+Your users can delete their Copilot interaction history, which includes their prompts and the responses Copilot returns, by going to the [My Account portal](https://myaccount.microsoft.com/). For more information, see [Delete your Microsoft Copilot interaction history](https://support.microsoft.com/office/76de8afa-5eaf-43b0-bda8-0076d6e0390f).

+ Title: "Network provider details in the Microsoft 365 Admin Center (PREVIEW)"

+audience: Admin

+ms.localizationpriority: medium

+search.appverid:

+- MET150

+- scotvorg

+- Ent_O365

+- Strat_O365_Enterprise

+- must-keep

+description: "Network provider connectivity attribution in the Microsoft 365 Admin Center"

+# Network provider details in the Microsoft 365 Admin Center

+We try to detect network provider device interference between your tenant users and Microsoft 365 services. Here are the types of device interference we can detect.

+Percentage refers to the percentage of media streams for Teams, and percentage of connections for Exchange and SharePoint.

+## SSL break and inspect test

+This test detects a private or unknown certificate presented by a network device to your tenant users for data path connections to Microsoft 365 services, a private certificate is typically used when the network device intends to perform break and inspect operation at the SSL or TLS layer for those connections. We may not be able to show you the detected certificate issuer names due to privacy reasons.

+## Incorrect destination IP address detected

+This indicates that the destination endpoint representing Microsoft 365 endpoints have incorrect or unfamiliar IP addresses assigned to them. Typically, this means there's an intermediate network device acting as a proxy and we'll show you the incorrect or unfamiliar IP address detected.

+## VPN or tunneling detected

+This indicates that the network taken to connect to Microsoft 365 endpoints involves a VPN or traffic tunneling. A VPN or traffic tunneling might cause backhaul of network traffic and lead to network performance issues that impacts user experience.

+## No device interference detected

+This is aligned with our connectivity principles and indicates that there was no device interference detected between your tenant users and Microsoft 365 services.

+## Related articles

+[Network connectivity in the Microsoft 365 admin center](office-365-network-mac-perf-overview.md)

+[Network provider program data calculations](office-365-network-mac-perf-nppdata.md)

+[Microsoft 365 network assessment](office-365-network-mac-perf-score.md)

+[Microsoft 365 network connectivity test tool](office-365-network-mac-perf-onboarding-tool.md)

+|**Last updated:** 01/30/2024 - |

+Thanks for choosing Microsoft 365 for frontline workers. Whether you're an independent business or a large multi-national enterprise, Microsoft 365 and Teams for frontline workers can help bring your organization together with tools for communication, collaboration, and productivity. And no matter whether you're just getting into collaboration tools for the first time, or you're already using Microsoft 365 and Teams for your non-frontline workers, we can help you get up and running.

+|[Set up Microsoft 365 for frontline workers](flw-setup-microsoft-365.md)|Follow this setup path if you're an IT Pro or responsible for planning, or deploying Teams for frontline workers. It walks through preparing your environment, setting up the core of Microsoft 365, and then setting up the services you need for your scenarios. |

+|Deploy Teams at scale for your frontline workers |After you set up Microsoft 365 and assigned licenses to your users, you can use the Teams admin center or PowerShell to create and manage teams for your whole frontline workforce. <ul><li>[Deploy frontline dynamic teams at scale](deploy-dynamic-teams-at-scale.md)</li><li>[Deploy frontline static teams at scale with PowerShell](deploy-teams-at-scale.md)</li></ul>|

+After you set up Microsoft 365, Teams, and any services you need, you can configure Teams and the apps in Teams to support your scenarios. Each of the paths walks you through the process, from initial setup to configured teams with the apps that your frontline workforce need to start working.

+To learn more about how Microsoft 365 can help your frontline workers, see [Choose your scenarios for Microsoft 365 for frontline workers](flw-choose-scenarios.md).

