| Category | Microsoft Docs article | Related commit history on GitHub | Change details |
|---|---|---|---|
| admin | About Admin Roles | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/about-admin-roles.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | About Guest Users | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/about-guest-users.md | +- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Admin Roles Page | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/admin-roles-page.md | +- Tier - scotvorg - M365-subscription-management - Adm_O365W |
| admin | Assign Admin Roles | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/assign-admin-roles.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Change A User Name And Email Address | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/change-a-user-name-and-email-address.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Delete A User | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/delete-a-user.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Give Mailbox Permissions To Another User | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/give-mailbox-permissions-to-another-user.md | +- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Let Users Reset Passwords | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/let-users-reset-passwords.md | +- Tier1 - scotvorg - highpri - M365-subscription-management |
| admin | Remove Former Employee Step 1 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/remove-former-employee-step-1.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Remove Former Employee Step 2 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/remove-former-employee-step-2.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Remove Former Employee Step 3 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/remove-former-employee-step-3.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Remove Former Employee Step 4 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/remove-former-employee-step-4.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Remove Former Employee Step 5 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/remove-former-employee-step-5.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Remove Former Employee Step 6 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/remove-former-employee-step-6.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Remove Former Employee Step 7 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/remove-former-employee-step-7.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Remove Former Employee | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/remove-former-employee.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Reset Passwords | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/reset-passwords.md | +- Tier1 - scotvorg - highpri - M365-subscription-management |
| admin | Restore User | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/restore-user.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Set Password To Never Expire | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/set-password-to-never-expire.md | +- Tier2 - scotvorg - highpri - M365-subscription-management |
| admin | Admin Mobile App | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/admin-mobile-app.md | +- Tier2 - scotvorg - highpri - M365-subscription-management |
| admin | What Is Microsoft 365 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/what-is-microsoft-365.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Capabilities | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/capabilities.md | +- Tier3 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Choose Between Basic Mobility And Security And Intune | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/choose-between-basic-mobility-and-security-and-intune.md | +- Tier3 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Create An Apns Certificate For Ios Devices | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/create-an-apns-certificate-for-ios-devices.md | +- Tier3 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Create Device Security Policies | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/create-device-security-policies.md | +- Tier3 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Enroll Your Mobile Device | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/enroll-your-mobile-device.md | +- Tier3 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Manage Device Access Settings | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/manage-device-access-settings.md | +- Tier3 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Manage Enrolled Devices | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/manage-enrolled-devices.md | audience: Admin ms.localizationpriority: medium-++- Tier3 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/overview.md | +- Tier3 - scotvorg - highpri - M365-subscription-management |
| admin | Privacy And Security | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/privacy-and-security.md | +- Tier3 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Set Up | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/set-up.md | +- Tier2 - scotvorg - highpri - M365-subscription-management |
| admin | Turn Off | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/turn-off.md | +- Tier3 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Wipe Mobile Device | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/wipe-mobile-device.md | +- Tier3 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Add Or Remove Members From Groups | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/add-or-remove-members-from-groups.md | +- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Compare Groups | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/compare-groups.md | +- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Create Groups | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/create-groups.md | +- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Manage Groups | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/manage-groups.md | +- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Manage Guest Access In Groups | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/manage-guest-access-in-groups.md | +- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Office 365 Groups | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/office-365-groups.md | +- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Restore Deleted Group | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/restore-deleted-group.md | +- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | About Shared Mailboxes | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/about-shared-mailboxes.md | +- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Add Another Email Alias For A User | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/add-another-email-alias-for-a-user.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Add User Or Contact To Distribution List | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/add-user-or-contact-to-distribution-list.md | +- Tier3 - scotvorg - highpri - M365-subscription-management |
| admin | Configure A Shared Mailbox | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/configure-a-shared-mailbox.md | +- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Configure Clutter | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/configure-clutter.md | +- Tier3 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Configure Email Forwarding | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/configure-email-forwarding.md | +- Tier3 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Convert User Mailbox To Shared Mailbox | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/convert-user-mailbox-to-shared-mailbox.md | +- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Create A Shared Mailbox | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/create-a-shared-mailbox.md | +- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Create Edit Or Delete A Security Group | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/create-edit-or-delete-a-security-group.md | +- Tier3 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Office 365 User Email Settings | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/office-365-user-email-settings.md | audience: Admin +- Tier1 - scotvorg - Adm_O365 - Adm_TOC |
