Category | Microsoft Docs article | Related commit history on GitHub | Change details |
---|---|---|---|
admin | Create Dns Records At 1 1 Internet | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/dns/create-dns-records-at-1-1-internet.md | Follow these steps to automatically verify and set up your IONOS by 1&1 domain w 1. In the Microsoft 365 admin center, select **Settings** > <a href="https://go.microsoft.com/fwlink/p/?linkid=834818" target="_blank">**Domains**</a>, and select the domain you want to set up. - :::image type="content" source="../../media/dns-IONOS/IONOS-DomainConnects-1.png" alt-text="Select your domain in Microsoft 365."::: + :::image type="content" source="../../media/dns-ionos/ionos-domainconnects-1.png" alt-text="Select your domain in Microsoft 365."::: 1. Select the three dots (more actions) > choose **Start setup**. - :::image type="content" source="../../media/dns-IONOS/IONOS-DomainConnects-2.png" alt-text="Select Start setup."::: + :::image type="content" source="../../media/dns-ionos/ionos-domainconnects-2.png" alt-text="Select Start setup."::: 1. On the How do you want to connect your domain? page, select **Continue**. Follow these steps to automatically verify and set up your IONOS by 1&1 domain w 1. On the IONOS by 1&1 login page, sign in to your account, and select **Connect**, and **Allow**. - :::image type="content" source="../../media/dns-IONOS/IONOS-DomainConnects-3.png" alt-text="Select Connect, and then Allow."::: + :::image type="content" source="../../media/dns-ionos/ionos-domainconnects-3.png" alt-text="Select Connect, and then Allow."::: This completes your domain setup for Microsoft 365. Before you use your domain with Microsoft, we have to make sure that you own it. 1. Select **Menu**, and then select **Domains and SSL**. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-1.png" alt-text="Select Domains and SSL."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-1.png" alt-text="Select Domains and SSL."::: 1. Under **Actions** for the domain that you want to update, select the gear control, and then select **DNS**. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-2.png" alt-text="Select DNS from the drop-down list."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-2.png" alt-text="Select DNS from the drop-down list."::: 1. Select **Add record**. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-3.png" alt-text="Select Add record."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-3.png" alt-text="Select Add record."::: 1. Select the **TXT** section. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-4.png" alt-text="Select the TXT section."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-4.png" alt-text="Select the TXT section."::: 1. On the Add a DNS record page, in the boxes for the new record, type or copy and paste the values from the following table. Before you use your domain with Microsoft, we have to make sure that you own it. 1. Select **Save**. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-5.png" alt-text="Select Save."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-5.png" alt-text="Select Save."::: Wait a few minutes before you continue, so that the record you just created can update across the Internet. To verify the record in Microsoft 365: 1. On the Domains page, select the domain that you're verifying, and select **Start setup**. - :::image type="content" source="../../media/dns-IONOS/IONOS-DomainConnects-2.png" alt-text="Select Start setup."::: + :::image type="content" source="../../media/dns-ionos/ionos-domainconnects-2.png" alt-text="Select Start setup."::: 1. Select **Continue**. To verify the record in Microsoft 365: 1. Select **Menu**, and then select **Domains and SSL**. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-1.png" alt-text="Select Domains and SSL."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-1.png" alt-text="Select Domains and SSL."::: 1. Under **Actions** for the domain that you want to update, select the gear control, and then select **DNS**. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-2.png" alt-text="Select DNS from the drop-down list."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-2.png" alt-text="Select DNS from the drop-down list."::: 1. Select **Add record**. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-3.png" alt-text="Select Add record."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-3.png" alt-text="Select Add record."::: 1. Select the **MX** section. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-MX.png" alt-text="Select the MX section."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-mx.png" alt-text="Select the MX section."::: 1. On the Add a DNS record page, in the boxes for the new record, type or copy and paste the values from the following table. To verify the record in Microsoft 365: 1. Select **Save**. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-MX-Save.png" alt-text="Select Save."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-mx-save.png" alt-text="Select Save."::: 1. If there are any MX records already listed, delete each of them by selecting the **Delete record** trash can on the **Add record** page. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-Delete.png" alt-text="Select Delete record."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-delete.png" alt-text="Select Delete record."::: ### Add the CNAME record required for Microsoft To verify the record in Microsoft 365: 1. Select **Menu**, and then select **Domains and SSL**. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-1.png" alt-text="Select Domains and SSL."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-1.png" alt-text="Select Domains and SSL."::: 1. Under **Actions** for the domain that you want to update, select the gear control, and then select **DNS**. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-2.png" alt-text="Select DNS from the drop-down list."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-2.png" alt-text="Select DNS from the drop-down list."::: Now you'll create two subdomains and set an **Alias** value for each. To verify the record in Microsoft 365: 1. Select **Subdomains**. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-Subdomains.png" alt-text="Select Subdomain."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-subdomains.png" alt-text="Select Subdomain."::: 1. Select **Add subdomain**. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-add-subdomains.png" alt-text="Select Add subdomains."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-add-subdomains.png" alt-text="Select Add subdomains."::: 1. In the **Add subdomain** box for the new subdomain, type or copy and paste only the **Add subdomain** value from the following table. (You'll add the **Alias** value in a later step.) To verify the record in Microsoft 365: 1. Select **Menu**, and then select **Domains and SSL**. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-1.png" alt-text="Select Domains and SSL."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-1.png" alt-text="Select Domains and SSL."::: 1. Under **Actions** for the domain that you want to update, select the gear control, and then select **DNS**. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-2.png" alt-text="Select DNS from the drop-down list."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-2.png" alt-text="Select DNS from the drop-down list."::: 1. Select **Add record**. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-3.png" alt-text="Select Add record."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-3.png" alt-text="Select Add record."::: 1. Select the **SPF (TXT)** section. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-SPFTXT.png" alt-text="Select the SPF (TXT) section."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-spftxt.png" alt-text="Select the SPF (TXT) section."::: 1. In the boxes for the new record, type or copy and paste the values from the following table. To verify the record in Microsoft 365: 1. Select **Save**. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-SPFTXT-Save.png" alt-text="Select Save."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-spftxt-save.png" alt-text="Select Save."::: ## Advanced option: Skype for Business Only select this option if your organization uses Skype for Business for online 1. Select **Menu**, and then select **Domains and SSL**. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-1.png" alt-text="Select Domains and SSL."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-1.png" alt-text="Select Domains and SSL."::: 1. Under **Actions** for the domain that you want to update, select the gear control, and then select **DNS**. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-2.png" alt-text="Select DNS from the drop-down list."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-2.png" alt-text="Select DNS from the drop-down list."::: Now you'll create two subdomains and set an **Alias** value for each. Only select this option if your organization uses Skype for Business for online 1. Select **Subdomains**. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-Subdomains.png" alt-text="Select Subdomain."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-subdomains.png" alt-text="Select Subdomain."::: 1. Select **Add subdomain**. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-add-subdomains.png" alt-text="Select Add subdomains."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-add-subdomains.png" alt-text="Select Add subdomains."::: 1. In the **Add subdomain** box for the new subdomain, type or copy and paste only the **Add subdomain** value from the following table. (You'll add the **Alias** value in a later step.) Only select this option if your organization uses Skype for Business for online 1. Select **Add record**. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-3.png" alt-text="Select Add record."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-3.png" alt-text="Select Add record."::: 1. Select the **CNAME** section. Only select this option if your organization uses Skype for Business for online 1. Select **Menu**, and then select **Domains and SSL**. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-1.png" alt-text="Select Domains and SSL."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-1.png" alt-text="Select Domains and SSL."::: 1. Under **Actions** for the domain that you want to update, select the gear control, and then select **DNS**. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-2.png" alt-text="Select DNS from the drop-down list."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-2.png" alt-text="Select DNS from the drop-down list."::: 1. Select **Add record**. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-3.png" alt-text="Select Add record."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-3.png" alt-text="Select Add record."::: 1. Select the **SRV** section. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-SRV.png" alt-text="Select the SRV section."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-srv.png" alt-text="Select the SRV section."::: 1. In the boxes for the new record, type or copy and paste the values from the following table. Only select this option if your organization uses Skype for Business for online 1. Select **Save**. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-SRV-Save.png" alt-text="Select Save."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-srv-save.png" alt-text="Select Save."::: 1. Add the other SRV record. This service helps you secure and remotely manage mobile devices that connect to 1. Select **Menu**, and then select **Domains and SSL**. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-1.png" alt-text="Select Domains and SSL."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-1.png" alt-text="Select Domains and SSL."::: 1. Under **Actions** for the domain that you want to update, select the gear control, and then select **DNS**. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-2.png" alt-text="Select DNS from the drop-down list."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-2.png" alt-text="Select DNS from the drop-down list."::: Now you'll create two subdomains and set an **Alias** value for each. This service helps you secure and remotely manage mobile devices that connect to 1. Select **Subdomains**. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-Subdomains.png" alt-text="Select Subdomain."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-subdomains.png" alt-text="Select Subdomain."::: 1. Select **Add subdomain**. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-add-subdomains.png" alt-text="Select Add subdomains."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-add-subdomains.png" alt-text="Select Add subdomains."::: 1. In the **Add subdomain** box for the new subdomain, type or copy and paste only the **Add subdomain** value from the following table. (You'll add the **Alias** value in a later step.) This service helps you secure and remotely manage mobile devices that connect to 1. Select **Add record**. - :::image type="content" source="../../media/dns-IONOS/IONOS-domains-3.png" alt-text="Select Add record."::: + :::image type="content" source="../../media/dns-ionos/ionos-domains-3.png" alt-text="Select Add record."::: 1. Select the **CNAME** section. |
admin | Assign Licenses To Users | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/assign-licenses-to-users.md | You can assign licenses to users on either the **Active users** page, or on the > [!NOTE] > -> - As an admin, you can't assign or unassign licenses for a self-service purchase subscription bought by a user in your organization. You can [take over a self-service purchase subscription](../../commerce/subscriptions/manage-self-service-purchases-admins.md#take-over-a-self-service-purchase-subscription), and then assign or unassign licenses. +> - As an admin, you can't assign or unassign licenses for a self-service purchase subscription bought by a user in your organization. You can [take over a purchase or trial subscription](../../commerce/subscriptions/manage-self-service-purchases-admins.md#take-over-a-purchase-or-trial-subscription), and then assign or unassign licenses. > - For some subscriptions, you can only cancel during a limited window of time after you buy or renew your subscription. If the cancellation window has passed, turn off recurring billing to cancel the subscription at the end of its term. [Learn how to add a user and assign a license at the same time](../add-users/add-users.md). |
admin | Remove Licenses From Users | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/remove-licenses-from-users.md | You can unassign licenses from users on either the **Active users** page, or on > [!NOTE] >-> - As an admin, you can't assign or unassign licenses for a self-service purchase subscription bought by a user in your organization. You can [take over a self-service purchase subscription](../../commerce/subscriptions/manage-self-service-purchases-admins.md#take-over-a-self-service-purchase-subscription), and then assign or unassign licenses. +> - As an admin, you can't assign or unassign licenses for a self-service purchase subscription bought by a user in your organization. You can [take over a purchase or trial subscription](../../commerce/subscriptions/manage-self-service-purchases-admins.md#take-over-a-purchase-or-trial-subscription), and then assign or unassign licenses. > > - For some subscriptions, you can only cancel during a limited window of time after you buy or renew your subscription. If the cancellation window has passed, turn off recurring billing to cancel the subscription at the end of its term. |
business-premium | M365bp Conditional Access | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-conditional-access.md | Security defaults were designed to help protect your company's user accounts fro MFA is an important first step in securing your company, and security defaults make enabling MFA easy to implement. If your subscription was created on or after October 22, 2019, security defaults might have been automatically enabled for you—you should check your settings to confirm. > [!TIP]-> For more information about security defaults and the policies they enforce, see [What are security defaults?](/azure/active-directory/fundamentals/concept-fundamentals-security-defaults) +> For more information about security defaults and the policies they enforce, see [Security defaults in Azure AD](/azure/active-directory/fundamentals/concept-fundamentals-security-defaults). ### To enable security defaults (or confirm they're already enabled) -1. Sign in to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a> with security administrator, Conditional Access administrator, or Global admin credentials. +> [!IMPORTANT] +> You must be a Security Administrator, Conditional Access administrator, or Global Administrator to perform this task. -2. In the left pane, select **Show All,** and then under **Admin centers**, select **Azure Active Directory**. +1. Go to the Azure portal ([https://portal.azure.com/](https://portal.azure.com/)) and sign in. -3. In the left pane of the **Azure Active Directory admin center,** select **Azure Active Directory**. +2. Under **Manage Azure Active Directory**, select **View**. -4. From the left menu of the Dashboard, in the **Manage** section, select **Properties**. + :::image type="content" source="../security/defender-business/medib-manage-azuread.png"::: - :::image type="content" source="../media/m365-campaigns-conditional-access/azure-ad-properties.png" alt-text="Screenshot of the Azure Active Directory admin center showing the location of the Properties menu item."::: +3. In the navigation pane, select **Properties**, and then select **Manage security defaults**. -5. At the bottom of the **Properties** page, select **Manage Security defaults**. + :::image type="content" source="../security/defender-business/medib-azuread-properties.png"::: -6. In the right pane, you'll see the **Enable Security defaults** setting. If **Yes** is selected, then security defaults are already enabled and no further action is required. If security defaults are not currently enabled, then select **Yes** to enable them, and then select **Save**. +4. On the right side of the screen, in the **Security defaults** pane, see whether security defaults are turned on (**Enabled**) or off (**Disabled**). To turn security defaults on, use the drop-down menu to select **Enabled**. ++5. Save your changes. # [Conditional Access](#tab/condit) |
