=;`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Azure Bot Framework secret key entity definition"

+# Azure Bot Framework secret key

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`host: webchat.botframework.com/?s=abcdefghijklmnopqrstuvwxyz.0123456789_ABCDEabcdefghijkl&`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Azure Bot service app secret entity definition"

+# Azure Bot service app secret

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`"account.azurewebsites.net/api/messages;AppId=01234567-abcd-abcd-abcd-abcdef012345;AppSecret="abcdeFGHIJ0K1234567%;[@"`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Azure Cognitive search API key entity definition"

+# Azure Cognitive Search API key

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`host: account.search.windows.net; apikey: abcdef0123456789abcdef0123456789;`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Azure Cognitive Service key entity definition"

+# Azure Cognitive Service key

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`cognitiveservices.azure.com...apikey= abcdef0123456789abcdef0123456789;`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Azure Container Registry access key entity definition"

+# Azure Container Registry access key

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`account.azurecr.io/ #docker password: abcdefghijklmnopqr0123456789/+AB;`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Azure COSMOS DB account access key entity definition"

+# Azure COSMOS DB account access key

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`AccountEndpoint=https://account.documents.azure.com;AccountKey=abcdefghijklmnopqrstuvwxyz0123456789/+ABCDEabcdefghijklmnopqrstuvwxyz0123456789/+ABCDE==`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Azure Databricks personal access token entity definition"

+# Azure Databricks personal access token

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`account.azuredatabricks.net;PAT=dapiabcdef0123456789abcdef0123456789;`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Azure DevOps app secret entity definition"

+# Azure DevOps app secret

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`AdoAppId=...;AdoAppSecret=abcdefghijklmnopqrstuvwxyz234567abcdefghijklmnopqrst;`

+> [!IMPORTANT]

+> This example has been invalidated. ItΓÇÖs not a detectable example of this SIT.

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No**, other (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Azure DevOps personal access token entity definition"

+# Azure DevOps personal access token

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+`abcdefghijklmnopqrstuvwxyz234567abcdefghijklmnopqrst`

+## Credential example

+`URL="org.visualstudio.com/proj"; PAT = "abcdefghijklmnopqrstuvwxyz234567abcdefghijklmnopqrst"`

+> [!IMPORTANT]

+> This example has been invalidated. ItΓÇÖs not a detectable example of this SIT.

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No**, other (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Azure EventGrid access key entity definition"

+# Azure EventGrid access key

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`host: account.eventgrid.azure.net; accesskey: abcdefghijklmnopqrstuvwxyz0123456789/+ABCDE=;`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Azure Function Master / API key entity definition"

+# Azure Function Master / API key

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`https://account.azurewebsites.net/api/function?code=abcdefghijklmnopqrstuvwxyz0123456789%2F%2BABCDEF0123456789%3D%3D`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Azure IoT connection string entity definition"

+# Azure IoT connection string

+#This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`HostName=account.azure-devices.net;SharedAccessKeyName=key;SharedAccessKey=abcdefghijklmnopqrstuvwxyz0123456789/+ABCDE=`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Azure Logic App shared access signature entity definition"

+# Azure Logic App shared access signature

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`https://account.logic.azure.com/?...&sig=abcdefghijklmnopqrstuvwxyz0123456789%2F%2BABCDE%3D`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Azure Machine Learning web service API key entity definition"

+# Azure Machine Learning web service API key

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`host: account.azureml.net/services/01234567-abcd-abcd-abcd-abcdef012345/workspaces/01234567-abcd-abcd-abcd-abcdef012345/; apikey: abcdefghijklmnopqrstuvwxyz0123456789/+ABCDEabcdefghijklmnopqrstuvwxyz0123456789/+ABCDE==;`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Azure Maps subscription key entity definition"

+# Azure Maps subscription key

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`host: atlas.microsoft.com; key: abcdefghijklmnopqrstuvwxyz0123456789-_ABCDE;`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Azure Redis cache connection string password entity definition"

+# Azure Redis cache connection string password

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`HostName=account.redis.cache.windows.net;Password=abcdefghijklmnopqrstuvwxyz0123456789/+ABCDE=`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Azure service bus shared access signature entity definition"

+# Azure service bus shared access signature

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`Endpoint=sb://account.servicebus.windows.net;SharedAccessKey=abcdefghijklmnopqrstuvwxyz0123456789/+ABCDE=`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Azure Shared Access key / Web Hook token signature entity definition"

+# Azure Shared Access key / Web Hook token

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`PrimaryKey=abcdefghijklmnopqrstuvwxyz0123456789/+ABCDE=;`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Azure SignalR access key entity definition"

+# Azure SignalR access key

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`host: account.service.signalr.net; accesskey: abcdefghijklmnopqrstuvwxyz0123456789/+ABCDE=;`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Azure SQL connection string entity definition"

+# Azure SQL connection string

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`server=server.database.windows.net;database=database;user=user;pwd=ZYXWVU_2;`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Azure storage account access key entity definition"