| admin | Remove License From Shared Mailbox | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/remove-license-from-shared-mailbox.md | +- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Resolve Issues With Shared Mailboxes | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/resolve-issues-with-shared-mailboxes.md | +- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Centralized Deployment Of Add Ins | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/centralized-deployment-of-add-ins.md | In order to deploy an add-in via Centralized Deployment, you need to be either a ### Centralized Deployment Compatibility Checker -Using the Centralized Deployment Compatibility Checker, you can verify whether the users on your tenant are set up to use Centralized Deployment for Word, Excel and PowerPoint. The Compatibility Checker is not required for Outlook support. Download the [compatibility checker](https://aka.ms/officeaddindeploymentorgcompatibilitychecker). +Using the Centralized Deployment Compatibility Checker, you can verify whether the users on your tenant are set up to use Centralized Deployment for Word, Excel, and PowerPoint. The Compatibility Checker is not required for Outlook support. Download and install the [compatibility checker](https://aka.ms/officeaddindeploymentorgcompatibilitychecker). #### Run the compatibility checker |
| admin | Change Contact Preferences | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/change-contact-preferences.md | +- Tier3 - scotvorg search.appverid: - BCS160 |
| admin | Customize The App Launcher | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/customize-the-app-launcher.md | +- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Health Dashboard Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/health-dashboard-overview.md | audience: Admin ms.localizationpriority: medium-++- Tier2 +- scotvorg - AdminSurgePortfolio - okr_smb |
| admin | Idle Session Timeout Web Apps | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/idle-session-timeout-web-apps.md | +- Tier3 - scotvorg - Adm_TOC description: "Set how long user's session will last in Microsoft 365 before they're timed out." |
| admin | Language Translation For Message Center Posts | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/language-translation-for-message-center-posts.md | +- Tier3 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Manage Deployment Of Add Ins | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-deployment-of-add-ins.md | +- Tier3 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Manage Feedback Ms Org | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-feedback-ms-org.md | +- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Manage Feedback Product Insights | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-feedback-product-insights.md | +- Tier2 - scotvorg - Adm_O365 |
| admin | Manage Office Scripts Settings | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-office-scripts-settings.md | +- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Message Center | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/message-center.md | audience: Admin ms.localizationpriority: medium-++- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Pin Apps To App Launcher | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/pin-apps-to-app-launcher.md | +- Tier3 - scotvorg - Adm_O365 - M365-subscription-management |
| admin | Release Options In Office 365 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/release-options-in-office-365.md | +- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Room And Equipment Mailboxes | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/room-and-equipment-mailboxes.md | +- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Search In The Mac | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/search-in-the-mac.md | +- Tier2 - scotvorg - Adm_O365 - Adm_TOC |
| admin | Send Email As Distribution List | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/send-email-as-distribution-list.md | +- Tier3 - scotvorg - Adm_O365 |
| admin | Set Password Expiration Policy | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/set-password-expiration-policy.md | +- Tier1 - scotvorg - highpri - M365-subscription-management |
| admin | Share Calendars With External Users | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/share-calendars-with-external-users.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Stay On Top Of Updates | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/stay-on-top-of-updates.md | +- Tier3 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Update Phone Number And Email Address | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/update-phone-number-and-email-address.md | +- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Upgrade Distribution Lists | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/upgrade-distribution-lists.md | +- Tier3 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Use Qr Code Download Outlook | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/use-qr-code-download-outlook.md | +- Tier3 - scotvorg - Adm_O365 |
| admin | Azure Ad Setup Guides | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/azure-ad-setup-guides.md | +- Tier3 - scotvorg description: "Learn about setup guides for Azure Active Directory." |
| admin | Cortana Integration | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/cortana-integration.md | +- Tier3 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Device List | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/device-list.md | +- Tier3 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Experience Insights Dashboard | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/experience-insights-dashboard.md | +- Tier1 - scotvorg description: "Get a periodic report about how people in your organization use Microsoft 365 services and drill into each chart for more insights." |
| admin | Experience Insights Help Articles | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/experience-insights-help-articles.md | audience: Admin ms.localizationpriority: medium-++- Tier1 - scotvorg description: "Get a report of the Microsoft 365 help articles people in your organization are reading." |
| admin | Feedback Code Conduct | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/feedback-code-conduct.md | +- Tier3 - scotvorg description: "Learn about Microsoft code of conduct for the feedback you provide." |
| admin | Feedback Provide Microsoft | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/feedback-provide-microsoft.md | +- Tier2 - scotvorg description: "Learn about the different ways you can provide feedback to Microsoft about Microsoft products and services." |
| admin | Feedback User Control | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/feedback-user-control.md | audience: Admin ms.localizationpriority: medium-++- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Password Policy Recommendations | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/password-policy-recommendations.md | +- Tier1 - ContentEngagementFY23 - scotvorg - highpri |
| admin | User Consent | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/user-consent.md | +- Tier3 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Add Google Domain | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/moveto-microsoft-365/add-google-domain.md | +- Tier2 - scotvorg - highpri - M365-subscription-management |
| admin | Cancel Google | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/moveto-microsoft-365/cancel-google.md | +- Tier2 - scotvorg - highpri - M365-subscription-management |