commerce | Manage Self Service Purchases Admins | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/manage-self-service-purchases-admins.md | Title: Manage self-service purchases (Admins) + Title: Manage self-service purchases and trials (for admins) f1.keywords: - NOCSH -description: "Admins can learn how to manage self-service purchases made by users in their organization." Previously updated : 05/24/2022+description: "Learn how admins can use the Microsoft 365 admin center to manage self-service purchases and trials made by users in their organization." Last updated : 02/15/2023 -# Manage self-service purchases (Admin) +# Manage self-service purchases and trials (for admins) -As an admin, you can see self-service purchases made by people in your organization. You see the product name, purchaser name, subscriptions purchased, expiration date, purchase price, and assigned users for each self-service purchase. If required by your organization, you can turn off self-service purchasing on a per product basis via PowerShell. You have the same data management and access policies over products bought through self-service purchase or centrally. +As an admin, you can use the Microsoft 365 admin center to see self-service purchases and trials (referred to in this article as *purchases and trials*) made by people in your organization. You can see the product name, purchaser name, subscriptions purchased, expiration date, purchase price, and assigned users for each purchase or trial subscription. You have the same data management and access policies over products bought through self-service purchase or centrally. -You can also control whether users in your organization can make self-service purchases. For more information, see [Use AllowSelfServicePurchase for the MSCommerce PowerShell module](allowselfservicepurchase-powershell.md). +You can also control whether users in your organization can make purchases or sign up for trials. To learn how to manage these settings, see [Use AllowSelfServicePurchase for the MSCommerce PowerShell module](allowselfservicepurchase-powershell.md). ++## Understand purchases and trials ++Purchases require a payment method at sign-up, and automatically renew at the end of the subscription term. ++Some trials require a payment method at sign-up, and automatically convert to a paid version when the trial ends. ++Other trials don't require a payment method at sign-up, and don't automatically renew. Trials without a payment method are only available to select customers with an existing subscription agreement. ++## How we use a user's directory data ++When you enable the **AllowSelfServicePurchase** policy, you permit Microsoft's Commerce service to process a user's directory data, which is outside the boundaries of the Microsoft 365 tenant. Specifically, Microsoft Commerce collects an Azure Active Directory v1.0 access token, which contains the user's first and last name, email address, IP address, and tenant and user GUID. For a full list of attributes included in the access token, see [Microsoft identity platform access tokens](/azure/active-directory/develop/access-tokens). ++We use the directory data to provide the user with a license and to send email about the subscription to the user. The directory data processed by Microsoft Commerce is governed by the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement). To learn more about the terms that apply to self-service trials, see [Organizational trial ΓÇô Terms of service](/legal/microsoft-365/in-app-trials-terms-of-service). Like other Microsoft products used by your organization, use of a self-service purchase or trial product is governed by the [Microsoft Product Terms](https://www.microsoft.com/licensing/terms). Before a user makes a purchase or starts a trial, we advise the user of the personal data that we process and the terms that apply. ## View self-service subscriptions ::: moniker range="o365-worldwide" -1. In the admin center, go to the **Billing** > <a href="https://go.microsoft.com/fwlink/p/?linkid=842054" target="_blank">Your products</a> page. +1. In the Microsoft 365 admin center, go to the **Billing** > <a href="https://go.microsoft.com/fwlink/p/?linkid=842054" target="_blank">Your products</a> page. ::: moniker-end You can also control whether users in your organization can make self-service pu 2. On the **Products** tab, select the filter icon, then select **Self-service**. 3. To view more details about a subscription, choose one from the list. -## View who has licenses for a self-service purchase subscription +## View who has licenses for a purchase or trial subscription > [!NOTE]-> As an admin, you can't assign or unassign licenses for a self-service purchase subscription bought by a user in your organization. You can [take over a self-service purchase subscription](#take-over-a-self-service-purchase-subscription), and then assign or unassign licenses. +> As an admin, you can't assign or unassign licenses for a purchase or trial subscription bought by a user in your organization. You can [take over a purchase or trial subscription](#take-over-a-purchase-or-trial-subscription), and then assign or unassign licenses. ::: moniker range="o365-worldwide" You can also control whether users in your organization can make self-service pu 2. Select the filter icon, then choose **Self-service**. 3. Select a product to see licenses assigned to people. > [!NOTE]- > If there are multiple purchases for a product, that product is only listed once, and the **Available quantity** column shows the total of all subscriptions bought for that product. -4. The **Users** list is grouped by the names of people who made self-service purchases. + > If there are multiple purchases or trials for a product, that product is only listed once, and the **Available quantity** column shows the total of all subscriptions acquired for that product. +4. The **Users** list is grouped by the names of people who made purchases or started trials. 5. To export a list of users with licenses for these subscriptions, choose the subscriptions that you want to export, then choose **Export users**. -## Disable or enable self-service purchases +## Enable or disable purchases and trials -You can disable or enable self-service purchases for users in your organization. The **MSCommerce** PowerShell module includes a **PolicyID** parameter value for **AllowSelfServicePurchase** that lets you control whether users in your organization can make self-service purchases, and for which products. +You can enable or disable purchases and trials for users in your organization. The **MSCommerce** PowerShell module includes a **PolicyID** parameter value for **AllowSelfServicePurchase** that lets you control whether users in your organization can make purchases or start trials, and for which products. You can use the **MSCommerce** PowerShell module to: - View the default state of the **AllowSelfServicePurchase** parameter valueΓÇöwhether it's enabled or disabled by product-- View a list of applicable products and whether self-service purchase is enabled or disabled+- View a list of applicable products and whether purchases or trials are enabled or disabled for those products - View or modify the current setting for a specific product to either enable or disable it > [!IMPORTANT]-> When you use the **AllowSelfServicePurchase** policy, it enables or disables both self-service purchases and self-service trials. For a list of the products available for self-service purchase, see [View a list of self-service purchase products and their status](allowselfservicepurchase-powershell.md#view-a-list-of-self-service-purchase-products-and-their-status). Only Project and Visio are available for trial subscriptions. +> When you use the **AllowSelfServicePurchase** policy, it controls both purchases and trials. For a list of the products available, see [View a list of self-service purchase products and their status](allowselfservicepurchase-powershell.md#view-a-list-of-self-service-purchase-products-and-their-status). For more information, see [Use AllowSelfServicePurchase for the MSCommerce PowerShell module](allowselfservicepurchase-powershell.md). +## Use PowerShell and Azure AD to enable or disable all self-service sign-ups ++You can use PowerShell commands to change the settings that control self-service sign-ups. To turn off all self-service sign-ups, use the **MSOnline** PowerShell module to change the **MsolCompanySettings** setting for **AllowAdHocSubscriptions** in Azure Active Directory. For the steps to turn off self-service sign-ups, see [Set MsolCompanySettings](/powershell/module/msonline/set-msolcompanysettings). + ## Centralize licenses under a single subscription -You can assign existing licenses or purchase additional subscriptions through existing agreements for users assigned to self-service purchases. After you assign these centrally purchased licenses, you can request that purchasers cancel their existing subscriptions. +You can assign existing licenses or buy extra subscriptions through existing agreements for users assigned to purchases or trials. After you assign these centrally purchased licenses, you can request that users cancel their existing subscriptions. Alternatively, you can take over the subscription and cancel it yourself in the admin center. For steps to do that, see [Take over a purchase or trial subscription](#take-over-a-purchase-or-trial-subscription). ::: moniker range="o365-worldwide" -1. In the admin center go to the **Billing** > <a href="https://go.microsoft.com/fwlink/p/?linkid=868433" target="_blank">Purchase services</a> page. +1. In the admin center, go to the **Billing** > <a href="https://go.microsoft.com/fwlink/p/?linkid=868433" target="_blank">Purchase services</a> page. ::: moniker-end You can assign existing licenses or purchase additional subscriptions through ex 2. Find and choose the product that you want to buy, then choose **Buy**. 3. Complete the remaining steps to complete your purchase.-4. Follow the steps in [View who has licenses for a self-service purchased subscription](#view-who-has-licenses-for-a-self-service-purchase-subscription) to export a list of users to reference in the next step. +4. Follow the steps in [View who has licenses for a purchase or trial subscription](#view-who-has-licenses-for-a-purchase-or-trial-subscription) to export a list of users to reference in the next step. 5. Assign licenses to everyone who has a license in the other subscription. For full steps, see [Assign licenses to users](../../admin/manage/assign-licenses-to-users.md).-6. Contact the person who bought the self-service purchase subscription and ask them to [cancel it](manage-self-service-purchases-users.md#cancel-a-subscription). +6. Contact the person who bought the original subscription and ask them to [cancel it](manage-self-service-purchases-users.md#cancel-a-subscription). -## Take over a self-service purchase subscription +## Take over a purchase or trial subscription -You can take over a self-service purchase subscription made by a user in your organization. When you take over a self-service purchase subscription, you have two options: +You can take over a purchase or trial subscription made by a user in your organization. When you take over a purchase or trial subscription, you have two options: 1. Move the users to a different subscription and cancel the original subscription.-2. Cancel the self-service purchase subscription and remove licenses from assigned users. +2. Cancel the subscription and remove licenses from assigned users. ### Move users to a different subscription -When you move users to a different subscription, the old subscription is automatically canceled. The user who originally bought the self-service purchase subscription receives an email that says the subscription was canceled. +When you move users to a different subscription, the old subscription is automatically canceled. The user who originally bought the purchase or trial subscription receives an email that says the subscription was canceled. > [!NOTE] > You must have an available license for each user you're moving in the subscription that you're moving users to. When you move users to a different subscription, the old subscription is automat 6. Select the product that you want to move the users to, then select **Move users**. 7. In the **Move users to** box, select **Move users**. The move process might take several minutes. Don't close your browser while the process runs. 8. When the move process is finished, close the **Move completed pane**.-9. On the subscription details page, the **Subscription status** for the self-service purchased subscription shows as **Deleted**. +9. On the subscription details page, the **Subscription status** for the purchase or trial subscription shows as **Deleted**. -### Cancel a self-service purchase subscription +### Cancel a purchase or trial subscription -When you choose to cancel a self-service purchase subscription, users with licenses lose access to the product. The user who originally bought the self-service purchase subscription receives an email that says the subscription was canceled. +When you choose to cancel a purchase or trial subscription, users with licenses lose access to the product. The user who originally signed up for the purchase or trial subscription receives an email that says the subscription was canceled. ::: moniker range="o365-worldwide" When you choose to cancel a self-service purchase subscription, users with licen 8. Close the right pane. 9. On the subscription details page, the **Subscription status** shows as **Deleted**. -## Need help? Contact us. +## Need help? Contact us -For common questions about self-service purchases, see [Self-service purchases FAQ](self-service-purchase-faq.yml). +For common questions about purchases and trials, see [Self-service purchases FAQ](self-service-purchase-faq.yml). -If you have questions or need help with self-service purchases, [contact support](../../admin/get-help-support.md). +If you have questions or need help with purchases and trials, [contact support](../../admin/get-help-support.md). |
compliance | Apply Retention Labels Automatically | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/apply-retention-labels-automatically.md | Typical workflow for an auto-labeling policy: 1. Create and configure an auto-labeling retention policy. -2. Run the policy in simulation mode, which typically completes within a day. The completed simulation triggers an email notification that's sent to the user configured to receive activity alerts. +2. Run the policy in simulation mode, and wait for it to complete. 3. Review the results, and if necessary, refine your policy and rerun simulation. Wait for it to complete again. Other considerations for simulation mode for auto-apply retention policies: On the **Label policies** page, the **Status** column displays **In simulation** for auto-labeling policies that are running in simulation, or configured for simulation and complete. -Simulation typically completes in a day. The completed simulation triggers an email notification that's sent to the user configured to receive [activity alerts](alert-policies.md). +Simulation typically completes within one or two days, depending on the amount of data to analyze. The completed simulation triggers an email notification that's sent to the user configured to receive [activity alerts](alert-policies.md). To view the simulation results, select the policy from the **Label policies** page, and from the flyout pane, select **View simulation**. You can then view any samples, review the number of matching items and the locations, edit the policy, turn on the policy, or restart the simulation. |
compliance | Intro To Info Mgmt Policies | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/intro-to-info-mgmt-policies.md | When you add a site collection policy to a site content type, and an instance of  + **Create an information management policy for a site content type in the top-level site's Site Content Type Gallery, and then add that content type to one or more lists or libraries** You can also create an information management policy directly for a site content type and then associate an instance of that site content type with multiple lists or libraries. If you create an information management policy this way, every item in the site collection of that content type or a content type that inherits from that content type has the policy. However, if you create an information management policy directly for a site content type, it is more difficult to reuse this information management policy in other site collections because policies that are created this way cannot be exported. +++> [!NOTE] +> If the content type of an item changes, it might impact the enforcement of policy actions on that item. For more information about content types, see [Introduction to content types](https://support.microsoft.com/office/introduction-to-content-types-and-content-type-publishing-e1277a2e-a1e8-4473-9126-91a0647766e5d). +  When you add a site collection policy to a site content type, and an instance of > To control which policies are used in a site collection, site collection administrators can disable the ability to set policy features directly on a content type. When this restriction is in effect, users who create content types are limited to selecting policies from the site collection Policies list. - **Create an information management policy for a list or library** If your organization needs to apply a specific information management policy to a very limited set of content, you can create an information management policy that applies only to an individual list or library. This method of creating an information management policy is the least flexible, because the policy applies only to one location, and it cannot be exported or reused for other locations. However, sometimes you may need to create unique information management policies with limited applicability to address specific situations. +**Create an information management policy for a list or library** If your organization needs to apply a specific information management policy to a very limited set of content, you can create an information management policy that applies only to an individual list or library. This method of creating an information management policy is the least flexible, because the policy applies only to one location, and it cannot be exported or reused for other locations. However, sometimes you may need to create unique information management policies with limited applicability to address specific situations.  -> [!NOTE] -> You can create an information management policy for a list or library only if that list or library does not support multiple content types. If a list or library supports multiple content types, you need to define an information management policy for each individual list content type that is associated with that list or library. (Instances of a site content type that are associated with a specific list or library are known as list content types.) - To control which policies are used in a site collection, site collection administrators can disable the ability to set policy features directly on a list or library. When this restriction is in effect, users who manage lists or libraries are limited to selecting policies from the site collection Policies list. - -An information management policy is a set of rules for a type of content. Information management policies enable organizations to control and track things like how long content is retained or what actions users can take with that content. Information management policies can help organizations comply with legal or governmental regulations, or they can simply enforce internal business processes. For example, an organization that must follow government regulations requiring that they demonstrate "adequate controls" of their financial statements might create one or more information management policies that audit specific actions in the authoring and approval process for all documents related to financial filings. For how-to information, see [Create and apply information management policies.](intro-to-info-mgmt-policies.md#__top) - +You can create an information management policy for a list or library only if that list or library does not support multiple content types. If a list or library supports multiple content types, you need to define an information management policy for each individual list content type that is associated with that list or library. (Instances of a site content type that are associated with a specific list or library are known as list content types.) ++To control which policies are used in a site collection, site collection administrators can disable the ability to set policy features directly on a list or library. When this restriction is in effect, users who manage lists or libraries are limited to selecting policies from the site collection Policies list. |
compliance | Sensitivity Labels Office Apps | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-office-apps.md | For more help in specifying PowerShell advanced settings, see [PowerShell tips f For information about the auditing events that are generated by sensitivity label activities, see the [Sensitivity label activities](audit-log-activities.md#sensitivity-label-activities) section from [Search the audit log in the Microsoft Purview compliance portal](audit-log-search.md). -This auditing information is visually represented in [content explorer](data-classification-content-explorer.md) and [activity explorer](data-classification-activity-explorer.md) to help you understand how your sensitivity labels are being used and where this labeled content is located. +This auditing information is visually represented in [content explorer](data-classification-content-explorer.md) and [activity explorer](data-classification-activity-explorer.md) to help you understand how your sensitivity labels are being used and where this labeled content is located. You can also create custom reports with your choice of security information and event management (SIEM) software when you [export and configure the audit log records](audit-log-export-records.md). For larger-scale reporting solutions, see the [Office 365 Management Activity API reference](/office/office-365-management-api/office-365-management-activity-api-reference). |
