Updates from: 02/02/2021 04:12:44
Category Microsoft Docs article Related commit history on GitHub Change details
commerce https://docs.microsoft.com/en-us/microsoft-365/commerce/licenses/buy-licenses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/licenses/buy-licenses.md
@@ -1,5 +1,5 @@
Title: "Buy or remove subscription licenses"
+ Title: "Buy or remove licenses"
f1.keywords: - NOCSH
@@ -11,43 +11,54 @@
localization_priority: Normal - M365-subscription-management-- Adm_TOC-- commerce -- SaRA - okr_SMB - AdminSurgePortfolio - manage_licenses
+- commerce
search.appverid: - MET150 description: "Learn how to buy more licenses or reduce the number of licenses for your Microsoft 365 for business subscription." Previously updated : 07/01/2020 Last updated :
-# Buy or remove subscription licenses
+# Buy or remove licenses
::: moniker range="o365-21vianet" > [!NOTE] > The admin center is changing. If your experience doesn't match the details presented here, see
-[About the new Microsoft 365 admin center](https://docs.microsoft.com/microsoft-365/admin/microsoft-365-admin-center-preview?view=o365-21vianet).
+[About the new Microsoft 365 admin center](https://docs.microsoft.com/microsoft-365/admin/microsoft-365-admin-center-preview?view=o365-21vianet&preserve-view=true).
::: moniker-end
-You can buy more licenses or reduce the number of licenses for your subscriptions by using these steps.
+You can buy more licenses or reduce the number of licenses for your subscriptions by using the following steps.
## Before you begin -- You must be either a Global admin or a Billing admin to do the tasks in this article. For more information, see [About admin roles](../../admin/add-users/about-admin-roles.md).
+- You must be either a Global or Billing admin to do the tasks described in this article. For more information, see [About admin roles](../../admin/add-users/about-admin-roles.md).
- You can [add users and assign licenses at the same time](../../admin/add-users/add-users.md).
+- If you bought your Microsoft 365 for business or Office 365 Enterprise plan through a third-party partner, you must buy additional licenses through that partner.
+
+## Watch: Buy new licenses
+
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4KWvE]
+
+If the people who youΓÇÖre buying licenses for arenΓÇÖt active users in your organization yet, the next thing to do is [add users and assign licenses at the same time](../../admin/add-users/add-users.md).
+
+## Watch: Remove existing licenses
+
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4L53r]
+
+If youΓÇÖve removed licenses from a subscription, the next thing to do is [delete users from your organization](../../admin/add-users/delete-a-user.md).
## Buy or remove licenses for your business subscription ::: moniker range="o365-worldwide"
-1. In the admin center, go to the **Billing** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=842054" target="_blank">Your products</a> page.
-2. On the **Products** tab, find the subscription for which you want to buy or remove licenses. Select **More actions** (three dots), then select **Buy licenses**. [What if I don't see the Add/Remove licenses link?](#what-if-i-dont-see-the-addremove-licenses-link)
-3. If you want to decrease the number of licenses, at the top of the **Buy licenses** pane, select **remove licenses**.
+1. In the Microsoft 365 admin center, go to the **Billing** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=842054" target="_blank">Your products</a> page.
+2. On the **Products** tab, find the subscription for which you want to buy or remove licenses. Select **More actions** (three dots), then select **Buy licenses**. [What if I don't see the Buy licenses or Remove licenses buttons?](#what-if-i-dont-see-the-buy-licenses-or-remove-licenses-buttons)
+3. If you want to reduce the number of licenses, at the top of the **Buy licenses** pane, select **remove licenses**.
4. To buy or remove licenses, under **New quantity** in the **Total licenses** box, enter the total number of licenses that you want for this subscription. For example, if you have 100 licenses and you want to add five more, enter 105. If you want to remove five of them, enter 95. 5. Select **Save**.
@@ -56,7 +67,7 @@ You can buy more licenses or reduce the number of licenses for your subscription
::: moniker range="o365-germany" 1. In the admin center, go to the **Billing** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=847745" target="_blank">Subscriptions</a> page.
-2. On the **Subscriptions** page, select the subscription to which you want to buy or remove licenses, and then select **Add/Remove licenses**. [What if I don't see the Add/Remove licenses link?](#what-if-i-dont-see-the-addremove-licenses-link)
+2. On the **Subscriptions** page, select the subscription to which you want to buy or remove licenses, and then select **Add/Remove licenses**. [What if I don't see the Buy licenses or Remove licenses buttons?](#what-if-i-dont-see-the-buy-licenses-or-remove-licenses-buttons)
3. In the **Total licenses** box, enter the total number of licenses that you want for this subscription, then select **Submit** \> **Close**. For example, if you have 100 licenses and you want to add five more, enter 105. If you want to remove five licenses, enter 95. ::: moniker-end
@@ -64,7 +75,7 @@ You can buy more licenses or reduce the number of licenses for your subscription
::: moniker range="o365-21vianet" 1. In the admin center, go to the **Billing** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=850626" target="_blank">Subscriptions</a> page.
-2. On the **Subscriptions** page, select the subscription to which you want to buy or remove licenses, and then select **Add/Remove licenses**. [What if I don't see the Add/Remove licenses link?](#what-if-i-dont-see-the-addremove-licenses-link)
+2. On the **Subscriptions** page, select the subscription to which you want to buy or remove licenses, and then select **Add/Remove licenses**. [What if I don't see the Buy licenses or Remove licenses buttons?](#what-if-i-dont-see-the-buy-licenses-or-remove-licenses-buttons)
3. In the **Total licenses** box, enter the total number of licenses that you want for this subscription, and then select **Submit** \> **Close**. For example, if you have 100 licenses and you need to add 5 more, enter 105. If you want to remove 5 of them, enter 95. ::: moniker-end
@@ -72,37 +83,27 @@ You can buy more licenses or reduce the number of licenses for your subscription
> [!NOTE] > You can't reduce the number of licenses for your subscription if all licenses are currently assigned to users. To reduce the number of licenses, first [unassign one or more licenses from users](../../admin/manage/remove-licenses-from-users.md), then remove the licenses from the subscription.
-## What if I don't see the Add/Remove licenses link?
+## What if I don't see the Buy licenses or Remove licenses buttons?
-This table describes the reasons why the **Add/Remove licenses** link might not be available, and what you can do about it.
+This table describes the reasons why the **Buy licenses** or **Remove licenses** buttons aren't available, and possible solutions.
|Reason |Description |Solution | ||||
-|A credit check is pending. |If a credit check is pending, you see a "Pending credit check" message. You can't buy licenses until the credit check is complete. | Check back later to see if the credit check has completed. Credit checks typically take up to two working days to complete.<br/>After the credit check is complete, you should see the **Add/Remove licenses** link. |
-|You activated the subscription by using a product key.| If the subscription was purchased and activated by using a 25-character product key, you see the text "Prepaid." |See [Add licenses to a subscription paid for using a product key](add-licenses-using-product-key.md). |
-|You bought your subscription through a partner. | If the subscription was purchased via a partner, you see the Volume Licensing Service Center (VLSC) link. | See [Add licenses to a subscription purchased through the Volume Licensing Service Center](add-licenses-bought-through-vlsc.md). |
-|You bought your subscription through a reseller.|| If the subscription was purchased via a Cloud Solution Provider (CSP) partner, contact your CSP partner to buy more licenses. |
-|You have a trial subscription. |A trial version of Microsoft 365 displays the text "Trial". | First buy your trial subscription, then you can add more licenses. See [Buy a subscription to Microsoft 365 for business from your free trial](../buy-a-subscription-from-your-free-trial.md).|
-
-## What you need to know about buying licenses for your business subscription
-
-### License availability
+|A credit check is pending. |If a credit check is pending, you can't buy or remove licenses until the credit check is complete. | Check back later to see if the credit check has completed. Credit checks typically take up to two working days to complete.<br/>After the credit check is complete, you should see the **Buy licenses** and **Remove licenses** buttons. |
+|You activated the subscription by using a product key.| If the subscription was bought and activated by using a 25-character product key, you see the word "Prepaid" in the **Purchase channel** column of the **Your products** page. |See [Add licenses to a subscription paid for using a product key](add-licenses-using-product-key.md). |
+|You bought your subscription through a reseller.| You see the word "Reseller" in the **Purchase channel** column of the **Your products** page. | If the subscription was bought via a Cloud Solution Provider (CSP) partner, contact your CSP partner to buy more licenses. |
+|You have a trial subscription. | To view your trial subscriptions, select the filter button, then choose **Trial**. | First buy your trial subscription, then you can buy more licenses.|
-- **If you have a billing profile**: The credit card associated with your billing profile is charged as soon as you buy more licenses for a subscription. The licenses are immediately available for you to assign to users. [What's a billing profile?](../billing-and-payments/manage-billing-profiles.md)-- **If you don't have a billing profile**: If you pay for your subscription by credit or debit card, or bank account, any new licenses that you buy are immediately available after you receive an order confirmation. If you pay by invoice, you might have to wait for a credit check before your new licenses are available to use.
- > [!NOTE]
- > Paying by bank account is not available in some countries or regions.
-- **If you prepaid for your subscription with a product key**: You can add more licenses by adding a credit or debit card, or bank account to cover the additional cost of the new licenses. After you buy the new licenses, we add a second subscription with the number of new licenses that you just added. For example, if you have a prepaid subscription with five licenses, and then bought 10 more licenses, you see two subscriptions listed: one with the five prepaid licenses, and one with the 10 new licenses.
+## When will the new licenses be available to assign?
-### Changing your payment method
+The payment method associated with your subscription or billing profile is charged as soon as you buy more licenses for a subscription. The licenses are immediately available for you to assign to users.
-- **If you have a billing profile**: The credit card associated with your billing profile is charged as soon as you buy more licenses for a subscription. [What's a billing profile?](../billing-and-payments/manage-billing-profiles.md)-- **If you donΓÇÖt have a billing profile:** If you pay by credit card, debit card, or bank account, the charge for buying new licenses appears on your payment method in two days.
+If you prepaid for your subscription with a product key, you can add more licenses by using another product key, or by adding a credit or debit card, or bank account to cover the additional cost of the new licenses. If your subscription is prepaid, you can't remove licenses.
-### Billing statements
+## How does buying or removing licenses affect my billing statements?
- Licenses added in the middle of your billing period appear on your next invoice. If you pay annually, you are invoiced within a month for these changes.-- On your next billing statement, the previous charge for the original number of licenses is deducted. We add a prorated charge for the time period with the original number of licenses, and add a charge for the new license count. There is also a charge for the current license count for the remainder of your billing period.
+- On your next billing statement, the previous charge for the original number of licenses is deducted. We add a prorated charge for the time period with the original number of licenses and add a charge for the new license count. There's also a charge for the current license count for the remainder of your billing period.
## Next steps
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/communication-compliance-feature-reference https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-feature-reference.md
@@ -43,7 +43,7 @@ Policy templates are pre-defined policy settings that you can use to quickly cre
| **Regulatory compliance** | Monitor communications for info related to financial regulatory compliance | - Locations: Exchange Online, Microsoft Teams, Yammer, Skype for Business <br> - Direction: Inbound, Outbound <br> - Review Percentage: 10% <br> - Conditions: custom dictionary option, attachments larger than 1 MB | | **Conflict of interest** | Monitor communications between two groups or two users to help avoid conflicts of interest | - Locations: Exchange Online, Microsoft Teams, Yammer, Skype for Business <br> - Direction: Internal <br> - Review Percentage: 100% <br> - Conditions: None |
-Communications are scanned every 24 hours from the time policies are created. For example, if you create an offensive language policy at 11:00 AM, the policy will gather communication compliance signals every 24 hours at 11:00 AM daily. Editing a policy doesn't change this time. To view the last scan date and time for a policy, navigate to the *Last policy scan* column on the **Policy** page. The date and time of the last scan will be converted to the time zone of your local system.
+Communications are scanned every 24 hours from the time policies are created. For example, if you create an offensive language policy at 11:00 AM, the policy will gather communication compliance signals every 24 hours at 11:00 AM daily. Editing a policy doesn't change this time. To view the last scan date and time for a policy, navigate to the *Last policy scan* column on the **Policy** page. After creating a new policy, it may take up to 24 hours to view the first policy scan date and time. The date and time of the last scan will be converted to the time zone of your local system.
## Permissions
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/create-a-custom-sensitive-information-type-in-scc-powershell https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-custom-sensitive-information-type-in-scc-powershell.md
@@ -423,6 +423,14 @@ When you upload your rule package XML file, the system validates the XML and che
- Cannot have an unbounded repeater (such as "\*" or "+") on a group. For example, "(xx)\*" and "(xx)+" will not pass validation.
+
+- Keywords have a maximum of 50 characters in Length. If you have a keyword within a Group exceeding this, a suggested solution is to create the Group of terms as a [Keyword Dictionary](https://docs.microsoft.com/en-us/microsoft-365/compliance/create-a-keyword-dictionary) and reference the GUID of the Keyword Dictionary within the XML structure as part of the Entity for Match or idMatch in the file.
+
+- Each Custom Sensitive Information Type can have a maxium of 2048 keywords total.
+
+- When using the PowerShell Cmdlet there is a maximum return size of the Deserialized Data of approximately 1 megabyte. This will affect the size of your XML file. Keep the uploaded file limited to a 512 megabyte maximum as a suggested limit for consistent results without error when processing.
+
+- The XML structure does not require formatting characters such as Spaces, Tabs or Carriage Return / Linefeed entries. Take note of this when optimizing for space on uploads.