| admin | Connect Domain Tom365 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/moveto-microsoft-365/connect-domain-tom365.md | +- Tier2 - scotvorg - highpri - M365-subscription-management |
| admin | Migrate Email | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/moveto-microsoft-365/migrate-email.md | +- Tier2 - scotvorg - highpri - M365-subscription-management |
| admin | Move From Google Workspace Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/moveto-microsoft-365/move-from-google-workspace-overview.md | +- Tier2 - scotvorg - highpri - M365-subscription-management |
| admin | Set Up Microsoft 365 Forgoogle | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/moveto-microsoft-365/set-up-microsoft-365-forgoogle.md | +- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Manage | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/multi-tenant/manage.md | +- Tier3 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Enable Modern Authentication | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/enable-modern-authentication.md | +- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Increase Threat Protection | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/increase-threat-protection.md | +- Tier2 - scotvorg - highpri - M365-subscription-management |
| admin | Multi Factor Authentication Microsoft 365 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/multi-factor-authentication-microsoft-365.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Set Up Multi Factor Authentication | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication.md | +- Tier1 - scotvorg - highpri - M365-subscription-management |
| admin | Download Office App For Android | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/services-in-china/download-office-app-for-Android.md | +- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Download Office App For Ios | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/services-in-china/download-office-app-for-iOS.md | +- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Parity Between Azure Information Protection | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/services-in-china/parity-between-azure-information-protection.md | audience: Admin ms.localizationpriority: medium-++- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Services In China | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/services-in-china/services-in-china.md | +- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Configure Focused Inbox | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/configure-focused-inbox.md | +- Tier3 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Create Distribution Lists | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/create-distribution-lists.md | +- Tier3 - scotvorg - highpri - M365-subscription-management |
| admin | Create Signatures And Disclaimers | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/create-signatures-and-disclaimers.md | +- Tier2 - scotvorg - highpri - M365-subscription-management |
| admin | Customize Sign In Page | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/customize-sign-in-page.md | +- Tier3 - scotvorg - highpri - M365-subscription-management |
| admin | Customize Team Site | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/customize-team-site.md | +- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Customize Your Organization Theme | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/customize-your-organization-theme.md | +- Tier3 - scotvorg - highpri - M365-subscription-management |
| admin | Priority Accounts | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/priority-accounts.md | +- Tier2 - scotvorg - Adm_O365 - Adm_TOC |
| admin | Set Up File Storage And Sharing | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/set-up-file-storage-and-sharing.md | +- Tier2 - scotvorg - highpri - M365-subscription-management |
| admin | Set Up Mobile Devices | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/set-up-mobile-devices.md | +- Tier2 - scotvorg - highpri - M365-subscription-management |
| admin | Setup Business Standard | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/setup-business-standard.md | +- Tier1 - scotvorg - highpri - M365-subscription-management |
| admin | Setup Outlook | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/setup-outlook.md | +- Tier2 - scotvorg - highpri - M365-subscription-management |
| admin | Setup | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/setup.md | +- Tier1 - scotvorg - highpri - M365-subscription-management |
| admin | Signup Apps Business | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/signup--apps-business.md | audience: Admin ms.localizationpriority: medium-++- Tier1 - scotvorg - highpri - Adm_TOC |
| admin | Signup Business Basic | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/signup-business-basic.md | +- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| admin | Upgrade Users To Latest Office Client | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/upgrade-users-to-latest-office-client.md | audience: Admin ms.localizationpriority: medium +- Tier3 - scotvorg - Adm_O365 - Adm_TOC |
| admin | Admin Invite Business Standard | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/simplified-signup/admin-invite-business-standard.md | +- Tier1 - scotvorg - Adm_TOC |
| admin | Signup Business Standard | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/simplified-signup/signup-business-standard.md | +- Tier1 - scotvorg - highpri - Adm_TOC |
| admin | Signup Teams Business Subscription | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/simplified-signup/signup-teams-business-subscription.md | +- Tier1 - scotvorg - highpri - Adm_TOC |
| admin | User Invite Business Standard | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/simplified-signup/user-invite-business-standard.md | +- Tier1 - scotvorg - highpri - Adm_TOC |
| admin | User Invite Msa Nodomain Join | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/simplified-signup/user-invite-msa-nodomain-join.md | +- Tier1 - scotvorg - Adm_TOC |
| bookings | Bookings In Outlook | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/bookings-in-outlook.md | Use the **Get-OrganizationConfig** and **Set-OrganizationConfig** commands to fi Set-OrganizationConfig -EwsAllowList @{Remove="MicrosoftOWSPersonalBookings"} ``` - - To turn on Bookings with me for your organization, add **MicrosoftOWSPersonalBookings** to **EwsAllowList** by running the following command: + - To turn on Bookings with me for your organization, you must set the **EwsApplicationAccessPolicy** to **EnforceAllowList** and add **MicrosoftOWSPersonalBookings** to **EwsAllowList** by running the following command: + ```PowerShell + Set-OrganizationConfig -EwsApplicationAccessPolicy:EnforceAllowList + ``` + ```PowerShell Set-OrganizationConfig -EwsAllowList @{Add="MicrosoftOWSPersonalBookings"} ``` |
| compliance | Communication Compliance Policies | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-policies.md | The following table outlines the time to detection for supported content types: | Teams modern attachment | 13 hours | | Teams metadata | 1 hour | | Email metadata | 1 hour |+| Teams shared channels | 13 hours | For existing policies created before July 31, 2022 it may take up to 24 hours to detect messages and review alerts that match these policies. To reduce the latency for these policies, [copy the existing policy](/microsoft-365/compliance/communication-compliance-policies#copy-a-policy) and create a new policy from the copy. If you don't need to retain any data from the older policy, it can be paused or deleted. |
