| Category | Microsoft Docs article | Related commit history on GitHub | Change details |
|---|---|---|---|
| admin | Viva Learning Activity | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/viva-learning-activity.md | You can get a view into your user's Viva Learning activity by looking at the **A  - Active users ΓÇô Shows you the number of active users over time. For example, you can use it to find the number of active users in your organization on a specific day over the past 30 days.-- User activities ΓÇô Shows you the number of user activities over all platforms. For example, you can use it to find how many users in your organization bookmarked a course in the last 30 days.+- User activities ΓÇô Shows you the number of user activities, such as viewed featured content, learning tabs pinned, viewed learning objects, consumed learning objects, recommendations made, and bookmarks. |
| admin | Turn Pronouns On Or Off | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/turn-pronouns-on-or-off.md | You must be a Global admin to do the task in this article. For more information, > > Before you decide to turn the pronouns feature on or off, consider the following: >->- When you turn the pronouns feature on or off, it can take up to six hours for users to see changes. For example, if you turn on the pronouns feature, users can't see the option to add pronouns on their profile for up to six hours. If you turn off the pronouns feature, any previously set pronouns might stay visible in Microsoft 365 (for example, on profiles) for up to six hours. +>- When you turn the pronouns feature on or off, it can take up to seven hours for users to see changes. For example, if you turn on the pronouns feature, users can't see the option to add pronouns on their profile for up to seven hours. If you turn off the pronouns feature, any previously set pronouns might stay visible in Microsoft 365 (for example, on profiles) for up to seven hours. >- When you turn the pronouns feature off, all the pronouns data created by users is deleted. The data deletion process could take up to 30 days to complete. If you turn the pronouns feature back on within that period, any hidden pronouns that haven't yet been deleted from Microsoft servers become visible in Microsoft 365 experiences, such as profiles. >- After a user adds pronouns to their profile, the pronouns are visible to everyone in your organization. Users can't control who can see their pronouns in Microsoft 365 in your organization. However, pronouns aren't visible to people outside the organization. |
| admin | Organizational Messages | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/adoption/organizational-messages.md | A: As the frequency of the messages is at most once a week, the recommended mini A: Not currently, but additional customization options will be enabled in future releases. -## Organizational Messages in Microsoft Intune (Windows Endpoint Manager) +## Organizational Messages in Microsoft Intune -Organizational messages in Windows Endpoint Manager enable organizations to deliver branded personalized messages to their employees via native Windows 11 surfaces, such as Notification Center and the Get started app. These messages are intended to help people ramp up in new roles quicker, learn more about their organization, and stay informed of new updates and trainings. [Learn more about Organizational messages in Windows Endpoint Manager](/mem/intune/remote-actions/organizational-messages-prerequisites). +Organizational messages in Intune enable organizations to deliver branded personalized messages to their employees via native Windows 11 surfaces, such as Notification Center and the Get started app. These messages are intended to help people ramp up in new roles quicker, learn more about their organization, and stay informed of new updates and trainings. [Learn more about Organizational messages in Microsoft Intune](/mem/intune/remote-actions/organizational-messages-prerequisites). ## Appendix |
| admin | Cortana Integration | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/cortana-integration.md | Individuals can opt out of Play My Emails using the following steps. [Learn more about Play My Emails](https://support.microsoft.com/help/4558256) -### Briefing email --Cortana sends a personalized briefing email with tasks and commitments you made with a convenient way to mark them as **done** or schedule focus time to get them done. It also includes a summary of your meetings and relevant documents for your day. Cortana extracts information from a userΓÇÖs email messages and stores it in their Exchange Online mailbox until itΓÇÖs consolidated into the Briefing email. At no time is personal data accessible outside of your Exchange Online mailbox. Users get access to the Briefing email only if they have licenses that include the Exchange Online service plan. --### How to opt out of Briefing email --Admins can configure Briefing for their organization using [PowerShell](/briefing/be-admin) in Exchange Online. Individuals can opt out of Cortana's Briefing email by selecting **Unsubscribe** in the footer of the message. --[Learn more about the Briefing email](https://support.microsoft.com/help/4558259) --We'll continue to introduce more experiences like the above to help increase your organization's productivity. --[Learn more about Microsoft Compliance offerings](/compliance/regulatory/offering-home) - ## How is the delivery of Cortana enterprise services different from the delivery of other Cortana features I may have previously experienced? Here are the two ways to think of how Cortana works in your enterprise: |
| business-premium | M365bp Device Groups Mdb | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-device-groups-mdb.md | You can create a new device group while you are in the process of creating or ed Create device categories in Intune from which users must choose when they enroll a device. -1. Sign in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com). +1. Sign in to the [Microsoft Intune admin center](https://endpoint.microsoft.com). 2. Choose **Devices** > **Device categories** > **Create device category** to add a new category. After choosing a category, the device is automatically added to the correspondin ## View the categories of devices that you manage -1. Sign in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com), choose **Devices** > **All devices**. +1. Sign in to the [Microsoft Intune admin center](https://endpoint.microsoft.com), choose **Devices** > **All devices**. 2. In the list of devices, examine the **Device category** column. After choosing a category, the device is automatically added to the correspondin ## Change the category of a device -1. Sign in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com), choose **Devices** > **All devices**. +1. Sign in to the [Microsoft Intune admin center](https://endpoint.microsoft.com), choose **Devices** > **All devices**. 2. Select the category you want from the list, to see its properties. |
| business-premium | M365bp Intune Admin Roles In The Mac | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-intune-admin-roles-in-the-mac.md | description: "The Microsoft 365 admin center lets you manage some Microsoft Intu Your Microsoft 365 or Office 365 subscription comes with a set of admin roles that you can assign to any users in your organization using the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>. Each admin role maps to common business functions and gives people in your organization permissions to do specific tasks in the admin centers. Given this, these roles are only a subset of all the roles available in the Intune admin center, which includes additional roles specific to Intune itself. -Before adding specific Intune roles, roles must be assigned in Azure AD. To see these roles, choose **Endpoint Manager > Tenant administration > Roles > All roles >**. You can manage the role on the following pages: +Before adding specific Intune roles, roles must be assigned in Azure AD. To see these roles, sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) > Tenant administration > Roles > All roles >**. You can manage the role on the following pages: - Properties: The name, description, permissions, and scope tags for the role. - Assignments: A list of role assignments defining which users have access to which users or devices. A role can have multiple assignments, and a user can be in multiple assignments. As with built-in roles, in order to create, edit, or assign roles, your account To create a custom role: -1. In the Microsoft Endpoint Manager admin center, choose **Tenant administration > Roles > All roles > Create**. +1. In the Microsoft Intune admin center, choose **Tenant administration > Roles > All roles > Create**. 1. On the **Basics** page, enter a name and description for the new role, then choose **Next**. To create a custom role: To copy a role: -1. In the Microsoft Endpoint Manager admin center, choose **Tenant administration > Roles > All roles >** select the checkbox for a role in the list > **Duplicate**. +1. In the Microsoft Intune admin center, choose **Tenant administration > Roles > All roles >** select the checkbox for a role in the list > **Duplicate**. 1. On the **Basics** page, enter a name. Make sure to use a unique name. You can assign a built-in or custom role to an Intune user. To create, edit, or - **Global Administrator** - **Intune Service Administrator** (also known as **Intune Administrator** but not to be confused with the built-in **Intune Role Administrator** role.) -1. In the Microsoft Endpoint Manager admin center, choose **Tenant administration > Roles > All roles**. +1. In the Microsoft Intune admin center, choose **Tenant administration > Roles > All roles**. -1. On the **Endpoint Manager roles - All roles** blade, choose the built-in role you want to assign > Assignments > + Assign. +1. Choose the built-in role you want to assign > Assignments > + Assign. 1. On the **Basics** page, enter an Assignment name and optional Assignment description, and then choose **Next**. |
