Category | Microsoft Docs article | Related commit history on GitHub | Change details |
---|---|---|---|
microsoft-365-copilot-page | Microsoft 365 Copilot Page | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/copilot/microsoft-365-copilot-page.md | Copilot with commercial data protection provides enhanced security for users acc Copilot in Bing, Edge and Windows is the public version of Copilot and doesnΓÇÖt require users to be signed in. You can reroute to the documentation available on the panel to turn off the public experience and still have access to the Copilot with commercial data protection experience. +You'll soon have the ability to control access to Copilot for Microsoft 365 in Bing, Edge, and Windows using a PowerShell script. By running this script, you can manage access to Copilot for Microsoft 365 in Bing.com, Edge sidebar, Edge mobile app, Copilot in Windows, copilot.microsoft.com, and the Copilot app. However, this will not affect how users access Copilot in other Microsoft 365 apps. ++>[!NOTE] +> The PowerShell script download link and run commands will be available in late February 2024. If you want to configure Copilot for Microsoft 365 in Bing, Edge, and Windows after late February, return to this page for further instructions. + ### Manage plugins that work with Microsoft Copilot for Microsoft 365 Microsoft Copilot for Microsoft 365 is powered by an advanced processing and orchestration engine that seamlessly integrates Microsoft 365 apps, Microsoft Graph, and large language models (LLMs) to turn your words into the most powerful productivity tool. While Copilot is already able to use the apps and data within the Microsoft 365 ecosystem, many users still depend on various external tools and services for work management and collaboration. You can extend Microsoft Copilot for Microsoft 365 by building a plugin or by connecting to an external data source. |
admin | Content Collaboration | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/adoption/content-collaboration.md | f1.keywords: Previously updated : 10/23/2020 Last updated : 02/13/2024 audience: Admin Understand how many users are attaching physical files in email rather than link - Denominator: The number of people who have had access to Exchange and OneDrive, SharePoint, or both within the last 28 days. - **Links to online files:** The blue (colored) portion of the bar and the fraction (numerator/denominator) on the bar represent the percentage of people using attachments and attaching links to files in emails. - Numerator: The number of people attaching links to online files to emails within the last 28 days.- - Denominator: The number of people who have access to Exchange and OneDrive, SharePoint, or both within the last 28 days. + - Denominator: The number of people who have had access to Exchange and OneDrive, SharePoint, or both, and sent at least one attachment within the last 28 days. 4. **Link to resources:** Select this link to view help content. ### Sharing of online files Understand how many users are attaching physical files in email rather than link - Denominator: The total number of people who have had access to OneDrive or SharePoint for at least 1 of the last 28 days. - **Internally only:** The blue (colored) portion of the bar and the fraction (numerator/denominator) on the bar represent the percentage of people who have access to OneDrive or SharePoint and are sharing files internally only. - Numerator: The number of people who have shared files internally only within the last 28 days- - Denominator: The total number of people who have had access to OneDrive or SharePoint for at least 1 of the last 28 days. + - Denominator: The number of people who have had access to Exchange and OneDrive, SharePoint, or both, and sent at least one attachment within the last 28 days. 4. **Link to resources:** Select this link to view help content. ### Number of files collaborated on |
commerce | Manage Self Service Purchases Admins | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/manage-self-service-purchases-admins.md | - - has-azure-ad-ps-ref - - azure-ad-ref-level-one-done + - has-azure-ad-ps-ref, azure-ad-ref-level-one-done search.appverid: - MET150 description: "Learn how admins can use the Microsoft 365 admin center to manage self-service purchases and trials made by users in their organization." For more information, see [Use AllowSelfServicePurchase for the MSCommerce Power ## Use PowerShell and Microsoft Entra ID to enable or disable all self-service sign-ups -You can use PowerShell commands to change the settings that control self-service sign-ups. To turn off all self-service sign-ups, use the **MSOnline** PowerShell module to change the **MsolCompanySettings** setting for **AllowAdHocSubscriptions** in Microsoft Entra ID. For the steps to turn off self-service sign-ups, see [Set MsolCompanySettings](/powershell/module/msonline/set-msolcompanysettings). +You can use PowerShell commands to change the settings that control self-service sign-ups. To turn off all self-service sign-ups, use the **Microsoft Graph** PowerShell module to change the **MgPolicyAuthorizationPolicy** setting for **AllowedToSignUpEmailBasedSubscriptions** in Microsoft Entra ID. For the steps to turn off self-service sign-ups, see [Update-MgPolicyAuthorizationPolicy](/powershell/module/microsoft.graph.identity.signins/update-mgpolicyauthorizationpolicy). ## Centralize licenses under a single subscription |
frontline | Virtual Appointments Toolkit | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/virtual-appointments-toolkit.md | - Title: Help your clients and customers use virtual appointments scheduled with the Bookings app in Teams----- -searchScope: - - Microsoft Teams - - Microsoft Cloud for Healthcare -- NOCSH-- - microsoftcloud-healthcare - - m365solution-healthcare - - m365solution-scenario - - m365-frontline - - highpri - - m365-virtual-appointments --description: Customizable resources and infographics you can add to your website to help your clients understand how to use virtual appointments that have been scheduled in Bookings with your organization. -appliesto: - - Microsoft Teams - - Microsoft 365 for frontline workers Previously updated : 12/05/2022---# Help your clients and customers use virtual appointments scheduled with Bookings --Now that your organization has begun using Microsoft Teams and the Bookings app for virtual appointments, you'll need to make sure that your clients and customers understand how to join these appointments. --Watch this video for a quick overview of what Virtual Appointments can do for your organization. --> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4TQop] --## What's included in this toolkit --This toolkit is intended to help you help your customers and clients successfully join a virtual appointment that's scheduled using Bookings. You can customize the resources we provide and include links to them in your communications about virtual appointments. This toolkit includes: --[Guidance for your website](#guidance-for-your-website): <br> An FAQ about virtual appointments that you can customize and then host on your website. Make sure to add your own links, and any additional information that your customers need to know about your policies. --[Resources for your team](#resources-for-your-team): <br> Articles and videos to help your team get more comfortable conducting virtual appointments. --[Resources for your clients](#resources-for-your-clients): <br> -A link to Microsoft's support content, which includes a video about joining a virtual appointment.<br> -Infographics that you can customize for your organization. --## Guidance for your website --Let your customers know what to expect with virtual appointments by answering common questions. All you need to do is edit this Q&A to align with your virtual appointment policies, and paste it on your website. --### Virtual Appointments basics --**What is a virtual appointment?