+|[](https://go.microsoft.com/fwlink/?linkid=2206713) <br/> [PDF](https://go.microsoft.com/fwlink/?linkid=2206713) \| [Visio](https://go.microsoft.com/fwlink/?linkid=2206386) <br>Updated January 2024 |This poster provides an overview of the scenarios you can implement for your frontline workforce to increase communications, enhance wellbeing and engagement, train and onboard your workers, and manage your workforce and operations.|

+|[](https://go.microsoft.com/fwlink/?linkid=2206475) <br/> [PDF](https://go.microsoft.com/fwlink/?linkid=2206475) \| [Visio](https://go.microsoft.com/fwlink/?linkid=2206474) <br>Updated January 2024 |This poster provides an overview of the scenarios you can implement for your frontline workforce in a healthcare setting.|

+|[](https://go.microsoft.com/fwlink/?linkid=2206476) <br/> [PDF](https://go.microsoft.com/fwlink/?linkid=2206476) \| [Visio](https://go.microsoft.com/fwlink/?linkid=2206271) <br>Updated January 2024 |This poster provides an overview of the scenarios you can implement for your frontline workforce in a retail setting.|

+ "exploitUris": [],

+ "CveSupportability": "supported"

+[Get vulnerability by Id](get-vulnerability-by-id.md)|Vulnerability|Retrieves vulnerability information by its Id

+[List devices by vulnerability](get-machines-by-vulnerability.md)|MachineRef collection|Retrieve a list of devices that are associated with the vulnerability Id

+Id|String|Vulnerability Id

+Severity|String|Vulnerability Severity. Possible values are: **Low**, **Medium**, **High**, or **Critical**

+cvssVector|String| A compressed textual representation that reflects the values used to derive the score

+exploitTypes|String collection|Exploit affect. Possible values are: **Local privilege escalation**, **Denial of service**, or **Local**

+CveSupportability| String collection| Possible values are: **Supported**, **Not Supported**, or **SupportedInPremium**

+ - has-azure-ad-ps-ref, azure-ad-ref-level-one-done

+- Microsoft Graph PowerShell

+## Assign user access using Microsoft Graph PowerShell

+- Install Microsoft Graph PowerShell. For more information, see, [How to install Microsoft Graph PowerShell](/powershell/microsoftgraph/installation).

+- Connect to your Microsoft Entra ID. For more information, see [Connect-MgGraph](/powershell/microsoftgraph/authentication-commands).

+ $Role = Get-MgDirectoryRole -Filter "DisplayName eq 'Security Administrator'"

+ $UserId = (Get-MgUser -UserId "secadmin@Contoso.onmicrosoft.com").Id

+ $DirObject = @{

+ "@odata.id" = "https://graph.microsoft.com/v1.0/directoryObjects/$UserId"

+ }

+ New-MgDirectoryRoleMemberByRef -DirectoryRoleId $Role.Id -BodyParameter $DirObject

+ $Role = Get-MgDirectoryRole -Filter "DisplayName eq 'Security Reader'"

+ $UserId = (Get-MgUser -UserId "reader@Contoso.onmicrosoft.com").Id

+ $DirObject = @{

+ "@odata.id" = "https://graph.microsoft.com/v1.0/directoryObjects/$UserId"

+ }

+ New-MgDirectoryRoleMemberByRef -DirectoryRoleId $Role.Id -BodyParameter $DirObject

+> The Microsoft Defender for Endpoint Threat Protection report page is now deprecated and is no longer available. Microsoft recommends that you transition to either the Defender XDR alerts or advanced hunting to understand endpoint threat protection details. See the following sections for more information.

+## Use the alert queue filter in Defender XDR

+Due to the deprecation of the Defender for Endpoint Threat protection report, you can use the Defender XDR alerts view, filtered against Defender for Endpoint, to see the current status of alerts for protected devices. For alert status, such as *unresolved*, you can filter against *New* and *In progress* items. [Learn more about Defender XDR Alerts](../defender/investigate-alerts.md).

+## Related topics

+ Title: Security advisories

+description: Lists the firmware security advisories for devices in your organization. Discovered by the Microsoft Defender vulnerability management capabilities.

+ms.localizationpriority: medium

+audience: ITPro

+ - m365-security

+ - Tier1

+search.appverid: met150

+# Security advisories

+Security advisories provide an efficient way to view, track, and monitor firmware advisories for affected devices. You can filter on exposed devices and view advisories that affect specific devices. By monitoring these advisories, security teams can take action more quickly to prevent attackers from targeting firmware vulnerabilities.

