-If your former employee had an organization phone, you can use the <a href=" https://go.microsoft.com/fwlink/p/?linkid=2059104" target="_blank">Exchange admin center</a> to wipe and block that device so that all organization data is removed from the device and it can no longer connect to Office 365. If your organization uses Basic Mobility and Security to manage mobile devices, you can wipe and block those devices using Basic Mobility and Security.

-To learn about changing other profile information, see [Change your contact preferences](change-contact-preferences.md) or [Change your display language](https://support.microsoft.com/office/6f238bff-5252-441e-b32b-655d5d85d15b.aspx).

- If your instance allows Basic Authentication for inbound connections, select Yes, otherwise please refer to the [Advanced Setup with AAD](servicenow-aad-oauth-token.md).

- :::image type="content" source="../../media/ServiceNow-guide/snowbasic-2.png" lightbox="../../media/ServiceNow-guide/snowbasic-2.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::

-Microsoft Defender for Office 365 , formerly called Microsoft 365 ATP, or Advanced Threat Protection, helps protect your business against malicious sites when people click links in Office apps.

-[Turn on multi-factor authentication for your phone](https://support.microsoft.com/office/ace1d096-61e5-449b-a875-58eb3d74de14) (video)

- **For help with Microsoft 365 Family or Microsoft 365 Personal**, see [Using product keys with Office](https://support.microsoft.com/office/12a5763a-d45c-4685-8c95-a44500213759.aspx).

- **For help with a Microsoft 365 Family or Microsoft 365 Personal product key**, see [Using product keys with Office](https://support.microsoft.com/office/12a5763a-d45c-4685-8c95-a44500213759.aspx).

-| "Sorry, this is an invalid product key. Try entering it again. If your product key is for Microsoft 365 Personal or Microsoft 365 Family, redeem it at office.com/setup." <br/><br/>If you're using Office 365 Solo in Japan: "Sorry, this is an invalid product key. Try entering it again. If your product key is for Office 365 Solo, redeem it at office.com/setup." | If you're setting up [Microsoft 365 Family or Personal](https://support.microsoft.com/office/28cbc8cf-1332-4f04-9123-9b660abb629e.aspx), you need to redeem your product key at [https://www.office.com/setup](https://www.office.com/setup). Otherwise, for business customers, carefully check the numbers and characters you're entering. |

-description: "Learn how to activate, renew, or add licenses to an Microsoft 365 for business subscription."

- **Need help immediately?**[Call Microsoft Support](../admin/get-help-support.md).

-

- **For help with Microsoft 365 Home, or Personal**, see [Using product keys with Office](https://support.microsoft.com/office/12a5763a-d45c-4685-8c95-a44500213759.aspx).

- **For help with Microsoft 365 Business Standard purchased from a retail store**, see [Enter your product key purchased from a retail store](enter-your-product-key.md).

-1. After you purchase a key from an Microsoft 365 partner, check your inbox for an email from Microsoft containing an activation link.

-

-

-> Volume licensing customers can also choose to activate subscriptions in the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkID=282016). To learn how, download the PDF guide, [Activate Online Services in the Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkId=618096).

-If you canceled your subscription, and didn't [move users to a different subscription](move-users-different-subscription.md) that includes Microsoft 365, Microsoft 365 runs in reduced functionality mode. When this happens, users can only read and print documents, and Microsoft 365 applications display [Unlicensed Product notifications](https://support.microsoft.com/office/0d23d3c0-c19c-4b2f-9845-5344fedc4380.aspx). To avoid any confusion, have your users [uninstall Office](https://support.microsoft.com/office/9dd49b83-264a-477a-8fcc-2fdf5dbf61d8.aspx) from their machines.

-If you have questions about your school's academic eligibility decision, [contact support]((../../admin/get-help-support.md).

-In this state, your access decreases significantly. Your users can't sign in, or access services like email or SharePoint Online. Office applications eventually move into a read-only, reduced functionality mode and display [Unlicensed Product notifications](https://support.microsoft.com/office/0d23d3c0-c19c-4b2f-9845-5344fedc4380.aspx). You can still sign in and get to the admin center, but can't assign licenses to users. Your customer data, including all user data, email, and files on team sites, is available only to you and other admins.

-> - If a CSP license is suspended, there is no 30 day Expired stage, and services are disabled immediately. Data is deleted after 90 days if the tenant is not reactivated by adding a new license.

-With communication compliance policies, you can choose to scan messages in one or more of the following communication platforms as a group or as standalone sources. Communications captured across these platforms are retained for seven years for each policy by default, even if users leave your organization and their mailboxes are deleted.

-If you delete the only assessment in a group, then that group is also deleted from Compliance Manager.

-Because of the [principles of retention](retention.md#the-principles-of-retention-or-what-takes-precedence), you can use retention labels to supplement a retention policy for specific SharePoint, OneDrive, or Exchange items that need to be retained longer, or deleted sooner than the specified settings in a retention policy for the same location.

-> If you have problems running the previous command because of execution policies, see [About Execution Policies](\powershell\module\microsoft.powershell.core\about\about_execution_policies) and [Set-ExecutionPolicy](\powershell\module\microsoft.powershell.security\set-executionpolicy) for guidance about setting execution policies.

-> If you have problems running the previous command because of execution policies, see [About Execution Policies](\powershell\module\microsoft.powershell.core\about\about_execution_policies) and [Set-ExecutionPolicy](\powershell\module\microsoft.powershell.security\set-executionpolicy) for guidance about setting execution policies.

-> [!NOTE]

-> Adaptive scopes as a new feature is currently in preview and subject to change. The alternative option is a static scope, which provides the same behavior before adaptive scopes were introduced and can be used if adaptive scopes don't meet your business requirements.

- - If you are using records management:

- - If you are not using records management:

-> [!NOTE]

-> Adaptive policy scopes as a new feature is currently in preview and subject to change. The alternative option is a static scope, which provides the same behavior before adaptive scopes were introduced and can be used if adaptive scopes don't meet your business requirements.

-> [!NOTE]

-> Policy lookup is currently in preview and subject to change.

-**Does auditing data flow across geographies?**

-In general, no. We currently have auditing pipeline deployments in the NA (North America), EMEA (Europe, Middle East, and Africa) and APAC (Asia Pacific) regions. However, we may need to transfer data across these regions for load-balancing during live-site issues. When we do perform these activities, the data in transit is encrypted. For multi-geo organizations, the audit data collected from all regions of the organization will be stored only in the organization's home region.

- Connect-ExchangeOnline

-The resources in this section help you learn more about the two methods of data classification and extraction used by SharePoint Syntex: form processing and document understanding.

-# Create and configure a prebuilt model in Microsoft SharePoint Syntex

-> [!NOTE]

-> The content for this feature is currently in development.

-Prebuilt models are pretrained to recognize documents and the components in documents. They also work on image files and PDF files. You can immediately apply prebuilt models to libraries as they are. They don't need additional training or labeling, and no training file is needed.

-You can also customize a prebuilt model, review it to see how it works on your documents and customize the names to match your documents or naming convention. You can also turn off suggested components that aren't applicable.

-Designed to help partners enable customer adoption of security at their own pace, Lighthouse provides a standard set of baseline parameters and pre-defined configurations for Microsoft 365 services. These security configurations help measure your tenants' Microsoft 365 security and compliance progress.

-Lighthouse standard baseline configurations for security workloads are designed to help all managed tenants reach an acceptable state of security coverage and compliance.

