Updates from: 02/13/2021 04:19:30
Category Microsoft Docs article Related commit history on GitHub Change details
admin https://docs.microsoft.com/en-us/microsoft-365/admin/manage/use-qr-code-download-outlook https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/use-qr-code-download-outlook.md
@@ -20,7 +20,7 @@ description: "Learn how to use a QR code to authenticate and download Outlook mo
# Use a QR code to sign-in to the Outlook mobile apps > [!IMPORTANT]
-> This Microsoft 365 feature is in public preview. Public preview provides early access to Microsoft 365 features.
+> This feature is only available to organizations who have turned on Targeted Release in the Microsoft 365 admin center. To turn on Targeted release and learn more about how it works, see [Set up the Standard or Targeted release options](release-options-in-office-365.md). WeΓÇÖll be expanding to more organizations in the coming weeks through public preview. Public preview provides early access to Microsoft 365 features.
As the Microsoft 365 administrator, you can enable your users to sign in to Outlook for Android or iOS app on their mobile devices without having to enter their username and password. By scanning a QR code, users can securely authenticate and sign in to Outlook mobile.
@@ -31,7 +31,7 @@ In Outlook on the web or other desktop Outlook applications, users may see notif
## Use Exchange PowerShell
-This experience is on by default. To disable this feature, follow the steps below.
+This feature is on by default. To disable this feature, follow the steps below.
1. [Connect to Exchange PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-exchange-online-powershell?view=exchange-ps). 2. Using PowerShell, you can disable the notifications informing your users about the Outlook mobile apps. This will also prevent the QR code sign-in flow from being shown.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/advanced-audit https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/advanced-audit.md
@@ -102,7 +102,19 @@ You can also run the [Search-UnifiedAuditLog -Operations Send](https://docs.micr
### SearchQueryInitiatedExchange
-The SearchQueryInitiatedExchange event is triggered when a person uses the Search bar in Outlook on the web (OWA) to search for items in a mailbox. Investigators can use the SearchQueryInitiatedExchange event to determine if an attacker who may have compromised an account looked for or tried to access sensitive information in the mailbox. The audit record for a SearchQueryInitiatedExchange event contains information such as the actual text of the search query. By looking at the search queries that an attacker may have performed, an investigator can better understand the intent of the email data that was searched for.
+The SearchQueryInitiatedExchange event is triggered when a person uses Outlook to search for items in a mailbox. Events are triggered when searches are performed in the following Outlook environments:
+
+- Outlook (desktop client)
+
+- Outlook on the web (OWA)
+
+- Outlook for iOS
+
+- Outlook for Android
+
+- Mail app for Windows 10
+
+Investigators can use the SearchQueryInitiatedExchange event to determine if an attacker who may have compromised an account looked for or tried to access sensitive information in the mailbox. The audit record for a SearchQueryInitiatedExchange event contains information such as the actual text of the search query. The audit record also indicates the Outlook environment the search was performed in. By looking at the search queries that an attacker may have performed, an investigator can better understand the intent of the email data that was searched for.
To search for SearchQueryInitiatedExchange audit records, you can search for the **Performed email search** activity in the **Search activities** drop-down list in the [audit log search tool](search-the-audit-log-in-security-and-compliance.md) in the compliance center.
@@ -117,7 +129,17 @@ If the `Set-Mailbox -AuditOwner @{Add="SearchQueryInitiated"}` command was previ
### SearchQueryInitiatedSharePoint
-Similar to searching for mailbox items, the SearchQueryInitiatedSharePoint event is triggered when a person searches for items in the SharePoint home site for your organization. Investigators can use the SearchQueryInitiatedSharePoint event to determine if an attacker tried to find (and possibly accessed) sensitive information in SharePoint. The audit record for a SearchQueryInitiatedSharePoint event contains also contains the actual text of the search query. By looking at the search queries that an attacker may have performed, an investigator can better understand the intent and scope of the file data being searched for.
+Similar to searching for mailbox items, the SearchQueryInitiatedSharePoint event is triggered when a person searches for items in SharePoint. Events are triggered when searches are performed in the following types of SharePoint sites:
+
+- Home sites
+
+- Communication sites
+
+- Hub sites
+
+- Sites associated with Microsoft Teams
+
+Investigators can use the SearchQueryInitiatedSharePoint event to determine if an attacker tried to find (and possibly accessed) sensitive information in SharePoint. The audit record for a SearchQueryInitiatedSharePoint event contains also contains the actual text of the search query. The audit record also indicates the type of SharePoint site that was searched. By looking at the search queries that an attacker may have performed, an investigator can better understand the intent and scope of the file data being searched for.