** --A virtual appointment is an online appointment conducted over Microsoft Teams. YouΓÇÖll be speaking one-on-one with one of our staff members, just like you would for an in-person visit. --**How are virtual appointments different than in-person visits?** --Let your customers know if there are differences in the services you provide virtually and in person. You can also describe any fee differences between virtual and in-person appointments. --**How does a virtual appointment go?** --When you join from the link in the email confirmation, you'll enter a virtual waiting room. Once a staff member joins the call, you'll enter a virtual room with them where your one-on-one visit will take place. --**How does payment work for virtual appointments?** --Let your customers know if you accept different types of payment for virtual Appointments. --### Booking an appointment --**How do I make an appointment?** --Link to your organizationΓÇÖs booking page. Let your customers know if there are alternative ways of making virtual appointments, such as over the phone, through email, or through social media. --**Who can I make an appointment with?** --Make sure your clients can maintain relationships with their preferred providers by sharing which, if any, staff members are operating exclusively virtually or in-person. --**How do I cancel or reschedule a virtual appointment?** --You can link to your organizationΓÇÖs cancellation and rescheduling policy here, or describe any differences in the policy between virtual and in-person appointments. --### Technology --**What equipment do I need for a virtual appointment?** --Customers can join a virtual appointment from any [supported web browser](browser-join.md#supported-browsers) or through the Microsoft Teams app. List here if your organization has additional specifications, such as a high-quality webcam or microphone. If your healthcare organization has integrated your Electronic Health Record (EHR) system with Teams, patients can join visits from your healthcare portal. --**How do I join a virtual appointment?** --Share the [Join a Virtual Appointment as an attendee](https://support.microsoft.com/topic/235765b0-0d9f-4d74-a9f8-e883cb75c0da) link with your customers for a detailed video and step-by-step process of how to join an appointment. --## Resources for your team --Make the most of Virtual Appointments in your organization by making sure your staff members know how to conduct them. You can share these articles and videos with your team members to help them better understand virtual appointments. --- [Learn how to use the Bookings app in Teams](https://support.microsoft.com/office/what-is-bookings-42d4e852-8e99-4d8f-9b70-d7fc93973cb5).-- [Learn how to join a Bookings appointment](https://support.microsoft.com/office/join-a-bookings-appointment-attendees-3deb7bde-3ea3-4b41-8a06-741ad0db9fc0).-- [Conduct an appointment](bookings-virtual-visits.md#conduct-an-appointment).-- [Watch a video about virtual appointments](#help-your-clients-and-customers-use-virtual-appointments-scheduled-with-bookings).-- [Watch a video about how to manage the queue in virtual appointments](https://go.microsoft.com/fwlink/?linkid=2202615).-- [Watch a video about waiting room features in virtual appointments](https://go.microsoft.com/fwlink/?linkid=2202614).--## Resources for your clients --You can link out to this article to show your clients how to join virtual appointments: <br> -[Learn how to join a virtual appointment](https://support.microsoft.com/office/join-a-bookings-appointment-as-an-attendee-95cea12d-2220-421f-a663-6efb20913c7f) --Download and [customize](#customize-your-infographic) one of these infographics to feature on your website. These give your clients a quick and visually engaging way to understand how virtual appointments with your organization work. --| Graphic | Description and links | -| :- | -: | -|![Image of the financial services infographic](media/vv-finserv-thumbnail.png)| Customizable infographic for your financial services organization <br> [Download as a PDF](https://go.microsoft.com/fwlink/?linkid=2214189) <br> [Download as a PowerPoint](https://go.microsoft.com/fwlink/?linkid=2214285) -|![Image of the retail infographic](media/vv-retail-thumbnail.png)| Customizable infographic for your retail organization <br> [Download as a PDF](https://go.microsoft.com/fwlink/?linkid=2214355) <br> [Download as a PowerPoint](https://go.microsoft.com/fwlink/?linkid=2214283) | -|![Image of the healthcare infographic](media/vv-healthcare-thumbnail.png)| Customizable infographic for your healthcare organization <br> [Download as a PDF](https://go.microsoft.com/fwlink/?linkid=2214356) <br> [Download as a PowerPoint](https://go.microsoft.com/fwlink/?linkid=2214357) | -|![Image of the non-industry-specific infographic.](media/va-generic-thumb.png)| Customizable infographic not specific to a particular industry <br> [Download as a PDF](https://go.microsoft.com/fwlink/?linkid=2214284) <br> [Download as a PowerPoint](https://go.microsoft.com/fwlink/?linkid=2214282) | --### Customize your infographic --1. Choose one of the pre-made infographics depending on your organization's needs: - 1. Healthcare - 2. Financial services - 3. Retail - 4. Any industry --2. Customize the infographic in PowerPoint. - 1. Use your organization's colors and preferred fonts. - 2. Add your organization's logo or branded images. - 3. Link to pages on your website such as your booking page, billing information, or homepage. - 4. Add any additional information that your customers need to know before joining a virtual appointment. --3. Export your customized infographic as a PDF. |
security | Configure Endpoints Script | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-endpoints-script.md | After onboarding the device, you can choose to run a detection test to verify th ## Offboard devices using a local script -For security reasons, the package used to Offboard devices will expire 30 days after the date it was downloaded. Expired offboarding packages sent to a device will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name. +For security reasons, the package used to Offboard devices will expire 3 days after the date it was downloaded. Expired offboarding packages sent to a device will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name. > [!NOTE] > Onboarding and offboarding policies must not be deployed on the same device at the same time, otherwise this will cause unpredictable collisions. |
security | Device Control Policies | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-control-policies.md | description: Learn about Device control policies in Defender for Endpoint Previously updated : 02/01/2024 Last updated : 02/13/2024 Then the group is then referenced as parameters in an entry, as illustrated in t <Options>0</Options> <AccessMask>64</AccessMask> <Parameters MatchType="MatchAny">+ <VPNConnection> <GroupId>{d633d17d-d1d1-4c73-aa27-c545c343b6d7}</GroupId> </VPNConnection> </Parameters> The `FileEvidenceLocation` field of has the location of the evidence file, if on - [View device control events and information in Microsoft Defender for Endpoint](device-control-report.md) - [Deploy and manage device control in Microsoft Defender for Endpoint with Microsoft Intune](device-control-deploy-manage-intune.md) - [Deploy and manage device control in Microsoft Defender for Endpoint using Group Policy](device-control-deploy-manage-gpo.md)-- [Device Control for macOS](mac-device-control-overview.md)+- [Device Control for macOS](mac-device-control-overview.md) |