+> [!NOTE]

+> This capability is currently available in public preview and may be substantially modified before it's commercially released.

+**Applies to:**

+- [Microsoft Defender Vulnerability Management](https://go.microsoft.com/fwlink/?linkid=2229011)

+- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/?linkid=2154037)

+- [Microsoft Defender XDR](https://go.microsoft.com/fwlink/?linkid=2118804)

+- [Microsoft Defender for Servers Plan 1 & 2](/azure/defender-for-cloud/plan-defender-for-servers-select-plan)

+> [!NOTE]

+> To use this feature you'll require Microsoft Defender Vulnerability Management Standalone or if you're already a Microsoft Defender for Endpoint Plan 2 customer, the Defender Vulnerability Management add-on.

+> [!TIP]

+> Did you know you can try all the features in Microsoft Defender Vulnerability Management for free? Find out how to [sign up for a free trial](../defender-vulnerability-management/defender-vulnerability-management-trial.md).

+To view firmware security advisories:

+1. Select **Weaknesses** from the **Vulnerability management** navigation menu in the [Microsoft Defender portal](https://security.microsoft.com)

+2. Select the **Security advisories** tab.

+Security advisories include information about specific version of affected devices or software in your organization that are affected and, if available, instructions for how to update the firmware to address the vulnerability.

+> [!NOTE]

+> Security Advisories are available for the following vendors: Lenovo, Dell, HP.

+For each published advisory, you can see the following information:

+- Advisory ID

+- Severity (provided by the vendor)

+- Related CVEs

+- Advisory link

+- Vendor

+- Age

+- Published on

+- Updated on

+- Exposed devices

+## Related articles

+- [Security recommendations](tvm-security-recommendation.md)

+- [Weaknesses](tvm-weaknesses.md)

+The [Weaknesses page](https://security.microsoft.com/vulnerabilities/cves) in Microsoft Defender Vulnerability Management lists known Common Vulnerabilities and Exposures (CVE) by their CVE ID.

+CVE IDs are unique IDs assigned to publicly disclosed cybersecurity vulnerabilities that affect software, hardware and firmware. They provide organizations with a standard way to identify and track vulnerabilities, and helps them understand, prioritize, and address these vulnerabilities in their organization. CVEs are tracked in a public registry accessed from [https://www.cve.org/](https://www.cve.org/).

+Defender Vulnerability Management uses endpoint sensors to scan and detect for these and other vulnerabilities in an organization.

+## Weaknesses overview page

+To access the Weaknesses page, select **Weaknesses** from the **Vulnerability management** navigation menu in the [Microsoft Defender portal](https://security.microsoft.com)

+The Weaknesses page opens with a list of the CVEs your devices are exposed to. You can view the severity, Common Vulnerability Scoring System (CVSS) rating, corresponding breach and threat insights, and more.

+ :::image type="content" source="../../media/defender-vulnerability-management/tvm-weaknesses-overviewnew.png" alt-text="Screenshot of the weaknesses landing page" lightbox="../../media/defender-vulnerability-management/tvm-weaknesses-overviewnew.png":::

+> [!NOTE]

+> If there is no official CVE-ID assigned to a vulnerability, the vulnerability name is assigned by Microsoft Defender Vulnerability Management and will be the format **TVM-2020-002**.

+> The maximum number of records you can export from the weaknesses page to a CSV file is 10,000.

+It's important to prioritize recommendations that are associated with ongoing threats. You can use the information available in the **Threats** column to help you prioritize vulnerabilities. To see vulnerabilities with ongoing threats, filter the **Threats** column by:

+- Associated active alert

+- Exploit is available

+- Exploit is Verified

+- This exploit is part of an exploit kit

+The threat insights icon  is highlighted in the **Threats** column if there are associated exploits in a vulnerability.

+ :::image type="content" source="../../media/defender-vulnerability-management/weaknesses-threats.png" alt-text="Screenshot of the threats column icons" lightbox="../../media/defender-vulnerability-management/weaknesses-threats.png":::

+Hovering over the icon shows whether the threat is a part of an exploit kit or connected to specific advanced persistent campaigns or activity groups. When available, there's a link to a Threat Analytics report with zero-day exploitation news, disclosures, or related security advisories.

