Category | Microsoft Docs article | Related commit history on GitHub | Change details |
---|---|---|---|
enterprise | Integrated Apps And Azure Ads | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/integrated-apps-and-azure-ads.md | Title: "Integrated apps and Microsoft Entra ID for Microsoft 365 administrators" Previously updated : 08/10/2020 Last updated : 02/14/2024 audience: Admin +- must-keep search.appverid: - MET150 - MOE150 description: Learn how to register and administer Office 365 integrated Apps in # Integrated apps and Microsoft Entra ID for Microsoft 365 administrators -There's more to managing integrated apps than just [managing user consent to apps](../admin/misc/user-consent.md). With the advent of the Microsoft 365 REST APIs, users can grant apps access to their Microsoft 365 data, such as mail, calendars, contacts, users, groups, files, and folders. By default, users need to individually grant permissions to each app. +There's more to managing integrated apps than just [managing user consent to apps](../admin/misc/user-consent.md). With the advent of the Microsoft 365 REST APIs, users can grant apps access to their Microsoft 365 data, such as mail, calendars, contacts, users, groups, files, and folders. By default, users need to individually grant permissions to each app. But this doesn't scale well if you want to authorize an app once at the **Microsoft Entra DC admin**, or **Global admin** level and roll it out to your whole organization through the app launcher. To do this, you must register the app in Microsoft Entra ID. There are some steps you need to take before you can register an app in Microsoft Entra ID and some background information you should know that can help you manage apps in your Microsoft 365 organization. You have to do these two tasks before you can manage your Microsoft 365 apps in |:--|:--| |[Use your free Microsoft Entra subscription](../compliance/use-your-free-azure-ad-subscription-in-office-365.md) <br/> |Every paid subscription to Microsoft 365 comes with a free subscription to Microsoft Entra ID. You can use Microsoft Entra ID to manage your apps and to create and manage user and group accounts. To use Microsoft Entra ID, just go to the Azure portal at [https://portal.azure.com](https://portal.azure.com) and sign in using your Microsoft 365 account. <br/> | |[Manage user consent to apps](../admin/misc/user-consent.md) <br/> |You must manage user consent to apps to allow third-party apps to access user Microsoft 365 information and for you to register apps in Microsoft Entra ID. For example, when someone uses a third-party app, that app might ask for permission to access their calendar and to edit files that are in a OneDrive folder. <br/> |- + Managing Microsoft 365 apps requires you to have knowledge of apps in Microsoft Entra ID. Use these articles to give you the background you need. |Article|Comments| |
security | Device Control Deploy Manage Gpo | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-control-deploy-manage-gpo.md | description: Learn how to deploy and manage device control in Defender for Endpo Previously updated : 01/31/2024 Last updated : 02/14/2024 f1.keywords: NOCSH # Deploy and manage device control in Microsoft Defender for Endpoint using Group Policy +**Applies to:** ++- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) +- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) +- [Microsoft Defender for Business](/microsoft-365/security/defender-business) + If you're using Group Policy to manage Defender for Endpoint settings, you can use it to deploy and manage device control. ## Enable or disable removable storage access control If you want to change the default value of 60 days for persisting the local cach - [Device control in Defender for Endpoint](device-control-overview.md) - [Device control policies in and settings](device-control-policies.md)-- [Device Control for macOS](mac-device-control-overview.md)+- [Device Control for macOS](mac-device-control-overview.md) |
security | Device Control Deploy Manage Intune | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-control-deploy-manage-intune.md | description: Learn how to deploy and manage device control in Defender for Endpo Previously updated : 02/01/2024 Last updated : 02/14/2024 f1.keywords: NOCSH # Deploy and manage device control in Microsoft Defender for Endpoint with Microsoft Intune +**Applies to:** ++- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) +- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) +- [Microsoft Defender for Business](/microsoft-365/security/defender-business) + If you're using Intune to manage Defender for Endpoint settings, you can use it to deploy and manage device control capabilities. Different aspects of device control are managed differently in Intune, as described in the following sections. ## Configure and manage device control in Intune In Intune, device control groups appear as reusable settings. - [Device control in Defender for Endpoint](device-control-overview.md) - [Device control policies and settings](device-control-policies.md)-- [Device Control for macOS](mac-device-control-overview.md)+- [Device Control for macOS](mac-device-control-overview.md) |