compliance | Sensitivity Labels Versions | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-versions.md | The numbers listed are the minimum Office application versions required for each |[Assign permissions now](encryption-sensitivity-labels.md#assign-permissions-now) | Current Channel: 1910+ <br /><br> Monthly Enterprise Channel: 1910+ <br /><br> Semi-Annual Enterprise Channel: 2002+ | 16.21+ | 2.21+ | 16.0.11231+ | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) | |[Let users assign permissions: <br /> - Prompt users for custom permissions (users and groups)](encryption-sensitivity-labels.md#let-users-assign-permissions) |Current Channel: 2004+ <br /><br> Monthly Enterprise Channel: 2004+ <br /><br> Semi-Annual Enterprise Channel: 2008+ | 16.35+ | Under review | Under review | Under review | |[Let users assign permissions: <br /> - Prompt users for custom permissions (users, groups, and organizations)](encryption-sensitivity-labels.md#support-for-organization-wide-custom-permissions) |Preview: [Current Channel (Preview)](https://office.com/insider) | Under review | Under review | Under review | Under review |-|[Audit label-related user activity](sensitivity-labels-office-apps.md#auditing-labeling-activities) | Current Channel: 2011+ <br /><br> Monthly Enterprise Channel: 2011+ <br /><br> Semi-Annual Enterprise Channel: 2108+ | 16.43+ | 2.46+ | 16.0.13628+ | Yes | +|[Audit label-related user activity](sensitivity-labels-office-apps.md#auditing-labeling-activities): <br /> - Excludes encryption details | Current Channel: 2011+ <br /><br> Monthly Enterprise Channel: 2011+ <br /><br> Semi-Annual Enterprise Channel: 2108+ | 16.43+ | 2.46+ | 16.0.13628+ | Yes | +|[Audit label-related user activity](sensitivity-labels-office-apps.md#auditing-labeling-activities): <br /> - Includes encryption details | Preview: [Beta Channel](https://office.com/insider)| Preview: [Beta Channel](https://office.com/insider) | Preview: [Beta Channel](https://insider.office.com/join/ios) |Preview: [Beta Channel](https://insider.office.com/join/android) | Under review | |[Require users to apply a label to their email and documents](sensitivity-labels-office-apps.md#require-users-to-apply-a-label-to-their-email-and-documents) | Current Channel: 2101+ <br /><br> Monthly Enterprise Channel: 2101+ <br /><br> Semi-Annual Enterprise Channel: 2108+ | 16.45+ | 2.47+ | 16.0.13628+ | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) |[Apply a sensitivity label to files automatically](apply-sensitivity-label-automatically.md) <br /> - Using sensitive info types | Current Channel: 2009+ <br /><br> Monthly Enterprise Channel: 2009+ <br /><br> Semi-Annual Enterprise Channel: 2102+ | 16.44+ | Under review | Under review | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) | |[Apply a sensitivity label to files automatically](apply-sensitivity-label-automatically.md) <br /> - Using trainable classifiers | Current Channel: 2105+ <br /><br> Monthly Enterprise Channel: 2105+ <br /><br> Semi-Annual Enterprise Channel: 2108+ | 16.49+ | Under review | Under review | Under review | The numbers listed are the minimum Office application versions required for each |[Let users assign permissions: <br /> - Do Not Forward](encryption-sensitivity-labels.md#let-users-assign-permissions) | Current Channel: 1910+ <br /><br> Monthly Enterprise Channel: 1910+ <br /><br> Semi-Annual Enterprise Channel: 2002+ | 16.21+ | 4.7.1+ | 4.0.39+ | Yes | |[Let users assign permissions: <br /> - Encrypt-Only](encryption-sensitivity-labels.md#let-users-assign-permissions) | Current Channel: 2011+ <br /><br> Monthly Enterprise Channel: 2011+ <br /><br> Semi-Annual Enterprise Channel: 2108+ | 16.48+ <sup>\*</sup> | 4.2112.0+ | 4.2112.0+ | Yes | |[Require users to apply a label to their email and documents](sensitivity-labels-office-apps.md#require-users-to-apply-a-label-to-their-email-and-documents) | Current Channel: 2101+ <br /><br> Monthly Enterprise Channel: 2101+ <br /><br> Semi-Annual Enterprise Channel: 2108+ | 16.43+ <sup>\*</sup> | 4.2111+ | 4.2111+ | Yes |-|[Audit label-related user activity](sensitivity-labels-office-apps.md#auditing-labeling-activities) | Current Channel: 2011+ <br /><br> Monthly Enterprise Channel: 2011+ <br /><br> Semi-Annual Enterprise Channel: 2108+ | 16.51+ <sup>\*</sup> | 4.2126+ | 4.2126+ | Yes | +|[Audit label-related user activity](sensitivity-labels-office-apps.md#auditing-labeling-activities): <br /> - Excludes encryption details | Current Channel: 2011+ <br /><br> Monthly Enterprise Channel: 2011+ <br /><br> Semi-Annual Enterprise Channel: 2108+ | 16.51+ <sup>\*</sup> | 4.2126+ | 4.2126+ | Yes | +|[Audit label-related user activity](sensitivity-labels-office-apps.md#auditing-labeling-activities): <br /> - Includes encryption details | Preview: [Beta Channel](https://office.com/insider)| Preview: [Beta Channel](https://office.com/insider) | Preview: [Beta Channel](https://insider.office.com/join/ios) |Preview: [Beta Channel](https://insider.office.com/join/android) | Under review | |[Apply a sensitivity label to emails automatically](apply-sensitivity-label-automatically.md) <br /> - Using sensitive info types | Current Channel: 2009+ <br /><br> Monthly Enterprise Channel: 2009+ <br /><br> Semi-Annual Enterprise Channel: 2102+ | 16.44+ <sup>\*</sup> | Under review | Under review | Yes | |[Apply a sensitivity label to emails automatically](apply-sensitivity-label-automatically.md) <br /> - Using trainable classifiers | Current Channel: 2105+ <br /><br> Monthly Enterprise Channel: 2105+ <br /><br> Semi-Annual Enterprise Channel: 2108+ | 16.49+ | Under review | Under review | Yes | |[Different settings for default label and mandatory labeling](sensitivity-labels-office-apps.md#outlook-specific-options-for-default-label-and-mandatory-labeling) | Current Channel: 2105+ <br /><br> Monthly Enterprise Channel: 2105+ <br /><br> Semi-Annual Enterprise Channel: 2108+ | 16.43+ <sup>\*</sup> | 4.2111+ | 4.2111+ | Yes | |
compliance | Whats New | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/whats-new.md | Whether it be adding new solutions to the [Microsoft Purview compliance portal]( - **General availability (GA)**: Protected meetings by [labeling calendar invites and responses, Teams meetings, and chat](sensitivity-labels-meetings.md). Outlook remains in preview for this scenario. - **In preview**: [Support for Azure Active Directory administrative units](get-started-with-sensitivity-labels.md#support-for-administrative-units).+- **In preview**: Now supported for labeling built into Windows, macOS, iOS, and Android, auditing details for sensitivity labels include encryption details such as a change in the encryption status and settings, and the Rights Management owner. ## January 2023 |
security | Microsoft 365 Zero Trust | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/Microsoft-365-zero-trust.md | Use this article together with this poster. | Item | Description | |:--|:--|-|[</li></ul> +|[</li></ul> ## Zero Trust security architecture Go to [**_Zero Trust identity and device access protection_**](office-365-securi |Includes|Prerequisites|Doesn't include| ||||-|Recommended identity and device access policies for three tiers of protection: <ul><li>Starting point</li><li>Enterprise (recommended)</li><li>Specialized</li></ul> <br> Additional recommendations for: <ul><li>External users (guests)</li><li>Microsoft Teams</li><li>SharePoint Online</li><li>Microsoft Defender for Cloud Apps</lu></ul>|Microsoft E3 or E5 <br><br> Azure Active Directory in either of these modes: <ul><li>Cloud-only</li><li>Hybrid with password hash sync (PHS) authentication</li><li>Hybrid with pass-through authentication (PTA)</li><li>Federated</li></ul>|Device enrollment for policies that require managed devices. See [Step 2. Manage endpoints with Intune](#step-2-manage-endpoints-with-intune) to enroll devices| +|Recommended identity and device access policies for three levels of protection: <ul><li>Starting point</li><li>Enterprise (recommended)</li><li>Specialized</li></ul> <br> Additional recommendations for: <ul><li>External users (guests)</li><li>Microsoft Teams</li><li>SharePoint Online</li><li>Microsoft Defender for Cloud Apps</lu></ul>|Microsoft E3 or E5 <br><br> Azure Active Directory in either of these modes: <ul><li>Cloud-only</li><li>Hybrid with password hash sync (PHS) authentication</li><li>Hybrid with pass-through authentication (PTA)</li><li>Federated</li></ul>|Device enrollment for policies that require managed devices. See [Step 2. Manage endpoints with Intune](#step-2-manage-endpoints-with-intune) to enroll devices| Start by implementing the starting-point tier. These policies do not require enrolling devices into management. |
security | Compare Mdb M365 Plans | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/compare-mdb-m365-plans.md | The following table provides more information about what's included in each plan | Plan | Description | |:|:|-| **[Defender for Business](mdb-overview.md)** (standalone) | **Antivirus, antimalware, and ransomware protection for devices**<ul><li>[Next-generation protection](../defender-endpoint/microsoft-defender-antivirus-in-windows-10.md) (antivirus/antimalware protection on devices together with cloud protection)</li><li>[Attack surface reduction](../defender-endpoint/overview-attack-surface-reduction.md) (network protection, firewall, and attack surface reduction rules) <sup>[[a](#fna)]</sup></li><li>[Endpoint detection and response](../defender-endpoint/overview-endpoint-detection-response.md) (behavior-based detection and manual response actions)</li><li>[Automated investigation and response](../defender/m365d-autoir.md) (with self-healing for detected threats)</li><li>[Microsoft Defender Vulnerability Management](mdb-view-tvm-dashboard.md) (view exposed devices and recommendations)</li><li>[Cross-platform support for devices](mdb-onboard-devices.md) (Windows, Mac, iOS, and Android) <sup>[[b](#fnb)]</sup></li><li>[Centralized management and reporting](mdb-get-started.md) (Microsoft 365 Defender portal)</li><li>[APIs for integration](../defender-endpoint/management-apis.md) (for Microsoft partners or your custom tools and apps)</li></ul> | -| **[Microsoft 365 Business Premium](../../business-premium/index.md)** | **Defender for Business plus productivity and additional security capabilities**<ul><li>[Microsoft 365 Business Standard](../../admin/admin-overview/what-is-microsoft-365-for-business.md) (Office apps and services, and Microsoft Teams)</li><li>[Microsoft Intune](/mem/intune/fundamentals/what-is-intune) (device onboarding and management)</li><li>[Shared computer activation](/deployoffice/overview-shared-computer-activation) (for deploying Microsoft 365 Apps)</li><li>[Windows 10/11 Business](../../business-premium/m365bp-upgrade-windows-10-pro.md) (upgrade from previous versions of Windows Pro)</li><li>[Windows Autopilot](/mem/autopilot/windows-autopilot) (for setting up and configuring Windows devices)</li><li>[Exchange Online Protection](../office-365-security/eop-about.md) (antiphishing, antispam, antimalware, and spoof intelligence for email)</li><li>[Microsoft Defender for Office 365 Plan 1](/microsoft-365/security/office-365-security/defender-for-office-365) (advanced antiphishing, real-time detections, Safe Attachments, Safe Links)</li><li>[Auto-expanding archiving](../../compliance/autoexpanding-archiving.md) (for email)</li><li>[Azure Active Directory Premium Plan 1](/azure/active-directory/fundamentals/active-directory-whatis) (identity management)</li><li>[Azure Information Protection Premium Plan 1](/azure/information-protection/what-is-information-protection) (protection for sensitive information)</li><li>[Azure Virtual Desktop](/azure/virtual-desktop/overview) (centrally managed, secure virtual machines in the cloud)</li></ul> | +| **[Defender for Business](mdb-overview.md)** (standalone) | **Antivirus, antimalware, and ransomware protection for devices**<br/>- [Next-generation protection](../defender-endpoint/microsoft-defender-antivirus-in-windows-10.md) (antivirus/antimalware protection on devices together with cloud protection)<br/>- [Attack surface reduction](../defender-endpoint/overview-attack-surface-reduction.md) (network protection, firewall, and attack surface reduction rules) <sup>[[a](#fna)]</sup><br/>- [Endpoint detection and response](../defender-endpoint/overview-endpoint-detection-response.md) (behavior-based detection and manual response actions)<br/>- [Automated investigation and response](../defender/m365d-autoir.md) (with self-healing for detected threats)<br/>- [Microsoft Defender Vulnerability Management](mdb-view-tvm-dashboard.md) (view exposed devices and recommendations)<br/>- [Cross-platform support for devices](mdb-onboard-devices.md) (Windows, Mac, iOS, and Android) <sup>[[b](#fnb)]</sup><br/>- [Centralized management and reporting](mdb-get-started.md) (Microsoft 365 Defender portal)<br/>- [APIs for integration](../defender-endpoint/management-apis.md) (for Microsoft partners or your custom tools and apps) | +| **[Microsoft 365 Business Premium](../../business-premium/index.md)** | **Defender for Business plus productivity and additional security capabilities**<br/>- [Microsoft 365 Business Standard](../../admin/admin-overview/what-is-microsoft-365-for-business.md) (Office apps and services, and Microsoft Teams)<br/>- [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) (device onboarding and management)<br/>- [Shared computer activation](/deployoffice/overview-shared-computer-activation) (for deploying Microsoft 365 Apps)<br/>- [Windows 10/11 Business](../../business-premium/m365bp-upgrade-windows-10-pro.md) (upgrade from previous versions of Windows Pro)<br/>- [Windows Autopilot](/mem/autopilot/windows-autopilot) (for setting up and configuring Windows devices)<br/>- [Exchange Online Protection](../office-365-security/eop-about.md) (antiphishing, antispam, antimalware, and spoof intelligence for email)<br/>- [Microsoft Defender for Office 365 Plan 1](/microsoft-365/security/office-365-security/defender-for-office-365) (advanced antiphishing, real-time detections, Safe Attachments, Safe Links)<br/>- [Auto-expanding archiving](../../compliance/autoexpanding-archiving.md) (for email)<br/>- [Azure Active Directory Premium Plan 1](/azure/active-directory/fundamentals/active-directory-whatis) (identity management)<br/>- [Azure Information Protection Premium Plan 1](/azure/information-protection/what-is-information-protection) (protection for sensitive information)<br/>- [Azure Virtual Desktop](/azure/virtual-desktop/overview) (centrally managed, secure virtual machines in the cloud) | (<a id="fna">a</a>) Microsoft Intune is required to modify or customize attack surface reduction rules. Intune can be added on to the standalone version of Defender for Business. Intune is included in Microsoft 365 Business Premium. Defender for Business brings the enterprise-grade capabilities of Defender for E |Feature/capability|[Defender for Business](mdb-overview.md)<br/>(standalone)|[Defender for Endpoint Plan 1](../defender-endpoint/defender-endpoint-plan-1.md)<br/>(for enterprise customers) |[Defender for Endpoint Plan 2](../defender-endpoint/microsoft-defender-endpoint.md)<br/>(for enterprise customers) | |||||-|[Centralized management](../defender-endpoint/manage-atp-post-migration.md) <sup>[[1](#fn1)]</sup> | :::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: |:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::| -|[Simplified client configuration](mdb-simplified-configuration.md)|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::| | | -|[Microsoft Defender Vulnerability Management](../defender-endpoint/next-gen-threat-and-vuln-mgt.md)|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::| |:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::| -|[Attack surface reduction capabilities](../defender-endpoint/overview-attack-surface-reduction.md) <sup>[[2](#fn2)]</sup>|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::| -|[Next-generation protection](../defender-endpoint/next-generation-protection.md)|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::| -|[Endpoint detection and response](../defender-endpoint/overview-endpoint-detection-response.md) <sup>[[3](#fn3)]</sup>|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | |:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::| -|[Automated investigation and response](../defender-endpoint/automated-investigations.md) <sup>[[4](#fn4)]</sup>|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: ||:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::| -|[Threat hunting](../defender-endpoint/advanced-hunting-overview.md) and six months of data retention <sup>[[5](#fn5)]</sup> | | |:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::| -|[Threat analytics](../defender-endpoint/threat-analytics.md) <sup>[[6](#fn6)]</sup>|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | |:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::| -|[Cross-platform support](../defender-endpoint/minimum-requirements.md) <br/>(Windows, Mac, iOS, and Android OS) <sup>[[7](#fn7)]</sup>|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: |:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::| -|[Microsoft Threat Experts](../defender-endpoint/microsoft-threat-experts.md)| | |:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::| -|Partner APIs|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included":::| -|[Microsoft 365 Lighthouse integration](../../lighthouse/m365-lighthouse-overview.md) <br/>(For viewing security incidents across customer tenants) |:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: |:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: |:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included"::: | +|[Centralized management](../defender-endpoint/manage-atp-post-migration.md) <sup>[[1](#fn1)]</sup> | :::image type="icon" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included" border="false"::: |:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included" border="false":::|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included" border="false":::| +|[Simplified client configuration](mdb-simplified-configuration.md)|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included" border="false":::| | | +|[Microsoft Defender Vulnerability Management](../defender-endpoint/next-gen-threat-and-vuln-mgt.md)|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included" border="false":::| |:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included" border="false":::| +|[Attack surface reduction capabilities](../defender-endpoint/overview-attack-surface-reduction.md) <sup>[[2](#fn2)]</sup>|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included" border="false":::|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included" border="false":::|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included" border="false":::| +|[Next-generation protection](../defender-endpoint/next-generation-protection.md)|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included" border="false":::|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included" border="false":::|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included" border="false":::| +|[Endpoint detection and response](../defender-endpoint/overview-endpoint-detection-response.md) <sup>[[3](#fn3)]</sup>|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included" border="false"::: | |:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included" border="false":::| +|[Automated investigation and response](../defender-endpoint/automated-investigations.md) <sup>[[4](#fn4)]</sup>|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included" border="false"::: ||:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included" border="false":::| +|[Threat hunting](../defender-endpoint/advanced-hunting-overview.md) and six months of data retention <sup>[[5](#fn5)]</sup> | | |:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included" border="false":::| +|[Threat analytics](../defender-endpoint/threat-analytics.md) <sup>[[6](#fn6)]</sup>|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included" border="false"::: | |:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included" border="false":::| +|[Cross-platform support](../defender-endpoint/minimum-requirements.md) <br/>(Windows, Mac, iOS, and Android OS) <sup>[[7](#fn7)]</sup>|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included" border="false"::: |:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included" border="false":::|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included" border="false":::| +|[Microsoft Threat Experts](../defender-endpoint/microsoft-threat-experts.md)| | |:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included" border="false":::| +|Partner APIs|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included" border="false":::|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included" border="false":::|:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included" border="false":::| +|[Microsoft 365 Lighthouse integration](../../lighthouse/m365-lighthouse-overview.md) <br/>(For viewing security incidents across customer tenants) |:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included" border="false"::: |:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included" border="false"::: |:::image type="content" source="../../media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included" border="false"::: | (<a id="fn1">1</a>) Onboard and manage devices in the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) or by using Microsoft Intune ([https://intune.microsoft.com](https://intune.microsoft.com)). |
