+ Title: "Microsoft 365 admin center accessibility overview"

+audience: Admin

+ms.localizationpriority: medium

+- Tier1

+- scotvorg

+- Adm_O365

+- Adm_TOC

+description: "Learn about the accessibility conformance and features of the Microsoft 365 admin center."

+# Microsoft 365 admin center accessibility overview

+This article applies to the Microsoft 365 admin center.

+Microsoft is committed to ensuring our products and services are designed for everyone including over one billion people with disabilities. For more information, visit [Accessibility Technology & Tools | Microsoft Accessibility](https://www.microsoft.com/accessibility/).

+We prioritize inclusive design and accessibility in products and services. Microsoft publishes Accessibility Conformance Reports (ACRs) describing how our products and services support the criteria of the European accessibility standard, EN 301 549; Section 508 of the U.S. Rehabilitation Act; and the Web Content Accessibility Guidelines (WCAG). A copy of the accessibility conformance reports for **M365 admin center - Web** are available at [Microsoft Accessibility Conformance Reports](https://cloudblogs.microsoft.com/industry-blog/government/2018/09/11/accessibility-conformance-reports/).

+## Conformance status

+The [Web Content Accessibility Guidelines (WCAG)](https://www.w3.org/WAI/standards-guidelines/wcag/) defines requirements for designers and developers to improve accessibility for people with disabilities. It defines three levels of conformance: Level A, Level AA, and Level AAA. The Microsoft 365 admin center is partially conformant with WCAG 2.1 level AA. Partially conformant means that some parts of the content don't fully conform to the accessibility standard.

+Compatibility with browsers and assistive technology

+The Microsoft 365 admin center is designed to be compatible with the latest versions of NVDA, Microsoft Edge, and Google Chrome. A Microsoft 365 Admin app is available for iOS and Android, and users can use Voiceover and Talkback screen readers on those devices.

+## Accessibility features in the Microsoft 365 admin center

+The Microsoft 365 admin center provides the following features to support accessibility in the web site:

+- **Contrast modes:** The admin center provides light and dark modes that can be selected on most pages in the admin center, including the admin center Home page. By default, Light mode is selected. To switch to Dark mode, select the **Dark mode** link in the upper-right corner of the page.

+- **Magnification:** A minimum of 400% browser magnification is supported.

+- **Keyboard shortcuts:** The admin center provides the following keyboard shortcuts.

+ - Universal shortcuts:

+ - Search ΓÇô Alt+S

+ - See all available shortcuts ΓÇô Shift+?

+ - On the <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">Active users</a> page:

+ - Add user ΓÇô Shift+A+U

+ - Reset password ΓÇô Shift+R+P

+ - On the <a href="https://go.microsoft.com/fwlink/p/?linkid=2053302" target="_blank">Contacts</a> page:

+ - Add contact ΓÇô Shift+A+C

+ - On the <a href="https://go.microsoft.com/fwlink/p/?linkid=2052855" target="_blank">Active teams & groups</a> page:

+ - Add group ΓÇô Shift+A+G

+## Support and feedback

+Microsoft provides an enterprise Disability Answer Desk as a support resource for organizations that have questions about the accessibility of Microsoft products and product conformance with accessibility standards. The support team can help resolve issues relating to assistive technology and functionality of products for users with disabilities, and find conformance documentation. For accessibility help, email the [enterprise Disability Answer Desk](mailto:eDAD@microsoft.com).

+We welcome your feedback on the accessibility of the Microsoft 365 admin center. Use the **Give feedback** button inside the admin center to let us know about any accessibility barriers you encounter.

+ Title: What's new in Microsoft 365 Business Premium and Microsoft Defender for Business

+description: Learn about new features and capabilities in Microsoft 365 Business Premium and Microsoft Defender for Business.

+search.appverid:

+- MET150

+- BCS160

+audience: Admin

+ms.localizationpriority: medium

+- tier2

+- m365-security

+f1.keywords: NOCSH

+# What's new in Microsoft 365 Business Premium and Microsoft Defender for Business

+**Applies to:**

+- [Microsoft 365 Business Premium](index.md)

+- [Microsoft Defender for Business](../security/defender-business/mdb-overview.md)

+This article lists new features in the latest release of Microsoft 365 Business Premium, which includes Microsoft Defender for Business. Features that are currently in preview are denoted with **(preview)**.

+## November 2022

+- **[Microsoft Defender for Business servers](../security/defender-business/get-defender-business-servers.md)**, a new add-on for Defender for Business, is now generally available. See [How to get Microsoft Defender for Business servers](../security/defender-business/get-defender-business-servers.md).

+## July 2022

+- **Microsoft Defender for Business servers (preview)** is available to customers who have at least one paid license of Microsoft 365 Business Premium or Defender for Business. See [Tech Community blog: Server protection for small business is now in preview within Microsoft Defender for Business](https://techcommunity.microsoft.com/t5/small-and-medium-business-blog/server-protection-for-small-business-now-in-preview-within/ba-p/3571185).

+## May 2022

+- **Defender for Business** (standalone) is now generally available. See the following resources to learn more:

+ - [Tech Community blog: Introducing Microsoft Defender for Business](https://techcommunity.microsoft.com/t5/small-and-medium-business-blog/introducing-microsoft-defender-for-business/ba-p/2898701)

+ - [What is Microsoft Defender for Business?](../security/defender-business/mdb-overview.md)

+ - [Get Microsoft Defender for Business](../security/defender-business/get-defender-business.md)

+## March 2022

+- **Microsoft 365 Business Premium now includes Defender for Business**. See [Tech Community blog: New security solutions to help secure small and medium businesses](https://techcommunity.microsoft.com/t5/small-and-medium-business-blog/new-security-solutions-to-help-secure-small-and-medium/ba-p/3207043).