security | Device Control Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-control-overview.md | description: Get an overview of device control, including removable storage acce Previously updated : 01/30/2024 Last updated : 02/14/2024 f1.keywords: NOCSH # Device control in Microsoft Defender for Endpoint +**Applies to:** ++- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) +- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) +- [Microsoft Defender for Business](/microsoft-365/security/defender-business) + Device control capabilities in Microsoft Defender for Endpoint enable your security team to control whether users can install and use peripheral devices, like removable storage (USB thumb drives, CDs, disks, etc.), printers, Bluetooth devices, or other devices with their computers. Your security team can configure device control policies to configure rules like these: - Prevent users from installing and using certain devices (like USB drives) Currently, device control is not supported on servers. - [Device control walkthroughs](device-control-walkthroughs.md) - [Learn about Device control policies](device-control-policies.md)-- [View device control reports](device-control-report.md)+- [View device control reports](device-control-report.md) |
security | Device Control Policies | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-control-policies.md | description: Learn about Device control policies in Defender for Endpoint Previously updated : 02/13/2024 Last updated : 02/14/2024 f1.keywords: NOCSH # Device control policies in Microsoft Defender for Endpoint +**Applies to:** ++- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) +- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) +- [Microsoft Defender for Business](/microsoft-365/security/defender-business) + This article describes device control policies, rules, entries, groups, and advanced conditions. Essentially, device control policies define access for a set of devices. The devices that are in scope are determined by a list of included device groups and a list of excluded device groups. A policy applies if the device is in all of the included device groups and none of the excluded device groups. If no policies apply, then the default enforcement is applied. By default device control is disabled, so access to all types of devices is allowed. To learn more about device control, see [Device control in Microsoft Defender for Endpoint](device-control-overview.md). The properties described in the following table can be included in the `Descript | `InstancePathId` | String that uniquely identifies the device in the system, for example, `USBSTOR\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\8735B611&0`. It corresponds to the device instance path in Device Manager in Windows. The number at the end (for example `&0`) represents the available slot and might change from device to device. For best results, use a wildcard at the end. For example, `USBSTOR\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\8735B611*`. | | `DeviceId` | To transform Device instance path to Device ID format, use Standard USB Identifiers, such as this example: `USBSTOR\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07` | | `HardwareId` | String that identifies the device in the system, like `USBSTOR\DiskGeneric_Flash_Disk___8.07`. It corresponds to the hardware ID in Device Manager in Windows. Keep in mind that `HardwareId` isn't unique; different devices might share the same value. |-| `FriendlyNameId` | String attached to the device, like `Generic Flash Disk USB Device`. It's corresponds to the friendly name in Device Manager in Windows. | +| `FriendlyNameId` | String attached to the device, like `Generic Flash Disk USB Device`. It corresponds to the friendly name in Device Manager in Windows. | | `BusId` | For example, `USB`, `SCSI` | | `SerialNumberId` | You can find `SerialNumberId` from Device instance path in Device Manager in Windows. For example, `03003324080520232521` is `SerialNumberId` in `USBSTOR\DISK&VEN__USB&PROD__SANDISK_3.2GEN1&REV_1.00\03003324080520232521&0` | | `VID_PID` | - Vendor ID is the four-digit vendor code that the USB committee assigns to the vendor. <br/>- Product ID is the four-digit product code that the vendor assigns to the device. It supports wildcards.