security | Enable Attack Surface Reduction | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction.md | description: Enable attack surface reduction rules to protect your devices from ms.localizationpriority: medium audience: ITPro---++ Enterprise-level management such as Intune or Microsoft Configuration Manager is You can exclude files and folders from being evaluated by most attack surface reduction rules. This means that even if an attack surface reduction rule determines the file or folder contains malicious behavior, it doesn't block the file from running. > [!IMPORTANT]-> Excluding files or folders can severely reduce the protection provided by attack surface reduction rules. Excluded files will be allowed to run, and no report or event will be recorded. -> If attack surface reduction rules are detecting files that you believe shouldn't be detected, you should [use audit mode first to test the rule](attack-surface-reduction-rules-deployment-test.md#step-1-test-asr-rules-using-audit). -+> Excluding files or folders can severely reduce the protection provided by attack surface reduction rules. Excluded files will be allowed to run, and no report or event will be recorded. If attack surface reduction rules are detecting files that you believe shouldn't be detected, you should [use audit mode first to test the rule](attack-surface-reduction-rules-deployment-test.md#step-1-test-asr-rules-using-audit). An exclusion is applied only when the excluded application or service starts. For example, if you add an exclusion for an update service that is already running, the update service continues to trigger events until the service is stopped and restarted. -When adding exclusions, keep in mind: +When adding exclusions, keep these points in mind: - * Exclusions are typically based on individual files or folders (using folder paths or the full path of the file to be excluded). - * Exclusion paths can use environment variables and wildcards. See [Use wildcards in the file name and folder path or extension exclusion lists](configure-extension-file-exclusions-microsoft-defender-antivirus.md#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists) - * When deployed through Group Policy or PowerShell, exclusions apply to all attack surface reduction rules. Using Intune, it is possible to configure an exclusion for a specific attack surface reduction rule. See [Configure attack surface reduction rules per-rule exclusions](attack-surface-reduction-rules-deployment-test.md#configure-asr-per-rule-exclusions) - * Exclusions can be added based on certificate and file hashes, by allowing specified Defender for Endpoint file and certificate indicators. See [Manage indicators](manage-indicators.md). +* Exclusions are typically based on individual files or folders (using folder paths or the full path of the file to be excluded). +* Exclusion paths can use environment variables and wildcards. See [Use wildcards in the file name and folder path or extension exclusion lists](configure-extension-file-exclusions-microsoft-defender-antivirus.md#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists) +* When deployed through Group Policy or PowerShell, exclusions apply to all attack surface reduction rules. Using Intune, it is possible to configure an exclusion for a specific attack surface reduction rule. See [Configure attack surface reduction rules per-rule exclusions](attack-surface-reduction-rules-deployment-test.md#configure-asr-per-rule-exclusions) +* Exclusions can be added based on certificate and file hashes, by allowing specified Defender for Endpoint file and certificate indicators. See [Manage indicators](manage-indicators.md). ## Policy Conflict 1. If a conflicting policy is applied via MDM and GP, the setting applied from GP takes precedence. -2. Attack surface reduction rules for managed devices now support behavior for merger of settings from different policies, to create a superset of policy for each device. Only the settings that aren't in conflict are merged, while those that are in conflict aren't added to the superset of rules. Previously, if two policies included conflicts for a single setting, both policies were flagged as being in conflict, and no settings from either profile would be deployed. Attack surface reduction rule merge behavior is as follows: +1. Attack surface reduction rules for managed devices now support behavior for merger of settings from different policies, to create a superset of policy for each device. Only the settings that aren't in conflict are merged, while those that are in conflict aren't added to the superset of rules. Previously, if two policies included conflicts for a single setting, both policies were flagged as being in conflict, and no settings from either profile would be deployed. Attack surface reduction rule merge behavior is as follows: - Attack surface reduction rules from the following profiles are evaluated for each device to which the rules apply: - Devices > Configuration profiles > Endpoint protection profile > **Microsoft Defender Exploit Guard** > [Attack Surface Reduction](/mem/intune/protect/endpoint-protection-windows-10#attack-surface-reduction-rules). - Endpoint security > **Attack surface reduction policy** > [Attack surface reduction rules](/mem/intune/protect/endpoint-security-asr-policy#devices-managed-by-intune).- - Endpoint security > Security baselines > **Microsoft Defender ATP Baseline** > [Attack Surface Reduction Rules](/mem/intune/protect/security-baseline-settings-defender-atp#attack-surface-reduction-rules). + - Endpoint security > Security baselines > **Microsoft Defender ATP Baseline** > [Attack Surface Reduction Rules](/mem/intune/protect/security-baseline-settings-defender-atp#attack-surface-reduction-rules). - Settings that don't have conflicts are added to a superset of policy for the device. - When two or more policies have conflicting settings, the conflicting settings aren't added to the combined policy, while settings that don't conflict are added to the superset policy that applies to a device. - Only the configurations for conflicting settings are held back. The following procedures for enabling attack surface reduction rules include ins #### Device Configuration Profiles -1. Select **Device configuration** \> **Profiles**. Choose an existing endpoint protection profile or create a new one. To create a new one, select **Create profile** and enter information for this profile. For **Profile type**, select **Endpoint protection**. If you've chosen an existing profile, select **Properties** and then select **Settings**. +1. Select **Device configuration** > **Profiles**. Choose an existing endpoint protection profile or create a new one. To create a new one, select **Create profile** and enter information for this profile. For **Profile type**, select **Endpoint protection**. If you've chosen an existing profile, select **Properties** and then select **Settings**. -2. In the **Endpoint protection** pane, select **Windows Defender Exploit Guard**, then select **Attack Surface Reduction**. Select the desired setting for each attack surface reduction rule. +1. In the **Endpoint protection** pane, select **Windows Defender Exploit Guard**, then select **Attack Surface Reduction**. Select the desired setting for each attack surface reduction rule. -3. Under **Attack Surface Reduction exceptions**, enter individual files and folders. You can also select **Import** to import a CSV file that contains files and folders to exclude from attack surface reduction rules. Each line in the CSV file should be formatted as follows: +1. Under **Attack Surface Reduction exceptions**, enter individual files and folders. You can also select **Import** to import a CSV file that contains files and folders to exclude from attack surface reduction rules. Each line in the CSV file should be formatted as follows: `C:\folder`, `%ProgramFiles%\folder\file`, `C:\path`-+ 4. Select **OK** on the three configuration panes. Then select **Create** if you're creating a new endpoint protection file or **Save** if you're editing an existing one. #### Endpoint security policy -1. Select **Endpoint Security** \> **Attack surface reduction**. Choose an existing attack surface reduction rule or create a new one. To create a new one, select **Create Policy** and enter information for this profile. For **Profile type**, select **Attack surface reduction rules**. If you've chosen an existing profile, select **Properties** and then select **Settings**. +1. Select **Endpoint Security** > **Attack surface reduction**. Choose an existing attack surface reduction rule or create a new one. To create a new one, select **Create Policy** and enter information for this profile. For **Profile type**, select **Attack surface reduction rules**. If you've chosen an existing profile, select **Properties** and then select **Settings**. 