| compliance | Insider Risk Management Activities | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/insider-risk-management-activities.md | Modern workplace users often have a wide variety of responsibilities and demands - **Focus analyst and investigator efforts on the highest risk alerts first**. Depending on your policies, you may be capturing user activities and generating alerts with varying degrees of potential impact to your risk mitigation efforts. [Filter alerts](insider-risk-management-activities.md#filter-alerts-on-the-alert-dashboard) by severity and prioritize *High severity* alerts. - **Assign users as analysts and investigators**. Having the right user assigned to the proper roles is an important part of the insider risk alert review process. Make sure you've assigned the appropriate users to the *Insider Risk Management Analysts* and *Insider Risk Management Investigators* role groups. -- **Use automated insider risk features to help discover the highest risk activities**. Insider risk management [sequence detection](insider-risk-management-policies.md#sequence-detection-preview) and [cumulative exfiltration detection](insider-risk-management-policies.md#cumulative-exfiltration-detection-preview) features can help you quickly discover harder to find potential risks in your organization. Consider fine-tuning your [risk score boosters](insider-risk-management-settings.md#indicators), [file activity detection](insider-risk-management-settings.md#file-activity-detection), [domains](insider-risk-management-settings.md#domains), and the minimum [indicator threshold settings](insider-risk-management-settings.md#indicator-level-settings-preview) for your policies.+- **Use automated insider risk features to help discover the highest risk activities**. Insider risk management [sequence detection](insider-risk-management-policies.md#sequence-detection-preview) and [cumulative exfiltration detection](insider-risk-management-policies.md#cumulative-exfiltration-detection-preview) features can help you quickly discover harder to find risks in your organization. Consider fine-tuning your [risk score boosters](insider-risk-management-settings.md#indicators), [file activity detection](insider-risk-management-settings.md#file-activity-detection), [domains](insider-risk-management-settings.md#domains), and the minimum [indicator threshold settings](insider-risk-management-settings.md#indicator-level-settings-preview) for your policies. |
| compliance | Whats New | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/whats-new.md | Whether it be adding new solutions to the [Microsoft Purview compliance portal]( - **General availability (GA)**: [Relabeling at the end of the retention period](retention-settings.md#relabeling-at-the-end-of-the-retention-period). - **General availability (GA)**: [Starting a record unlocked](declare-records.md#configuring-retention-labels-to-declare-records). - **General availability (GA)**: Users can now apply published retention labels to files [directly in Teams](create-apply-retention-labels.md#applying-retention-labels-using-microsoft-365-groups).-- New retention support statements: Retention policies for Teams supports the [chat with myself](https://support.microsoft.com/office/start-a-chat-in-teams-0c71b32b-c050-4930-a887-5afbe742b3d8?storagetype=live#bkmk_chatwithself) feature and [video clips](https://support.microsoft.com/office/record-a-video-clip-in-teams-0c57dae5-2974-4214-9c46-7a2136386f1c), and retention policies for Yammer support [storyline posts](https://support.microsoft.com/office/overview-of-storyline-for-yammer-and-viva-engage-530e4e66-9f1c-4be1-b371-08ea40dc4b69).+- New retention support statements: Retention policies for Teams support the [chat with myself](https://support.microsoft.com/office/start-a-chat-in-teams-0c71b32b-c050-4930-a887-5afbe742b3d8?storagetype=live#bkmk_chatwithself) feature and [video clips](https://support.microsoft.com/office/record-a-video-clip-in-teams-0c57dae5-2974-4214-9c46-7a2136386f1c), and retention policies for Yammer support [storyline posts](https://support.microsoft.com/office/overview-of-storyline-for-yammer-and-viva-engage-530e4e66-9f1c-4be1-b371-08ea40dc4b69). - Improved in-product experience if retention policies have errors: You'll now see a detailed description of the error in the details pane, with in-product actions to take that can resolve the problem. For example, remove invalid locations and resynchronize the policy. ### Microsoft Priva |
| enterprise | Add Several Users At The Same Time | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/add-several-users-at-the-same-time.md | +- Tier1 - scotvorg search.appverid: - MET150 |
| enterprise | Lang Service Health | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/lang-service-health.md | +- Tier3 - scotvorg - Ent_O365 - M365-subscription-management |
| lighthouse | M365 Lighthouse Block User Signin | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-block-user-signin.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse Change Cloud Pc Account Type | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-change-cloud-pc-account-type.md | +- Tier2 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse Compare Compliance Policies | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-compare-compliance-policies.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse Configure Portal Security | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-configure-portal-security.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse Deploy Baselines | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-deploy-baselines.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse Deploy Standard Tenant Configurations Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-deploy-standard-tenant-configurations-overview.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse Device Compliance Page Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-device-compliance-page-overview.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse Device Security Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-device-security-overview.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse Get Help And Support | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-get-help-and-support.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse Known Issues | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-known-issues.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse Manage Inactive Users | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-manage-inactive-users.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse Manage Mfa | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-manage-mfa.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse Manage Sspr | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-manage-sspr.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse Manage Tenant List | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-manage-tenant-list.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse Mitigate Threats | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-mitigate-threats.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse Overview Of Permissions | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-overview-of-permissions.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-overview.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse Quarantine Messages Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-quarantine-messages-overview.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse Reprovision Cloudpc | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-reprovision-cloudpc.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse Requirements | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-requirements.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse Reset User Password | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-reset-user-password.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse Review Audit Logs | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-review-audit-logs.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse Search For Users | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-search-for-users.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse Sign Up | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-sign-up.