| business-premium | M365bp Review Threats Take Action | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-review-threats-take-action.md | description: "Learn how to review and manage threats detected by Microsoft Defen # Review detected threats -As soon as a malicious file or software is detected, Microsoft Defender blocks it and prevents it from running. And with cloud-delivered protection turned on, newly detected threats are added to the antivirus and antimalware engine so that your other devices and users are protected, as well. +As soon as Microsoft Defender detects a malicious file or software, Microsoft Defender blocks it and prevents it from running. And with cloud-delivered protection turned on, newly detected threats are added to the antivirus and antimalware engine so that your other devices and users are protected, as well. Microsoft Defender Antivirus detects and protects against the following kinds of threats: Microsoft Defender Antivirus detects and protects against the following kinds of - Phishing attempts - Data theft attempts -As an IT professional/admin, you can view information about threat detections across [Windows devices that are enrolled in Intune](/mem/intune/enrollment/device-enrollment) in the Microsoft 365 admin center. You'll see summary information, such as: +As an IT professional/admin, you can view information about threat detections across [Windows devices enrolled in Intune](/mem/intune/enrollment/device-enrollment) in the Microsoft 365 admin center. You'll see summary information, such as: - How many devices need antivirus protection - How many devices aren't in compliance with security policies When you view details about specific threats or devices, you'll see recommendati | Configure protection | Your threat protection policies need to be configured. Select the link to go to your policy configuration page.<br><br>Need help? See [Manage device security with endpoint security policies in Microsoft Intune](/mem/intune/protect/endpoint-security-policy). | | Update policy | Your antivirus and real-time protection policies need to be updated or configured. Select the link to go to the policy configuration page.<br><br>Need help? See [Manage device security with endpoint security policies in Microsoft Intune](/mem/intune/protect/endpoint-security-policy). | | Run quick scan | Starts a quick antivirus scan on the device, focusing on common locations where malware might be registered, such as registry keys and known Windows startup folders. |-| Run full scan | Starts a full antivirus scan on the device, focusing on common locations where malware might be registered, and including every file and folder on the device. Results are sent to [Microsoft Endpoint Manager](/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager). | +| Run full scan | Starts a full antivirus scan on the device, focusing on common locations where malware might be registered, and including every file and folder on the device. Results are sent to [Microsoft Intune](/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager). | | Update antivirus | Requires the device to get [security intelligence updates](https://go.microsoft.com/fwlink/?linkid=2149926) for antivirus and antimalware protection. | | Restart device | Forces a Windows device to restart within five minutes.<br><br>**IMPORTANT:** The device owner or user isn't automatically notified of the restart and could lose unsaved work. | When you view details about specific threats or devices, you'll see recommendati 1. Go to the ([Microsoft 365 Defender portal](https://security.microsoft.com)) and sign in. -1. In the navigation pane, choose **Threat Analytics** to see all the current threats. They are categorized by threat severity and type. +1. In the navigation pane, choose **Threat Analytics** to see all the current threats. Threads are categorized by threat severity and type. 1. Click on a threat to see more details about the threat. When you view details about specific threats or devices, you'll see recommendati ## Manage threat detections in Microsoft Intune -You can use Microsoft Endpoint Manager to manage threat detections as well. First, all devices whether Windows, iOS or Android, must be [enrolled in Intune](/mem/intune/enrollment/windows-enrollment-methods) (part of Microsoft Endpoint Manager). +You can use Microsoft Intune to manage threat detections as well. First, all devices whether Windows, iOS or Android, must be [enrolled in Intune](/mem/intune/enrollment/windows-enrollment-methods). -1. Go to the Microsoft Endpoint Manager admin center at <a href="https://go.microsoft.com/fwlink/p/?linkid=2150463" target="_blank">https://endpoint.microsoft.com</a> and sign in. +1. Go to the Microsoft Intune admin center at <a href="https://go.microsoft.com/fwlink/p/?linkid=2150463" target="_blank">https://endpoint.microsoft.com</a> and sign in. 2. In the navigation pane, select **Endpoint security**. You can use Microsoft Endpoint Manager to manage threat detections as well. Firs For example, suppose that devices are listed on the **Active malware** tab. When you select a device, you'll have certain actions available, such as **Restart**, **Quick Scan**, **Full Scan**, **Sync**, or **Update signatures**. Select an action for that device. -The following table describes the actions you might see in Microsoft Endpoint Manager.<br><br> +The following table describes the actions you might see in Microsoft Intune.<br><br> | Action | Description | |--|--| | Restart | Forces a Windows device to restart within five minutes.<br><br>**IMPORTANT:** The device owner or user isn't automatically notified of the restart and could lose unsaved work. |-| Quick Scan | Starts a quick antivirus scan on the device, focusing on common locations where malware might be registered, such as registry keys and known Windows startup folders. Results are sent to [Microsoft Endpoint Manager](/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager). | -| Full Scan | Starts a full antivirus scan on the device, focusing on common locations where malware might be registered, and including every file and folder on the device. Results are sent to [Microsoft Endpoint Manager](/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager). | -| Sync | Requires a device to check in with Intune (part of Microsoft Endpoint Manager). When the device checks in, the device receives any pending actions or policies assigned to the device. | +| Quick Scan | Starts a quick antivirus scan on the device, focusing on common locations where malware might be registered, such as registry keys and known Windows startup folders. Results are sent to [Microsoft Intune](/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager). | +| Full Scan | Starts a full antivirus scan on the device, focusing on common locations where malware might be registered, and including every file and folder on the device. Results are sent to [Microsoft Intune](/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager). | +| Sync | Requires a device to check in with Intune. When the device checks in, the device receives any pending actions or policies assigned to the device. | | Update signatures | Requires the device to get [security intelligence updates](https://go.microsoft.com/fwlink/?linkid=2149926) for antivirus and antimalware protection. | > [!TIP] |
| business-premium | M365bp Threats Detected Defender Av | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-threats-detected-defender-av.md | When threats are detected by Microsoft Defender Antivirus, the following things - Detections are listed in the [Windows Security app](/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center) on the **Protection history** page. - If you've [secured your Windows 10 devices](../admin/setup/secure-win-10-pcs.md) and [enrolled them in Intune](/mem/intune/enrollment/windows-enrollment-methods), and your organization has 800 or fewer devices enrolled, you'll see threat detections and insights in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a> on the **Threats and antivirus** page, which you can access from the **Microsoft Defender Antivirus** card on the **Home** page (or from the navigation pane by selecting **Health** > **Threats & antivirus**). - If your organization has more than 800 devices enrolled in Intune, you'll be prompted to view threat detections and insights from [Microsoft Endpoint Manager](/mem/endpoint-manager-overview) instead of from the **Threats and antivirus** page. + If your organization has more than 800 devices enrolled in Intune, you'll be prompted to view threat detections and insights from Microsoft Intune instead of from the **Threats and antivirus** page. > [!NOTE] > The **Microsoft Defender Antivirus** card and **Threats and antivirus** page are being rolled out in phases, so you may not have immediate access to them. |
| business-premium | M365bp View Edit Create Mdb Policies | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-view-edit-create-mdb-policies.md | -In Microsoft 365 Business Premium, security settings for managed devices are configured through device protection policies in the Microsoft 365 Defender portal or in the Microsoft Endpoint Manager admin center. To help simplify setup and configuration, there are pre-configured policies that help protect your organization's devices as soon as they are onboarded. You can use the default policies, edit existing policies, or create your own policies. +In Microsoft 365 Business Premium, security settings for managed devices are configured through device protection policies in the Microsoft 365 Defender portal or in the Microsoft Intune admin center. To help simplify setup and configuration, there are pre-configured policies that help protect your organization's devices as soon as they are onboarded. You can use the default policies, edit existing policies, or create your own policies. **This guidance describes how to**: - Get an overview of your default policies-- Work with device policies in either the Microsoft 365 Defender portal or the Microsoft Endpoint Manager admin center (Intune).+- Work with device policies in either the Microsoft 365 Defender portal or the Microsoft Intune admin center. ## About the default device protection policies Microsoft 365 Business Premium includes two main types of policies to protect yo - **Firewall policies**, which determine what network traffic is permitted to flow to and from your organization's devices. -These policies are part of Microsoft Defender for Business, included in your Microsoft 365 Business Premium subscription. Information is provided for working with policies in the Microsoft 365 Defender portal or in the Microsoft Endpoint Manager admin center. +These policies are part of Microsoft Defender for Business, included in your Microsoft 365 Business Premium subscription. Information is provided for working with policies in the Microsoft 365 Defender portal or in the Microsoft Intune admin center. ## Working with device polices in the Microsoft 365 Defender portal To create a new device protection policy: - Make any needed changes by selecting **Edit**. - When youΓÇÖre ready to proceed, choose **Create policy**. -## Working with device policies in the Microsoft Endpoint Manager admin center +## Working with device policies in the Microsoft Intune admin center -Use the following information to create and manage device policies in Intune, done through Endpoint security in the Microsoft Endpoint Manager admin center. +Use the following information to create and manage device policies in Intune, done through Endpoint security in the Microsoft Intune admin center. ### Create, duplicate and edit policies To create a policy in Intune -1. Sign in to the Microsoft Endpoint Manager admin center. +1. Sign in to the Microsoft Intune admin center. 1. Select **Endpoint security** and the type of policy you want to configure, and then select **Create Policy**. To create a policy in Intune To duplicate a policy in Intune: -1. Sign in to the Microsoft Endpoint Manager admin center. +1. Sign in to the Microsoft Intune admin center. 1. Select the policy that you want to copy. Next, select **Duplicate** or select the ellipsis **(...)** to the right of the policy and select **Duplicate**. 1. Provide a New name for the policy, and then select **Save**. |
| compliance | Compliance Manager Alert Policies | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-alert-policies.md | f1.keywords: Previously updated : 01/24/2022 Last updated : 01/01/2023 audience: Admin |
| compliance | Compliance Manager Assessments | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-assessments.md | f1.keywords: Previously updated : 05/27/2020 Last updated : 01/11/2023 audience: Admin |
| compliance | Compliance Manager Improvement Actions | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-improvement-actions.md | f1.keywords: Previously updated : 06/09/2020 Last updated : 01/01/2023 audience: Admin |
| compliance | Compliance Manager Mcca | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-mcca.md | f1.keywords: Previously updated : 10/23/2020 Last updated : 01/01/2023 audience: Admin |