security | Get Defender Business Servers | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/get-defender-business-servers.md | Use one of the following procedures to get Microsoft Defender for Business serve | Scenario | Procedure | |||-| You currently have [Defender for Business](mdb-overview.md) or [Microsoft 365 Business Premium](../../business-premium/index.md), and you want to add on Microsoft Defender for Business servers. | <ol><li>In the Microsoft 365 admin center ([https://admin.microsoft.com/](https://admin.microsoft.com/)), in the navigation pane, choose **Billing** > **Purchase services**.</li><li>In the list of results, select the **Details** box for **Microsoft Defender for Business servers**.</li><li>Review the information, and complete the purchase process. You'll need one Microsoft Defender for Business servers license for each instance of Windows Server or Linux. Note that you won't assign the Microsoft Defender for Business servers license to users or devices. </li><li>Proceed to onboard your server. To get help with this, see [Onboard devices to Microsoft Defender for Business](mdb-onboard-devices.md). </li></ol> | -| You do not have either Defender for Business or Microsoft 365 Business Premium yet. | <ol><li>Go to one of the following product pages: <ul><li>[Microsoft Defender for Business](https://aka.ms/DefenderforBusiness)</li><li>[Microsoft 365 for business](https://www.microsoft.com/en-us/microsoft-365/business-h)</li></ul></li><li>Review the information, and start your subscription today.</li><li>Depending on what you selected in the previous steps, use one of the following resources to set up your subscription:<ul><li>[Set up and configure Microsoft Defender for Business](mdb-setup-configuration.md)</li><li>[Set up and configure Microsoft 365 Business Premium](../../business-premium/index.md)</li></ul></li><li>Follow the steps in the preceding scenario ("You currently have Defender for Business or Microsoft 365 Business Premium and you want to add on Microsoft Defender for Business servers").</li></ol> | +| You currently have [Defender for Business](mdb-overview.md) or [Microsoft 365 Business Premium](../../business-premium/index.md), and you want to add on Microsoft Defender for Business servers. | 1. In the Microsoft 365 admin center ([https://admin.microsoft.com/](https://admin.microsoft.com/)), in the navigation pane, choose **Billing** > **Purchase services**.<br/>2. In the list of results, select the **Details** box for **Microsoft Defender for Business servers**.<br/>3. Review the information, and complete the purchase process. You'll need one Microsoft Defender for Business servers license for each instance of Windows Server or Linux. Note that you won't assign the Microsoft Defender for Business servers license to users or devices. <br/>4. Proceed to onboard your server. To get help with this, see [Onboard devices to Microsoft Defender for Business](mdb-onboard-devices.md). | +| You do not have either Defender for Business or Microsoft 365 Business Premium yet. | 1. Go to one of the following product pages: <br/> - [Microsoft Defender for Business](https://aka.ms/DefenderforBusiness)<br/> - [Microsoft 365 for business](https://www.microsoft.com/en-us/microsoft-365/business-h)<br/>2. Review the information, and start your subscription today.<br/>3. Depending on what you selected in the previous steps, use one of the following resources to set up your subscription:<br/> - [Set up and configure Microsoft Defender for Business](mdb-setup-configuration.md)<br/> - [Set up and configure Microsoft 365 Business Premium](../../business-premium/index.md)<br/>4. Follow the steps in the preceding scenario ("You currently have Defender for Business or Microsoft 365 Business Premium and you want to add on Microsoft Defender for Business servers"). | | You previously onboarded devices, such as servers, and now you want to remove (offboard) some of those devices. | See [Offboard a device from Microsoft Defender for Business](mdb-offboard-devices.md). | ## Next steps |
security | Get Defender Business | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/get-defender-business.md | To get Defender for Business, you can choose from several options: - Get Microsoft 365 Business Premium, which includes Defender for Business. - Work with a Microsoft partner who can help you get everything set up and configured. +Use the following tabs to learn more about each option. + # [Get Defender for Business (standalone)](#tab/getmdb) Defender for Business provides advanced security protection for your company's devices. For more information, see [What is Microsoft Defender for Business](mdb-overview.md)? Defender for Business provides advanced security protection for your company's d It might take a few hours for your tenant to finish provisioning before you can onboard devices or complete the setup and configuration process. - If you have Microsoft 365 Business Premium and you haven't set it up yet, see [Microsoft 365 Business Premium ΓÇô productivity and cybersecurity for small business](../../business-premium/index.md). This guidance walks you through how to set up and configure everything, including Defender for Business. +> [!NOTE] +> If you have Microsoft 365 Business Premium and you haven't set it up yet, see [Microsoft 365 Business Premium ΓÇô productivity and cybersecurity for small business](../../business-premium/index.md). This guidance walks you through how to set up and configure all of your productivity and security capabilities, including Defender for Business. # [Get Microsoft 365 Business Premium](#tab/getpremium) Microsoft 365 Business Premium includes Defender for Business, Microsoft Defende 3. After you've signed up for Microsoft 365 Business Premium, you'll receive an email with a link to sign in and get started. Proceed to [Set up Microsoft 365 Business Premium](../../business-premium/m365bp-setup.md). -4. Go to the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), where you'll view and manage security settings and devices for your organization. +4. Go to the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), where you'll view and manage security settings and devices for your organization. In the navigation bar, go to **Assets** > **Devices**. This action initiates the provisioning of Defender for Business for your tenant. ++5. Follow the guidance in [Boost your security protection](../../business-premium/m365bp-security-overview.md) to set up your security capabilities. -5. In the navigation bar, go to **Assets** > **Devices**. This action initiates the provisioning of Defender for Business for your tenant. +> [!IMPORTANT] +> Make sure to complete all the steps described in [Microsoft 365 Business Premium ΓÇô productivity and cybersecurity for small business](../../business-premium/index.md). # [Work with a Microsoft partner](#tab/findpartner) Microsoft has a list of solution providers who are authorized to sell offerings, ## Portals you'll use for setup and management -When you use Defender for Business, you'll work with two main portals: the Microsoft 365 admin center, and the Microsoft 365 Defender portal. If your subscription also includes Microsoft Intune, you might use the Intune admin center instead. The following table summarizes these portals and how you'll use them. +When you use Defender for Business, you'll work with two main portals: the Microsoft 365 admin center, and the Microsoft 365 Defender portal. If your subscription also includes Microsoft Intune, you will use the Intune admin center as well. The following table summarizes these portals and how you'll use them. |Portal |Description | |||-| The Microsoft 365 admin center ([https://admin.microsoft.com/](https://admin.microsoft.com/)) | Use the Microsoft 365 admin center to activate your trial and sign in for the first time.<p> You'll also use the Microsoft 365 admin center to: <ul><li>Add or remove users.</li><li>Assign user licenses.</li><li>View your products and services.</li><li>Complete setup tasks for your Microsoft 365 subscription.</li></ul>To learn more, see [Overview of the Microsoft 365 admin center](../../admin/admin-overview/admin-center-overview.md). | -| The Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) | Use the Microsoft 365 Defender portal to set up and configure Defender for Business.<p>You'll use the Microsoft 365 Defender portal to: <ul><li>View your devices and device protection policies.</li><li>View detected threats and take action.</li><li>View security recommendations and manage your security settings.</li></ul>To learn more, see [Get started using the Microsoft 365 Defender portal](mdb-get-started.md). | -| The Intune admin center ([https://intune.microsoft.com/](https://intune.microsoft.com/)) | We recommend using the Microsoft 365 Defender portal to manage your security settings and devices. However, you can use the Intune admin center instead if you prefer. To learn more about Intune, see [Microsoft Intune is an MDM and MAM provider for your devices](/mem/intune/fundamentals/what-is-intune). | +| The Microsoft 365 admin center ([https://admin.microsoft.com/](https://admin.microsoft.com/)) | Use the Microsoft 365 admin center to activate your trial and sign in for the first time. You'll also use the Microsoft 365 admin center to: <br/>- Add or remove users.<br/>- Assign user licenses.<br/>- View your products and services.<br/>- Complete setup tasks for your Microsoft 365 subscription.<br/><br/>To learn more, see [Overview of the Microsoft 365 admin center](../../admin/admin-overview/admin-center-overview.md). | +| The Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) | Use the Microsoft 365 Defender portal to set up and configure Defender for Business, and to monitor your devices and threat detections. You'll use the Microsoft 365 Defender portal to: <br/>- View your devices and device protection policies.<br/>- View detected threats and take action.<br/>- View security recommendations and manage your security settings.<br/><br/>To learn more, see [Get started using the Microsoft 365 Defender portal](mdb-get-started.md). | +| The Intune admin center ([https://intune.microsoft.com/](https://intune.microsoft.com/)) | Use the Intune admin center to set up multifactor authentication (MFA), onboard iOS and Android devices, and configure certain capabilities, such as [attack surface reduction rules](mdb-asr.md).<br/><br/>To learn more about Intune, see [Microsoft Intune is an MDM and MAM provider for your devices](/mem/intune/fundamentals/what-is-intune). | ## Next steps |
security | Mdb Add Users | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-add-users.md | f1.keywords: NOCSH # Add users and assign licenses in Microsoft Defender for Business -As soon as you have signed up for Defender for Business, your first step is to add users and assign licenses. This article describes how to add users and includes next steps. +As soon as you have signed up for Defender for Business, your first step is to add users and assign licenses. This article describes how to add users and assign licenses, and how to make sure multifactor authentication (MFA) is enabled. ## Add users and assign licenses As soon as you have signed up for Defender for Business, your first step is to a 6. On the **Review and finish** page, review the details, and then select **Finish adding** to add the user. If you need to make any changes, choose **Back** to go back to a previous page. +## Make sure MFA is enabled ++One good way to make sure MFA is enabled for all users is by using [security defaults](/azure/active-directory/fundamentals/concept-fundamentals-security-defaults). If your tenant was created on or after October 22, 2019, security defaults might be enabled automatically in your tenant. Use the following procedure to confirm or enable security defaults. ++> [!IMPORTANT] +> You must be a security administrator, Conditional Access administrator, or Global Administrator to perform this task. ++1. Go to the Azure portal ([https://portal.azure.com/](https://portal.azure.com/)) and sign in. ++2. Under **Manage Azure Active Directory**, select **View**. ++ :::image type="content" source="medib-manage-azuread.png"::: ++3. In the navigation pane, select **Properties**, and then select **Manage security defaults**. ++ :::image type="content" source="medib-azuread-properties.png"::: ++4. On the right side of the screen, in the **Security defaults** pane, see whether security defaults are turned on (**Enabled**) or off (**Disabled**). To turn security defaults on, use the drop-down menu to select **Enabled**. ++ > [!CAUTION] + > If your organization is using Conditional Access policies, you won't be able to enable security defaults. You'll see a message that indicates you're using classic policies instead. You can use *either* security defaults *or* Conditional Access, but not both. For most organizations, security defaults offer a good level of sign-in security. But if your organization must meet more stringent requirements, you can use Conditional Access policies instead. To learn more, see the following articles: + > - [Multi-factor authentication](../../business-premium/m365bp-conditional-access.md) (in the Microsoft 365 Business Premium documentation) + > - [Security defaults in Azure AD](/azure/active-directory/fundamentals/concept-fundamentals-security-defaults) ++5. Save your changes. + ## Next steps - Proceed to [Step 3: Assign security roles and permissions in Microsoft Defender for Business](mdb-roles-permissions.md). |
security | Mdb Configure Security Settings | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-configure-security-settings.md | The following table can help you choose where to manage your security policies a | Option | Description | |:|:|-| **Use the Microsoft 365 Defender portal** (*recommended*) | The Microsoft 365 Defender portal ([https://security.microsoft.com/](https://security.microsoft.com/)) is a one-stop shop for managing your company's devices, security policies, and security settings. You can access your security policies and settings, use the [Microsoft Defender Vulnerability Management dashboard](mdb-view-tvm-dashboard.md), and [view and manage incidents](mdb-view-manage-incidents.md) all in one place. <p>If you're using Intune, devices that you onboard to Defender for Business and your security policies are visible in the Intune admin center. To learn more, see the following articles:<ul><li>[How default settings in Defender for Business correspond to settings in Microsoft Intune](mdb-next-gen-configuration-settings.md#how-default-settings-in-defender-for-business-correspond-to-settings-in-microsoft-intune)</li><li>[Firewall in Defender for Business](mdb-firewall.md)</li></ul> | -| **Use Intune** | If your company is already using Intune to manage security policies, you can continue using it to manage your devices and security policies. To learn more, see [Manage device security with endpoint security policies in Microsoft Intune](/mem/intune/protect/endpoint-security-policy). <p>If you decide to switch to the [simplified configuration process in Defender for Business](mdb-simplified-configuration.md), you'll be prompted to delete any existing security policies in Intune to avoid [policy conflicts](mdb-troubleshooting.yml) later. | +| **Use the Microsoft 365 Defender portal** (*recommended*) | The Microsoft 365 Defender portal ([https://security.microsoft.com/](https://security.microsoft.com/)) is a one-stop shop for managing your company's devices, security policies, and security settings. You can access your security policies and settings, use the [Microsoft Defender Vulnerability Management dashboard](mdb-view-tvm-dashboard.md), and [view and manage incidents](mdb-view-manage-incidents.md) all in one place. <br/><br/>If you're using Intune, devices that you onboard to Defender for Business and your security policies are visible in the Intune admin center. To learn more, see the following articles:<br/>- [How default settings in Defender for Business correspond to settings in Microsoft Intune](mdb-next-gen-configuration-settings.md#how-default-settings-in-defender-for-business-correspond-to-settings-in-microsoft-intune)<br/>- [Firewall in Defender for Business](mdb-firewall.md) | +| **Use Intune** | If your company is already using Intune to manage security policies, you can continue using it to manage your devices and security policies. To learn more, see [Manage device security with endpoint security policies in Microsoft Intune](/mem/intune/protect/endpoint-security-policy). <br/><br/>If you decide to switch to the [simplified configuration process in Defender for Business](mdb-simplified-configuration.md), you'll be prompted to delete any existing security policies in Intune to avoid [policy conflicts](mdb-troubleshooting.yml) later. | > [!IMPORTANT] > If you're managing security policies in the Microsoft 365 Defender portal, you can *view* those policies in the Intune admin center ([https://intune.microsoft.com](https://intune.microsoft.com)), where they're listed as **Antivirus** or **Firewall** policies. When you view your firewall policies in the admin center, you'll see two policies listed: one policy for firewall protection and another for custom rules. Depending on whether you're using the Microsoft 365 Defender portal or Intune to | Portal | Procedure | |:|:|-| Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) |<ol><li>Go to the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), and sign in.</li><li>In the navigation pane, choose **Device configuration**. Policies are organized by operating system and policy type.</li><li>Select an operating system tab (such as **Windows clients**).</li><li>Expand **Next-generation protection** to view your list of policies.</li><li>Select a policy to view more details about the policy.</li><li>To make changes or to learn more about policy settings, see the following articles: <ul><li>[View or edit device policies](mdb-view-edit-policies.md)</li><li>[Understand next-generation configuration settings](mdb-next-gen-configuration-settings.md)</li></ul></li><ol> | -| Microsoft Intune admin center ([https://intune.microsoft.com](https://intune.microsoft.com)) |For help with managing your security settings in Intune, start with [Manage endpoint security in Microsoft Intune](/mem/intune/protect/endpoint-security). <ol><li>Go to [https://intune.microsoft.com](https://intune.microsoft.com) and sign in. You're now in the Intune admin center.</li><li>Select **Endpoint security**.</li><li>Select **Antivirus** to view your policies in that category.</li></ol>| +| Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) |1. Go to the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), and sign in.<br/>2. In the navigation pane, choose **Device configuration**. Policies are organized by operating system and policy type.<br/>3. Select an operating system tab (such as **Windows clients**).<br/>4. Expand **Next-generation protection** to view your list of policies.<br/>5. Select a policy to view more details about the policy.<br/><br/> To make changes or to learn more about policy settings, see the following articles: <br/>- [View or edit device policies](mdb-view-edit-policies.md)<br/>- [Understand next-generation configuration settings](mdb-next-gen-configuration-settings.md) | +| Microsoft Intune admin center ([https://intune.microsoft.com](https://intune.microsoft.com)) |1. Go to [https://intune.microsoft.com](https://intune.microsoft.com) and sign in. You're now in the Intune admin center.<br/>2. Select **Endpoint security**.