Updates from: 02/11/2021 04:22:15
Category Microsoft Docs article Related commit history on GitHub Change details
admin https://docs.microsoft.com/en-us/microsoft-365/admin/activity-reports/microsoft-teams-device-usage-preview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/microsoft-teams-device-usage-preview.md
@@ -42,6 +42,8 @@ You can view the device use in the Teams report by choosing the **Device usage**
Select **Choose columns** to add or remove columns from the report. <br/> ![Teams user device report - choose columns](../../media/3358d5d9-931b-4d30-931f-450b2f5717da.png) You can also export the report data into an Excel .csv file by selecting the **Export** link. This exports data of all users and enables you to do simple sorting and filtering for further analysis. If you have less than 2000 users, you can sort and filter within the table in the report itself. If you have more than 2000 users, in order to filter and sort, you will need to export the data. +
+The **Microsoft Teams device usage** report can be viewed for trends over the last 7 days, 30 days, 90 days, or 180 days. However, if you select a particular day in the report, the table (7) will show data for up to 28 days from the current date (not the date the report was generated).
|Item|Description| |:--|:--|
admin https://docs.microsoft.com/en-us/microsoft-365/admin/activity-reports/microsoft-teams-user-activity-preview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/microsoft-teams-user-activity-preview.md
@@ -41,6 +41,8 @@ Select **Choose columns** to add or remove columns from the report. <br/> ![Tea
You can also export the report data into an Excel .csv file by selecting the **Export** link. This exports data of all users and enables you to do simple sorting and filtering for further analysis. If you have less than 2000 users, you can sort and filter within the table in the report itself. If you have more than 2000 users, in order to filter and sort, you will need to export the data. The exported format for **audio time**, **video time**, and **screen share time** follows ISO8601 duration format.
+The **Microsoft Teams user activity** report can be viewed for trends over the last 7 days, 30 days, 90 days, or 180 days. However, if you select a particular day in the report, the table (7) will show data for up to 28 days from the current date (not the date the report was generated).
+ To ensure data quality, we perform daily data validation checks for the past three days and will be filling any gaps detected. You may notice differences in historical data during the process. |Item|Description|
admin https://docs.microsoft.com/en-us/microsoft-365/admin/activity-reports/sharepoint-site-usage-ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/sharepoint-site-usage-ww.md
@@ -40,7 +40,7 @@ Microsoft 365 Reports in the admin center is not supported for GCC High and DoD
You can view the site usage in the SharePoint report by choosing the **Site usage** tab.<br/>![Microsoft 365 reports - Microsoft SharePoint site usage report.](../../media/d1cb6200-e81c-460b-9d05-53f4bd7cf5ee.png)
-Select **Choose columns** to add or remove columns from the report. <br/> ![SharePoint site usage report - choose columns](../../media/639f3cfd-6725-4318-a225-6d5c2f01770c.png)
+Select **Choose columns** to add or remove columns from the report. <br/> ![SharePoint site usage report - choose columns](../../media/71ac3195-c494-40c1-9346-a858125ef6df.png)
You can also export the report data into an Excel .csv file by selecting the **Export** link. This exports data of all users and enables you to do simple sorting and filtering for further analysis. If you have less than 2000 users, you can sort and filter within the table in the report itself. If you have more than 2000 users, in order to filter and sort, you will need to export the data.
@@ -52,11 +52,19 @@ You can also export the report data into an Excel .csv file by selecting the **E
|Site owner <br/> |The username of the primary owner of the site. <br/> | |Site owner principal name <br/> |The email address of the owner of the site. <br/> | |Last activity date (UTC) <br/> | The date of the last time file activity was detected or a page was viewed on the site. <br/> |
+|Site sensitivity label id <br/> | The sensitivity label on the site. <br/> |
+|External sharing <br/> | The external sharable settings on the site. <br/> |
+|Unmanaged device policy <br/> | The site access policy for unmanaged devices. <br/> |
+|Geo location <br/> | The Geo location of the site. <br/> |
|Files <br/> |The number of files on the site. <br/>| |Active files <br/> | The number of active files on the site.<br/> NOTE: If files were removed during the specified time period for the report, the number of active files shown in the report may be larger than the current number of files on the site. <br/> | |Storage used (MB) <br/> |The amount of storage currently being used on the site. <br/>| |Storage allocated (MB) <br/> |The maximum amount of storage allocated for the site. <br/>| |Page views <br/> |The number of times pages were viewed on the site. <br/>| |Pages visited <br/> |The number of unique pages that were visited on the site. <br/>|
+|Anonymous link count <br/> |The number of times documents or folders are shared using "Anyone with the link" on the site. <br/>|
+|Company link count <br/> |The number of times documents or folders are shared using "People in org with the link" on the site. <br/>|
+|Secure link for guest count <br/> |The number of times documents or folders are shared using "specific people" on the site. <br/>|
+|Secure link for member count <br/> |The number of times documents or folders are shared using "specific people" on the site. <br/>|
|Root Web Template <br/> |The template used for creating the site. <br/> NOTE: If you want to filter the data by different site types, then export the data and use the Root Web Template column. | |||
admin https://docs.microsoft.com/en-us/microsoft-365/admin/microsoft-365-admin-center-preview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/microsoft-365-admin-center-preview.md
@@ -112,4 +112,52 @@ Updating all of the admin centers to have a coherent experience will take awhile
- [Introducing the Microsoft 365 Security and Compliance Center](https://go.microsoft.com/fwlink/?linkid=2025413)
+## What language options are available the Admin Center?