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse Tenants Page Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-tenants-page-overview.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse Threat Management Page Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-threat-management-page-overview.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse Troubleshoot | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-troubleshoot.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse Users Page Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-users-page-overview.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse View Failed Network Connections | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-view-failed-network-connections.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse View Manage Risky Users | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-view-manage-risky-users.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse View Service Health | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-view-service-health.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse View Your Roles | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-view-your-roles.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse Whats New | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-whats-new.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| lighthouse | M365 Lighthouse Win365 Page Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-win365-page-overview.md | +- Tier1 - scotvorg - M365-subscription-management - Adm_O365 |
| security | Attack Surface Reduction Rules Reference | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference.md | |
| security | Defender Endpoint Demonstration App Reputation | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-app-reputation.md | audience: ITPro - m365-security - tier2-+- demo + Last updated : 10/21/2022 # SmartScreen app reputation demonstration This program has a good reputation; the download should run uninterrupted: - [Known good program download](https://demo.smartscreen.msft.net/download/known/freevideo.exe) - <!-- Hide {this intro with no subsequent list items} [Replace this link when new/updated source becomes available] --> - Launching this link should render a message similar to the following: :::image type="content" source="images/smartscreen-app-reputation-known-good.png" alt-text="Based on the target file's reputation, SmartScreen allows the download without interference."::: This program has a good reputation; the download should run uninterrupted: Because the program download doesn't have sufficient reputation to ensure that it's trustworthy, SmartScreen will show a warning before running the program download. - [Unknown program](https://demo.smartscreen.msft.net/download/unknown/freevideo.exe)-- <!-- Hide {this intro with no subsequent list items} [Replace this link when new/updated source becomes available] --> Launching this link should render a message similar to the following: This download is known malware; SmartScreen should block this program from runni - [Known malware](https://demo.smartscreen.msft.net/download/known/knownmalicious.exe) - <!-- Hide {this intro with no subsequent list items} [Replace this link when new/updated source becomes available] --> - Launching this link should render a message similar to the following: :::image type="content" source="images/smartscreen-app-reputation-known-malware.png" alt-text="Screenshot showing how SmartScreen detects a file download with an unsafe reputation.; the download is blocked."::: |
| security | Defender Endpoint Demonstration Attack Surface Reduction Rules | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-attack-surface-reduction-rules.md | +- demo + Last updated : 10/21/2022 # Attack surface reduction rules demonstrations Add-MpPreference -AttackSurfaceReductionRules_Ids 7674BA52-37EB-4A4F-A9A1-F0F9A1 |State | Mode| Numeric value | |:|:|:|-| AuditMode | = Audit Mode | 2 | -| Enabled | = Block mode | 1 | | Disabled | = Off | 0 |+| Enabled | = Block mode | 1 | +| Audit | = Audit mode | 2 | ### Verify configuration |
| security | Defender Endpoint Demonstration Block At First Sight Bafs | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-block-at-first-sight-bafs.md | +- demo + Last updated : 10/21/2022 # Block at First Sight (BAFS) demonstration |
| security | Defender Endpoint Demonstration Cloud Delivered Protection | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-cloud-delivered-protection.md | +- demo + Last updated : 10/21/2022 # Cloud-delivered protection demonstration |
| security | Defender Endpoint Demonstration Controlled Folder Access Test Tool | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-controlled-folder-access-test-tool.md | +- demo + Last updated : 10/21/2022 # Controlled folder access (CFA) demonstration test tool (block script) Controlled Folder Access helps you protect valuable data from malicious apps and Set-MpPreference -EnableControlledFolderAccess <State> ``` -Rule states +## Rule states |State | Mode| Numeric value | |:|:|:|-| AuditMode | = Audit Mode | 2 | -| Enabled | = Block mode | 1 | | Disabled | = Off | 0 |+| Enabled | = Block mode | 1 | +| Audit | = Audit mode | 2 | ### Verify configuration |
| security | Defender Endpoint Demonstration Controlled Folder Access | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-controlled-folder-access.md | +- demo + Last updated : 10/21/2022 # Controlled folder access (CFA) demonstrations (block ransomware) Set-MpPreference -ControlledFolderAccessProtectedFolders C:\demo\ |State | Mode| Numeric value | |:|:|:|-| AuditMode | = Audit Mode | 2 | -| Enabled | = Block mode | 1 | | Disabled | = Off | 0 |+| Enabled | = Block mode | 1 | +| Audit | = Audit mode | 2 | ## Verify configuration You can perform these manual steps instead: ### Scenario 1: CFA blocks ransomware test file -1. Turn on CFA using PowerShell command: +1. Turn on CFA using PowerShell command: ```powershell Set-MpPreference -EnableControlledFolderAccess Enabled Set-MpPreference -ControlledFolderAccessProtectedFolders C:\demo\ ### Scenario 2: What would happen without CFA -1. Turn off CFA using this PowerShell command: +1. Turn off CFA using this PowerShell command: ```powershell Set-MpPreference -EnableControlledFolderAccess Disabled |
| security | Defender Endpoint Demonstration Exploit Protection | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-exploit-protection.md | +- demo + Last updated : 10/21/2022 # Exploit protection (EP) demonstrations |
| security | Defender Endpoint Demonstration Network Protection | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-network-protection.md | +- demo + Last updated : 10/21/2022 # Network protection demonstrations Set-MpPreference -EnableNetworkProtection Enabled ## Rule states -|State|Mode|Numeric value| -|||| -|AuditMode|= Audit Mode|2| -|Enabled|= Block mode|1| -|Disabled|= Off|0| +|State | Mode| Numeric value | +|:|:|:| +| Disabled | = Off | 0 | +| Enabled | = Block mode | 1 | +| Audit | = Audit mode | 2 | ## Verify configuration |
| security | Defender Endpoint Demonstration Potentially Unwanted Applications | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-potentially-unwanted-applications.md | +- demo + Last updated : 10/21/2022 # Potentially unwanted applications (PUA) demonstration |
| security | Defender Endpoint Demonstration Smartscreen Url Reputation | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-smartscreen-url-reputation.md | +- demo + Last updated : 10/21/2022 # URL reputation demonstrations |