<br/>3. Select **Antivirus** to view your policies in that category. <br/><br/>For help with managing your security settings in Intune, start with [Manage endpoint security in Microsoft Intune](/mem/intune/protect/endpoint-security). | ## View or edit your firewall policies and custom rules Depending on whether you're using the Microsoft 365 Defender portal or Intune to | Portal | Procedure | |:|:|-| Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) |<ol><li>Go to the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), and sign in.</li><li>In the navigation pane, choose **Device configuration**. Policies are organized by operating system and policy type.</li><li>Select an operating system tab (such as **Windows clients**).</li><li>Expand **Firewall** to view your list of policies.</li><li>Select a policy to view the details. </li><li>To make changes or to learn more about policy settings, see the following articles:<ul><li>[View or edit device policies](mdb-view-edit-policies.md)</li><li>[Firewall settings](mdb-firewall.md)</li><li>[Manage your custom rules for firewall policies](mdb-custom-rules-firewall.md)</li><ul></li><ol> | -| Microsoft Intune admin center ([https://intune.microsoft.com](https://intune.microsoft.com)) |For help with managing your security settings in Intune, start with [Manage endpoint security in Microsoft Intune](/mem/intune/protect/endpoint-security). <ol><li>Go to [https://intune.microsoft.com](https://intune.microsoft.com) and sign in. You're now in the Intune admin center.</li><li>Select **Endpoint security**.</li><li>Select **Firewall** to view your policies in that category. Custom rules that are defined for firewall protection are listed as separate policies.</li></ol>| +| Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) |1. Go to the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), and sign in.<br/>2. In the navigation pane, choose **Device configuration**. Policies are organized by operating system and policy type.<br/>3. Select an operating system tab (such as **Windows clients**).<br/>4. Expand **Firewall** to view your list of policies.<br/>5. Select a policy to view the details. <br/><br/>To make changes or to learn more about policy settings, see the following articles:<br/>- [View or edit device policies](mdb-view-edit-policies.md)<br/>- [Firewall settings](mdb-firewall.md)<br/>- [Manage your custom rules for firewall policies](mdb-custom-rules-firewall.md) | +| Microsoft Intune admin center ([https://intune.microsoft.com](https://intune.microsoft.com)) |1. Go to [https://intune.microsoft.com](https://intune.microsoft.com) and sign in. You're now in the Intune admin center.<br/>2. Select **Endpoint security**.<br/>3. Select **Firewall** to view your policies in that category. Custom rules that are defined for firewall protection are listed as separate policies. <br/><br/>For help with managing your security settings in Intune, start with [Manage endpoint security in Microsoft Intune](/mem/intune/protect/endpoint-security).| ## Enable standard attack surface reduction rules There are three standard attack surface reduction rules you should turn on as so ## Set up web content filtering -Web content filtering enables your security team to track and regulate access to websites based on content categories, such as: +Web content filtering enables your security team to track and regulate access to websites based on content categories, as described in the following table: -- Adult content: Sites that are related to cults, gambling, nudity, pornography, sexually explicit material, or violence-- High bandwidth: Download sites, image sharing sites, or peer-to-peer hosts-- Legal liability: Sites that include child abuse images, promote illegal activities, foster plagiarism or school cheating, or that promote harmful activities-- Leisure: Sites that provide web-based chat rooms, online gaming, web-based email, or social networking-- Uncategorized: Sites that have no content or that are newly registered+| Category | Description | +|:|:| +| Adult content | Sites that are related to cults, gambling, nudity, pornography, sexually explicit material, or violence | +| High bandwidth | Download sites, image sharing sites, or peer-to-peer hosts | +| Legal liability | Sites that include child abuse images, promote illegal activities, foster plagiarism or school cheating, or that promote harmful activities | +| Leisure | Sites that provide web-based chat rooms, online gaming, web-based email, or social networking | +| Uncategorized | Sites that have no content or that are newly registered | Not all websites in these categories are malicious, but they could be problematic for your company because of compliance regulations, bandwidth usage, or other concerns. You can create an audit-only policy to get a better understanding of whether your security team should block any website categories. The following table describes advanced feature settings. | Setting | Description | |:|:|-| **Automated Investigation** <br/>(turned on by default) | As alerts are generated, automated investigations can occur. Each automated investigation determines whether a detected threat requires action and then takes or recommends remediation actions, such as sending a file to quarantine, stopping a process, isolating a device, or blocking a URL. While an investigation is running, any related alerts that arise are added to the investigation until it's completed. If an affected entity is seen elsewhere, the automated investigation expands its scope to include that entity, and the investigation process repeats.<p>You can view investigations on the **Incidents** page. Select an incident, and then select the **Investigations** tab.<p>By default, automated investigation and response capabilities are turned on, tenant wide. **We recommend keeping automated investigation turned on**. If you turn it off, real-time protection in Microsoft Defender Antivirus will be affected, and your overall level of protection will be reduced. <p>[Learn more about automated investigations](../defender-endpoint/automated-investigations.md). | -| **Live Response** | Defender for Business includes the following types of manual response actions: <ul><li>Run antivirus scan</li><li>Isolate device</li><li>Stop and quarantine a file</li><li>Add an indicator to block or allow a file</li></ul> <p>[Learn more about response actions](../defender-endpoint/respond-machine-alerts.md). | +| **Automated Investigation** <br/>(turned on by default) | As alerts are generated, automated investigations can occur. Each automated investigation determines whether a detected threat requires action and then takes or recommends remediation actions, such as sending a file to quarantine, stopping a process, isolating a device, or blocking a URL. While an investigation is running, any related alerts that arise are added to the investigation until it's completed. If an affected entity is seen elsewhere, the automated investigation expands its scope to include that entity, and the investigation process repeats.<br/><br/>You can view investigations on the **Incidents** page. Select an incident, and then select the **Investigations** tab.<br/><br/>By default, automated investigation and response capabilities are turned on, tenant wide. **We recommend keeping automated investigation turned on**. If you turn it off, real-time protection in Microsoft Defender Antivirus will be affected, and your overall level of protection will be reduced. <br/><br/>[Learn more about automated investigations](../defender-endpoint/automated-investigations.md). | +| **Live Response** | Defender for Business includes the following types of manual response actions: <br/>- Run antivirus scan<br/>- Isolate device<br/>- Stop and quarantine a file<br/>- Add an indicator to block or allow a file <br/><br/>[Learn more about response actions](../defender-endpoint/respond-machine-alerts.md). | | **Live Response for Servers** | (This setting is currently not available in Defender for Business.) | | **Live Response unsigned script execution** | (This setting is currently not available in Defender for Business.) | -| **Enable EDR in block mode**<br/>(turned on by default) | Provides added protection from malicious artifacts when Microsoft Defender Antivirus isn't the primary antivirus product and is running in passive mode on a device. Endpoint detection and response (EDR) in block mode works behind the scenes to remediate malicious artifacts detected by EDR capabilities. Such artifacts might have been missed by the primary, non-Microsoft antivirus product.<p>[Learn more about EDR in block mode](../defender-endpoint/edr-in-block-mode.md). | -| **Allow or block a file** <br/>(turned on by default) | Enables you to allow or block a file by using [indicators](../defender-endpoint/indicator-file.md). This capability requires Microsoft Defender Antivirus to be in active mode and [cloud protection](../defender-endpoint/cloud-protection-microsoft-defender-antivirus.md) turned on.<p>Blocking a file prevents it from being read, written, or executed on devices in your organization. <p>[Learn more about indicators for files](../defender-endpoint/indicator-file.md). | -| **Custom network indicators**<br/>(turned on by default) | Enables you to allow or block an IP address, URL, or domain by using [network indicators](../defender-endpoint/indicator-ip-domain.md). This capability requires Microsoft Defender Antivirus to be in active mode and [network protection](../defender-endpoint/enable-network-protection.md) turned on.<p>You can allow or block IPs, URLs, or domains based on your threat intelligence. You can also prompt users if they open a risky app, but the prompt won't stop them from using the app.<p>[Learn more about network protection](../defender-endpoint/network-protection.md). | -| **Tamper protection**<br/>(we recommend you turn on this setting) | Tamper protection prevents malicious apps from doing actions such as:<ul><li>Disable virus and threat protection</li><li>Disable real-time protection</li><li>Turn off behavior monitoring</li><li>Disable cloud protection</li><li>Remove security intelligence updates</li><li>Disable automatic actions on detected threats</li></ul><p>Tamper protection essentially locks Microsoft Defender Antivirus to its secure, default values and prevents your security settings from being changed by apps and unauthorized methods. <p>[Learn more about tamper protection](../defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection.md). | -| **Show user details**<br/>(turned on by default) | Enables people in your organization to see details, such as employees' pictures, names, titles, and departments. These details are stored in Azure Active Directory (Azure AD).<p>[Learn more about user profiles in Azure AD](/azure/active-directory/fundamentals/active-directory-users-profile-azure-portal). | -| **Skype for Business integration**<br/>(turned on by default) | Skype for Business was retired in July 2021. If you haven't already moved to Microsoft Teams, see [Set up Microsoft Teams in your small business](/microsoftteams/deploy-small-business). <p>Integration with Microsoft Teams (or the former Skype for Business) enables one-click communication between people in your business. | +| **Enable EDR in block mode**<br/>(turned on by default) | Provides added protection from malicious artifacts when Microsoft Defender Antivirus isn't the primary antivirus product and is running in passive mode on a device. Endpoint detection and response (EDR) in block mode works behind the scenes to remediate malicious artifacts detected by EDR capabilities. Such artifacts might have been missed by the primary, non-Microsoft antivirus product.<br/><br/>[Learn more about EDR in block mode](../defender-endpoint/edr-in-block-mode.md). | +| **Allow or block a file** <br/>(turned on by default) | Enables you to allow or block a file by using [indicators](../defender-endpoint/indicator-file.md). This capability requires Microsoft Defender Antivirus to be in active mode and [cloud protection](../defender-endpoint/cloud-protection-microsoft-defender-antivirus.md) turned on.<br/><br/>Blocking a file prevents it from being read, written, or executed on devices in your organization. <br/><br/>[Learn more about indicators for files](../defender-endpoint/indicator-file.md). | +| **Custom network indicators**<br/>(turned on by default) | Enables you to allow or block an IP address, URL, or domain by using [network indicators](../defender-endpoint/indicator-ip-domain.md). This capability requires Microsoft Defender Antivirus to be in active mode and [network protection](../defender-endpoint/enable-network-protection.md) turned on.<br/><br/>You can allow or block IPs, URLs, or domains based on your threat intelligence. You can also prompt users if they open a risky app, but the prompt won't stop them from using the app.<br/><br/>[Learn more about network protection](../defender-endpoint/network-protection.md). | +| **Tamper protection**<br/>(we recommend you turn on this setting) | Tamper protection prevents malicious apps from doing actions such as:<br/>- Disable virus and threat protection<br/>- Disable real-time protection<br/>- Turn off behavior monitoring<br/>- Disable cloud protection<br/>- Remove security intelligence updates<br/>- Disable automatic actions on detected threats<br/><br/>Tamper protection essentially locks Microsoft Defender Antivirus to its secure, default values and prevents your security settings from being changed by apps and unauthorized methods. <br/><br/>[Learn more about tamper protection](../defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection.md). | +| **Show user details**<br/>(turned on by default) | Enables people in your organization to see details, such as employees' pictures, names, titles, and departments. These details are stored in Azure Active Directory (Azure AD).<br/><br/>[Learn more about user profiles in Azure AD](/azure/active-directory/fundamentals/active-directory-users-profile-azure-portal). | +| **Skype for Business integration**<br/>(turned on by default) | Skype for Business was retired in July 2021. If you haven't already moved to Microsoft Teams, see [Set up Microsoft Teams in your small business](/microsoftteams/deploy-small-business). <br/><br/>Integration with Microsoft Teams (or the former Skype for Business) enables one-click communication between people in your business. | | **Web content filtering**<br/>(turned on by default) | Blocks access to websites that contain unwanted content and tracks web activity across all domains. See [Set up web content filtering](#set-up-web-content-filtering). | | **Microsoft Intune connection**<br/>(we recommend you turn on this setting if you have Intune) | If your organization's subscription includes Microsoft Intune (included in [Microsoft 365 Business Premium](../../business/index.yml)), this setting enables Defender for Business to share information about devices with Intune. |-| **Device discovery**<br/>(turned on by default) | Enables your security team to find unmanaged devices that are connected to your company network. Unknown and unmanaged devices introduce significant risks to your network, whether it's an unpatched printer, a network device with a weak security configuration, or a server with no security controls.<p>Device discovery uses onboarded devices to discover unmanaged devices, so your security team can onboard the unmanaged devices and reduce your vulnerability. <p>[Learn more about device discovery](../defender-endpoint/device-discovery.md). | -| **Preview features** | Microsoft is continually updating services such as Defender for Business to include new feature enhancements and capabilities. If you opt in to receive preview features, you'll be among the first to try upcoming features in the preview experience. <p>[Learn more about preview features](../defender-endpoint/preview.md). | +| **Device discovery**<br/>(turned on by default) | Enables your security team to find unmanaged devices that are connected to your company network. Unknown and unmanaged devices introduce significant risks to your network, whether it's an unpatched printer, a network device with a weak security configuration, or a server with no security controls.<br/><br/>Device discovery uses onboarded devices to discover unmanaged devices, so your security team can onboard the unmanaged devices and reduce your vulnerability. <br/><br/>[Learn more about device discovery](../defender-endpoint/device-discovery.md). | +| **Preview features** | Microsoft is continually updating services such as Defender for Business to include new feature enhancements and capabilities. If you opt in to receive preview features, you'll be among the first to try upcoming features in the preview experience. <br/><br/>[Learn more about preview features](../defender-endpoint/preview.md). | ## View and edit other settings in the Microsoft 365 Defender portal |
security | Mdb Firewall | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-firewall.md | Defender for Business includes firewall protection through Windows Defender Fire | **Domain network** | The domain network profile applies to your company's network. Firewall settings for your domain network apply to inbound connections that are initiated on other devices on the same network. By default, incoming connections is set to **Block all**. | | **Public network** | The public network profile applies to networks that you can use in a public location, such as a coffee shop or airport. Firewall settings for public networks apply to inbound connections that are initiated on other devices on the same network. Because a public network can include devices that you don't know or don't trust, incoming connections is set to **Block all** by default. | | **Private network** | The private network profile applies to networks in a private location, such as your home. Firewall settings for private networks apply to inbound connections that are initiated on other devices on the same network. In general, on a private network, it's assumed that all other devices on the same network are trusted devices. However, by default, incoming connections is set to **Block all**. |-| **Custom rules** | [Custom rules](mdb-custom-rules-firewall.md) let you block or allow specific connections. For example, suppose that you want to block all incoming connections on devices that are connected to a private network except for connections through a specific app on a device. In this case, you'd set **Private network** to block all incoming connections, and then add a custom rule to define the exception. <p>You can use custom rules to define exceptions for specific files or apps, an Internet protocol (IP) address, or a range of IP addresses. Depending on the type of custom rule you're creating, here are some examples of values you could use:<ul><li>Application file path: `C:\Windows\System\Notepad.exe or %WINDIR%\Notepad.exe`</li><li>IP: A valid IPv4/IPv6 address, such as `192.168.11.0` or `192.168.1.0/24`</li><li>IP: A valid IPv4/IPv6 address range, formatted like `192.168.1.0-192.168.1.9` (with no spaces included)</li></ul> | +| **Custom rules** | [Custom rules](mdb-custom-rules-firewall.md) let you block or allow specific connections. For example, suppose that you want to block all incoming connections on devices that are connected to a private network except for connections through a specific app on a device. In this case, you'd set **Private network** to block all incoming connections, and then add a custom rule to define the exception. <p>You can use custom rules to define exceptions for specific files or apps, an Internet protocol (IP) address, or a range of IP addresses. Depending on the type of custom rule you're creating, here are some examples of values you could use: <br/>- Application file path: `C:\Windows\System\Notepad.exe or %WINDIR%\Notepad.exe` <br/>- IP: A valid IPv4/IPv6 address, such as `192.168.11.0` or `192.168.1.0/24` <br/>- IP: A valid IPv4/IPv6 address range, formatted like `192.168.1.0-192.168.1.9` (with no spaces included) | ## Next steps |