If a custom sensitive information type contains an issue that may affect performance, it won't be uploaded and you may see one of these error messages:
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/create-custom-sensitive-information-types-with-exact-data-match-based-classification https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-custom-sensitive-information-types-with-exact-data-match-based-classification.md
@@ -98,7 +98,7 @@ Setting up and configuring EDM-based classification involves:
2. Structure the sensitive data in the .csv file such that the first row includes the names of the fields used for EDM-based classification. In your .csv file, you might have field names, such as "ssn", "birthdate", "firstname", "lastname". The column header names can't include spaces or underscores. For example, the sample .csv file that we use in this article is named *PatientRecords.csv*, and its columns include *PatientID*, *MRN*, *LastName*, *FirstName*, *SSN*, and more.
-3. Pay attention to the format of the sensitive data fields. In particular, fields that may contain commas in their content (e.g. a street address that contains the value "Seattle,WA") would be parsed as two eparate fields when parsed by the EDM tool. In order to avoid this, you need to ensure such fields are surrounded by single or double quotes in the sensitive data table. If fields with commas in them may also contain spaces, you would need to create a custom Sensitive Information Type that matches the corresponding format (e.g. a multi-word string with commas and spaces in it) to ensure the string is correctly matched wjen the document is scanned.
+3. Pay attention to the format of the sensitive data fields. In particular, fields that may contain commas in their content (e.g. a street address that contains the value "Seattle,WA") would be parsed as two separate fields when parsed by the EDM tool. In order to avoid this, you need to ensure such fields are surrounded by single or double quotes in the sensitive data table. If fields with commas in them may also contain spaces, you would need to create a custom Sensitive Information Type that matches the corresponding format (e.g. a multi-word string with commas and spaces in it) to ensure the string is correctly matched wjen the document is scanned.
#### Define the schema for your database of sensitive information
@@ -204,7 +204,7 @@ In this example, where both `caseInsensitive` and `ignoredDelimiters` are used,
- **idMatch**: This field points to the primary element for EDM. - Matches: Specifies the field to be used in exact lookup. You provide a searchable field name in EDM Schema for the DataStore.
- - Classification: This field specifies the sensitive type match that triggers EDM lookup. You can provide Name or GUID of an existing built-in or custom classification.
+ - Classification: This field specifies the sensitive type match that triggers EDM lookup. You can provide the Name or GUID of an existing built-in or custom sensitive information type. Be aware that any string that matches the sensitive information type provided will be hashed and compared to every entry in the sensitive information table. In order to avoid causing performance issues, if you use a custom sensitive information type as the Classification element in EDM, avoid using one that will match a large percentage of content (such as "any number" or "any five-letter word") by adding supporting keywords or including formatting in the definition of the custom classification sensitive information type.
- **Match:** This field points to additional evidence found in proximity of idMatch. - Matches: You provide any field name in EDM Schema for DataStore.
@@ -648,4 +648,3 @@ EDM sensitive information types for following scenarios are currently in develop
- [Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security) - [New-DlpEdmSchema](https://docs.microsoft.com/powershell/module/exchange/new-dlpedmschema) - [Modify Exact Data Match schema to use configurable match](sit-modify-edm-schema-configurable-match.md)-
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/create-sensitivity-labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-sensitivity-labels.md
@@ -234,4 +234,4 @@ To configure and use your sensitivity labels for specific scenarios, use the fol
- [Enable sensitivity labels for Office files in SharePoint and OneDrive](sensitivity-labels-sharepoint-onedrive-files.md)
-To monitor how your labels are being used, see [View label usage with label analytics](label-analytics.md).
+To monitor how your labels are being used, see [Get started with data classification](data-classification-overview.md).
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/data-classification-content-explorer https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/data-classification-content-explorer.md
@@ -42,8 +42,6 @@ Every account that accesses and uses data classification must have a license ass
In order to get access to the content explorer tab, an account must be assigned membership in any one of these roles or role groups.
-A [DLP policy](data-loss-prevention-policies.md) can help protect sensitive information, which is defined as a **sensitive information type**. Microsoft 365 includes [definitions for many common sensitive information types](sensitive-information-type-entity-definitions.md) across many different regions that are ready for you to use. For example, a credit card number, bank account numbers, national ID numbers, and Windows Live ID service numbers.
- **Microsoft 365 role groups** - Global administrator
@@ -61,7 +59,7 @@ Access to content explorer is highly restricted because it lets you read the con
> [!IMPORTANT] > These permissions supercede permissions that are locally assigned to the items, which allows viewing of the content.
-There are two roles that grant access to content explorer:
+There are two roles that grant access to content explorer and it is granted using the [Microsoft Security & Compliance Center](https://protection.office.com/permissions):
- **Content Explorer List viewer**: Membership in this role group allows you to see each item and its location in list view. The `data classification list viewer` role has been pre-assigned to this role group.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/double-key-encryption https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/double-key-encryption.md
@@ -139,11 +139,13 @@ The following instructions are intended for inexperienced git or Visual Studio C
For example:
- ![Clone the Double Key Encryption service repository from GitHub](../media/dke-clone.png)
+ > [!div class="mx-imgBorder"]
+ > ![Clone the Double Key Encryption service repository from GitHub](../media/dke-clone.png)
3. In Visual Studio Code, select **View** \> **Command Palette** and select **Git: Clone**. To jump to the option in the list, start typing `git: clone` to filter the entries and then select it from the drop-down. For example:
- ![Visual Studio Code GIT:Clone option](../media/dke-vscode-clone.png)
+ > [!div class="mx-imgBorder"]
+ > ![Visual Studio Code GIT:Clone option](../media/dke-vscode-clone.png)
4. In the text box, paste the URL that you copied from Git and select **Clone from GitHub**.
@@ -263,19 +265,19 @@ To generate keys:
3. Generate the new test key.
- ```dos
+ ```console
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 ``` 4. Generate the private key.
- ```dos
+ ```console
openssl rsa -in key.pem -out privkeynopass.pem ``` 5. Generate the public key.
- ```dos
+ ```console
openssl rsa -in key.pem -pubout > pubkeyonly.pem ```
@@ -292,23 +294,23 @@ To generate keys:
10. Locate the following lines:
- ```c#
+ ```csharp
#if USE_TEST_KEYS #error !!!!!!!!!!!!!!!!!!!!!! Use of test keys is only supported for testing, DO NOT USE FOR PRODUCTION !!!!!!!!!!!!!!!!!!!!!!!!!!!!! services.AddSingleton<ippw.IKeyStore, ippw.TestKeyStore>(); #endif
- ```
+ ```
11. Replace these lines with the following text:
- ```csharp
- services.AddSingleton<ippw.IKeyStore, ippw.TestKeyStore>();
- ```
+ ```csharp
+ services.AddSingleton<ippw.IKeyStore, ippw.TestKeyStore>();
+ ```
- The end results should look similar to the following.
+ The end results should look similar to the following.
- ![startup.cs file for public preview](../media/dke-startupcs-usetestkeys.png)
+ ![startup.cs file for public preview](../media/dke-startupcs-usetestkeys.png)
Now you're ready to [build your DKE project](#build-the-project).
@@ -346,13 +348,13 @@ Use the following instructions to build the DKE project locally:
4. Select **Run** \> **Start Debugging** to debug the process. If you're prompted to select an environment, select **.NET core**.
-The .NET core debugger typically launches to `https://localhost:5001`. To view your test key, go to `https://localhost:5001` and append a forward slash (/) and the name of your key. For example:
+ The .NET core debugger typically launches to `https://localhost:5001`. To view your test key, go to `https://localhost:5001` and append a forward slash (/) and the name of your key. For example:
-```https
-https://localhost:5001/TestKey1
-```
+ ```https
+ https://localhost:5001/TestKey1
+ ```
-The key should display in JSON format.
+ The key should display in JSON format.
Your setup is now complete. Before you publish the keystore, in appsettings.json, for the JwtAudience setting, ensure the value for hostname exactly matches your App Service host name. You may have changed it to localhost to troubleshoot the build.
@@ -372,35 +374,36 @@ To publish the key store, you'll create an Azure App Service instance to host yo
2. Select your subscription and resource group and define your instance details.
- - Enter the hostname of the computer where you want to install the DKE service. Make sure it's the same name as the one defined for the JwtAudience setting in the [**appsettings.json**](#tenant-and-key-settings) file. The value you provide for the name is also the WebAppInstanceName.
+ - Enter the hostname of the computer where you want to install the DKE service. Make sure it's the same name as the one defined for the JwtAudience setting in the [**appsettings.json**](#tenant-and-key-settings) file. The value you provide for the name is also the WebAppInstanceName.
- - For **Publish**, select **code**, and for **Runtime stack**, select **.NET Core 3.1**.
+ - For **Publish**, select **code**, and for **Runtime stack**, select **.NET Core 3.1**.
- For example:
+ For example:
- ![Add your App Service](../media/dke-azure-add-app-service.png)
+ > [!div class="mx-imgBorder"]
+ > ![Add your App Service](../media/dke-azure-add-app-service.png)
3. At the bottom of the page, select **Review + create**, and then select **Add**. 4. Do one of the following to publish your generated keys:
- - [Publish via ZipDeployUI](#publish-via-zipdeployui)
- - [Publish via FTP](#publish-via-ftp)
- - [Publish via Visual Studio 2019 or later](https://docs.microsoft.com/aspnet/core/tutorials/)
+ - [Publish via ZipDeployUI](#publish-via-zipdeployui)
+ - [Publish via FTP](#publish-via-ftp)
+ - [Publish via Visual Studio 2019 or later](https://docs.microsoft.com/aspnet/core/tutorials/)
#### Publish via ZipDeployUI 1. Go to `https://<WebAppInstanceName>.scm.azurewebsites.net/ZipDeployUI`.
- For example: https://dkeservice.scm.azurewebsites.net/ZipDeployUI
+ For example: https://dkeservice.scm.azurewebsites.net/ZipDeployUI
2. In the codebase for the key store, go to the **customer-key-store\src\customer-key-store** folder, and verify that this folder contains the **customerkeystore.csproj** file. 3. Run: **dotnet publish**
- The output window displays the directory where the publish was deployed.
+ The output window displays the directory where the publish was deployed.
- For example: `customer-key-store\src\customer-key-store\bin\Debug\netcoreapp3.1\publish\`
+ For example: `customer-key-store\src\customer-key-store\bin\Debug\netcoreapp3.1\publish\`
4. Send all files in the publish directory to a .zip file. When creating the .zip file, make sure that all files in the directory are at the root level of the .zip file.
@@ -412,11 +415,11 @@ DKE is deployed and you can browse to the test keys you've created. Continue to
1. Connect to the App Service you created [above](#deploy-the-dke-service-and-publish-the-key-store).
- In your browser, go to: **Azure portal** > **App Service** > **Deployment Center** > **Manual Deployment** > **FTP** > **Dashboard**.
+ In your browser, go to: **Azure portal** > **App Service** > **Deployment Center** > **Manual Deployment** > **FTP** > **Dashboard**.
2. Copy the connection strings displayed to a local file. You'll use these strings to connect to the Web App Service and upload files via FTP.
- For example:
+ For example:
![Copy connection strings from the FTP dashboard](../media/dke-ftp-dashboard.png)
@@ -426,9 +429,9 @@ DKE is deployed and you can browse to the test keys you've created. Continue to
5. Run: **dotnet publish**
- The output contains the directory where the publish was deployed.
+ The output contains the directory where the publish was deployed.
- For example: `customer-key-store\src\customer-key-store\bin\Debug\netcoreapp3.1\publish\`
+ For example: `customer-key-store\src\customer-key-store\bin\Debug\netcoreapp3.1\publish\`
6. Send all files in the publish directory to a zip file. When creating the .zip file, make sure that all files in the directory are at the root level of the .zip file.
@@ -442,11 +445,15 @@ After deploying DKE using one of the methods described above, validate the deplo
Run:
+```powershell
src\customer-key-store\scripts\key_store_tester.ps1 dkeserviceurl/mykey
+```
For example:
+```powershell
key_store_tester.ps1 https://mydkeservice.com/mykey
+```
Ensure that no errors appear in the output. When you're ready, [register your key store](#register-your-key-store).
@@ -464,11 +471,12 @@ To register the DKE service:
3. Select an account type from the options displayed.
- If you're using Microsoft Azure with a non-custom domain, such as **onmicrosoft.com**, select **Accounts in this organizational directory only (Microsoft only - Single tenant).**
+ If you're using Microsoft Azure with a non-custom domain, such as **onmicrosoft.com**, select **Accounts in this organizational directory only (Microsoft only - Single tenant).**
- For example:
+ For example:
- ![New App Registration](../media/dke-app-registration.png)
+ > [!div class="mx-imgBorder"]
+ > ![New App Registration](../media/dke-app-registration.png)
4. At the bottom of the page, select **Register** to create the new App Registration.
@@ -480,13 +488,13 @@ To register the DKE service:
8. Under **Redirect URIs**, enter the URI of your double key encryption service. Enter the App Service URL, including both the hostname and domain.
- For example: https://mydkeservicetest.com
+ For example: https://mydkeservicetest.com
- - The URL you enter must match the hostname where your DKE service is deployed.
- - If you're testing locally with Visual Studio, use **https://localhost:5001**.
- - In all cases, the scheme must be **https**.
+ - The URL you enter must match the hostname where your DKE service is deployed.
+ - If you're testing locally with Visual Studio, use **https://localhost:5001**.
+ - In all cases, the scheme must be **https**.
- Ensure the hostname exactly matches your App Service hostname. You may have changed it to `localhost` to troubleshoot the build. In **appsettings.json**, this value is the hostname you set for `JwtAudience`.