+You can view the number of matches a trainable classifier has in **Content explorer** and **Trainable classifiers**. You can also provide feedback on whether an item is actually a match or not using the **Match**, **Not a Match** feedback mechanism and use that feedback to tune your classifiers. See, [Increase classifier accuracy (preview)](data-classification-increase-accuracy.md) for more information.

+- You must be assigned the Organization Configuration role in the Microsoft Purview compliance portal to manage activity alerts. By default, this role is assigned to the Compliance Administrator and Organization Management role groups. For more information about adding members to role groups, see [Add users to a compliance role group](microsoft-365-compliance-center-permissions.md#add-users-to-a-compliance-role-group).

+For more information, see [Add users to a compliance role group](microsoft-365-compliance-center-permissions.md#add-users-to-a-compliance-role-group).

+For more information, see [Add users to a compliance role group](microsoft-365-compliance-center-permissions.md#add-users-to-a-compliance-role-group).

+##### Supported syntax for designating websites in a website group

+You can use a flexible syntax to include and exclude domains, subdomains, websites, and subsites in your website groups.

+- use `*` as a wildcard to specify all domains or all subdomains

+- use `/` as a terminator at the end of a URL to scope to that specific site only.

+When you add a URL without a terminating `/`, that URL is scoped to that site and all subsites.

+This syntax applies to all http/https websites.

+Here are some examples:

+|URL that you add to the website group |URL will match | URL will not match|

+||||

+|contoso.com | //<!--nourl-->contoso.com </br> //<!--nourl-->contoso.com/ </br> //<!--nourl-->contoso.com/allsubsites1 </br> //<!--nourl-->contoso.com/allsubsites1/allsubsites2| //<!--nourl-->allsubdomains.contoso.com </br> //<!--nourl-->allsubdomains.contoso.com.au |

+|contoso.com/ |//<!--nourl-->contoso.com </br> //<!--nourl-->contoso.com/ |//<!--nourl-->contoso.com/allsubsites1 </br> //<!--nourl-->contoso.com/allsubsites1/allsubsites2 </br> //<!--nourl-->allsubdomains.contoso.com </br> //<!--nourl-->allsubdomains.contoso.com/au |

+|*.contoso.com | //<!--nourl-->contoso.com </br> //<!--nourl-->contoso.com/allsubsites </br> //<!--nourl-->contoso.com/allsubsites1/allsubsites2 </br> //<!--nourl-->allsubdomains.contoso.com </br> //<!--nourl-->allsubdomains.contoso.com/allsubsites </br> //<!--nourl-->allsubdomains1/allsubdomains2/contoso.com/allsubsites1/allsubsites2 | //<!--nourl-->allsubdomains.contoso.com.au|

+|*.contoso.com/xyz |//<!--nourl-->contoso.com </br> //<!--nourl-->contoso.com/xyz </br> //<!--nourl-->contoso.con/xyz/allsubsites/ </br> //<!--nourl-->allsubdomains.contoso.com/xyz </br> //<!--nourl-->allsubdomains.contoso.com/xyz/allsubsites </br> //<!--nourl-->allsubdomains1.allsubdomains2.contoso.com/xyz/allsubsites </br> //<!--nourl-->allsubdomains1.allsubdomains2.contoso.com/xyz/allsubsites1/allsubsites2 | //<!--nourl-->contoso.com/xyz </br> //<!--nourl-->allsubdomains.contoso.com/xyz/|

+|*.contoso.com/xyz/ |//<!--nourl-->contoso.com/xyz </br> //<!--nourl-->allsubdomains.contoso.com/xyz |//<!--nourl-->contoso.com </br> //<!--nourl-->contoso.com/xyz/allsubsites/ </br> //<!--nourl-->allsubdomains.contoso.com/xyz/allsubsites/ </br> //<!--nourl-->allsubdomains1.allsubdomains2.contoso.com/xyz/allsubsites/ </br> //<!--nourl-->allsubdomains1.allsubdomains2.contoso.com/xyz/allsubsites1/allsubsites2|

+You can also audit, block with override, or block these user upload sensitive items to cloud apps and services through **Sensitive service domains**.

+1. In the Microsoft Purview compliance portal open **Data loss prevention** > **Endpoint DLP settings** > **Browser and domain restrictions to sensitive data** > **Sensitive service domains**.

+1. Select **Add a new group of sensitive service domains**.

+1. Name the group.

+1. Select the **Match type** you want. You can select from **URL**, **IP address**, **IP address range**.

+1. Type in the appropriate value in the **Add new service domains to this group**. You can add multiple websites to a group and use wildcards to cover subdomains. For example, `www.contoso.com` for just the top level website or \*.contoso.com for corp.contoso.com, hr.contoso.com, fin.contoso.com

+1. Select **Save**.

+1. Select **Policies**.

+1. Create and scope a policy that is applied only to **Devices**. See, [Create, test, and tune a DLP policy](create-test-tune-dlp-policy.md) for more information on how to create a policy.

+1. Create a rule that uses the **The user accessed a sensitive site from Edge**, and the action **Audit or restrict activities on devices**.

+1. In **Service domain and browser activities** select **Upload to a restricted cloud service domain or access from an unallowed browser** and set the action to **Audit only**. This sets the overall action for all the site groups.

+1. Select the **Sensitive site groups** you want.

+1. Select **Add**.

+1. OPTIONAL: If you want to create an exception (usually an allowlist) to the overall action for one or more site groups, select **Configure sensitive service domain exceptions**, add the site group you want the exception for, configure the desired action and **Save** the configuration.

+1. Select the user activities you want to monitor or restrict and the actions you DLP to take in response to those activities.

+1. Finish configuring the rule and policy and apply it.