| security | Defender Endpoint Demonstrations | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/defender-endpoint-demonstrations.md | +- demo + Last updated : 10/21/2022 -<! v-jweston resumes authorship and ms.authorship appx April-May 2023 > - # Microsoft Defender for Endpoint - demonstration scenarios The following demonstration scenarios will help you learn about the capabilities of Microsoft Defender for Endpoint on Windows (Mac and Linux are out of scope). Demonstration scenarios are provided for the following Microsoft Defender for Endpoint protection areas: :::image type="content" source="images/microsoft-defender-for-endpoint-cloud-protection.png" alt-text="Shows the areas of Microsoft Defender for Endpoint demonstration scenarios covered in this collection" lightbox="images/microsoft-defender-for-endpoint-cloud-protection.png"::: -- Attack surface protection (ASR)-- Next Generation Protection (NGP)-- Endpoint detection and response (EDR)+- Attack surface protection (**ASR**) +- Next Generation Protection (**NGP**) +- Endpoint detection and response (**EDR**) > [!NOTE] > None of the sample files or _suspicious_ links provided in this collection are actually malicious; all links and demonstration files are harmless. The following table lists the available demonstrations alphabetically, with thei [Test attack surface reduction rules](attack-surface-reduction-rules-deployment-test.md) [Next Generation Protection \(NGP\) overview](next-generation-protection.md) [Endpoint detection and response \(EDR\) overview](overview-endpoint-detection-response.md)+[Microsoft Defender for Endpoint security blog](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/bg-p/MicrosoftDefenderATPBlog) -[Microsoft Defender for Endpoint security blog](https://www.microsoft.com/security/blog/microsoft-defender-for-endpoint/) |
| security | Information Protection Investigation | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/information-protection-investigation.md | Title: Use sensitivity labels to prioritize incident response -description: Learn how to use sensitivity labels to prioritize and investigate incidents -keywords: information, protection, data, loss, prevention,labels, dlp, incident, investigate, investigation + Title: Use Microsoft Defender for Endpoint sensitivity labels to protect your data and prioritize security incident response +description: Learn how to use Defender for Endpoint sensitivity labels to protect, prioritize, and investigate incidents that involve data loos, dlp, security incidents. ms.mktglfcycl: deploy ms.sitesec: library+- ContentEngagementFY23 - tier2 - EngageScoreSep2022 -# Use sensitivity labels to prioritize incident response +# Microsoft Defender for Endpoint sensitivity labels protect and prioritize incident response [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] search.appverid: met150 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink) -A typical advanced persistent threat lifecycle involves data exfiltration. In a security incident, it's important to have the ability to prioritize investigations where sensitive files may be jeopardy so that corporate data and information are protected. +A typical advanced persistent threat lifecycle (or APT) involves some data exfiltration -- the point at which data is *taken* from the organization. In those situations, sensitivity labels can tell security operations where to start by spelling out what data is highest priority to protect. -Defender for Endpoint helps to make the prioritization of security incidents much simpler with the use of sensitivity labels. Sensitivity labels quickly identify incidents that may involve devices with sensitive information such as confidential information. +Defender for Endpoint helps to make prioritization of security incidents simpler with the use of sensitivity labels too. For example, sensitivity labels quickly identify incidents that may involve devices with sensitive information on them (such as confidential information). -## Investigate incidents that involve sensitive data +Here's how to use sensitivity labels in Defender for Endpoint. ++## Investigate incidents that involve sensitive data on devices with Defender for Endpoint Learn how to use data sensitivity labels to prioritize incident investigation. Learn how to use data sensitivity labels to prioritize incident investigation. > [!TIP] > These data points are also exposed through the 'DeviceFileEvents' in advanced hunting, allowing advanced queries and schedule detection to take into account sensitivity labels and file protection status.++## Related information about sensitivity labels ++- [Learn about sensitivity labels in Office 365](../../compliance/sensitivity-labels.md) +- [Learn to apply sensitivity label inside of email or Office](https://support.microsoft.com/office/apply-sensitivity-labels-to-your-files-and-email-in-office-2f96e7cd-d5a4-403b-8bd7-4cc636bae0f9) +- [Learn how to use sensitivity labels as a condition when applying Data Loss Prevention](../../compliance/dlp-sensitivity-label-as-condition.md) |
| security | Live Response | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/live-response.md | Before you can initiate a session on a device, make sure you fulfill the followi You'll need to enable the live response capability in the [Advanced features settings](advanced-features.md) page. > [!NOTE]- > Only users with manage security or global admin roles can edit these settings. + > Only admins and users who have "Manage Portal Settings" permissions can enable live response. > > Automated Investigation must be enabled in the [Advanced features settings](advanced-features.md) prior to enabling live response. - **Enable live response for servers from the advanced settings page** (recommended). > [!NOTE]- > Only users with manage security or global admin roles can edit these settings. + > Only admins and users who have "Manage Portal Settings" permissions can enable live response. - **Ensure that the device has an Automation Remediation level assigned to it**. |
| security | Microsoft Defender Endpoint Linux | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux.md | If you experience any installation failures, refer to [Troubleshooting installat - List of supported kernel versions > [!NOTE]- > Microsoft Defender for Endpoint on RHEL/CentOS - 6.7 to 6.10 is a Kernel based solution. You must verify that the kernel is the supported before updating to the newer kernel version. See the list below for the list of supported kernels. - > Microsoft Defender for Endpoint implementation for all other supported distributions and versions is kernel-version-agnostic. With minimal requirement for the kernel version to be on or above 3.10.0-327. + > Microsoft Defender for Endpoint on Red Hat Enterprise Linux and CentOS - 6.7 to 6.10 is a Kernel based solution. You must verify that the kernel version is supported before updating to a newer kernel version. See the list below for the list of supported kernels. + > Microsoft Defender for Endpoint for all other supported distributions and versions is kernel-version-agnostic. With a minimal requirement for the kernel version to be at or above 3.10.0-327. - The `fanotify` kernel option must be enabled - Red Hat Enterprise Linux 6 and CentOS 6: If you experience any installation failures, refer to [Troubleshooting installat - 2.6.32-754.9.1.el6.x86_64 > [!NOTE]- > After a new package version is released, support for the previous two versions is reduced to technical support only. Versions older than that that are listed in this section are provided for technical upgrade support only. + > After a new package version is released, support for the previous two versions is reduced to technical support only. Versions older than that which are listed in this section are provided for technical upgrade support only. > [!CAUTION] |
| security | Network Protection Linux | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/network-protection-linux.md | ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium audience: ITPro--++ +<!--v-jweston/jweston-1 is to resume authorship appx. April/May 2023.--> # Network protection for Linux A. Check Network Protection has effect on always blocked sites: - [http://www.smartscreentestratings2.net](http://www.smartscreentestratings2.net) - [https://www.smartscreentestratings2.net](https://www.smartscreentestratings2.net)-- [http://malw-090-0-1.phsh-005-0-1.smartscreentestratings.com/](http://malw-090-0-1.phsh-005-0-1.smartscreentestratings.com/) B. Inspect diagnostic logs |