+ Ensure the hostname exactly matches your App Service hostname. You may have changed it to `localhost` to troubleshoot the build. In **appsettings.json**, this value is the hostname you set for `JwtAudience`.
9. Under **Implicit grant**, select the **ID tokens** checkbox.
@@ -526,7 +534,8 @@ In the Microsoft 365 compliance center, create a new sensitivity label and apply
For example:
-![Select Use Double Key Encryption in the Microsoft 365 compliance center](../media/dke-use-dke.png)
+> [!div class="mx-imgBorder"]
+> ![Select Use Double Key Encryption in the Microsoft 365 compliance center](../media/dke-use-dke.png)
Any DKE labels you add will start appearing for users in the latest versions of Microsoft 365 Apps for enterprise.
@@ -537,12 +546,12 @@ Any DKE labels you add will start appearing for users in the latest versions of
If you're an Office Insider, DKE is enabled for you. Otherwise, enable DKE for your client by adding the following registry keys:
-```properties
- [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\MSIPC\flighting]
- "DoubleKeyProtection"=dword:00000001
+```console
+ [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\MSIPC\flighting]
+ "DoubleKeyProtection"=dword:00000001
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSIPC\flighting]
- "DoubleKeyProtection"=dword:00000001
+ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSIPC\flighting]
+ "DoubleKeyProtection"=dword:00000001
``` ## Migrate protected files from HYOK labels to DKE labels
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/encryption-office-365-certificate-chains https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/encryption-office-365-certificate-chains.md
@@ -5,7 +5,7 @@ f1.keywords:
Previously updated : 10/16/2020 Last updated : 2/1/2021 audience: Admin
@@ -316,6 +316,23 @@ Expand the root and intermediate sections below to see additional details about
| **CRL URLs** | http://crl.digicert.cn/DigiCertGlobalRootCA.crl | | **OCSP URLs** | http://ocsp.digicert.cn |
+### **DigiCert Cloud Services CA-1**
+
+| **Subject** | CN=DigiCert Cloud Services CA-1<br>O=DigiCert Inc<br>C=US |
+| | |
+| **Issuer** | CN=DigiCert Global Root CA<br>OU=www.digicert.com<br>O=DigiCert Inc<br>C=US |
+| **Serial Number** | 01:9E:C1:C6:BD:3F:59:7B:B2:0C:33:38:E5:51:D8:77 |
+| **Public Key Length** | RSA 2048 bits |
+| **Signature Algorithm** | sha256RSA |
+| **Validity Not Before** | August 4, 2015 12:00 AM |
+| **Validity Not Until** | August 4, 2030 12:00 AM |
+| **Subject Key Identifier** | dd:51:d0:a2:31:73:a9:73:ae:8f:b4:01:7e:5d:8c:57:cb:9f:f0:f7 |
+| **Authority Key Identifier** | 03:de:50:35:56:d1:4c:bb:66:f0:a3:e2:1b:1b:c3:97:b2:3d:d1:55 |
+| **Thumbprint (SHA-1)** | 81B68D6CD2f221F8F534E677523BB236BBA1DC56 |
+| **Thumbprint (SHA-256)** | 2F6889961A7CA7067E8BA103C2CF9B9A924F8CA293F11178E23A1978D2F133D3 |
+| **Pin (SHA-256)** | UgpUVparimk8QCjtWQaUQ7EGrtrykc/L8N66EhFY3VE= |
+| **CRL URLs** | http://crl3.digicert.com/DigiCertGlobalRootCA.crl<br>http://crl4.digicert.com/DigiCertGlobalRootCA.crl |
+| **OCSP URLs** | http://ocsp.digicert.com |
### **DigiCert Cloud Services CA-1**
@@ -325,15 +342,15 @@ Expand the root and intermediate sections below to see additional details about
| **Serial Number** | 0F:17:1A:48:C6:F2:23:80:92:18:CD:2E:D6:DD:C0:E8 | | **Public Key Length** | RSA 2048 bits | | **Signature Algorithm** | sha256RSA |
-| **Validity Not Before** | Thursday, September 24, 2020 5:00 PM |
-| **Validity Not Until** | Tuesday, September 24, 2030 4:59 PM |
-| **Subject Key Identifier** | DD51D0A23173A973AE8FB4017E5D8C57CB9FF0F7 |
-| **Authority Key Identifier** | KeyID:03:de:50:35:56:d1:4c:bb:66:f0:a3:e2:1b:1b:c3:97:b2:3d:d1:55 |
+| **Validity Not Before** | September 25, 2020 00:00 AM |
+| **Validity Not After** | September 24, 2030 11:59 PM |
+| **Subject Key Identifier** | dd:51:d0:a2:31:73:a9:73:ae:8f:b4:01:7e:5d:8c:57:cb:9f:f0:f7 |
+| **Authority Key Identifier** | 03:de:50:35:56:d1:4c:bb:66:f0:a3:e2:1b:1b:c3:97:b2:3d:d1:55 |
| **Thumbprint (SHA-1)** | B3F6B64A07BB9611F47174407841F564FB991F29 |
-| **Thumbprint (SHA-256)** | 5F88694615E4C61686E106B84C3338C6720C535F60D36F61282ED15E1977DD44 |
+| **Thumbprint (SHA-256)** | 5F88694615E4C61686E106B84C3338C6720C535F60D36F61282ED15E1977DD44 | -
| **Pin (SHA-256)** | UgpUVparimk8QCjtWQaUQ7EGrtrykc/L8N66EhFY3VE= |
-| **CRL URLs** | http://crl3.digicert.com/DigiCertGlobalRootCA.crl <br> http://crl4.digicert.com/DigiCertGlobalRootCA.crl |
-| **OCSP URLs** | http://ocsp.digicert.com |
+| **CRL URLs** | http://crl3.digicert.com/DigiCertGlobalRootCA.crl<br>http://crl4.digicert.com/DigiCertGlobalRootCA.crl |
+| **OCSP URLs** | http://ocsp.digicert.com
### **DigiCert SHA2 Extended Validation Server CA**
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/endpoint-dlp-getting-started https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/endpoint-dlp-getting-started.md
@@ -72,6 +72,9 @@ Data from Endpoint DLP can be viewed in [Activity explorer](data-classification-
- Compliance admin - Security admin - Compliance data admin
+- Global reader
+- Security reader
+- Reports reader
### Prepare your endpoints
@@ -193,7 +196,7 @@ Once done and endpoint is onboarded, it should be visible under the **Devices**
## Next steps Now that you have onboarded devices and can view the activity data in Activity explorer, you are ready to move on to your next step where you create DLP policies that protect your sensitive items. -- [Using Endpoint data loss prevention (preview)](endpoint-dlp-using.md)
+- [Using Endpoint data loss prevention](endpoint-dlp-using.md)
## See also
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/exchange-online-uses-tls-to-secure-email-connections https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/exchange-online-uses-tls-to-secure-email-connections.md
@@ -59,7 +59,7 @@ The certificate information used by Exchange Online is described in the followin
**Current certificate information valid from September 3, 2018**
-|**Attribute**|**Value**|
+| Attribute | Value |
|:--|:--| |Certificate authority root issuer <br/> |GlobalSign Root CA ΓÇô R1 <br/> | |Certificate name <br/> |mail.protection.outlook.com <br/> |
@@ -73,7 +73,7 @@ To help ensure a smooth transition, we will continue to provide the old certific
****
-|**Attribute**|**Value**|
+| Attribute | Value |
|:--|:--| |Certificate authority root issuer <br/> |Baltimore CyberTrust Root <br/> | |Certificate name <br/> |mail.protection.outlook.com <br/> |
@@ -89,15 +89,18 @@ The new certificate requires connecting to the endpoints of the new CA as part o
1. Connect to your local Exchange Server using Windows PowerShell and then run the following command: `certutil -URL https://crl.globalsign.com/gsorganizationvalsha2g3.crl`
-2. On the window that appears, choose **Retrieve**.
-3. When the utility completes its check it returns a status. If the status displays **OK**, then your mail server can successfully validate the new certificate. If not, you need to determine what is causing the connections to fail. Most likely, you need to update the settings of a firewall. The full list of endpoints that need to be accessed include:
+
+1. On the window that appears, choose **Retrieve**.
+
+1. When the utility completes its check it returns a status. If the status displays **OK**, then your mail server can successfully validate the new certificate. If not, you need to determine what is causing the connections to fail. Most likely, you need to update the settings of a firewall. The full list of endpoints that need to be accessed include:
- ocsp.globalsign.com
- - crl.globalsign.com
- - secure.globalsign.com
+ - crl.globalsign.com
+ - secure.globalsign.com
Normally, you receive updates to your root certificates automatically through Windows Update. However some deployments have additional security in place that prevents these updates from occurring automatically. In these locked-down deployments where Windows Update can't automatically update root certificates, you need to ensure that the correct root CA certificate is installed by completing these steps: 1. Connect to your local Exchange Server using Windows PowerShell and then run the following command: `certmgr.msc`+ 2. Under **Trusted Root Certification Authority/Certificates**, confirm that the new certificate is listed. ## Get more information about TLS and Microsoft 365
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-sensitivity-labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/get-started-with-sensitivity-labels.md
@@ -86,7 +86,7 @@ All scenarios require you to [Create and configure sensitivity labels and their
|Discover, label, and protect files stored in data stores that are on premises |[Deploying the Azure Information Protection scanner to automatically classify and protect files](https://docs.microsoft.com/azure/information-protection/deploy-aip-scanner)| |Discover, label, and protect files stored in data stores that are in the cloud|[Discover, classify, label, and protect regulated and sensitive data stored in the cloud](https://docs.microsoft.com/cloud-app-security/best-practices#discover-classify-label-and-protect-regulated-and-sensitive-data-stored-in-the-cloud)| |Apply and view labels in Power BI, and protect data when it's saved outside the service|[Sensitivity labels in Power BI](https://docs.microsoft.com/power-bi/admin/service-security-sensitivity-label-overview)|
-|Monitor and understand how sensitivity labels are being used in my organization|[Know your data - data classification overview](data-classification-overview.md) <br /><br /> [View label usage with label analytics](label-analytics.md)|
+|Monitor and understand how sensitivity labels are being used in my organization|[Know your data - data classification overview](data-classification-overview.md) <br /><br /> [Get started with data classification](data-classification-overview.md)|
|Extend sensitivity labels to third-party apps and services|[Microsoft Information Protection SDK](https://docs.microsoft.com/information-protection/develop/overview#microsoft-information-protection-sdk)| |Extend sensitivity labels across content in Azure Blob Storage, Azure files, Azure Data Lake Storage Gen1, and Azure Data Lake Storage Gen12|[Automatically label your content in Azure Purview](https://docs.microsoft.com/azure/purview/create-sensitivity-label) |
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers-edit-segments-policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/information-barriers-edit-segments-policies.md
@@ -161,6 +161,8 @@ After you have started applying information barrier policies, if you want to sto
- [Get an overview of information barriers](information-barriers.md) - [Define policies for information barriers](information-barriers-policies.md)-- [Learn more about information barriers in Microsoft Teams](https://docs.microsoft.com/MicrosoftTeams/information-barriers-in-teams)
+- [Learn more about information barriers in Microsoft Teams](/MicrosoftTeams/information-barriers-in-teams)
+- [Learn more about information barriers in SharePoint Online](/sharepoint/information-barriers)
+- [Learn more about information barriers in OneDrive](/onedrive/information-barriers)
- [Attributes for information barrier policies](information-barriers-attributes.md) - [Troubleshooting information barriers](information-barriers-troubleshooting.md)
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers-policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/information-barriers-policies.md
@@ -317,4 +317,6 @@ When the cmdlet finishes, Contoso is compliant with legal and industry requireme
## Resources - [Get an overview of information barriers](information-barriers.md)-- [Information barriers in Microsoft Teams](https://docs.microsoft.com/MicrosoftTeams/information-barriers-in-teams)
+- [Learn more about information barriers in Microsoft Teams](/MicrosoftTeams/information-barriers-in-teams)
+- [Learn more about information barriers in SharePoint Online](/sharepoint/information-barriers)
+- [Learn more about information barriers in OneDrive](/onedrive/information-barriers)
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/information-barriers.md
@@ -33,7 +33,13 @@ Microsoft Teams, SharePoint Online, and OneDrive for Business support informatio
> [!IMPORTANT] > Information barriers ***only supports*** two way restrictions. One way restrictions, such as marketing can communicate and collaborate with day traders, but day traders cannot communicate and collaborate with marketing ***is not supported***.
-For all of these example scenarios (and more), information barrier policies can be defined to prevent or allow communications and collaboration in Microsoft Teams, SharePoint Online and OneDrive. Such policies can prevent people from calling or chatting with those they shouldn't, or enable people to communicate only with specific groups in Microsoft Teams. With information barrier policies in effect, whenever users who are covered by those policies attempt to communicate and collaborate with others in Microsoft Teams, SharePoint Online or OneDrive checks are done to prevent (or allow) communication and collaboration (as defined by information barrier policies). To learn more about the user experience with information barriers, see [information barriers in Microsoft Teams](https://docs.microsoft.com/MicrosoftTeams/information-barriers-in-teams) and [information barriers in SharePoint Online](https://docs.microsoft.com/sharepoint/information-barriers)
+For all of these example scenarios (and more), information barrier policies can be defined to prevent or allow communications and collaboration in Microsoft Teams, SharePoint Online and OneDrive. Such policies can prevent people from calling or chatting with those they shouldn't, or enable people to communicate only with specific groups in Microsoft Teams. With information barrier policies in effect, whenever users who are covered by those policies attempt to communicate and collaborate with others in Microsoft Teams, SharePoint Online or OneDrive checks are done to prevent (or allow) communication and collaboration (as defined by information barrier policies).