To search for SearchQueryInitiatedSharePoint audit records, you can search for the **Performed SharePoint search** activity in the **Search activities** drop-down list in the [audit log search tool](search-the-audit-log-in-security-and-compliance.md) in the compliance center.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/customer-key-tenant-level https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/customer-key-tenant-level.md
@@ -22,7 +22,7 @@ description: "Learn how to set up Customer Key for all data within your Microsof
Using keys you provide, you can create a data encryption policy (DEP) and assign it to the tenant. The DEP encrypts data across the tenant for these workloads: - Teams chat messages (1:1 chats, group chats, meeting chats and channel conversations)-- Teams media messages (images, code snippets, videos, wiki images)
+- Teams media messages (images, code snippets, videos messages, audio messages, wiki images)
- Teams call and meeting recordings stored in Teams storage - Teams chat notifications - Teams chat suggestions by Cortana
@@ -41,7 +41,7 @@ The tenant-level encryption policy you create encrypts all data for the Microsof
Examples:
-Microsoft Teams files and some Teams call and meeting recordings that are saved in OneDrive for Business and SharePoint are encrypted by a SharePoint Online DEP. A single SharePoint Online DEP encrypts content within a single geo. The tenant-level DEP will encrypt the encrypted data again with the new policy.
+Microsoft Teams files and some Teams call and meeting recordings that are saved in OneDrive for Business and SharePoint are encrypted by a SharePoint Online DEP. A single SharePoint Online DEP encrypts content within a single geo.
For Exchange Online, you can create a DEP that encrypts one or more user mailboxes with Customer Key. When you create a tenant-level policy, that policy will not encrypt the encrypted mailboxes. However, the tenant-level key will encrypt the mailboxes that are not affected by a DEP already.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-sensitivity-labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/get-started-with-sensitivity-labels.md
@@ -76,7 +76,7 @@ All scenarios require you to [Create and configure sensitivity labels and their
|I want to ...|Documentation| |-||
-|Manage sensitivity labels for Office apps so that content is labeled as it's createdΓÇöincludes support for manual labeling on all platforms |[Use sensitivity labels in Office apps](sensitivity-labels-office-apps.md)|
+|Manage sensitivity labels for Office apps so that content is labeled as it's createdΓÇöincludes support for manual labeling on all platforms |[Manage sensitivity labels in Office apps](sensitivity-labels-office-apps.md)|
|Enable users to label and protect files from Windows computers using Office apps, File Explorer, and PowerShell|[Azure Information Protection unified labeling client for Windows](https://docs.microsoft.com/azure/information-protection/rms-client/aip-clientv2)| |Encrypt documents and emails with sensitivity labels and restrict who can access that content and how it can be used |[Restrict access to content by using sensitivity labels to apply encryption](encryption-sensitivity-labels.md)| |Enable sensitivity labels for Office on the web, with support for coauthoring, eDiscovery, data loss prevention, searchΓÇöeven when documents are encrypted | [Enable sensitivity labels for Office files in SharePoint and OneDrive](sensitivity-labels-sharepoint-onedrive-files.md)
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/retention-policies-teams https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-policies-teams.md
@@ -38,22 +38,23 @@ The following Teams items can be retained and deleted by using retention policie
> [!NOTE] > Including card content is a recent addition and currently rolling out to tenants. For more information, see [Microsoft 365 compliance capabilities for Adaptive Card content through apps in Teams now available](https://techcommunity.microsoft.com/t5/microsoft-teams-blog/microsoft-365-compliance-capabilities-for-adaptive-card-content/ba-p/2095869).
-Teams messages in private channels are not included, code snippets and reactions from others in the form of emoticons are not included.
+Teams messages in private channels are currently not supported for retention policies. Code snippets, recorded voice memos from the Teams mobile client, and reactions from others in the form of emoticons are not included when you use retention policies for Teams.
Emails and files that you use with Teams aren't included in retention policies for Teams. These items have their own retention policies.
-The following mailboxes by RecipientTypeDetails are supported for Teams retention policies:
--- MailUser-- UserMailbox-- GroupMailbox-- ArbitrationMailbox-- SharedMailbox- ## How retention works with Microsoft Teams You can use a retention policy to retain and delete data from chats and channel messages in Teams. Behind the scenes, Exchange mailboxes are used to store these messages. Data from Teams chats is stored in a hidden folder in the mailbox of each user included in the chat, and a similar hidden folder in a group mailbox is used for Teams channel messages.
+These mailboxes are, listed by their RecipientTypeDetails attribute:
+
+- **UserMailbox**: These mailboxes store messages for Teams users who have an Exchange Online mailbox.
+- **MailUser**: These mailboxes store messages for Teams users who have a mailbox for an on-premises Exchange server and not Exchange Online.
+- **User**: These mailboxes store messages for Teams users who donΓÇÖt have a mailbox for Exchange Online or on-premise Exchange servers.
+- **GroupMailbox**: These mailboxes store messages for Teams channels.
+
+Other mailbox types, such as RoomMailbox that is used for Teams conference rooms, are not supported for Teams retention policies.
