Docs update tracker

Updates from: 10/06/2022 02:42:55

Category	Microsoft Docs article	Related commit history on GitHub	Change details
admin	Servicenow Overview	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/servicenow-overview.md	These are the key features you'll get with the Microsoft 365 support integration - Service Health Incidents: Information about known Microsoft service health incidents, including user impact, scope, current status, and next expected update. Using machine learning, ServiceNow incidents are matched to Microsoft service health incidents based on the short description field. - :::image type="content" source="../../media/ServiceNow-guide/servicenow-overview-description-field-1.png" lightbox="../../media/ServiceNow-guide/servicenow-overview-description-field-1.png" alt-text="Service Health Incidents description field."::: + :::image type="content" source="../../media/ServiceNow-guide/servicenow_service_health_incidents.png" lightbox="../../media/ServiceNow-guide/servicenow_service_health_incidents.png" alt-text="Service Health Incidents description field."::: - Recommended solutions: Descriptions of tasks and incidents are used to recommend precise targeted solutions and relevant articles from Microsoft powered by machine learning. You can also use Search to find other solutions, if needed. - :::image type="content" source="../../media/ServiceNow-guide/servicenow-overview-description-field-2.png" lightbox="../../media/ServiceNow-guide/servicenow-overview-description-field-2.png" alt-text="Recommended solutions description field."::: + :::image type="content" source="../../media/ServiceNow-guide/servicenow_recommended_articles.png" lightbox="../../media/ServiceNow-guide/servicenow_recommended_articles.png" alt-text="Recommended solutions description field."::: - Microsoft service request: Escalate issues to Microsoft support agents and receive status updates for your case.
business-premium	M365bp Increase Protection	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-increase-protection.md	audience: Admin Previously updated : 09/15/2022 Last updated : 10/05/2022 ms.localizationpriority: high - M365-Campaigns To assign preset security policies, follow these steps: 2. Go to Email & Collaboration \> Policies & Rules \> Threat policies \> Preset Security Policies in the Templated policies section. (To go directly to the Preset security policies page, use <https://security.microsoft.com/presetSecurityPolicies>.) -3. On the Preset security policies page, in either the Standard protection or Strict protection section, change the toggle from Disabled to Enabled, and then select Manage. +3. On the Preset security policies page, in either the Standard protection or Strict protection section, select Manage Protection Settings. 4. The Apply Standard protection or Apply Strict protection wizard starts in a flyout. On the EOP protections apply to page, identify the internal recipients that the policies apply to (recipient conditions): - Users
compliance	Autoexpanding Archiving	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/autoexpanding-archiving.md	Here's a quick overview of the process. ## What gets moved to the additional archive storage space? -To make efficient use of auto-expanding archive storage, folders may get moved. Microsoft Purview determines which folders get moved when additional storage is added to the archive. Sometimes when a folder is moved, one or more subfolders are automatically created and items from the original folder are distributed to these folders to facilitate the moving process. When viewing the archive portion of the folder list in Outlook, these subfolders are displayed under the original folder. The naming convention that Microsoft 365 uses to name these subfolders is \<folder name\>_yyyy (Created on mmm dd, yyyy h_mm), where: +To make efficient use of auto-expanding archive storage, folders may get moved. Microsoft Purview determines which folders get moved when additional storage is added to the archive. Sometimes when a folder is moved, one or more subfolders are automatically created and items from the original folder are distributed to these folders to facilitate the moving process. You might need to communicate this behavior to end users after enabling their mailbox for auto-expanding archives, to help set expectations. + +When viewing the archive portion of the folder list in Outlook, these subfolders are displayed under the original folder. The naming convention that Microsoft 365 uses to name these subfolders is \<folder name\>_yyyy (Created on mmm dd, yyyy h_mm), where: - yyyy is the year the messages in the folder were received. To access messages that are stored in an auto-expanded archive, users have to us - Outlook 2016 or Outlook 2019 for Mac -Here are some things to consider when using Outlook or Outlook on the web to access messages stored in an auto-expanded archive. +Here are some things to consider before you enable a mailbox for auto-expanding archives: + +- Users can access any folder in their archive mailbox, including ones that were moved to the auto-expanded storage area. -- You can access any folder in your archive mailbox, including ones that were moved to the auto-expanded storage area. +- If an archive mailbox has at least one auto-expanded