security | Mdb Next Gen Configuration Settings | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-next-gen-configuration-settings.md | The following table lists settings and options. | Setting | Description | |:|:| | **Real-time protection** | |-| **Turn on real-time protection** | Enabled by default, real-time protection locates and stops malware from running on devices. *We recommend keeping real-time protection turned on.* When real-time protection is turned on, it configures the following settings: <ul><li>Behavior monitoring is turned on ([AllowBehaviorMonitoring](/windows/client-management/mdm/policy-csp-defender#defender-allowbehaviormonitoring)).</li><li>All downloaded files and attachments are scanned ([AllowIOAVProtection](/windows/client-management/mdm/policy-csp-defender#defender-allowioavprotection)).</li><li>Scripts that are used in Microsoft browsers are scanned ([AllowScriptScanning](/windows/client-management/mdm/policy-csp-defender#defender-allowscriptscanning)).</li></ul> | -| **Block at first sight** | Enabled by default, block at first sight blocks malware within seconds of detection, increases the time (in seconds) allowed to submit sample files for analysis, and sets your detection level to High. *We recommend keeping block at first sight turned on.*<br/><br/>When block at first sight is turned on, it configures the following settings for Microsoft Defender Antivirus:<ul><li>Blocking and scanning of suspicious files is set to the High blocking level ([CloudBlockLevel](/windows/client-management/mdm/policy-csp-defender#defender-cloudblocklevel)).</li><li>The number of seconds for a file to be blocked and checked is set to 50 seconds ([CloudExtendedTimeout](/windows/client-management/mdm/policy-csp-defender#defender-cloudextendedtimeout)).</li></ul> <br/>**Important** If block at first sight is turned off, it affects `CloudBlockLevel` and `CloudExtendedTimeout` for Microsoft Defender Antivirus. | -| **Turn on network protection** | When turned on, network protection helps protect against phishing scams, exploit-hosting sites, and malicious content on the internet. It also prevents users from turning network protection off.<br/><br/>Network protection can be set to the following modes:<ul><li>**Block mode** is the default setting. It prevents users from visiting sites that are considered unsafe. *We recommend keeping network protection set to Block mode.*</li><li>**Audit mode** allows users to visit sites that might be unsafe and tracks network activity to/from such sites.</li><li>**Disabled mode** neither blocks users from visiting sites that might be unsafe nor tracks network activity to/from such sites.</li></ul> | +| **Turn on real-time protection** | Enabled by default, real-time protection locates and stops malware from running on devices. *We recommend keeping real-time protection turned on.* When real-time protection is turned on, it configures the following settings: <br/>- Behavior monitoring is turned on ([AllowBehaviorMonitoring](/windows/client-management/mdm/policy-csp-defender#defender-allowbehaviormonitoring)).<br/> - All downloaded files and attachments are scanned ([AllowIOAVProtection](/windows/client-management/mdm/policy-csp-defender#defender-allowioavprotection)).<br/> - Scripts that are used in Microsoft browsers are scanned ([AllowScriptScanning](/windows/client-management/mdm/policy-csp-defender#defender-allowscriptscanning)). | +| **Block at first sight** | Enabled by default, block at first sight blocks malware within seconds of detection, increases the time (in seconds) allowed to submit sample files for analysis, and sets your detection level to High. *We recommend keeping block at first sight turned on.*<br/><br/>When block at first sight is turned on, it configures the following settings for Microsoft Defender Antivirus: <br/>- Blocking and scanning of suspicious files is set to the High blocking level ([CloudBlockLevel](/windows/client-management/mdm/policy-csp-defender#defender-cloudblocklevel)).<br/> - The number of seconds for a file to be blocked and checked is set to 50 seconds ([CloudExtendedTimeout](/windows/client-management/mdm/policy-csp-defender#defender-cloudextendedtimeout)). <br/>**Important** If block at first sight is turned off, it affects `CloudBlockLevel` and `CloudExtendedTimeout` for Microsoft Defender Antivirus. | +| **Turn on network protection** | When turned on, network protection helps protect against phishing scams, exploit-hosting sites, and malicious content on the internet. It also prevents users from turning network protection off.<br/><br/>Network protection can be set to the following modes: <br/>- **Block mode** is the default setting. It prevents users from visiting sites that are considered unsafe. *We recommend keeping network protection set to Block mode.*<br/> - **Audit mode** allows users to visit sites that might be unsafe and tracks network activity to/from such sites.<br/> - **Disabled mode** neither blocks users from visiting sites that might be unsafe nor tracks network activity to/from such sites. | | **Remediation** | |-| **Action to take on potentially unwanted apps (PUA)** | PUA can include advertising software; bundling software that offers to install other, unsigned software; and evasion software that attempts to evade security features. Although PUA isn't necessarily a virus, malware, or other type of threat, it can affect device performance. PUA protection blocks items that are detected as PUA. You can set PUA protection to the following modes: <ul><li>**Enabled** is the default setting. It blocks items detected as PUA on devices. *We recommend keeping PUA protection enabled.*</li><li>**Audit mode** takes no action on items detected as PUA.</li><li>**Disabled** doesn't detect or take action on items that might be PUA.</li></ul> | +| **Action to take on potentially unwanted apps (PUA)** | PUA can include advertising software; bundling software that offers to install other, unsigned software; and evasion software that attempts to evade security features. Although PUA isn't necessarily a virus, malware, or other type of threat, it can affect device performance. PUA protection blocks items that are detected as PUA. You can set PUA protection to the following modes: <br/>- **Enabled** is the default setting. It blocks items detected as PUA on devices. *We recommend keeping PUA protection enabled.*<br/> - **Audit mode** takes no action on items detected as PUA.<br/> - **Disabled** doesn't detect or take action on items that might be PUA. | | **Scan** | |-| **Scheduled scan type** | Consider running a weekly antivirus scan on your devices. You can choose from the following scan type options:<ul><li>**Quickscan** checks locations, such as registry keys and startup folders, where malware could be registered to start along with a device. *We recommend using the quickscan option.* </li><li>**Fullscan** checks all files and folders on a device.</li><li>**Disabled** means no scheduled scans will take place. Users can still run scans on their own devices. (In general, we don't recommend disabling scheduled scans.)</li></ul><br/> [Learn more about scan types](../defender-endpoint/schedule-antivirus-scans.md). | +| **Scheduled scan type** | Consider running a weekly antivirus scan on your devices. You can choose from the following scan type options: <br/>- **Quickscan** checks locations, such as registry keys and startup folders, where malware could be registered to start along with a device. *We recommend using the quickscan option.* <br/> - **Fullscan** checks all files and folders on a device.<br/> - **Disabled** means no scheduled scans will take place. Users can still run scans on their own devices. (In general, we don't recommend disabling scheduled scans.) <br/> [Learn more about scan types](../defender-endpoint/schedule-antivirus-scans.md). | | **Day of week to run a scheduled scan** | Select a day for your regular, weekly antivirus scans to run. | | **Time of day to run a scheduled scan** | Select a time to run your regularly scheduled antivirus scans to run. |-| **Use low performance** | This setting is turned off by default. *We recommend keeping this setting turned off.* However, you can turn on this setting to limit the device memory and resources that are used during scheduled scans. **Important** If you turn on **Use low performance**, it configures the following settings for Microsoft Defender Antivirus:<ul><li>Archive files aren't scanned ([AllowArchiveScanning](/windows/client-management/mdm/policy-csp-defender#defender-allowarchivescanning)).</li><li>Scans are assigned a low CPU priority ([EnableLowCPUPriority](/windows/client-management/mdm/policy-csp-defender#defender-enablelowcpupriority)).</li><li>If a full antivirus scan is missed, no catch-up scan will run ([DisableCatchupFullScan](/windows/client-management/mdm/policy-csp-defender#defender-disablecatchupfullscan)).</li><li>If a quick antivirus scan is missed, no catch-up scan will run ([DisableCatchupQuickScan](/windows/client-management/mdm/policy-csp-defender#defender-disablecatchupquickscan)).</li><li>Reduces the average CPU load factor during an antivirus scan from 50 percent to 20 percent ([AvgCPULoadFactor](/windows/client-management/mdm/policy-csp-defender#defender-avgcpuloadfactor)).</li></ul> | +| **Use low performance** | This setting is turned off by default. *We recommend keeping this setting turned off.* However, you can turn on this setting to limit the device memory and resources that are used during scheduled scans. **Important** If you turn on **Use low performance**, it configures the following settings for Microsoft Defender Antivirus: <br/>- Archive files aren't scanned ([AllowArchiveScanning](/windows/client-management/mdm/policy-csp-defender#defender-allowarchivescanning)).<br/> - Scans are assigned a low CPU priority ([EnableLowCPUPriority](/windows/client-management/mdm/policy-csp-defender#defender-enablelowcpupriority)).<br/> - If a full antivirus scan is missed, no catch-up scan will run ([DisableCatchupFullScan](/windows/client-management/mdm/policy-csp-defender#defender-disablecatchupfullscan)).<br/> - If a quick antivirus scan is missed, no catch-up scan will run ([DisableCatchupQuickScan](/windows/client-management/mdm/policy-csp-defender#defender-disablecatchupquickscan)).<br/> - Reduces the average CPU load factor during an antivirus scan from 50 percent to 20 percent ([AvgCPULoadFactor](/windows/client-management/mdm/policy-csp-defender#defender-avgcpuloadfactor)). | | **User experience** | | | **Allow users to access the Windows Security app** | Turn on this setting to enable users to open the Windows Security app on their devices. Users won't be able to override settings that you configure in Defender for Business, but they'll be able to run a quick scan or view any detected threats. | | **Antivirus exclusions** | Exclusions are processes, files, or folders that are skipped by Microsoft Defender Antivirus scans. *In general, you shouldn't need to define exclusions.* Microsoft Defender Antivirus includes many automatic exclusions that are based on known operating system behavior and typical management files. [Learn more about exclusions](../defender-endpoint/configure-exclusions-microsoft-defender-antivirus.md). | The following table describes each state and what it means. | Microsoft Defender Antivirus state | What it means | |:|:|-| **Active mode** <br/>(*recommended*) | Microsoft Defender Antivirus is used as the antivirus app on the machine. Files are scanned, threats are remediated, and detection information is reported in the Microsoft 365 Defender portal and in the Windows Security app on a device running Windows.<br/><br/>We recommend running Microsoft Defender Antivirus in active mode so that devices onboarded to Defender for Business will get all of the following types of protection: <ul><li>**Real-time protection**, which locates and stops malware from running on devices. </li><li>**Cloud protection**, which works with Microsoft Defender Antivirus and the Microsoft cloud to identify new threats, sometimes even before a single device is affected.</li><li>**Network protection**, which helps protect against phishing scams, exploit-hosting sites, and malicious content on the internet.</li><li>**Web content filtering**, which regulates access to websites based on content categories (such as adult content, high bandwidth, and legal liability) across all browsers.</li><li>**Protection from potentially unwanted applications**, such as advertising software, bundling software that offers to install other, unsigned software, and evasion software that attempts to evade security features.</li></ul> | +| **Active mode** <br/>(*recommended*) | Microsoft Defender Antivirus is used as the antivirus app on the machine. Files are scanned, threats are remediated, and detection information is reported in the Microsoft 365 Defender portal and in the Windows Security app on a device running Windows.<br/><br/>We recommend running Microsoft Defender Antivirus in active mode so that devices onboarded to Defender for Business will get all of the following types of protection: <br/>- **Real-time protection**, which locates and stops malware from running on devices. <br/> - **Cloud protection**, which works with Microsoft Defender Antivirus and the Microsoft cloud to identify new threats, sometimes even before a single device is affected.<br/> - **Network protection**, which helps protect against phishing scams, exploit-hosting sites, and malicious content on the internet.<br/> - **Web content filtering**, which regulates access to websites based on content categories (such as adult content, high bandwidth, and legal liability) across all browsers.<br/> - **Protection from potentially unwanted applications**, such as advertising software, bundling software that offers to install other, unsigned software, and evasion software that attempts to evade security features. | | **Passive mode** | A non-Microsoft antivirus/antimalware product is installed on the device, and even though the device has been onboarded to Defender for Business, Microsoft Defender Antivirus can detect threats but doesn't remediate them. Devices with Microsoft Defender Antivirus can still receive security intelligence and platform updates. <br/><br/>You can switch Microsoft Defender Antivirus to active mode automatically by uninstalling the non-Microsoft antivirus/antimalware product. | | **Disabled mode** | A non-Microsoft antivirus/antimwalware product is installed on the device, and the device hasn't been onboarded to Defender for Business. Whether Microsoft Defender Antivirus went into disabled mode automatically or was set manually, it's not currently running on the device. In this case, Microsoft Defender Antivirus neither detects nor remediates threats on the device.<br/><br/>You can switch Microsoft Defender Antivirus to active mode by uninstalling the non-Microsoft antivirus/antimalware solution and onboarding the device to Defender for Business. | |
security | Mdb Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-overview.md | -Defender for Business is a new endpoint security solution that was designed especially for the small- and medium-sized business (up to 300 employees). With this endpoint security solution, your company's devices are better protected from ransomware, malware, phishing, and other threats. +Defender for Business is an endpoint security solution that was designed especially for the small- and medium-sized business (up to 300 employees). With this endpoint security solution, your company's devices are better protected from ransomware, malware, phishing, and other threats. Defender for Business is available as a standalone subscription and is included in [Microsoft 365 Business Premium](../../business-premium/index.md). -This article describes what's included in Defender for Business, with links to learn more about these features and capabilities. +This article describes what's included in Defender for Business and provides links to learn more about these features and capabilities. +> [!TIP] +> To learn more about Microsoft 365 Business Premium, see [Microsoft 365 Business Premium ΓÇô productivity and cybersecurity for small business](../../business-premium/index.md). ## Video: Enterprise-grade protection for small- and medium-sized businesses With Defender for Business, you can help protect the devices and data your busin - [Try the interactive guide: Get started with Defender for Business](https://aka.ms/MDB-GetStartedGuide) - [Learn more about the simplified configuration process in Defender for Business](mdb-simplified-configuration.md) - [Find out how to get Defender for Business](get-defender-business.md)+- [Get an overview of Microsoft 365 Business Premium](../../business-premium/index.md) |
security | Mdb Partners | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-partners.md | If you're a Microsoft Cloud Solution Provider (CSP) or MSP, you can use Microsof | Resource | Description | |:|:| | [Microsoft Partner Network](https://partner.microsoft.com) | Visit the Microsoft Partner Network to learn how to become a Microsoft partner and join the Microsoft Partner Network. |-| [Microsoft 365 Business Premium and Defender for Business partner webinar series](https://aka.ms/M365MDBseries) | This webinar series provides: <ul><li>Practical guidance about how to have conversations with your customers about security and drive upsell to Microsoft 365 Business Premium. </li><li>Demos and deep dive walkthroughs for Microsoft 365 Lighthouse and Defender for Business. </li><li>A panel of experts to help answer your questions.</li></ul> | -| [Microsoft 365 Business Premium partner playbook and readiness series](https://aka.ms/M365BPPartnerPlaybook) | Practical guidance on building a profitable managed services practice, with: <ul><li>Examples of successful managed service offerings from industry experts and peers. </li><li>Technical enablement and checklists from Microsoft experts. </li><li>Sales enablement and customer conversation aids to help you market your solution. </li></ul> | +| [Microsoft 365 Business Premium and Defender for Business partner webinar series](https://aka.ms/M365MDBseries) | This webinar series provides: <br/>- Practical guidance about how to have conversations with your customers about security and drive upsell to Microsoft 365 Business Premium. <br/>- Demos and deep dive walkthroughs for Microsoft 365 Lighthouse and Defender for Business. <br/>- A panel of experts to help answer your questions. | +| [Microsoft 365 Business Premium partner playbook and readiness series](https://aka.ms/M365BPPartnerPlaybook) | Practical guidance on building a profitable managed services practice, with: <br/>- Examples of successful managed service offerings from industry experts and peers. <br/>- Technical enablement and checklists from Microsoft experts. <br/>- Sales enablement and customer conversation aids to help you market your solution. | | [Defender for Business partner kit](https://aka.ms/MDBPartnerKit) | The Defender for Business partner kit provides you with practical guidance, technical information, and customer-ready resources to market and sell Defender for Business to small and medium-sized businesses. | |