+ It's important to understand that Teams uses an Azure-powered chat service that also stores this data, and by default this service stores the data indefinitely. For this reason, if you need to delete Teams messages for compliance reasons, we recommend that you use retention policies for Teams that can permanently delete this data from both the Exchange mailboxes and the underlying Azure-powered chat service. For more information about the underlying architecture, see [Security and compliance in Microsoft Teams](https://go.microsoft.com/fwlink/?linkid=871258) and specifically, the [Information Protection Architecture](https://docs.microsoft.com/MicrosoftTeams/security-compliance-overview#information-protection-architecture) section. Although Teams chats and channel messages are stored in mailboxes, this Teams data is included only by a retention policy that's configured for the **Teams channel messages** and **Teams chats** locations. Teams chats and channel messages are not affected by retention policies that are configured for Exchange user or group mailboxes.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/retention https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention.md
@@ -444,7 +444,7 @@ If you currently use these older features, they will continue to work side-by-si
- [Configuring in place records management](https://support.office.com/article/7707a878-780c-4be6-9cb0-9718ecde050a) (retention only) -- [Use policies for site closure and deletion](https://support.microsoft.com/en-us/office/use-policies-for-site-closure-and-deletion-a8280d82-27fd-48c5-9adf-8a5431208ba5) (deletion only)
+- [Use policies for site closure and deletion](https://support.microsoft.com/en-us/office/use-policies-for-site-closure-and-deletion-a8280d82-27fd-48c5-9adf-8a5431208ba5) (deletion only)
- [Information management policies](intro-to-info-mgmt-policies.md) (deletion only)
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-office-apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-office-apps.md
@@ -1,5 +1,5 @@
Title: "Use sensitivity labels in Office apps"
+ Title: "Manage sensitivity labels in Office apps"
f1.keywords: - NOCSH
@@ -14,11 +14,11 @@
search.appverid: - MOE150 - MET150
-description: Learn about how users work with sensitivity labels in Office apps for desktop, mobile, and the web, and which apps support sensitivity labels.
+description: Information for IT administrators to manage sensitivity labels in Office apps for desktop, mobile, and the web.
-# Use sensitivity labels in Office apps
+# Manage sensitivity labels in Office apps
>*[Microsoft 365 licensing guidance for security & compliance](https://aka.ms/ComplianceSD).*
@@ -201,7 +201,9 @@ This means that if you share documents with another organization that uses diffe
### Sharing encrypted documents with external users
-In addition to restricting access to users in your own organization, you can extend access to any other user who has an account in Azure Active Directory. All Office apps and other [RMS-enlightened application](https://docs.microsoft.com/azure/information-protection/requirements-applications#rms-enlightened-applications) can open encrypted documents after the user has successfully authenticated.
+In addition to restricting access to users in your own organization, you can extend access to any other user who has an account in Azure Active Directory. However, if your organization uses Conditional Access policies, see the [next section](#conditional-access-policies) for additional considerations.
+
+All Office apps and other [RMS-enlightened application](https://docs.microsoft.com/azure/information-protection/requirements-applications#rms-enlightened-applications) can open encrypted documents after the user has successfully authenticated.
If external users do not have an account in Azure Active Directory, they can authenticate by using guest accounts in your tenant. These guest accounts can also be used to access shared documents in SharePoint or OneDrive when you have [enabled sensitivity labels for Office files in SharePoint and OneDrive](sensitivity-labels-sharepoint-onedrive-files.md):
@@ -225,6 +227,16 @@ However, the automatic guest account is not created immediately in this scenario
> [!TIP] > Because you can't be sure that external users will be using a supported Office client app, sharing links from SharePoint and OneDrive after creating guest accounts (for specific users) or when you use [SharePoint and OneDrive integration with Azure AD B2B](https://docs.microsoft.com/sharepoint/sharepoint-azureb2b-integration-preview) (for any authenticated user) is a more reliable method to support secure collaboration with external users.
+### Conditional Access policies
+
+If your organization has implemented [Azure Active Directory Conditional Access policies](https://docs.microsoft.com/azure/active-directory/conditional-access/overview), check the configuration of those policies. If the policies include Azure Information Protection and the policy extends to external users, those external users must have a guest account in your tenant even if they have an Azure AD account in their own tenant.
+
+Without this guest account, they can't open the encrypted document and see an error message. The message text might inform them that their account needs to be added as an external user in the tenant, with the incorrect instruction **Sign out and sign in again with a different Azure Active Directory user account**.
+
+If you can't create and configure guest accounts in your tenant for external users who need to open documents that are encrypted by your labels, you must either remove Azure Information Protection from the Conditional Access policies, or exclude external users from the policies.
