- - Denominator: The number of people who have access to Exchange and OneDrive, SharePoint, or both within the last 28 days.

- - Denominator: The total number of people who have had access to OneDrive or SharePoint for at least 1 of the last 28 days.

- - has-azure-ad-ps-ref

- - azure-ad-ref-level-one-done

-You can use PowerShell commands to change the settings that control self-service sign-ups. To turn off all self-service sign-ups, use the **MSOnline** PowerShell module to change the **MsolCompanySettings** setting for **AllowAdHocSubscriptions** in Microsoft Entra ID. For the steps to turn off self-service sign-ups, see [Set MsolCompanySettings](/powershell/module/msonline/set-msolcompanysettings).

-searchScope:

- - Microsoft Teams

- - Microsoft Cloud for Healthcare

- - microsoftcloud-healthcare

- - m365solution-healthcare

- - m365solution-scenario

- - m365-frontline

- - highpri

- - m365-virtual-appointments

-description: Customizable resources and infographics you can add to your website to help your clients understand how to use virtual appointments that have been scheduled in Bookings with your organization.

-appliesto:

- - Microsoft Teams

- - Microsoft 365 for frontline workers

-# Help your clients and customers use virtual appointments scheduled with Bookings

-Now that your organization has begun using Microsoft Teams and the Bookings app for virtual appointments, you'll need to make sure that your clients and customers understand how to join these appointments.

-Watch this video for a quick overview of what Virtual Appointments can do for your organization.

-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4TQop]

-## What's included in this toolkit

-This toolkit is intended to help you help your customers and clients successfully join a virtual appointment that's scheduled using Bookings. You can customize the resources we provide and include links to them in your communications about virtual appointments. This toolkit includes:

-[Guidance for your website](#guidance-for-your-website): <br> An FAQ about virtual appointments that you can customize and then host on your website. Make sure to add your own links, and any additional information that your customers need to know about your policies.

-[Resources for your team](#resources-for-your-team): <br> Articles and videos to help your team get more comfortable conducting virtual appointments.

-[Resources for your clients](#resources-for-your-clients): <br>

-A link to Microsoft's support content, which includes a video about joining a virtual appointment.<br>

-Infographics that you can customize for your organization.

-## Guidance for your website

-Let your customers know what to expect with virtual appointments by answering common questions. All you need to do is edit this Q&A to align with your virtual appointment policies, and paste it on your website.

-### Virtual Appointments basics

-**What is a virtual appointment?**

-A virtual appointment is an online appointment conducted over Microsoft Teams. YouΓÇÖll be speaking one-on-one with one of our staff members, just like you would for an in-person visit.

-**How are virtual appointments different than in-person visits?**

-Let your customers know if there are differences in the services you provide virtually and in person. You can also describe any fee differences between virtual and in-person appointments.

-**How does a virtual appointment go?**

-When you join from the link in the email confirmation, you'll enter a virtual waiting room. Once a staff member joins the call, you'll enter a virtual room with them where your one-on-one visit will take place.

-**How does payment work for virtual appointments?**

-Let your customers know if you accept different types of payment for virtual Appointments.

-### Booking an appointment

-**How do I make an appointment?**

-Link to your organizationΓÇÖs booking page. Let your customers know if there are alternative ways of making virtual appointments, such as over the phone, through email, or through social media.

-**Who can I make an appointment with?**

-Make sure your clients can maintain relationships with their preferred providers by sharing which, if any, staff members are operating exclusively virtually or in-person.

-**How do I cancel or reschedule a virtual appointment?**

-You can link to your organizationΓÇÖs cancellation and rescheduling policy here, or describe any differences in the policy between virtual and in-person appointments.

-### Technology

-**What equipment do I need for a virtual appointment?**

-Customers can join a virtual appointment from any [supported web browser](browser-join.md#supported-browsers) or through the Microsoft Teams app. List here if your organization has additional specifications, such as a high-quality webcam or microphone. If your healthcare organization has integrated your Electronic Health Record (EHR) system with Teams, patients can join visits from your healthcare portal.