+
+To learn more about the user experience with information barriers, see:
+
+- [Information barriers in Microsoft Teams](/MicrosoftTeams/information-barriers-in-teams)
+- [Information barriers in SharePoint Online](/sharepoint/information-barriers)
+- [Information barriers in OneDrive](/onedrive/information-barriers)
> [!IMPORTANT] > Currently, information barriers do not apply to email communications. In addition, information barriers are independent from [compliance boundaries](set-up-compliance-boundaries.md).<p> Before you define and apply information barrier policies, make sure your organization does not have [Exchange address book policies](https://docs.microsoft.com/exchange/address-books/address-book-policies/address-book-policies) in effect. (Information barriers are based on address book policies.)
@@ -57,16 +63,16 @@ In Microsoft Teams, information barrier policies determine and prevent the follo
If the people involved are included in an information barrier policy to prevent the activity, they will not be able to proceed. In addition, potentially, everyone included in an information barrier policy can be blocked from communicating with others in Microsoft Teams. When people affected by information barrier policies are part of the same team or group chat, they might be removed from those chat sessions and further communication with the group might not be allowed.
-To learn more about the user experience with information barriers, see [information barriers in Microsoft Teams](https://docs.microsoft.com/MicrosoftTeams/information-barriers-in-teams).
+To learn more about the user experience with information barriers, see [information barriers in Microsoft Teams](/MicrosoftTeams/information-barriers-in-teams).
In SharePoint Online and OneDrive, information barrier policies determine and prevent the following kinds of unauthorized collaborations: - Adding a member to a site - Accessing site or content by a user - Sharing site or content with another user-- Searching a site
+- Searching a site
-To learn more about the user experience with information barriers, see [information barriers in SharePoint Online](https://docs.microsoft.com/sharepoint/information-barriers)
+To learn more about the user experience with information barriers, see [information barriers in SharePoint Online](/sharepoint/information-barriers)
## Required licenses and permissions
@@ -93,9 +99,9 @@ You must be familiar with PowerShell cmdlets in order to define, validate, or ed
## Next steps -- [Learn more about information barriers in Microsoft Teams](https://docs.microsoft.com/MicrosoftTeams/information-barriers-in-teams)
+- [Learn more about information barriers in Microsoft Teams](/MicrosoftTeams/information-barriers-in-teams)
+- [Learn more about information barriers in SharePoint Online](/sharepoint/information-barriers)
+- [Learn more about information barriers in OneDrive](/onedrive/information-barriers)
- [See the attributes that can be used for information barrier policies](information-barriers-attributes.md) - [Define policies for information barriers](information-barriers-policies.md)-- [Edit (or remove) information barrier policies](information-barriers-edit-segments-policies.md)-- [Learn more about Information barriers in SharePoint Online](https://docs.microsoft.com/sharepoint/information-barriers)-- [Learn more about Information barriers in OneDrive for Business](https://docs.microsoft.com/onedrive/information-barriers)
+- [Edit (or remove) information barrier policies](information-barriers-edit-segments-policies.md)
\ No newline at end of file
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/label-analytics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/label-analytics.md
@@ -1,100 +0,0 @@
- Title: "View label usage with label analytics"-- CSH--- Previously updated : --
-localization_priority: Priority
--- M365-security-compliance-- MOE150-- MET150--- seo-marvel-apr2020
-description: Learn how to quickly see which retention labels and sensitivity labels are used the most and where theyΓÇÖre being applied.
--
-# View label usage with label analytics
-
-After you create your retention labels and sensitivity labels, youΓÇÖll want to see how theyΓÇÖre being used across your tenant. With label analytics in the Microsoft 365 compliance center and Microsoft 365 security center, you can quickly see which labels are used the most and where theyΓÇÖre being applied.
-
-For example, with label analytics, you can view the:
--- Total number of retention labels and sensitivity labels applied to content.-- Top labels and the count of how many times each label was applied.-- Locations where labels are applied and the count for each location.-- Count for how many files and folders had their retention label changed or removed.-
-You can find label analytics in the [Microsoft 365 compliance center](https://compliance.microsoft.com/labelanalytics) or [Microsoft 365 security center](https://security.microsoft.com/labelanalytics) > **Classification** > **Label analytics**.
-
-![Label analytics page](../media/label-analytics-page.png)
-
-## Sensitivity label usage
-
-The data on sensitivity label usage is pulled from the reports for Azure Information Protection ΓÇô for more information, see [Central reporting for Azure Information Protection](https://docs.microsoft.com/azure/information-protection/reports-aip).
-
-Note that the Azure Information Protection reports have [prerequisites](/azure/information-protection/reports-aip#prerequisites) that also apply to label analytics on sensitivity labels in the Microsoft 365 compliance center and Microsoft 365 security center. For example, you need an Azure subscription that includes the Log Analytics because these reports are a result of sending information protection audit events from Azure Information Protection clients and scanners to a centralized location based on Azure Log Analytics service.
-
-For sensitivity label usage:
--- There is no latency in the data. This is a real-time report.-- To see the count for each top label, point to the bar graph and read the tool tip that appears.-- The report shows where sensitivity labels are applied per app (whereas retention labels are shown per location).-
-![Sensitivity label usage report](../media/sensitivity-label-usage-report.png)
-
-## Retention label usage
-
-This report shows a quick view of what the top labels are and where theyΓÇÖre applied. For more detailed information on how content in SharePoint and OneDrive is labeled, see [View label activity for documents](view-label-activity-for-documents.md).
-
-For retention label usage:
--- Data is aggregated weekly, so it may take up to seven days for data to appear in the report.-- To see the count for each top label, point to the bar graph and read the tool tip that appears.-- The report shows where retention labels are applied per location (whereas sensitivity labels are shown per app).-- For retention labels, this is a summary of the all-time data in your tenant; itΓÇÖs not filtered to a specific date range. By contrast, the [Label Activity Explorer](view-label-activity-for-documents.md) shows data from only the past 30 days.-
-![Retention label usage report](../media/retention-label-usage-report.png)
-
-## View all content with a specific retention label
-
-From the retention label usage report, you can quickly explore all content with that label applied. (Note that we're currently working on this feature, so that it will take fewer steps to view all the labeled content.)
-
-First, choose **View Details** at the bottom of the report.
-
-![View Details option at bottom of retention label usage report](../media/retention-label-usage-view-details.png)
-
-Then choose a retention label > **Explore items** in the right pane.
-
-![Explore items option in right pane](../media/retention-label-usage-explore-items.png)
-
-For that label, you can choose the **Activity** tab to view a count of items with that label by location.
-
-![Activity tab for a retention label](../media/retention-label-usage-activity-tab.png)
-
-You can also choose the **Items with this label** tab. Then you can drill into specific locations:
--- For Exchange Online, you see a list of mailboxes with the count of labeled items in each mailbox.-- For SharePoint Online and OneDrive for Business, you see a list of site collections and OneDrive accounts with the count of labeled items in each location.-
-When you choose a mailbox or site collection, you can view a list of items with that retention label in that location.
-
-![Items with this label tab showing all items with that retention label](../media/retention-label-usage-content-explorer.png)
-
-## Permissions
-
-To view label analytics, you must be assigned one of the following roles in Azure Active Directory:
--- Global administrator-- Compliance administrator-- Security administrator-- Security reader-
-In addition, note these reports use Azure Monitor to store the data in a Log Analytics workspace that your organization owns. Therefore, the user should be added as a reader to the Azure Monitoring workspace that holds the data - for more information, see [Permissions required for Azure Information Protection analytics](https://docs.microsoft.com/azure/information-protection/reports-aip#permissions-required-for-azure-information-protection-analytics).
-
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/ome-faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ome-faq.md
@@ -65,7 +65,7 @@ The new capabilities for Office 365 Message Encryption are an evolution of the e
**Comparison of legacy OME, IRM, and new OME capabilities**
-|**Capability**|**Previous versions of OME**|**IRM**|**New OME capabilities**|
+| Capability | Previous versions of OME | IRM | New OME capabilities |
|:--|:--|:--|:--| |**Sending an encrypted email**|Only through Exchange mail flow rules|End-user initiated from Outlook for Windows, Outlook for Mac, or Outlook on the web; or through Exchange mail flow rules|End-user initiated from Outlook for Windows, Outlook for Mac, or Outlook on the web; or through mail flow rules| |**Rights management**|-|Do Not Forward option and custom templates|Do Not Forward option, encrypt-only option, default and custom templates|
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/retention https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention.md
@@ -219,7 +219,7 @@ You can then drill down into details by using [content explorer](data-classifica
The Office 365 Security & Compliance Center has the equivalent overview information for retention labels from **Information governance** > **Dashboard**, and more detailed information from **Information governance** > **Label activity explorer**. For more information about monitoring retention labels from this older admin center, see the following documentation: - [View the data governance reports](view-the-data-governance-reports.md)-- [View label usage with label analytics](label-analytics.md)
+- [Get started with data classification](data-classification-overview.md).
- [View label activity for documents](view-label-activity-for-documents.md) #### Using Content Search to find all content with a specific retention label
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-office-apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-office-apps.md
@@ -59,7 +59,7 @@ The numbers listed are the minimum Office application version required for each
|[Dynamic markings with variables](#dynamic-markings-with-variables) | 2010+ | 16.42+ | 2.42+ | 16.0.13328+ | Under review | |[Assign permissions now](encryption-sensitivity-labels.md#assign-permissions-now) | 1910+ | 16.21+ | 2.21+ | 16.0.11231+ | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) | |[Let users assign permissions](encryption-sensitivity-labels.md#let-users-assign-permissions) |2004+ | 16.35+ | Under review | Under review | Under review |
-|[View label usage with label analytics](label-analytics.md) and send data for administrators | Preview: [Current Channel (Preview)](https://office.com/insider) | Preview: [Current Channel (Preview)](https://office.com/insider) | Under review | Under review | Yes <sup>\*</sup> |
+|[Get started with data classification](data-classification-overview.md) and send data for administrators | Preview: [Current Channel (Preview)](https://office.com/insider) | Preview: [Current Channel (Preview)](https://office.com/insider) | Under review | Under review | Yes <sup>\*</sup> |
|[Require users to apply a label to their email and documents](#require-users-to-apply-a-label-to-their-email-and-documents) | Preview: Rolling out to [Current Channel (Preview)](https://office.com/insider) | Preview: Rolling out to [Current Channel (Preview)](https://office.com/insider) | Under review | Preview: [Beta Channel](https://office.com/insider) | Under review |[Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md) | 2009+ | Rolling out: 16.44+ | Under review | Under review | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) | |Support [AutoSave](https://support.office.com/article/6d6bd723-ebfd-4e40-b5f6-ae6e8088f7a5) and [coauthoring](https://support.office.com/article/ee1509b4-1f6e-401e-b04a-782d26f564a4) on labeled and encrypted documents | Under review | Under review | Under review | Under review | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) |
@@ -85,7 +85,7 @@ The numbers listed are the minimum Office application version required for each
|[Assign permissions now](encryption-sensitivity-labels.md#assign-permissions-now) | 1910+ | 16.21+ | 4.7.1+ | 4.0.39+ | Yes | |[Let users assign permissions](encryption-sensitivity-labels.md#let-users-assign-permissions) | 1910+ | 16.21+ | 4.7.1+ | 4.0.39+ | Yes | |[Require users to apply a label to their email and documents](#require-users-to-apply-a-label-to-their-email-and-documents) | Preview: [Current Channel (Preview)](https://office.com/insider)) | 16.43+ | Under review | Under review | Yes |
-|[View label usage with label analytics](label-analytics.md) and send data for administrators | Preview: [Current Channel (Preview)](https://office.com/insider) | Preview: [Current Channel (Preview)](https://office.com/insider) | Under review | Under review | Yes |
+|[Get started with data classification](data-classification-overview.md) and send data for administrators | Preview: [Current Channel (Preview)](https://office.com/insider) | Preview: [Current Channel (Preview)](https://office.com/insider) | Under review | Under review | Yes |
|[Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md) | 2009+ | 16.44+ | Under review | Under review | Yes | |
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/whats-new https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/whats-new.md
@@ -16,23 +16,68 @@ search.appverid:
ms.assetid: e3c6df61-8513-499d-ad8e-8a91770bff63 - M365-security-compliance
-description: Whether it be adding new new solutions to the compliance center, updating existing features based on your feedback, or rolling out fresh and updated documentation, Microsoft 365 helps you stay on top of the ever-changing compliance landscape. Find out what we've been up to this month.
+description: Whether it be adding new solutions to the compliance center, updating existing features based on your feedback, or rolling out fresh and updated documentation, Microsoft 365 helps you stay on top of the ever-changing compliance landscape. Find out what we've been up to this month.
# What's new in Microsoft 365 compliance
-Whether it be adding new solutions to the [Microsoft 365 compliance center](microsoft-365-compliance-center.md), updating existing features based on your feedback, or rolling out fresh and updated documentation, Microsoft 365 helps you stay on top of the ever-changing compliance landscape. Take a look below to see whatΓÇÖs new in Microsoft 365 compliance today.
+Whether it be adding new solutions to the [Microsoft 365 compliance center](microsoft-365-compliance-center.md), updating existing features based on your feedback, or rolling out fresh and updated documentation, Microsoft 365 helps you stay on top of the ever-changing compliance landscape. Take a look below to see whatΓÇÖs new in Microsoft 365 compliance today.