+
+The Microsoft 365 admin center is fully localized in 40 languages.
+
+|Language |Locale |
+|||
+|Arabic | ar |
+|Bulgarian | bg |
+|Catalan | ca |
+|Czech | cs |
+|Danish | da |
+|German | de |
+|Greek | el |
+|Spanish | es |
+|English | en |
+|Estonian | et |
+|Basque | eu |
+|Finnish | fi |
+|French | fr |
+|Galician | gl |
+|Hebrew | he |
+|Croatian | hr |
+|Hungarian | hu |
+|Indonesian | id |
+|Italian | it |
+|Japanese | ja |
+|Korean | ko |
+|Lithuanian | lt |
+|Latvian | lv |
+|Dutch | nl |
+|Norwegian | no |
+|Polish | pl |
+|Portuguese ( Brazil) | pt |
+|Portuguese (Portugal) | pt-pt |
+|Romanian | ro |
+|Russian | ru |
+|Slovak | sk |
+|Slovenian | sl |
+|Serbian (Cyrillic) | sr-cyrl |
+|Serbian Latin | sr |
+|Swedish | sv |
+|Thai | th |
+|Turkish | tr |
+|Ukrainian | uk |
+|Vietnamese | vi |
+|Chinese Simplified | zh-hans |
+|Chinese Traditional | zh-hant |
+ ::: moniker-end
admin https://docs.microsoft.com/en-us/microsoft-365/admin/setup/priority-accounts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/priority-accounts.md
@@ -21,8 +21,10 @@ In every Microsoft 365 organization, there are people that are essential, like e
To help your organization protect these accounts, you can now designate specific users as priority accounts and leverage app-specific features that provide them with extra protection. In the future, more apps and features will support priority accounts, and to start with, weΓÇÖve announced two capabilities: **priority account protection** and **premium mail flow monitoring**. -- **Priority account protection** - Microsoft Defender for Office 365 (formerly Office 365 Advanced Threat Protection) supports priority accounts as tags that can be used in filters in alerts, reports, and investigations. For more information, check out [User tags in Microsoft Defender for Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/user-tags?view=o365-worldwide).-- **Premium Mail Flow Monitoring** - Healthy mail flow can be critical to business success, and delivery delays or failures can have a negative impact on the business. You can choose a threshold for failed or delayed emails, receive alerts when that threshold is exceeded, and view a report of email issues for priority accounts. For more information, check out [Email issues for priority accounts report in the modern EAC](https://docs.microsoft.com/exchange/monitoring/mail-flow-reports/mfr-email-issues-for-priority-accounts-report).
+- **Priority account protection** - Microsoft Defender for Office 365 (formerly Office 365 Advanced Threat Protection) supports priority accounts as tags that can be used in filters in alerts, reports, and investigations. For more information, check out [User tags in Microsoft Defender for Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/user-tags).
+- **Premium Mail Flow Monitoring** - Healthy mail flow can be critical to business success, and delivery delays or failures can have a negative impact on the business. You can choose a threshold for failed or delayed emails, receive alerts when that threshold is exceeded, and view a report of email issues for priority accounts. For more information, check out [Email issues for priority accounts report in the modern EAC](https://docs.microsoft.com/exchange/monitoring/mail-flow-reports/mfr-email-issues-for-priority-accounts-report)
+
+For security best practices for priority accounts, see [Security recommendations for priority accounts](https://docs.microsoft.com/microsoft-365/security/office-365-security/security-recommendations-for-priority-accounts).
## Before you begin
admin https://docs.microsoft.com/en-us/microsoft-365/admin/setup/upgrade-users-to-latest-office-client https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/upgrade-users-to-latest-office-client.md
@@ -98,6 +98,9 @@ Before installing the latest version of Office, we recommend you uninstall all o
We recommend if you have third-party add-ins, contact the manufacturer to see if there's an update that will work with the latest version of Office.
+> [!TIP]
+> If you run into issues while uninstalling Office, you can use the Microsoft Support and Recovery Assistant tool to help you remove Office: [Download and run the Microsoft Support and Recovery Assistant](https://go.microsoft.com/fwlink/?LinkID=2155008).
+ ### Select the version of Office you want to uninstall - [From a PC](https://support.microsoft.com/office/9dd49b83-264a-477a-8fcc-2fdf5dbf61d8)
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/audit-log-search-script https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/audit-log-search-script.md
@@ -16,7 +16,7 @@ search.appverid:
- MOE150 - MET150
-description: "Use a PowerShell script, the runs the Search-UnifiedAuditLog cmdlet, to search the audit log. This script is optimized to return a large set (up to 50,000) audit records. The script exports these records to a CSV file that you can view or transform using Power Query in Excel."
+description: "Use a PowerShell script that runs the Search-UnifiedAuditLog cmdlet in Exchange Online to search the audit log. This script is optimized to return a large set (up to 50,000) of audit records. The script exports these records to a CSV file that you can view or transform using Power Query in Excel."