storage area, users can't delete a folder from the archive mailbox or from the auxiliary archive. In other words, after an auto-expanded storage area has been provisioned, they can't delete any folders in the archive. -- If an archive mailbox has at least one auto-expanded storage area, you can't delete a folder from the archive mailbox or from the auxiliary archive. In other words, after an auto-expanded storage area has been provisioned, you can't delete any folders in the archive. +- Users can delete items in an auto-expanded storage area. However, they can't use the [Recover Deleted Items feature](https://support.microsoft.com/office/recover-deleted-items-in-outlook-for-windows-49e81f3c-c8f4-4426-a0b9-c0fd751d48ce) to recover an item after auto-expanding archiving is enabled for their mailbox. -- You can delete items in an auto-expanded storage area. However, you can't use the Recover Deleted Items feature to recover an item after auto-expanding archiving is enabled for a mailbox. +- Search for auto-expanded archiving is available in Outlook for the web (OWA). Similar to Online Archive, users can search for items that were moved to an additional storage area. When archive is selected as the search scope in OWA, all archives (including auto-expanded archives) and their corresponding subfolders will be searched. -- Search for auto-expanded archiving is available in Outlook for the web (OWA). Similar to Online Archive, you can search for items that were moved to an additional storage area. When archive is selected as the search scope in OWA, all archives (including auto-expanded archives) and their corresponding subfolders will be searched. +- Auto-expanded archive search is available when you use Outlook for Windows from the Monthly Enterprise Channel, build 16.0.13519+. With this update the Current Mailbox scope is available, so users can search the auto-expanded archive. However, search isn't recursive for nested subfolders within each archive folder. -- Auto-expanded archive search is available in Outlook for Windows in Monthly Enterprise Channel. With this update the Current Mailbox scope is available, thus allowing you to search the auto-expanded archive. Note that search is not supported for the auto-expanded archive feature in a cloud-only archive situation (primary mailbox still on-premises). For more information about this and other Microsoft Search support features, see [How Outlook for Windows connected to Exchange Online utilizes Microsoft Search](https://techcommunity.microsoft.com/t5/outlook-global-customer-service/how-outlook-for-windows-connected-to-exchange-online-utilizes/ba-p/1715045). +- Search is not supported for the auto-expanded archive feature in a cloud-only archive situation (primary mailbox still on-premises). For more information about this and other Microsoft Search support features, see [How Outlook for Windows connected to Exchange Online utilizes Microsoft Search](https://techcommunity.microsoft.com/t5/outlook-global-customer-service/how-outlook-for-windows-connected-to-exchange-online-utilizes/ba-p/1715045). - Item counts in Outlook and Read/Unread counts (in Outlook and Outlook on the web) in an auto-expanded archive might not be accurate.
compliance	Create Retention Policies	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-retention-policies.md	When you've more than one retention policy, and when you also use retention labe - If you chose Static: On the Choose locations to apply the policy page, select one or more locations for Teams: - Teams channel message: Messages from standard and shared channel chats, and standard and shared channel meetings, but not from [private channels](/microsoftteams/private-channels) that have their own policy location. - - Teams chats: Messages from private 1:1 chats, group chats, and meeting chats. + - Teams chats: Messages from private 1:1 chats, group chats, meeting chats, and chat with yourself. - Teams private channel messages: Messages from private channel chats and private channel meetings. If you select this option, you can't select the other Teams locations in the same retention policy. By default, [all teams and all users are selected](retention-settings.md#a-policy-that-applies-to-entire-locations), but you can refine this by selecting the [Choose and Exclude options](retention-settings.md#a-policy-with-specific-inclusions-or-exclusions).
compliance	Enable Autoexpanding Archiving	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/enable-autoexpanding-archiving.md	Keep the following things in mind after you enable auto-expanding archiving: > [!IMPORTANT] > Auto-expanding archiving is supported only for mailboxes used by individual users or for shared mailboxes with a growth rate that doesn't exceed 1 GB per day. Using journaling, transport rules, or auto-forwarding rules to copy messages to an archive mailbox for the purposes of archiving is not permitted. A user's archive mailbox is intended for just that user. Microsoft reserves the right to deny additional archiving in instances where a user's archive mailbox is used to store archive data for other users or in other cases of inappropriate use.+ +## Next steps + +Make sure you prepare end users for the changes they can expect after enabling their mailbox for auto-expanding archives.