> [!NOTE] > Some compliance features get rolled out at different speeds to our customers. If you aren't seeing a feature yet, try adding yourself to [targeted release](https://docs.microsoft.com/office365/admin/manage/release-options-in-office-365). - > [!TIP] > Interested in what's going on in other admin centers? Check out these articles:<br>[What's new in the Microsoft 365 admin center](https://docs.microsoft.com/office365/admin/whats-new-in-preview)<br>[What's new in the SharePoint admin center](https://docs.microsoft.com/sharepoint/what-s-new-in-admin-center)<br>[What's new in Microsoft 365 Defender](https://docs.microsoft.com/microsoft-365/security/mtp/whats-new)<br><br> And visit the [Microsoft 365 Roadmap](https://www.microsoft.com/en-us/microsoft-365/roadmap) to learn about Microsoft 365 features that were launched, are rolling out, are in development, have been cancelled, or previously released.
-## November & December 2020
+## December 2020
+
+### Spotlight: New content for insider risk solutions
+
+The Microsoft 365 compliance content team is hard at work creating ΓÇÿcontent solutionΓÇÖ docs to promote how compliance capabilities can be used together to help meet your compliance goals.
+
+First up is content that ties together our insider risk solutions: communication compliance, insider risk management, information barriers, and privileged access management. HereΓÇÖs a peek at what youΓÇÖll find:
+
+- [New landing page for insider risk solutions](insider-risk-solution-overview.md). Includes details about risks that the solutions can help mitigate, licensing requirements, deployment sequence, architecture illustrations, training resources, and more.
+- New overview articles for each insider risk solution. Guidance and links to articles that help you learn about, plan, deploy, and manage each solution:
+ - [Communication compliance](communication-compliance-solution-overview.md)
+ - [Insider risk management](insider-risk-management-solution-overview.md)
+ - [Information barriers](information-barriers-solution-overview.md)
+ - [Privileged access management](privileged-access-management-solution-overview.md)
+
+More content solution docs coming soon!
+
+### Advanced eDiscovery
+
+Improved workflow and functionality for [adding custodians](add-custodians-to-case.md) and [non-custodial data sources](non-custodial-data-sources.md) to an Advanced eDiscovery case.
+
+### Data connectors
+
+[Four new Globanet connectors released](archiving-third-party-data.md#third-party-data-connectors): Redtail Speak, Salesforce Chatter, ServiceNow, and Yieldbroker.
+
+### Encryption
+
+Introducing [Customer Key for Microsoft 365 at the tenant level](customer-key-tenant-level.md). Using keys you provide, you can create a data encryption policy (DEP) and assign it to the tenant. The DEP encrypts data across the tenant for these workloads:
+
+- Teams chat messages (1:1 chats, group chats, meeting chats and channel conversations)
+- Teams media messages (images, code snippets, videos, wiki images)
+- Teams call and meeting recordings stored in Teams storage
+- Teams chat notifications
+- Teams chat suggestions by Cortana
+- Teams status messages
+- User and signal information for Exchange Online
+
+### Records management
+
+The [Records Management admin role group](get-started-with-records-management.md#permissions-required-for-records-management) now grants permissions for all records management features, including disposition review.
+
+### Sensitivity labels
+
+- [Automatically label data in Azure Purview (preview)](https://docs.microsoft.com/en-us/azure/purview/create-sensitivity-label). You can now create and automatically apply sensitivity labels to assets in Azure Purview, such as files in Azure Blob storage and database columns in SQL Server.
+- [Require users to apply a label to items](sensitivity-labels-office-apps.md#require-users-to-apply-a-label-to-their-email-and-documents). Also known as ΓÇÿmandatory labelingΓÇÖ, this new option requires users to choose and apply a sensitivity label under the specific scenarios.
+
+## November 2020
Just a reminder that we often release new and updated features in a preview state to learn how they're being used so we can hone and improve them before releasing to general availability. Your feedback is critical during preview (and beyond), so be sure to let us know what you think by opening the Feedback card at the bottom right of the compliance center. ![feedback](../media/Feedback_card_MCC.JPG)
@@ -89,7 +134,7 @@ Watch the video below to learn how Compliance Manager can help simplify how your
### Advanced Audit - New 10-year retention of audit logs helps support long running investigations and respond to regulatory, legal, and internal obligations.-- [Three new new crucial events](advanced-audit.md#access-to-crucial-events-for-investigations). The following new events can help you investigate possible breaches and determine the scope of compromise: Send, SearchQueryInitiatedExchange, and SearchQueryInitiatedSharePoint.
+- [Three new crucial events](advanced-audit.md#access-to-crucial-events-for-investigations). The following new events can help you investigate possible breaches and determine the scope of compromise: Send, SearchQueryInitiatedExchange, and SearchQueryInitiatedSharePoint.
### Communication compliance
@@ -191,7 +236,6 @@ Retention-related admin activity is now recorded and available to review in the
- When [adding a collection to a review set](add-data-to-review-set.md#define-options-to-scope-your-collection-for-review), you can now include modern attachments (also called ΓÇ£cloud attachmentsΓÇ¥) and SharePoint document versions. - New [direct download export experience](export-documents-from-review-set.md), eliminating the need to use Azure Storage Explorer to download case content. - ## July 2020 ### Spotlight on help docs
@@ -217,180 +261,3 @@ You can now create a [retention label](retention.md#retention-labels) to start r
- (In preview) When configuring encryption settings for a label, look for the new option to use [Double Key Encryption](encryption-sensitivity-labels.md#double-key-encryption) to further protect labeled files and emails. - When creating or deleting sensitivity labels or creating, editing, or deleting their label policies, changes now synchronize within 1 hour to all users, apps, and services.-
-## June 2020
-
-### Spotlight: New data connectors hit preview
-
-Building on our promise to help you import data from more third-party sources into Microsoft 365, weΓÇÖre pleased to announce the preview release of two more data connectors:
--- [Bloomberg message](archive-bloomberg-message-data.md). Import and archive financial services email data from the Bloomberg Message collaboration tool. After the dataΓÇÖs stored in mailboxes, you can access and use the data in compliance features such as litigation hold, content search, In-place archiving, auditing, communication compliance, and retention policies.-- [ICE Chat](archive-icechat-data.md). Import and archive financial services chat data from the ICE Chat collaboration tool. After the dataΓÇÖs stored in mailboxes, you can access and use the data in compliance features such as litigation hold, eDiscovery, archiving, auditing, communication compliance, and retention policies.-
-### Compliance Score & Compliance
-
-June updates include a new assessment drill-down view in [Compliance Score](compliance-score.md). Monitor control progress, add, delete assessments directly from Compliance Score, and more.
-
-Want to stay on top of updates to Compliance Score and Compliance Manager? Bookmark the [Compliance Score release notes](compliance-score-release-notes.md) and check back often.
-
-## May 2020
-
-### Spotlight: Data classification is officially released
-
-Data classification, aka ΓÇÿ[Know your data](data-classification-overview.md)ΓÇÖ, features (analytics, content explorer, and activity explorer) have graduated from the preview phase and are available to all organizations. Powerful insights and tools can help you discover and evaluate how sensitive info and labels (retention and sensitivity) are being used in content across your organization. Review content that contains sensitive info or has labels applied, explore label activity across Microsoft 365 locations, create custom sensitive info types, and more.
-
-Take a video tour...
-
-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4vx8x]
-
-### Trainable classifiers: A fix and a feature
-
-May brings more enhancements to trainable classifiers:
--- A fix based on your feedback: When you seed and train a custom classifier, you no longer need to manually enter SharePoint site URLs and folder paths. You can now choose from a pre-populate list of sites and folders.-- New feature: When creating a sensitivity label and configuring auto-labeling settings for Office apps, you can now automatically apply (or recommend that users apply) the label to content that matches trainable classifiers. [Learn more](apply-sensitivity-label-automatically.md#configuring-trainable-classifiers-for-a-label)-
-### Communication compliance: Yammer support is here
-
-Private messages and public community conversations in Yammer are supported in communication compliance policies. Yammer is an optional channel and must be in [native mode](https://docs.microsoft.com/yammer/configure-your-yammer-network/overview-native-mode) to support scanning of messages and attachments.
-
-### Data loss prevention: New sharing restriction
-
-When setting up a DLP policy to protect content in SharePoint or OneDrive, you can now configure the ΓÇ£Restrict access to contentΓÇ¥ action to block people who were given access to the content through the ΓÇÿ[Anyone with the link](https://support.microsoft.com/office/share-files-outside-your-organization-with-anyone-links-53e91027-fb8e-4a6e-a3e4-5df4be32e38a)ΓÇÖ option.
-
-### Insider risk management: Tailor your alert volume
-
-User activities detected by insider risk policies are assigned a specific risk score, which in turn determines the alert severity (low, medium, high). By default, Microsoft 365 generates a certain amount of low, medium, and high severity alerts, but with the new [alert volume setting](insider-risk-management-settings.md#alert-volume), you can increase or decrease the volume to suit your needs.
-
-### PST import: New region supported
-
-Network upload is now available in United Arab Emirates.
-
-### Sensitivity labels: New privacy option
-
-When configuring [site and group settings](sensitivity-labels-teams-groups-sites.md#how-to-configure-groups-and-site-settings) for a label, you can now set the privacy option to **None - let user choose who can access the site**. This is useful when you want to protect content in the container by using a sensitivity label, but still let users configure the privacy setting themselves.
-
-## April 2020
-
-### Records management: Overhaul…and a new addition
-
-April includes a couple key updates to our records management solution:
--- The ΓÇÿRecords managementΓÇÖ section is now fully available in the compliance center. Take advantage of updated user interfaces and functionality for file plan, retention labels and label policies, events, and disposition.-- Speaking of disposition, we also rolled out [proof of disposition](disposition.md#disposition-of-records) for records in SharePoint and OneDrive. You can now see a list of items in those locations that have been disposed of automatically or after a disposition review.-
-### Sensitivity labels: Preview auto-labeling policies
-
-With auto-labeling policies, you can now automatically apply sensitivity labels to SharePoint and OneDrive docs that are already saved (aka ΓÇÿdata at rest) and emails that are already sent or received (aka ΓÇÿemail in transitΓÇÖ). Because this labeling is applied by services rather than by apps, you don't need to worry about what apps users have and what version.
-
-This capability extends the existing client-side labeling thatΓÇÖs already included in the ΓÇÿAuto-labeling for Office appsΓÇÖ settings when you create a sensitivity label. To get up to speed on the differences and benefits of both auto-labeling options, check out the [updated article](apply-sensitivity-label-automatically.md).
-
-## March 2020
-
-### Introducing Advanced Audit
-
-[Advanced Audit in Microsoft 365](advanced-audit.md) introduces new auditing capabilities that can help your organization with forensic and compliance investigations. Highlights include long term retention of audit logs, custom audit log retention policies, new *MailItemsAccessed* mailbox auditing action, and the introduction of a new tenant-level throttling limit, which provides your organization with its own fully allocated bandwidth quota to access your auditing data.
-
-### Compliance Score & Compliance
-
-Key updates for this preview release include:
--- Simplified process for creating and modifying templates-- Versioning notice and control for templates and actions-- Synchronizing common actions across groups-- Language support now extended to Chinese (Simplified), Chinese (Traditional), French, German, Italian, Japanese, Korean, Portuguese (Brazil), Russian, and Spanish-
-Learn more about [Compliance Score](compliance-score.md) and [Compliance Manager](compliance-manager-overview.md)
-
-### Sensitivity labels: Support for labeling Office files in SharePoint and OneDrive (preview)
-
-Enabling the preview allows users to apply sensitivity labels in Office on the web. TheyΓÇÖll be able to see the **Sensitivity** button on the ribbon and the applied label name on the status bar. In addition, if they use desktop apps to label and then save their files on SharePoint or OneDrive, Microsoft 365 will now be able to process the content of these files if the label has encryption settings applied. Coauthoring, eDiscovery, data loss prevention, search, and other collaborative features will also be supported in these circumstances.
-
-[Learn how to enable the preview](sensitivity-labels-sharepoint-onedrive-files.md)
-
-## February 2020
-
-### Insider risk management is officially released
-
-Drum roll, please...<br>Insider risk management is now available to organizations with the following subscriptions:
--- [Microsoft 365 E5](https://go.microsoft.com/fwlink/?linkid=2120431) (paid or trial)-- Microsoft 365 Enterprise E3 subscription with the [Microsoft E5 Compliance add-on](https://go.microsoft.com/fwlink/?linkid=2120432)-
-Heads up that we made some improvements since the preview release, including [new role groups](insider-risk-management-configure.md#step-1-enable-permissions-for-insider-risk-management) and [solution-wide settings](insider-risk-management-configure.md#step-4-configure-insider-risk-settings).
-
-As always, please leave feedback as you use the solution so we can continue to make improvements.
-
-### Records management
-
-This new solution brings all the records management capabilities under a single umbrella. Highlights include the introduction of records versioning for SharePoint and OneDrive and proof of disposal for records.
-
-![Records management page in Microsoft 365 compliance center](../media/mcc-records-management-page.png)
-
-[Learn more about records management](records-management.md)
-
-### Solution spotlight: Data connectors for Facebook and Twitter
-
-Data connectors [released last month](#just-launched) and we're looking for your help in testing out the following connectors.
--- [Facebook business pages](archive-facebook-data-with-sample-connector.md). Imports and archives data from Facebook business pages to Microsoft 365. Beneficial for compliance solutions such as records management and eDiscovery.-- [Twitter](archive-twitter-data-with-sample-connector.md). Imports and archives data from Twitter to Microsoft 365. Beneficial for compliance solutions such as records management and eDiscovery.-
-As you set up and validate these connectors, please leave us feedback about what went well, what didn't, and what we can do to improve the experience.