+
+For more information about Conditional Access and Azure Information Protection, the encryption service used by sensitivity labels, see the frequently asked question, [I see Azure Information Protection is listed as an available cloud app for conditional accessΓÇöhow does this work?](https://docs.microsoft.com/azure/information-protection/faqs#i-see-azure-information-protection-is-listed-as-an-available-cloud-app-for-conditional-accesshow-does-this-work)
+ ## When Office apps apply content marking and encryption Office apps apply content marking and encryption with a sensitivity label differently, depending on the app you use.
contentunderstanding https://docs.microsoft.com/en-us/microsoft-365/contentunderstanding/apply-a-retention-label-to-a-model https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/apply-a-retention-label-to-a-model.md
@@ -1,5 +1,5 @@
Title: "Apply a retention label to a document understanding model"
+ Title: "Apply a retention label to a model"
@@ -11,10 +11,10 @@
- enabler-strategic - m365initiative-syntex localization_priority: Priority
-description: "This article discusses how to apply a retention label to a document understanding model"
+description: "This article discusses how to apply a retention label to a model in SharePoint Syntex"
-# Apply a retention label to a document understanding model
+# Apply a retention label to a model in SharePoint Syntex
</br>
@@ -23,14 +23,14 @@ description: "This article discusses how to apply a retention label to a documen
</br>
-You can easily apply a [retention label](https://docs.microsoft.com/microsoft-365/compliance/retention) to a document understanding model in Microsoft SharePoint Syntex.
+You can easily apply a [retention label](https://docs.microsoft.com/microsoft-365/compliance/retention) to a model in Microsoft SharePoint Syntex. You can do this for both document understanding and form processing models.
-Retention labels let you apply retention settings to the documents that your document understanding models identify. For example, you want your model to not only identify any *Insurance notice* documents that are uploaded to your document library, but to also apply a *Business* retention tag to them so that these documents cannot be deleted from the document library for the specified time period (the next five months, for example).
+Retention labels let you apply retention settings to the documents that your models identify. For example, you want your model to not only identify any *Insurance notice* documents that are uploaded to your document library, but to also apply a *Business* retention tag to them so that these documents cannot be deleted from the document library for the specified time period (the next five months, for example).
-You can apply a pre-existing retention label to your document understanding model through your model settings on your model's home page.
+You can apply a pre-existing retention label to your model through your model settings on your model's home page.
> [!Important]
-> For retention labels to be available to apply to your content understanding model, they need to be [created and published in the Microsoft 365 Compliance Center](https://docs.microsoft.com/microsoft-365/compliance/create-apply-retention-labels#how-to-create-and-publish-retention-labels).
+> For retention labels to be available to apply to your document understanding models, they need to be [created and published in the Microsoft 365 Compliance Center](https://docs.microsoft.com/microsoft-365/compliance/create-apply-retention-labels#how-to-create-and-publish-retention-labels).
## To add a retention label to a document understanding model
@@ -65,6 +65,62 @@ On your model's view page in your document library, a new **Retention label** co
For example, all *Insurance notice* documents that your model identifies will also have the *Business* retention label applied to them, preventing them from being deleted from the document library for five months. If an attempt is made to delete the file from the document library, an error will display saying it is not allowed because of the applied retention label.
+## To add a retention label to a form processing model
+
+> [!Important]
+> For retention labels to be available to apply to your form processing model, they need to be [created and published in the Microsoft 365 Compliance Center](https://docs.microsoft.com/microsoft-365/compliance/create-apply-retention-labels#how-to-create-and-publish-retention-labels).
+
+You can either apply a retention label to a form processing model when you are creating a model, or apply it to an existing model.
+
+### To add a retention label when you create a form processing model
+
+1. When you are [creating a new form processing model](https://docs.microsoft.com/microsoft-365/contentunderstanding/create-a-form-processing-model), select <b>Advanced settings.</b>
+2. In <b>Advanced settings</b>, in the <b>Retention label</b> section, select the menu and then select the retention label you want to apply to the model.</b>
+
+
+ ![Add to a new form processing model](../media/content-understanding/retention-label-forms.png)</br>
+
+3. After you've completed your remaining model settings, select <b>Create</b> to build your model.
+
+### To add a retention label to an existing form processing model
+
+You can add a retention label to an existing form processing model in different ways:
+- Through the Automate menu in the document library
+- Through the Active model settings in the document library
++
+#### To add a retention label to an existing form processing model through the Automate menu
+
+You can add a retention label to an existing form processing model that you own through the Automate menu in the document library in which the model is applied.
++
+1. In your document library to which the form processing model is applied, select the <b>Automate</b> menu, select <b>AI Builder</b>, then select <b>View form processing model details</b>.
+
+ ![Automate menu](../media/content-understanding/automate-menu.png)</br>
+
+2. In the model details, in the <b>Retention Label</b> section, select the retention label you want to apply. Then select <b>Save</b>.
+
+ ![Add to an existing form processing model](../media/content-understanding/retention-label-model-details.png)</br>
+
+#### To add a retention label to an existing form processing model in the active model settings
+
+You can add a retention label to an existing form processing model that you own through the Active model settings in the document library in which the model is applied.