compliance	Enable Mailbox Auditing	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/enable-mailbox-auditing.md	Here are some benefits of mailbox auditing on by default: > [!NOTE] > > - The important thing to remember about the release of mailbox auditing on by default is: you don't need to do anything to manage mailbox auditing. However, to learn more, customize mailbox auditing from the default settings, or turn it off altogether, this article can help you. -> - By default, only mailbox audit events for E5 users are available in audit log searches in the Microsoft Purview compliance portal or via the Office 365 Management Activity API. For more information, see the [More information](#more-information) section in this article. +> - By default, only mailbox audit events for users with licenses that include [Microsoft Purview Audit (Premium)](advanced-audit.md) are available in audit log searches in the Microsoft Purview compliance portal or via the Office 365 Management Activity API. These licenses are described [here](auditing-solutions-overview.md#audit-premium-1). For brevity, this article will collectively refer to licenses that include Audit (Premium) as E5/A5/G5 licenses. [!INCLUDE [purview-preview](../includes/purview-preview.md)] The value True indicates that mailbox audit logging is bypassed for the user ## More information -- Although mailbox audit logging on by default is enabled for all organizations, only users with E5 licenses will return mailbox audit log events in [audit log searches in the Microsoft Purview compliance portal](search-the-audit-log-in-security-and-compliance.md) or via the [Office 365 Management Activity API](/office/office-365-management-api/office-365-management-activity-api-reference) by default. +- As previously mentioned, although mailbox audit logging on by default is enabled for all organizations, only users with [licenses that include Audit (Premium)](auditing-solutions-overview.md#audit-premium-1) (collectively referred to in this article as E5/A5/G5 licenses) will return mailbox audit log events in [audit log searches in the Microsoft Purview compliance portal](search-the-audit-log-in-security-and-compliance.md) or via the [Office 365 Management Activity API](/office/office-365-management-api/office-365-management-activity-api-reference) by default. To retrieve mailbox audit log entries for users without E5/A5/G5 licenses, you can use any of the following workarounds:
compliance	Retention Policies Teams	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-policies-teams.md	For other workloads, see: > [!NOTE] > Retention policies support [shared channels](/MicrosoftTeams/shared-channels). Any shared channels inherit retention settings from the parent channel. +> +> Retention policies also support messages posted with the [chat with yourself](https://support.microsoft.com/office/start-a-chat-in-teams-0c71b32b-c050-4930-a887-5afbe742b3d8#bkmk_chatwithself) feature. Teams chats messages, channel messages, and private channel messages can be deleted by using retention policies for Teams, and in addition to the text in the messages, the following items can be retained for compliance reasons: Video clips, embedded images, tables, hypertext links, links to other Teams messages and files, and [card content](/microsoftteams/platform/task-modules-and-cards/what-are-cards). Chat messages and private channel messages include all the names of the people in the conversation, and channel messages include the team name and the message title (if supplied).
compliance	Retention Policies Yammer	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-policies-yammer.md	Yammer user messages and community messages can be deleted by using retention po > [!NOTE] > As explained in the following section, user messages include private messages for an individual user, and any community messages associated with that user. +> +> User messages also include [storyline posts](https://support.microsoft.com/office/overview-of-storyline-for-yammer-and-viva-engage-530e4e66-9f1c-4be1-b371-08ea40dc4b69), which are supported by retention policies. User messages include all the names of the people in the conversation, and community messages include the community name and the message title (if supplied).
compliance	Sit Defn Amazon S3 Client Secret Access Key	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-amazon-s3-client-secret-access-key.md	A combination of 40 characters consisting of: for example: -`abcdefghijklmnopqrst0123456789/+ABCDEFGH` +`AWS Secret: abcdefghijklmnopqrst0123456789/+ABCDEFGH;` ## Checksum
compliance	Sit Defn Asp Net Machine Key	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-asp-net-machine-key.md	It uses several primary resources: - Patterns of Symmetric key context in xml files. - Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName. -The patterns are designed to match actual credentials with reasonable confidence. The patterns do not match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched. +The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched. ## Keywords
compliance	Sit Defn Azure Ad Client Access Token	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-ad-client-access-token.md	for example: or -Variant client secret or refresh token formats e.g. <br> +Variant client secret or refresh token formats for example. <br> `ClientSecret:******` <br> `AppSecret=****` <br> `ConsumerKey:=******` <br> It uses several primary resources: - Patterns of mockup values, redactions, and placeholders - A dictionary of vocabulary -The patterns are designed to match actual credentials with reasonable confidence. The patterns do not match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched. +The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched.
compliance	Sit Defn Azure Batch Shared Access Key	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-batch-shared-access-key.md	This SIT is designed to match the security information that's used to access [Az It uses several primary resources: - Patterns of Base64 encoded 256-bits symmetric key.-- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, Id. +- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, ID. - Patterns of mockup values, redactions, and placeholders. - A dictionary of vocabulary.
compliance	Sit Defn Azure Bot Service App Secret	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-bot-service-app-secret.md	It uses several primary resources: - Patterns of mockup values, redactions, and placeholders. - A dictionary of vocabulary. -The patterns are designed to match actual credentials with reasonable confidence. The patterns do not match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched. +The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched. ## Keywords
compliance	Sit Defn Azure Cosmos Db Account Access Key	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-cosmos-db-account-access-key.md	This SIT is designed to match the security information that's used to provide ac It uses several primary resources: - Patterns of Base64 encoded 512-bits symmetric key.-- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, Id, AccountName. +- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, ID, AccountName. - Patterns of mockup values, redactions, and placeholders. - A dictionary of vocabulary.