<br/>- To transform Device instance path to Vendor ID and Product ID format, use Standard USB Identifiers. Here are some examples: <br/>`0751_55E0`: match this exact VID/PID pair <br/>`_55E0`: match any media with `PID=55E0` <br/>`0751_`: match any media with `VID=0751` | The group is then referenced as parameters in an entry, as illustrated in the fo ## File evidence -With device control, you can store evidence of files that were copied to removablee devices or were printed. When file evidence is enabled, a `RemovableStorageFileEvent` is created. The behavior of file evidence is controlled by options on the Allow action, as described in the following table: +With device control, you can store evidence of files that were copied to removable devices or were printed. When file evidence is enabled, a `RemovableStorageFileEvent` is created. The behavior of file evidence is controlled by options on the Allow action, as described in the following table: | Option | Description | ||| |
security | Device Control Walkthroughs | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-control-walkthroughs.md | description: Learn how to work with device control in Defender for Endpoint. Previously updated : 01/29/2024 Last updated : 02/14/2024 f1.keywords: NOCSH # Device control walkthroughs +**Applies to:** ++- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) +- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) +- [Microsoft Defender for Business](/microsoft-365/security/defender-business) + This article describes different ways to see how device control works. Beginning with default settings, each section describes how to configure device control to achieve certain objectives. ## Explore the default state of device control Device control also supports group SIDs. Change the SID in the read-only policy - [Understand Device control policies](device-control-policies.md) - [Deploy and manage device control with Intune](device-control-deploy-manage-intune.md) - [Deploy and manage device control with Group Policy](device-control-deploy-manage-gpo.md)-- [View device control reports](device-control-report.md)+- [View device control reports](device-control-report.md) |
security | Linux Preferences | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-preferences.md | Specifies the enforcement preference of antivirus engine. There are three values #### Enable/disable behavior-monitoring Determines whether behavior monitoring and blocking capability is enabled on the device or not. --<br> +> [!NOTE] +> This feature is applicable only when Real-Time Protection feature is enabled. **** |Description|Value| When you run the `mdatp health` command for the first time, the value for the ta >[!NOTE] >Add the comma after the closing curly bracket at the end of the `cloudService` block. Also, make sure that there are two closing curly brackets after adding Tag or Group ID block (please see the above example). At the moment, the only supported key name for tags is `GROUP`. -## Configuration profile validation --The configuration profile must be a valid JSON-formatted file. There are many tools that can be used to verify this. For example, if you have `python` installed on your device: --```bash -python -m json.tool mdatp_managed.json -``` --If the JSON is well-formed, the above command outputs it back to the Terminal and returns an exit code of `0`. Otherwise, an error that describes the issue is displayed and the command returns an exit code of `1`. --## Verifying that the mdatp_managed.json file is working as expected --To verify that your /etc/opt/microsoft/mdatp/managed/mdatp_managed.json is working properly, you should see "[managed]" next to these settings: --- cloud_enabled-- cloud_automatic_sample_submission_consent-- passive_mode_enabled-- real_time_protection_enabled-- automatic_definition_update_enabled-->[!NOTE] ->No restart of mdatp daemon is required for changes to _most_ configurations in mdatp_managed.json to take effect. - **Exception:** The following configurations require a daemon restart to take effect: -> - cloud-diagnostic -> - log-rotation-parameters --## Configuration profile deployment --Once you've built the configuration profile for your enterprise, you can deploy it through the management tool that your enterprise is using. Defender for Endpoint on Linux reads the managed configuration from the */etc/opt/microsoft/mdatp/managed/mdatp_managed.json* file. -- |