| compliance | Compliance Manager Quickstart | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-quickstart.md | f1.keywords: Previously updated : 09/08/2020 Last updated : 01/01/2023 audience: Admin |
| compliance | Compliance Manager Setup | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-setup.md | f1.keywords: Previously updated : 10/17/2019 Last updated : 01/25/2023 audience: Admin |
| compliance | Compliance Manager Templates Create | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-templates-create.md | f1.keywords: Previously updated : 10/06/2021 Last updated : 01/18/2023 audience: Admin |
| compliance | Compliance Manager Templates Extend | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-templates-extend.md | f1.keywords: Previously updated : 10/06/2021 Last updated : 01/18/2023 audience: Admin |
| compliance | Compliance Manager Templates Format Excel | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-templates-format-excel.md | f1.keywords: Previously updated : 10/06/2021 Last updated : 01/01/2023 audience: Admin |
| compliance | Compliance Manager Templates List | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-templates-list.md | f1.keywords: Previously updated : 06/09/2020 Last updated : 01/01/2023 audience: Admin |
| compliance | Compliance Manager Templates Modify | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-templates-modify.md | f1.keywords: Previously updated : 10/06/2021 Last updated : 01/18/2023 audience: Admin |
| compliance | Compliance Manager Templates | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-templates.md | f1.keywords: Previously updated : 08/20/2020 Last updated : 01/01/2023 audience: Admin |
| compliance | Compliance Manager Update Actions | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-update-actions.md | f1.keywords: Previously updated : 06/22/2022 Last updated : 01/01/2023 audience: Admin |
| compliance | Compliance Manager Whats New | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-whats-new.md | f1.keywords: Previously updated : 02/17/2021 Last updated : 01/25/2023 audience: Admin |
| compliance | Compliance Manager | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager.md | f1.keywords: Previously updated : 08/20/2020 Last updated : 01/01/2023 audience: Admin |
| compliance | Compliance Score Calculation | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-score-calculation.md | f1.keywords: Previously updated : 09/17/2019 Last updated : 01/01/2023 audience: Admin |
| compliance | Device Onboarding Offboarding Macos Intune Mde | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/device-onboarding-offboarding-macos-intune-mde.md | description: Learn how to onboard and offboard macOS devices into Microsoft Purv ## Before you begin - Make sure your [macOS devices are onboarded into Intune](/mem/intune/fundamentals/deployment-guide-platform-macos) and enrolled in the [Company Portal app](/mem/intune/user-help/enroll-your-device-in-intune-macos-cp). -- Make sure you have access to the [Microsoft Endpoint Manager center](https://endpoint.microsoft.com/#home)+- Make sure you have access to the [Microsoft Intune admin center](https://endpoint.microsoft.com/#home) - This supports the three latest released macOS versions. - Install the v95+ Edge browser on your macOS devices full disk access |[fulldisk.mobileconfig](https://github.com/microsoft/mdatp ### Create system configuration profiles -1. Open the **Microsoft Endpoint Manager center** > **Devices** > **Configuration profiles**. +1. Open the **Microsoft Intune admin center** > **Devices** > **Configuration profiles**. 1. Choose: **Create profile**. Here's an [example mobileconfig](https://github.com/microsoft/mdatp-xplat/blob/m > [!IMPORTANT] > Offboarding causes the device to stop sending sensor data to the portal but data from the device, including reference to any alerts it has had will be retained for up to 6 months. -1. In **Microsoft Endpoint Manager center**, open **Devices** > **Configuration profiles**, you should see your created profiles there. +1. In **Microsoft Intune admin center**, open **Devices** > **Configuration profiles**, you should see your created profiles there. 2. In the **Configuration profiles** page, choose the MDE preferences profile. |
| compliance | Device Onboarding Offboarding Macos Intune | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/device-onboarding-offboarding-macos-intune.md | You can use Intune to onboard macOS devices into Microsoft Purview solutions. ## Before you begin - Make sure your [macOS devices are onboarded into Intune](/mem/intune/fundamentals/deployment-guide-platform-macos) and are enrolled in the [Company Portal app](/mem/intune/user-help/enroll-your-device-in-intune-macos-cp). -- Make sure you have access to the [Microsoft Endpoint Manager center](https://endpoint.microsoft.com/#home).+- Make sure you have access to the [Microsoft Intune admin center](https://endpoint.microsoft.com/#home). - This supports three most recent major releases of macOS. - Create the user groups that you are going to assign the configuration updates to. - Install the v95+ Edge browser on your macOS devices full disk access |[fulldisk.mobileconfig](https://github.com/microsoft/mdatp ### Deploy the mobileconfig and onboarding packages -1. Open the **Microsoft Endpoint Manager center** > **Devices** > **Configuration profiles**. +1. Open the **Microsoft Intune admin center** > **Devices** > **Configuration profiles**. 1. Choose: **Create profile** full disk access |[fulldisk.mobileconfig](https://github.com/microsoft/mdatp Microsoft Endpoint DLP is installed as a component of Microsoft Defender for Endpoint (MDE) on macOS. This procedure applies to onboarding devices into Microsoft Purview solutions -1. In the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/), open **Apps**. +1. In the [Microsoft Intune admin center](https://endpoint.microsoft.com/), open **Apps**. 1. Select By platform > macOS > Add. Microsoft Endpoint DLP is installed as a component of Microsoft Defender for End > [!NOTE] > Offboarding causes the device to stop sending sensor data to the portal but data from the device, including reference to any alerts it has had will be retained for up to six months. -1. In **Microsoft Endpoint Manager center**, open **Devices** > **Configuration profiles**, you should see your created profiles there. +1. In the **Microsoft Intune admin center**, open **Devices** > **Configuration profiles**, you should see your created profiles there. 1. In the **Configuration profiles** page, choose the *wdav.pkg.intunemac* profile. |
| compliance | Dlp Chrome Get Started | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-chrome-get-started.md | Here's a list of applicable role groups. To learn more about them, see [Permissi ### Overall installation workflow -Deploying the extension is a multi-phase process. You can choose to install on one machine at a time, or use Microsoft Endpoint Manager or Group Policy for organization-wide deployments. +Deploying the extension is a multi-phase process. You can choose to install on one machine at a time, or use Microsoft Intune or Group Policy for organization-wide deployments. 1. [Prepare your devices](#prepare-your-devices). 2. [Basic Setup Single Machine Selfhost](#basic-setup-single-machine-selfhost)-3. [Deploy using Microsoft Endpoint Manager](#deploy-using-microsoft-endpoint-manager) +3. [Deploy using Microsoft Intune](#deploy-using-microsoft-intune) 4. [Deploy using Group Policy](#deploy-using-group-policy) 5. [Test the extension](#test-the-extension) 6. [Use the Alerts Management Dashboard to viewing Chrome DLP alerts](#use-the-alerts-management-dashboard-to-viewing-chrome-dlp-alerts) This is the recommended method. 2. Install the extension using the instructions on the Chrome Web Store page. -### Deploy using Microsoft Endpoint Manager +### Deploy using Microsoft Intune Use this setup method for organization-wide deployments. -#### Microsoft Endpoint Manager Force Install Steps +#### Microsoft Intune Force Install Steps -Before adding the extension to the list of force-installed extensions, it is important to ingest the Chrome ADMX. Steps for this process in Microsoft Endpoint Manager are documented by Google: [Manage Chrome Browser with Microsoft Intune - Google Chrome Enterprise Help](https://support.google.com/chrome/a/answer/9102677?hl=en#zippy=%2Cstep-ingest-the-chrome-admx-file-into-intune). +Before adding the extension to the list of force-installed extensions, it is important to ingest the Chrome ADMX. Steps for this process in Microsoft Intune are documented by Google: [Manage Chrome Browser with Microsoft Intune - Google Chrome Enterprise Help](https://support.google.com/chrome/a/answer/9102677?hl=en#zippy=%2Cstep-ingest-the-chrome-admx-file-into-intune). After ingesting the ADMX, the steps below can be followed to create a configuration profile for this extension. -1. Sign in to the Microsoft Endpoint Manager Admin Center (https://endpoint.microsoft.com). +1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 2. Navigate to Configuration Profiles. Before adding the extension to the list of force-installed extensions, it is imp ### Deploy using Group Policy -If you don't want to use Microsoft Endpoint Manager, you can use group policies to deploy the extension across your organization. +If you don't want to use Microsoft Intune, you can use group policies to deploy the extension across your organization. #### Adding the Chrome Extension to the ForceInstall List |
| compliance | Dlp Firefox Extension Get Started | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-firefox-extension-get-started.md | Here's a list of applicable role groups. To learn more about the, see [Permissio ### Overall installation workflow -Deploying the extension is a multi-phase process. You can choose to install on one machine at a time, or use Microsoft Endpoint Manager or Group Policy for organization-wide deployments. +Deploying the extension is a multi-phase process. You can choose to install on one machine at a time, or use Microsoft Intune or Group Policy for organization-wide deployments. 1. [Prepare your devices](#prepare-your-devices). 2. [Basic Setup Single Machine Selfhost](#basic-setup-single-machine-selfhost)-3. [Deploy using Microsoft Endpoint Manager](#deploy-using-microsoft-endpoint-manager) +3. [Deploy using Microsoft Intune](#deploy-using-microsoft-intune) 4. [Deploy using Group Policy](#deploy-using-group-policy) 5. [Test the extension](#test-the-extension) 6. [Use the Alerts Management Dashboard to view Firefox DLP alerts](#use-the-alerts-management-dashboard-to-view-firefox-dlp-alerts) This is the recommended method. 3. Confirm the installation. -### Deploy using Microsoft Endpoint Manager +### Deploy using Microsoft Intune Use this setup method for organization-wide deployments. -#### Microsoft Endpoint Manager Force Install Steps +#### Microsoft Intune Force Install Steps -Before adding the extension to the list of force-installed extensions, it is important to ingest the Firefox ADMX. Steps for this process in Microsoft Endpoint Manager are documented below. Before beginning these steps, please ensure you have downloaded the latest Firefox ADMX from the [Firefox GitHub](https://github.com/mozilla/policy-templates/releases). +Before adding the extension to the list of force-installed extensions, it is important to ingest the Firefox ADMX. Steps for this process in Microsoft Intune are documented below. Before beginning these steps, please ensure you have downloaded the latest Firefox ADMX from the [Firefox GitHub](https://github.com/mozilla/policy-templates/releases). After ingesting the ADMX, the steps below can be followed to create a configuration profile for this extension. -1. Sign in to the Microsoft Endpoint Manager Admin Center (https://endpoint.microsoft.com). +1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 2. Navigate to Configuration Profiles. After ingesting the ADMX, the steps below can be followed to create a configurat ### Deploy using Group Policy -If you don't want to use Microsoft Endpoint Manager, you can use group policies to deploy the extension across your organization. +If you don't want to use Microsoft Intune, you can use group policies to deploy the extension across your organization. #### Adding the Chrome Extension to the ForceInstall List |