+Use this scenario when you want to audit or block these user activities on a website.

+1. Create a rule that uses the **the user accessed a sensitive site from Edge**, and the action **Audit or restrict activities when users access sensitive sites in Microsoft Edge browser on Windows devices**.

+1. In the action select **Add or remove Sensitive site groups**.

+1. Select the **Sensitive site groups** you want. Any website under the group(s) you select here will be redirected to Edge when opened in Chrome browser (with Purview extension installed).

+See the [Getting started with insider risk management settings](insider-risk-management-settings.md#priority-user-groups) article for step-by-step guidance to create a priority user group. After you've configured a priority user group, return to these configuration steps.

+Protecting data and preventing data leaks for users in your organization may depend on their position, level of access to sensitive information, or risk history. Data leaks can include accidental oversharing of highly sensitive information outside your organization or data theft with malicious intent. With an assigned data loss prevention (DLP) policy as a triggering event option, this template starts scoring real-time detections of suspicious activity and result in an increased likelihood of insider risk alerts and alerts with higher severity levels. Priority users are defined in [priority user groups](insider-risk-management-settings.md#priority-user-groups) configured in the insider risk management settings area.

+- [Priority user groups](#priority-user-groups)

+## Priority user groups

+2. Select the **Priority user groups** page.

+3. On the **Priority user groups** page, select **Create priority user group** to start the group creation wizard.

+2. Select the **Priority user groups** page.

+2. Select the **Priority user groups** page.

+## Review set viewer limits

+|Description of limit|Limit|

+|:|:|

+|Maximum number of items displayed per page in a review set.|10,000|

+> [!NOTE]

+> Use default or custom filters to [adjust the displayed items](/microsoft-365/compliance/review-set-search) in a review set as needed.

+⁵ For non-phrase queries (a keyword value that doesn't use double quotation marks) we use a special prefix index. This tells us that a word occurs in a document, but not where it occurs in the document. To do a phrase query (a keyword value with double quotation marks), we need to compare the position within the document for the words in the phrase. This means that we can't use the prefix index for phrase queries. In this case, we internally expand the query with all possible words that the prefix expands to; for example, **time\*** can expand to **"time OR timer OR times OR timex OR timeboxed OR ..."**. The limit of 10,000 is the maximum number of variants the word can expand to, not the number of documents matching the query. There's no upper limit for non-phrase terms.

+The account you use to create and edit data loss prevention (DLP) policies, must have the **DLP Compliance Management** role permissions. For more information, see [Add users to a compliance role group](microsoft-365-compliance-center-permissions.md#add-users-to-a-compliance-role-group).

+The Compliance portal gives you a single view into the controls you'll use to manage the spectrum of Microsoft 365 security, including threat management, data governance, and search and investigation.

+- [Add users to a compliance role group](microsoft-365-compliance-center-permissions.md#add-users-to-a-compliance-role-group)

+- To identify the TLS version that is used by SMTP clients, see [SMTP Auth clients report in the EAC](/exchange/monitoring/mail-flow-reports/mfr-smtp-auth-clients-report).

+Select each filter to expand it and assign a value. Select outside the filter to automatically apply the filter to the review set.

+> [!NOTE]

+> A review set only displays a maximum of 10,000 items per page. Use default or custom filters to adjust the displayed items as needed.

+The following screenshot shows the Date filter configured to show documents within a date range.

+> When you expand a section in the filter panel, you'll notice that the default filter types are selected. You can keep these selected or deselect them and removed them from the filter set.

+2. Select the **KQL** filter and select **Open query builder**.

+6. Back in the review set, select **Filter**, expand the **IDs** section, and then select the **Load Id** checkbox.

+7. Expand the **Load Id** filter, and then select the checkbox for the load ID that corresponds to the second collection to display the partially indexed items.

+- For encrypted documents in Office for the web, [screen captures aren't prevented](/azure/information-protection/faqs-rms#can-rights-management-prevent-screen-captures). Until recently, copying to the clipboard also wasn't prevented for these documents. Now, when documents are labeled and encrypted, and the **Copy** [usage right](/azure/information-protection/configure-usage-rights) isn't granted, Office on the web prevents copying to clipboard in the same way as desktop apps prevent this action. There are currently some exceptions for relabeling scenarios until the browser is refreshed, another session is started, or the document is opened again:

+- **General availability (GA)**: [Preventing copy to clipboard is honored for labeled and encrypted files in SharePoint and OneDrive](sensitivity-labels-sharepoint-onedrive-files.md#limitations), with some exceptions for relabeling scenarios.

+# Cross-tenant mailbox migration

+> When a mailbox is migrated cross-tenant with this feature, only user visible content in the mailbox (email, contacts, calendar, tasks, and notes) is migrated to the target (destination tenant). After successful migration, the source mailbox is deleted. This means that after the migration, under no circumstances, is the source mailbox available, discoverable, or accessible in the source tenant.

+## Licensing

+Cross Tenant User Data Migration is available as an add-on to the following Microsoft 365 subscription plans for Enterprise Agreement customers. User licenses are per migration (onetime fee). Please contact your Microsoft account team for details.

+Microsoft 365 Business Basic/Business Standard/Business Premium/F1/F3/E3/A3/E5/A5; Office 365 F3/E1/A1/E3/A3/E5/A5; Exchange Online; SharePoint Online; OneDrive for Business.

+Make sure that all the users in the source and target organization must be licensed with appropriate Exchange Online subscriptions applicable for the organization. Also ensure that the Cross Tenant User Data Migration licenses are also applied to all the users that will be migrated to the target side.

+9. Under Essentials, you'll need to copy down the Application (client) ID as you'll need it later to create a URL for the target tenant.