+# Azure storage account access key

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`Endpoint=account.table.core.windows.net;AccountName=account;AccountKey=abcdefghijklmnopqrstuvwxyz0123456789/+ABCDEabcdefghijklmnopqrstuvwxyz0123456789/+ABCDE==`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`https://account.blob.core.windows.net/file.cspkg?...&sig=abcdefghijklmnopqrstuvwxyz0123456789%2F%2BABCDE%3D`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Azure Storage account shared access signature entity definition"

+# Azure Storage account shared access signature

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`https://account.blob.core.windows.net/?sr=...&sv=...&st=...&se=...&sp=...&sig=abcdefghijklmnopqrstuvwxyz0123456789%2F%2BABCDE%3D`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Azure subscription management certificate entity definition"

+# Azure subscription management certificate

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`<Subscription id="f70163aa-03a8-4f4a-8a30-d38e3f38fde4" ManagementCertificate="MIIPuQIBAzCCD38GCSqGS...`

+> [!IMPORTANT]

+> This example has been truncated. ItΓÇÖs not a detectable example of this SIT.

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Client secret / API key entity definition"

+# Client secret / API key

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`client_secret=abcdefghijklmnopqrstuvwxyz0123456789/+ABCDE=`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "General password entity definition"

+# General Password

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`<secret>ZYXWVU_3</secret>`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "General Symmetric key entity definition"

+# General Symmetric key

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`key=abcdefghijklmnopqrstuvwxyz0123456789/+ABCDE=;`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "GitHub personal access token entity definition"

+# GitHub personal access token

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`pat=ghp_abcdefghijklmnopqrstuvwxyzABCD012345`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Google API key entity definition"

+# Google API key

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`apiKey=AIzaefgh0123456789_-ABCDEFGHIJKLMNOPQRS;`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Http authorization header entity definition"

+# Http authorization header

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`Authorization: Basic ABCDEFGHIJKLMNOPQRS0123456789;`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Microsoft Bing maps key entity definition"

+# Microsoft Bing maps key

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`bingMapsKey=abcdefghijklmnopqrstuvwxyz0123456789-_ABCDEabcdefghijklmnopqrstu`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "Slack access token entity definition"

+# Slack access token

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`slack_token= xoxp-abcdef-abcdef-abcdef-abcdef;`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "User login credentials entity definition"

+# User login credentials

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`{ "user": "user_name", "password": "ZYXWVU_2" }`

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+ Title: "X.509 certificate private key entity definition"

+This SIT is also included in the [All credentials](sit-defn-all-creds.md) bundled SIT.

+ ## Format

+## Credential example

+`--BEGIN PRIVATE KEY-- MIIPuQIBAzCCD38GCSqGSIb3DQEHAaCCD3AEgg9sMIIPaDCCBZ8GCSqGSIb3DQEHBqCCBZAw...`

+> [!IMPORTANT]

+> This example has been truncated. ItΓÇÖs not a detectable example of this SIT.

+SITs that have checksums use a unique calculation to check if the information is valid. This means when the **Checksum** value is **Yes**, the service can make a positive detection based on the sensitive data alone. When the **Checksum** value is **No** additional (secondary) elements must also be detected for the service to make a positive detection.

+### Data lifecycle management and records management

+- In preview: Retention labels now support running a Power Automate flow at the end of the retention period to support custom actions and integration with other solutions. For more information, see [Customize what happens at the end of the retention period](retention-label-flow.md).

+- For records management items undergoing disposition review, when you select that item in the Disposition area of the compliance portal, a new Progress column displays the item's status. That status can be "Approved for deletion, "Awaiting deletion from SharePoint/OneDriveΓÇ¥ or ΓÇ£Awaiting deletion from ExchangeΓÇ¥, or "Permanently Deleted". When an item is approved for permanent deletion as part of the disposition review process, that deletion can take up to 15 days to complete and this new column helps you to track its progress.

+- The configuration to [enable a mailbox for archiving](enable-archive-mailboxes.md) is moving to the new Exchange admin center (EAC) and instructions have been updated accordingly.

+- Currently, trainable classifiers for auto-apply retention labels aren't supported with adaptive scopes. As a workaround, use static scopes for this configuration combination.

+- Instructions to [Customize an archive and deletion policy for mailboxes](set-up-an-archive-and-deletion-policy-for-mailboxes.md) are updated to include only retention tags that that have an outcome that can't be achieved with Microsoft 365 retention.

+### Sensitivity labels

+- [PDF support](sensitivity-labels-office-apps.md#pdf-support) in Word, Excel, and PowerPoint is now available to Windows Current Channel and Monthly Enterprise Channel.

+- Default label for existing documents is now fully rolled out to Mac and Windows in Current Channel and Monthly Enterprise Channel, providing parity with the AIP add-in.

+- In preview: The new [sensitivity bar](sensitivity-labels-office-apps.md#sensitivity-bar) and support for [label colors](sensitivity-labels-office-apps.md#label-colors) in Office apps, providing parity with the AIP add-in with additional functionality.