compliance	Sit Defn Azure Eventgrid Access Key	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-eventgrid-access-key.md	description: "Azure EventGrid access key sensitive information type entity defin ## Format -A combination of 43 characters consisting of letters, digits, and special characters ending in an equals sign (=) that is not part of the pattern. +A combination of 43 characters consisting of letters, digits, and special characters ending in an equals sign (=) that isn't part of the pattern. ## Pattern This SIT is designed to match the security information that's used to authentica It uses several primary resources: -- Patterns of Base64 encoded 256 bits symmetric key.-- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, Id. +- Patterns of Base64 encoded 256-bits symmetric key. +- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, ID. - Patterns of mockup values, redactions, and placeholders. - A dictionary of vocabulary. -The patterns are designed to match actual credentials with reasonable confidence. The patterns do not match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched. +The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched. ## Keywords
compliance	Sit Defn Azure Function Master Api Key	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-function-master-api-key.md	This SIT is designed to match the security information that's used to request [A It uses several primary resources: -- Patterns of Base64 encoded 320 bits symmetric key.-- Patterns of URL Encoded 320 bits symmetric key. +- Patterns of Base64 encoded 320-bits symmetric key. +- Patterns of URL Encoded 320-bits symmetric key. - Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName. - Patterns of mockup values, redactions, and placeholders. - A dictionary of vocabulary. -The patterns are designed to match actual credentials with reasonable confidence. The patterns do not match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched. +The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched. ## Keywords
compliance	Sit Defn Azure Iot Shared Access Key	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-iot-shared-access-key.md	This SIT is designed to match the security information that's used to authentica It uses several primary resources: - Patterns of Base64 encoded 256-bits symmetric key.-- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, Id. +- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, ID. - Patterns of mockup values, redactions, and placeholders. - A dictionary of vocabulary.
compliance	Sit Defn Azure Machine Learning Web Service Api Key	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-machine-learning-web-service-api-key.md	This SIT is designed to match the security information that's used to connect to It uses several primary resources: - Patterns of Base64 encoded 512-bits symmetric key.-- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, Id, AccountName. +- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, ID, AccountName. - Patterns of mockup values, redactions, and placeholders. - A dictionary of vocabulary. -The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched. +The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched. ## Keywords
compliance	Sit Defn Azure Maps Subscription Key	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-maps-subscription-key.md	It uses several primary resources: - Patterns of mockup values, redactions, and placeholders. - A dictionary of vocabulary. -The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched. +The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched. ## Keywords
compliance	Sit Defn Azure Redis Cache Connection String Password	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-redis-cache-connection-string-password.md	It uses several primary resources: - Patterns of Base64 encoded string literal. - Patterns of Base64 encoded 256-bits symmetric key.-- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, Id. +- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, ID. - Patterns of mockup values, redactions, and placeholders. - A dictionary of vocabulary. -The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched. +The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched. ## Keywords
compliance	Sit Defn Azure Service Bus Shared Access Signature	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-service-bus-shared-access-signature.md	description: "Azure service bus shared access signature sensitive information ty ## Format -A combination of 44-characters consisting of letters, digits, and special characters ending with an equals sign (=) that is not part of the pattern. +A combination of 44-characters consisting of letters, digits, and special characters ending with an equals sign (=) that isn't part of the pattern. or -A combination of up to 76-characters consisting of letters, digits, and special characters ending with an equals sign (=) that is not part of the pattern. +A combination of up to 76-characters consisting of letters, digits, and special characters ending with an equals sign (=) that isn't part of the pattern. ## Pattern Any combination of 43 characters consisting of: - 0-9 - forward slashes (/) - or plus signs (+)-- ends with an equal sign (=) that is not part of the pattern +- ends with an equal sign (=) that isn't part of the pattern for example: This SIT is designed to match the security information thatΓÇÖs used to grant a It uses several primary resources: -- Patterns of Base64 encoded 256 bits symmetric key.-- Patterns of URL Encoded 256 bits symmetric key.-- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, Id. +- Patterns of Base64 encoded 256-bits symmetric key. +- Patterns of URL Encoded 256-bits symmetric key. +- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, ID. - Patterns of mockup values, redactions, and placeholders. - A dictionary of vocabulary. -The patterns are designed to match actual credentials with reasonable confidence. The patterns do not match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched. +The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched. ## Keywords
compliance	Sit Defn Azure Shared Access Key Web Hook Token	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-shared-access-key-web-hook-token.md	or A combination of 43 to 73 characters consisting of: -- a-z (case insensitive ) +- a-z (case insensitive) - 0-9 - percent signs (%) - ends with a suffix '%3d' (case insensitive) This SIT is designed to match the security information that's used to access gen It uses several primary resources: -- Patterns of Base64 encoded 256 bits symmetric key.-- Patterns of URL Encoded 256 bits symmetric key.-- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, Id. +- Patterns of Base64 encoded 256-bits symmetric key. +- Patterns of URL Encoded 256-bits symmetric key. +- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, ID. - Patterns of mockup values, redactions, and placeholders. - A dictionary of vocabulary -The patterns are designed to match actual credentials with reasonable confidence. The patterns do not match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched. +The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched. ## Keywords
compliance	Sit Defn Azure Signalr Access Key	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-signalr-access-key.md	This SIT is designed to match the security information that's used to authentica It uses several primary resources: -- Patterns of Base64 encoded 256 bits symmetric key. +- Patterns of Base64 encoded 256-bits symmetric key. - Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, Id. - Patterns of mockup values, redactions, and placeholders. - A dictionary of vocabulary.