+15. Then, under Select permissions, expand Mailbox, check Mailbox.Migration, and, at the bottom on the screen, select Add permissions.

+ https://login.microsoftonline.com/contoso.onmicrosoft.com/adminconsent?client_id=[application_id_of_the_app_you_just_created]&redirect_uri=https://office.com

+ > You will need to replace contoso.onmicrosoft.com in the above example with your source tenants correct onmicrosoft.com name.

+ New-MigrationEndpoint -RemoteServer outlook.office.com -RemoteTenant "contoso.onmicrosoft.com" -Credentials $Credential -ExchangeRemoteMove:$true -Name "[the name of your migration endpoint]" -ApplicationId $AppId

+ https://login.microsoftonline.com/contoso.onmicrosoft.com/adminconsent?client_id=[application_id_of_the_app_you_just_created]&redirect_uri=https://office.com

+ > You will need to replace contoso.onmicrosoft.com in the above example with your source tenants correct onmicrosoft.com name.

+If a mailbox is required to move back to the original source tenant, the same set of steps and scripts will need to be run in both new source and new target tenants. The existing Organization Relationship object will be updated or appended, not recreated. The migration can't happen both ways simultaneously.

+ - Primary SMTPAddress: Primary SMTP address will align to the user's NEW company (for example, user@northwindtraders.com).

+ - You can't add legacy smtp proxy addresses from source mailbox to target MailUser. For example, you can't maintain contoso.com on the MEU in northwindtraders.onmicrosoft.com tenant objects). Domains are associated with one Azure AD or Exchange Online tenant only.

+ | Attribute | Value |

+ | -- | |

+ | Alias | LaraN |

+ | RecipientType | MailUser |

+ | RecipientTypeDetails | MailUser |

+ | UserPrincipalName | LaraN@northwintraders.onmicrosoft.com |

+ | PrimarySmtpAddress | Lara.Newton@northwindtraders.com |

+ | ExternalEmailAddress | SMTP:LaraN@contoso.onmicrosoft.com |

+ | ExchangeGuid | 1ec059c7-8396-4d0b-af4e-d6bd4c12a8d8 |

+ | LegacyExchangeDN | /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=74e5385fce4b46d19006876949855035Lara |

+ | EmailAddresses | x500:/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=d11ec1a2cacd4f81858c81907273f1f9-Lara |

+ | | smtp:LaraN@northwindtraders.onmicrosoft.com |

+ | | SMTP:Lara.Newton@northwindtraders.com |

+ | Attribute | Value |

+ | -- | |

+ | Alias | LaraN |

+ | RecipientType | UserMailbox |

+ | RecipientTypeDetails | UserMailbox |

+ | UserPrincipalName | LaraN@contoso.onmicrosoft.com |

+ | PrimarySmtpAddress | Lara.Newton@contoso.com |

+ | ExchangeGuid | 1ec059c7-8396-4d0b-af4e-d6bd4c12a8d8 |

+ | LegacyExchangeDN | /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=d11ec1a2cacd4f81858c81907273f1f9Lara |

+ | EmailAddresses | smtp:LaraN@contoso.onmicrosoft.com |

+ | | SMTP:Lara.Newton@contoso.com |

+4. Users in the target organization must be licensed with appropriate Exchange Online subscriptions applicable for the organization. You may apply a license in advance of a mailbox move but ONLY once the target MailUser is properly set up with ExchangeGUID and proxy addresses. Applying a license before the ExchangeGUID is applied will result in a new mailbox provisioned in target organization. You must also apply a Cross Tenant User Data Migration licenses or you may see a transient error saying needs approval which will report a warning in the move report that a license is not applied to the target user.

+New-MigrationBatch -Name T2Tbatch -SourceEndpoint target_source_7977 -CSVData ([System.IO.File]::ReadAllBytes('users.csv')) -Autostart -TargetDeliveryDomain northwindtraders.onmicrosoft.com

+> The email address in the CSV file must be the one specified in the target tenant (for example, userA@northwindtraders.onmicrosoft.com), not the one in the source tenant.

+userA@northwindtraders.onmicrosoft.com

+userB@northwindtraders.onmicrosoft.com

+userC@northwindtraders.onmicrosoft.com

+Once the mailbox moves from source to target, you should ensure that the on-premises mail users, in both the source and target, are updated with the new targetAddress. In the examples, the targetDeliveryDomain used in the move is **northwindtraders.onmicrosoft.com**. Update the mail users with this targetAddress.

+Use the Remove-OrganizationRelationship (/exchange/sharing/organization-relationships/remove-an-organization-relationship#use-exchange-online-powershell-to-remove-an-organization-relationship) cmdlet to remove existing organization relationships for source or destination servers after the migration is complete.

+# These are the 'target' users to be moved to the northwindtraders tenant

+Here is an example of the output of the mailbox permission before a move from the source side.

+Get-MailboxPermission TestUser_7 | Format-Table -AutoSize User, AccessRights, IsInherited, Deny

+TestUser_8@contoso.onmicrosoft.com {FullAccess} False False

+Here's an example of the output of the mailbox permission after the move from the target side.

+Get-MailboxPermission TestUser_7 | Format-Table -AutoSize User, AccessRights, IsInherited, Deny

+TestUser_8@northwindtraders.onmicrosoft.com {FullAccess} False False

+No, the source tenant and target tenant domain names must be unique. For example, a source domain of contoso.com and the target domain of northwindtraders.com.

+ - When you synchronize users from on-premises using Azure AD Connect, you provision on-premises MailUser objects with ExternalEmailAddress pointing to the source tenant where the mailbox exists (LaraN@contoso.onmicrosoft.com) and you stamp the PrimarySMTPAddress as a domain that resides in the target tenant (Lara.Newton@northwindtraders.com). These values synchronize down to the tenant and an appropriate mail user is provisioned and ready for migration. An example object is shown here.