| compliance | Ediscovery Create Holds | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ediscovery-create-holds.md | f1.keywords: Previously updated : 01/01/2023 Last updated : 02/22/2023 audience: Admin search.appverid: # Create an eDiscovery hold -You can use a Microsoft Purview eDiscovery (Standard) case to create holds to preserve content that might be relevant to the case. You can place a hold on the Exchange mailboxes and OneDrive for Business accounts of people you're investigating in the case. You can also place a hold on the mailboxes and sites that are associated with Microsoft Teams, Office 365 Groups, and Yammer Groups. When you place content locations on hold, content is preserved until you remove the content location from the hold or until you delete the hold. +You can use a Microsoft Purview eDiscovery (Standard) case to create holds to preserve content that might be relevant to the case. You can place a hold on the Exchange mailboxes and OneDrive for Business accounts of people you're investigating in the case. You can also place a hold on the mailboxes and sites that are associated with Microsoft Teams, Microsoft 365 groups, and Yammer Groups. When you place content locations on hold, content is preserved until you remove the content location from the hold or until you delete the hold. After you create an eDiscovery hold, it may take up to 24 hours for the hold to take effect. When you create a hold, you have the following options to scope the content that's preserved in the specified content locations: - Create an infinite hold where all content in the specified locations is placed on hold. Alternatively, you can create a query-based hold where only the content in the specified locations that matches a search query is placed on hold.-- Specify a date range to preserve only the content that was sent, received, or created within that date range. Alternatively, you can hold all content in specified locations regardless of when it was sent, received, or created.+- Specify a date range to preserve only the content that was sent, received, or created within that date range. Alternatively, you can hold all content in specified locations regardless of when sent, received, or created. [!INCLUDE [purview-preview](../includes/purview-preview.md)] When you create a hold, you have the following options to scope the content that To create an eDiscovery hold that's associated with a eDiscovery (Standard) case: -1. Go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft Purview compliance portal</a> and sign in using the credentials for user account that has been assigned the appropriate eDiscovery permissions. +1. Go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft Purview compliance portal</a> and sign in using the credentials for user account with the appropriate eDiscovery permissions. 2. In the left navigation pane, select **Show all**, and then select **eDiscovery > Core**. To create an eDiscovery hold that's associated with a eDiscovery (Standard) case  - 1. **Exchange mailboxes**: Set the toggle to **On** and then select **Choose users, groups, or teams** to specify the mailboxes to place on hold. Use the search box to find user mailboxes and distribution groups (to place a hold on the mailboxes of group members) to place on hold. You can also place a hold on the associated mailbox for a Microsoft Team, Office 365 Group, and Yammer Group. For more information about the application data that is preserved when a mailbox is placed on hold, see [Content stored in mailboxes for eDiscovery](ediscovery-what-is-stored-in-a-mailbox.md). + 1. **Exchange mailboxes**: Set the toggle to **On** and then select **Choose users, groups, or teams** to specify the mailboxes to place on hold. Use the search box to find user mailboxes and distribution groups (to place a hold on the mailboxes of group members) to place on hold. You can also place a hold on the associated mailbox for a Microsoft Team, Microsoft 365 group, and Yammer Group. For more information about the application data that is preserved when a mailbox is placed on hold, see [Content stored in mailboxes for eDiscovery](ediscovery-what-is-stored-in-a-mailbox.md). - 2. **SharePoint sites**: Set the toggle to **On** and then select **Choose sites** to specify SharePoint sites and OneDrive accounts to place on hold. Type the URL for each site that you want to place on hold. You can also add the URL for the SharePoint site for a Microsoft Team, Office 365 Group or a Yammer Group. + 2. **SharePoint sites**: Set the toggle to **On** and then select **Choose sites** to specify SharePoint sites and OneDrive accounts to place on hold. Type the URL for each site that you want to place on hold. You can also add the URL for the SharePoint site for a Microsoft Team, Microsoft 365 group or a Yammer Group. 3. **Exchange public folders**: Set the toggle to **On** to put all public folders in your Exchange Online organization on hold. You can't choose specific public folders to put on hold. Leave the toggle switch off if you don't want to put a hold on public folders. > [!IMPORTANT] > When adding Exchange mailboxes or SharePoint sites to a hold, you must explicitly add at least one content location to the hold. In other words, if you set the toggle to **On** for mailboxes or sites, you must select specific mailboxes or sites to add to the hold. Otherwise, the eDiscovery hold will be created but no mailboxes or sites will be added to the hold. -8. When you're done adding locations to the hold, select **Next**. +8. When finished adding locations to the hold, select **Next**. 9. To create a query-based hold using keywords or conditions, complete the following steps. To preserve all content in the specified content locations, select **Next**. To create an eDiscovery hold that's associated with a eDiscovery (Standard) case Keep the following things in mind when you place a query-based eDiscovery hold on documents located in SharePoint sites: - A query-based hold initially preserves all documents in a site for a short period of time after they're deleted. That means when a document is deleted, it will be moved to the Preservation Hold library even if it doesn't match the criteria of the query-based hold. However, deleted documents that don't match a query-based hold will be removed by a timer job that processes the Preservation Hold library. The timer job runs periodically and compares all documents in the Preservation Hold library to your query-based eDiscovery holds (and other types of holds and retention policies). The timer job deletes the documents that don't match a query-based hold and preserves the documents that do.- - Query-based holds shouldn't be used to perform targeted preservation, like preserving documents in a specific folder or site or by using other location-based hold criteria. Doing so may have unintended results. We recommend using non-location based hold criteria such as keywords, date ranges, or other document properties to preserve site documents. ## Search locations on eDiscovery hold Select the **Locations on hold** option to search all the content locations that Here are some other things to keep in mind when searching locations on eDiscovery hold: - If a content location is part of multiple holds within the same case, the hold queries are combined by **OR** operators when you search that content location using the all case content option. Similarly, if a content location is part of two different holds, where one is query-based and the other is an infinite hold (where all content is placed on hold), then all content is search because of the infinite hold.- - If a search is configured it to search locations on hold and then you change an eDiscovery hold in the case (by adding or removing a location or changing a hold query), the search configuration is updated with those changes. However, you have to rerun the search after the hold is changed to update the search results.- - If multiple eDiscovery holds are placed on a single location in an eDiscovery case and you select to search locations on hold, the maximum number of keywords for that search query is 500. That's because the search combines all the query-based holds by using the **OR** operator. If there are more than 500 keywords in the combined hold queries and the search query, then all content in the mailbox is searched, not just that content that matches the query-based case holds.- - If an eDiscovery hold has a status of **On (Pending)**, you can still search the locations on hold while the hold is being turned on. ## Preserve content in Microsoft Teams Every Team or team channel also contains a Wiki for note taking and collaboratio > [!NOTE] > The capability to preserve Wiki content for a Team or team channel (when you place the team's SharePoint site on hold) was released on June 22, 2017. If a team site is on hold, the Wiki content will be retained starting on that date. However, if a team site is on hold and the Wiki content was deleted before June 22, 2017, the Wiki content was not preserved. -### Office 365 Groups +### Microsoft 365 groups -Teams is built on Office 365 Groups. Therefore, placing Office 365 Groups on eDiscovery hold is similar placing Teams content on hold. +Teams is built on Microsoft 365 groups. Therefore, placing Microsoft 365 groups on eDiscovery hold is similar placing Teams content on hold. -Keep the following things in mind when placing both Teams and Office 365 Groups on an eDiscovery hold: +Keep the following things in mind when placing both Teams and Microsoft 365 groups on an eDiscovery hold: -- As previously explained, to place content located in Teams and Office 365 Groups on hold, you have to specify the mailbox and SharePoint site that associated with a group or team.+- As previously explained, to place content located in Teams and Microsoft 365 groups on hold, you have to specify the mailbox and SharePoint site that associated with a group or team. -- Run the **Get-UnifiedGroup** cmdlet in [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell) to view properties for Teams and Office 365 Groups. This is a good way to get the URL for the site that's associated with a Team or Office 365 Group. For example, the following command displays selected properties for an Office 365 Group named Senior Leadership Team:+- Run the **Get-UnifiedGroup** cmdlet in [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell) to view properties for Teams and Microsoft 365 groups. This is a good way to get the URL for the site that's associated with a Team or Microsoft 365 group. For example, the following command displays selected properties for a Microsoft 365 group named Senior Leadership Team: ```text Get-UnifiedGroup "Senior Leadership Team" | FL DisplayName,Alias,PrimarySmtpAddress,SharePointSiteUrl Keep the following things in mind when placing both Teams and Office 365 Groups > [!NOTE] > To run the **Get-UnifiedGroup** cmdlet, you have to be assigned the View-Only Recipients role in Exchange Online or be a member of a role group that's assigned the View-Only Recipients role. -- When a user's mailbox is searched, any Team or Office 365 Group that the user is a member of won't be searched. Similarly, when you place a Team or Office 365 Group on eDiscovery hold, only the group mailbox and group site are placed on hold. The mailboxes and OneDrive for Business sites of group members aren't placed on hold unless you explicitly add them to the eDiscovery hold. So if you have to place a Team or Office 365 Group on hold for a legal reason, consider adding the mailboxes and OneDrive accounts of team or group members on the same hold.