2. In the **Configuration settings** pane, select **Attack Surface Reduction** and then select the desired setting for each attack surface reduction rule. 3. Under **List of additional folders that need to be protected**, **List of apps that have access to protected folders**, and **Exclude files and paths from attack surface reduction rules**, enter individual files and folders. You can also select **Import** to import a CSV file that contains files and folders to exclude from attack surface reduction rules. Each line in the CSV file should be formatted as follows: `C:\folder`, `%ProgramFiles%\folder\file`, `C:\path`-+ 4. Select **Next** on the three configuration panes, then select **Create** if you're creating a new policy or **Save** if you're editing an existing policy. ### Custom profile in Intune You can use Microsoft Intune OMA-URI to configure custom attack surface reductio 1. Open the Microsoft Intune admin center. In the **Home** menu, click **Devices**, select **Configuration profiles**, and then click **Create profile**. - :::image type="content" source="images/mem01-create-profile.png" alt-text="The Create profile page in the Microsoft Intune admin center portal." lightbox="images/mem01-create-profile.png"::: + :::image type="content" source="images/mem01-create-profile.png" alt-text="The Create profile page in the Microsoft Intune admin center portal." lightbox="images/mem01-create-profile.png"::: 2. In **Create a profile**, in the following two drop-down lists, select the following: You can use Microsoft Intune OMA-URI to configure custom attack surface reductio Select **Custom**, and then select **Create**. - :::image type="content" source="images/mem02-profile-attributes.png" alt-text="The rule profile attributes in the Microsoft Intune admin center portal." lightbox="images/mem02-profile-attributes.png"::: + :::image type="content" source="images/mem02-profile-attributes.png" alt-text="The rule profile attributes in the Microsoft Intune admin center portal." lightbox="images/mem02-profile-attributes.png"::: 3. The Custom template tool opens to step **1 Basics**. In **1 Basics**, in **Name**, type a name for your template, and in **Description** you can type a description (optional). - :::image type="content" source="images/mem03-1-basics.png" alt-text="The basic attributes in the Microsoft Intune admin center portal" lightbox="images/mem03-1-basics.png"::: + :::image type="content" source="images/mem03-1-basics.png" alt-text="The basic attributes in the Microsoft Intune admin center portal" lightbox="images/mem03-1-basics.png"::: 4. Click **Next**. Step **2 Configuration settings** opens. For OMA-URI Settings, click **Add**. Two options now appear: **Add** and **Export**. :::image type="content" source="images/mem04-2-configuration-settings.png" alt-text="The configuration settings in the Microsoft Intune admin center portal." lightbox="images/mem04-2-configuration-settings.png"::: -5. Click **Add** again. The **Add Row OMA-URI Settings** opens. In **Add Row**, do the following: +1. Click **Add** again. The **Add Row OMA-URI Settings** opens. In **Add Row**, do the following: - In **Name**, type a name for the rule. - In **Description**, type a brief description. You can use Microsoft Intune OMA-URI to configure custom attack surface reductio - 2: Audit (Evaluate how the attack surface reduction rule would impact your organization if enabled) - 6: Warn (Enable the attack surface reduction rule but allow the end-user to bypass the block) - :::image type="content" source="images/mem05-add-row-oma-uri.png" alt-text="The OMA URI configuration in the Microsoft Intune admin center portal" lightbox="images/mem05-add-row-oma-uri.png"::: + :::image type="content" source="images/mem05-add-row-oma-uri.png" alt-text="The OMA URI configuration in the Microsoft Intune admin center portal" lightbox="images/mem05-add-row-oma-uri.png"::: -6. Select **Save**. **Add Row** closes. In **Custom**, select **Next**. In step **3 Scope tags**, scope tags are optional. Do one of the following: +1. Select **Save**. **Add Row** closes. In **Custom**, select **Next**. In step **3 Scope tags**, scope tags are optional. Do one of the following: - Select **Select Scope tags**, select the scope tag (optional) and then select **Next**. - Or select **Next**--7. In step **4 Assignments**, in **Included Groups**, for the groups that you want this rule to apply, select from the following options: + +1. In step **4 Assignments**, in **Included Groups**, for the groups that you want this rule to apply, select from the following options: - **Add groups** - **Add all users** - **Add all devices** - :::image type="content" source="images/mem06-4-assignments.png" alt-text="The assignments in the Microsoft Intune admin center portal" lightbox="images/mem06-4-assignments.png"::: + :::image type="content" source="images/mem06-4-assignments.png" alt-text="The assignments in the Microsoft Intune admin center portal" lightbox="images/mem06-4-assignments.png"::: -8. In **Excluded groups**, select any groups that you want to exclude from this rule, and then select **Next**. +1. In **Excluded groups**, select any groups that you want to exclude from this rule, and then select **Next**. -9. In step **5 Applicability Rules** for the following settings, do the following: +1. In step **5 Applicability Rules** for the following settings, do the following: - In **Rule**, select either **Assign profile if**, or **Don't assign profile if**+ - In **Property**, select the property to which you want this rule to apply - In **Value**, enter the applicable value or value range - :::image type="content" source="images/mem07-5-applicability-rules.png" alt-text="The applicability rules in the Microsoft Intune admin center portal" lightbox="images/mem07-5-applicability-rules.png"::: + :::image type="content" source="images/mem07-5-applicability-rules.png" alt-text="The applicability rules in the Microsoft Intune admin center portal" lightbox="images/mem07-5-applicability-rules.png"::: 10. Select **Next**. In step **6 Review + create**, review the settings and information you've selected and entered, and then select **Create**. :::image type="content" source="images/mem08-6-review-create.png" alt-text="The Review and create option in the Microsoft Intune admin center portal" lightbox="images/mem08-6-review-create.png"::: - > [!NOTE] - > Rules are active and live within minutes. + Rules are active and live within minutes. > [!NOTE] > Conflict handling: >-> If you assign a device two different attack surface reduction policies, the way conflict is handled is rules that are assigned different states, there is no conflict management in place, and the result is an error. -> -> Non-conflicting rules will not result in an error, and the rule will be applied correctly. The result is that the first rule is applied, and subsequent non-conflicting rules are merged into the policy. +> If you assign a device two different attack surface reduction policies, potential policy conflicts can occur, depending on whether rules are assigned different states, whether conflict management is in place, and whether the result is an error. Nonconflicting rules do not result in an error, and such rules are applied correctly. The first rule is applied, and subsequent nonconflicting rules are merged into the policy. ### MDM Example: ### Microsoft Configuration Manager -1. In Microsoft Configuration Manager, go to **Assets and Compliance** \> **Endpoint Protection** \> **Windows Defender Exploit Guard**. +1. In Microsoft Configuration Manager, go to **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**. -2. Select **Home** \> **Create Exploit Guard Policy**. +2. Select **Home** > **Create Exploit Guard Policy**. 