+ SMTP:LaraN@contoso.onmicrosoft.com {SMTP:lara.newton@northwindtraders.com}

+ MailUser objects are pointers to non-local mailboxes. In the case for cross-tenant mailbox migrations, we use MailUser objects to represent either the source mailbox (from the target organization's perspective) or target mailbox (from the source organization's perspective). The MailUsers will have an ExternalEmailAddress (targetAddress) that points to the smtp address of the actual mailbox (ProxyTest@northwindtraders.onmicrosoft.com) and primarySMTP address that represents the displayed SMTP address of the mailbox user in the directory. Some organizations choose to display the primary SMTP address as an external SMTP address, not as an address owned/verified by the local tenant (such as northwindtraders.com rather than as contoso.com). However, once an Exchange service plan object is applied to the MailUser via licensing operations, the primary SMTP address is modified to show as a domain verified by the local organization (contoso.com). There are two potential reasons:

+ - When any Exchange service plan is applied to a MailUser, the Azure AD process starts to enforce proxy scrubbing to ensure that the local organization is not able to send mail out, spoof, or mail from another tenant. Any SMTP address on a recipient object with these service plans will be removed if the address is not verified by the local organization. As is the case in the example, the Fabikam.com domain is NOT verified by the contoso.onmicrosoft.com tenant, so the scrubbing removes that northwindtraders.com domain. If you wish to persist these external domains on MailUser, either before the migration or after migration, you need to alter your migration processes to strip licenses after the move completes or before the move to ensure that the users have the expected external branding applied. You will need to ensure that the mailbox object is properly licensed to not affect mail service.

+ The user's PrimarySMTPAddress is no longer scrubbed. The northwindtraders.com domain is not owned by the contoso.onmicrosoft.com tenant and will persist as the primary SMTP address shown in the directory.

+ ProxyTest@northwindtraders.com ProxyTest@northwindtraders.com SMTP:ProxyTest@northwindtraders.com e2513482-1d5b-4066-936a-cbc7f8f6f817

+|4|On-premises mail system (less common)|Use if you're using Exchange Online Protection or Exchange Online plus another mail system|`ip4:<0.0.0.0>` <br/> `ip6:< : : >` <br/> include:\<mail.contoso.com\> <br/> The value in brackets (\<\>) should be other mail systems that will send email for your domain.|

+Microsoft makes commitments to store certain customer data at rest in the applicable _Local Region Geography_ for [eligible customers](advanced-data-residency.md#eligibility) that purchase ADR. The commitments are specified below.

+- SharePoint Online site content and the files stored within that site and files uploaded to OneDrive for Business

+- Microsoft Teams chat messages (including private messages, channel messages, meeting messages and images used in chats), and, for customers using Microsoft Stream (on SharePoint), meeting recordings

+- Viva Connections Dashboard and Feed can have content sourced from SharePoint Online, Exchange Online and Microsoft Teams. All customer data sourced from these services covered by data residency commitments will be stored in the _Local Region Geography_. Refer to [Exchange Online](m365-dr-workload-exo.md), [SharePoint Online](m365-dr-workload-spo.md) and [Microsoft Teams](m365-dr-workload-teams.md) workload data residency pages for more details.

+- Machine Learning ("ML") models are trained on public web data, and as such do not contain any customer data from your tenant. In the future it's possible we will use customer data to improve accuracy of the ML models, in which case the data handling of ML models will follow the same policies as any other customer content (including data residency, retention, access control, sensitivity).

+- Service configuration data, audited Activities, audit Records, and audit log query permissions

+- In addition to the customer data stored as part of Purview Audit (Standard), configuration and Customer Data related to high-value crucial events

+- Retention policy settings and retention label definitions

+ - SharePoint Online, OneDrive for Business, Exchange Online and Microsoft Teams follow the data residency commitments for those services. Refer to [Exchange Online](m365-dr-workload-exo.md), [SharePoint Online](m365-dr-workload-spo.md) and [Microsoft Teams](m365-dr-workload-teams.md) workload data residency pages for more details.

+- Mappings between retention labels and Data Loss Prevention (DLP) policies

+- Label change justification records

+- DLP admin configuration, DLP policies in Compliance Center, DLP monitored activities, violation history, Activity Explorer and Microsoft 365 unified audit logs, quarantine storage, DLP Alerts and DLP Alert management dashboard

+- Encryption policies, admin settings and encrypted messages

+- Policy settings, risk indicators and admin settings

+Please refer to [Manage data for Microsoft Whiteboard | Microsoft Learn](/microsoft-365/whiteboard/manage-data-organizations).

+Get-SPOSite | ForEach {Get-SPOSiteGroup ΓÇôSite $_.Url} | ForEach {Remove-SPOUser -LoginName $user@$tenant.com -Site $_.Url}

+- [Mail flow reports in the EAC](/exchange/monitoring/mail-flow-reports/mail-flow-reports)

+- [Mail flow insights in the EAC](/exchange/monitoring/mail-flow-insights/mail-flow-insights)

+- [Queued messages report in the EAC](/exchange/monitoring/mail-flow-reports/mfr-queued-messages-report)

+description: Learn how a user with Away status or Do Not Disturb status can explicitly set another user as a delegate in their Microsoft Teams status message.

+## Teams status message delegation use scenario in Healthcare

+- [Microsoft Teams Meetings LTI with any LTI 1.3 compliant LMS](integrate-with-other-lms.md).

+OneNote Class Notebook LTI can be used with your LMS to create a shared notebook and link it to educators' courses. Students enrolled in the LMS course can access the notebook automatically without having to add their names.

+For configuration steps, see [Microsoft OneNote Class Notebook LTI](https://www.onenote.com/lti/integratelti).