+- When a user's mailbox is searched, any Team or Microsoft 365 group that the user is a member of won't be searched. Similarly, when you place a Team or Microsoft 365 group on eDiscovery hold, only the group mailbox and group site are placed on hold. The mailboxes and OneDrive for Business sites of group members aren't placed on hold unless you explicitly add them to the eDiscovery hold. So if you have to place a Team or Microsoft 365 group on hold for a legal reason, consider adding the mailboxes and OneDrive accounts of team or group members on the same hold. -- To get a list of the members of a Team or Office 365 Group, you can view the properties on the <a href="https://go.microsoft.com/fwlink/p/?linkid=2052855" target="_blank">**Groups**</a> page in the Microsoft 365 admin center. Alternatively, you can run the following command in Exchange Online PowerShell:+- To get a list of the members of a Team or Microsoft 365 group, you can view the properties on the <a href="https://go.microsoft.com/fwlink/p/?linkid=2052855" target="_blank">**Groups**</a> page in the Microsoft 365 admin center. Alternatively, you can run the following command in Exchange Online PowerShell: ```powershell Get-UnifiedGroupLinks <group or team name> -LinkType Members | FL DisplayName,PrimarySmtpAddress A delay hold is also applied to content locations on hold when you close a eDisc The following table lists the limits for eDiscovery cases and case holds. - | Description of limit | Limit | - |:--|:--| - |Maximum number of cases for an organization. <br/> |No limit <br/> | - |Maximum number of eDiscovery hold policies for an organization. This limit includes the combined total of hold policies in eDiscovery (Standard) and eDiscovery (Premium) cases. <br/> |10,000<sup>1</sup> <br/> | - |Maximum number of mailboxes in a single eDiscovery hold. This limit includes the combined total of user mailboxes, and the mailboxes associated with Microsoft 365 Groups, Microsoft Teams, and Yammer Groups. <br/> |1,000 <br/> | - |Maximum number of sites in a single eDiscovery hold. This limit includes the combined total of OneDrive for Business sites, SharePoint sites, and the sites associated with Microsoft 365 Groups, Microsoft Teams, and Yammer Groups. <br/> |100 <br/> | - |Maximum number of cases displayed on the eDiscovery home page, and the maximum number of items displayed on the Holds, Searches, and Export tabs within a case. |1,000<sup>1</sup>| -- > [!NOTE] - > <sup>1</sup> To view a list of more than 1,000 cases, holds, searches, or exports, you can use the corresponding Security & Compliance PowerShell cmdlet: - > - > - [Get-ComplianceCase](/powershell/module/exchange/get-compliancecase) - > - [Get-CaseHoldPolicy](/powershell/module/exchange/get-caseholdpolicy) - > - [Get-ComplianceSearch](/powershell/module/exchange/get-compliancesearch) - > - [Get-ComplianceSearchAction](/powershell/module/exchange/get-compliancesearchaction) +| Description of limit | Limit | +|:--|:--| +|Maximum number of cases for an organization. |No limit | +|Maximum number of eDiscovery hold policies for an organization. This limit includes the combined total of hold policies in eDiscovery (Standard) and eDiscovery (Premium) cases. |10,000<sup>1</sup> | +|Maximum number of mailboxes in a single eDiscovery hold. This limit includes the combined total of user mailboxes, and the mailboxes associated with Microsoft 365 groups, Microsoft Teams, and Yammer Groups. |1,000 | +|Maximum number of sites in a single eDiscovery hold. This limit includes the combined total of OneDrive for Business sites, SharePoint sites, and the sites associated with Microsoft 365 groups, Microsoft Teams, and Yammer Groups. <br/|100| +|Maximum number of cases displayed on the eDiscovery home page, and the maximum number of items displayed on the Holds, Searches, and Export tabs within a case. |1,000<sup>1</sup>| ++> [!NOTE] +> <sup>1</sup> To view a list of more than 1,000 cases, holds, searches, or exports, you can use the corresponding Security & Compliance PowerShell cmdlet: +> +> - [Get-ComplianceCase](/powershell/module/exchange/get-compliancecase) +> - [Get-CaseHoldPolicy](/powershell/module/exchange/get-caseholdpolicy) +> - [Get-ComplianceSearch](/powershell/module/exchange/get-compliancesearch) +> - [Get-ComplianceSearchAction](/powershell/module/exchange/get-compliancesearchaction) |
| compliance | Ediscovery Decryption | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ediscovery-decryption.md | -To run common eDiscovery tasks on encrypted content, eDiscovery managers were required to decrypt email message content as it was exported from content searches, Microsoft Purview eDiscovery (Standard) cases, and Microsoft Purview eDiscovery (Premium) cases. Content encrypted with Microsoft encryption technologies wasn't available for review until after it was exported. +To run common eDiscovery tasks on encrypted content, eDiscovery managers are required to decrypt email message content when exported from content searches, Microsoft Purview eDiscovery (Standard) cases, and Microsoft Purview eDiscovery (Premium) cases. Content encrypted with Microsoft encryption technologies wasn't available for review until after export. To make it easier to manage encrypted content in the eDiscovery workflow, Microsoft Purview eDiscovery tools now incorporate the decryption of encrypted files attached to email messages and sent in Exchange Online.<sup>1</sup> Additionally, encrypted documents stored in SharePoint Online and OneDrive for Business are decrypted in eDiscovery (Premium)<sup>2</sup>. Prior to this new capability, only the content of an email message protected by [!INCLUDE [purview-preview](../includes/purview-preview.md)] +## Requirements for decryption in eDiscovery ++You have to be assigned the *RMS Decrypt* role to preview, review, and export files encrypted with Microsoft encryption technologies. You also have to be assigned this role to review and query encrypted files that are added to a review set in eDiscovery (Premium). ++This role is assigned by default to the eDiscovery Manager role group on the **Permissions** page in the Microsoft Purview compliance portal. For more information about the RMS Decrypt role, see [Assign eDiscovery permissions](ediscovery-assign-permissions.md#rms-decrypt). + ## Supported encryption technologies For Exchange, Microsoft Purview eDiscovery tools support items encrypted with Microsoft encryption technologies. These technologies are Azure Rights Management (Azure RMS)<sup>3</sup> and Microsoft Purview Information Protection (specifically sensitivity labels). For more information about Microsoft encryption technologies, see [Encryption](encryption.md) and the various [email encryption](email-encryption.md#comparing-email-encryption-options-available-in-office-365) options available. Content encrypted by S/MIME or third-party encryption technologies isn't supported. For example, previewing or exporting content encrypted with non-Microsoft technologies isn't supported. For SharePoint, content labeled with SharePoint online service will be decrypted ## eDiscovery activities that support encrypted items -The following table identifies the supported tasks that can be performed in Microsoft 365 eDiscovery tools on encrypted files attached to email messages and encrypted documents in SharePoint and OneDrive. These supported tasks can be performed on encrypted files that match the criteria of a search. A value of `N/A` indicates the functionality isn't available in the corresponding eDiscovery tool. +The following table identifies the supported tasks that can be performed in Microsoft Purview eDiscovery tools on encrypted files attached to email messages and encrypted documents in SharePoint and OneDrive. These supported tasks can be performed on encrypted files that match the criteria of a search. A value of `N/A` indicates the functionality isn't available in the corresponding eDiscovery tool. |eDiscovery task |Content search |eDiscovery (Standard) |eDiscovery (Premium) | |:|:|:|:| Documents encrypted with the previous settings can still be returned by an eDisc > [!IMPORTANT] > Decryption isn't supported for files that are locally encrypted and then uploaded to SharePoint or OneDrive. For example, local files that are encrypted by the Azure Information Protection (AIP) client and then uploaded to Microsoft 365 aren't supported. Only files that are encrypted in the SharePoint or OneDrive service are supported for decryption. -## Requirements for decryption in eDiscovery --You have to be assigned the RMS Decrypt role to preview, review, and export files encrypted with Microsoft encryption technologies. You also have to be assigned this role to review and query encrypted files that are added to a review set in eDiscovery (Premium). --This role is assigned by default to the eDiscovery Manager role group on the **Permissions** page in the Microsoft Purview compliance portal. For more information about the RMS Decrypt role, see [Assign eDiscovery permissions](ediscovery-assign-permissions.md#rms-decrypt). +## Decrypting RMS-protected email messages and encrypted file attachments using Content search or eDiscovery (Standard) -### Decrypting RMS-protected email messages and encrypted file attachments using Content search or eDiscovery (Standard) +Any rights-protected (RMS-protected) email messages included in the results of a Content search will be decrypted when you export them. This decryption capability is enabled by default for members of the eDiscovery Manager role group. This is because the RMS Decrypt management role is assigned to this role group by default. -Any rights-protected (RMS-protected) email messages included in the results of a Content search will be decrypted when you export them. Additionally, any file that's encrypted with a [Microsoft encryption technology](encryption.md) and is attached to an email message that's included in the search results will be decrypted when it's exported. This decryption capability is enabled by default for members of the eDiscovery Manager role group. This is because the RMS Decrypt management role is assigned to this role group by default. Keep the following things in mind when exporting encrypted email messages and attachments: +Keep the following things in mind when exporting encrypted email messages and attachments: -- As previously explained, if you enable decryption of RMS-protected messages when you export them, you have to export the search results as individual messages. If you export search results to a PST file, RMS-protected messages will be exported as individual email messages.