3. Enter a name and a description, select **Attack Surface Reduction**, and select **Next**. Example: 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and select **Edit**. -2. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**. +1. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**. -3. Expand the tree to **Windows components** \> **Microsoft Defender Antivirus** \> **Microsoft Defender Exploit Guard** \> **Attack surface reduction**. +1. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Microsoft Defender Exploit Guard** > **Attack surface reduction**. -4. Select **Configure Attack surface reduction rules** and select **Enabled**. You can then set the individual state for each rule in the options section. Select **Show...** and enter the rule ID in the **Value name** column and your chosen state in the **Value** column as follows: +1. Select **Configure Attack surface reduction rules** and select **Enabled**. You can then set the individual state for each rule in the options section. Select **Show...** and enter the rule ID in the **Value name** column and your chosen state in the **Value** column as follows: - 0: Disable (Disable the attack surface reduction rule) - 1: Block (Enable the attack surface reduction rule) - 2: Audit (Evaluate how the attack surface reduction rule would impact your organization if enabled) - 6: Warn (Enable the attack surface reduction rule but allow the end-user to bypass the block) - :::image type="content" source="images/asr-rules-gp.png" alt-text="attack surface reduction rules in Group Policy" lightbox="images/asr-rules-gp.png"::: + :::image type="content" source="images/asr-rules-gp.png" alt-text="attack surface reduction rules in Group Policy" lightbox="images/asr-rules-gp.png"::: 5. To exclude files and folders from attack surface reduction rules, select the **Exclude files and paths from Attack surface reduction rules** setting and set the option to **Enabled**. Select **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item. Example: ### PowerShell > [!WARNING]-> If you manage your computers and devices with Intune, Configuration Manager, or another enterprise-level management platform, the management software will overwrite any conflicting PowerShell settings on startup. To allow users to define the value using PowerShell, use the "User Defined" option for the rule in the management platform. -> "User Defined" allows a local admin user to configure the rule. -> The User Defined option setting is shown in the following figure. -+> If you manage your computers and devices with Intune, Configuration Manager, or another enterprise-level management platform, the management software overwrites any conflicting PowerShell settings on startup. 1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and select **Run as administrator**. 2. Type one of the following cmdlets. (For more information, such as rule ID, refer to [Attack surface reduction rules reference](attack-surface-reduction-rules-reference.md).) - ```PowerShell - Set-MpPreference -AttackSurfaceReductionRules_Ids <rule ID> -AttackSurfaceReductionRules_Actions Enabled - ``` -- To enable attack surface reduction rules in audit mode, use the following cmdlet: -- ```PowerShell - Add-MpPreference -AttackSurfaceReductionRules_Ids <rule ID> -AttackSurfaceReductionRules_Actions AuditMode - ``` -- To enable attack surface reduction rules in warn mode, use the following cmdlet: + | Task | PowerShell cmdlet| + ||| + | Enable attack surface reduction rules | `Set-MpPreference -AttackSurfaceReductionRules_Ids <rule ID> -AttackSurfaceReductionRules_Actions Enabled` | + | Enable attack surface reduction rules in audit mode | `Add-MpPreference -AttackSurfaceReductionRules_Ids <rule ID> -AttackSurfaceReductionRules_Actions AuditMode` | + | Enable attack surface reduction rules in warn mode | `Add-MpPreference -AttackSurfaceReductionRules_Ids <rule ID> -AttackSurfaceReductionRules_Actions Warn` | + | Enable attack surface reduction Block abuse of exploited vulnerable signed drivers | `Add-MpPreference -AttackSurfaceReductionRules_Ids 56a863a9-875e-4185-98a7-b882c64b5ce5 -AttackSurfaceReductionRules_Actions Enabled` | + | Turn off attack surface reduction rules | `Add-MpPreference -AttackSurfaceReductionRules_Ids <rule ID> -AttackSurfaceReductionRules_Actions Disabled` | + + > [!IMPORTANT] + > You must specify the state individually for each rule, but you can combine rules and states in a comma-separated list. + > + > In the following example, the first two rules are enabled, the third rule is disabled, and the fourth rule is enabled in audit mode: `Set-MpPreference -AttackSurfaceReductionRules_Ids <rule ID 1>,<rule ID 2>,<rule ID 3>,<rule ID 4> -AttackSurfaceReductionRules_Actions Enabled, Enabled, Disabled, AuditMode` ++ You can also use the `Add-MpPreference` PowerShell verb to add new rules to the existing list. - ```PowerShell - Add-MpPreference -AttackSurfaceReductionRules_Ids <rule ID> -AttackSurfaceReductionRules_Actions Warn - ``` -- To enable attack surface reduction Block abuse of exploited vulnerable signed drivers, use the following cmdlet: -- ```PowerShell - Add-MpPreference -AttackSurfaceReductionRules_Ids 56a863a9-875e-4185-98a7-b882c64b5ce5 -AttackSurfaceReductionRules_Actions Enabled - ``` -- To turn off attack surface reduction rules, use the following cmdlet: -- ```PowerShell - Add-MpPreference -AttackSurfaceReductionRules_Ids <rule ID> -AttackSurfaceReductionRules_Actions Disabled - ``` -- > [!IMPORTANT] - > You must specify the state individually for each rule, but you can combine rules and states in a comma-separated list. - > - > In the following example, the first two rules will be enabled, the third rule will be disabled, and the fourth rule will be enabled in audit mode: - > - > ```PowerShell - > Set-MpPreference -AttackSurfaceReductionRules_Ids <rule ID 1>,<rule ID 2>,<rule ID 3>,<rule ID 4> -AttackSurfaceReductionRules_Actions Enabled, Enabled, Disabled, AuditMode - > ``` -- You can also use the `Add-MpPreference` PowerShell verb to add new rules to the existing list. -- > [!WARNING] - > `Set-MpPreference` will always overwrite the existing set of rules. If you want to add to the existing set, use `Add-MpPreference` instead. - > You can obtain a list of rules and their current state by using `Get-MpPreference`. + > [!WARNING] + > `Set-MpPreference` overwrites the existing set of rules. If you want to add to the existing set, use `Add-MpPreference` instead. You can obtain a list of rules and their current state by using `Get-MpPreference`. -3. To exclude files and folders from attack surface reduction rules, use the following cmdlet: +3. To exclude files and folders from attack surface reduction rules, use the following cmdlet: - ```PowerShell - Add-MpPreference -AttackSurfaceReductionOnlyExclusions "<fully qualified path or resource>" - ``` + `Add-MpPreference -AttackSurfaceReductionOnlyExclusions "<fully qualified path or resource>"` - Continue to use `Add-MpPreference -AttackSurfaceReductionOnlyExclusions` to add more files and folders to the list. + Continue to use `Add-MpPreference -AttackSurfaceReductionOnlyExclusions` to add more files and folders to the list. - > [!IMPORTANT] - > Use `Add-MpPreference` to append or add apps to the list. Using the `Set-MpPreference` cmdlet will overwrite the existing list. + > [!IMPORTANT] + > Use `Add-MpPreference` to append or add apps to the list. Using the `Set-MpPreference` cmdlet will overwrite the existing list. ## Related articles - [Attack surface reduction rules reference](attack-surface-reduction-rules-reference.md) - [Evaluate attack surface reduction](evaluate-attack-surface-reduction.md) - [Attack surface reduction FAQ](attack-surface-reduction.md)+ [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../../includes/defender-mde-techcommunity.md)] |