# Use a PowerShell script to search the audit log
@@ -75,7 +75,7 @@ $intervalMinutes = 60
Function Write-LogFile ([String]$Message) {
- $final = [DateTime]::Now.ToString("s") + ":" + $Message
+ $final = [DateTime]::Now.ToUniversalTime().ToString("s") + ":" + $Message
$final | Out-File $logFile -Append }
@@ -96,7 +96,7 @@ while ($true)
break }
- $sessionID = [DateTime]::Now.ToString("s")
+ $sessionID = [Guid]::NewGuid().ToString() + "_" + "ExtractLogs" + (Get-Date).ToString("yyyyMMddHHmmssfff")
Write-LogFile "INFO: Retrieving audit records for activities performed between $($currentStart) and $($currentEnd)" Write-Host "Retrieving audit records for activities performed between $($currentStart) and $($currentEnd)" $currentCount = 0
@@ -132,14 +132,13 @@ while ($true)
Write-LogFile "END: Retrieving audit records between $($start) and $($end), RecordType=$record, PageSize=$resultSize, total count: $totalCount." Write-Host "Script complete! Finished retrieving audit records for the date range between $($start) and $($end). Total count: $totalCount" -foregroundColor Green- ``` 2. Modify the variables listed in the following table to configure the search criteria. The script includes sample values for these variables, but you should change them (unless stated otherwise) to meet your specific requirements. |Variable|Sample value|Description| ||||
- |`$logFile`|"d:\temp\AuditSearchLog.txt"|Specifies the name and location for the log file that contains information about the progress of the audit log search performed by the script.|
+ |`$logFile`|"d:\temp\AuditSearchLog.txt"|Specifies the name and location for the log file that contains information about the progress of the audit log search performed by the script. The script writes UTC timestamps to the log file.|
|`$outputFile`|"d:\temp\AuditRecords.csv"|Specifies the name and location of the CSV file that contains the audit records returned by the script.| |`[DateTime]$start` and `[DateTime]$end`|[DateTime]::UtcNow.AddDays(-1) <br/>[DateTime]::UtcNow|Specifies the date range for the audit log search. The script will return records for audit activities that occurred within the specified date range. For example, to return activities performed in January 2021, you can use a start date of `"2021-01-01"` and an end date of `"2021-01-31"` (be sure to surround the values in double-quotation marks) The sample value in the script returns records for activities performed in the previous 24 hours. If you don't include a timestamp in the value, the default timestamp is 12:00 AM (midnight) on the specified date.| |`$record`|"AzureActiveDirectory"|Specifies the record type of the audit activities (also called *operations*) to search for. This property indicates the service or feature that an activity was triggered in. For a list of record types that you can use for this variable, see [Audit log record type](https://docs.microsoft.com/office/office-365-management-api/office-365-management-activity-api-schema#auditlogrecordtype). You can use the record type name or ENUM value. <br/><br/>**Tip:** To return audit records for all record types, use the value `$null` (without double-quotations marks).|
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager-setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-setup.md
@@ -44,7 +44,7 @@ Compliance Manager uses a role-based access control (RBAC) permission model. Onl
### Where to set permissions
-The person holding the global admin role for your organization can set user permissions for COmpliance Manager. Permissions can be set in the Office 365 Security & Compliance center as well as in Azure Active Directory (Azure AD).
+The person holding the global admin role for your organization can set user permissions for Compliance Manager. Permissions can be set in the Office 365 Security & Compliance center as well as in Azure Active Directory (Azure AD).
> [!NOTE] > Customers in US Government Community (GCC) High environments can only set user permissions and roles for Compliance Manager in Azure AD. See below for Azure AD instructions and role type definitions.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/enable-archive-mailboxes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/enable-archive-mailboxes.md
@@ -19,15 +19,15 @@ search.appverid:
- MET150 ms.assetid: 268a109e-7843-405b-bb3d-b9393b2342ce
-description: "Learn how to use the security & compliance center in Office 365 to enable archive mailboxes to support your organization's message retention, eDiscovery, and hold requirements."
+description: "Learn how to use the compliance center to enable archive mailboxes to support your organization's message retention, eDiscovery, and hold requirements."
-# Enable archive mailboxes in the Security & Compliance Center
+# Enable archive mailboxes in the compliance center
-Archiving in Office 365 (also called In-Place Archiving) provides users with additional mailbox storage space. After you turn on archive mailboxes, users can access and store messages in their archive mailboxes by using Microsoft Outlook and Outlook on the web (formerly known as Outlook Web App). Users can also move or copy messages between their primary mailbox and their archive mailbox. They can also recover deleted items from the Recoverable Items folder in their archive mailbox by using the Recover Deleted Items tool.
+Archiving in Microsoft 365 (also called *In-Place Archiving*) provides users with additional mailbox storage space. After you turn on archive mailboxes, users can access and store messages in their archive mailboxes by using Microsoft Outlook and Outlook on the web (formerly known as Outlook Web App). Users can also move or copy messages between their primary mailbox and their archive mailbox. They can also recover deleted items from the Recoverable Items folder in their archive mailbox by using the Recover Deleted Items tool.
> [!NOTE]
-> The auto-expanding archiving feature in Office 365 provides additional storage in archive mailboxes. When auto-expanding archiving is turned on, and then the initial storage quota in a user's archive mailbox is reached, Office 365 automatically adds additional storage space. This means that users won't run out of mailbox storage space and you won't have to manage anything after you initially enable the archive mailbox and turn on auto-expanding archiving for your organization. For more information, see [Overview of unlimited archiving in Office 365](unlimited-archiving.md).
+> The auto-expanding archiving feature in Microsoft 365 provides additional storage in archive mailboxes. When auto-expanding archiving is turned on, and then the initial storage quota in a user's archive mailbox is reached, Microsoft 365 automatically adds additional storage space. This means that users won't run out of mailbox storage space and you won't have to manage anything after you initially enable the archive mailbox and turn on auto-expanding archiving for your organization. For more information, see [Overview of unlimited archiving](unlimited-archiving.md).