compliance	Sit Defn Azure Storage Account Access Key	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-storage-account-access-key.md	This SIT is designed to match the security information that's used to make reque It uses several primary resources: - Patterns of Base64 encoded string literal.-- Patterns of Base64 encoded 512 bits symmetric key. +- Patterns of Base64 encoded 512-bits symmetric key. - Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, Id, AccountName. - Patterns of mockup values, redactions, and placeholders. - A dictionary of vocabulary.
compliance	Sit Defn Azure Storage Account Shared Access Signature High Risk Resources	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-storage-account-shared-access-signature-high-risk-resources.md	This SIT is designed to match the security information that's used to grant rest It uses several primary resources: -- Patterns of Base64 encoded 256 bits symmetric key. +- Patterns of Base64 encoded 256-bits symmetric key. - Patterns of URL Encoded 256 bits symmetric key. - Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, Id. - Patterns of mockup values, redactions, and placeholders.
compliance	Sit Defn Azure Storage Account Shared Access Signature	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-storage-account-shared-access-signature.md	This SIT is designed to match the security information that's used to grant rest It uses several primary resources: -- Patterns of Base64 encoded 256 bits symmetric key.-- Patterns of URL Encoded 256 bits symmetric key.-- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, Id. +- Patterns of Base64 encoded 256-bits symmetric key. +- Patterns of URL Encoded 256-bits symmetric key. +- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, ID. - Patterns of mockup values, redactions, and placeholders. - A dictionary of vocabulary.
compliance	Sit Defn Credit Card Number	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-credit-card-number.md	description: "Credit card number sensitive information type entity definition." ## Pattern -Detects cards from all major brands worldwide, including Visa, MasterCard, Discover Card, JCB, American Express, gift cards, diner's cards, Rupay and China UnionPay. +Detects cards from all major brands, including Visa, MasterCard, Discover Card, JCB, American Express, gift cards, diner's cards, Rupay and China UnionPay. ## Checksum
compliance	Sit Defn General Password	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-general-password.md	for example: or -Various command line sign in credentials formats, for example: +Various command line sign-in credentials formats, for example: `-u username:********` Yes ## Description -This SIT is designed to match the security information that's like usernames and passwords used in general sign in process [user login process](/azure/key-vault/quick-create-portal). It uses several primary resources: +This SIT is designed to match the security information that's like usernames and passwords used in general sign-in process [user login process](/azure/key-vault/quick-create-portal). It uses several primary resources: - Patterns of Base64 encoded string literal. - Patterns of Password context in command line.
compliance	Sit Defn General Symmetric Key	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-general-symmetric-key.md	This SIT is designed to match the security information that's used in [general a It uses several primary resources: -- Patterns of Base64 encoded 256 bits symmetric key.-- Patterns of Base64 encoded 512 bits symmetric key. +- Patterns of Base64 encoded 256-bits symmetric key. +- Patterns of Base64 encoded 512-bits symmetric key. - Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, Id, AccountName. - Patterns of mockup values, redactions, and placeholders. - A dictionary of vocabulary.
compliance	Sit Defn X 509 Certificate Private Key	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-x-509-certificate-private-key.md	for example: or -5 dashes (-) +five dashes (-) And a combination of up to 30 characters:
enterprise	Additional Office365 Ip Addresses And Urls	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/additional-office365-ip-addresses-and-urls.md	Apart from DNS, these instances are all optional for most customers unless you n \|20\|[Azure AD Connect](/azure/active-directory/hybrid/) with 21 ViaNet in China to sync on-premises user accounts to Azure AD.\|\.digicert.com:80 <BR> \.entrust.net:80 <BR> \.chinacloudapi.cn:443 <br> secure.aadcdn.partner.microsoftonline-p.cn:443 <br> \.partner.microsoftonline.cn:443 <p> Also see [Troubleshoot ingress with Azure AD connectivity issues](https://docs.azure.cn/zh-cn/active-directory/hybrid/tshoot-connect-connectivity).\|Outbound server-only traffic\| \|21\|Microsoft Stream (needs the Azure AD user token). <br> Office 365 Worldwide (including GCC)\|\.cloudapp.net <br> \.api.microsoftstream.com <br> \.notification.api.microsoftstream.com <br> amp.azure.net <br> api.microsoftstream.com <br> az416426.vo.msecnd.net <br> s0.assets-yammer.com <br> vortex.data.microsoft.com <br> web.microsoftstream.com <br> TCP port 443\|Inbound server traffic\| \|22\|Use MFA server* for multi-factor authentication requests, both new installations of the server and setting it up with Active Directory Domain Services (AD DS).\|See [Getting started with the Azure AD multi-factor authentication Server](/azure/active-directory/authentication/howto-mfaserver-deploy#plan-your-deployment).