-
-## January 2020
-
-The wait is over. We're pleased to announce that the Microsoft 365 compliance center is available to all customers with Microsoft 365, Office 365, Enterprise Mobility + Security (EMS), and Windows 10 Enterprise plans. Any data or policies you were managing in the Security & Compliance Center are available in the compliance center, so no need to jump back and forth.
-
-Bookmark and head over now to [https://compliance.microsoft.com](https://compliance.microsoft.com) to tour your one-stop-shop for managing compliance across your org...or [read this article](microsoft-365-compliance-center.md) to dig in a bit more.
-
-![Microsoft 365 compliance center home page](../media/mcc-home-ga.png)
-
-We also released new and updated solutions this month. Here's a quick glance at the highlights.
-
-### Now in preview
-
-**Insider risk management (preview)**
-
-We're happy to announce that our insider risk management solution is now in public preview. In a nutshell, insider risk management helps your organization intelligently identify and take action on insider risks by providing:
--- Anonymity controls to help ensure user privacy.-- Intelligent policy templates with native and third-party indicators that identify insider threats, such as data leaks.-- Integrated end-to-end investigation workflows that span across IT, HR and legal teams.-
-We'd love to hear what you think. As you use the solution, leave us feedback so we can make sure we're meeting your needs as we head toward general availability.
-
-[Learn more about insider risk management](insider-risk-management.md)
-
-### Just launched
-
-**Communication compliance**
-
-Graduating from the preview phase to full availability, communication compliance is a key component of our new insider risk solution set. This robust solution helps minimize communication risks using workflows for detecting, investigating, and taking remediation actions for messages that don't meet your organization's standards.
-
-Customer feedback during the preview was fantastic. It resulted in several enhancements, including a first-run experience to get you started, improvements to investigation and remediation actions, and more.
-
-[Learn more about communication compliance](communication-compliance.md)
-
-![Communication compliance page in Microsoft 365 compliance center showing first card of the welcome experience](../media/mcc-communication-compliance-page-with-fre.png)
-
-**Data connectors**
-
-Formerly sharing space with other 'Import' features in the Office 365 Security & Compliance Center, data connectors now have their very own home in the Microsoft 365 compliance center. Use the new 'Data connectors' page to import and archive data from your organization's human resources (HR) files and various third-party platforms (like Facebook, LinkedIn, Twitter, and Instant Bloomberg) to mailboxes in your Microsoft 365 organization. Once imported, this data can be managed in several compliance solutions, including eDiscovery, insider risk management, communication compliance, audit, retention policies, and more.
-
-[Learn more about data connectors](archiving-third-party-data.md)
-
-![Data connectors page in the Microsoft 365 compliance center](../media/mcc-data-connectors-page.png)
-
-### Noteworthy updates
-
-**New assessment templates for Compliance Score (preview)**
-
-Always working hard to help you get ahead of the ever-evolving compliance landscape, our Compliance Score team shipped a new set of templates to help you assess your organization's compliance posture against recent regulations and get guidance on how to implement more effective controls. You'll see new templates for:
--- ISO/IEC 27701:2019-- California Consumer Privacy Act (CCPA)-- Brazil General Data Protection Law (Lei Geral de Proteção de Dados - LGPD)-- SOC 1 Type 2 and SOC 2 Type 2-
-[Learn more about Compliance Score templates](compliance-score.md#templates)
\ No newline at end of file
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-overview.md
@@ -5,7 +5,7 @@ f1.keywords:
Previously updated : 10/15/2019 Last updated : 02/01/2021 audience: ITPro
@@ -127,6 +127,24 @@ For an example of how a fictional but representative multinational organization
Empower United States public sector employees to work together, securely.
+## Best together with Surface and the Edge browser
+
+Optimize your userΓÇÖs integrated and secure productivity with the best-together combination of Microsoft 365 for enterprise, Microsoft Surface devices, and the Microsoft Edge browser. This cross-product integration provides:
+
+- A common identity and sign-in security infrastructure.
+- Integrated local and cloud apps for search, collaboration, productivity, and compliance.
+- Comprehensive and integrated security for hardware, browser, local app, and cloud apps.
+- A common infrastructure for IT management of installs and updates.
+
+Here is an example for an enterprise organization.
+
+![An enterprise organization with Microsoft 365, Surface devices, and the Edge browser](../media/microsoft-365-overview/best-together-with-surface-and-edge.png)
+
+For more information and configuration examples for a small and medium business and an educational institution, download the [Best together poster](https://download.microsoft.com/download/2/8/d/28db0cf9-2f5a-4f63-91e2-46ff5c4d3baf/microsoft-best-together-poster.pdf).
+
+[![Image for the Best together with Surface and the Edge browser poster](../media/microsoft-365-overview/best-together-poster-thumbnail.png)](https://download.microsoft.com/download/2/8/d/28db0cf9-2f5a-4f63-91e2-46ff5c4d3baf/microsoft-best-together-poster.pdf)
++ ## Microsoft 365 training ![Microsoft 365 Fundamentals training](../media/microsoft-365-overview/m365-fundamentals.svg)
includes https://docs.microsoft.com/en-us/microsoft-365/includes/microsoft-365-content-updates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/microsoft-365-content-updates.md
@@ -2,6 +2,184 @@
+## Week of January 25, 2021
++
+| Published On |Topic title | Change |
+|||--|
+| 1/25/2021 | [Search for Teams chat data for on-premises users](/microsoft-365/compliance/search-cloud-based-mailboxes-for-on-premises-users?view=o365-21vianet) | modified |
+| 1/25/2021 | [Search the audit log in the Security & Compliance Center](/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-21vianet) | modified |
+| 1/25/2021 | [Enable sensitivity labels for Office files in SharePoint and OneDrive](/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files?view=o365-21vianet) | modified |
+| 1/25/2021 | [Turn audit log search on or off](/microsoft-365/compliance/turn-audit-log-search-on-or-off?view=o365-21vianet) | modified |
+| 1/25/2021 | [Microsoft SharePoint Syntex adoption: Get started](/microsoft-365/contentunderstanding/adoption-getstarted) | modified |
+| 1/25/2021 | [Apply a document understanding model to a document library](/microsoft-365/contentunderstanding/apply-a-model) | modified |
+| 1/25/2021 | [Apply a retention label to a document understanding model](/microsoft-365/contentunderstanding/apply-a-retention-label-to-a-model) | modified |
+| 1/25/2021 | [Create a classifier](/microsoft-365/contentunderstanding/create-a-classifier) | modified |
+| 1/25/2021 | [Create a content center in Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/create-a-content-center) | modified |
+| 1/25/2021 | [Create a form processing model](/microsoft-365/contentunderstanding/create-a-form-processing-model) | modified |
+| 1/25/2021 | [Create an extractor](/microsoft-365/contentunderstanding/create-an-extractor) | modified |
+| 1/25/2021 | [Difference between document understanding and form processing models](/microsoft-365/contentunderstanding/difference-between-document-understanding-and-form-processing-model) | modified |
+| 1/25/2021 | [Document understanding overview](/microsoft-365/contentunderstanding/document-understanding-overview) | modified |
+| 1/25/2021 | [Explanation types](/microsoft-365/contentunderstanding/explanation-types-overview) | modified |
+| 1/25/2021 | [Form processing overview](/microsoft-365/contentunderstanding/form-processing-overview) | modified |
+| 1/25/2021 | [Image tagging in SharePoint Syntex](/microsoft-365/contentunderstanding/image-tagging) | modified |
+| 1/25/2021 | [Import a term set using a SKOS-based format](/microsoft-365/contentunderstanding/import-term-set-skos) | modified |
+| 1/25/2021 | [Introduction to Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/index) | modified |
+| 1/25/2021 | [Learn about document understanding models through the sample model](/microsoft-365/contentunderstanding/learn-about-document-understanding-models-through-the-sample-model) | modified |
+| 1/25/2021 | [Leverage term store taxonomy when creating an extractor](/microsoft-365/contentunderstanding/leverage-term-store-taxonomy) | modified |
+| 1/25/2021 | [Document understanding model usage analytics](/microsoft-365/contentunderstanding/model-usage-analytics) | modified |
+| 1/25/2021 | [Push content types to a hub](/microsoft-365/contentunderstanding/push-content-type-to-hub) | modified |
+| 1/25/2021 | [Set up SharePoint Syntex](/microsoft-365/contentunderstanding/set-up-content-understanding) | modified |
+| 1/25/2021 | [Term store reports](/microsoft-365/contentunderstanding/term-store-analytics) | modified |
+| 1/25/2021 | [Create a new topic in Topic Experiences (Preview) ](/microsoft-365/knowledge/create-a-topic) | modified |
+| 1/25/2021 | [Edit an existing topic in Topic Experiences (Preview) ](/microsoft-365/knowledge/edit-a-topic) | modified |
+| 1/25/2021 | [Introduction to Topic Experiences (Preview)](/microsoft-365/knowledge/index) | modified |
+| 1/25/2021 | [Manage topics in the Topic center in Topic Experiences (Preview) ](/microsoft-365/knowledge/manage-topics) | modified |
+| 1/25/2021 | [Restrict access to topics](/microsoft-365/knowledge/restrict-access-to-topics) | modified |
+| 1/25/2021 | [Topic center overview (Preview) ](/microsoft-365/knowledge/topic-center-overview) | modified |
+| 1/25/2021 | [Topic Experiences topic discovery and curation (Preview) ](/microsoft-365/knowledge/topic-experiences-discovery-curation) | modified |
+| 1/25/2021 | [Topic Experiences overview (Preview)](/microsoft-365/knowledge/topic-experiences-overview) | modified |
+| 1/25/2021 | [Topic Experiences roles (Preview)](/microsoft-365/knowledge/topic-experiences-roles) | modified |
+| 1/25/2021 | [Admin submissions](/microsoft-365/security/office-365-security/admin-submission?view=o365-21vianet) | modified |
+| 1/25/2021 | [Attributes for information barrier policies](/microsoft-365/compliance/information-barriers-attributes?view=o365-21vianet) | modified |
+| 1/25/2021 | [Edit information barrier policies](/microsoft-365/compliance/information-barriers-edit-segments-policies?view=o365-21vianet) | modified |
+| 1/25/2021 | [Define information barrier policies](/microsoft-365/compliance/information-barriers-policies?view=o365-21vianet) | modified |
+| 1/25/2021 | [Troubleshooting information barriers](/microsoft-365/compliance/information-barriers-troubleshooting?view=o365-21vianet) | modified |
+| 1/25/2021 | [Learn about information barriers in Microsoft 365](/microsoft-365/compliance/information-barriers?view=o365-21vianet) | modified |
+| 1/25/2021 | [Insider risk management cases](/microsoft-365/compliance/insider-risk-management-cases?view=o365-21vianet) | modified |
+| 1/25/2021 | [Deploy threat protection capabilities across Microsoft 365](/microsoft-365/solutions/deploy-threat-protection?view=o365-21vianet) | modified |
+| 1/25/2021 | [Communication compliance feature reference](/microsoft-365/compliance/communication-compliance-feature-reference?view=o365-21vianet) | modified |
+| 1/25/2021 | [Investigate and remediate communication compliance alerts](/microsoft-365/compliance/communication-compliance-investigate-remediate?view=o365-21vianet) | modified |
+| 1/25/2021 | [Manage information barrier policies](/microsoft-365/compliance/information-barriers-edit-segments-policies?view=o365-21vianet) | modified |
+| 1/26/2021 | [Microsoft Productivity Score](/microsoft-365/admin/productivity/productivity-score?view=o365-worldwide) | modified |
+| 1/26/2021 | [Install Office applications](/microsoft-365/admin/setup/install-applications?view=o365-21vianet) | modified |
+| 1/26/2021 | [Content Search](/microsoft-365/compliance/content-search?view=o365-21vianet) | modified |
+| 1/26/2021 | [Create eDiscovery holds in a Core eDiscovery case](/microsoft-365/compliance/create-ediscovery-holds?view=o365-21vianet) | modified |
+| 1/26/2021 | [Troubleshooting common eDiscovery issues](/microsoft-365/compliance/ediscovery-troubleshooting-common-issues?view=o365-21vianet) | modified |
+| 1/26/2021 | [Learn about retention for Teams](/microsoft-365/compliance/retention-policies-teams?view=o365-21vianet) | modified |
+| 1/26/2021 | [View keyword statistics for Content Search results](/microsoft-365/compliance/view-keyword-statistics-for-content-search?view=o365-21vianet) | modified |
+| 1/26/2021 | [Microsoft 365 data locations](/microsoft-365/enterprise/o365-data-locations?view=o365-21vianet) | modified |
+| 1/26/2021 | [Microsoft 365 Defender advanced hunting API](/microsoft-365/security/mtp/api-advanced-hunting?view=o365-21vianet) | modified |
+| 1/26/2021 | [Remove blocked users from the Restricted Users portal](/microsoft-365/security/office-365-security/removing-user-from-restricted-users-portal-after-spam?view=o365-21vianet) | modified |
+| 1/26/2021 | [Set up Safe Attachments policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/set-up-atp-safe-attachments-policies?view=o365-21vianet) | modified |
+| 1/26/2021 | [User submissions policy](/microsoft-365/security/office-365-security/user-submission?view=o365-21vianet) | modified |