## Get the necessary permissions
@@ -65,7 +65,7 @@ You have to be assigned the Mail Recipients role in Exchange Online to enable or
You can also use the **Archive** page in the Security & Compliance Center to disable a user's archive mailbox. After you disable an archive mailbox, you can reconnect it to the user's primary mailbox within 30 days of disabling it. In this case, the original contents of the archive mailbox are restored. After 30 days, the contents of the original archive mailbox are permanently deleted and can't be recovered. So if you re-enable the archive more than 30 days after disabling it, a new archive mailbox is created.
-Note that the default archive policy assigned to users' mailboxes moves items to the archive mailbox two years after the date the item is delivered. If you disable a user's archive mailbox, no action will be taken on mailbox items and they will remain in the user's primary mailbox.
+The default archive policy assigned to users' mailboxes moves items to the archive mailbox two years after the date the item is delivered. If you disable a user's archive mailbox, no action will be taken on mailbox items and they will remain in the user's primary mailbox.
To disable an archive mailbox:
@@ -112,7 +112,7 @@ Enable-Mailbox -Identity <username> -Archive
Run the following command to enable the archive mailbox for all users in your organization (whose archive mailbox is currently not enabled). ```powershell
-Get-Mailbox -Filter {ArchiveStatus -Eq "None" -AND RecipientTypeDetails -eq "UserMailbox"} | Enable-Mailbox -Archive
+Get-Mailbox -Filter {ArchiveGuid -Eq "00000000-0000-0000-0000-000000000000" -AND RecipientTypeDetails -Eq "UserMailbox"} | Enable-Mailbox -Archive
``` ### Disable archive mailboxes
@@ -126,7 +126,7 @@ Disable-Mailbox -Identity <username> -Archive
Run the following command to disable the archive mailbox for all users in your organization (whose archive mailbox is currently enabled). ```powershell
-Get-Mailbox -Filter {ArchiveStatus -Eq "Active" -AND RecipientTypeDetails -eq "UserMailbox"} | Disable-Mailbox -Archive
+Get-Mailbox -Filter {ArchiveGuid -Ne "00000000-0000-0000-0000-000000000000" -AND RecipientTypeDetails -Eq "UserMailbox"} | Disable-Mailbox -Archive
``` ## More information
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/set-up-compliance-boundaries https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/set-up-compliance-boundaries.md
@@ -6,7 +6,7 @@
audience: Admin-+ localization_priority: Normal
@@ -31,13 +31,17 @@ We use the example in the following illustration to explain how compliance bound
![Compliance boundaries consist of search permissions filters that control access to agencies and admin role groups that control access to eDiscovery cases](../media/M365_ComplianceBoundary_OrgChart_v2.png)
-In this example, Contoso LTD is an organization that consists of two subsidiaries, Fourth Coffee and Coho Winery. The business requires that eDiscovery mangers and investigators can only search the Exchange mailboxes, OneDrive accounts, and SharePoint sites in their agency. Also, eDiscovery managers and investigators can only see eDiscovery cases in their agency, and they can only access the cases that they're a member of. Here's how compliance boundaries meet these requirements.
+In this example, Contoso LTD is an organization that consists of two subsidiaries, Fourth Coffee and Coho Winery. The business requires that eDiscovery mangers and investigators can only search the Exchange mailboxes, OneDrive accounts, and SharePoint sites in their agency. Also, eDiscovery managers and investigators can only see eDiscovery cases in their agency, and they can only access the cases that they're a member of. Additionally in this scenario, investigators cannot place content locations on hold or export content from a case. Here's how compliance boundaries meet these requirements.
-- The search permissions filtering functionality in Content Search controls the content locations that eDiscovery managers and investigators can search. This means eDiscovery managers and investigators in the Fourth Coffee agency can only search content locations in the Fourth Coffee subsidiary. The same restriction applies to the Coho Winery subsidiary.
+- The search permissions filtering functionality in Content search controls the content locations that eDiscovery managers and investigators can search. This means eDiscovery managers and investigators in the Fourth Coffee agency can only search content locations in the Fourth Coffee subsidiary. The same restriction applies to the Coho Winery subsidiary.
- Role groups control who can see the eDiscovery cases in the Security & Compliance Center. This means that eDiscovery managers and investigators can only see the eDiscovery cases in their agency.
+- Role groups provide the following functions for compliance boundaries:
-- Role groups also control who can assign members to an eDiscovery case. This means eDiscovery managers and investigators can only assign members to cases that they themselves are a member of.
+ - Control who can see the eDiscovery cases in the Security & Compliance Center. This means that eDiscovery managers and investigators can only see the eDiscovery cases in their agency.
+
+ - Control who can assign members to an eDiscovery case. This means eDiscovery managers and investigators can only assign members to cases that they themselves are a member of.
+
+ - Control the eDiscovery-related tasks that members can perform by adding or removing roles that assign specific permissions.
Here's the process for setting up compliance boundaries:
@@ -115,6 +119,8 @@ Using the Contoso compliance boundaries scenario, four role groups need to be cr
- Coho Winery Investigators
+To meet the requirements of the Contoso compliance boundaries scenario, you would also remove the **Hold** and **Export** roles from the investigators role groups to prevent investigators from placing holds on content locations and exporting content from a case.
+ ## Step 4: Create a search permissions filter to enforce the compliance boundary After you've created role groups for each agency, the next step is to create the search permissions filters that associate each role group to its specific agency and defines the compliance boundary itself. You need to create one search permissions filter for each agency. For more information about creating security permissions filters, see [Configure permissions filtering for Content Search](permissions-filtering-for-content-search.md).