+ Title: Use Microsoft Teams Meetings LTI with any LTI 1.3 compliant LMS

+audience: admin

+- M365-modern-desktop

+- m365initiative-edu

+ms.localizationpriority: medium

+description: Learn how you can integrate Microsoft Teams Meetings LTI with any LMS that is LTI 1.3 compliant.

+# Use Microsoft Teams Meetings LTI with any LTI 1.3 compliant LMS

+The Teams Meetings LTI app incorporates Teams meetings into LMS courses. Educators and students can view past and upcoming meetings, schedule individual or recurring meetings, and join team meetings related to the course, all from within their LMS.

+Teams Meetings LTI uses the [Learning Tools Interoperability (LTI) standard](https://www.imsglobal.org/activity/learning-tools-interoperability), which allows any LMS that is LTI 1.3 compliant to integrate Teams Meetings for its educators and students.

+This guide provides the **IT admin** steps for registering the Teams Meetings LTI app for any LMS that is LTI 1.3 compliant.

+For an overview of Microsoft LTI, see [Integrating Microsoft products with your Learning Management System (LMS)](index.md).

+> [!NOTE]

+> The person who performs this integration should be an administrator of their LMS and a Microsoft 365 administrator.

+## Steps to deploy the Teams Meetings LTI app for your LMS

+1. Go to the [Microsoft LMS Gateway](https://lti.microsoft.com/).

+1. Select the **Go to Registration Portal** button.

+1. Sign in with a *Microsoft 365 administrator* account.

+1. After signing in, select **Add new registration**.

+1. Select **Teams Meetings LTI** to register, and then select **Next**.

+1. Enter an easily identifiable **Registration name**.

+1. Select **Other** as the **LMS platform**, and then select **Next**.

+1. You'll be given a list of keys that need to be copied and pasted to your LMS site.

+1. Open the LMS site in another browser tab.

+ 1. Don't close the Microsoft LMS Gateway tab.

+ 1. Copy the keys provided to your LMS site.

+ 1. Check your LMS's documentation to find the correct place to paste these keys.

+1. On the Microsoft LMS gateway tab, select **LMS provided registration keys**.

+1. Copy and paste the values from the LMS to Microsoft's **LMS provided registration keys** step.

+ 1. Check your LMS's documentation to find the correct place to get the registration keys from your LMS.

+1. Select **Next**.

+1. Review the **Review and add** page.

+1. If there are no errors, select **Save and exit**.

+1. You should see a message indicating successful registration.

+You've completed registration of Teams Meetings LTI app on the Microsoft LMS Gateway.

+Microsoft LMS Gateway integrates with several LMSs including Canvas, Blackboard, Moodle, Brightspace, and Schoology Learning.

+> [!NOTE]

+> The Microsoft LMS Gateway is only available to public cloud tenants. DoD, GCC, and GCC High tenants can't access the Microsoft LMS Gateway.

+ - These cookies are needed to complete the LTI 1.3 handshake per IMS specifications.

+- **Issues with the LMS public keyset URL**

+ - Ensure that the **public keyset URL** entered in the LTI registration is correct.

+ - Also, make sure that the **public keyset URL** isn't restricted by your network settings for requests originating from the [Microsoft LMS Gateway](https://lti.microsoft.com/).

+- Block at first sight can block non-portable executable files (such as JS, VBS, or macros) and executable files, running the [latest Defender antimalware platform](manage-updates-baselines-microsoft-defender-antivirus.md) on Windows or Windows Server.

+**(JSON response)**|Microsoft Defender Antivirus health per device collection. See: [1.2 Export device antivirus health details API properties (JSON response)](#13-export-device-antivirus-health-details-api-properties-json-response)|Returns a table with an entry for every unique combination of DeviceId, ConfigurationId. | The API pulls all data in your organization as JSON responses. This method is best for small organizations with less than 100-K devices. The response is paginated, so you can use the @odata.nextLink field from the response to fetch the next results.

+**(via files)**|Microsoft Defender Antivirus health per device collection. See: [1.3 Export device antivirus health details API properties \(via files\)](#14-export-device-antivirus-health-details-api-properties-via-files)|Returns a table with an entry for every unique combination of DeviceId, ConfigurationId. |This API solution enables pulling larger amounts of data faster and more reliably. So, it's recommended for large organizations, with more than 100-K devices. This API pulls all data in your organization as download files. The response contains URLs to download all the data from Azure Storage. This API enables you to download all your data from Azure Storage as follows: <ol><li>Call the API to get a list of download URLs with all your organization data.</li><li>Download all the files using the download URLs and process the data as you like.</li></ol>

+### 1.2 Limitations

+- Maximum page size: 200,000

+- Rate limitations for this API: 30 calls per minute and 1,000 calls per hour

+### 1.3 Export device antivirus health details API properties (JSON response)

+### 1.4 Export device antivirus health details API properties (via files)

+See: [1.3 Export device antivirus health details API properties (JSON response)](device-health-api-methods-properties.md#13-export-device-antivirus-health-details-api-properties-json-response)

+See: [1.4 Export device antivirus health details API properties \(via files\)](device-health-api-methods-properties.md#14-export-device-antivirus-health-details-api-properties-via-files).

+#### Muting Non Exec mounts

+

+Specifies the behavior of RTP on mount point marked as noexec. There are two values for setting are:

+- Unmuted (`unmute`): The default value, all mount points are scanned as part of RTP.

+- Muted (`mute`): Mount points marked as noexec are not scanned as part of RTP, these mount point can be created for:

+ - Database files on Database servers for keeping data base files.

+ - File server can keep data files mountpoints with noexec option.

+ - Back up can keep data files mountpoints with noexec option.