+
+1. In the SharePoint document library in which the model is applied, select the <b>View active models</b> icon, and then select <b>View active models</b>.</b>
+
+ ![View active models](../media/content-understanding/info-du.png)</br>
+
+2. In <b>Active models</b>, select the form processing model to which you want to apply the retention label.
+
+ ![Model details](../media/content-understanding/retention-label-model-details.png)</br>
++
+3. In the model details, in the <b>Retention Label</b> section, select the retention label you want to apply. Then select <b>Save</b>.
+
+> [!NOTE]
+> You must be the model owner for the model settings pane to be editable.
++ ## See Also [Create a classifier](create-a-classifier.md)
contentunderstanding https://docs.microsoft.com/en-us/microsoft-365/contentunderstanding/create-a-classifier https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/create-a-classifier.md
@@ -143,3 +143,5 @@ If you received a match on your labeled sample files, you can now test your mod
[Explanation types](explanation-types-overview.md) [Apply a model](apply-a-model.md) +
+[SharePoint Syntex Accessibility Mode](accessibility-mode.md)
contentunderstanding https://docs.microsoft.com/en-us/microsoft-365/contentunderstanding/create-an-extractor https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/create-an-extractor.md
@@ -147,3 +147,5 @@ If you receive a match on your labeled sample files, you can now test your model
[Document Understanding overview](document-understanding-overview.md) [Apply a model](apply-a-model.md) +
+[SharePoint Syntex Accessibility Mode](accessibility-mode.md)
contentunderstanding https://docs.microsoft.com/en-us/microsoft-365/contentunderstanding/document-understanding-overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/document-understanding-overview.md
@@ -41,11 +41,46 @@ Add *classifiers* and *extractors* to your document understanding models to do t
You can use example files to train and test your classifiers and extractors in your model. Example files provide your model examples of what to look for when trying to identify and extract data from files. For example, you would train your contract renewal classifiers and extractors with examples of contract renewal documents your company works with. You can also use example files to test the effectiveness of your model.
-> [!NOTE]
-> If you use optical character recognition (OCR) technology to scan documents, Syntex has a 15-page limit for model training.
- After publishing your model, use the content center to apply it to any SharePoint document library that you have access to.
+### File limitations
+
+Document understanding models use Optical Character Recognition (OCR) technology to scan PDFs, images, and TIFF files, both when you train a model with example files and when you run the model against files in a document library.
+
+Note the following differences in regards to Microsoft Office text-based files and OCR-scanned files (PDF, image, or TIFF):
+
+- Office files: We truncate at 64K characters (in training and when run against files in a document library).
+- OCR-scanned files: There is a 20 page limit.
+
+#### Supported file types
+
+Document understanding models support the following file types:
+
+- doc
+- docx
+- eml
+- heic
+- heif
+- htm
+- html
+- jpeg
+- jpg
+- markdown
+- md
+- msg
+- pdf
+- png
+- ppt
+- pptx
+- rtf
+- tif
+- tiff
+- txt
+- xls
+- xlsx
+++ ## See Also [Create a classifier](create-a-classifier.md)
@@ -60,3 +95,5 @@ After publishing your model, use the content center to apply it to any SharePoin
[Difference between a document understanding and a form processing model](difference-between-document-understanding-and-form-processing-model.md) [Form processing overview](form-processing-overview.md)+
+[SharePoint Syntex Accessibility Mode](accessibility-mode.md)
contentunderstanding https://docs.microsoft.com/en-us/microsoft-365/contentunderstanding/explanation-types-overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/explanation-types-overview.md
@@ -142,44 +142,66 @@ In the viewer, you can manually adjust the select box to include the location wh
![Custom range](../media/content-understanding/custom-file.png)</br> In the viewer, you can manually adjust the select box to include the location where the phase occurs. For this setting, you need to select a <b>Start</b> and an <b>End</b> position. These values represent the number of tokens from the begging of the document. While you can manually enter in these values, it is easier to manually adjust the select box in the viewer.</br> -- ## Use explanation templates
-While you can manually add various pattern list values for your explanation, it can be easier to use the templates provided to you in the explanation library.
+While you can manually add various phrase list values for your explanation, it can be easier to use the templates provided to you in the explanation library.