+- In preview: [S/MIME support](sensitivity-labels-office-apps.md#configure-a-label-to-apply-smime-protection-in-outlook) for Windows, providing parity with the AIP add-in. Support for Mac and mobile is now fully rolled out.

+- In preview: Trainable classifiers for auto-labeling policies (all workloads).

+ Title: Accessibility mode in Microsoft Syntex

+description: Learn how to use accessibility features mode when training and working with models in Microsoft Syntex.

+# Accessibility mode in Microsoft Syntex

+In [Microsoft Syntex](index.md), users can turn on accessibility mode in all stages of model training (label, train, test) when working with example documents. Using accessibility mode can help low-sight users to have easier keyboard accessibility as they navigate and label items in the document viewer.

+ Title: Discover opportunities in Microsoft Syntex by using the Microsoft 365 Assessment tool

+description: Learn how to use the adoption assessment tool to see how your organization can benefit from Microsoft Syntex.

+# Discover opportunities in Microsoft Syntex by using the Microsoft 365 Assessment tool

+You can assess how Microsoft Syntex will benefit your organization by using the Microsoft 365 Assessment tool. When you run an assessment, you'll generate a Power BI report that summarizes aspects of your SharePoint information architecture that are indicators for where Syntex might be of value.

+- **Libraries with custom columns** ΓÇô Identify libraries where Syntex can automatically populate columns, improving consistency.

+- **Column usage** ΓÇô Identify patterns of column usage, to target Syntex models where they'll have the maximum benefit.

+- **Libraries with custom content types** ΓÇô Identify libraries using custom content types, where Syntex models can be used to automatically categorize files.

+- **Content type usage** ΓÇô Identify patterns of content type usage, to target Syntex models where they'll have the maximum benefit.

+- **Libraries with retention labels** ΓÇô Identify libraries where retention labels are used, where Syntex can be used to automate and improve consistency.

+- **Library modernization status** ΓÇô Identify libraries that might need to be modernized to fully make use of Syntex.

+- **Syntex model usage** ΓÇô Review the current use of Syntex models in your sites.

+The Syntex assessment is a module in the Microsoft 365 Assessment tool. To run the assessment:

+5. [Run a Syntex assessment](https://pnp.github.io/pnpassessment/sharepoint-syntex/assess.html).

+ Title: Get started driving adoption of Microsoft Syntex

+description: Learn how to use and implement Microsoft Syntex in your organization to help you streamline your business processes.

+# Get started driving adoption of Microsoft Syntex

+Think of the intelligent content services available in Microsoft Syntex as having three parts:

+With new AI services and capabilities, you can build content understanding and classification apps directly into the content management flow using Syntex. There are two different ways of understanding your content. The model type you use is based on file format and use case.

+| Created from document library. | Created in the content center, part of Syntex. |

+To prepare for using Syntex in your organization, you first need to understand the scenarios in which it will be useful. The "why" helps determine what model will be needed, and how to structure your org based on where the model will be applied. Here are a few scenarios where document understanding can help your organization:

+Think about ways that Syntex can help your organization:

+Use the [example scenarios and use cases](adoption-scenarios.md) to prompt ideas about how you can use Syntex in your organization.

+Work with stakeholders to make sure they are aligned on the strategy for using Syntex. Research and provide the following resources to help with this positioning:

+To get ready for implementing Syntex, you need to:

+[Scenarios and use cases for Syntex](adoption-scenarios.md)

+ Title: Scenarios and use cases for Microsoft Syntex

+description: Find business scenarios about how to use Microsoft Syntex in your organization.

+# Scenarios and use cases for Microsoft Syntex

+Use the following example scenarios to prompt ideas about how you can use Microsoft Syntex in your organization.

+- [Scenario: Avoid risk with records management, document governance, and compliance processes based on Syntex](adoption-scenarios.md#scenario-avoid-risk-with-records-management-document-governance-and-compliance-processes-based-on-syntex)

+For example, you can set up a process using Syntex and Power Automate features to track and monitor invoices.

+

+

+## Scenario: Avoid risk with records management, document governance, and compliance processes based on Syntex

+Set up some processes for compliance with Syntex to capture and appropriately classify, audit, and flag documents and forms that need better governance. You can rely on Syntex to auto classify content rather than relying on end users to manually tag, or the compliance team to manually apply governance rules and archiving. And you can enable a simplified search experience, manage data volumes, apply records management and retention policies, ensure compliance, and best practice archiving and purging practices.

+For example, a pharmaceutical company could use Syntex to extract information from FDA documents to answer questions that their leaders have. Having the answers more easily accessible can reduce the time needed to produce these answers and increase the availability of data to generate more accurate answers to leadership questions.

+With Syntex, you can reduce the time of manual processing of customer orders. For example, you can upload orders from fax, email, or paper into SharePoint document library by using OCR processing and then extract the metadata from those orders so you can fulfill them by using automated processes.