| security | Offboard Machine Api | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/offboard-machine-api.md | Offboard device from Defender for Endpoint. [!include[Machine actions note](../../includes/machineactionsnote.md)] > [!NOTE]-> This API is supported on Windows 11, Windows 10, version 1703 and later, or Windows Server 2019 and later. -> -> This API is not supported on MacOS or Linux devices. +> This API is supported on Windows 11, Windows 10, version 1703 and later; on Windows Server 2019 and later; and on Windows Server 2012 R2 and Windows Server 2016 when using the [new, unified agent for Defender for Endpoint](update-agent-mma-windows.md#upgrade-to-the-new-unified-agent-for-defender-for-endpoint). +> This API is not supported on macOS or Linux devices. ## Permissions |
| security | Streaming Api Storage | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/streaming-api-storage.md | Once the Storage account is created you will need to: 4. In the **Add new Streaming API settings** flyout that appears, configure the following settings: 1. **Name**: Choose a name for your new settings. 2. Select **Forward events to Azure Storage**.- 3. In the **Storage Account Resource ID** box that appears, type your **Storage Account Resource ID**. To get your **Storage Account Resource ID**, open the Azure portal at <https://portal.azure.com>, click **Storage accounts** \> go to the properties tab \> copy the text under **Storage Account Resource ID**. +4. To display the Azure Resource Manager resource ID for a storage account in the Azure portal, follow these steps: - :::image type="content" source="../defender-endpoint/images/storage-account-resource-id.png" alt-text="A Storage Account Resource ID" lightbox="../defender-endpoint/images/storage-account-resource-id.png"::: + 1. Navigate to your storage account in the Azure portal. + 2. On the **Overview** page, in the **Essentials** section, select the **JSON View** link. + 3. The resource ID for the storage account is displayed at the top of the page, copy the text under **Storage Account Resource ID**. 4. Back on the **Add new Streaming API settings** flyout, choose the **Event types** that you want to stream. |
| security | Anti Spoofing Protection | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-spoofing-protection.md | + - ContentEngagementFY23 - TopSMBIssues - seo-marvel-apr2020 |
| security | Threat Explorer Views | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/threat-explorer-views.md | Select an item in the list to view additional details. ## Email > All email -To view this report, in Explorer, choose **View** \> **Email** \> **All mail**. This views shows an all-up view of email activity, including email identified as malicious due to phishing or malware, as well all non-malicious mail (normal email, spam, and bulk mail). +To view this report, in Explorer, choose **View** \> **Email** \> **All mail**. This view shows an all-up view of email activity, including email identified as malicious due to phishing or malware, as well all non-malicious mail (normal email, spam, and bulk mail). > [!NOTE] > If you get an error that reads **Too much data to display**, add a filter and, if necessary, narrow the date range you're viewing. Below the chart, view more details about specific files, such as attachment file ## Click-to-filter capabilities -With Explorer (and real-time detections), you can apply a filter in a click. Click an item in the legend, and that item becomes a filter for the report. For example, suppose we are looking at the Malware view in Explorer: ---Clicking **ATP Detonation** in this chart results in a view like this: +With Explorer (and real-time detections), you can apply a filter in a click. Click an item in the legend, and that item becomes a filter for the report. For example, clicking **ATP Detonation** in this chart results in a view like this: :::image type="content" source="../../media/7241d7dd-27bc-467d-9db8-6e806c49df14.png" alt-text="The Explorer filtered to display only Defender for Office 365 Detonation results" lightbox="../../media/7241d7dd-27bc-467d-9db8-6e806c49df14.png"::: |
| security | Threat Explorer | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/threat-explorer.md | If your organization has [Microsoft Defender for Office 365](defender-for-office ||| ||| -Explorer or Real-time detections helps your security operations team investigate and respond to threats efficiently. The report resembles the following image: ---With this report, you can: +Explorer or Real-time detections helps your security operations team investigate and respond to threats efficiently. With this report, you can: - [See malware detected by Microsoft 365 security features](#see-malware-detected-in-email-by-technology) - [View phishing URL and click verdict data](#view-phishing-url-and-click-verdict-data) We are making this integration more relevant by introducing the alert ID (see an > [!div class="mx-imgBorder"] > :::image type="content" source="../../media/AlertID-Filter.png" alt-text="The Filtering for Alert ID" lightbox="../../media/AlertID-Filter.png"::: -> [!div class="mx-imgBorder"] -> :::image type="content" source="../../media/AlertID-DetailsFlyout.png" alt-text="The Alert ID in details flyout" lightbox="../../media/AlertID-DetailsFlyout.png"::: - ### Extending the Explorer (and Real-time detections) data retention and search limit for trial tenants from 7 to 30 days As part of this change, you will be able to search for, and filter email data across 30 days (an increase from the previous 7 days) in Threat Explorer/Real-time detections for both Defender for Office P1 and P2 trial tenants. |
| security | Threat Hunting In Threat Explorer | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/threat-hunting-in-threat-explorer.md | Defender for Office 365 Plan 1 uses *Real-time detections*, which is a subset of After you go to **Explorer**, by default, you'll arrive on the **Malware** page, but use the **View** drop down to get familiar with your options. If you're hunting Phish, or digging into a threat campaign, choose those views. -> [!div class="mx-imgBorder"] -> :::image type="content" source="../../media/view-drop-down.png" alt-text="The View drop down in Threat Explorer" lightbox="../../media/view-drop-down.png"::: Once a security operations (Sec Ops) person selects the data they want to see, whether the scope is narrow view like user **Submissions**, or a wider view, like **All email**, they can use the **Sender** button to further filter. Remember to select Refresh to complete your filtering actions. -> [!div class="mx-imgBorder"] -> :::image type="content" source="../../media/sender-drop-down.png" alt-text="The Sender button in Threat Explorer" lightbox="../../media/sender-drop-down.png"::: Refining focus in Explorer or Real-time detection can be thought of in layers. The first is **View**. The second can be thought of as a *filtered focus*. For example, you can retrace the steps you took in finding a threat by recording your decisions like this: To find the issue in Explorer, **I chose the Malware View with a Recipient filter focus**. This makes retracing your steps easier. Refining focus in Explorer or Real-time detection can be thought of in layers. T Refinements can be made on date ranges by using the date range controls. Here you can see Explorer in **Malware** view, with a **Detection Technology** filter focus. But it's the **Advanced filter** button that lets Sec Ops teams dig deep. -> [!div class="mx-imgBorder"] -> :::image type="content" source="../../media/advanced-filter.png" alt-text="The Advanced filter in Threat Explorer" lightbox="../../media/advanced-filter.png"::: Clicking the **Advanced filter** pops a panel that will let Sec Ops hunters build queries themselves, letting them include or exclude the information they need to see. Both the chart and table on the Explorer page will reflect their results. -> [!div