-**How do I join a virtual appointment?**

-Share the [Join a Virtual Appointment as an attendee](https://support.microsoft.com/topic/235765b0-0d9f-4d74-a9f8-e883cb75c0da) link with your customers for a detailed video and step-by-step process of how to join an appointment.

-## Resources for your team

-Make the most of Virtual Appointments in your organization by making sure your staff members know how to conduct them. You can share these articles and videos with your team members to help them better understand virtual appointments.

-## Resources for your clients

-You can link out to this article to show your clients how to join virtual appointments: <br>

-[Learn how to join a virtual appointment](https://support.microsoft.com/office/join-a-bookings-appointment-as-an-attendee-95cea12d-2220-421f-a663-6efb20913c7f)

-Download and [customize](#customize-your-infographic) one of these infographics to feature on your website. These give your clients a quick and visually engaging way to understand how virtual appointments with your organization work.

-| Graphic | Description and links |

-| :- | -: |

-|| Customizable infographic for your financial services organization <br> [Download as a PDF](https://go.microsoft.com/fwlink/?linkid=2214189) <br> [Download as a PowerPoint](https://go.microsoft.com/fwlink/?linkid=2214285)

-|| Customizable infographic for your retail organization <br> [Download as a PDF](https://go.microsoft.com/fwlink/?linkid=2214355) <br> [Download as a PowerPoint](https://go.microsoft.com/fwlink/?linkid=2214283) |

-|| Customizable infographic for your healthcare organization <br> [Download as a PDF](https://go.microsoft.com/fwlink/?linkid=2214356) <br> [Download as a PowerPoint](https://go.microsoft.com/fwlink/?linkid=2214357) |

-|| Customizable infographic not specific to a particular industry <br> [Download as a PDF](https://go.microsoft.com/fwlink/?linkid=2214284) <br> [Download as a PowerPoint](https://go.microsoft.com/fwlink/?linkid=2214282) |

-### Customize your infographic

-1. Choose one of the pre-made infographics depending on your organization's needs:

- 1. Healthcare

- 2. Financial services

- 3. Retail

- 4. Any industry

-2. Customize the infographic in PowerPoint.

- 1. Use your organization's colors and preferred fonts.

- 2. Add your organization's logo or branded images.

- 3. Link to pages on your website such as your booking page, billing information, or homepage.

- 4. Add any additional information that your customers need to know before joining a virtual appointment.

-3. Export your customized infographic as a PDF.

-For security reasons, the package used to Offboard devices will expire 30 days after the date it was downloaded. Expired offboarding packages sent to a device will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.

-> Excluding files or folders can severely reduce the protection provided by attack surface reduction rules. Excluded files will be allowed to run, and no report or event will be recorded.

-> If attack surface reduction rules are detecting files that you believe shouldn't be detected, you should [use audit mode first to test the rule](attack-surface-reduction-rules-deployment-test.md#step-1-test-asr-rules-using-audit).

-When adding exclusions, keep in mind:

- * Exclusions are typically based on individual files or folders (using folder paths or the full path of the file to be excluded).

- * Exclusion paths can use environment variables and wildcards. See [Use wildcards in the file name and folder path or extension exclusion lists](configure-extension-file-exclusions-microsoft-defender-antivirus.md#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists)

- * When deployed through Group Policy or PowerShell, exclusions apply to all attack surface reduction rules. Using Intune, it is possible to configure an exclusion for a specific attack surface reduction rule. See [Configure attack surface reduction rules per-rule exclusions](attack-surface-reduction-rules-deployment-test.md#configure-asr-per-rule-exclusions)

- * Exclusions can be added based on certificate and file hashes, by allowing specified Defender for Endpoint file and certificate indicators. See [Manage indicators](manage-indicators.md).

-2. Attack surface reduction rules for managed devices now support behavior for merger of settings from different policies, to create a superset of policy for each device. Only the settings that aren't in conflict are merged, while those that are in conflict aren't added to the superset of rules. Previously, if two policies included conflicts for a single setting, both policies were flagged as being in conflict, and no settings from either profile would be deployed. Attack surface reduction rule merge behavior is as follows:

- - Endpoint security > Security baselines > **Microsoft Defender ATP Baseline** > [Attack Surface Reduction Rules](/mem/intune/protect/security-baseline-settings-defender-atp#attack-surface-reduction-rules).