@@ -290,7 +296,7 @@ Keep the following limitations in mind when managing eDiscovery cases and invest
- The compliance attribute is synchronized from a user's Exchange mailbox to their OneDrive account every seven days. As previously stated, this synchronization only occurs when the user is assigned both an Exchange Online and SharePoint Online license and the user's mailbox is at least 10 MB. -- If compliance boundaries and search permissions filters implemented for both a user's mailbox and OneDrive account, then we recommend that you don't delete a user's mailbox and not their OneDrive account. In other words, if you delete a user's mailbox, you should also remove the user's OneDrive account.
+- If compliance boundaries and search permissions filters are implemented for both a user's mailbox and OneDrive account, then we recommend that you don't delete a user's mailbox and not their OneDrive account. In other words, if you delete a user's mailbox, you should also remove the user's OneDrive account.
- There are situations (such as a returning employee) where a user might have two or more OneDrive accounts. In these cases, only the primary OneDrive account associated with the user in Azure AD will be synchronized.
managed-desktop https://docs.microsoft.com/en-us/microsoft-365/managed-desktop/get-started/onedrive https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/get-started/onedrive.md
@@ -0,0 +1,56 @@
+
+ Title: Microsoft OneDrive
+description: How Microsoft Managed Desktop sets up OneDrive for enrolled devices
+keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation, apps, line-of-business apps, LOB apps
++
+ms.localizationpriority: normal
++++++
+# Microsoft OneDrive
+
+Microsoft Managed Desktop uses [OneDrive for Business](https://docs.microsoft.com/onedrive/plan-onedrive-enterprise) as a cloud storage service for all Microsoft Managed Desktop devices to ensure that the devices are as stateless as possible. User will be able to find their files no matter which device they sign into. For example, if you replace a Microsoft Managed Desktop device with a new one, files will automatically sync to the new device.
+
+We automatically configure these settings by default on Microsoft Managed Devices:
+
+- OneDrive is silently configured with the user account and automatically signed in (without user interaction) to the user account that was used to sign into Windows. For more information, see [Silently configure user accounts - OneDrive](https://docs.microsoft.com/onedrive/use-silent-account-configuration)
+
+- The Files-On-Demand feature is enabled so that users can access files from their cloud storage in OneDrive without having to use disk space unnecessarily. For more information, see [Save disk space with OneDrive Files On-Demand for Windows 10](https://support.microsoft.com/office/save-disk-space-with-onedrive-files-on-demand-for-windows-10-0e6860d3-d9f3-4971-b321-7092438fb38e).
+
+- The Known Folder Move feature is enabled silently to back up usersΓÇÖ data in the cloud, which gives them access to their files from any device. For more information, see [Back up your Documents, Pictures, and Desktop folders with OneDrive](https://support.microsoft.com/office/back-up-your-documents-pictures-and-desktop-folders-with-onedrive-d61a7930-a6fb-4b95-b28a-6552e77c3057).
+
+- Users cannot disable the Known Folder Move feature or change the location of known folders to ensure a consistent experience across Microsoft Managed Desktop devices.
+
+## User experience
+
+When Microsoft Managed Desktop users receive a new device, they go through a first-run experience by entering their Azure credentials while setting up the device. After this process is completed, they can access their desktop and have the OneDrive experience.
+
+1. The system tells users that OneDrive has been configured and that they have been automatically signed into OneDrive.
++
+2. The system tells users that OneDrive Known Folder Move has been configured for them.
++
+3. To prevent duplicate icons on the desktop when devices are being reset or reimaged, the system automatically removes Microsoft Edge and Microsoft Teams icons from the OneDrive sync, as shown in this view in File Explorer.
+++
+## OneDrive sync restrictions
+
+If you need to restrict OneDrive sync, we recommend that you control access with an Azure Active Directory conditional access policy. For more information, see
+[Enable conditional access support in the OneDrive sync app](https://docs.microsoft.com/onedrive/enable-conditional-access).
+
+If you can't use an Azure AD conditional access policy in your organization, your IT Admin should follow these steps:
+
+1. If you don't already know it, look up your tenant ID, as described in [Find your Microsoft 365 tenant ID](https://docs.microsoft.com/onedrive/find-your-office-365-tenant-id).
+2. Sign in to the OneDrive admin center, and then select **Sync** in the left pane. Select the **Allow syncing only on PCs joined to specific domains** check box, and then add the tenant ID to the list of domains. For more information, see [Allow syncing only on computers joined to specific domains](https://docs.microsoft.com/onedrive/allow-syncing-only-on-specific-domains).
+
+> [!NOTE]
+> This guidance applies only to tenants in Microsoft Managed Desktop. There are other settings in use that aren't discussed in this article.
managed-desktop https://docs.microsoft.com/en-us/microsoft-365/managed-desktop/intro/technologies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/intro/technologies.md
@@ -32,34 +32,36 @@ Win32 Applications | Teams isn't shipped with the device, but is packaged and pr
Web Applications | Yammer, Office in a browser, Delve, Flow, StaffHub, PowerApps, and Planner aren't shipped with the device. Users can access the web version of these applications with a browser. - ## Windows 10 Enterprise E5 or E3 with Microsoft Defender for Endpoint
-Recommended
+We recommend that your IT admins configure the following settings. These settings aren't included or managed as part of Microsoft Managed Desktop.
+ | |
-[Windows Hello for Business](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-identity-verification) | Customers are recommended to implement Windows Hello for Business to replace passwords with strong two-factor authentication used on Microsoft Managed Desktop devices.
-[Application Virtualization](https://docs.microsoft.com/windows/application-management/app-v/appv-technical-reference) | Customers can deploy Application Virtualization (App-V) packages using the Intune Win32 app management client.