-| Baseline configuration | Description |

-| Require MFA for admins | A report-only Conditional Access policy requiring multifactor authentication for admins. It's required for all cloud applications. |

-| Require MFA for end users | A report-only Conditional Access policy that requires multifactor authentication for users. It's required for all cloud applications. |

-| Block legacy authentication | A report-only Conditional Access policy to block legacy client authentication. |

-| Set up device enrollment | Device enrollment to allow your tenant devices to enroll in Microsoft Endpoint Manager. This is done by setting up Auto Enrollment between Azure Active Directory and Microsoft Endpoint Manager. |

-| Configure Microsoft Defender Antivirus for Windows 10 and later | A Device Configuration profile for Windows devices with pre-configured Microsoft Defender Antivirus settings. |

-[Deploy Microsoft 365 Lighthouse baselines](m365-lighthouse-deploy-baselines.md) (article)\

-You can submit support tickets or feedback requests to Microsoft using the Microsoft Managed Desktop Admin portal. Support requests are always prioritized over feedback submissions. Support requests are triaged and managed according to severity as outlined in the [severity definition table](#sev). Feedback is reviewed and a response provided where requested.

-2. Look for the Microsoft Managed Desktop section, and then select **Service requests**.

-3. On the **Service requests** blade, select **+ New support request**.

-4. Select the **Request type** that matches the help you need. The following table outlines the options.

-Support request type|When to use

-|

-Incident|You require the Microsoft Managed Desktop Operations team to investigate a user issue caused by, for example, a widespread impact of a change or service outage.

-Request for information|You're planning a change in networking, proxy configuration, VPN systems, certificate expiration, or just need some information about the service. A response from the Microsoft Managed Desktop Operations team is advised when communicating a change within your organization.

-Change request|You require the Microsoft Managed Desktop Operations team to make a change, such as moving devices between update groups.

-> When you create a support request you will need to list a Primary contact, responsible for working with our Service Engineers to resolve the issue or answer any questions about a requested change. We also require that you have previously [set up an Admin contact](../get-started/add-admin-contacts.md) who will be copied on all case notifications for their relevant area of focus and be asked to take over a case if the primary contact for a case is unreachable.

-The primary contact for a case (and any [Admin contact](../get-started/add-admin-contacts.md) for that area of focus) will receive email notifications when a case is **Created**, **Assigned** to a Service Engineer to investigate, and **Resolved**. If at any point you have a question about the case, the best way to get in touch with our team is to reply directly to one of those emails. If we have questions about your request or need more details to take action, we will email the Primary contact listed on the support requests (copying all the relevant Admin contacts).

-While email is the recommended approach to interact with our team, you may want to see the summary status of all your support requests. At any time, you can use the portal to see all support requests Active during the last six months.

-2. Look for the *Microsoft Managed Desktop* section, select **Service request**.

-3. From this view, you can export the summary view or click on any case to see the details

-If you need to edit the details of a case, for example updating the primary case contact or changing the severity, you will need to follow these steps:

-1. From the **Service requests** blade, in the **Tenant Administration** menu of [Microsoft Endpoint Manager](https://endpoint.microsoft.com/), use the search bar or filters to find the case you're interested in editing.

-2. Select the case to open up the request's details

-3. Scroll to the bottom of the request details and select **Edit**.

-4. Update the editable information, add attachments to the case, or add a note for the Service Engineering team, then select **Save**.

-Once a case is resolved it can no longer be edited. If a request has been resolved for less than 24hrs you will see the option to **reactivate** instead of **Edit**, and once reactivated you can again edit the request.

-When you are the primary contact on for a support request, you will receive an email from Microsoft Managed Desktop Operations asking about your experience after your issue has been resolved. Feedback is actively monitored and shared with engineering to improve the service and prioritize future features. Be sure to focus on your experience and not include personal information in the feedback form. For more information about privacy, see the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement).

-The initial response time is the period from when you submit your support request to when a Microsoft Managed Desktop engineer contacts you and starts working on your support request. The initial response time varies with the business impact of the request, based on the severity of the request.

-> In this table, "admin support hours" means, that Microsoft Managed Desktop support for admins is available, for most countries, 24 hours a day **Monday through Friday**. Severity A can be worked 24 hours a day all seven days of the week.

-Severity level|Situation|Initial response time|Expected response from you

-|||

-**Severity A ΓÇô Critical Impact**|**Critical business impact**<p>Your business has significant loss or degradation of services and require immediate attention.<p>**Major application compatibility impact**<p>Your entire business is experiencing financial impact due to devices not responding or loss of critical functionality|Initial: < 1 hour<br>Update: 60 minutes<br>24-hour support every day is available|When you select Severity A, you confirm that the issue has critical business impact, with severe loss and degradation of services. <p>The issue demands an immediate response, and you commit to continuous engagement every day with the Microsoft team until resolution. Otherwise, Microsoft can at its discretion decrease the Severity to level B.<p> You also ensure that Microsoft has your accurate contact information.

-**Severity B ΓÇô Moderate Impact**|**Moderate business impact**<p>Your business has moderate loss or degradation of services, but work can reasonably continue in an impaired manner.<p>**Moderate application compatibility impact**<p>A specific business group is no longer productive, due to devices not responding or loss of critical functionality.|Initial: < 4 hours<br>Update: 12 hours<br>24 hours a day during admin support hours (Monday through Friday).|When you select Severity B, you confirm that the issue has moderate impact to your business with loss and degradation of services, but workarounds enable reasonable, albeit temporary, business continuity. <p>The issue demands an urgent response. If you chose all day every day support when you submit the support request, you commit to a continuous engagement every day with the Microsoft team until resolution. Otherwise, Microsoft might at its discretion decrease the severity to level C. If you chose admin support-hours support when you submit a Severity B incident, Microsoft will contact you during admin support hours only.<p>You also ensure that Microsoft has your accurate contact information.

-**Severity C ΓÇô Minimal Impact**|**Minimum business impact**<p> Your business is functioning with minor impediments of services.<p>**Minor application compatibility impact**<p>Potentially unrelated users experience minor compatibility issues that do not prevent productivity|Initial: < 8 hours<br>Update: 24 hours<br>Support 24 hours a day during admin support hours (Monday through Friday)|When you select Severity C, you confirm that the issue has minimum impact to your business with minor impediment of service.<p>For a Severity C incident, Microsoft will contact you during admin support hours only.<p>You also ensure that Microsoft has your accurate contact information.

-This report helps you understand how applications are being used across your Microsoft Managed Desktop devices. It can also act as a reference to help you assess any effect on your users when application issues are discovered.

-The information in this report includes:

-> For devices to report data, they must be set to the Optional diagnostic data level. Learn more about [how Microsoft Managed Desktop uses Windows diagnostic data](../service-description/privacy-personal-data.md).

-This report aggregates the status of all your registered devices to show your use of the Microsoft Managed Desktop service. We categorize devices based on their activity over the last 28 days and on our ability to keep the device updated. To be updated by Windows Update as soon as possible, a device must be connected to the internet and not hibernating or paused for a minimum of six hours, two of which must be continuous. Although it's possible that a device that doesn't meet these requirements will be updated, devices that meet them have the highest likelihood of being updated.