class="mx-imgBorder"] -> :::image type="content" source="../../media/threat-explorer-chart-table.png" alt-text="The Results from a query" lightbox="../../media/threat-explorer-chart-table.png"::: Use the **Column options** button to get the kind of information on the table that would be most helpful: -> [!div class="mx-imgBorder"] -> :::image type="content" source="../../media/threat-explorer-column-options.png" alt-text="The Column options button highlighted" lightbox="../../media/threat-explorer-column-options.png"::: -> [!div class="mx-imgBorder"] -> :::image type="content" source="../../media/column-options.png" alt-text="The available options in Columns" lightbox="../../media/column-options.png"::: In the same mien, make sure to test your display options. Different audiences will react well to different presentations of the same data. For some viewers, the **Email Origins** map can show that a threat is widespread or discreet more quickly than the **Campaign display** option right next to it. Sec Ops can make use of these displays to best make points that underscore the need for security and protection, or for later comparison, to demonstrate the effectiveness of their actions. -> [!div class="mx-imgBorder"] -> :::image type="content" source="../../media/threat-explorer-email-origin-map.png" alt-text="The Email Origins map" lightbox="../../media/threat-explorer-email-origin-map.png"::: -> [!div class="mx-imgBorder"] -> :::image type="content" source="../../media/threat-explorer-campaign-display.png" alt-text="The Campaign display options" lightbox="../../media/threat-explorer-campaign-display.png"::: ### Email investigation The email entity page pulls together contents that can be found under **Details* When you reach this stage, the email entity page will be critical to the final stepΓÇö*remediation*. -> [!div class="mx-imgBorder"] -> :::image type="content" source="../../media/threat-explorer-email-entity-page.png" alt-text="The email entity page" lightbox="../../media/threat-explorer-email-entity-page.png"::: > [!TIP] > To learn more about the rich email entity page (seen below on the **Analysis** tab), including the results of detonated Attachments, findings for included URLs, and safe Email preview, click [here](mdo-email-entity-page.md). -> [!div class="mx-imgBorder"] -> :::image type="content" source="../../media/threat-explorer-analysis-tab.png" alt-text="The Analysis tab of the email entity page" lightbox="../../media/threat-explorer-analysis-tab.png"::: ### Email remediation Once a Sec Ops person determines that an email is a threat, the next Explorer or Real-time detection step is dealing with the threat and remediating it. This can be done by returning to Threat Explorer, selecting the checkbox for the problem email, and using the **Actions** button. -> [!div class="mx-imgBorder"] -> :::image type="content" source="../../media/threat-explorer-email-actions-button.png" alt-text="The Actions button in the Threat Explorer" lightbox="../../media/threat-explorer-email-actions-button.png"::: Here, the analyst can take actions like reporting the mail as Spam, Phishing, or Malware, contacting recipients, or further investigations that can include triggering Automated Investigation and Response (or AIR) playbooks (if you have Plan 2). Or, the mail can also be reported as clean. -> [!div class="mx-imgBorder"] -> :::image type="content" source="../../media/threat-explorer-email-actions-drop-down.png" alt-text="The Actions drop down" lightbox="../../media/threat-explorer-email-actions-drop-down.png"::: ## Improvements to threat hunting experience When navigating from an alert into Threat Explorer, the **View** will be filtere Finally, alert ID is included in the URL, for example: `https://https://security.microsoft.com/viewalerts` -> [!div class="mx-imgBorder"] -> :::image type="content" source="../../media/AlertID-Filter.png" alt-text="The Filter for Alert ID" lightbox="../../media/AlertID-Filter.png"::: --> [!div class="mx-imgBorder"] -> :::image type="content" source="../../media/AlertID-DetailsFlyout.png" alt-text="The Alert ID in details flyout" lightbox="../../media/AlertID-DetailsFlyout.png"::: ### Extending Explorer (and Real-time detections) data retention and search limit for trial tenants In Threat Explorer, you can see information about user tags in the following exp When analysts look at the **Tags** column the email grid, they are seeing all tags that have been applied to sender or recipient mailboxes. By default, system tags like *priority accounts* are shown first. -> [!div class="mx-imgBorder"] -> :::image type="content" source="../../media/tags-grid.png" alt-text="The Filter tags in email grid view" lightbox="../../media/tags-grid.png"::: #### Filtering Tags can be used as filters. Hunt among priority accounts only, or use specific user tags scenarios this way. You can also exclude results that have certain tags. Combine Tags with other filters and date ranges to narrow your scope of investigation. -[](../../media/tags-filter-normal.png#lightbox) -> [!div class="mx-imgBorder"] -> :::image type="content" source="../../media/tags-filter-not.png" alt-text="The tags that have not been filtered" lightbox="../../media/tags-filter-not.png"::: #### Email detail flyout To view the individual tags for sender and recipient, select an email to open the message details flyout. On the **Summary** tab, the sender and recipient tags are shown separately. The information about individual tags for sender and recipient can be exported as CSV data. -> [!div class="mx-imgBorder"] -> :::image type="content" source="../../media/tags-flyout.png" alt-text="The Email Details tags" lightbox="../../media/tags-flyout.png"::: Tags information is also shown in the URL clicks flyout. To see it, go to Phish or All Email view > **URLs** or **URL Clicks** tab. Select an individual URL flyout to see additional details about clicks for that URL, including any Tags associated with that click. ### Updated Timeline View -> [!div class="mx-imgBorder"] -> :::image type="content" source="../../media/tags-urls.png" alt-text="The URL tags" lightbox="../../media/tags-urls.png"::: -> + Learn more by watching [this video](https://www.youtube.com/watch?v=UoVzN0lYbfY&list=PL3ZTgFEc7LystRja2GnDeUFqk44k7-KXf&index=4). ## Extended capabilities Top Malware Families shows the **top targeted users** in the Malware section. To Security operations people be able to export the list of targeted users, up to a limit of 3,000, along with the number of attempts made, for offline analysis for each email view. Also, selecting the number of attempts (for example, 13 attempts in the image below) will open a filtered view in Threat Explorer, so you can see more details across emails, and threats for that user. -> [!div class="mx-imgBorder"] -> :::image type="content" source="../../media/Top_Targeted_Users.png" alt-text="The users targeted the most" lightbox="../../media/Top_Targeted_Users.png"::: ### Exchange transport rules Names and GUIDs of the transport rules applied to the message appear. Analysts w > > Within the email grid, Details flyout, and Exported CSV, the ETRs are presented with a Name/GUID as shown below. >-> > [!div class="mx-imgBorder"] -> > :::image type="content" source="../../media/ETR_Details.png" alt-text="The rules in Exchange Transport" lightbox="../../media/ETR_Details.png"::: +> :::image type="content" source="../../media/ETR_Details.png" alt-text="The rules in Exchange Transport" lightbox="../../media/ETR_Details.png"::: ### Inbound connectors Connectors are a collection of instructions that customize how your email flows The search for connectors is a CONTAINS query, which means partial keyword searches can work: -> [!div class="mx-imgBorder"] -> :::image type="content" source="../../media/Connector_Details.png" alt-text="The Connector details" lightbox="../../media/Connector_Details.png"::: ## Required licenses and permissions |
| security | Threat Trackers | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/threat-trackers.md | |