-[Microsoft 365 data loss prevention](https://docs.microsoft.com/microsoft-365/compliance/endpoint-dlp-learn-about) | Customers are recommend to implement Microsoft 365 data loss prevention (DLP) to monitor the actions that are being taken on items you've determined to be sensitive and to help prevent the unintentional sharing of those items.
+Windows Hello for Business | You should implement Windows Hello for Business to replace passwords with strong two-factor authentication for Microsoft Managed Desktop devices. For more information, see [Windows Hello for Business](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-identity-verification).
+Application Virtualization | You can deploy Application Virtualization (App-V) packages using the Intune Win32 app management client. For more information, see [Application Virtualization](https://docs.microsoft.com/windows/application-management/app-v/appv-technical-reference).
+Microsoft 365 data loss prevention | You should implement Microsoft 365 data loss prevention to monitor the actions that are being taken on items you've determined to be sensitive and to help prevent the unintentional sharing of those items. For more information, see [Microsoft 365 data loss prevention](https://docs.microsoft.com/microsoft-365/compliance/endpoint-dlp-learn-about).
++
+Features included and managed as part of Microsoft Managed Desktop:
-Included and managed in the service
| |
-[BitLocker Drive Encryption](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) | BitLocker Drive Encryption is used to encrypt all system drives.
-[Windows Defender System Guard]( https://docs.microsoft.com/windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows) | Protects the integrity of the system at start up and validates that system integrity has truly been maintained.
-[Windows Defender Credential Guard]( https://docs.microsoft.com/windows/security/identity-protection/credential-guard/credential-guard) | Windows Defender Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them.
-[Microsoft Defender for Endpoint | Endpoint Detection and Response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) | Microsoft Managed Desktop Security Operations responds to alerts and takes action to remediate threats using Endpoint Detection and Response.
-[Microsoft Defender for Endpoint | Threat Experts](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts) | Microsoft Managed Desktop integrates with Threat Experts insights and data through targeted attack notifications. Customers are required to provide additional consent before this service is enabled.
-[Microsoft Defender for Endpoint | Threat and Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) | Required for future use in the Microsoft Managed Desktop service plan.
-[Microsoft Defender for Endpoint | Attack Surface Reduction](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction) | Attack surface reduction targets risky software behaviors that are often abused by attackers.
-[Microsoft Defender for Endpoint | Exploit Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exploit-protection) | Protects against malware that uses exploits to infect devices and spread by automatically applying exploit mitigation techniques to both operating system processes and apps.
-[Microsoft Defender for Endpoint | Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) | Network protection expands the scope of Microsoft Defender SmartScreen to block all outbound HTTP(s) traffic that attempts to connect to low-reputation sources.
-[Microsoft Defender Tamper Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection) | Windows Tamper Protection is used to prevent security settings such as anti-virus protection from being changed.
-[Microsoft Defender Antivirus Behavior-based, heuristic, and real-time antivirus protection]( https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) | Always on scanning for file and process threats which may not be detected as malware.
-[Microsoft Defender Antivirus Cloud-delivered Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus) | Provides dynamic near-instant, automated protection against new and emerging threats.
-[Microsoft Defender Block at first sight](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus) | Provides detection and blocking of new malware when Windows detects a suspicious or unknown file.
-[Microsoft Defender AV Potentially Unwanted Applications](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus) | Potentially unwanted applications (PUA) is used to block apps that can cause your machine to run slowly, display unexpected ads, or at worst, install other software which might be unexpected or unwanted.
-[Windows Defender Firewall with Advanced Security](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security) | Host-based, two-way network traffic filtering for a device, Windows Defender Firewall blocks unauthorized network traffic flowing into or out of the local device.
-[User Account Control](https://docs.microsoft.com/windows/security/identity-protection/user-account-control/how-user-account-control-works) | User Account Control switches to the Secure Desktop when a task or action requires the administrator account type access. Microsoft Managed Desktop users are assigned Standard user access at enrollment.
+BitLocker Drive Encryption | BitLocker Drive Encryption is used to encrypt all system drives. For more information, see [BitLocker Drive Encryption](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview).
+Windows Defender System Guard | Protects the integrity of the system at startup and validates that system integrity has truly been maintained. For more information, see [Windows Defender System Guard]( https://docs.microsoft.com/windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows).
+Windows Defender Credential Guard | Windows Defender Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. For more information, see [Windows Defender System Guard]( https://docs.microsoft.com/windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows).
+Microsoft Defender for Endpoint - Endpoint Detection and Response | Microsoft Managed Desktop Security Operations responds to alerts and takes action to remediate threats using Endpoint Detection and Response. For more information, see [Microsoft Defender for Endpoint - Endpoint Detection and Response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response).
+Microsoft Defender for Endpoint - Threat Experts | Microsoft Managed Desktop integrates with Threat Experts insights and data through targeted attack notifications. You will have to provide additional consent before this service is enabled. For more information, see [Microsoft Defender for Endpoint - Threat Experts](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts).
+Microsoft Defender for Endpoint - Threat and Vulnerability Management | Required for future use in the Microsoft Managed Desktop service plan. For more information, see [Microsoft Defender for Endpoint - Threat and Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt).
+Microsoft Defender for Endpoint - Attack Surface Reduction | Attack surface reduction targets risky software behaviors that are often abused by attackers. For more information, see [Microsoft Defender for Endpoint - Attack Surface Reduction](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction).