\|Outbound server-only traffic\| -\|23\|Microsoft Graph Change Notifications <p> Developers can use [change notifications](/graph/webhooks?context=graph%2fapi%2f1.0&view=graph-rest-1.0&preserve-view=true) to subscribe to events in the Microsoft Graph.\|Public Cloud: 52.159.23.209, 52.159.17.84, 52.147.213.251, 52.147.213.181, 13.85.192.59, 13.85.192.123, 20.9.36.45, 20.9.35.166, 20.96.21.67, 20.69.245.215, 137.135.11.161, 137.135.11.116, 52.159.107.50, 52.159.107.4, 52.229.38.131, 52.183.67.212, 52.142.114.29, 52.142.115.31, 51.124.75.43, 51.124.73.177, 20.44.210.83, 20.44.210.146, 40.80.232.177, 40.80.232.118, 20.48.12.75, 20.48.11.201, 104.215.13.23, 104.215.6.169, 52.148.24.136, 52.148.27.39, 40.76.162.99, 40.76.162.42, 40.74.203.28, 40.74.203.27, 13.86.37.15, 52.154.246.238, 20.96.21.98, 20.96.21.115, 137.135.11.222, 137.135.11.250, 52.159.109.205, 52.159.102.72, 52.151.30.78, 52.191.173.85, 51.104.159.213, 51.104.159.181, 51.138.90.7, 51.138.90.52, 52.148.115.48, 52.148.114.238, 40.80.233.14, 40.80.239.196, 20.48.14.35, 20.48.15.147, 104.215.18.55, 104.215.12.254, 20.199.102.157, 20.199.102.73, 13.87.81.123, 13.87.81.35, 20.111.9.46, 20.111.9.77, 13.87.81.133, 13.87.81.141 <p> Microsoft Cloud for US Government: 52.244.33.45, 52.244.35.174, 52.243.157.104, 52.243.157.105, 52.182.25.254, 52.182.25.110, 52.181.25.67, 52.181.25.66, 52.244.111.156, 52.244.111.170, 52.243.147.249, 52.243.148.19, 52.182.32.51, 52.182.32.143, 52.181.24.199, 52.181.24.220 <p> Microsoft Cloud China operated by 21Vianet: 42.159.72.35, 42.159.72.47, 42.159.180.55, 42.159.180.56, 40.125.138.23, 40.125.136.69, 40.72.155.199, 40.72.155.216 <br> TCP port 443 <p> Note: Developers can specify different ports when creating the subscriptions.\|Inbound server traffic\| +\|23\|Microsoft Graph Change Notifications <p> Developers can use [change notifications](/graph/webhooks?context=graph%2fapi%2f1.0&view=graph-rest-1.0&preserve-view=true) to subscribe to events in the Microsoft Graph.\|Public Cloud: 52.159.23.209, 52.159.17.84, 52.147.213.251, 52.147.213.181, 13.85.192.59, 13.85.192.123, 20.9.36.45, 20.9.35.166, 20.96.21.67, 20.69.245.215, 137.135.11.161, 137.135.11.116, 52.159.107.50, 52.159.107.4, 52.229.38.131, 52.183.67.212, 52.142.114.29, 52.142.115.31, 51.124.75.43, 51.124.73.177, 20.44.210.83, 20.44.210.146, 40.80.232.177, 40.80.232.118, 20.48.12.75, 20.48.11.201, 104.215.13.23, 104.215.6.169, 52.148.24.136, 52.148.27.39, 40.76.162.99, 40.76.162.42, 40.74.203.28, 40.74.203.27, 20.9.37.73, 20.9.37.76, 20.96.21.98, 20.96.21.115, 137.135.11.222, 137.135.11.250, 52.159.109.205, 52.159.102.72, 52.151.30.78, 52.191.173.85, 51.104.159.213, 51.104.159.181, 51.138.90.7, 51.138.90.52, 52.148.115.48, 52.148.114.238, 40.80.233.14, 40.80.239.196, 20.48.14.35, 20.48.15.147, 104.215.18.55, 104.215.12.254, 20.199.102.157, 20.199.102.73, 13.87.81.123, 13.87.81.35, 20.111.9.46, 20.111.9.77, 13.87.81.133, 13.87.81.141 <p> Microsoft Cloud for US Government: 52.244.33.45, 52.244.35.174, 52.243.157.104, 52.243.157.105, 52.182.25.254, 52.182.25.110, 52.181.25.67, 52.181.25.66, 52.244.111.156, 52.244.111.170, 52.243.147.249, 52.243.148.19, 52.182.32.51, 52.182.32.143, 52.181.24.199, 52.181.24.220 <p> Microsoft Cloud China operated by 21Vianet: 42.159.72.35, 42.159.72.47, 42.159.180.55, 42.159.180.56, 40.125.138.23, 40.125.136.69, 40.72.155.199, 40.72.155.216 <br> TCP port 443 <p> Note: Developers can specify different ports when creating the subscriptions.\|Inbound server traffic\| \|24\|Network Connection Status Indicator<p>Used by Windows 10 and 11 to determine if the computer is connected to the internet (does not apply to non-Windows clients). When this URL cannot be reached, Windows will assume it is not connected to the Internet and M365 Apps for Enterprise will not try to verify activation status, causing connections to Exchange and other services to fail.\|www.msftconnecttest.com <br> 13.107.4.52<p>Also see [Manage connection endpoints for Windows 11 Enterprise](/windows/privacy/manage-windows-11-endpoints) and [Manage connection endpoints for Windows 10 Enterprise, version 21H2](/windows/privacy/manage-windows-21h2-endpoints).\|Outbound server-only traffic\| \|25\|Teams Notifications on Mobile Devices<p>Used by Android and Apple mobile devices to receive push notifications to the Teams client for incoming calls and other Teams services. When these ports are blocked, all push notifications to mobile devices will fail.\|For specific ports, see [FCM ports and your firewall in the Google Firebase documentation](https://firebase.google.com/docs/cloud-messaging/concept-options#messaging-ports-and-your-firewall) and [If your Apple devices aren't getting Apple push notifications](https://support.apple.com/en-us/HT203609).\|Outbound server-only traffic\|
enterprise	Assign Licenses To User Accounts With Microsoft 365 Powershell	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/assign-licenses-to-user-accounts-with-microsoft-365-powershell.md	Title: Assign Microsoft 365 licenses to user accounts with PowerShell Previously updated : 09/23/2020 Last updated : 09/19/2022 audience: Admin Set-MgUserLicense -UserId "belinda@litwareinc.onmicrosoft.com" -AddLicenses $add This example assigns jamesp\@litwareinc.com with the same licensing plan that has been applied to belindan\@litwareinc.com: ```powershell -$mgUser = Get-MgUser -UserId "belindan@litwareinc.com" +$mgUser = Get-MgUser -UserId "belindan@litwareinc.com" -Property AssignedLicenses Set-MgUserLicense -UserId "jamesp@litwareinc.com" -AddLicenses $mgUser.AssignedLicenses -RemoveLicenses @() ```