security | Mdb Requirements | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-requirements.md | The following table lists the basic requirements you need to configure and use D | Requirement | Description | |:|:| | Subscription | Microsoft 365 Business Premium or Defender for Business (standalone). See [How to get Defender for Business](get-defender-business.md). |-| Datacenter | One of the following datacenter locations: <ul><li>European Union</li><li>United Kingdom</li><li>United States</li></ul> | -| User accounts |<ul><li>User accounts are created in the Microsoft 365 admin center ([https://admin.microsoft.com](https://admin.microsoft.com)).</li><li>Licenses for Defender for Business (or Microsoft 365 Business Premium) are assigned in the Microsoft 365 admin center.</li></ul>To get help with this task, see [Add users and assign licenses](mdb-add-users.md). | -| Permissions | To sign up for Defender for Business, you must be a Global Admin.<br/><br/>To access the Microsoft 365 Defender portal, users must have one of the following [roles in Azure AD](mdb-roles-permissions.md) assigned:<ul><li>Security Reader</li><li>Security Admin</li><li>Global Admin</li></ul>To learn more, see [Roles and permissions in Defender for Business](mdb-roles-permissions.md). | +| Datacenter | One of the following datacenter locations: <br/>- European Union <br/>- United Kingdom <br/>- United States | +| User accounts | - User accounts are created in the Microsoft 365 admin center ([https://admin.microsoft.com](https://admin.microsoft.com)). <br/>- Licenses for Defender for Business (or Microsoft 365 Business Premium) are assigned in the Microsoft 365 admin center.<br/><br/>To get help with this task, see [Add users and assign licenses](mdb-add-users.md). | +| Permissions | To sign up for Defender for Business, you must be a Global Admin.<br/><br/>To access the Microsoft 365 Defender portal, users must have one of the following [roles in Azure AD](mdb-roles-permissions.md) assigned: <br/>- Security Reader <br/>- Security Admin <br/>- Global AdminTo learn more, see [Roles and permissions in Defender for Business](mdb-roles-permissions.md). | | Browser requirements | Microsoft Edge or Google Chrome |-| Client device operating system | To manage devices in the Microsoft 365 Defender portal, your devices must be running one of the following operating systems: <ul><li>Windows 10 or 11 Business</li><li>Windows 10 or 11 Professional</li><li>Windows 10 or 11 Enterprise</li><li>Mac (the three most-current releases are supported)</li></ul>Make sure that [KB5006738](https://support.microsoft.com/topic/october-26-2021-kb5006738-os-builds-19041-1320-19042-1320-and-19043-1320-preview-ccbce6bf-ae00-4e66-9789-ce8e7ea35541) is installed on the Windows devices. <br/><br/>If you're already managing devices in Microsoft Intune, you can continue to use it.<sup>[[1](#fn1)]</sup> In that case, the following other operating systems are supported: <ul><li>iOS and iPadOS</li><li>Android OS</li></ul> | -| Server requirements | To onboard a device running Windows Server or Linux Server, you'll need an additional license, such as [Microsoft Defender for Business servers](get-defender-business-servers.md)<sup>[[2](#fn2)]</sup>.<br/><br/>Windows Server endpoints must meet the [requirements for Defender for Endpoint](/microsoft-365/security/defender-endpoint/minimum-requirements#hardware-and-software-requirements), and enforcement scope must be turned on.<ol><li>In the Microsoft 365 Defender portal, go to **Settings** > **Endpoints** > **Configuration management** > **Enforcement scope**.</li><li>Select **Use MDE to enforce security configuration settings from MEM**, select **Windows Server**. </li><li>Select **Save**.</li></ol>Linux Server endpoints must meet the [prerequisites for Microsoft Defender for Endpoint on Linux](../defender-endpoint/microsoft-defender-endpoint-linux.md#prerequisites).| +| Client device operating system | To manage devices in the Microsoft 365 Defender portal, your devices must be running one of the following operating systems: <br/>- Windows 10 or 11 Business <br/>- Windows 10 or 11 Professional <br/>- Windows 10 or 11 Enterprise <br/>- Mac (the three most-current releases are supported) <br/><br/>Make sure that [KB5006738](https://support.microsoft.com/topic/october-26-2021-kb5006738-os-builds-19041-1320-19042-1320-and-19043-1320-preview-ccbce6bf-ae00-4e66-9789-ce8e7ea35541) is installed on the Windows devices. <br/><br/>If you're already managing devices in Microsoft Intune, you can continue to use it.<sup>[[1](#fn1)]</sup> In that case, the following other operating systems are supported: <br/>- iOS and iPadOS <br/>- Android OS | +| Server requirements | To onboard a device running Windows Server or Linux Server, you'll need an additional license, such as [Microsoft Defender for Business servers](get-defender-business-servers.md) <sup>[[2](#fn2)]</sup>.<br/><br/>Windows Server endpoints must meet the [requirements for Defender for Endpoint](/microsoft-365/security/defender-endpoint/minimum-requirements#hardware-and-software-requirements), and enforcement scope must be turned on.<br/>1. In the Microsoft 365 Defender portal, go to **Settings** > **Endpoints** > **Configuration management** > **Enforcement scope**. <br/>2. Select **Use MDE to enforce security configuration settings from MEM**, select **Windows Server**. <br/>3. Select **Save**.<br/><br/>Linux Server endpoints must meet the [prerequisites for Microsoft Defender for Endpoint on Linux](../defender-endpoint/microsoft-defender-endpoint-linux.md#prerequisites).| (<a id="fn1">1</a>) Microsoft Intune is not included in the standalone version of Defender for Business. Intune can be added onto Defender for Business. Intune is included in Microsoft 365 Business Premium. The following table lists the basic requirements you need to configure and use D > [Azure Active Directory (Azure AD)](/azure/active-directory/fundamentals/active-directory-whatis) is used to manage user permissions and device groups. Azure AD is included in your Defender for Business subscription. > - If you don't have a Microsoft 365 subscription before you start your trial, Azure AD will be provisioned for you during the activation process. > - If you do have another Microsoft 365 subscription when you start your Defender for Business trial, you can use your existing Azure AD service. +> +> Security defaults are included in Defender for Business. If you prefer to use Conditional Access policies instead, you'll need Azure AD Premium Plan 1 (included in [Microsoft 365 Business Premium](../../business-premium/index.md)). To learn more, see [Multi-factor authentication](../../business-premium/m365bp-conditional-access.md). ## Next steps |
security | Mdb Review Remediation Actions | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-review-remediation-actions.md | The following table lists remediation actions that are available. | Source | Actions | |||-| [Automated investigations](../defender-endpoint/automated-investigations.md) |<ul><li>Quarantine a file</li><li>Remove a registry key</li><li>Kill a process</li><li>Stop a service</li><li>Disable a driver</li><li>Remove a scheduled task </li></ul> | -| [Manual response actions](../defender-endpoint/respond-machine-alerts.md) |<ul><li>Run antivirus scan</li><li>Isolate a device</li><li>Add an indicator to block or allow a file</li></ul> | -| [Live response](../defender-endpoint/live-response.md) |<ul><li>Collect forensic data</li><li>Analyze a file</li><li>Run a script</li><li>Send a suspicious entity to Microsoft for analysis</li><li>Remediate a file </li><li>Proactively hunt for threats</li></ul>| +| [Automated investigations](../defender-endpoint/automated-investigations.md) |- Quarantine a file<br/> - Remove a registry key<br/> - Kill a process<br/> - Stop a service<br/> - Disable a driver<br/> - Remove a scheduled task | +| [Manual response actions](../defender-endpoint/respond-machine-alerts.md) |- Run antivirus scan<br/> - Isolate a device<br/> - Add an indicator to block or allow a file | +| [Live response](../defender-endpoint/live-response.md) |- Collect forensic data<br/> - Analyze a file<br/> - Run a script<br/> - Send a suspicious entity to Microsoft for analysis<br/> - Remediate a file <br/> - Proactively hunt for threats| ## Next steps |
security | Mdb Roles Permissions | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-roles-permissions.md | The following table describes the three roles that can be assigned in Defender f | Permission level | Description | |:|:|-| **Global administrators** (also referred to as global admins) <p> *As a best practice, limit the number of global admins.* | Global admins can perform all kinds of tasks. The person who signed up your company for Microsoft 365 or for Defender for Business is a global administrator by default. <p> Global admins are able to modify settings across all Microsoft 365 portals, such as: <ul><li>The Microsoft 365 admin center ([https://admin.microsoft.com](https://admin.microsoft.com))</li><li>Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com))</li></ul> | -| **Security administrators** (also referred to as security admins) | Security admins can perform the following tasks: <ul><li>View and manage security policies</li><li>View and manage security threats and alerts (these activities include taking response actions on endpoints)</li><li>View security information and reports</li></ul> | -| **Security reader** | Security readers can perform the following tasks:<ul><li>View security policies</li><li>View security threats and alerts</li><li>View security information and reports</li></ul> | +| **Global administrators** (also referred to as global admins) <p> *As a best practice, limit the number of global admins.* | Global admins can perform all kinds of tasks. The person who signed up your company for Microsoft 365 or for Defender for Business is a global administrator by default. <p> Global admins are able to modify settings across all Microsoft 365 portals, such as: <br/>- The Microsoft 365 admin center ([https://admin.microsoft.com](https://admin.microsoft.com))<br/>- Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) | +| **Security administrators** (also referred to as security admins) | Security admins can perform the following tasks: <br/>- View and manage security policies<br/>- View and manage security threats and alerts (these activities include taking response actions on endpoints)<br/>- View security information and reports | +| **Security reader** | Security readers can perform the following tasks:<br/>- View security policies<br/>- View security threats and alerts<br/>- View security information and reports | ## View or edit role assignments |
security | Mdb Setup Configuration | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-setup-configuration.md | -Defender for Business provides a streamlined setup and configuration experience, designed especially for the small and medium-sized business. Use this article as a guide for the overall process. +Defender for Business provides a streamlined setup and configuration experience, designed especially for the small and medium-sized business. Use this article as a guide. > [!TIP] > If you used the [setup wizard](mdb-use-wizard.md), then you've already completed several steps of your basic setup process. In this case, you can: Defender for Business provides a streamlined setup and configuration experience, ## The setup and configuration process -The following diagram depicts the overall setup and configuration process for Defender for Business. If you used the setup wizard, then you've likely already completed steps 1-3, and possibly step 4. +The following diagram depicts the overall setup and configuration process for Defender for Business. ++> [!TIP] +> If you used the setup wizard, then you've likely already completed steps 1-3, and possibly step 4. :::image type="content" source="media/mdb-setup-process.png" alt-text="Setup and configuration for Defender for Business."::: | Step | Article | Description | |||--|-| 1 | [Get Defender for Business](get-defender-business.md) | Start a trial or paid subscription today. See [Get Microsoft Defender for Business](get-defender-business.md). | -| 2 | [Add users and assign licenses](mdb-add-users.md) | Assign a license for Defender for Business (or Microsoft 365 Business Premium) to each member of your organization to protect their devices. See [Add users and assign licenses in Microsoft Defender for Business](mdb-add-users.md). | -| 3 | [Assign security roles](mdb-roles-permissions.md) | People on your security team need certain permissions to perform tasks, such as reviewing detected threats & remediation actions, viewing & editing policies, onboarding devices, and using reports. You can grant these permissions through roles. See [Assign roles and permissions](mdb-roles-permissions.md). <p>You can also set up email notifications for your security team. See [Set up email notifications](mdb-email-notifications.md). | +| 1 | [Get Defender for Business](get-defender-business.md) | Start a trial or paid subscription today. You can choose from the standalone version of Defender for Business, or get it as part of Microsoft 365 Business Premium. See [Get Microsoft Defender for Business](get-defender-business.md). | +| 2 | [Add users and assign licenses](mdb-add-users.md) | Assign a license for Defender for Business (or Microsoft 365 Business Premium) to each member of your organization to protect their devices. You'll also want to make sure multifactor authentication is enabled for all users. See [Add users and assign licenses in Microsoft Defender for Business](mdb-add-users.md). | +| 3 | [Assign security roles](mdb-roles-permissions.md) | People on your security team need certain permissions to perform tasks, such as reviewing detected threats & remediation actions, viewing & editing policies, onboarding devices, and using reports. You can grant these permissions through roles. See [Assign roles and permissions](mdb-roles-permissions.md). <br/><br/>You can also set up email notifications to let your security team know about incidents and vulnerabilities as they arise. See [Set up email notifications](mdb-email-notifications.md). | | 4 | [Onboard devices](mdb-onboard-devices.md) | You can onboard devices by downloading a script from the Microsoft 365 Defender portal, and then running that script on devices to onboard. Or, if your subscription includes Microsoft Intune, you can use it to enroll devices. See [Onboard devices to Defender for Business](mdb-onboard-devices.md). | | 5 | [Review and edit your security settings and policies](mdb-configure-security-settings.md) | You can choose from several options to configure your security settings and policies, such as the [simplified configuration process](mdb-simplified-configuration.md) in Defender for Business or Microsoft Intune. See [Configure your security settings and policies](mdb-configure-security-settings.md). | +> [!IMPORTANT] +> If you have Microsoft 365 Business Premium, you have additional capabilities to set up and configure. See [Microsoft 365 Business Premium ΓÇô productivity and cybersecurity for small business](../../business-premium/index.md). + ## Next steps 1. [Get and provision Defender for Business](get-defender-business.md). |
security | Mdb Simplified Configuration | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-simplified-configuration.md | The following table describes each experience. | Portal experience | Description | |||-| The simplified configuration experience in the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) | The simplified configuration experience includes a [wizard-like experience](mdb-use-wizard.md) to help you set up and configure Defender for Business. Simplified configuration also includes default security settings and policies to help protect your company's devices as soon as they're onboarded to Defender for Business. You can view and edit your default policies to suit your business needs. To learn more, see [View or edit device policies in Microsoft Defender for Business](mdb-view-edit-policies.md).<br/><br/>With the simplified experience, your security team uses the Microsoft 365 Defender portal as a one-stop shop to: <ul><li>Set up and configure Defender for Business</li><li>View and manage incidents</li><li>Respond to and mitigate threats</li><li>View reports</li><li>Review pending or completed actions | +| The simplified configuration experience in the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) | The simplified configuration experience includes a [wizard-like experience](mdb-use-wizard.md) to help you set up and configure Defender for Business. Simplified configuration also includes default security settings and policies to help protect your company's devices as soon as they're onboarded to Defender for Business. You can view and edit your default policies to suit your business needs. To learn more, see [View or edit device policies in Microsoft Defender for Business](mdb-view-edit-policies.md).<br/><br/>With the simplified experience, your security team uses the Microsoft 365 Defender portal as a one-stop shop to: <br/>- Set up and configure Defender for Business <br/>- View and manage incidents <br/>- Respond to and mitigate threats <br/>- View reports <br/>- Review pending or completed actions | | The Intune admin center ([https://intune.microsoft.com](https://intune.microsoft.com)) | Microsoft Intune is a cloud-based mobile device management (MDM) and mobile application management (MAM) provider for apps and devices. If you're already using Intune, you can continue to use it to manage devices such as mobile phones, tablets, and laptops. See [Microsoft Intune: Device management](/mem/intune/fundamentals/what-is-device-management). | ## Next steps |
security | Mdb Tutorials | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-tutorials.md | The following table describes the recommended tutorials for Defender for Busines ||| | **Document Drops Backdoor** | Simulate an attack that introduces file-based malware on a test device. The tutorial describes how to use the simulation file and what to watch for in the Microsoft 365 Defender portal. <p>This tutorial requires that Microsoft Word is installed on your test device. | | **Live Response** | Learn how to use basic and advanced commands with Live Response. Learn how to locate a suspicious file, remediate the file, and gather information on a device. |-| **Microsoft Defender Vulnerability Management(core scenarios)** | Learn about Defender Vulnerability Management through three scenarios:<ol><li>Reduce your company's threat and vulnerability exposure.</li><li>Request a remediation.</li><li>Create an exception for security recommendations.</li></ol> <p> Defender Vulnerability Management uses a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations. | +| **Microsoft Defender Vulnerability Management(core scenarios)** | Learn about Defender Vulnerability Management through three scenarios:<br/>1. Reduce your company's threat and vulnerability exposure.<br/>2. Request a remediation.<br/>3. Create an exception for security recommendations.<br/><br/>Defender Vulnerability Management uses a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations. | Each tutorial includes a walkthrough document that explains the scenario, how it works, and what to do. |
security | Mdb Use Wizard | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-use-wizard.md | -Defender for Business was designed to save small and medium-sized businesses time and effort. For example, you can do initial setup and configuration with a setup wizard. The setup wizard guides you through granting access to your security team, setting up email notifications for your security team, and onboarding your company's Windows devices. +Defender for Business was designed to save small and medium-sized businesses time and effort. For example, you can complete your initial setup and configuration process using a setup wizard. The setup wizard guides you through granting access to your security team, setting up email notifications for your security team, and onboarding your company's Windows devices. > [!TIP] > Using the setup wizard is optional. You can choose to work through the setup and configuration process manually. To learn more, see: Defender for Business was designed to save small and medium-sized businesses tim The setup wizard is designed to run the first time someone in your company signs into the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)). -If your company has been using Microsoft 365 Business Premium, the Defender for Business setup wizard will run the first time someone goes to **Assets** > **Devices**. +If your company has been using [Microsoft 365 Business Premium](../../business-premium/index.md), the Defender for Business setup wizard will run the first time someone goes to **Assets** > **Devices**. The setup wizard start screen looks like the following image: |