security | Linux Support Ebpf | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-support-ebpf.md | You can also update the mdatp_managed.json file: } } ```-Refer to the link for detailed sample json file - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md) +Refer to the link for detailed sample json file - [Set preferences for Microsoft Defender for Endpoint on Linux.](linux-preferences.md) > [!IMPORTANT] > If you disable eBPF, the supplementary event provider switches back to auditd. > In the event eBPF doesn't become enabled or is not supported on any specific kernel, it will automatically switch back to auditd and retain all auditd custom rules. ## Immutable mode of Auditd -For customers using auditd in immutable mode, a reboot is required post enablement of eBPF in order to clear the audit rules added by Microsoft Defender for Endpoint. This is a limitation in immutable mode of auditd which freezes the rules file and prohibits editing/overwriting. This is resolved with the reboot. +For customers using auditd in immutable mode, a reboot is required post enablement of eBPF in order to clear the audit rules added by Microsoft Defender for Endpoint. This is a limitation in immutable mode of auditd, which freezes the rules file and prohibits editing/overwriting. This issue is resolved with the reboot. Post reboot, run the below command to check if audit rules got cleared. ```bash % sudo auditctl -l ``` -The output of above command should show no rules or any user added rules. In case the rules did not get removed, then perform the following steps to clear the audit rules file +The output of above command should show no rules or any user added rules. In case the rules didn't get removed, then perform the following steps to clear the audit rules file. - 1. Switch to ebpf mode +1. Switch to ebpf mode 2. Remove the file /etc/audit/rules.d/mdatp.rules 3. Reboot the machine Using Oracle Linux 8.8 with kernel version **5.15.0-0.30.20.el8uek.x86_64, 5.15. Following steps can be taken to mitigate this issue: -1. Use a kernal version higher or lower than **5.15.0-0.30.20.el8uek.x86_64, 5.15.0-0.30.20.1.el8uek.x86_64** on Oracle Linux 8.8, if you want to use eBPF as supplementary subsystem provider. Please note, min kernel version for Oracle Linux is RHCK 3.10.0 and Oracle Linux UEK is 5.4. +1. Use a kernel version higher or lower than **5.15.0-0.30.20.el8uek.x86_64, 5.15.0-0.30.20.1.el8uek.x86_64** on Oracle Linux 8.8, if you want to use eBPF as supplementary subsystem provider. Note, min kernel version for Oracle Linux is RHCK 3.10.0 and Oracle Linux UEK is 5.4. 2. Switch to auditd mode if customer needs to use the same kernel version The following two sets of data help analyze potential issues and determine the m #### Troubleshooting performance issues -If you see a hike in resource consumption by Microsoft Defender on your endpoints, it is important to identify the process/mount-point/files that is consuming most CPU/Memory utilization and then apply necessary exclusions. After applying possible AV exclusions, if wdavdaemon (parent process) is still consuming the resources, then use the ebpf-statistics command to obtain the top system call count: +If you see a hike in resource consumption by Microsoft Defender on your endpoints, it's important to identify the process/mount-point/files that is consuming most CPU/Memory utilization and then apply necessary exclusions. After applying possible AV exclusions, if wdavdaemon (parent process) is still consuming the resources, then use the ebpf-statistics command to obtain the top system call count: ```Bash sudo mdatp diagnostic ebpf-statistics Top syscall ids: 90 : 10 87 : 3 ``` -In the above output, it can be seen that stress-ng is the top process generating large number of events and might result into performance issues. Most likely stress-ng is generating the system call with ID 82. You can create a ticket with Microsoft to get this process excluded. In future as part of upcoming enhancements, you will have more control to apply such exclusions at your end. +In the above output, you can see that stress-ng is the top process generating large number of events and might result into performance issues. Most likely stress-ng is generating the system call with ID 82. You can create a ticket with Microsoft to get this process excluded. In future as part of upcoming enhancements, you'll have more control to apply such exclusions at your end. -Exclusions applied to auditd cannot be migrated or copied to eBPF. Common concerns such as noisy logs, kernel panic, noisy syscalls are already taken care of by eBPF internally. In case you want to add any further exclusions, then reach out to Microsoft to get the necessary exclusions applied. +Exclusions applied to auditd can't be migrated or copied to eBPF. Common concerns such as noisy logs, kernel panic, noisy syscalls are already taken care of by eBPF internally. In case you want to add any further exclusions, then reach out to Microsoft to get the necessary exclusions applied. ## See also |
security | Prevent Changes To Security Settings With Tamper Protection | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection.md | Title: Protect security settings with tamper protection-+ description: Use tamper protection to prevent malicious apps from changing important security settings. ms.localizationpriority: medium Previously updated : 10/24/2023 Last updated : 02/13/2024 audience: ITPro When tamper protection is turned on, these tamper-protected settings can't be ch - Security intelligence updates occur. - Automatic actions are taken on detected threats. - Notifications are visible in the Windows Security app on Windows devices.-- Archived files are scanned. +- Archived files are scanned. +- [Exclusions cannot be modified or added ](/microsoft-365/security/defender-endpoint/manage-tamper-protection-intune#tamper-protection-for-antivirus-exclusions) -*As of signature release `1.383.1159.0`, due to confusion around the default value for "Allow Scanning Network Files", tamper protection no longer locks this setting to its default value. In managed environments, the default value is enabled.* +*As of signature release `1.383.1159.0`, due to confusion around the default value for "Allow Scanning Network Files", tamper protection no longer locks this setting to its default value. In managed environments, the default value is `enabled`.* > [!IMPORTANT] > When tamper protection is turned on, tamper-protected settings cannot be changed. To avoid breaking management experiences, including [Intune](manage-tamper-protection-intune.md) and [Configuration Manager](manage-tamper-protection-configuration-manager.md), keep in mind that changes made to tamper-protected settings might appear to succeed but are actually blocked by tamper protection. Depending on your particular scenario, you have several options available: |
security | Run Analyzer Macos Linux | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/run-analyzer-macos-linux.md | Title: Run the client analyzer on macOS or Linux -description: Learn how to run the Microsoft Defender for Endpoint Client Analyzer on macOS or Linux. -keywords: client analyzer, troubleshoot sensor, analyzer, mdeanalyzer, macos, linux, mdeanalyzer +description: Learn how to run the Microsoft Defender for Endpoint Client Analyzer on macOS or Linux -ms.sitesec: library -ms.pagetype: security f1.keywords: - NOCSH--++ ms.localizationpriority: medium Previously updated : 06/15/2023 Last updated : 02/02/2024 audience: ITPro |