enterprise	Configure Exchange Server For Hybrid Modern Authentication	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/configure-exchange-server-for-hybrid-modern-authentication.md	Requirements about linked mailboxes to be inserted. Since many prerequisites are common for both Skype for Business and Exchange, review [Hybrid Modern Authentication overview and prerequisites for using it with on-premises Skype for Business and Exchange servers](hybrid-modern-auth-overview.md). Do this before you begin any of the steps in this article. > [!NOTE] -> Outlook Web App and Exchange Control Panel does not work with hybrid Modern Authentication. +> Outlook Web App and Exchange Control Panel do not work with hybrid Modern Authentication. In addition, publishing Outlook Web App and Exchange Control Panel through Azure AD Application Proxy is unsupported. ## Add on-premises web service URLs as SPNs in Azure AD
enterprise	Connect To Microsoft 365 Powershell	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/connect-to-microsoft-365-powershell.md	For procedures that require the new cmdlets in the Azure Active Directory PowerS These steps are required only one time on your computer. But you'll likely need to update the software periodically. -1. Open an elevated Windows PowerShell Command Prompt window (run Windows PowerShell as an administrator). +1. Open a Windows PowerShell Command Prompt window. 2. Run this command:
enterprise	Cross Tenant Mailbox Migration	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/cross-tenant-mailbox-migration.md	To obtain the tenant ID of a subscription, sign in to the [Microsoft 365 admin c 2. Accept the application when the pop-up appears. You can also log into your Azure Active Directory portal and find the application under Enterprise applications. -3. Create a new organization relationship or edit your existing organization relationship object to your target (destination) tenant in Exchange Online PowerShell: +3. [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell) on the source Exchange Online tenant. +4. Create a new organization relationship or edit your existing organization relationship object to your target (destination) tenant in Exchange Online PowerShell: ```powershell $targetTenantId="[tenant id of your trusted partner, where the mailboxes are being moved to]" T2Tbatch Syncing ExchangeRemoteMove 1 ``` > [!NOTE] -> The email address in the CSV file must be the one specified in the target tenant, not the source tenant. +> The email address in the CSV file must be the one specified in the target tenant (for example, userA@targettenant.onmicrosoft.com), not the one in the source tenant. > > [For more information on the cmdlet click here](/powershell/module/exchange/new-migrationbatch) > -> [For an example CSV file click here](/exchange/csv-files-for-mailbox-migration-exchange-2013-help) +> [For some example CSV file info click here](/exchange/csv-files-for-mailbox-migration-exchange-2013-help) + +The following is a minimal example CSV file: + +```csv +EmailAddress +userA@targettenant.onmicrosoft.com +userB@targettenant.onmicrosoft.com +userC@targettenant.onmicrosoft.com +``` Migration batch submission is also supported from the new [Exchange admin center](https://go.microsoft.com/fwlink/p/?linkid=2059104) when selecting the cross-tenant option. These conversions happen automatically during the migration process. No manual s This can be done before the migration is complete, but you should not assign a license prior to stamping the _ExchangeGuid_ attribute or the conversion of MailUser object to mailbox will fail and a new mailbox will be created instead. To mitigate this risk, it is best to wait until after the migration is complete, and assign licenses during the 30 day grace period. +### Can I use Azure AD Connect to sync users to the new tenant if I am keeping the on-prem Active Directory? + +Yes. It is possible to have two instances of Azure AD Connect synchronize to different tenants. +However, there are some things you need to be aware of. + +- Preprovisioning the user's accounts with the script provided in this article should not be done. Instead, a selective OU sync of the users in scope for the migration can be performed to populate the target tenant; you will receive a warning about the UPN not matching during Azure AD Connect configuration. +- Depending on your current state of Hybrid Exchange, you need to verify that the on-prem directory objects have the required attributes (such as msExchMailboxGUID and proxyAddresses) populated correctly before attempting to sync to another tenant, or you will run into issues with double mailboxes and migration failures. +- You need to take some extra steps to manage UPN transitioning, changing it on-prem once the migration has been completed for a user unless you are also moving the custom domain during a cut-over migration. + ## Known issues - Issue: Post migration Teams functionality in the source tenant will be limited. After the mailbox is migrated to the target tenant, Teams in the source tenant will no longer have access to the user's mailbox. So, if a user logs into Teams with the source tenant credential, then there will be a loss of functionality such as the inability to update your profile picture, no calendar application, and an inability to search and join public teams.