-We report device status using these labels:

-

- - Elevating built-in system troubleshooters, the command prompt, or Windows PowerShell

- - Troubleshooting line-of-business applications

- - Using a workaround to correct something that should function by design (such as BitLocker activation or system time not updating)

- - Elevating Device Manager to do things like update drivers, uninstall a device, or scan for new changes

- - Installing software or browsers

- - Installing drivers outside of Windows settings, including those for peripherals

- - Installing .msi or .exe files

- - Installing Windows features

- - Installing software or features that conflict with Microsoft Managed Desktop security or management capabilities or operations

- - Disabling a Windows feature that is required for Microsoft Managed Desktop, such as BitLocker

- - Modifying settings managed by your org

-### To request elevation

-2. Look for the **Microsoft Managed Desktop** section, and then select the **Devices** blade, which contains two tabsΓÇôthe **Devices** tab and the **Elevation requests** tab.

-3. To create a new elevation request on the **Device** tab, select a single device that you want to elevate, and then select **Request elevation** from the Device actions dropdown menu. A new elevation request fly-in pane will appear with the deviceΓÇÖs name prepopulated in that field.

-4. Alternatively, to create a new elevation request on the **Elevations requests** tab, select **+New elevation request.**

-5. Provide these details:

- - **Support ticket ID** from your own support ticketing system.

- - **Device name**(only when creating request from the **Elevation requests** tab): Enter the device serial number and then select the device from the menu.

- - **Plan of action**: Provide the troubleshooting steps you plan to take once elevation is granted.

-6. Select **Submit**.

-7. The list and details of all active and closed requests can be seen on the **Elevation requests** Tab.

-If you need to [escalate](../service-description/user-support.md#escalation-portal) an issue to Microsoft, follow these steps:

-2. Look for the Microsoft Managed Desktop section, and then select **Service requests**.

-3. On the **Service requests** blade, select **+ New support request**.

-4. Provide a very brief description in the **Title** box. Then set the **Request type** to **Incident**.

-5. Select the **Category** and **Sub-category** that best fits your issue and select **Next**.

- - **Description**: Add any additional details that could help our team understand the problem. If you need to attach files, you can do that by coming back to the request after you submit it.

- - **Primary contact information**: Provide info about how to contact the main person responsible for working with our team.

-7. Select the **Severity** level. For more information, see Support request severity definitions.

-There are a couple of ways to manage app updates for apps that you've onboarded to Microsoft Managed Desktop and deployed to your Microsoft Managed Desktop devices. You can make app updates in Microsoft Managed Desktop portal, or Intune.

-**To update your line-of-business apps in Microsoft Managed Desktop portal**

-2. Under **Inventory**, select **Apps**.

-3. Select the app you want to updates, and then select **Edit**.

-4. Under **Manage**, select **Properties**.

-5. Click **App package file**, and then browse to upload a new app package file.

-6. Select **App package file**.

-7. Select the folder icon and browse to the location of your updated app file. Select **Open**. The app information is updated with the package information.

-8. Verify that **App version** reflects the updated app package.

-**To update your line-of-business apps in Intune**

-5. In the **Overview** blade, select **Properties**.

-If there's an error found when a new version of an app is deployed, you can roll back to a previous version. The process outlined here is for apps where type is listed as **Windows MSI line-of-business app** or **Windows app (Win 32) - preview**

-**To roll back a line-of-business app to a previous version**

-4. Under **Manage**, select **Properties**.

- - For **Windows app (Win 32) - preview** apps, select **App information**, select **Detection rules**, and then select **Add**.

- If there is an MSI rule, verify that **MSI product version check** is set to **No**.

-The Microsoft Endpoint Manager console brings together reporting from several products into a single location to help you monitor and investigate issues with your Azure AD organization ("tenant") configuration and devices. Microsoft Managed desktop has a section in the **Reports** menu where you can find reports specific to Microsoft Managed Desktop's management of the devices you’ve registered. Additionally, in several locations throughout Microsoft Endpoint Manager you can filter reports from other product groups to specifically include or exclude your devices that are managed by Microsoft Managed Desktop. 

-Microsoft Managed Desktop provides several reports and dashboards that IT admins in your organization can use to understand various aspects of the population of devices. You can find these reports by navigating to **Managed devices** under the *Microsoft Managed Desktop* section of the **Reports** menu in Microsoft Endpoint Manager.

-On the **Summary** tab, you'll find quick metrics about device updates. Selecting **View details** of any metric will allow you to download additional information for offline analysis, including the underlying dataset for the metric.

-When you select the **Reports** tab, you will see descriptions for the available detailed reports. These reports are more comprehensive and support visualization and filtering of the data in the portal as well as exporting the underlying data for offline analysis or distribution. The following reports are available today:

-Microsoft Managed Desktop is now integrated with [Endpoint analytics](/mem/analytics/overview). These reports give you insights for measuring how your organization is working and the quality of the experience delivered to your users. Endpoint analytics is in the **Reports** menu of [Microsoft Endpoint Manager](https://endpoint.microsoft.com/). To pivot a score to only include devices being managed by Microsoft Managed Desktop go to any report, select the **Filter** drop down, and then select **Microsoft Managed Desktop devices**.

-If Endpoint analytics wasn't automatically configured for your Azure AD organization ("tenant") during enrollment, you can do that yourself. For more information, see [Onboard in the Endpoint analytics portal](/mem/analytics/enroll-intune#bkmk_onboard). You can enroll all of your devices or, if you want to include only Microsoft Managed Desktop devices, select the **modern workplace device** groups for Test, First, Fast, and Broad. These reports might require different permissions. For more information, see [Permissions](/mem/analytics/overview#permissions) to ensure you have roles appropriately assigned.

-Microsoft Intune is one of the services we use to manage devices on your behalf. In some cases, it can be helpful to use Intune reports to specifically monitor administration of your Microsoft Managed Desktop devices. Or you might want to exclude the devices we manage from a report you use to manage other devices. The following reports let you filter capability to include or exclude Microsoft Managed Desktop devices.

-> Custom Microsoft Managed Desktop roles guarantee access only to the Microsoft Managed Desktop reports. To access other parts of Microsoft Endpoint Manager, such as **All devices**, see [Role-based access control with Microsoft Intune](/mem/intune/fundamentals/role-based-access-control).

-In addition to the other reports, you can export information about the devices managed by Microsoft Managed Desktop. In the **Devices** view of the **Devices** area of Microsoft Endpoint Manager, use the **Export all** tab to [download a detailed inventory report](device-inventory-report.md).

-This report provides an overview of the deployment progress of a given Windows security update for your Microsoft Managed Desktop devices. At the beginning of each security update release cycle, Microsoft Managed Desktop takes a snapshot of all the enrolled devices. The deployment target is set to 95% of **Active** devices from that population. The graph shows your deployment progress for a selected release date compared to the Microsoft Managed Desktop average. While we focus on the Active population you can also pivot this report to show your **Active + Synced** and **Out of sync** device populations. You can view the deployment progress for previous releases by changing the available filters, but device level details are only available for the current release. Device information viewable in the table following the graph is also exportable for offline analysis.

-Typically, Microsoft releases security updates every second Tuesday of the month, though they can be released at other times when needed. Each release adds important updates for known security vulnerabilities. Microsoft Managed Desktop ensures that 95% of its active devices are updated with the latest available security update every month. When security updates are released at other times to urgently address new threats, Microsoft Managed Desktop deploys these updates similarly. We categorize the status of security update versions with these terms:

-There should only be a few devices in the **Older** category. A large or growing **Older** population probably indicates a systemic problem that you should report to Microsoft Managed Desktop so we can investigate.

-On November 2, 2021, we announced the public preview of Threat and Vulnerability management on Android and iOS. For more information, see [the techcommunity post here](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/reduce-risk-across-your-environments-with-the-latest-threat-and/ba-p/2902691).

-# Attack surface reduction rules

-The WinHTTP configuration setting is independent of the Windows Internet (WinINet) browsing proxy settings (see, [WinINet vs. WinHTTP](/windows/win32/wininet/wininet-vs-winhttp)) and can only discover a proxy server by using the following discovery methods:

- > If you're using Transparent proxy or WPAD in your network topology, you don't need special configuration settings. For more information on Defender for Endpoint URL exclusions in the proxy, see [Enable access to Defender for Endpoint service URLs in the proxy server](#enable-access-to-microsoft-defender-for-endpoint-service-urls-in-the-proxy-server).

-Configure a registry-based static proxy for Defender for Endpoint detection and response (EDR) sensor to report diagnostic data and communicate with Defender for Endpoint services if a computer is not permitted to connect to the Internet.

-The static proxy is also configurable through Group Policy (GP), both the settings under group policy values need to be set to configure the proxy server to be used for EDR. The group policy can be found under:

- Configure the proxy

-Microsoft Defender Antivirus [cloud-delivered protection](cloud-protection-microsoft-defender-antivirus.md) provides near-instant, automated protection against new and emerging threats. Note that connectivity is required for [custom indicators](manage-indicators.md) when Defender Antivirus is your active antimalware solution; and for [EDR in block mode](edr-in-block-mode.md) even when using a non-Microsoft solution as the primary antimalware solution.

-Configure the static proxy using the Group Policy found here:

-2. Set it to **Enabled** and define the proxy server. Note that the URL must have either http:// or https://. For supported versions for https://, see [Manage Microsoft Defender Antivirus updates](manage-updates-baselines-microsoft-defender-antivirus.md).

-> For resiliency purposes and the real-time nature of cloud-delivered protection, Microsoft Defender Antivirus will cache the last known working proxy. Ensure your proxy solution does not perform SSL inspection as this will break the secure cloud connection.

-> If required, you can use **Administrative Templates > Windows Components > Microsoft Defender Antivirus > Define proxy auto-config (.pac)** for connecting to the network if you need to set up advanced configurations with multiple proxies, Use **Administrative Templates > Windows Components > Microsoft Defender Antivirus > Define addresses** to bypass proxy server to prevent Microsoft Defender Antivirus from using a proxy server for those destinations.

-> You can also use PowerShell with the `Set-MpPreference` cmdlet to configure these options:

-> To use proxy correctly, configure these three different proxy settings:

-> - Laptops that are changing topology (for example: from office to home) will malfunction with netsh. Use the registry-based static proxy configuration.

-If a proxy or firewall is blocking all traffic by default and allowing only specific domains through, add the domains listed in the downloadable sheet to the allowed domains list.

-The following downloadable spreadsheet lists the services and their associated URLs that your network must be able to connect to. Ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an *allow* rule specifically for them.

-In your firewall, open all the URLs where the geography column is WW. For rows where the geography column is not WW, open the URLs to your specific data location. To verify your data location setting, see [Verify data storage location and update data retention settings for Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/data-retention-settings).

-> settings-win.data.microsoft.com is only needed if you have Windows devices running version 1803 or earlier.<br>

-> The above spreadsheet relates to MDE EDR, if you are using Microsoft Defender Antivirus in your environment, see [Configure network connections to the Microsoft Defender Antivirus cloud service](/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus).

-If a proxy or firewall is blocking anonymous traffic, as Defender for Endpoint sensor is connecting from system context, make sure anonymous traffic is permitted in the previously listed URLs.

-The information below list the proxy and firewall configuration information required to communicate with Log Analytics agent (often referred to as Microsoft Monitoring Agent) for the previous versions of Windows such as Windows 7 SP1, Windows 8.1, and Windows Server 2008 R2*

-> *These connectivity requirements also apply to the previous Microsoft Defender for Endpoint for Windows Server 2016 and Windows Server 2012 R2 that requires the MMA. Instructions to onboard these operating systems with the new unified solution are at [Onboard Windows servers](configure-server-endpoints.md), or to migrate to the new unified solution at [Server migration scenarios in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/server-migration).

-> As a cloud-based solution, the IP range can change. It's recommended you move to DNS resolving setting.

-1. Onboard a previous operating system with the Microsoft Monitoring Agent (MMA) into Defender for Endpoint (for more information, see [Onboard previous versions of Windows on Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2010326) and [Onboard Windows servers](configure-server-endpoints.md).

-3. Run the TestCloudConnection.exe tool from "C:\Program Files\Microsoft Monitoring Agent\Agent" to validate the connectivity and to see the required URLs for your specific workspace.

-The wildcards (\*) used in \*.ods.opinsights.azure.com, \*.oms.opinsights.azure.com, and \*.agentsvc.azure-automation.net URL endpoints can be replaced with your specific Workspace ID. The Workspace ID is specific to your environment and workspace and can be found in the Onboarding section of your tenant within the Microsoft 365 Defender portal.

-> In the case of onboarding via Microsoft Defender for Cloud, multiple workspaces maybe used. You will need to perform the TestCloudConnection.exe procedure above on an onboarded machine from each workspace (to determine if there are any changes to the *.blob.core.windows.net URLs between the workspaces).

-Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Defender for Endpoint service URLs.

-1. Download the [Microsoft Defender for Endpoint Client Analyzer tool](https://aka.ms/mdeanalyzer) to the PC where Defender for Endpoint sensor is running on.

-3. Open an elevated command-line:

- Replace *HardDrivePath* with the path where the MDEClientAnalyzer tool was downloaded to, for example:

-5. Extract the *MDEClientAnalyzerResult.zip* file created by tool in the folder used in the *HardDrivePath*.

-6. Open *MDEClientAnalyzerResult.txt* and verify that you have performed the proxy configuration steps to enable server discovery and access to the service URLs.

- The tool checks the connectivity of Defender for Endpoint service URLs that Defender for Endpoint client is configured to interact with. It then prints the results into the *MDEClientAnalyzerResult.txt* file for each URL that can potentially be used to communicate with the Defender for Endpoint services. For example:

-If at least one of the connectivity options returns a (200) status, then the Defender for Endpoint client can communicate with the tested URL properly using this connectivity method.

-However, if the connectivity check results indicate a failure, an HTTP error is displayed (see HTTP Status Codes). You can then use the URLs in the table shown in [Enable access to Defender for Endpoint service URLs in the proxy server](#enable-access-to-microsoft-defender-for-endpoint-service-urls-in-the-proxy-server). The URLs you'll use will depend on the region selected during the onboarding procedure.

-> The Connectivity Analyzer tool cloud connectivity checks are not compatible with Attack Surface Reduction rule [Block process creations originating from PSExec and WMI commands](attack-surface-reduction-rules-reference.md#block-process-creations-originating-from-psexec-and-wmi-commands). You will need to temporarily disable this rule to run the connectivity tool. Alternatively, you can temporarily add [ASR exclusions](attack-surface-reduction-rules-deployment-phase-3.md#customize-attack-surface-reduction-rules) when running the analyzer.

-> When the TelemetryProxyServer is set, in Registry or via Group Policy, Defender for Endpoint will fall back to direct if it can't access the defined proxy.

-> For Windows Server 2012 R2 and 2016 running the modern unified solution preview, integration with Microsoft Defender for Cloud / Microsoft Defender for servers for alerting and automated deployment is not yet available. Whilst you can install the new solution on these machines, no alerts will be displayed in Microsoft Defender for Cloud.

-You can query Microsoft Defender for Endpoint data by using [Advanced hunting](/microsoft-365/security/defender-endpoint/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender.md), you can use [advanced hunting](advanced-hunting-overview.md) to see how controlled folder access settings would affect your environment if they were enabled.

-Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is supported on Windows Server 2019, Windows Server 2022, Windows 10, and windows 11 clients. This article describes how to customize controlled folder access capabilities, and includes the following sections:

-> When any advanced troubleshooting parameter is used, the analyzer also calls into [MpCmdRun.exe](/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance) to collect Microsoft Defender Antivirus related support logs.

-[Controlled folder access](controlled-folders.md) is a feature that helps protect your documents and files from modification by suspicious or malicious apps. Controlled folder access is supported on Windows Server 2019, Windows Server 2022, Windows 10, and windows 11 clients.

-Control flow guard (CFG) mitigates the risk of attackers using memory corruption vulnerabilities by protecting indirect function calls. For example, an attacker may user a buffer overflow vulnerability to overwrite memory containing a function pointer, and replace that function pointer with a pointer to executable code of their choice (which may also have been injected into the program).

-**[Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-threat-protection)**

->- A Microsoft Defender Antivirus (Microsoft Defender AV) scan can run alongside other antivirus solutions, whether Microsoft Defender AV is the active antivirus solution or not. Microsoft Defender AV can be in Passive mode. For more information, see [Microsoft Defender Antivirus compatibility](/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md).

-> - A Microsoft Defender Antivirus (Microsoft Defender AV) scan can run alongside other antivirus solutions, whether Microsoft Defender Antivirus is the active antivirus solution or not. Microsoft Defender Antivirus can be in Passive mode. For more information, see [Microsoft Defender Antivirus compatibility](/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md).

-|11|Technical support|By using Microsoft Defender for Endpoint together with Microsoft Defender Antivirus, you have one company to call for technical support. [Troubleshoot service issues](/microsoft-365/security/defender-endpoint/troubleshoot-mde) and [review event logs and error codes with Microsoft Defender Antivirus](troubleshoot-microsoft-defender-antivirus.md).|

-To determine if ZAP moved your message, you can use the [Mailflow view for the Mailflow status report](view-email-security-reports.md#mailflow-view-for-the-mailflow-status-report) or [Threat Explorer (and real-time detections)](threat-explorer.md). Note that as a system action, ZAP is not logged in the Exchange mailbox audit logs.

-The energy industry provides society with fuel and critical infrastructure that people rely on every day. In order to ensure the reliability of infrastructure related to bulk power systems, regulatory authorities impose strict standards on energy industry organizations. These regulatory standards relate not only to the generation and transmission of power, but also to the data and communications that are critical to the day to day operations of energy companies.

-Organizations in the energy industry work with and exchange numerous types of information as part of their regular operations, including customer data, capital engineering design documentation, resource location maps, project management artifacts, performance metrics, field service reports, environmental data, and performance metrics. As these organizations look to transform their operations and collaboration systems into modern digital platforms, they are looking to Microsoft as a trusted Cloud Service Provider (CSP) and Microsoft 365 as their best-of-breed collaboration platform. Since Microsoft 365 is intrinsically built on the Microsoft Azure platform, organizations should examine both platforms as they consider their compliance and security controls when moving to the Cloud.

-In North America, the North America Electric Reliability Corporation (NERC) enforces reliability standards that are referred to as NERC [Critical Infrastructure Protection (CIP) standards](https://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx). NERC is subject to oversight by the U.S. Federal Energy Regulatory Commission (FERC) and governmental authorities in Canada. All bulk power system owners, operators, and users must register with NERC and must comply with NERC CIP standards. Cloud Service Providers and third-party vendors such as Microsoft are not subject to NERC CIP standards; however, the CIP standards include objectives that should be considered when Registered Entities use vendors in the operation of the Bulk Electric System (BES). Microsoft customers operating Bulk Electric Systems are wholly responsible for ensuring their own compliance with NERC CIP standards.

-These achievements are significant for the energy industry because a comparison between the FedRAMP Moderate control set and NERC CIP requirements shows that FedRAMP Moderate controls encompass all the NERC CIP requirements. For additional information, Microsoft has developed a [Cloud Implementation Guide for NERC Audits](https://servicetrust.microsoft.com/ViewPage/TrustDocuments?command=Download&downloadType=Document&downloadId=68df41b2-873d-4e4b-a7c8-8a0d4fdefb88&docTab=6d000410-c9e9-11e7-9a91-892aae8839ad_Compliance_Guides) that includes a control mapping between the current set of NERC CIP standards and FedRAMP Moderate control set as documented in NIST 800-53 Rev 4.

-Microsoft 365 is a modern workplace cloud environment that can provide secure and flexible collaboration across the enterprise, as well as controls and policy enforcement to adhere to the most stringent regulatory compliance frameworks. Through the following topics, this paper will explore how the Microsoft 365 platform helps the energy industry move to a modern collaboration platform, while helping keep data and systems both secure and compliant with regulations:

-Collaboration typically requires multiple forms of communication, the ability to store and access documents, and the ability to integrate other applications as needed. Whether they are global enterprises or local companies, employees in the energy sector typically need to collaborate and communicate with members of other departments or across teams. They also often need to communicate with external partners, vendors, or clients. As a result, utilizing systems that create silos or make it difficult to share information is typically not recommended. That said, we still want to ensure that employees are sharing information securely and according to policy.

-Providing employees with a modern, cloud-based collaboration platform, which allows them to choose and easily integrate the tools that make them most productive, empowers them to find the best ways to work and collaborate. Using Microsoft Teams, in conjunction with security controls and governance policies to protect the organization, can help your workforce to easily collaborate in the cloud.

-Microsoft Teams provides a collaboration hub for your organization, which quickly brings people together to work effectively and collaborate with other team members on common initiatives or projects. It allows team members to conduct conversations, collaborate, and co-author documents. It enables people to store and share files with team members or those outside the team. It also allows them to hold live meetings with integrated enterprise voice and video. Microsoft Teams can be customized with easy access to Microsoft apps such as Planner, Dynamics 365, Power BI, and other third-party line-of-business applications. Teams simplifies access to Office 365 services and third-party apps to centralize collaboration and communication needs for the organization.

-Every Microsoft Team is backed by an Office 365 Group. An Office 365 Group is considered the membership provider for numerous Office 365 services, including Microsoft Teams. As such, Office 365 Groups are used to securely control which users are considered members and which are owners of the group, thereby restricting the members and owners of the Team. This allows us to easily control which users have access to varying capabilities within Teams. As a result, Team members and owners may only access the capabilities that they are permitted to utilize.

-A common scenario where Microsoft Teams can benefit energy organizations is collaborating with contractors or external firms as part of a field service programs such as vegetation management. Contractors are typically engaged to manage vegetation or remove trees around power system installations, and they often need to receive work instructions, communicate with dispatchers and other field service personnel, take and share pictures of external surroundings, sign off when work is complete and share data back with head office. Traditionally, these programs have been run using phone, text, paper work orders, or custom applications. This can present numerous challenges including:

-Microsoft Teams can provide an easy-to-use collaboration space to securely share information and conduct conversations between team members and external field service contractors. Teams can be used to conduct meetings, place voice calls, centrally store and share work orders, collect field data, upload photos, integrate with business process solutions (built with Power Apps and Power Automate), and integrate line of business apps. This type of field service data may be considered low impact; however, efficiencies can be gained by centralizing communications and access data between employees and field service personnel in these scenarios.

-Another example where Microsoft Teams can benefit the energy industry is when field service personnel are working to restore service during an outage. Field staff often require fast access to schematic data for substations, generating stations, or blue prints for assets in the field. This data is considered high impact and must be protected according to NERC CIP regulations. Field service work during outages requires communication between field staff and office employees, and in turn with end customers. Centralizing communications and data sharing in Microsoft Teams provides field staff with an easy method to both access critical data and communicate information or status back to head office.

-**Office 365 Group Naming Policies** help to ensure that Office 365 Groups, and therefore Microsoft Teams, are named according to corporate policy. The name of a Team can present challenges if not named appropriately ΓÇô for example, employees may not know which teams to work or share information within if they are incorrectly named. Group naming policies can enforce good hygiene and may also prevent use of specific words, such as reserved words or inappropriate terminology.

-Administrators may specify an expiration period in days for Office 365 Groups, such as 90, 180 or 365 days. If a service which is backed by an Office 365 group is inactive for the expiration period, group owners are notified and if no action is taken then the Office 365 Group and all its related services including Microsoft Teams will be deleted.

-The over-retention of data in a Microsoft Team can pose litigation risks to organizations, and the use of expiration policies is a recommended method for protecting the organization. Combined with built-in retention labels and policies, Microsoft 365 helps ensure that organizations are only retaining the data required to meet regulatory compliance obligations.

-Microsoft Teams enables self-service creation of Teams by default. However, many regulated organizations wish to control and understand which collaboration spaces are currently in use by employees, which spaces contain sensitive data, and who the owners are of spaces throughout their organization. To facilitate these controls, Microsoft 365 allows organizations to disable self-service Teams creation and, using built-in Microsoft 365 business process automation tools such as Power Apps and Power Automate, allows organizations to build simple processes to request a new Team. Completing an easy to use form, an approval can be automatically requested by a manager. Once approved, the Team can be automatically provisioned and the requestor is sent a link to their new Team. By building such processes, organizations may also integrate custom requirements to facilitate other business processes.

-As mentioned, Microsoft Office 365 and Office 365 U.S. Government have each achieved FedRAMP ATO at the Moderate Impact Level, and Azure and Azure Government have achieved a FedRAMP High P-ATO which represents the highest level of FedRAMP authorization. Additionally, the FedRAMP moderate control set encompasses all of the NERC CIP requirements, thereby allowing energy industry organizations ("registered entities") to leverage existing FedRAMP authorizations as a scalable and efficient approach to addressing NERC audit requirements. However, its important to note that FedRAMP is not a point-in-time certification but an assessment and authorization program that includes provisions for [continuous monitoring](https://www.fedramp.gov/assets/resources/documents/CSP_Continuous_Monitoring_Strategy_Guide.pdf). Although this provision applies primarily to the CSP, Microsoft customers operating Bulk Electric Systems are responsible for ensuring their own compliance with NERC CIP standards and it is generally a recommended practice to continuously monitor the organization's compliance posture to help ensure ongoing compliance with regulations.

-The workflow-based capabilities built into Compliance Manager allow energy organizations to transform and digitize their regulatory compliance processes. Traditionally, challenges faced by compliance teams in the energy industry include:

-By automating aspects of regulatory compliance processes through the use of Compliance Manager, organizations can reduce the administrative burden on legal and compliance functions. This tooling can help address these challenges by providing more up to date information on remediation actions, more consistent reporting, and documented ownership of actions which is linked to the implementation of actions. Organizations can automatically track remediation actions over time and see overall efficiency gains. This can in turn enable staff to focus more effort on gaining insights and developing strategies to help navigate risk more effectively.

-Compliance Manager does not express an absolute measure of organizational compliance with any particular standard or regulation. It expresses the extent to which you have adopted controls which can reduce the risks to personal data and individual privacy. Recommendations from Compliance Manager should not be interpreted as a guarantee of compliance. The customer actions provided in Compliance Manager are recommendations; it is up to each organization to evaluate the effectiveness of these recommendations in their respective regulatory environment prior to implementation. Recommendations found in Compliance Manager should not be interpreted as a guarantee of compliance.

-Many cyber security related controls are included in the [FedRAMP Moderate Control Set](https://www.fedramp.gov/documents/) and [NERC CIP standards](https://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx). However, key controls related to the Microsoft 365 platform include security management controls (CIP-003-6), account and access management/access revocation (CIP-004-6), electronic security perimeter (CIP-005-5), security event monitoring, and incident response (CIP-008-5). The following foundational Microsoft 365 capabilities help to address the risks and requirements included in these topics.

-Protecting access to documents and applications begins with strongly securing user identities. As a foundation, this requires providing a secure platform for the enterprise to store and manage identities and providing a trusted means of authentication. It also requires dynamically controlling access to these applications. As employees work, they may move from application to application or across multiple locations and devices. As a result, access to data must be authenticated at each step of the way. In addition, the authentication process must support a strong protocol and multiple factors of authentication (one-time SMS pass code, authenticator app, certificate, etc.) so that we can ensure that identities have not been compromised. Finally, enforcing risk-based access policies are a key recommendation to protecting data and applications from insider threats, inadvertent data leaks and data exfiltration.

-**Azure AD Conditional Access** provides a robust solution for automating access control decisions and enforcing policies to protect company assets. A common example is when an employee wishes to access an application containing sensitive customer data, and they are automatically required to perform a multi-factor authentication to specifically access that application. Azure Conditional Access brings together signals from a user's access request, such as properties about the user, their device, location, network, and the app or repository they are trying to access. It can dynamically evaluate every attempt to access the application against configured policies. If user or device's risk is elevated, or if other conditions are not met, Azure AD can automatically enforce policy such as dynamically requiring MFA, restricting or even blocking access. This helps ensure that sensitive assets are protected in dynamically changing environments.

-**Microsoft Defender for Cloud Apps** provides organizations with the ability further enforce policies at a granular level and detect behavioral anomalies based on individual user profiles that are automatically defined using Machine Learning. Defender for Cloud Apps can build on Azure Conditional Access policies, to further protect sensitive assets by evaluating additional signals related to user behavior and properties of the documents being accessed. Over time, Defender for Cloud Apps will learn what is considered typical behavior for each employee, with regard to the data they access and the applications they use. Based on learned behavioral patterns, policies can automatically enforce security controls if an employee goes outside of that behavioral profile. For example, if an employee typically accesses an accounting app from 9am to 5pm, Monday to Friday, but that same user begins to access that application heavily on a Sunday evening, Defender for Cloud Apps can dynamically enforce policies to require the user to re-authenticate. This helps ensure that credentials have not been compromised. In addition, Defender for Cloud Apps can help discover and identify Shadow IT in the organization, helping InfoSec teams ensure that employees are using sanctioned tools when working with sensitive data. Finally, Defender for Cloud Apps can protect sensitive data anywhere in the Cloud, even outside of the Microsoft 365 platform. It allows organizations to sanction (or un-sanction) specific external Cloud apps, controlling access and monitoring when users work in those applications.

-**Azure Active Directory**, and the related Microsoft 365 security services, provide the foundation upon which a modern cloud collaboration platform can be rolled out to energy industry organizations so that access to data and applications can be strongly secured and regulatory compliance obligations can be met. To summarize, these tools provide the following key capabilities:

-The FedRAMP Moderate Control Set and NERC CIP standards also include information protection as a key control requirement (CIP-011-2). These requirements specifically address the need to identify information related to BES (Bulk Electric System) Cyber System Information, the protection and secure handling of that information, including storage, transit, and use. Specific examples of BES Cyber System Information may include security procedures or security information about systems that are fundamental to operating the bulk electric system (BES Cyber Systems, Physical Access Control Systems, and Electronic Access Control or monitoring systems) that is not publicly available and could be used to allow unauthorized access or unauthorized distribution. However, the same need exists to identify and protect customer information that is critical to the day to day operations of energy organizations.

-**Microsoft Information Protection (MIP)** allows employees to classify documents and emails with sensitivity labels. Sensitivity labels can be applied manually by users to documents within the Microsoft Office apps and to emails within Microsoft Outlook. Sensitivity labels can in turn automatically apply document markings, protection through encryption, and enforce rights management. They may also be applied automatically, by configuring policies which use keywords and sensitive data types (credit card numbers, social security numbers, identity numbers, etc.) to automatically find and classify sensitive data.

-In addition, Microsoft provides trainable classifiers which use machine learning models to identify sensitive data based on what the content is, as opposed to simply through pattern matching or by the elements within the content. A classifier learns how to identify a type of content by looking at numerous examples of the content to be classified. Training a classifier begins by providing it with examples of content within a particular category. Once it processes those examples, the model is tested by providing it with a mix of both matching and non-matching examples. The classifier then predicts whether a given example falls into the category or not. A person then confirms the results, sorting the positives, negatives, false positives, and false negatives to help increase the accuracy of the classifier's predictions. When the trained classifier is published, it processes content in SharePoint Online, Exchange Online, and OneDrive for Business, and automatically classifies the content.

-Applying sensitivity labels to documents and emails will embed metadata within the object which identifies the chosen sensitivity, thereby allowing the sensitivity to travel with the data. As a result, even if a labeled document is stored on a user's desktop or within an on-premise system, it is still protected. This in turn enables other Microsoft 365 solutions such as Microsoft Defender for Cloud Apps or network edge devices to identify sensitive data and automatically enforce security controls. Sensitivity labels have the added benefit of educating employees as to which data within an organization is considered sensitive, and how to handle that data should they receive it.

-**Office 365 Data Loss Prevention (DLP)** will automatically identify documents, emails and conversations which contain sensitive data by scanning them for sensitive data types and then enforcing policy on those objects. Policies are enforced on documents within SharePoint and OneDrive for Business. They are also enforced when users send email, and in Microsoft Teams within chat and channel conversations. Policies may be configured to look for keywords, sensitive data types, retention labels and whether data is shared within the organization or externally. Controls are provided to help organizations fine-tune DLP policies to better avoid false positives. When sensitive data is found, customizable policy tips may be displayed to users within Microsoft 365 applications, informing them that their content contains sensitive data and/or proposing corrective actions. Policies can also prevent users from accessing documents, sharing documents, or sending emails which contain certain types of sensitive data. Microsoft 365 supports over 100 built-in sensitive data types, and organizations can configure custom sensitive data types to meet their policies.

-Rolling out MIP and DLP policies to organizations requires careful planning and typically a user education program so that employees understand the organization's data classification schema and which types of data are considered sensitive. Providing employees with tools and education programs that help them identify sensitive data and help them understand how to handle it makes them part of the solution for mitigating information security risks.

-Regulations require many organizations to manage the retention of key organizational documents according to a managed corporate retention schedule. Organizations face regulatory compliance risks if data is under-retained (deleted too early), or legal risks if data is over-retained (kept too long). Effective records management strategies help to ensure that organizational documents are retained according to predetermined retention periods which are designed to minimize risk to the organization. Retention periods are prescribed in a centrally managed organizational record retention schedule, and they are based on the nature of each type of document, on regulatory compliance requirements for retaining specific types of data, and on the defined policies of the organization.

-Assigning record retention periods accurately across organizational documents may require a granular process which assigns retention periods uniquely to individual documents. The vast number of documents within energy industry organizations, coupled with the fact that in many cases retention periods can be triggered by organizational events (such as contracts expiring or an employee leaving the organization), make applying record retention policies at scale challenging for many organizations.

-Retention labels are then published to SharePoint or OneDrive sites, Exchange mailboxes, and Office 365 Groups. Users may then apply retention labels manually to documents and emails, or record managers can use rules to automatically apply retention labels. Auto-apply rules can be based on keywords or sensitive data found within documents or emails, such as credit card numbers, social security numbers or other personally identifiable information (PII) or they can be based on SharePoint metadata.

-The FedRAMP Moderate Control Set and NERC CIP standards also include Asset Reuse and Disposal as a key control requirement (CIP-011-2). These requirements once again specifically address BES (Bulk Electric System) Cyber System Information. However, other jurisdictional regulations will require energy industry organizations to manage and dispose of records effectively for numerous types of information. This will include financial statements, capital project information, budgets, customer data, etc. In all cases, energy organizations will be required to maintain robust records management programs and evidence related to the defensible disposition of corporate records.

-With each retention label, Office 365 allows record managers to determine if a disposition review is required. Then when those record types come up for disposition, after their retention period has expired, a review must be conducted by the designated disposition reviewers before content is deleted. Once the disposition review is approved, content deletion will proceed, however evidence of the deletion, the user that performed the deletion and date/time in which it occurred is still retained for multiple years (as a certificate of destruction). If organizations require longer or permanent retention of certificates of destruction, Microsoft Sentinel may be used for long term cloud-based storage of log and audit data. Microsoft Sentinel gives organizations full control over the long term storage and retention of activity data, log data and retention/disposition data.

-The U.S. Federal Energy Regulatory Commission (FERC) oversees [regulations related to energy markets and trading for the electric energy and natural gas markets](https://www.ferc.gov/CalendarFiles/20161117125529-WhitePaperCompliance.pdf). The U.S. Federal Trade Commission (FTC) oversees similar [regulations in the petroleum market](https://www.ftc.gov/sites/default/files/documents/rules/prohibition-energy-market-manipulation-rule/091113mmrguide.pdf). In both cases these regulatory bodies set out rules and guidance to prohibit energy market manipulation. FERC, for example, recommends that energy organizations invest in technology resources to monitor trading, trader communications, and compliance with internal controls. They further recommend that energy organizations evaluate, on a regular basis, the ongoing effectiveness of the organization's compliance program.

-Traditionally, communication monitoring solutions are costly, and they can be complex to configure and manage. Also, organizations can experience challenges with monitoring the numerous, varying communication channels available to employees. Microsoft 365 provides several built-in robust capabilities for monitoring employee communications, supervising employee activities, and helping to comply with FERC regulations for energy markets.

-Microsoft 365 enables organizations to configure supervision policies which capture employee communications (based on configured conditions) and allow these to be reviewed by designated supervisors. Supervision policies can capture internal/external email and attachments, Microsoft Teams chat and channel communications, Skype for Business Online chat communications and attachments, along with communications through third-party services (such as Facebook or Dropbox).

-The comprehensive nature of communications that may be captured and reviewed within an organization, and the extensive conditions with which policies may be configured, allow Microsoft 365 Supervision Policies to help organizations comply with FERC energy market regulations. Supervision policies may be configured to review communications for individuals or groups. In addition, supervisors may be configured to be individuals or groups. Comprehensive conditions may be configured to capture communications based on inbound or outbound messages, domains, retention labels, keywords or phrases, keyword dictionaries, sensitive data types, attachments, message size, or attachment size. Reviewers are provided with a dashboard where they can review flagged communications, act on communications that potentially violate policies, or mark flagged items as resolved. They may also review the results of previous reviews and items that were have been resolved.

-Microsoft 365 provides reports which allow supervision policy review activities to be audited based on the policy and the reviewer. The available reports may be used to validate that supervision policies are working as defined by the organizations written supervision policies. They may also be used to identify communications requiring review and which communications are not compliant with corporate policy. Finally, all activities related to configuring supervision policies and reviewing communications are audited in the Office 365 unified audit log.

-With many communication channels available to employees, organizations increasingly require effective solutions for monitoring or supervising communications in regulated industries such as energy trading markets. The recently launched Communication Compliance solution built into Microsoft 365 helps organizations overcome common challenges such as increasing numbers of communication channels and message volume, as well as the risk of potential fines for policy violations.

-Communication Compliance provides built-in threat, harassment, and profanity classifiers to help reduce false positives when reviewing communications. This saves reviewers time during the investigation and remediation process. It helps reviewers focus on specific messages within long threads that have been highlighted by policy alerts. This helps compliance teams more quickly identify and remediate risks. It provides compliance teams with the ability to easily configure and fine-tune policies, adjusting the solution to the organization's specific needs and reducing false positives. Communication Compliance can also track user behavior over time, highlighting potential patterns in risky behavior or policy violations. Finally, it provides flexible built-in remediation workflows so that reviewers can quickly take action and escalate to legal or human resources teams according to defined corporate processes.

-A common threat to enterprises is data exfiltration, or the act of extracting data from an organization. This can be a significant concern for energy organizations due to the sensitive nature of the information that may be accessed by employees or field service staff day to day. This includes both BES (Bulk Electric System) Cyber System information as well as business related information and customer data. With the increasing methods of communications available and numerous tools for moving data, advanced tools are typically required to mitigate risks of data leaks, policy violations and insider risk.

-Enabling employees with online collaboration tools that may be accessed anywhere inherently brings risk to an organization. Employees may inadvertently or maliciously leak data to attackers or to competitors. Alternatively, they may exfiltrate data for personal use or take data with them to a future employer. These scenarios' present serious risks to organizations from a security and a compliance standpoint. Identifying these risks when they occur and quickly mitigating them requires both intelligent tools for data collection and collaboration across departments such as legal, human resources, and information security.

-Microsoft 365 has recently launched the Insider Risk Management console which uses signals across Microsoft 365 services and machine learning models to monitor user behavior for signs of insider risk. This tool presents data to investigators so that they can easily identify risky behavioral patterns and escalate cases based on pre-determined workflows.

-For example, Insider Risk Management can correlate signals from a user's Windows 10 desktop, such as copying files to a USB drive or emailing a personal email account, with activities from online services such as Office 365 email, SharePoint Online, Microsoft Teams, OneDrive for Business, etc. to identify data exfiltration patterns. It can also correlate these activities with employees leaving an organization which is a common behavioral pattern associated with data exfiltration. It can monitor multiple activities and behavior over time, and when common patterns emerge, it can raise alerts and help investigators focus on key activities to verify a policy violation with a high degree of confidence. Insider Risk Management can also obfuscate data from investigators to help meet data privacy regulations, while still surfacing key activities that help them efficiently perform investigations. When ready, it allows investigators to package and securely send key activity data to human resources and legal departments, following common escalation workflows for raising cases for remediation action.

-Insider Risk Management is a significant increase in capabilities in Microsoft 365 for monitoring and investigating insider risks, while allowing organizations to still meet data privacy regulations and follow established escalations paths when cases require higher-level action.

-| [Virtual visits with Microsoft Teams and the Bookings app](https://docs.microsoft.com/microsoftteams/expand-teams-across-your-org/bookings-virtual-visits) | The Bookings app in Microsoft Teams gives organizations a simple way to schedule and manage virtual appointments for staff and attendees. Use it to schedule virtual appointments such as healthcare visits, financial consultations, interviews, customer support, virtual shopping experiences, education office hours, and more. |

-|[Teams for Healthcare ](https://docs.microsoft.com/MicrosoftTeams/expand-teams-across-your-org/healthcare/teams-in-hc) | Microsoft Teams offers a number of telemedicine features useful for hospitals and other Healthcare organizations. <br>- Virtual visits and Electronic Healthcare Record (EHR) integration<br>- Teams policy packates<br>- Secure messaging<br>- Teams templates<br>- Care coordination and collaboration |

-|[Microsoft Cloud for Healthcare](https://docs.microsoft.com/industry/healthcare/overview) | Learn about Microsoft Cloud for Healthcare and how it brings together trusted capabilities to customers and partners that enhance patient engagement, empowers health team collaboration, and improves clinical and operational data insights to improve decision-making and operational efficiencies. |

-| [Azure architecture and solutions for healthcare](https://docs.microsoft.com/azure/architecture/industries/healthcare)| Learn how you can use Microsoft Azure services to digitize, modernize, and enhance your healthcare solution at Azure for healthcare|

-<br>

-Assessing the data privacy regulations and risks that your organization is subject to is a key first step before implementing any related improvement actions, including those achievable with Microsoft 365 features and services.

-For a good reference on the broader regulatory framework for data privacy regulations, see the [Microsoft Services Trust Portal](https://servicetrust.microsoft.com/) and the [series of articles on the General Data Protection Regulation (GDPR) regulation](/compliance/regulatory/gdpr), as well as other materials on the regulations you may be subject to in your industry or region.

-The GDPR, the most well-known and cited of the data privacy regulations, regulates the collection, storage, processing, and sharing of any personal data that relates to an identified or identifiable natural person that is a resident of the European Union (EU).

-Although specific to GDPR, the questions posed in the free [Microsoft GDPR assessment tool](https://www.microsoft.com/cyberassessment/en/gdpr/uso365) provide a good start towards understanding your overall data privacy readiness.

-|[](https://download.microsoft.com/download/0/3/4/034fbee5-ecf4-4559-86d3-815e898f21ea/contoso-corporate-communication-poster.pdf) <br/> [PDF](https://download.microsoft.com/download/0/3/4/034fbee5-ecf4-4559-86d3-815e898f21ea/contoso-corporate-communication-poster.pdf) \| [Visio](https://download.microsoft.com/download/0/3/4/034fbee5-ecf4-4559-86d3-815e898f21ea/contoso-corporate-communication-poster.vsdx) <br>Updated January 2022 |This poster illustrates how Contoso keeps employees informed and engaged across popular communication scenarios. Contoso uses a variety of M365 apps, including a new offering, Viva Connections.<br/><br/>**Related solution guides** <br/> <ul><li>[Organizational communications: Guidance, methods, and products](/sharepoint/corporate-communications-overview)|

-|[](https://download.microsoft.com/download/0/5/b/05b7fb7c-1557-4ebb-9036-c5fc3a4cd94c/Migration-posters-mm-spmt.pdf) <p> [PDF](https://download.microsoft.com/download/0/5/b/05b7fb7c-1557-4ebb-9036-c5fc3a4cd94c/m365-migration-posters-mm-spmt.pdf)\|[Visio](https://download.microsoft.com/download/0/5/b/05b7fb7c-1557-4ebb-9036-c5fc3a4cd94c/m-365-migration-posters-mm-spmt.vsdx) <p> Updated March 2021 |Includes: <ul><li> File share migration</li><li>SharePoint Server migration</li></ul> <p> For more information, see [Migrate your content to Microsoft 365](/sharepointmigration/migrate-to-sharepoint-online).|