+|Description|Value|

+|||

+|**Key**|nonExecMountPolicy|

+|**Data type**|String|

+|**Possible values**|unmute (default) <p> mute|

+|**Comments**|Available in Defender for Endpoint version 101.85.27 or higher.|

+#### Configure file hash computation feature

+Enables or disables file hash computation feature. When this feature is enabled, Defender for Endpoint will compute hashes for files it scans. Note that enabling this feature might impact device performance. For more details, please refer to: [Create indicators for files](indicator-file.md).

+|Description|Value|

+|||

+|**Key**|enableFileHashComputation|

+|**Data type**|Boolean|

+|**Possible values**|false (default) <p> true|

+|**Comments**|Available in Defender for Endpoint version 101.73.77 or higher.|

+ "nonExecMountPolicy":"unmute",

+ - V2 engine is default with this release and V1 engine bits are completely removed for enhanced security.

+ - V2 engine support configuration path for AV definitions. (mdatp definition set path)

+- While upgrading from mdatp version 101.75.43 or 101.78.13, you may encounter a kernel hang. Run the following commands before attempting to upgrade to version 101.85.21. More information about the underlying issue can be found at [System hang due to blocked tasks in fanotify code](https://access.redhat.com/solutions/2838901)

+There are two ways to mitigate the problem in upgrading.

+Example:

+sudo apt purge mdatp

+

+In case you don't want to uninstall mdatp you can disable rtp and mdatp in sequence before upgrade.