security	Enable The Report Message Add In	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/enable-the-report-message-add-in.md	If you're a Government Community Cloud High (GCCH) or a Government Community Clo ## Use the Report Message or the Report Phishing add-ins -You can use the Report Message or the Report Phishing add-ins to submit false positives (good email that was blocked or sent to junk folder) and false negatives (unwanted email or phish that was delivered to the inbox) in Outlook. For more information, see [Report false positives and false negatives in Outlook](report-false-positives-and-false-negatives.md). +You can use the Report Message or the Report Phishing add-ins to submit false positives (good email that was blocked or sent to junk folder) and false negatives (unwanted email or phish that was delivered to the inbox) in Outlook. For more information, see [Report false positives and false negatives in Outlook](report-false-positives-and-false-negatives.md).
security	Remove Blocked Connectors	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/remove-blocked-connectors.md	Remove-BlockedConnector -ConnectorId <connectorId> ## More information - [Respond to a compromised connector](respond-compromised-connector.md)-- [Remove blocked users](removing-user-from-restricted-users-portal-after-spam.md) +- [Remove blocked users](removing-user-from-restricted-users-portal-after-spam.md)
security	How To Prioritize Manage Investigate And Respond To Incidents In Microsoft 365 Defender	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/how-to-prioritize-manage-investigate-and-respond-to-incidents-in-microsoft-365-defender.md	You can start using Action Center to act on pending action items from all inci [How automated investigation and response works in Microsoft Defender for Office 365](../automated-investigation-response-office.md) -[Remediation actions in Microsoft Defender for Office 365](../air-remediation-actions.md) +[Remediation actions in Microsoft Defender for Office 365](../air-remediation-actions.md)
security	Try Microsoft Defender For Office 365	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/try-microsoft-defender-for-office-365.md	Do you want your Defender for Office 365 experience to be active or passive? The - Audit mode: Special evaluation policies are created for anti-phishing (which includes impersonation protection), Safe Attachments, and Safe Links. These evaluation policies are configured to detect threats only. Defender for Office 365 detects harmful messages for reporting, but the messages aren't acted upon (for example, detected messages aren't quarantined). The settings of these evaluation policies are described in the [Policies in audit mode](#policies-in-audit-mode) section later in this article. - Audit mode provides access to customized reports for threats detected by Defender for Office 365 on the Evaluation mode page at<https://security.microsoft.com/atpEvaluation>. + Audit mode provides access to customized reports for threats detected by Defender for Office 365 on the Evaluation mode page at <https://security.microsoft.com/atpEvaluation>. - Blocking mode: The Standard template for [preset security policies](preset-security-policies.md) is turned on and used for the trial, and the users you specify to include in the trial are added to the Standard preset security policy. Defender for Office 365 detects and takes action on harmful messages (for example, detected messages are quarantined).
security	User Submission	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/user-submission.md	To specify the reason why the original attached messages were reported, messages - 3. X-Ms-Exchange-Organization-Network-Message-Id - 4. X-Ms-Exchange-Crosstenant-Id -> [!NOTE] -> TenantId in `X-Ms-Exchange-Crosstenant-Id` should be the same as the tenant. -> -> `X-Microsoft-Antispam-Message-Info` should be a valid xmi. + > [!NOTE] + > TenantId in `X-Ms-Exchange-Crosstenant-Id` should be the same as the tenant. + > + > `X-Microsoft-Antispam-Message-Info` should be a valid xmi. - The Subject line (Envelope Title) of messages sent to the user submissions mailbox must start with one of the following prefix values: - `1\|` or `Junk:`.