-For example, instead of manually adding all the variations for *Date*, you can use the pattern list template for *Date* as it already includes a number of pattern lists values:</br>
+For example, instead of manually adding all the variations for *Date*, you can use the phrase list template for *Date* as it already includes a number of phrase lists values:</br>
![Explanation library](../media/content-understanding/explanation-template.png)</br>
-The explanation library includes commonly used pattern list explanations, including:</br>
+The explanation library includes commonly used phrase list explanations, including:</br>
- Date</br> - Date (numeric)</br> - Time</br> - Number</br>
+- Percentage</br>
- Phone number</br> - Zip code</br> - First word of sentence</br>
+- End of sentence</br>
- Credit card</br> - Social security number</br>
+- Checkbox</br>
+- Currency</br>
+- Email CC</br>
+- Email date</br>
+- Email greeting</br>
+- Email recipient</br>
+- Email sender</br>
+- Email subject</br>
+
+The explanation library also includes three automatic template types that work with the data you've labeled in your example files:
+
+- After label: The words or characters that occur after the labels in the example files.</br>
+- Before label: The words or characters that occur before the labels in the example files.</br>
+- Labels: Up to the first 10 labels from the example files.</br>
+
+To give you an example of how automatic templates work, in the following example file, we will use the Before Label explanation template to help give the model more information to get a more accurate match.
-Note that the explanation library also includes templates for phrase list explanations:
-- End of sentence-- Currency
+ ![Example file](../media/content-understanding/before-label.png)</br>
+When you select the Before Label explanation template, it will look for the first set of words that appear before the label in your example files. In the example, the words that are identified in the first example file is "As of".
+
+ ![Before label template](../media/content-understanding/before-label-explanation.png)</br>
+
+You can select <b>Add</b> to create an explanation from the template. As you add more example files, additional words will be identified and added to the phrase list.
+
+ ![Add the label](../media/content-understanding/before-label-add.png)</br>
+
#### To use a template from the explanation library 1. From the **Explanations** section of your model's **Train** page, select **New**, then select **From a template**.</br>
- ![Create from template](../media/content-understanding/from-template.png)</br>
+ ![Add Before Label](../media/content-understanding/from-template.png)</br>
2. On the **Explanation templates** page, select the explanation you want to use, then select **Add**.</br> ![Select a template](../media/content-understanding/phone-template.png)</br>
-3. The information for the template you selected displays on the **Create an explanation** page. If needed, edit the explanation name and add or remove items from the pattern list. </br>
+3. The information for the template you selected displays on the **Create an explanation** page. If needed, edit the explanation name and add or remove items from the phrase list. </br>
![Edit template](../media/content-understanding/phone-template-live.png)</br>
-4. When finished, select **Save**.
+4. When finished, select **Save**.
contentunderstanding https://docs.microsoft.com/en-us/microsoft-365/contentunderstanding/form-processing-overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/form-processing-overview.md
@@ -37,6 +37,10 @@ After you train and publish your model, your model creates a [Power Automate Flo
An Office 365 admin needs to [enable Form processing](https://docs.microsoft.com/microsoft-365/contentunderstanding/set-up-content-understanding#to-set-up-content-understanding) for the SharePoint document library for users to be able to [create a form processing model](create-a-form-processing-model.md) in it. You can select the sites during setup, or after setup in your management settings.
+### File limitations
+
+When using form processing models, make sure to note the [requirements and limitations for file usage](https://docs.microsoft.com/ai-builder/form-processing-model-requirements).
+ ## See Also
contentunderstanding https://docs.microsoft.com/en-us/microsoft-365/contentunderstanding/index https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/index.md
@@ -40,8 +40,8 @@ The resources in this section help you learn more about the two methods of data
|Learn more about document understanding|[Document understanding overview](https://docs.microsoft.com/microsoft-365/contentunderstanding/document-understanding-overview)| |Learn more about form processing|[Form processing overview](https://docs.microsoft.com/microsoft-365/contentunderstanding/form-processing-overview)| |Understand the differences between the two methods|[Difference between document understanding and form processing models](https://docs.microsoft.com/microsoft-365/contentunderstanding/difference-between-document-understanding-and-form-processing-model)|
-|See resources in the Microsoft Tech Community Resource Center|[SharePoint Syntex - Content services in Microsoft 365](https://resources.techcommunity.microsoft.com/sharepoint-syntex/)|
-|SharePoint Syntex FAQ on the Microsoft Tech Community Resource Center |[SharePoint Syntex - FAQ](https://resources.techcommunity.microsoft.com/project-cortex-microsoft-365/faq/)|
+|See resources in the Microsoft Tech Community Resource Center|[SharePoint Syntex - Content services in Microsoft 365](https://techcommunity.microsoft.com/t5/sharepoint-syntex/bg-p/SharePointSyntex)|
+|SharePoint Syntex FAQ on the Microsoft Tech Community Resource Center |[SharePoint Syntex - FAQ](https://resources.techcommunity.microsoft.com/sharepoint-syntex/faq/)|
|How to get SharePoint Syntex |[SharePoint Syntex product page](https://www.microsoft.com/microsoft-365/enterprise/sharepoint-syntex)| ## Adoption
@@ -71,6 +71,7 @@ The resources in this section help your users learn how to create and configure
|Apply a retention label to your model|[Apply a retention label to a document understanding model](https://docs.microsoft.com/microsoft-365/contentunderstanding/apply-a-retention-label-to-a-model)| |Use Managed Metadata services term store taxonomy when creating an extractor|[Leverage term store taxonomy when creating an extractor](https://docs.microsoft.com/microsoft-365/contentunderstanding/leverage-term-store-taxonomy)| |Learn how to see data about your models|[Model usage analytics](https://docs.microsoft.com/microsoft-365/contentunderstanding/model-usage-analytics)|
+|Learn how to use accessibility mode when training a model|[SharePoint Syntex accessibility mode](https://docs.microsoft.com/microsoft-365/contentunderstanding/accessibility-mode)|
## Premium services
knowledge https://docs.microsoft.com/en-us/microsoft-365/knowledge/create-a-topic https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/knowledge/create-a-topic.md
@@ -35,7 +35,19 @@ To create a new topic, you need to:
> [!Note] > Users who have permission to manage topics in the topic center (knowledge managers) already have permissions to create and edit topics.