-1. Select **Device configuration** \> **Profiles**. Choose an existing endpoint protection profile or create a new one. To create a new one, select **Create profile** and enter information for this profile. For **Profile type**, select **Endpoint protection**. If you've chosen an existing profile, select **Properties** and then select **Settings**.

-2. In the **Endpoint protection** pane, select **Windows Defender Exploit Guard**, then select **Attack Surface Reduction**. Select the desired setting for each attack surface reduction rule.

-3. Under **Attack Surface Reduction exceptions**, enter individual files and folders. You can also select **Import** to import a CSV file that contains files and folders to exclude from attack surface reduction rules. Each line in the CSV file should be formatted as follows:

-1. Select **Endpoint Security** \> **Attack surface reduction**. Choose an existing attack surface reduction rule or create a new one. To create a new one, select **Create Policy** and enter information for this profile. For **Profile type**, select **Attack surface reduction rules**. If you've chosen an existing profile, select **Properties** and then select **Settings**.

- :::image type="content" source="images/mem01-create-profile.png" alt-text="The Create profile page in the Microsoft Intune admin center portal." lightbox="images/mem01-create-profile.png":::

- :::image type="content" source="images/mem02-profile-attributes.png" alt-text="The rule profile attributes in the Microsoft Intune admin center portal." lightbox="images/mem02-profile-attributes.png":::

- :::image type="content" source="images/mem03-1-basics.png" alt-text="The basic attributes in the Microsoft Intune admin center portal" lightbox="images/mem03-1-basics.png":::

-5. Click **Add** again. The **Add Row OMA-URI Settings** opens. In **Add Row**, do the following:

- :::image type="content" source="images/mem05-add-row-oma-uri.png" alt-text="The OMA URI configuration in the Microsoft Intune admin center portal" lightbox="images/mem05-add-row-oma-uri.png":::

-6. Select **Save**. **Add Row** closes. In **Custom**, select **Next**. In step **3 Scope tags**, scope tags are optional. Do one of the following:

-7. In step **4 Assignments**, in **Included Groups**, for the groups that you want this rule to apply, select from the following options:

- :::image type="content" source="images/mem06-4-assignments.png" alt-text="The assignments in the Microsoft Intune admin center portal" lightbox="images/mem06-4-assignments.png":::

-8. In **Excluded groups**, select any groups that you want to exclude from this rule, and then select **Next**.

-9. In step **5 Applicability Rules** for the following settings, do the following:

- :::image type="content" source="images/mem07-5-applicability-rules.png" alt-text="The applicability rules in the Microsoft Intune admin center portal" lightbox="images/mem07-5-applicability-rules.png":::

- > [!NOTE]

- > Rules are active and live within minutes.

-> If you assign a device two different attack surface reduction policies, the way conflict is handled is rules that are assigned different states, there is no conflict management in place, and the result is an error.

->

-> Non-conflicting rules will not result in an error, and the rule will be applied correctly. The result is that the first rule is applied, and subsequent non-conflicting rules are merged into the policy.

-1. In Microsoft Configuration Manager, go to **Assets and Compliance** \> **Endpoint Protection** \> **Windows Defender Exploit Guard**.

-2. Select **Home** \> **Create Exploit Guard Policy**.

-2. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.

-3. Expand the tree to **Windows components** \> **Microsoft Defender Antivirus** \> **Microsoft Defender Exploit Guard** \> **Attack surface reduction**.

-4. Select **Configure Attack surface reduction rules** and select **Enabled**. You can then set the individual state for each rule in the options section. Select **Show...** and enter the rule ID in the **Value name** column and your chosen state in the **Value** column as follows:

- :::image type="content" source="images/asr-rules-gp.png" alt-text="attack surface reduction rules in Group Policy" lightbox="images/asr-rules-gp.png":::

-> If you manage your computers and devices with Intune, Configuration Manager, or another enterprise-level management platform, the management software will overwrite any conflicting PowerShell settings on startup. To allow users to define the value using PowerShell, use the "User Defined" option for the rule in the management platform.