+- If you enable decryption of RMS-protected messages when you export them, you have to export the search results as individual messages to support decryption. +- Attachments encrypted separately from an email aren't decrypted. For example, if a user encrypts a Word document and then attaches to an email message that isn't encrypted, this attachment isn't decrypted. +- Attachments encrypted as part of the encryption of the associated email message are decrypted. For example, if a user creates an email message, attaches an unencrypted Word document, and then encrypts the message (including the attachment), this attachment is decrypted. - Messages that are decrypted are identified in the **ResultsLog** report. This report contains a column named **Decode Status**, and a value of **Decoded** identifies the messages that were decrypted. - In addition to decrypting file attachments when exporting search results, you can also preview the decrypted file when previewing search results. You can only view the rights-protected email message after you export it. - If you need to prevent someone from decrypting RMS-protect messages and encrypted file attachments, you have to create a custom role group (by copying the built-in eDiscovery Manager role group), and then remove the RMS Decrypt management role from the custom role group. Then add the person who you don't want to decrypt messages as a member of the custom role group. Any rights-protected (RMS-protected) email messages included in the results of a <sup>1</sup> Encrypted files located on a local computer and copied to an email message aren't decrypted and indexed for eDiscovery. For eDiscovery (Premium), encrypted email and attachments in recipient mailbox needs to be advanced indexed to be decrypted. For more information about advanced indexing, see [Advanced indexing of custodian data](ediscovery-indexing-custodian-data.md). -<sup>2</sup> Only items labeled in SharePoint (or uploaded to SharePoint after integration with sensitivity labels are enabled) and that have labels with admin-defined permissions and no expiration are decrypted. For more information, see [Enable sensitivity labels for Office files in SharePoint and OneDrive](/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files). +<sup>2</sup> Only items labeled in SharePoint (or uploaded to SharePoint after integration with sensitivity labels are enabled) and that have labels with admin-defined permissions and no expiration are decrypted. All other encrypted files in SharePoint aren't decrypted. For more information, see [Enable sensitivity labels for Office files in SharePoint and OneDrive](/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files). Other documents aren't decrypted, including: |
| compliance | Ediscovery Document Metadata Fields | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ediscovery-document-metadata-fields.md | search.appverid: # Document metadata fields in eDiscovery (Premium) -The following table lists the metadata fields for documents in a review set in a case in Microsoft Purview eDiscovery (Premium). The table provides the following information: +The following table lists the metadata fields for documents in a review set in a case in Microsoft Purview eDiscovery (Premium). ++The table provides the following information: - **Field name** and **Display field name:** The name of the metadata field and the name of the field that's displayed when viewing the file metadata of a selected document in a review set. Some metadata fields aren't included when viewing the file metadata of a document. These fields are highlighted with an asterisk (*). - **Searchable field name:** The name of the property that you can search for when running a [review set query](ediscovery-review-set-search.md). A blank cell means that you can't search for the field in a review set query. The following table lists the metadata fields for documents in a review set in a |Field name and Display field name|Searchable field name|Exported field name|Description| |||||-|Attachment Content Id|AttachmentContentId||Attachment content Id of the item.| +|Attachment Content ID|AttachmentContentId||Attachment content Id of the item.| |Attorney client privilege score|AttorneyClientPrivilegeScore||Attorney-client privilege model content score.| |Author|Author|Doc_authors|Author from the document metadata.| |BCC|Bcc|Email_bcc|Bcc field for message types. Format is **DisplayName \<SMTPAddress\>**.| The following table lists the metadata fields for documents in a review set in a |Content*|Content||Extracted text of the item.| |Conversation Body|ConversationBody||Conversation body of the item.| |Conversation ID|ConversationId|Conversation_ID|Conversation Id from the message. For Teams 1:1 and group chats, all transcript files and their family items within the same conversation share the same Conversation ID. For more information, see [eDiscovery (Premium) workflow for content in Microsoft Teams](teams-workflow-in-advanced-ediscovery.md).|-|Conversation Family ID|ConversationFamilyID|ConversationFamilyID|The Id that identifies individual elements of a conversation as well as the related items in the conversation.| +|Conversation Family ID|ConversationFamilyID|ConversationFamilyID|The Id that identifies individual elements of a conversation and the related items in the conversation.| |Conversation Index||Conversation_index|Conversation index from the message.| |Conversation Name||ConversationName|This field depends on content type.<br>**Teams 1:1 chat:** first 40 characters of first message.<br>**Teams 1:N chat:** Name of group chat; if not available, the first 40 characters of the first message.<br>**Teams Channel Post:** Post title or announcement subhead; if not available, the first 40 characters of the first message.| |Conversation Pdf Time|ConversationPdfTime||Date when the PDF version of the conversation was created.| The following table lists the metadata fields for documents in a review set in a |Document comments|DocComments|Doc_comments|Comments from the document metadata.| |Document company||Doc_company|Company from the document metadata.| |Document date created|CreatedTime|Doc_date_created|Create date from document metadata.|-|DocIndex*|||The index in the family. **-1** or **0** means it is the root.| +|DocIndex*|||The index in the family. **-1** or **0** means it's the root.| |Document keywords||Doc_keywords|Keywords from the document metadata.| |Document modified by||Doc_modified_by|The user who last modified the document from document metadata.| |Document revision|Doc_Version|Doc_Version|Revision from the document metadata.| The following table lists the metadata fields for documents in a review set in a |Ignored processing errors|ErrorIgnored|Error_Ignored|Error was ignored and not remediated.| |EmailInternetHeaders|EmailInternetHeaders|Email_internet_headers|The full set of email headers from the email message| |EmailLevel*||Email_level|Indicates a message's level within the email thread it belongs to; attachments inherit its parent message's value.|-|Email Message Id||Email_message_ID|Internet message Id from the message.| +|Email Message ID||Email_message_ID|Internet message Id from the message.| |EmailReadReceiptRequested||Email_read_receipt|Email address supplied in Internet Headers for read receipt.| |Email Security|EmailSecurity|Email_security|Security setting of the message: **0** - None; **1** - Signed; **2** - Encrypted; **3** - Encrypted and signed.| |Email Sensitivity|EmailSensitivity|email_sensitivity|Sensitivity setting of the message: **0** - None; **1** Personal; **2** - Private; **3** - CompanyConfidential.| The following table lists the metadata fields for documents in a review set in a |File system date created||File_system_date_created|Created date from file system (only applies to non-Office 365 data).| |File system date modified||File_system_date_modified|Modified date from file system (only applies to non-Office 365 data).| |File Type|FileType||File type of the item based on file extension.|-|Group Id|GroupId|Group_ID|Groups together all items for email and documents. For email, this includes the message and all attachments and extracted items. For documents, this includes the document and any embedded items.| +|Group ID|GroupId|Group_ID|Groups together all items for email and documents. For email, this includes the message and all attachments and extracted items. For documents, this includes the document and any embedded items.| |Has attachment|EmailHasAttachment|Email_has_attachment|Indicates whether or not the message has attachments.| |Has attorney|HasAttorney||**True** when at least one of the participants is found in the attorney list; otherwise, the value is **False**.| |HasText*||Has_text|Indicates whether or not the item has text; possible values are **True** and **False**.| |Immutable ID||Immutable_ID|This Id is used to uniquely identify a document within a review set. This field can't be used in a review set search and the Id can't be used to access a document in its native location.| |Inclusive type|InclusiveType|Inclusive_type|Inclusive type calculated for analytics: **0** - not inclusive; **1** - inclusive; **2** - inclusive minus; **3** - inclusive copy.|-|In Reply To Id||In_reply_to_ID|In reply to Id from the message.| +|In Reply To ID||In_reply_to_ID|In reply to Id from the message.| |InputFileExtension||Original_file_extension|The original file extension of the file.| |InputFileID||Input_file_ID|The file ID of the top level item in the review set. For an attachment, this ID will be the ID of the parent. This can be used to group families together.| |Is modern attachment|IsModernAttachment||This file is a modern attachment or linked file.| The following table lists the metadata fields for documents in a review set in a |Meeting End Date|MeetingEndDate|Meeting_end_date|Meeting end date for meetings.| |Meeting Start Date|MeetingStartDate|Meeting_start_date|Meeting start date for meetings.| |Message kind|MessageKind|Message_kind|The type of message to search for. Possible values: **<p>contacts <br>docs <br>email <br>externaldata <br>faxes <br>im <br>journals <br>meetings <br>microsoftteams** (returns items from chats, meetings, and calls in Microsoft Teams) **<br>notes <br>posts <br>rssfeeds <br>tasks <br>voicemail**|-|Modern Attachment Parent Id||ModernAttachment_ParentId|The Immutable Id of the document's parent.| +|Modern Attachment Parent ID||ModernAttachment_ParentId|The Immutable Id of the document's parent.| |Native Extension|NativeExtension|Native_extension|Native extension of the item.| |Native file name|NativeFileName|Native_file_name|Native file name of the item.| |NativeMD5||Native_MD5|MD5 hash (128-bit hash value) of the file stream.| The following table lists the metadata fields for documents in a review set in a ||||| > [!NOTE]-> For more information about searchable properties when searching Office 365 content locations when you're collecting data for an eDiscovery (Premium) case, see [Keyword queries and search conditions for Content Search](ediscovery-keyword-queries-and-search-conditions.md). +> For more information about searchable properties when searching Microsoft 365 content locations when you're collecting data for an eDiscovery (Premium) case, see [Keyword queries and search conditions for Content Search](ediscovery-keyword-queries-and-search-conditions.md). |