-## To create a new topic:
+## To create a topic
+
+You can create a new topic from two locations:
+
+- Topic center home page: Any licensed user with the **Who can create or edit topics** permission (contributors) can create a new topic from the topic center by selecting the <b>New</b> menu and select <b>Topic page</b>.</br>
+
+ ![New topic from topic center](../media/knowledge-management/new-topic.png) </br>
+
+- Manage topics page: Any licensed user who has **Who can manage topics** permission (knowledge managers) can create a new topic from the Manage topics page in the Topic Center by selecting <b>New topic page</b>.</br>
+
+ ![New topic from manage topics](../media/knowledge-management/new-topic-topic-center.png) </br>
+
+### To create a new topic:
1. In the **Name this topic** section, type the name of the new topic.
knowledge https://docs.microsoft.com/en-us/microsoft-365/knowledge/index https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/knowledge/index.md
@@ -37,6 +37,9 @@ The resources in this section help you learn more about what Viva Topics is and
|Learn more about Viva Topics|[Microsoft Viva Topics overview](topic-experiences-overview.md)| |Learn how topics are discovered and suggested by AI|[Microsoft Viva Topics discovery](topic-experiences-discovery.md)| |Learn about topic security|[Microsoft Viva security and privacy](topic-experiences-security-privacy.md)|
+|Learn how to get Viva Topics|[Microsoft Viva Topics product page](https://www.microsoft.com/microsoft-viva/topics?activetab=pivot%3aoverviewtab)|
+|See resources in the Microsoft Tech Community Resource Center|[Microsoft Viva Topics Tech Community](https://resources.techcommunity.microsoft.com/viva-topics/)|
+ ## Adoption
managed-desktop https://docs.microsoft.com/en-us/microsoft-365/managed-desktop/get-ready/index https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/get-ready/index.md
@@ -21,4 +21,5 @@ These topics describe the steps you'll need to take in your organization to prep
- [Prepare certificates and network profiles for Microsoft Managed Desktop](certs-wifi-lan.md) - [Prepare printing resources for Microsoft Managed Desktop](printing.md) - [Apps in Microsoft Managed Desktop](apps.md)
+- [Use readiness assessment tools](readiness-assessment-tool.md)
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/microsoft-365-security-center-mde https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/microsoft-365-security-center-mde.md
@@ -38,6 +38,9 @@ If you're familiar with the Microsoft Defender Security Center, this article hel
Historically, the [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/portal-overview) has been the home for Microsoft Defender for Endpoint. Enterprise security teams have used it to monitor and help responding to alerts of potential advanced persistent threat activity or data breaches. To help reduce the number of portals, the Microsoft 365 security center will be the home for monitoring and managing security across your Microsoft identities, data, devices, apps, and infrastructure.
+Microsoft Defender for Endpoint in the Microsoft 365 security center supports [granting access to managed security service providers (MSSPs)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/grant-mssp-access) in the same way [access is granted in the Microsoft Defender security center](mssp-access.md).
++ > [!IMPORTANT] > What you see in the Microsoft 365 security center depends on your current subscriptions. For example, if you don't have a license for Microsoft Defender for Office 365, then the Email & Collaboration section will not be shown.
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/mssp-access https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/mssp-access.md
@@ -0,0 +1,134 @@
+
+ Title: Microsoft Defender for Endpoint in the Microsoft 365 security center
+description: Learn about changes from the Microsoft Defender Security Center to the Microsoft 365 security center
+keywords: Getting started with the Microsoft 365 security center, OATP, MDATP, MDO, MDE, single pane of glass, converged portal, security portal, defender security portal
+ms.mktglfcycl: deploy
+ms.localizationpriority: medium
+f1.keywords:
+- NOCSH
+++
+audience: ITPro
+
+search.appverid:
+- MOE150
+- MET150
+
+- M365-security-compliance
+- m365initiative-m365-defender
++
+# Provide managed security service provider (MSSP) access
+++
+**Applies to:**
+
+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+To implement a multi-tenant delegated access solution, take the following steps:
+
+1. Enable [role-based access control](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac) in Defender for Endpoint in Microsoft 365 security center and connect with Azure Active Directory (Azure AD) groups.