-> "User Defined" allows a local admin user to configure the rule.

-> The User Defined option setting is shown in the following figure.

- ```PowerShell

- Set-MpPreference -AttackSurfaceReductionRules_Ids <rule ID> -AttackSurfaceReductionRules_Actions Enabled

- ```

- To enable attack surface reduction rules in audit mode, use the following cmdlet:

- ```PowerShell

- Add-MpPreference -AttackSurfaceReductionRules_Ids <rule ID> -AttackSurfaceReductionRules_Actions AuditMode

- ```

- To enable attack surface reduction rules in warn mode, use the following cmdlet:

- ```PowerShell

- Add-MpPreference -AttackSurfaceReductionRules_Ids <rule ID> -AttackSurfaceReductionRules_Actions Warn

- ```

- To enable attack surface reduction Block abuse of exploited vulnerable signed drivers, use the following cmdlet:

- ```PowerShell

- Add-MpPreference -AttackSurfaceReductionRules_Ids 56a863a9-875e-4185-98a7-b882c64b5ce5 -AttackSurfaceReductionRules_Actions Enabled

- ```

- To turn off attack surface reduction rules, use the following cmdlet:

- ```PowerShell

- Add-MpPreference -AttackSurfaceReductionRules_Ids <rule ID> -AttackSurfaceReductionRules_Actions Disabled

- ```

- > [!IMPORTANT]

- > You must specify the state individually for each rule, but you can combine rules and states in a comma-separated list.

- >

- > In the following example, the first two rules will be enabled, the third rule will be disabled, and the fourth rule will be enabled in audit mode:

- >

- > ```PowerShell

- > Set-MpPreference -AttackSurfaceReductionRules_Ids <rule ID 1>,<rule ID 2>,<rule ID 3>,<rule ID 4> -AttackSurfaceReductionRules_Actions Enabled, Enabled, Disabled, AuditMode

- > ```

- You can also use the `Add-MpPreference` PowerShell verb to add new rules to the existing list.

- > [!WARNING]

- > `Set-MpPreference` will always overwrite the existing set of rules. If you want to add to the existing set, use `Add-MpPreference` instead.

- > You can obtain a list of rules and their current state by using `Get-MpPreference`.

-3. To exclude files and folders from attack surface reduction rules, use the following cmdlet:

- ```PowerShell

- Add-MpPreference -AttackSurfaceReductionOnlyExclusions "<fully qualified path or resource>"

- ```

- Continue to use `Add-MpPreference -AttackSurfaceReductionOnlyExclusions` to add more files and folders to the list.

- > [!IMPORTANT]

- > Use `Add-MpPreference` to append or add apps to the list. Using the `Set-MpPreference` cmdlet will overwrite the existing list.

-Refer to the link for detailed sample json file - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)

-For customers using auditd in immutable mode, a reboot is required post enablement of eBPF in order to clear the audit rules added by Microsoft Defender for Endpoint. This is a limitation in immutable mode of auditd which freezes the rules file and prohibits editing/overwriting. This is resolved with the reboot.

-The output of above command should show no rules or any user added rules. In case the rules did not get removed, then perform the following steps to clear the audit rules file

- 1. Switch to ebpf mode

-1. Use a kernal version higher or lower than **5.15.0-0.30.20.el8uek.x86_64, 5.15.0-0.30.20.1.el8uek.x86_64** on Oracle Linux 8.8, if you want to use eBPF as supplementary subsystem provider. Please note, min kernel version for Oracle Linux is RHCK 3.10.0 and Oracle Linux UEK is 5.4.