| compliance | Ediscovery Download Documents From Review Set | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ediscovery-download-documents-from-review-set.md | f1.keywords: Previously updated : 01/01/2023- Last updated : 02/22/2023 audience: Admin -Download offers a simple way to download content from a review set in native format. The download tool in eDiscovery (Premium) uses the browser's data transfer features. A browser prompt will appear when a download is ready. Files downloaded using this method are zipped in a container file and will contain item-level files. It means that if you select to download an attachment, you will receive the email message with the attachment included. Similarly, if you export an Excel spreadsheet that is embedded in a Word document, the Word document and the embedded Excel spreadsheet are included in the download. When you downloaded items, the Last Modified Data property is preserved and can be viewed as a file property. +Download offers a simple way to download content from a review set in native format. The download tool in eDiscovery (Premium) uses the browser's data transfer features. A browser prompt will appear when a download is ready. Files downloaded using this method are zipped in a container file and will contain item-level files. It means that if you select to download an attachment, you'll receive the email message with the attachment included. Similarly, if you export an Excel spreadsheet that is embedded in a Word document, the Word document and the embedded Excel spreadsheet are included in the download. When you downloaded items, the Last Modified Data property is preserved and can be viewed as a file property. To download content from a review set in an eDiscovery (Premium) case, start by selecting the files you want to download then select **Action items** > **Download**. |
| compliance | Ediscovery Graph Connector | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ediscovery-graph-connector.md | f1.keywords: Previously updated : 01/01/2023 Last updated : 02/22/2023 audience: Admin search.appverid: # Use Graph connectors with eDiscovery (Premium) -Microsoft 365 customers can perform eDiscovery searches on content ingested for enterprise search. This will help organizations improve their compliance posture to external content sources by bringing them within the purview of Microsoft compliance solutions. +Microsoft 365 customers can perform eDiscovery searches on content ingested for enterprise search. This support helps organizations improve their compliance posture to external content sources by bringing them within the purview of Microsoft compliance solutions. With Graph connectors, you can enable content from external data sources to be available to Microsoft Purview eDiscovery premium solution. Learn more about establishing Graph Connectors for your organization here: [Microsoft Graph connectors overview for Microsoft Search](/microsoftsearch/connectors-overview). With Graph connectors, you can enable content from external data sources to be a ## Add Graph Connector as a data source within a case -Once Graph Connectors are established for an organization and eDiscovery is enabled, the option to add the Graph Connector data source to the case will be available under non-Microsoft 365 locations. Only the connectors that have been established and enabled will be available to the eDiscovery manager for inclusion in a case. +Once you establish Graph Connectors and eDiscovery is enabled in your organization, the option to add the Graph Connector data source to the case will be available under non-Microsoft 365 locations. Only the established and enabled connectors are available to the eDiscovery manager for inclusion in a case. + ## Collect Graph Connectors content |
| compliance | Ediscovery Indexing Custodian Data | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ediscovery-indexing-custodian-data.md | f1.keywords: Previously updated : 01/01/2023 Last updated : 02/22/2023 audience: Admin search.appverid: # Advanced indexing of custodian data -When a custodian is added to an eDiscovery (Premium) case, any content that was deemed as partially indexed or had indexing errors is reindexed. This reindexing process is called *Advanced indexing*. There are many reasons that content is partially indexed or has indexing errors. This includes image files or the presence of images in a file, unsupported file types, or file sized indexing limits. For SharePoint files, Advanced indexing only runs on items are marked as partially indexed or that have indexing errors. In Exchange, email messages that have image attachments are not marked as partially indexed or with indexing errors. This means that those files will not be reindexed by the Advanced indexing process. +When a custodian is added to an eDiscovery (Premium) case, any content that was deemed as partially indexed or had indexing errors is reindexed. This reindexing process is called *Advanced indexing*. There are many reasons that content is partially indexed or has indexing errors. This includes image files or the presence of images in a file, unsupported file types, or file sized indexing limits. For SharePoint files, Advanced indexing only runs on items marked as partially indexed or items with indexing errors. In Exchange, email messages with image attachments aren't marked as partially indexed or with indexing errors. This means that those files won't be reindexed by the Advanced indexing process. To learn more about processing support and partially indexed items, see: |
| compliance | Ediscovery Keyword Queries And Search Conditions | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ediscovery-keyword-queries-and-search-conditions.md | -This article describes the email and document properties that you can search for in email items, Microsoft Teams chat conversations in Exchange Online, and documents stored on SharePoint and OneDrive for Business sites using the eDiscovery search tools in the Microsoft Purview compliance portal. +This article describes the properties available to help find content across email and chat in Exchange Online and documents and files stored on SharePoint and OneDrive for Business using the eDiscovery search tools in the Microsoft Purview compliance portal. -This includes Content search, Microsoft Purview eDiscovery (Standard), and Microsoft Purview eDiscovery (Premium) (eDiscovery searches in eDiscovery (Premium) are called *collections*). You can also use the **\*-ComplianceSearch** cmdlets in [Security & Compliance PowerShell](/powershell/exchange/scc-powershell) to search for these properties. +This includes Content search, Microsoft Purview eDiscovery (Standard), and Microsoft Purview eDiscovery (Premium) (eDiscovery searches in eDiscovery (Premium) are called *collections*). You can also use the **\*-ComplianceSearch** cmdlets in [Security & Compliance PowerShell](/powershell/exchange/scc-powershell) to search for these properties. This article also describes: - Using Boolean search operators, search conditions, and other search query techniques to refine your search results.-- Searching for sensitive data types and custom sensitive data types in SharePoint and OneDrive for Business.-- Searching for site content that's shared with users outside of your organization.+- Searching for communications of various types related to specific employees and projects during a specific time frame. +- Searching for site content that is related to a specific project, employees and/or subjects during a specific time period. For step-by-step instructions on how to create different eDiscovery searches, see: For step-by-step instructions on how to create different eDiscovery searches, se [!INCLUDE [purview-preview](../includes/purview-preview.md)] +## Search tips and tricks ++- The timezone for all searches is Coordinated Universal Time (UTC). Changing timezones for your organization isn't currently supported. +- Keyword searches aren't case-sensitive. For example, **cat** and **CAT** return the same results. +- The Boolean operators **AND**, **OR**, **NOT**, and **NEAR** must be uppercase. +- A space between two keywords or two `property:value` expressions is the same as using **AND**. For example, `from:"Sara Davis" subject:reorganization` returns all messages sent by Sara Davis that contain the word reorganization in the subject line. +- Use syntax that matches the `property:value` format. Values aren't case-sensitive, and they can't have a space after the operator. If there's a space, your intended value will be a full-text search. For example `to: pilarp` searches for "pilarp" as a keyword, rather than for messages sent to pilarp. +- When searching a recipient property, such as To, From, Cc, or Recipients, you can use an SMTP address, alias, or display name to denote a recipient. For example, you can use pilarp@contoso.com, pilarp, or "Pilar Pinilla". +- You can use only prefix searches; for example, **cat\*** or **set\***. Suffix searches (**\*cat**), infix searches (**c\*t**), and substring searches (**\*cat\***) aren't supported. +- When searching a property, use double quotation marks (" ") if the search value consists of multiple words. For example, `subject:budget Q1` returns messages that contain **budget** in the subject line and that contain **Q1** anywhere in the message or in any of the message properties. Using `subject:"budget Q1"` returns all messages that contain **budget Q1** anywhere in the subject line. +- To exclude content marked with a certain property value from your search results, place a minus sign (-) before the name of the property. For example, `-from:"Sara Davis"` excludes any messages sent by Sara Davis. +- You can export items based on message type. For example, to export Skype conversations and chats in Microsoft Teams, use the syntax `kind:im`. To return only email messages, you would use `kind:email`. To return chats, meetings, and calls in Microsoft Teams, use `kind:microsoftteams`. +- When searching sites, you have to add the trailing `/` to the end of the URL when using the `path` property to return only items in a specified site. If you don't include the trailing `/`, items from a site with a similar path name will also be returned. For example, if you use `path:sites/HelloWorld` then items from sites named `sites/HelloWorld_East` or `sites/HelloWorld_West` would also be returned. To return items only from the HelloWorld site, you have to use `path:sites/HelloWorld/`. +- The **Query language-country/region** must be defined in your search query prior to collecting content. +- When searching the **Sent** folders for emails, using the SMTP address for the sender isn't supported. Items in the **Sent** folder contain only display names. ++## Finding content in Exchange Online ++Admins are often charged with finding out who knew what when in the most efficient and effective way possible to respond to requests concerning ongoing or potential litigation, internal investigations and other scenarios. These requests are often urgent, involve multiple stakeholder teams, and have significant impact if not completed in a timely manner. Knowing how to find the right information is critical for admins to complete searches successfully and help their organizations to manage the risk and cost associated with eDiscovery requirements. ++When an eDiscovery request is submitted, often there's only partial information available for the admin to start to collect content that may be related to a particular investigation. The request may include employee names, project titles, rough date ranges when the project was active, and not much more. From this information, the admin needs to create queries to find relevant content across Microsoft 365 services to determine the information needed for a particular project or subject. Understanding how information is stored and managed for these services will help admins more efficiently find what they need quickly and in an effective manner. ++Email, chat, and meeting information are all stored in Exchange Online. Many communication properties are available for searching items included in Exchange Online. Some properties such as *From*, *Sent*, *Subject*, and *To* are unique to certain items and