+| 1/26/2021 | [What's new in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/whats-new-in-office-365-atp?view=o365-21vianet) | modified |
+| 1/26/2021 | [Azure Information Protection support for Office 365 operated by 21Vianet](/microsoft-365/admin/services-in-china/parity-between-azure-information-protection?view=o365-21vianet) | modified |
+| 1/26/2021 | [Microsoft 365 Business Premium resources # < 60 chars](/microsoft-365/business/index?view=o365-21vianet) | modified |
+| 1/26/2021 | [Insider risk management cases](/microsoft-365/compliance/insider-risk-management-cases?view=o365-21vianet) | modified |
+| 1/26/2021 | [Common identity and device access policies - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/identity-access-policies?view=o365-21vianet) | modified |
+| 1/26/2021 | [Export Content Search results](/microsoft-365/compliance/export-search-results?view=o365-21vianet) | modified |
+| 1/26/2021 | [Learn about retention for SharePoint and OneDrive](/microsoft-365/compliance/retention-policies-sharepoint?view=o365-21vianet) | modified |
+| 1/26/2021 | [Microsoft 365 productivity illustrations](/microsoft-365/solutions/productivity-illustrations?view=o365-21vianet) | modified |
+| 1/27/2021 | [Download perpetual software and product license keys bought through the Cloud Solution Provider (CSP) program](/microsoft-365/admin/setup/download-software-licenses-csp?view=o365-21vianet) | modified |
+| 1/27/2021 | [Change Microsoft 365 for business plans manually](/microsoft-365/commerce/subscriptions/change-plans-manually?view=o365-21vianet) | modified |
+| 1/27/2021 | [Search for Teams chat data for on-premises users](/microsoft-365/compliance/search-cloud-based-mailboxes-for-on-premises-users?view=o365-21vianet) | modified |
+| 1/27/2021 | [Use sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-21vianet) | modified |
+| 1/27/2021 | [Overview of unlimited archiving](/microsoft-365/compliance/unlimited-archiving?view=o365-21vianet) | modified |
+| 1/27/2021 | [Cross-tenant mailbox migration](/microsoft-365/enterprise/cross-tenant-mailbox-migration?view=o365-21vianet) | modified |
+| 1/27/2021 | [Migration phases actions and impacts for the migration from Microsoft Cloud Deutschland (general)](/microsoft-365/enterprise/ms-cloud-germany-transition-phases?view=o365-21vianet) | modified |
+| 1/27/2021 | [Introduction to Topic Experiences (Preview)](/microsoft-365/knowledge/index) | modified |
+| 1/27/2021 | [Topic Experiences topic discovery and curation (Preview) ](/microsoft-365/knowledge/topic-experiences-discovery-curation) | modified |
+| 1/27/2021 | [Topic Experiences overview (Preview)](/microsoft-365/knowledge/topic-experiences-overview) | modified |
+| 1/27/2021 | [EmailAttachmentInfo table in the advanced hunting schema](/microsoft-365/security/mtp/advanced-hunting-emailattachmentinfo-table?view=o365-21vianet) | modified |
+| 1/27/2021 | [Admin submissions](/microsoft-365/security/office-365-security/admin-submission?view=o365-21vianet) | modified |
+| 1/27/2021 | [Configuration analyzer for security policies](/microsoft-365/security/office-365-security/configuration-analyzer-for-security-policies?view=o365-21vianet) | modified |
+| 1/27/2021 | [Enable the Report Message add-in](/microsoft-365/security/office-365-security/enable-the-report-message-add-in?view=o365-21vianet) | modified |
+| 1/27/2021 | [Enable the Report Phish add-in](/microsoft-365/security/office-365-security/enable-the-report-phish-add-in?view=o365-21vianet) | modified |
+| 1/27/2021 | [Application Guard for Office 365 for admins](/microsoft-365/security/office-365-security/install-app-guard?view=o365-21vianet) | modified |
+| 1/27/2021 | [Install and use the Junk Email Reporting add-in for Microsoft Outlook](/microsoft-365/security/office-365-security/junk-email-reporting-add-in-for-microsoft-outlook?view=o365-21vianet) | modified |
+| 1/27/2021 | [Mail flow insights in the Mail flow dashboard](/microsoft-365/security/office-365-security/mail-flow-insights-v2?view=o365-21vianet) | modified |
+| 1/27/2021 | [Mail flow intelligence](/microsoft-365/security/office-365-security/mail-flow-intelligence-in-office-365?view=o365-21vianet) | modified |
+| 1/27/2021 | [Auto-forwarded messages insight](/microsoft-365/security/office-365-security/mfi-auto-forwarded-messages-report?view=o365-21vianet) | modified |
+| 1/27/2021 | [Top domain mail flow status insight in the Mail flow dashboard](/microsoft-365/security/office-365-security/mfi-domain-mail-flow-status-insight?view=o365-21vianet) | modified |
+| 1/27/2021 | [Mail flow map](/microsoft-365/security/office-365-security/mfi-mail-flow-map-report?view=o365-21vianet) | modified |
+| 1/27/2021 | [Fix possible mail loop insight](/microsoft-365/security/office-365-security/mfi-mail-loop-insight?view=o365-21vianet) | modified |
+| 1/27/2021 | [New domains being forwarded email insight](/microsoft-365/security/office-365-security/mfi-new-domains-being-forwarded-email?view=o365-21vianet) | modified |
+| 1/27/2021 | [New users forwarding email insight](/microsoft-365/security/office-365-security/mfi-new-users-forwarding-email?view=o365-21vianet) | modified |
+| 1/27/2021 | [Non-accepted domain report in the Mail flow dashboard](/microsoft-365/security/office-365-security/mfi-non-accepted-domain-report?view=o365-21vianet) | modified |
+| 1/27/2021 | [Non-delivery report in the Mail flow dashboard](/microsoft-365/security/office-365-security/mfi-non-delivery-report?view=o365-21vianet) | modified |
+| 1/27/2021 | [Outbound and inbound mail flow insight in the Mail flow dashboard](/microsoft-365/security/office-365-security/mfi-outbound-and-inbound-mail-flow?view=o365-21vianet) | modified |
+| 1/27/2021 | [Queues insight in the Mail flow dashboard](/microsoft-365/security/office-365-security/mfi-queue-alerts-and-queues?view=o365-21vianet) | modified |
+| 1/27/2021 | [Fix slow mail flow rules insight](/microsoft-365/security/office-365-security/mfi-slow-mail-flow-rules-insight?view=o365-21vianet) | modified |
+| 1/27/2021 | [SMTP Auth clients insight and report in the Mail flow dashboard](/microsoft-365/security/office-365-security/mfi-smtp-auth-clients-report?view=o365-21vianet) | modified |
+| 1/27/2021 | [Report junk and phishing email in Outlook for iOS and Android](/microsoft-365/security/office-365-security/report-junk-email-and-phishing-scams-in-outlook-for-ios-and-android?view=o365-21vianet) | modified |
+| 1/27/2021 | [Report junk and phishing email in Outlook on the web](/microsoft-365/security/office-365-security/report-junk-email-and-phishing-scams-in-outlook-on-the-web-eop?view=o365-21vianet) | modified |
+| 1/27/2021 | [Report spam, non-spam, and phishing messages to Microsoft](/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft?view=o365-21vianet) | modified |
+| 1/27/2021 | [Manually submit messages to Microsoft for analysis](/microsoft-365/security/office-365-security/submit-spam-non-spam-and-phishing-scam-messages-to-microsoft-for-analysis?view=o365-21vianet) | modified |
+| 1/27/2021 | [Submit malware and non-malware to Microsoft for analysis](/microsoft-365/security/office-365-security/submitting-malware-and-non-malware-to-microsoft-for-analysis?view=o365-21vianet) | modified |
+| 1/27/2021 | [User submissions policy](/microsoft-365/security/office-365-security/user-submission?view=o365-21vianet) | modified |
+| 1/27/2021 | [View mail flow reports in the Reports dashboard](/microsoft-365/security/office-365-security/view-mail-flow-reports?view=o365-21vianet) | modified |
+| 1/27/2021 | [Key compliance and security considerations for US banking and capital markets](/microsoft-365/solutions/financial-services-secure-collaboration?view=o365-21vianet) | modified |
+| 1/27/2021 | [Assess data privacy risks and identify sensitive items with Microsoft 365](/microsoft-365/solutions/information-protection-deploy-assess?view=o365-21vianet) | modified |
+| 1/27/2021 | [Compliance](/microsoft-365/managed-desktop/intro/compliance?view=o365-21vianet) | modified |
+| 1/27/2021 | [How updates are handled in Microsoft Managed Desktop](/microsoft-365/managed-desktop/service-description/updates?view=o365-21vianet) | modified |
+| 1/27/2021 | [Device requirements](/microsoft-365/managed-desktop/service-description/device-requirements?view=o365-21vianet) | added |
+| 1/27/2021 | [Microsoft Report Message and Report Phishing Add-In license terms](/microsoft-365/security/office-365-security/microsoft-message-phishing-report-terms?view=o365-21vianet) | added |
+| 1/27/2021 | [Set up Customer Key at the application level](/microsoft-365/compliance/customer-key-set-up?view=o365-21vianet) | modified |
+| 1/27/2021 | [Message Encryption (OME) version comparison](/microsoft-365/compliance/ome-version-comparison?view=o365-21vianet) | modified |
+| 1/27/2021 | [Resources to help you meet regulatory requirements for information governance and records management](/microsoft-365/compliance/retention-regulatory-requirements?view=o365-21vianet) | modified |
+| 1/27/2021 | [Microsoft Managed Desktop devices](/microsoft-365/managed-desktop/service-description/device-list?view=o365-21vianet) | modified |
+| 1/27/2021 | [Permissions - Security & Compliance Center](/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center?view=o365-21vianet) | modified |
+| 1/27/2021 | [Quarantined messages FAQ](/microsoft-365/security/office-365-security/quarantine-faq?view=o365-21vianet) | modified |
+| 1/28/2021 | [Cross-tenant mailbox migration](/microsoft-365/enterprise/cross-tenant-mailbox-migration?view=o365-21vianet) | modified |
+| 1/28/2021 | [Microsoft 365 Multi-Geo tenant configuration](/microsoft-365/enterprise/multi-geo-tenant-configuration?view=o365-21vianet) | modified |
+| 1/28/2021 | [Fix issues found by the readiness assessment tool](/microsoft-365/managed-desktop/get-ready/readiness-assessment-fix?view=o365-21vianet) | modified |
+| 1/28/2021 | [Automated investigation and response in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-air?view=o365-21vianet) | modified |
+| 1/28/2021 | [Secure by default in Office 365](/microsoft-365/security/office-365-security/secure-by-default?view=o365-21vianet) | modified |
+| 1/28/2021 | [Set up Microsoft 365 Business Premium](/microsoft-365/business/set-up?view=o365-21vianet) | modified |
+| 1/28/2021 | [Create a communications site](/microsoft-365/campaigns/create-communications-site?view=o365-21vianet) | modified |
+| 1/28/2021 | [Create teams for collaboration](/microsoft-365/campaigns/create-teams-for-collaboration?view=o365-21vianet) | modified |
+| 1/28/2021 | [Get Microsoft 365 for Campaigns](/microsoft-365/campaigns/get-microsoft-365-campaigns?view=o365-21vianet) | modified |
+| 1/28/2021 | [Microsoft 365 for smaller businesses and campaigns](/microsoft-365/campaigns/index?view=o365-21vianet) | modified |
+| 1/28/2021 | [Set up conditional access policies](/microsoft-365/campaigns/m365-campaigns-conditional-access?view=o365-21vianet) | modified |
+| 1/28/2021 | [Increase threat protection](/microsoft-365/campaigns/m365-campaigns-increase-protection?view=o365-21vianet) | modified |
+| 1/28/2021 | [Set up multifactor authentication](/microsoft-365/campaigns/m365-campaigns-multifactor-authenication?view=o365-21vianet) | modified |
+| 1/28/2021 | [Protect yourself against phishing and other attacks](/microsoft-365/campaigns/m365-campaigns-phishing-and-attacks?view=o365-21vianet) | modified |
+| 1/28/2021 | [Protect your administrator accounts](/microsoft-365/campaigns/m365-campaigns-protect-admin-accounts?view=o365-21vianet) | modified |
+| 1/28/2021 | [Infographic: Help protect your campaign](/microsoft-365/campaigns/m365-campaigns-protect-campaign-infographic?view=o365-21vianet) | modified |
+| 1/28/2021 | [Protect unmanaged Windows 10 PCs and Macs](/microsoft-365/campaigns/m365-campaigns-protect-pcs-macs?view=o365-21vianet) | modified |
+| 1/28/2021 | [Bump up security protection for your campaign or business](/microsoft-365/campaigns/m365-campaigns-security-overview?view=o365-21vianet) | modified |
+| 1/28/2021 | [Sign in to Microsoft 365](/microsoft-365/campaigns/m365-campaigns-sign-in?view=o365-21vianet) | modified |
+| 1/28/2021 | [Sign up for Microsoft 365 for Campaigns](/microsoft-365/campaigns/m365-campaigns-sign-up?view=o365-21vianet) | modified |
+| 1/28/2021 | [How these security recommendations affect your users](/microsoft-365/campaigns/m365-campaigns-users?view=o365-21vianet) | modified |
+| 1/28/2021 | [Customize sign-in page with a privacy and consent notice](/microsoft-365/campaigns/m365-customize-sign-in?view=o365-21vianet) | modified |
+| 1/28/2021 | [Setup overview for Microsoft 365 Business Premium](/microsoft-365/campaigns/microsoft-365-campaigns-setup-overview?view=o365-21vianet) | modified |
+| 1/28/2021 | [Send encrypted email](/microsoft-365/campaigns/send-encrypted-email?view=o365-21vianet) | modified |
+| 1/28/2021 | [Set up online meetings](/microsoft-365/campaigns/set-up-meetings?view=o365-21vianet) | modified |
+| 1/28/2021 | [Share files and videos](/microsoft-365/campaigns/share-files-and-videos?view=o365-21vianet) | modified |
+| 1/28/2021 | [Automatically apply a sensitivity label to content in Microsoft 365](/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-21vianet) | modified |
+| 1/28/2021 | [Microsoft Compliance Manager FAQ](/microsoft-365/compliance/compliance-manager-faq?view=o365-21vianet) | modified |
+| 1/28/2021 | [Decryption in eDiscovery](/microsoft-365/compliance/ediscovery-decryption?view=o365-21vianet) | modified |
+| 1/28/2021 | [Advanced eDiscovery limits](/microsoft-365/compliance/limits-ediscovery20?view=o365-21vianet) | modified |
+| 1/28/2021 | [Meet data protection and regulatory requirements with Compliance Manager for Microsoft cloud services](/microsoft-365/compliance/meet-data-protection-and-regulatory-reqs-using-microsoft-cloud?view=o365-21vianet) | modified |