+

+The breach insights icon is highlighted if there's a vulnerability found in your organization. .

+

+The **Exposed Devices** column shows how many devices are currently exposed to a vulnerability. If the column shows 0, that means you aren't at risk.

+## Gain vulnerability insights

+If you select a CVE from the weaknesses page, a flyout panel opens with more information such as the vulnerability description, details and threat insights. The AI generated vulnerability description provides detailed information on the vulnerability, its impact, recommended remediation steps, and any additional information, if available.

+ :::image type="content" source="../../media/defender-vulnerability-management/weaknesses-cve-description.png" alt-text="Screenshot of the weaknesses weaknesses-flyout pane" lightbox="../../media/defender-vulnerability-management/weaknesses-cve-description.png":::

+For each CVE, you can see a list of the exposed devices and the affected software.

+## Related security recommendations

+Use security recommendations to remediate the vulnerabilities in exposed devices and to reduce the risk to your assets and organization. When a security recommendation is available, you can select **Go to the related security recommendation** for details on how to remediate the vulnerability.

+When a security update is only available for some of the related software, the CVE will have the tag 'Some updates available' under the CVE name. Once there is at least one update available, you have the option to go to the related security recommendation.

+If there's no security update available, the CVE will have the tag 'No security update' under the CVE name. There will be no option to go to the related security recommendation as software that doesn't have a security update available is excluded from the Security recommendations page.

+## Request CVE support

+A CVE for software that isn't currently supported by vulnerability management still appears in the Weaknesses page. Because the software is not supported, only limited data will be available. Exposed device information will not be available for CVEs with unsupported software.

+To view a list of unsupported software, filter the weaknesses page by the "Not available" option in the "Exposed devices" section.

+You can request for support to be added to Defender Vulnerability Management for a particular CVE. To request support:

+1. Select the CVE from the [Weaknesses](https://security.microsoft.com/vulnerabilities/cves) page in the Microsoft Defender portal

+2. Select **Please support this CVE** from the Vulnerability details tab

+This request will be sent to Microsoft and will assist us in prioritizing this CVE among others in our system.

+4. Select the vulnerability that you want to investigate to open up a flyout panel with the CVE details.

+1. Select **Devices** from the **Assets** navigation menu in the [Microsoft Defender portal](https://security.microsoft.com).

+3. Select **Open device page** and select **Discovered vulnerabilities** from the device page.

+4. Select the vulnerability that you want to investigate to open up a flyout panel with the CVE details.

+2. Select **Open device page** and select **Discovered vulnerabilities** from the device page.

+Microsoft Defender XDR correlates millions of individual signals to identify active ransomware campaigns or other sophisticated attacks in the environment with high confidence. While an attack is in progress, Defender XDR disrupts the attack by automatically containing compromised assets that the attacker is using through automatic attack disruption.

+Automatic attack disruption limits lateral movement early on and reduces the overall impact of an attack, from associated costs to loss of productivity. At the same time, it leaves security operations teams in complete control of investigating, remediating, and bringing assets back online.

+This article provides an overview of automated attack disruption and includes links to the next steps and other resources.

+Automatic attack disruption is designed to contain attacks in progress, limit the impact on an organization's assets, and provide more time for security teams to remediate the attack fully. Attack disruption in uses the the full breadth of our extended detection and response (XDR) signals, taking the entire attack into account to act at the incident level. This capability is unlike known protection methods such as prevention and blocking based on a single indicator of compromise.

+While many XDR and security orchestration, automation, and response (SOAR) platforms allow you to create your automatic response actions, automatic attack disruption is built-in and uses insights from Microsoft security researchers and advanced AI models to counteract the complexities of advanced attacks. Automatic attack disruption considers the entire context of signals from different sources to determine compromised assets.

+- It uses Defender XDR's ability to correlate signals from many different sources into a single, high-confidence incident through insights from endpoints, identities, email and collaboration tools, and SaaS apps.