security | Advanced Hunting Identitylogonevents Table | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-identitylogonevents-table.md | For information on other tables in the advanced hunting schema, [see the advance | `Timestamp` | `datetime` | Date and time when the event was recorded | | `ActionType` | `string` | Type of activity that triggered the event. See the [in-portal schema reference](advanced-hunting-schema-tables.md?#get-schema-information-in-the-security-center) for details | | `Application` | `string` | Application that performed the recorded action |-| `LogonType` | `string` | Type of logon session, specifically:<br><br> - **Interactive** - User physically interacts with the device using the local keyboard and screen<br><br> - **Remote interactive (RDP) logons** - User interacts with the device remotely using Remote Desktop, Terminal Services, Remote Assistance, or other RDP clients<br><br> - **Network** - Session initiated when the device is accessed using PsExec or when shared resources on the device, such as printers and shared folders, are accessed<br><br> - **Batch** - Session initiated by scheduled tasks<br><br> - **Service** - Session initiated by services as they start | +| `LogonType` | `string` | Type of logon session. For more information, see [Supported logon types](#supported-logon-types). | | `Protocol` | `string` | Network protocol used | | `FailureReason` | `string` | Information explaining why the recorded action failed | | `AccountName` | `string` | User name of the account | For information on other tables in the advanced hunting schema, [see the advance | `ReportId` | `string` | Unique identifier for the event | | `AdditionalFields` | `dynamic` | Additional information about the entity or event | +## Supported logon types ++The following table lists the supported values for the `LogonType` column. ++|Logon type|Monitored activity|Description| +|||| +|Logon type 2|Credentials Validation|Domain-account authentication event using the NTLM and Kerberos authentication methods.| +|Logon type 2|Interactive Logon|User gained network access by entering a username and password (authentication method Kerberos or NTLM).| +|Logon type 2|Interactive Logon with Certificate|User gained network access by using a certificate.| +|Logon type 2|VPN Connection|User connected by VPN - Authentication using RADIUS protocol.| +|Logon type 3|Resource Access|User accessed a resource using Kerberos or NTLM authentication.| +|Logon type 3|Delegated Resource Access|User accessed a resource using Kerberos delegation.| +|Logon type 8|LDAP Cleartext|User authenticated using LDAP with a clear-text password (Simple authentication).| +|Logon type 10|Remote Desktop|User performed an RDP session to a remote computer using Kerberos authentication.| +||Failed Logon|Domain-account failed authentication attempt (via NTLM and Kerberos) due to the following: account was disabled/expired/locked/used an untrusted certificate or due to invalid logon hours/old password/expired password/wrong password.| +||Failed Logon with Certificate|Domain-account failed authentication attempt (via Kerberos) due to the following: account was disabled/expired/locked/used an untrusted certificate or due to invalid logon hours/old password/expired password/wrong password.| + ## Related topics - [Advanced hunting overview](advanced-hunting-overview.md) |
security | Quarantine Admin Manage Messages Files | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/quarantine-admin-manage-messages-files.md | To filter the entries, select :::image type="icon" source="../../media/m365-cc-s - **Transport rule** (mail flow rule) - **Bulk** - **Spam**+ - **Data loss prevention** - **Malware**: Anti-malware policies in EOP or Safe Attachments policies in Defender for Office 365. The **Policy Type** value indicates which feature was used. - **Phishing**: The spam filter verdict was **Phishing** or anti-phishing protection quarantined the message ([spoof settings](anti-phishing-policies-about.md#spoof-settings) or [impersonation protection](anti-phishing-policies-about.md#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365)). - **High confidence phishing** To filter the entries, select :::image type="icon" source="../../media/m365-cc-s - **Anti-phishing policy** - **Anti-spam policy** - **Transport rule** (mail flow rule)+ - **Data loss prevention rule** The **Policy type** and **Quarantine reason** values are interrelated. For example, **Bulk** is always associated with an **Anti-spam policy**, never with an **Anti-malware policy**. |
security | Quarantine End User | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/quarantine-end-user.md | To filter the entries, select :::image type="icon" source="../../media/m365-cc-s - **Transport rule** (mail flow rule) - **Bulk** - **Spam**+ - **Data loss prevention** - **Malware**: Anti-malware policies in EOP or Safe Attachments policies in Defender for Office 365. The **Policy Type** value indicates which feature was used. - **Phishing**: The spam filter verdict was **Phishing** or anti-phishing protection quarantined the message ([spoof settings](anti-phishing-policies-about.md#spoof-settings) or [impersonation protection](anti-phishing-policies-about.md#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365)). - **High confidence phishing** |
syntex | Backup Billing | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/backup/backup-billing.md | + + Title: Set up pay-as-you-go billing for Microsoft 365 Backup (Preview) ++++audience: admin + Last updated : 02/12/2024++++search.appverid: ++ - enabler-strategic + - m365initiative-syntex +ms.localizationpriority: medium +description: Learn how to set up and configure pay-as-you-go billing for Microsoft 365 Backup. +++# Set up pay-as-you-go billing for Microsoft 365 Backup (Preview) ++As a first step to start using Microsoft 365 Backup, you should link an Azure subscription in Syntex pay-as-you-go, if you haven't already done so. Although Microsoft 365 Backup isn't part of the Microsoft Syntex product suite, this offering is still using the Syntex billing setup for consistency with other Microsoft 365 pay-as-you-go offerings. ++Use these steps to set up pay-as-you-go billing for Microsoft 365 Backup. ++1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com/Adminportal/Home). ++2. Select **Setup**. ++3. On the **Setup** page, in the **Files and content** section, select **Use content AI with Microsoft Syntex**. ++4. On the **Use content AI with Microsoft Syntex** page, select **Set up billing**. ++ ![Screenshot of the Set up billing option in the Microsoft 365 admin center.](../../media/content-understanding/backup-setup-billing.png) ++ > [!NOTE] + > To set up pay-as-you-go billing for Microsoft 365 Backup, you must provide an owner or contribution role on the Azure subscription to be used. ++5. If you ***don't*** have an Azure subscription or resource group, follow these steps. If you have an Azure subscription and resource group, go directly to step 6. ++ To create a new Azure subscription with the same organization and Microsoft Entra tenant as your Microsoft 365 subscription: ++ a. Sign in to the [Azure portal](https://portal.azure.com) with your Microsoft 365 admin, Microsoft Entra DC admin, or Global admin account. ++ b. In the left navigation, select **Subscriptions**, and then select **Add**. ++ c. On the **Add subscription** page, select an offer and complete the payment information and agreement. ++ To create a new Azure resource group: ++ a. On the **Set up pay-as-you-go billing** panel, select **Learn more about Azure resource groups**. ++ b. Or, you can follow steps in [Manage Azure resource groups by using the Azure portal](/azure/azure-resource-manager/management/manage-resource-groups-portal) to create a resource group. ++ ![Screenshot of the Set up pay-as-you-go billing panel in the Microsoft 365 admin center.](../../media/content-understanding/backup-billing-panel.png) ++ > [!NOTE] + > The resource group should be mapped to the Azure subscription you provided when you set up pay-as-you-go. ++6. If you ***have*** an Azure subscription, follow these steps: ++ a. On the **Set up pay-as-you-go billing** panel, under **Azure subscription**, select the subscription from the dropdown list. ++ > [!NOTE] + > The subscription dropdown list will not populate if you don't have an owner or contributor on the subscription. ++ ![Screenshot of the Set up pay-as-you-go billing panel showing the Azure subscription dropdown list.](../../media/content-understanding/back-billing-subscription.png) ++ b. Under **Resource group**, select the resource group from the dropdown list. ++ c. Under **Region**, select the region from the dropdown list. ++ d. Review and accept the terms of service, and then select **Save**. ++You have successfully set up billing. You can proceed to [Step 2: Turn on Microsoft 365 Backup](backup-setup.md#step-2-turn-on-microsoft-365-backup). |