+| 1/28/2021 | [Introduction to Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/index) | modified |
+| 1/28/2021 | [Use a QR code to sign-in to the Outlook mobile apps](/microsoft-365/admin/manage/use-qr-code-download-outlook?view=o365-21vianet) | added |
+| 1/28/2021 | [Learn about retention for Teams](/microsoft-365/compliance/retention-policies-teams?view=o365-21vianet) | modified |
+| 1/29/2021 | [Search for tasks or documentation in the Microsoft 365 admin center](/microsoft-365/admin/manage/search-in-the-mac?view=o365-21vianet) | added |
+| 1/29/2021 | [Choose between Basic Mobility and Security and Intune](/microsoft-365/admin/basic-mobility-security/choose-between-basic-mobility-and-security-and-intune?view=o365-21vianet) | modified |
+| 1/29/2021 | [Double Key Encryption (DKE)](/microsoft-365/compliance/double-key-encryption?view=o365-21vianet) | modified |
+| 1/29/2021 | [Learn about information barriers in Microsoft 365](/microsoft-365/compliance/information-barriers?view=o365-21vianet) | modified |
+| 1/29/2021 | [Access the Admin portal](/microsoft-365/managed-desktop/get-started/access-admin-portal?view=o365-21vianet) | modified |
+| 1/29/2021 | [Get expert training on advanced hunting](/microsoft-365/security/mtp/advanced-hunting-expert-training?view=o365-21vianet) | modified |
+| 1/29/2021 | [Microsoft 365 Network Insights (preview)](/microsoft-365/enterprise/office-365-network-mac-perf-insights?view=o365-21vianet) | modified |
+| 1/29/2021 | [Communication compliance feature reference](/microsoft-365/compliance/communication-compliance-feature-reference?view=o365-21vianet) | modified |
+| 1/29/2021 | [Step 2. Provide remote access to on-premises apps and services](/microsoft-365/solutions/empower-people-to-work-remotely-remote-access?view=o365-21vianet) | modified |
+| 1/29/2021 | [Step 3: Deploy security and compliance for remote workers](/microsoft-365/solutions/empower-people-to-work-remotely-security-compliance?view=o365-21vianet) | modified |
+| 1/29/2021 | [Step 5. Deploy remote worker productivity apps and services](/microsoft-365/solutions/empower-people-to-work-remotely-teams-productivity-apps?view=o365-21vianet) | modified |
+| 1/29/2021 | [Empower remote workers with Microsoft 365](/microsoft-365/solutions/empower-people-to-work-remotely?view=o365-21vianet) | modified |
+| 1/29/2021 | [Microsoft 365 productivity illustrations](/microsoft-365/solutions/productivity-illustrations?view=o365-21vianet) | modified |
+| 1/29/2021 | [About shared mailboxes](/microsoft-365/admin/email/about-shared-mailboxes?view=o365-21vianet) | modified |
+| 1/29/2021 | [Change your organization's address, technical contact, and more](/microsoft-365/admin/manage/change-address-contact-and-more?view=o365-21vianet) | modified |
+| 1/29/2021 | [Manage Office Scripts settings](/microsoft-365/admin/manage/manage-office-scripts-settings?view=o365-21vianet) | modified |
+| 1/29/2021 | [Create and publish sensitivity labels](/microsoft-365/compliance/create-sensitivity-labels?view=o365-21vianet) | modified |
+| 1/29/2021 | [Service encryption with Customer Key](/microsoft-365/compliance/customer-key-overview?view=o365-21vianet) | modified |
+| 1/29/2021 | [Set up Customer Key at the application level](/microsoft-365/compliance/customer-key-set-up?view=o365-21vianet) | modified |
+| 1/29/2021 | [How Exchange Online uses TLS to secure email connections](/microsoft-365/compliance/exchange-online-uses-tls-to-secure-email-connections?view=o365-21vianet) | modified |
+| 1/29/2021 | [Service Encryption](/microsoft-365/compliance/office-365-service-encryption?view=o365-21vianet) | modified |
+| 1/29/2021 | [Message Encryption FAQ](/microsoft-365/compliance/ome-faq?view=o365-21vianet) | modified |
+| 1/29/2021 | [Learn about sensitivity labels](/microsoft-365/compliance/sensitivity-labels?view=o365-21vianet) | modified |
++ ## Week of January 18, 2021
managed-desktop https://docs.microsoft.com/en-us/microsoft-365/managed-desktop/get-started/access-admin-portal https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/get-started/access-admin-portal.md
@@ -24,9 +24,9 @@ Your gateway to the Microsoft Managed Desktop service is [Microsoft Endpoint Man
> - Chrome (latest version) > - Firefox (latest version)
-Your administrative account needs specific permissions in order to access the Microsoft Managed Desktop administrative features in either Azure portal or Microsoft Endpoint Manager. You can manage admin access to these features within your organization by using Role-based Access Control (RBAC). Several Azure Active Directory (Azure AD) administrator roles and built-in custom roles are available to provide more granular control to different features within the Microsoft Managed Desktop Admin portal. For more information about Azure Active Directory roles, see [Administrator role permissions in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/users-groups-roles/directory-assign-admin-roles). Unlike Azure AD administrator roles that apply to various Microsoft products and services, custom roles are specific to Microsoft Managed Desktop and will only guarantee access to the Admin features for this service. Admins can assign custom roles to users individually or in combination with Azure AD administrator roles to add Microsoft Managed Desktop permissions to existing admin accounts.
+Your administrative account will need specific permissions in order to access the Microsoft Managed Desktop administrative features in Microsoft Endpoint Manager. You can manage admin access to these features within your organization by using role-based access control. Several Azure Active Directory (Azure AD) administrator roles and built-in Microsoft Managed Desktop roles are available to provide more granular control to different features within the Microsoft Managed Desktop Admin portal. For more information about Azure Active Directory roles, see [Administrator role permissions in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/users-groups-roles/directory-assign-admin-roles). Unlike Azure AD administrator roles that apply to various Microsoft products and services, the built-in roles are specific to Microsoft Managed Desktop and will only guarantee access to the Admin features for this service. Admins can assign built-in roles to users individually or in combination with Azure AD administrator roles to add Microsoft Managed Desktop permissions to existing admin accounts.
-Each of the roles below can be assigned to provide different levels of access:
+## Azure Active Directory roles with Microsoft Managed Desktop access
|Azure AD role |Microsoft Managed Desktop permissions | |||
@@ -37,11 +37,15 @@ Each of the roles below can be assigned to provide different levels of access:
|Security Admin | Admins with this role will have **read-only permissions to all features** and **write permissions for security related features** in Microsoft Managed Desktop in the Admin portal. | |Security Reader |Admins with this role will have **read-only permissions to all features** in the Microsoft Managed Desktop Admin portal.|
+If you need help with assigning Azure Active Directory roles, see [Administrator role permissions in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/users-groups-roles/directory-assign-admin-roles).
+ > [!IMPORTANT] > Only the Global Administrator role has the necessary permissions to *enroll* your organization in Microsoft Managed Desktop. Be aware that Azure Active Directory roles will give user accounts privileges across a variety of Microsoft services. After completing enrollment with Microsoft Managed Desktop, you should always use the role with the *least* privileges necessary to accomplish your other tasks.
-
-|Custom role |Microsoft Managed Desktop permissions |
+## Built-in roles provided by Microsoft Managed Desktop
++
+|Built-in role |Microsoft Managed Desktop permissions |
||| |Microsoft Managed Desktop Service Administrator | When assigned to a user, this role gives the admin **read and write permissions to features not related to security** in the Microsoft Managed Desktop Admin portal. | |Microsoft Managed Desktop Service Reader | When assigned to a user, this role gives the admin **read-only permissions to features not related to security** in the Microsoft Managed Desktop Admin portal. |
@@ -50,11 +54,9 @@ Each of the roles below can be assigned to provide different levels of access:
> [!NOTE] > Security features include security-related communications, management of security contacts, management of security-related support requests, and access to security related reports.
-## Assigning roles to administrators
-
-If you need help with assigning Azure Active Directory roles, see [Administrator role permissions in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/users-groups-roles/directory-assign-admin-roles).
+### Assigning built-in roles to administrators
-To make it easy to manage built-in roles, there is a security group for each custom role (for example, ΓÇ£Modern Workplace Roles ΓÇô Security ManagerΓÇ¥). To assign users to one of the security groups, follow these steps:
+To manage built-in roles, there is a security group for each custom role with the name "Modern Workplace Roles - _Role Name_"(for example, ΓÇ£Modern Workplace Roles ΓÇô Security ManagerΓÇ¥). To assign users to one of these security groups, follow these steps:
1. Go the Microsoft Endpoint Manager portal. 2. Select **Groups** on the left side. 3. Search for **Modern Workplace Roles**, and then select the group associated with the role you want to assign.
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-schema-changes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-schema-changes.md
@@ -42,10 +42,32 @@ Naming changes are automatically applied to queries that are saved in the securi
| Table name | Original column name | New column name | Reason for change |--|--|--|--|
-| [EmailEvents](advanced-hunting-emailevents-table.md) | FinalEmailAction | EmailAction | Customer feedback |
-| [EmailEvents](advanced-hunting-emailevents-table.md) | FinalEmailActionPolicy | EmailActionPolicy | Customer feedback |
-| [EmailEvents](advanced-hunting-emailevents-table.md) | FinalEmailActionPolicyGuid | EmailActionPolicyGuid | Customer feedback |
+| [EmailEvents](advanced-hunting-emailevents-table.md) | `FinalEmailAction` | `EmailAction` | Customer feedback |
+| [EmailEvents](advanced-hunting-emailevents-table.md) | `FinalEmailActionPolicy` | `EmailActionPolicy` | Customer feedback |
+| [EmailEvents](advanced-hunting-emailevents-table.md) | `FinalEmailActionPolicyGuid` | `EmailActionPolicyGuid` | Customer feedback |
+## January 2021
+
+| Column name | Original value name | New value name | Reason for change
+|--|--|--|--|
+| `DetectionSource` | MCAS | Microsoft Cloud App Security | Rebranding |
+| `DetectionSource` | WindowsDefenderAtp| EDR| Rebranding |
+| `DetectionSource` | WindowsDefenderAv | Antivirus | Rebranding |
+| `DetectionSource` | WindowsDefenderSmartScreen | SmartScreen | Rebranding |
+| `DetectionSource` | CustomerTI | Custom TI | Rebranding |
+| `DetectionSource` | OfficeATP | Microsoft Defender for Office 365 | Rebranding |
+| `DetectionSource` | MTP | Microsoft 365 Defender | Rebranding |
+| `DetectionSource` | AzureATP | Microsoft Defender for Identity | Rebranding |
+| `DetectionSource` | CustomDetection | Custom detection | Rebranding |
+| `DetectionSource` | AutomatedInvestigation |Automated investigation | Rebranding |
+| `DetectionSource` | ThreatExperts | Microsoft Threat Experts | Rebranding |
+| `DetectionSource` | 3rd party TI | 3rd Party sensors | Rebranding |
+| `ServiceSource` | Microsoft Defender ATP| Microsoft Defender for Endpoint | Rebranding |
+|`ServiceSource` |Microsoft Threat Protection | Microsoft 365 Defender | Rebranding |
+| `ServiceSource` | Office 365 ATP |Microsoft Defender for Office 365 | Rebranding |
+| `ServiceSource` |Azure ATP |Microsoft Defender for Identity | Rebranding |
+
+`DetectionSource` is available in the [AlertInfo](advanced-hunting-alertinfo-table.md) table. `ServiceSource` is available in the [AlertEvidence](advanced-hunting-alertevidence-table.md) and [AlertInfo](advanced-hunting-alertinfo-table.md) tables.
## Related topics - [Advanced hunting overview](advanced-hunting-overview.md) - [Understand the schema](advanced-hunting-schema-tables.md)\ No newline at end of file
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/office-365-evaluation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/office-365-evaluation.md
@@ -154,7 +154,7 @@ Your Microsoft Defender for Office 365 evaluation report is generated once per d
### Exchange rules (optional)
-If you have an existing gateway, you might want to bypass filtering because it will activate enhanced filtering for connectors and alter the incoming sender IP address. To bypass, navigate to the Exchange admin center and create a policy of SCL -1 (if you don't already have one). For details on the rule components and how they work, see Mail flow rules (transport rules) in Exchange Online.
+If you have an existing gateway, enabling evaluation mode will activate enhanced filtering for connectors. This improves filtering accuracy by altering the incoming sender IP address. This may change the filter verdicts and if you are not bypassing Exchange Online Protection this may alter deliverability for certain messages. In this case you might want to temporarily bypass filtering to analyze impact. To bypass, navigate to the Exchange admin center and create a policy of SCL -1 (if you don't already have one). For details on the rule components and how they work, see Mail flow rules (transport rules) in Exchange Online.
## Evaluate capabilities