+We understand that taking automatic action sometimes comes with hesitation from security teams, given the potential impact it can have on an organization. Therefore, the automatic attack disruption capabilities in Defender XDR are designed to rely on high-fidelity signals. It also uses Defender XDR's incident correlation with millions of Defender product signals across email, identity, applications, documents, devices, networks, and files. Insights from the continuous investigation of thousands of incidents by Microsoft's security research team ensure that automatic attack disruption maintains a high signal-to-noise ratio (SNR).

+Automatic attack disruption uses Microsoft-based XDR response actions. Examples of these actions are:

+- [Contain user](../defender-endpoint/respond-machine-alerts.md#contain-user-from-the-network) - This response action automatically contains suspicious identities temporarily to help block any lateral movement and remote encryption related to incoming communication with Defender for Endpoint's onboarded devices.

+The Defender XDR incident page will reflect the automatic attack disruption actions through the attack story and the status indicated by a yellow bar (Figure 1). The incident shows a dedicated disruption tag, highlight the status of the assets contained in the incident graph, and add an action to the Action Center.

+The Defender XDR user experience now includes additional visual cues to ensure visibility of these automatic actions. You can find them across the following experiences:

+1. On the incident page:

+ - The current asset status is shown in the incident graph if an action is done on an asset, for example, account disabled or device contained

+

+|Microsoft Defender for Office 365|Full support for all data and actions scenarios that are controlled by [Email & Collaboration roles](../office-365-security/mdo-portal-permissions.md) and scenarios controlled by [Exchange Online permissions](/exchange/permissions-exo/permissions-exo). </br></br> **Note:** <ul><li>The Microsoft Defender XDR RBAC model is initially available for organizations with Microsoft Defender for Office 365 Plan 2 licenses only. This capability isn't available to users on trial licenses.</li><li>Granular delegated admin privileges (GDAP) isn't supported.</li><li>Cmdlets in Exchange Online PowerShell and Security & Compliance PowerShell continue to use the old RBAC models and aren't affected by Microsoft Defender XDR Unified RBAC.</li><li>Azure B2B invited guests aren't supported by Defender XDR RBAC, for experiences that were previously under Exchange Online RBAC.</li></ul>|

+Otherwise, if an incident is classified as _True Positive_, our experts then identify the required response actions that need to be performed. The method in which the actions are performed depends on the permissions and access levels you have given the Defender Experts for XDR service. [Learn more about granting permissions to our experts](get-started-xdr.md#grant-permissions-to-our-experts).

+|[](https://go.microsoft.com/fwlink/?linkid=2206713) <br/> [PDF](https://go.microsoft.com/fwlink/?linkid=2206713) \| [Visio](https://go.microsoft.com/fwlink/?linkid=2206386) <br>Updated January 2024 |**Frontline worker scenarios**<br><br>This poster provides an overview of the scenarios you can implement for your frontline workforce to increase communications, enhance wellbeing and engagement, train and onboard your workers, and manage your workforce and operations.<br/><br/>**Related solution guides** <br/> <ul><li>[Microsoft 365 for frontline workers](/microsoft-365/frontline/flw-overview)|

+|[](https://go.microsoft.com/fwlink/?linkid=2206475) <br/> [PDF](https://go.microsoft.com/fwlink/?linkid=2206475) \| [Visio](https://go.microsoft.com/fwlink/?linkid=2206474) <br>Updated January 2024 |**Healthcare scenarios**<br><br>This poster provides an overview of the scenarios you can implement for your frontline workforce in a healthcare setting.<br/><br/>**Related solution guides** <br/> <ul><li>[Get started with Microsoft 365 for healthcare organizations](/microsoft-365/frontline/teams-in-hc)|

+|[](https://go.microsoft.com/fwlink/?linkid=2206476) <br/> [PDF](https://go.microsoft.com/fwlink/?linkid=2206476) \| [Visio](https://go.microsoft.com/fwlink/?linkid=2206271) <br>Updated January 2024 |**Retail scenarios**<br><br>This poster provides an overview of the scenarios you can implement for your frontline workforce in a retail setting.<br/><br/>**Related solution guides** <br/> <ul><li>[Get started with Microsoft 365 for retail organizations](/microsoft-365/frontline/teams-for-retail-landing-page)|