security | Manage Updates Baselines Microsoft Defender Antivirus | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus.md | ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: high Previously updated : 01/23/2023 Last updated : 02/14/2023 audience: ITPro All our updates contain - Serviceability improvements - Integration improvements (Cloud, [Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-defender)) +### January-2023 (Platform: 4.18.2301.6 | Engine: 1.1.20000.2) ++- Security intelligence update version: **1.383.26.0** +- Release date: **February 14, 2023** +- Platform: **4.18.2301.6** +- Engine: **1.1.20000.2** +- Support phase: **Security and Critical Updates** ++#### What's new ++- Improved [ASR rule](attack-surface-reduction-rules-reference.md) processing logic +- Updated Sense token hardening +- Improved [Defender CSP](/windows/client-management/mdm/defender-csp) module update channel logic ++#### Known Issues ++- None + ### November-2022 (Platform: 4.18.2211.5 | Engine: 1.1.19900.2) - Security intelligence update version: **1.381.144.0** - Release date: **December 8, 2022** - Platform: **4.18.2211.5** - Engine: **1.1.19900.2**-- Support phase: **Security and Critical Updates** #### What's new All our updates contain - None -### September-2022 (Platform: 4.18.2209.7 | Engine: 1.1.19700.3) +### Previous version updates: Technical upgrade support only ++After a new package version is released, support for the previous two versions is reduced to technical support only. Versions older than that are listed in this section, and are provided for technical upgrade support only. ++#### September-2022 (Platform: 4.18.2209.7 | Engine: 1.1.19700.3) - Security intelligence update version: **1.377.8.0** - Release date: **October 10, 2022** - Platform: **4.18.2209.7** - Engine: **1.1.19700.3**-- Support phase: **Security and Critical Updates**+- Support phase: **Technical upgrade support (only)** -#### What's new +##### What's new - Improved processing of Defender fallback order on Server SKU - Fixed Defender updates during OOBE process All our updates contain - Improved logging for scanning FilesStash location - Beginning with platform version 4.18.2208.0 and later: If a server has been [onboarded to Microsoft Defender for Endpoint](onboard-configure.md#onboard-devices-to-the-service), the "Turn off Windows Defender" [group policy setting](configure-endpoints-gp.md#update-endpoint-protection-configuration) will no longer completely disable Windows Defender Antivirus on Windows Server 2012 R2 and later operating systems. Instead, it will be either ignored (if [ForceDefenderPassiveMode](switch-to-mde-phase-2.md#set-microsoft-defender-antivirus-to-passive-mode-on-windows-server) is configured explicitly) or it will place Microsoft Defender Antivirus into [passive mode](microsoft-defender-antivirus-windows.md#comparing-active-mode-passive-mode-and-disabled-mode) (if `ForceDefenderPassiveMode` isn't configured). Moreover, [tamper protection](prevent-changes-to-security-settings-with-tamper-protection.md) will allow a switch to active mode via changing `ForceDefenderPassiveMode` to `0`, but not to passive mode. These changes apply only to servers onboarded to Microsoft Defender for Endpoint. For more information, please refer to [Microsoft Defender Antivirus compatibility with other security products](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility#microsoft-defender-antivirus-and-non-microsoft-antivirusantimalware-solutions) -#### Known Issues +##### Known Issues - Some customers might have received platform updates 4.18.2209.2 from preview. It can cause the service to get stuck at the start state after the update. -### Previous version updates: Technical upgrade support only --After a new package version is released, support for the previous two versions is reduced to technical support only. Versions older than that are listed in this section, and are provided for technical upgrade support only. - #### August-2022 (Platform: 4.18.2207.7 | Engine: 1.1.19600.3) - Security intelligence update version: **1.373.1647.0** |
security | Onboarding Defender Experts For Hunting | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/onboarding-defender-experts-for-hunting.md | Refer to the following screenshot to see a sample Defender Experts Notification: ### Where you'll find Defender Experts Notifications -You can receive Defender Experts Notifications from Defender Experts through the following mediums: +You can receive Defender Experts Notifications from Defender Experts through the following mediums: -- The Microsoft 365 Defender portal's [Incidents](https://security.microsoft.com/incidents?tid=f839b112-d9d7-4d27-9bf6-94542403f21c) page-- The Microsoft 365 Defender portal's [Alerts](https://security.microsoft.com/alerts?tid=f839b112-d9d7-4d27-9bf6-94542403f21c) page+- The Microsoft 365 Defender portal's [Incidents](https://security.microsoft.com/incidents) page +- The Microsoft 365 Defender portal's [Alerts](https://security.microsoft.com/alerts) page - OData alerting [API](../../security/defender-endpoint/get-alerts.md) and [REST API](../defender-endpoint/configure-siem.md) - [DeviceAlertEvents](../../security/defender-endpoint/advanced-hunting-devicealertevents-table.md) table in Advanced hunting |
security | Address Compromised Users Quickly | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/address-compromised-users-quickly.md | search.appverid: - MOE150 Previously updated : 12/14/2022 Last updated : 1/31/2023 description: Learn how to speed up the process of detecting and addressing compromised user accounts with automated investigation and response capabilities in Microsoft Defender for Office 365 Plan 2. |
security | Admin Review Reported Message | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/admin-review-reported-message.md | description: Learn how to review messages that are reported and give feedback to search.appverid: met150 Previously updated : 05/27/2021 Last updated : 1/31/2023 # Admin review for reported messages |
security | Air About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/air-about.md | |
security | Air Custom Reporting | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/air-custom-reporting.md | |
security | Air Remediation Actions | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/air-remediation-actions.md | |
security | Air Report False Positives Negatives | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/air-report-false-positives-negatives.md | f1.keywords: Previously updated : 01/29/2021 Last updated : 1/31/2023 ms.localizationpriority: medium audience: ITPro |
security | Air Review Approve Pending Completed Actions | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/air-review-approve-pending-completed-actions.md | |
security | Air View Investigation Results | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/air-view-investigation-results.md | |
security | Anti Malware Protection About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-malware-protection-about.md | description: Admins can learn about anti-malware protection and anti-malware pol Previously updated : 11/28/2022 Last updated : 1/31/2023 # Anti-malware protection in EOP |
security | Anti Malware Protection For Spo Odfb Teams About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-malware-protection-for-spo-odfb-teams-about.md | description: Learn about how SharePoint Online detects viruses in files that use Previously updated : 11/29/2022 Last updated : 1/31/2023 # Built-in virus protection in SharePoint Online, OneDrive, and Microsoft Teams |
security | Anti Spam Bulk Complaint Level Bcl About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-spam-bulk-complaint-level-bcl-about.md | |
security | Anti Spam Spam Vs Bulk About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-spam-spam-vs-bulk-about.md | |
security | Attack Simulation Training End User Notifications | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulation-training-end-user-notifications.md | |
security | Attack Simulation Training Faq | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulation-training-faq.md | |
security | Attack Simulation Training Get Started | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulation-training-get-started.md | |
security | Attack Simulation Training Insights | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulation-training-insights.md | |
security | Attack Simulation Training Login Pages | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulation-training-login-pages.md | |
security | Attack Simulation Training Payload Automations | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulation-training-payload-automations.md | |
security | Attack Simulation Training Payloads | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulation-training-payloads.md | |
security | Attack Simulation Training Simulation Automations | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulation-training-simulation-automations.md | |
security | Azure Ip Protection Features | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/azure-ip-protection-features.md | f1.keywords: Previously updated : 6/29/2018 Last updated : 1/31/2023 audience: ITPro |
security | Campaigns | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/campaigns.md | |
security | Email Analysis Investigations | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/email-analysis-investigations.md | |
security | Email Authentication About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/email-authentication-about.md | ms.localizationpriority: high description: Admins can learn how EOP uses email authentication (SPF, DKIM, and DMARC) to help prevent spoofing, phishing, and spam. Previously updated : 12/01/2022 Last updated : 1/31/2023 # Email authentication in EOP |
security | Email Authentication Dkim Support About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/email-authentication-dkim-support-about.md | |
security | Email Authentication Dmarc Configure | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/email-authentication-dmarc-configure.md | |
security | Email Authentication Spf Configure | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/email-authentication-spf-configure.md | f1.keywords: Previously updated : 11/21/2019 Last updated : 1/31/2023 audience: ITPro |
security | Identity Access Policies | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/identity-access-policies.md | We group these policies into three protection levels based on where you are on y - **Enterprise** - Enhanced controls that introduce device compliance. - **Specialized security** - Policies that require multifactor authentication every time for specific data sets or users. -The following diagram shows which tier of protections each policy applies to and whether the policies apply to PCs or phones and tablets, or both categories of devices. +The following diagram shows which level of protections each policy applies to and whether the policies apply to PCs or phones and tablets, or both categories of devices. :::image type="content" source="../../media/microsoft-365-policies-configurations/identity-device-access-policies-byplan.png" alt-text="A Diagram showing common identity and device policies that support Zero Trust principles." lightbox="../../media/microsoft-365-policies-configurations/identity-device-access-policies-byplan.png"::: +You can download this diagram as a [PDF](https://download.microsoft.com/download/e/d/0/ed03381c-16ce-453e-9c89-c13967819cea/zero-trust-identity-and-device-access-policies.pdf) file. + <!-- Here's a one-page PDF summary: iOS/iPadOS supports several enrollment scenarios, two of which are covered as pa Using the principles outlined in [Zero Trust identity and device access configurations](microsoft-365-policies-configurations.md): -- The [starting point](#starting-point) and [enterprise](#enterprise) protection tiers map closely with the level 2 enhanced security settings.-- The [specialized](#specialized-security) security protection tier maps closely to the level 3 high security settings.+- The [starting point](#starting-point) and [enterprise](#enterprise) protection levels map closely with the level 2 enhanced security settings. +- The [specialized](#specialized-security) security protection level maps closely to the level 3 high security settings. ##### Compliance settings for personally enrolled devices The Android Enterprise security configuration framework is organized into severa Using the principles outlined in [Zero Trust identity and device access configurations](microsoft-365-policies-configurations.md): -- The [starting point](#starting-point) and [enterprise](#enterprise) protection tiers map closely with the level 2 enhanced security settings.-- The [specialized](#specialized-security) security protection tier maps closely to the level 3 high security settings.+- The [starting point](#starting-point) and [enterprise](#enterprise) protection levels map closely with the level 2 enhanced security settings. +- The [specialized](#specialized-security) security protection level maps closely to the level 3 high security settings. ##### Compliance settings for Android Enterprise work profile devices |
security | Install App Guard | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/install-app-guard.md | |
security | Mdo Email Entity Page | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mdo-email-entity-page.md | f1.keywords: Previously updated : 10/14/2022 Last updated : 1/31/2023 audience: ITPro |
security | Mdo Portal Permissions | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mdo-portal-permissions.md | |
security | Microsoft 365 Policies Configurations | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/microsoft-365-policies-configurations.md | Your organization may be subject to regulatory or other compliance requirements, We've done our best to account for a wide variety of organizational protection requirements, but we're not able to account for all possible requirements or for all the unique aspects of your organization. -## Three tiers of protection +## Three levels of protection Most organizations have specific requirements regarding security and data protection. These requirements vary by industry segment and by job functions within organizations. For example, your legal department and administrators might require additional security and information protection controls around their email correspondence that are not required for other business units. This guidance shows you how to implement a set of policies to protect access to Windows 11 or Windows 10 with Microsoft 365 Apps for enterprise is the recommended client environment for PCs. We recommend Windows 11 or Windows 10 because Azure is designed to provide the smoothest experience possible for both on-premises and Azure AD. Windows 11 or Windows 10 also includes advanced security capabilities that can be managed through Intune. Microsoft 365 Apps for enterprise includes the latest versions of Office applications. These use modern authentication, which is more secure and a requirement for Conditional Access. These apps also include enhanced compliance and security tools. -## Applying these capabilities across the three tiers of protection +## Applying these capabilities across the three levels of protection -The following table summarizes our recommendations for using these capabilities across the three tiers of protection. +The following table summarizes our recommendations for using these capabilities across the three levels of protection. |Protection mechanism|Starting point|Enterprise|Specialized security| ||||| |
security | Migrate To Defender For Office 365 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/migrate-to-defender-for-office-365.md | |
security | Outbound Spam High Risk Delivery Pool About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/outbound-spam-high-risk-delivery-pool-about.md | |
security | Outbound Spam Policies Configure | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/outbound-spam-policies-configure.md | |
security | Outbound Spam Policies External Email Forwarding | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/outbound-spam-policies-external-email-forwarding.md | f1.keywords: Previously updated : 08/18/2022 Last updated : 1/31/2023 audience: ITPro |
security | Outbound Spam Protection About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/outbound-spam-protection-about.md | |
security | Quarantine About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/quarantine-about.md | |
security | Removing User From Restricted Users Portal After Spam | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/removing-user-from-restricted-users-portal-after-spam.md | |
security | Safe Attachments About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/safe-attachments-about.md | |
security | Safe Links About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/safe-links-about.md | audience: Admin f1_keywords: - '197503' Previously updated : 09/08/2021 Last updated : 1/31/2023 ms.localizationpriority: medium - Strat_O365_IP |
security | Secure By Default | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/secure-by-default.md | f1.keywords: Previously updated : 06/28/2021 Last updated : 1/31/2023 audience: ITPro ms.localizationpriority: medium |
security | Siem Server Integration | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/siem-server-integration.md | |
security | Step By Step Guide Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/step-by-step-guide-overview.md | |
security | Submissions Admin | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/submissions-admin.md | When you submit an email message for analysis, you will get: - **Grader analysis**: Review done by human graders in order to confirm whether or not messages are malicious. > [!IMPORTANT]+> In U.S. Government organizations (Microsoft 365 GCC, GCC High, and DoD), admins can't use the **Submissions** page in the Microsoft 365 Defender portal to submit messages to Microsoft. Instead, admins in those organizations need to open a support case to submit messages. +> > Payload reputation/detonation and grader analysis are not done in all tenants. Information is blocked from going outside the organization when data is not supposed to leave the tenant boundary for compliance purposes. For other ways to submit email messages, URLs, and attachments to Microsoft, see [Report messages and files to Microsoft](submissions-report-messages-files-to-microsoft.md). |
security | Submissions Report Messages Files To Microsoft | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/submissions-report-messages-files-to-microsoft.md | f1.keywords: Previously updated : 12/27/2022 Last updated : 1/31/2023 audience: ITPro ms.localizationpriority: medium |
security | Tenant Wide Setup For Increased Security | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/tenant-wide-setup-for-increased-security.md | |
security | Threat Explorer Threat Hunting | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/threat-explorer-threat-hunting.md | |
security | Use Arc Exceptions To Mark Trusted Arc Senders | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/use-arc-exceptions-to-mark-trusted-arc-senders.md | |
security | User Tags About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/user-tags-about.md | f1.keywords: Previously updated : 12/17/2021 Last updated : 1/31/2023 audience: ITPro ms.localizationpriority: medium |
security | Zero Hour Auto Purge | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/zero-hour-auto-purge.md | |
solutions | Cloud Architecture Models | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/cloud-architecture-models.md | IT decision makers and architects can use these resources to determine the ideal <a name="zero trust"></a> ### Microsoft 365 Zero Trust deployment plan - This illustration provides a deployment plan for building Zero Trust security with Microsoft 365. Zero Trust is a new security model that assumes breach and verifies each request as though it originated from an uncontrolled network. Regardless of where the request originates or what resource it accesses, the Zero Trust model teaches us to "never trust, always verify." | Item | Description | |:--|:--|-|[</li></ul>| +|[</li></ul>| <a name="intune-enrollment"></a> ### Intune enrollment options - This guidance helps you decide which enrollment option is best for your endpoints, including options for:+ - Windows devices - macOS - iOS/iPad What IT architects need to know about security in Microsoft cloud services and p | Item | Description | |:--|:--| |[](https://download.microsoft.com/download/6/D/F/6DFD7614-BBCF-4572-A871-E446B8CF5D79/MSFT_cloud_architecture_security.pdf) <br/> [PDF](https://download.microsoft.com/download/6/D/F/6DFD7614-BBCF-4572-A871-E446B8CF5D79/MSFT_cloud_architecture_security.pdf) <br/> Updated February 2022 | This model contains: <ul><li>Microsoft and customer security responsibilities</li><li>Identity and device access</li><li>Threat protection</li><li>Information protection </li><li>Cloud app protection </li></ul><br/>|- + <a name="networking"></a> ### Microsoft cloud networking for IT architects This series of topics illustrates several architecture approaches for mergers, a |:--|:--| |[](https://download.microsoft.com/download/b/a/1/ba19dfe7-96e2-4983-8783-4dcff9cebe7b/microsoft-365-tenant-to-tenant-migration.pdf) <br/> [PDF](https://download.microsoft.com/download/b/a/1/ba19dfe7-96e2-4983-8783-4dcff9cebe7b/microsoft-365-tenant-to-tenant-migration.pdf) <br/> Updated February 2021 |This model contains: <ul><li>A mapping of business scenarios to architecture approaches</li><li>Design considerations</li><li>Single event migration flow example</li><li>Phased migration flow example</li><li>Tenant move or split flow example</li></ul>| - ## Related resources Get resources to create your own architecture design diagrams: [Microsoft 365 architecture icons and templates](architecture-icons-templates.md). |