syntex | Backup Pricing | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/backup/backup-pricing.md | Microsoft 365 Backup will charge you for content size of the following for 365 d - Deleted content in userΓÇÖs Recycle Bin and second-stage Recycle Bin (also known as Site Collection Recycle Bin). > [!NOTE]-> Restore points or size of restores will not be charged. +> Restore points or size of restores will not be charged. Although Azure is being used to process the payments, there are no additional Azure API or storage costs beyond the Microsoft 365 Backup usage charges mentioned above. As an example, if you have a site under protection that is currently 1 GB for the first month, you'll be charged 1 GB of Backup usage. If you delete content in that site such that it's now only 0.5 GB, your next monthly bill will still be for 1 GB since the backup tool is retaining that deleted content for a year. After a year when the backup of that deleted content expires, the 0.5 GB being retained for backup purposes will no long be charged for Backup. |
syntex | Backup Setup | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/backup/backup-setup.md | Get started with Microsoft 365 Backup by following these simple three steps in t ## Step 1: Set up pay-as-you-go billing -As a first step to sign up for Microsoft 365 Backup, you should first link an Azure subscription in [Syntex pay-as-you-go](https://admin.microsoft.com/Adminportal/Home#/featureexplorer/csi/ContentUnderstanding), if you haven't already done so. Although Microsoft 365 Backup isn't part of the Syntex product suite, this offering is still using the Syntex billing setup for consistency with other Microsoft 365 pay-as-you-go offerings. +Microsoft 365 Backup is a pay-as-you-go offering that charges based on consumption, unlike traditional seat-based licenses. To set up pay-as-you-go for Microsoft 365 Backup, you will need to have this information: -<! -1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com/Adminportal/Home). --2. Select **Setup**. --3. On the **Setup** page, in the **Files and content** section, select **Use content AI with Microsoft Syntex**. --4. On the **Use content AI with Microsoft Syntex** page, select **Set up billing**. -- ![Screenshot of the Use content AI with Microsoft Syntex page showing the Set up billing option.](../../media/content-understanding/backup-setup-set-up-billing.png) +> [!div class="checklist"] +> * **Valid Azure subscription**. An Azure subscription provides a logical container for your resources. Each Azure resource is associated with only one subscription. Creating a subscription is the first step in adopting Azure. To learn more about Azure, see [Azure fundamental concepts](/azure/cloud-adoption-framework/ready/considerations/fundamental-concepts). +> * **Resource group**. A resource group provides a logical grouping of resources within an Azure subscription. +> * **Region**. The region in which you want to register the service. +> * **Owner or contributor**. Name of an owner or contributor role on the Azure subscription. - > [!NOTE] - > To set up pay-as-you-go billing for Microsoft 365 Backup, the admin must have an owner or contribution role on the Azure subscription to be used. +Once you have the information on this list, you are ready to [set up pay-as-you-go billing for Microsoft 365 Backup](backup-billing.md). -5. If you don't have an Azure subscription or resource group, follow these steps. If you have an Azure subscription and resource group, skip this step and go to step 6. -- ![Screenshot of the Set up pay-as-you-go billing panel with the Prerequisites section lighlighted.](../../media/content-understanding/backup-setup-prerequisites.png) -- a. To create a new Azure subscription, on the **Set up pay-as-you-go billing** panel, select **Learn more about Azure subscriptions**. Alternatively, you can follow the steps in [Create your initial Azure subscriptions](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/initial-subscriptions). -- b. To create a new Azure resource group, on the **Set up pay-as-you-go billing** panel,select **Learn more about Azure resource groups**. Alternatively, you can follow the steps in [Manage Azure resource groups by using the Azure portal](https://learn.microsoft.com/azure/azure-resource-manager/management/manage-resource-groups-portal) to create a resource group. The resource group should be within the Azure subscription. -- c. After you create an Azure subscription with owner or contributor role, you'll need to have a resource group created. --6. If you have an Azure subscription, select the subscription from the drop-down menu. -- ![Screenshot of the Set up pay-as-you-go billing panel with the Azure subscription section lighlighted.](../../media/content-understanding/backup-setup-azure-subscription.png) -> -To set up pay-as-you-go billing, follow the steps in [Configure Microsoft Syntex for pay-as-you-go billing](../syntex-azure-billing.md). +<!To set up pay-as-you-go billing, follow the steps in [Configure Microsoft Syntex for pay-as-you-go billing](../syntex-azure-billing.md).> ### Permissions You must have Global admin or SharePoint admin permissions to access the Microso ## Step 2: Turn on Microsoft 365 Backup -To enable Microsoft 365 Backup, you'll need to go to the Microsoft 365 admin center. +To turn on Microsoft 365 Backup, you'll need to go to the Microsoft 365 admin center. 1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com/Adminportal/Home). |
syntex | Esignature Troubleshoot | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/esignature-troubleshoot.md | description: Learn how to troubleshoot issues with sending, receiving, or viewin ## Unable to create a request -If you aren't able to create a signature request, check the PDF viewer settings, the collaboration settings, or the access policies. Refer to the [setup page](https://learn.microsoft.com/microsoft-365/syntex/esignature-setup) to ensure the correct settings are done. Also, check that the PDF you are attempting to sign is not already electronically signed using SharePoint eSignature or any other electronic signature provider. +If you aren't able to create a signature request, check the PDF viewer settings, the collaboration settings, or the access policies. Refer to the [setup page](/microsoft-365/syntex/esignature-setup) to ensure the correct settings are done. Also, check that the PDF you are attempting to sign is not already electronically signed using SharePoint eSignature or any other electronic signature provider. > [!NOTE] > New eSignature requests can't be started from documents that have been previously signed. You need to choose another document to create the request. |
whiteboard | Configure Privacy Settings | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/whiteboard/configure-privacy-settings.md | |
whiteboard | Deploy On Windows Organizations | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/whiteboard/deploy-on-windows-organizations.md | |
whiteboard | Gdpr Requests | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/whiteboard/gdpr-requests.md | |
whiteboard | Index | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/whiteboard/index.md | + - essentials-navigation + - essentials-overview ms.localizationpriority: medium description: Find resources about how to set up and manage Microsoft Whiteboard. |
whiteboard | Manage Data Organizations | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/whiteboard/manage-data-organizations.md | |
whiteboard | Manage Sharing Organizations | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/whiteboard/manage-sharing-organizations.md | |
whiteboard | Manage Whiteboard Access Organizations | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/whiteboard/manage-whiteboard-access-organizations.md | |