security | Advanced Hunting Schema Changes | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-schema-changes.md | Naming changes are automatically applied to queries that are saved in Microsoft | Table name | Original ActionType name | New ActionType name | Reason for change |--|--|--|--|- | `DeviceEvents` | `DlpPocPrintJob` | `FilePrinted` | Customer feedback | | `DeviceEvents` | `UsbDriveMount` | `UsbDriveMounted` | Customer feedback | | `DeviceEvents` | `UsbDriveUnmount` | `UsbDriveUnmounted` | Customer feedback | | `DeviceEvents` | `WriteProcessMemoryApiCall` | `WriteToLsassProcessMemory` | Customer feedback | |
security | Manage Incidents | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/manage-incidents.md | All comments are added to the historical events of the incident. You can see the The **Activity log** displays a list of all the comments and actions performed on the incident, known as *Audits and comments*. All changes made to the incident, whether by a user or by the system, are recorded in the activity log. The activity log is available from the **Activity log** option on the incident page or on the incident side pane. You can filter the activities within the log by comments and actions. Click the **Content: Audits, Comments** then select the content type to filter activities. Here's an example. |
syntex | Backup Billing | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/backup/backup-billing.md | -description: Learn how to set up and configure pay-as-you-go billing for Microsoft 365 Backup. +description: Learn how to set up pay-as-you-go billing for Microsoft 365 Backup. # Set up pay-as-you-go billing for Microsoft 365 Backup (Preview) Use these steps to set up pay-as-you-go billing for Microsoft 365 Backup. To create a new Azure subscription with the same organization and Microsoft Entra tenant as your Microsoft 365 subscription: - a. Sign in to the [Azure portal](https://portal.azure.com) with your Microsoft 365 admin, Microsoft Entra DC admin, or Global admin account. + 1. Sign in to the [Azure portal](https://portal.azure.com) with your Microsoft 365 admin, Microsoft Entra DC admin, or Global admin account. - b. In the left navigation, select **Subscriptions**, and then select **Add**. + 1. In the left navigation, select **Subscriptions**, and then select **Add**. - c. On the **Add subscription** page, select an offer and complete the payment information and agreement. + 1. On the **Add subscription** page, select an offer and complete the payment information and agreement. To create a new Azure resource group: - a. On the **Set up pay-as-you-go billing** panel, select **Learn more about Azure resource groups**. + 1. On the **Set up pay-as-you-go billing** panel, select **Learn more about Azure resource groups**. - b. Or, you can follow steps in [Manage Azure resource groups by using the Azure portal](/azure/azure-resource-manager/management/manage-resource-groups-portal) to create a resource group. + 1. Or, you can follow steps in [Manage Azure resource groups by using the Azure portal](/azure/azure-resource-manager/management/manage-resource-groups-portal) to create a resource group. ![Screenshot of the Set up pay-as-you-go billing panel in the Microsoft 365 admin center.](../../media/content-understanding/backup-billing-panel.png) Use these steps to set up pay-as-you-go billing for Microsoft 365 Backup. 6. If you ***have*** an Azure subscription, follow these steps: - a. On the **Set up pay-as-you-go billing** panel, under **Azure subscription**, select the subscription from the dropdown list. + 1. On the **Set up pay-as-you-go billing** panel, under **Azure subscription**, select the subscription from the dropdown list. - > [!NOTE] - > The subscription dropdown list will not populate if you don't have an owner or contributor on the subscription. + > [!NOTE] + > The subscription dropdown list will not populate if you don't have an owner or contributor on the subscription. - ![Screenshot of the Set up pay-as-you-go billing panel showing the Azure subscription dropdown list.](../../media/content-understanding/back-billing-subscription.png) + ![Screenshot of the Set up pay-as-you-go billing panel showing the Azure subscription dropdown list.](../../media/content-understanding/back-billing-subscription.png) - b. Under **Resource group**, select the resource group from the dropdown list. + 1. Under **Resource group**, select the resource group from the dropdown list. - c. Under **Region**, select the region from the dropdown list. + 1. Under **Region**, select the region from the dropdown list. - d. Review and accept the terms of service, and then select **Save**. + 1. Review and accept the terms of service, and then select **Save**. You have successfully set up billing. You can proceed to [Step 2: Turn on Microsoft 365 Backup](backup-setup.md#step-2-turn-on-microsoft-365-backup). |