+Microsoft Defender for Endpoint - Exploit Protection | Protects against malware that uses exploits to infect devices and spread by automatically applying exploit mitigation techniques to both operating system processes and apps. For more information, see [Microsoft Defender for Endpoint - Exploit Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exploit-protection).
+Microsoft Defender for Endpoint - Network Protection | Network protection expands the scope of Microsoft Defender SmartScreen to block all outbound HTTP and HTTPS traffic that attempts to connect to low-reputation sources. For more information, see [Microsoft Defender for Endpoint - Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection).
+Microsoft Defender Tamper Protection | Windows Tamper Protection is used to prevent security settings such as anti-virus protection from being changed. For more information, see [Microsoft Defender Tamper Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection).
+Microsoft Defender Antivirus Behavior-based, heuristic, and real-time antivirus protection | Always on scanning for file and process threats which may not be detected as malware. For more information, see [Microsoft Defender Antivirus Behavior-based, heuristic, and real-time antivirus protection]( https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10).
+Microsoft Defender Antivirus Cloud-delivered Protection | Provides dynamic near-instant, automated protection against new and emerging threats. For more information, see [Microsoft Defender Antivirus Cloud-delivered Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus).
+Microsoft Defender "Block at first sight" | Provides detection and blocking of new malware when Windows detects a suspicious or unknown file. For more information, see [Microsoft Defender Block at first sight](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus).
+Microsoft Defender AV Potentially Unwanted Applications | Potentially unwanted applications is used to block apps that can cause your machine to run slowly, display unexpected ads, or at worst, install other software which might be unexpected or unwanted. For more information, see [Microsoft Defender AV Potentially Unwanted Applications](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus).
+Windows Defender Firewall with Advanced Security | Host-based, two-way network traffic filtering for a device, Windows Defender Firewall blocks unauthorized network traffic flowing into or out of the local device. For more information, see [Windows Defender Firewall with Advanced Security](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security).
+User Account Control | User Account Control switches to the Secure Desktop when a task or action requires the administrator account-type access. Microsoft Managed Desktop users are assigned Standard user access at enrollment. For more information, see [User Account Control](https://docs.microsoft.com/windows/security/identity-protection/user-account-control/how-user-account-control-works).
## Enterprise Mobility + Security E5
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/about-defender-for-office-365-trial https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/about-defender-for-office-365-trial.md
@@ -36,7 +36,7 @@ A Microsoft Defender for Office 365 trial is the easiest way to try the capabili
## Terms and conditions
-The Defender for Office 365 trial is available for 90 days and can initiated for all of your users. For more information, see [Terms of use for the Microsoft Defender for Office 365 trial](terms-of-use-defender-for-office-365-trial.md).
+The Defender for Office 365 trial is available for 90 days and can be initiated for all of your users. For more information, see [Microsoft Defender for Office 365 Trial Terms & Conditions](defender-for-office-365-trial-terms-and-conditions.md).
## Set up a Defender for Office 365 trial
@@ -44,7 +44,7 @@ A trial allows organizations to easily set up and configure the Defender for Off
By default, these policies are scoped to all users in the organization, but admins can customize the policies during or after setup so they apply only to specific users.
-During setup, MDO response functionality (found in MDO P2 or equivalent) is also setup for the entire organization. No policy scoping is required.
+During setup, MDO response functionality (found in MDO P2 or equivalent) is also set up for the entire organization. No policy scoping is required.
## Licensing
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulator https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulator.md
@@ -32,6 +32,10 @@ ms.prod: m365-security
If your organization has Microsoft Defender for Office 365 Plan 2, which includes [Threat Investigation and Response capabilities](office-365-ti.md), you can use Attack Simulator in the Security & Compliance Center to run realistic attack scenarios in your organization. These simulated attacks can help you identify and find vulnerable users before a real attack impacts your bottom line. Read this article to learn more.
+> [!NOTE]
+> Attack Simulator v1 experience has been switched to read-only mode and replaced by Attack simulator training that's described in [Get started using Attack simulation training](attack-simulation-training-get-started.md).
+> The ability to launch new simulations from this site has been disabled. However, you can still access reports for simulations run for a period of 90 days from January 24, 2021.
+ ## What do you need to know before you begin? - To open the Security & Compliance Center, go to <https://protection.office.com/>. Attack simulator is available at **Threat management** \> **Attack simulator**. Go go directly to attack simulator, open <https://protection.office.com/attacksimulator>.
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/defender-for-office-365-trial-terms-and-conditions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/defender-for-office-365-trial-terms-and-conditions.md
@@ -0,0 +1,25 @@
+
+ Title: "Terms of use for the Microsoft Defender for Office 365 trial"
+f1.keywords:
+++
+audience: Admin
++
+localization_priority: Normal
+search.appverid:
+- MET150
+ms.assetid:
+
+- M365-security-compliance
+- m365initiative-defender-office365
+
+- seo-marvel-apr2020
+
+description: "Admins can learn about the terms of use for the Microsoft Defender for Office 365 trial"
++
+# Microsoft Defender for Office 365 Trial Terms & Conditions
+
+By participating in this free trial ("**Trial**") of the Microsoft Defender for Office 365 Services, you agree to be bound by our [Online Services Terms](https://www.microsoftvolumelicensing.com/DocumentSearch.aspx?Mode=3&DocumentTypeId=46) and the following terms ("**Trial Terms**"), provided that in the event of a conflict, the Trial Terms shall govern. The Trial period will be for ninety (90) days from the date that you activate the Trial. Unless you purchase a subscription to Microsoft Defender for Office 365 prior to the expiration or termination of your Trial period, you will no longer have access to (i) any data related to the features of the Trial that you entered into your account, and (ii) configurations or customizations made by you or for you using the features of the Trial. Microsoft reserves the right to terminate or modify the Trial and/or these Trial Terms at any time without prior notice and without liability. Trial offer is not available for customers in all regions and countries.
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/terms-of-use-defender-for-office-365-trial https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/terms-of-use-defender-for-office-365-trial.md
@@ -1,23 +0,0 @@
- Title: "Terms of use for the Microsoft Defender for Office 365 trial"-----
-localization_priority: Normal
-- MET150--- M365-security-compliance-- m365initiative-defender-office365--- seo-marvel-apr2020-
-description: "Admins can learn about the terms of use for the Microsoft Defender for Office 365 trial"
--
-# Terms of use for the Microsoft Defender for Office 365 trial
solutions https://docs.microsoft.com/en-us/microsoft-365/solutions/collaborate-as-team https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/collaborate-as-team.md
@@ -23,7 +23,7 @@ description: Learn about the Microsoft 365 configuration steps necessary to set
If you need to collaborate with guests across documents, tasks, and conversations, we recommend using Microsoft Teams. Teams provides all of the collaboration features available in Office and SharePoint with persistent chat and a customizable and extensible set of collaboration tools in a unified user experience.
-In this article, we'll walk through the Microsoft 365 configuration steps necessary to set up a team for collaboration with guests.
+In this article, we'll walk through the Microsoft 365 configuration steps necessary to set up a team for collaboration with guests. Once you have configured guest access, you can invite guests to teams by following the steps in [Add guests to a team in Teams](https://support.microsoft.com/office/fccb4fa6-f864-4508-bdde-256e7384a14f).
## Video demonstration
solutions https://docs.microsoft.com/en-us/microsoft-365/solutions/microsoft-365-limit-sharing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/microsoft-365-limit-sharing.md
@@ -32,7 +32,7 @@ The methods of sharing files are listed in the table below. Click the link in th
|[Microsoft 365 group or team](#microsoft-365-group-or-team)|People granted access to a Microsoft Teams team or Microsoft 365 group have edit access to files in the associated SharePoint site.|If the group or team is private, sharing invitations to join the team go to the owner for approval. Admins can disable guest access or use sensitivity labels to prevent access by people from outside the organization.| |[SharePoint site](#sharepoint-site)|People can be granted Owner, Member, or Visitor access to a SharePoint site and will have that level of access to files in the site.|Site permissions can be restricted so that only site owners can share the site. Admins can set a site to read-only or block access entirely.| |[Sharing with specific people](#sharing-with-specific-people)|Site members and people with edit permissions can give direct permissions to files and folders or share them by using *Specific people* links.|Site permissions can be restricted so that only site owners can share files and folders. In this case, direct access and *Specific people* link sharing by site members goes to site owner for approval.|
-|[SharePoint guest sharing](#sharepoint-guest-sharing)|SharePoint site owners and members can share files and folders with people outside the organization.|Guest sharing can be disabled for the entire organization or for individual sites.|
+|[SharePoint and OneDrive guest sharing](#sharepoint-guest-sharing)|SharePoint site owners and members and OneDrive owners can share files and folders with people outside the organization.|Guest sharing can be disabled for the entire organization or for individual sites.|
|[*People in your organization* sharing links](#people-in-your-organization-sharing-links)|SharePoint site owners and members can share files using *People in your organization* links, which will work for anyone inside the organization.|*People in your organization* links can be disabled at the site level.| |[Create sites, groups, and teams](#create-sites-groups-and-teams)|By default, users can create new sites, groups, and teams from which they can share content.|Admins can restrict who can create sites, groups, and teams.| |[Email](#email)|People with access to a file can send it to others via email.|Admins can encrypt files by using sensitivity labels to prevent them being shared with unauthorized people.|
@@ -151,6 +151,8 @@ To turn off guest sharing for a site
![Screenshot of SharePoint site-level sharing settings set to Only people in your organization](../media/sharepoint-site-external-sharing-settings-off.png)
+You can turn off guest sharing for an individual OneDrive by clicking the user in the Microsoft 365 admin center and selecting **Manage external sharing** on the **OneDrive** tab.
+ If you would like to allow sharing with people outside your organization but you want to make sure that everyone authenticates, you can disable *Anyone* (anonymous sharing) links for the entire organization or for an individual site. To turn off *Anyone* links at the organization level
@@ -172,11 +174,15 @@ To turn off *Anyone* links for a site
By default, members of a site can share files and folders with other people in your organization by using a *People in your organization* link. You can disable *People in your organization* links by using PowerShell:
-`Set-SPOSite -Identity <site> -DisableCompanyWideSharingLinks`
+```powershell
+Set-SPOSite -Identity <site> -DisableCompanyWideSharingLinks
+```
For example:
-`Set-SPOSite -Identity https://contoso.sharepoint.com -DisableCompanyWideSharingLinks`
+```powershell
+Set-SPOSite -Identity https://contoso.sharepoint.com -DisableCompanyWideSharingLinks
+```
## Create sites, groups, and teams
@@ -185,7 +191,8 @@ By default, users can create new sites, groups, and teams from which they may be
- [Manage site creation in SharePoint](https://docs.microsoft.com/sharepoint/manage-site-creation) - [Manage who can create Microsoft 365 Groups](https://docs.microsoft.com/microsoft-365/solutions/manage-creation-of-groups)
-Note that restricting group creation restricts team creation.
+> [!NOTE]
+> Restricting group creation restricts team creation.
## Email