+
+2. Configure [Governance Access Packages](https://docs.microsoft.com/azure/active-directory/governance/identity-governance-overview) for access request and provisioning.
+
+3. Manage access requests and audits in [Microsoft Myaccess](https://docs.microsoft.com/azure/active-directory/governance/entitlement-management-request-approve).
+
+## Enable role-based access controls in Microsoft Defender for Endpoint in Microsoft 365 security center
+
+1. **Create access groups for MSSP resources in Customer AAD: Groups**
+
+ These groups will be linked to the Roles you create in Defender for Endpoint in Microsoft 365 security center. To do so, in the customer AD tenant, create three groups. In our example approach, we create the following groups:
+
+ - Tier 1 Analyst
+ - Tier 2 Analyst
+ - MSSP Analyst Approvers
++
+2. Create Defender for Endpoint roles for appropriate access levels in Customer Defender for Endpoint in Microsoft 365 security center roles and groups.
+
+ To enable RBAC in the customer Microsoft 365 security center, access **Permissions > Endpoints roles & groups > Roles** with a user account with Global Administrator or Security Administrator rights.
+
+ ![Image of MSSP access](../../media/mssp-access.png)
+
+ Then, create RBAC roles to meet MSSP SOC Tier needs. Link these roles to the created user groups via "Assigned user groups".
+
+ Two possible roles:
+
+ - **Tier 1 Analysts** <br>
+ Perform all actions except for live response and manage security settings.
+
+ - **Tier 2 Analysts** <br>
+ Tier 1 capabilities with the addition to [live response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/live-response)
+
+ For more information, see [Use role-based access control](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac).
+++
+## Configure Governance Access Packages
+
+1. **Add MSSP as Connected Organization in Customer AAD: Identity Governance**
+
+ Adding the MSSP as a connected organization will allow the MSSP to request and have accesses provisioned.
+
+ To do so, in the customer AD tenant, access Identity Governance: Connected organization. Add a new organization and search for your MSSP Analyst tenant via Tenant ID or Domain. We suggest creating a separate AD tenant for your MSSP Analysts.
+
+2. **Create a resource catalog in Customer AAD: Identity Governance**
+
+ Resource catalogs are a logical collection of access packages, created in the customer AD tenant.
+
+ To do so, in the customer AD tenant, access Identity Governance: Catalogs, and add **New Catalog**. In our example, we will call it **MSSP Accesses**.
+
+ ![Image of new catalog](../../media/goverance-catalog.png)
+
+ Further more information, see [Create a catalog of resources](https://docs.microsoft.com/azure/active-directory/governance/entitlement-management-catalog-create).
++
+3. **Create access packages for MSSP resources Customer AAD: Identity Governance**
+
+ Access packages are the collection of rights and accesses that a requestor will be granted upon approval.
+
+ To do so, in the customer AD tenant, access Identity Governance: Access Packages, and add **New Access Package**. Create an access package for the MSSP approvers and each analyst tier. For example, the following Tier 1 Analyst configuration creates an access package that:
+
+ - Requires a member of the AD group **MSSP Analyst Approvers** to authorize new requests
+ - Has annual access reviews, where the SOC analysts can request an access extension
+ - Can only be requested by users in the MSSP SOC Tenant
+ - Access auto expires after 365 days
+
+ ![Image of new access package](../../media/new-access-package.png)
+
+ For more information, see [Create a new access package](https://docs.microsoft.com/azure/active-directory/governance/entitlement-management-access-package-create).
++
+4. **Provide access request link to MSSP resources from Customer AAD: Identity Governance**
+
+ The My Access portal link is used by MSSP SOC analysts to request access via the access packages created. The link is durable, meaning the same link may be used over time for new analysts. The analyst request goes into a queue for approval by the **MSSP Analyst Approvers**.
++
+ ![Image of access properties](../../media/access-properties.png)
+
+ The link is located on the overview page of each access package.
+
+## Manage access
+
+1. Review and authorize access requests in Customer and/or MSSP myaccess.
+
+ Access requests are managed in the customer My Access, by members of the MSSP Analyst Approvers group.
+
+ To do so, access the customer's myaccess using:
+ `https://myaccess.microsoft.com/@<Customer Domain >`.
+
+ Example: `https://myaccess.microsoft.com/@M365x440XXX.onmicrosoft.com#/`
+2. Approve or deny requests in the **Approvals** section of the UI.
+
+ At this point, analyst access has been provisioned, and each analyst should be able to access the customer's Microsoft 365 Security Center:
+
+ `https://security.microsoft.com/?tid=<CustomerTenantId>` with the permissions and roles they were assigned.
+
+> [!IMPORTANT]
+> Delegated access to Microsoft Defender for Endpoint in the Microsoft 365 security center currently allows access to a single tenant per browser window.