-If you see a hike in resource consumption by Microsoft Defender on your endpoints, it is important to identify the process/mount-point/files that is consuming most CPU/Memory utilization and then apply necessary exclusions. After applying possible AV exclusions, if wdavdaemon (parent process) is still consuming the resources, then use the ebpf-statistics command to obtain the top system call count:

-In the above output, it can be seen that stress-ng is the top process generating large number of events and might result into performance issues. Most likely stress-ng is generating the system call with ID 82. You can create a ticket with Microsoft to get this process excluded. In future as part of upcoming enhancements, you will have more control to apply such exclusions at your end.

-Exclusions applied to auditd cannot be migrated or copied to eBPF. Common concerns such as noisy logs, kernel panic, noisy syscalls are already taken care of by eBPF internally. In case you want to add any further exclusions, then reach out to Microsoft to get the necessary exclusions applied.

-*As of signature release `1.383.1159.0`, due to confusion around the default value for "Allow Scanning Network Files", tamper protection no longer locks this setting to its default value. In managed environments, the default value is enabled.*

-description: Learn how to run the Microsoft Defender for Endpoint Client Analyzer on macOS or Linux.

-keywords: client analyzer, troubleshoot sensor, analyzer, mdeanalyzer, macos, linux, mdeanalyzer

-ms.sitesec: library

-ms.pagetype: security

-| `LogonType` | `string` | Type of logon session, specifically:<br><br> - **Interactive** - User physically interacts with the device using the local keyboard and screen<br><br> - **Remote interactive (RDP) logons** - User interacts with the device remotely using Remote Desktop, Terminal Services, Remote Assistance, or other RDP clients<br><br> - **Network** - Session initiated when the device is accessed using PsExec or when shared resources on the device, such as printers and shared folders, are accessed<br><br> - **Batch** - Session initiated by scheduled tasks<br><br> - **Service** - Session initiated by services as they start |

-> Restore points or size of restores will not be charged.

-As a first step to sign up for Microsoft 365 Backup, you should first link an Azure subscription in [Syntex pay-as-you-go](https://admin.microsoft.com/Adminportal/Home#/featureexplorer/csi/ContentUnderstanding), if you haven't already done so. Although Microsoft 365 Backup isn't part of the Syntex product suite, this offering is still using the Syntex billing setup for consistency with other Microsoft 365 pay-as-you-go offerings.

-<!

-1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com/Adminportal/Home).

-2. Select **Setup**.

-3. On the **Setup** page, in the **Files and content** section, select **Use content AI with Microsoft Syntex**.

-4. On the **Use content AI with Microsoft Syntex** page, select **Set up billing**.

- 

- > [!NOTE]

- > To set up pay-as-you-go billing for Microsoft 365 Backup, the admin must have an owner or contribution role on the Azure subscription to be used.

-5. If you don't have an Azure subscription or resource group, follow these steps. If you have an Azure subscription and resource group, skip this step and go to step 6.

- 

- a. To create a new Azure subscription, on the **Set up pay-as-you-go billing** panel, select **Learn more about Azure subscriptions**. Alternatively, you can follow the steps in [Create your initial Azure subscriptions](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/initial-subscriptions).

- b. To create a new Azure resource group, on the **Set up pay-as-you-go billing** panel,select **Learn more about Azure resource groups**. Alternatively, you can follow the steps in [Manage Azure resource groups by using the Azure portal](https://learn.microsoft.com/azure/azure-resource-manager/management/manage-resource-groups-portal) to create a resource group. The resource group should be within the Azure subscription.

- c. After you create an Azure subscription with owner or contributor role, you'll need to have a resource group created.

-6. If you have an Azure subscription, select the subscription from the drop-down menu.

- 

->

-To set up pay-as-you-go billing, follow the steps in [Configure Microsoft Syntex for pay-as-you-go billing](../syntex-azure-billing.md).

-To enable Microsoft 365 Backup, you'll need to go to the Microsoft 365 admin center.

-If you aren't able to create a signature request, check the PDF viewer settings, the collaboration settings, or the access policies. Refer to the [setup page](https://learn.microsoft.com/microsoft-365/syntex/esignature-setup) to ensure the correct settings are done. Also, check that the PDF you are attempting to sign is not already electronically signed using SharePoint eSignature or any other electronic signature provider.