+Caution: Some customers(<1%) are experiencing issues with this method.

+ ```bash

+sudo mdatp config real-time-protection --value=disabled

+sudo systemctl disable mdatp

+```

+

+**Known issues**

+Apple has identified an issue on macOS [Ventura upgrade](<https://developer.apple.com/documentation/macos-release-notes/macos-13_1-release-notes>), and expected to be fixed in the next release.

+The issue impacts Microsoft for endpoint security extensions, and might result in losing Full Disk Access Authorization, impacting its ability to function properly.

+> To mitigate the risk with this issue, make sure that [Microsoft for Endpoint has Full Disk Access Authorization](mac-install-manually.md).

+

+- [Auto-forwarded messages report in the EAC](/exchange/monitoring/mail-flow-reports/mfr-auto-forwarded-messages-report)

+- [New users forwarding email insight in the EAC](/exchange/monitoring/mail-flow-insights/mfi-new-users-forwarding-email-insight)

+Your custom detection rule can automatically take actions on devices, files, users, or emails that are returned by the query.

+When selected, you can choose to **Allow/Block** the file. Blocking files are only allowed if you have *Remediate* permissions for files and if the query results have identified a file ID, such as a SHA1. Once a file is blocked, other instances of the same file in all devices are also blocked. You can control which device group the blocking is applied to, but not specific devices.

+When selected, the **Mark user as compromised** action is taken on users in the `AccountObjectId`, `InitiatingProcessAccountObjectId`, or `RecipientObjectId` column of the query results. This action sets the users risk level to "high" in Azure Active Directory, triggering corresponding [identity protection policies](/azure/active-directory/identity-protection/overview-identity-protection).

+Select **Disable user** to temporarily prevent a user from logging in, or **Force password reset** to prompt the user to change their password on the next sign in session. Both **Disable user** and **Force password reset** require the user SID, which are in the columns `AccountSid`, `InitiatingProcessAccountSid`, `RequestAccountSid`, and `OnPremSid`.

+#### Actions on emails

+If the custom detection yields email messages, you can select **Move to mailbox folder** to move the email to a selected folder (any of **Junk**, **Inbox**, or **Deleted items** folders).

+Alternatively, you can select **Delete email** and then choose to either move the emails to Deleted Items (**Soft delete**) or delete the selected emails permanently (**Hard delete**).

+Then, after you're all set up, you can [view and manage remediation actions in the Action center](m365d-autoir-actions.md). And, if necessary, you can [make changes to your automated investigation settings](#need-to-make-changes).

+|Windows device requirements|<ul><li>Windows 11</li><li>Windows 10, version 1709 or later installed (See [Windows release information](/windows/release-information/))</li><li>The following threat protection services are configured:<ul><li>[Microsoft Defender for Endpoint](../defender-endpoint/configure-endpoints.md)</li><li>[Microsoft Defender Antivirus](/windows/security/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features)</li></ul></li></ul>|

+Microsoft provides built-in [alert policies](../../compliance/alert-policies.md) that help identify certain risks. These risks include Exchange admin permissions abuse, malware activity, potential external and internal threats, and data lifecycle management risks. Some alerts can trigger [automated investigation and response in Office 365](../office-365-security/office-365-air.md). Make sure your [Defender for Office 365](../office-365-security/defender-for-office-365.md) features are configured correctly.

+ - [Anti-spam](../office-365-security/protect-against-threats.md#part-3anti-spam-protection-in-eop)

+ - If you see **Incidents & Alerts**, **Hunting**, and **Actions & submissions**, Microsoft 365 Defender is turned on. In this case, [visit the Action center](m365d-action-center.md).

+ - If you don't* see **Incidents & alerts**, **Hunting**, or **Actions & submissions**, then Microsoft 365 Defender might not be turned on. In this case, see [Turn on Microsoft 365 Defender](m365d-enable.md).

+## Need to make changes?

+You can choose from several options to change settings for your automated investigation and response capabilities. Some options are listed in the following table:

+| To do this | Follow these steps |

+|||

+| Specify automation levels for groups of devices | <ol><li>Set up one or more device groups. See [Create and manage device groups](../defender-endpoint/machine-groups.md). </li><li>In the Microsoft 365 Defender portal, go to **Permissions** > **Endpoints roles & groups** > **Device groups**.</li><li>Select a device group and review its **Automation level** setting. (We recommend using **Full - remediate threats automatically**). See [Automation levels in automated investigation and remediation capabilities](../defender-endpoint/automation-levels.md).</li><li>Repeat steps 2 and 3 as appropriate for all your device groups. </li></ol> |

+| Turn automated investigation on or off | *We recommend keeping automated investigation turned on. If you want to turn it off for some devices, we recommend [reviewing or changing the automation level for device groups](#review-or-change-the-automation-level-for-device-groups) instead of turning off automated investigation for your organization.* <ol><li>In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), go to **Settings** > **Endpoints** > **Advanced features**. </li><li>Turn the **Automated Investigation** toggle to **On** (or **Off**). <br/>Keep in mind that if you turn off automated investigation here, it will affect automated investigation and response actions for all devices. It will also affect [manual response actions for emails](../office-365-security/air-remediation-actions.md) (such as hard delete and soft delete). Rather than turning automated investigation off, try [changing the automation level for device groups](#review-or-change-the-automation-level-for-device-groups).</li><li>Go to **Auto remediation** and review your automated remediation levels for your devices. See [Automation levels in automated investigation and remediation capabilities](../defender-endpoint/automation-levels.md). |

+| **[EmailAttachmentInfo](advanced-hunting-emailattachmentinfo-table.md)** | GA |GA |GA |GA |

+| **[EmailEvents](advanced-hunting-emailevents-table.md)** | GA |GA |GA |GA |

+| **[EmailPostDeliveryEvents](advanced-hunting-emailpostdeliveryevents-table.md)** | GA |GA |GA |GA |

+| **[EmailUrlInfo](advanced-hunting-emailurlinfo-table.md)** | GA |GA |GA |GA |

+| **[UrlClickEvents](advanced-hunting-urlclickevents-table.md)**|GA |GA |GA |GA |

+When an automated investigation has begun, you can see its details and results in the **Action center** in the Microsoft 365 Defender portal.

+|User|Email forwarding <br> (Mailbox forwarding rules are configured, chch could be used for data exfiltration.)|Remove forwarding rule <p> Use the [Autofowarded messages report](/exchange/monitoring/mail-flow-reports/mfr-auto-forwarded-messages-report) to view specific details about forwarded email.|

+|User|Anomalous email sending <br> (A user recently sent more email than during the previous 7-10 days.)|Automated investigation does not result in a specific pending action. <p> Sending a large volume of email isn't malicious by itself; the user might just have sent email to a large group of recipients for an event. To investigate, use the [New users forwarding email insight in the EAC](/exchange/monitoring/mail-flow-insights/mfi-new-users-forwarding-email-insight) and [Outbound message report in the EAC](/exchange/monitoring/mail-flow-reports/mfr-inbound-messages-and-outbound-messages-reports) to determine what's going on and take action.|

+2. In the navigation pane, select **Actions & submissions** \> **Action center**.

+4. In the flyout pane, select **Open investigation page**.

+[Auto-forwarded messages report in the EAC](/exchange/monitoring/mail-flow-reports/mfr-auto-forwarded-messages-report)

+|Mail flow reports|[Mail flow reports in the Exchange admin center](/exchange/monitoring/mail-flow-reports/mail-flow-reports)|

+|Mail flow insights|[Mail flow insights in the Exchange admin center](/exchange/monitoring/mail-flow-insights/mail-flow-insights)|

+ - We recommend that you always enclose the display name in double quotation marks (") as shown. If the display name contains a comma, you *must* enclose the string in double quotation marks per RFC 5322.

+- `From: <firstname lastname@contoso.com>` (The email address contains a space.)

+- The [Mailflow status report](view-email-security-reports.md#mailflow-status-report)

+The **Mail flow map** in the [Security & Compliance Center](https://protection.office.com) gives insight as to how mail flows through your organization. You can use this information to learn patterns, identify anomalies, and fix issues as they occur.

+- Email & collaboration roles in the Microsoft 365 Defender portal give permissions to the Microsoft 365 Defender Portal and the Microsoft Purview compliance portal. For example, if you add a user to Security Administrator in the Microsoft 365 Defender portal, they have Security Administrator access **only** in the Microsoft 365 Defender Portal and the Microsoft Purview compliance portal.

+[View mail flow reports in the EAC](/exchange/monitoring/mail-flow-reports/mail-flow-reports)

+**Automatic redirection from Office 365 Security & Compliance Center to Microsoft 365 Defender portal:** Automatic redirection begins for users accessing the security solutions in Office 365 Security & Compliance center (protection.office.com) to the appropriate solutions in Microsoft 365 Defender portal (security.microsoft.com). This is for all security workflows like: Alerts, Threat Management, and Reports.

+ - GCC Environment:

+ - From Office 365 Security & Compliance Center URL: protection.office.com

+ - To Microsoft 365 Defender URL: security.microsoft.com

+ - GCC-High Environment:

+ - From Office 365 Security & Compliance Center URL: scc.office365.us

+ - To Microsoft 365 Defender URL: security.microsoft.us

+ - DoD Environment:

+ - From Office 365 Security & Compliance Center URL: scc.protection.apps.mil

+ - To Microsoft 365 Defender URL: security.apps.mil

+- Items in the Office 365 Security & Compliance Center that are not related to security aren't redirected to Microsoft 365 Defender. For compliance solutions redirection to Microsoft 365 Compliance Center, see Message Center post 244886.

+- This change impacts all customers who use the Office 365 Security & Compliance Center (protection.office.com), including Microsoft Defender for Office (Plan 1 or Plan 2), Microsoft 365 E3 / E5, Office 365 E3/ E5, and Exchange Online Protection. For the full list, see [Security & Compliance Center - Service Descriptions | Microsoft Docs](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance)