+ - UserClaim: **appid**

+1. \[ServiceNow Admin\] Enable Microsoft support integration for an existing user.

+ Microsoft 365 support integration is enabled for the user with one of these roles:

+ - x\_mioms\_m365\_assis.insights\_user

+ - x\_mioms\_m365\_assis.administrator

+

+ |Maximum number of eDiscovery hold policies for an organization. <br/> |10,000 <br/> |

+- Sender IP ranges

+- Recipient AD attribute contains words or phrases

+- Recipient AD attribute matches patterns

+- Document name contains words or phrases

+- Document name matches patterns

+- English

+## My security tool raised alert on UnicastScanner.ps1 / PSScript_{GUID}.ps1 or port scanning activity initiated by it, what should I do?

+3. Select **Add item**.

+By default, Defender for Endpoint on iOS includes and enables the web protection feature. [Web protection](web-protection-overview.md) helps to secure devices against web threats and protect users from phishing attacks. Note that Anti-phishing and custom indicators (URL and IP addresses) are supported as part of Web Protection. Web Content Filtering is currently not supported on iOS.

+Defender for Endpoint on iOS uses a VPN in order to provide this capability. Please note this is a local VPN and unlike traditional VPN, network traffic is not sent outside the device.

+> [!NOTE]

+> Zero-touch cannot be configured on iOS devices that are enrolled without user affinity (user-less devices or shared devices).

+# Show information about a specific registry value (the double backslash \\ indicates a registry value versus key)

+```console

+# Remediate a registry value (the double backslash \\ indicates a registry value versus key)

+remediate registry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SPStartup

+```

+> - `fileinfo` limit: 30 GB

+- Individual live response commands have a time limit of 10 minutes, with the exception of `getfile`, `findfile`, and `run`, which have a limit of 30 minutes.

+- [Live response command examples](live-response-command-examples.md)

+<br/><br/>

+|(Recommended) A quick scan looks at all the locations where there could be malware registered to start with the system, such as registry keys and known Windows startup folders. <br/><br/>Combined with always-on, real-time protection, which reviews files when they are opened and closed, and whenever a user navigates to a folder, a quick scan helps provide strong protection against malware that starts with the system and kernel-level malware.<br/><br/>In most cases, a quick scan is sufficient and is the recommended option for scheduled scans.|A full scan starts by running a quick scan and then continues with a sequential file scan of all mounted fixed disks and removable/network drives (if the full scan is configured to do so).<br/><br/>A full scan can take a few hours or days to complete, depending on the amount and type of data that needs to be scanned.<br/><br/>When the full scan is complete, new security intelligence is available, and a new scan is then required to make sure that no other threats are detected with the new security intelligence.<br/><br/>Because of the time and resources involved in a full scan, in general, Microsoft does not recommend scheduling full scans.|A custom scan runs on files and folders that you specify. For example, you can choose to scan a USB drive, or a specific folder on your device's local drive.|

+<br/><br/>

+- **Manage security settings in Security Center** - Configure alert suppression settings, manage folder exclusions for automation, onboard and offboard devices, manage email notifications, and manage evaluation lab

+## Office 365 Threat Intelligence connection

+This feature is only available if you have an active Office 365 E5 subscription or the Threat Intelligence add-on. For more information, see the Office 365 Enterprise E5 product page.

+When you turn on this feature, you'll be able to incorporate data from Microsoft Defender for Office 365 into Microsoft 365 Defender to conduct a comprehensive security investigation across Office 365 mailboxes and Windows devices.

+> [!NOTE]

+> You'll need to have the appropriate license to enable this feature.

+To receive contextual device integration in Office 365 Threat Intelligence, you'll need to enable the Defender for Endpoint settings in the Security & Compliance dashboard.

+Step 2: Slide the toggle to **Enable**. You will see a pop-up window stating that you need to add CNAME records.

+

+> [!NOTE]

+> This feature requires a Microsoft 365 administrator account. This feature isn't available for Microsoft 365 Government, Microsoft 365 operated by 21Vianet, or Microsoft 365 Germany.