aren't relevant when searching for files or documents in SharePoint and OneDrive for Business. Including these types of properties when searching across workloads can sometimes lead to unexpected results. ++For example, to find content related to specific employees (*User 1* and *User 2*), associated with a project called *Tradewinds*, and during January 2020 through January 2022, you might use a query with the following properties: ++- Add User 1 and User 2's Exchange Online locations as data sources to the case +- Select User 1 and User 2's Exchange Online locations as collection locations +- For **Keyword**, use *Tradewinds* +- For **Date Range**, use the *January 1, 2020* to *January 31, 2022* range + ## Searchable email properties -The following table lists email message properties that can be searched by using the eDiscovery search tools in the compliance portal or by using the **New-ComplianceSearch** or the **Set-ComplianceSearch** cmdlet. The table includes an example of the _property:value_ syntax for each property and a description of the search results returned by the examples. You can enter these `property:value` pairs in the keywords box for an eDiscovery search. +The following table lists the email message properties that can be searched by using the eDiscovery search tools in the compliance portal or by using the **New-ComplianceSearch** or the **Set-ComplianceSearch** cmdlet. ++> [!IMPORTANT] +> While email messages may have other properties supported in other Microsoft 365 services, only the email properties listed in this table are supported in eDiscovery search tools. Attempting to include other email messages properties in searches isn't supported. ++The table includes an example of the _property:value_ syntax for each property and a description of the search results returned by the examples. You can enter these `property:value` pairs in the keywords box for an eDiscovery search. > [!NOTE] > When searching email properties, it's not possible to search for message headers. Header information is not indexed for collections. Additionally, items in which the specified property is empty or blank are not searchable. For example, using the *property:value* pair of **subject:""** to search for email messages with an empty subject line will return zero results. This also applies when searching site and contact properties. However, be aware that preventing recipient expansion in the search query may re > [!NOTE] > If you need to review or reduce the items returned by a search query due to recipient expansion, consider using eDiscovery (Premium). You can search for messages (taking advantage of recipient expansion), add them to a review set, and then use review set queries or filters to review or narrow the results. For more information, see [Collect data for a case](collecting-data-for-ediscovery.md) and [Query the data in a review set](ediscovery-review-set-search.md). +## Finding content in SharePoint and OneDrive ++When searching for documents and files located in SharePoint or OneDrive for Business, it may make sense to adjust the query approach based on the metadata for the documents and files of interest. Files and documents have relevant properties like *Author*, *Created*, *CreatedBy*, *FileName*, *LastModifiedTime*, and *Title*. Most of these proprieties aren't relevant when searching for communications content in Exchange Online, and using these properties may lead to unexpected results if used across both documents and communications. Additionally, *FileName* and *Title* of a document may not be the same and using one or the other to try to find a file with specific content may lead to different or inaccurate results. Keep these properties in mind when searching for specific document and file content in SharePoint and OneDrive for Business. ++For example, to find content related to documents created by User 1, for a project called *Tradewinds*, for specific files named *Financials*, and from January 2020 to January 2022, you might use a query with the following properties: ++- Add User 1's OneDrive for Business site as a data sources to the case +- Select User 1's OneDrive for Business site as a collection location +- Add additional SharePoint site locations related to the project as collection locations +- For **FileName**, use *Financials* +- For **Keyword**, use *Tradewinds* +- For **Date Range**, use the *January 1, 2020* to *January 31, 2022* range + ## Searchable site properties -The following table lists some of the SharePoint and OneDrive for Business properties that can be searched by using the eDiscovery search tools in the Microsoft Purview compliance portal or by using the **New-ComplianceSearch** or the **Set-ComplianceSearch** cmdlet. The table includes an example of the _property:value_ syntax for each property and a description of the search results returned by the examples. +The following table lists the SharePoint and OneDrive for Business properties that can be searched by using the eDiscovery search tools in the Microsoft Purview compliance portal or by using the **New-ComplianceSearch** or the **Set-ComplianceSearch** cmdlet. -For a complete list of SharePoint properties that can be searched, see [Overview of crawled and managed properties in SharePoint](/SharePoint/technical-reference/crawled-and-managed-properties-overview). Properties marked with a **Yes** in the **Queryable** column can be searched. +> [!IMPORTANT] +> While documents and files stored on SharePoint and OneDrive for Business may have other properties supported in other Microsoft 365 services, only the document and file properties listed in this table are supported in eDiscovery search tools. Attempting to include other document or file properties in searches isn't supported. ++The table includes an example of the _property:value_ syntax for each property and a description of the search results returned by the examples. |Property|Property description|Example|Search results returned by the examples| ||||| For a complete list of SharePoint properties that can be searched, see [Overview |Created|The date that an item is created.|`created>=2021-06-01`|All items created on or after June 1, 2021.| |CreatedBy|The person that created or uploaded an item. Be sure to use the user's display name for this property.|`createdby:"Garth Fort"`|All items created or uploaded by Garth Fort.| |DetectedLanguage|The language of an item.|`detectedlanguage:english`|All items in English.|-|DocumentLink|The path (URL) of a specific folder on a SharePoint or OneDrive for Business site. If you use this property, be sure to search the site that the specified folder is located in. <p> To return items located in subfolders of the folder that you specify for the documentlink property, you have to add /\* to the URL of the specified folder; for example, `documentlink: "https://contoso.sharepoint.com/Shared Documents/*"` <p> <br/>For more information about searching for the documentlink property and using a script to obtain the documentlink URLs for folders on a specific site, see [Use Content search for targeted collections](use-content-search-for-targeted-collections.md).|`documentlink:"https://contoso-my.sharepoint.com/personal/garthf_contoso_com/Documents/Private"` <p> `documentlink:"https://contoso-my.sharepoint.com/personal/garthf_contoso_com/Documents/Shared with Everyone/*" AND filename:confidential`|The first example returns all items in the specified OneDrive for Business folder. The second example returns documents in the specified site folder (and all subfolders) that contain the word "confidential" in the file name.| +|DocumentLink|The path (URL) of a specific folder on a SharePoint or OneDrive for Business site. If you use this property, be sure to search the site that the specified folder is located in. We recommend using this property instead of the *Site* and *Path* properties. <p> To return items located in subfolders of the folder that you specify for the documentlink property, you have to add /\* to the URL of the specified folder; for example, `documentlink: "https://contoso.sharepoint.com/Shared Documents/*"` <p> <br/>For more information about searching for the documentlink property and using a script to obtain the documentlink URLs for folders on a specific site, see [Use Content search for targeted collections](use-content-search-for-targeted-collections.md).|`documentlink:"https://contoso-my.sharepoint.com/personal/garthf_contoso_com/Documents/Private"` <p> `documentlink:"https://contoso-my.sharepoint.com/personal/garthf_contoso_com/Documents/Shared with Everyone/*" AND filename:confidential`|The first example returns all items in the specified OneDrive for Business folder. The second example returns documents in the specified site folder (and all subfolders) that contain the word "confidential" in the file name.| |FileExtension|The extension of a file; for example, docx, one, pptx, or xlsx.|`fileextension:xlsx`|All Excel files (Excel 2007 and later)| |FileName|The name of a file.|`filename:"marketing plan"` <p> `filename:estimate`|The first example returns files with the exact phrase "marketing plan" in the title. The second example returns files with the word "estimate" in the file name.| |LastModifiedTime|The date that an item was last changed.|`lastmodifiedtime>=2021-05-01` <p> `lastmodifiedtime>=2021-05-01 AND lastmodifiedtime<=2021-06-01`|The first example returns items that were changed on or after May 1, 2021. The second example returns items changed between May 1, 2021 and June 1, 2021.| |ModifiedBy|The person who last changed an item. Be sure to use the user's display name for this property.|`modifiedby:"Garth Fort"`|All items that were last changed by Garth Fort.|-|Path|The path (URL) of a specific site in a SharePoint or OneDrive for Business site. <p> To return items only from the specified site, you have to add the trailing `/` to the end of the URL; for example, `path: "https://contoso.sharepoint.com/sites/international/"` <p> To return items located in folders in the site that you specify in the path property, you have to add `/*` to the end of the URL; for example, `path: "https://contoso.sharepoint.com/Shared Documents/*"` <p> **Note:** Using the `Path` property to search OneDrive locations won't return media files, such as .png, .tiff, or .wav files, in the search results. Use a different site property in your search query to search for media files in OneDrive folders. <br/>|`path:"https://contoso-my.sharepoint.com/personal/garthf_contoso_com/"` <p> `path:"https://contoso-my.sharepoint.com/personal/garthf_contoso_com/*" AND filename:confidential`|The first example returns all items in the specified OneDrive for Business site. The second example returns documents in the specified site (and folders in the site) that contain the word "confidential" in the file name.| |SharedWithUsersOWSUser|Documents that have been shared with the specified user and displayed on the **Shared with me** page in the user's OneDrive for Business site. These are documents that have been explicitly shared with the specified user by other people in your organization. When you export documents that match a search query that uses the SharedWithUsersOWSUser property, the documents are exported from the original content location of the person who shared the document with the specified user. For more information, see [Searching for site content shared within your organization](#searching-for-site-content-shared-within-your-organization).|`sharedwithusersowsuser:garthf` <p> `sharedwithusersowsuser:"garthf@contoso.com"`|Both examples return all internal documents that have been explicitly shared with Garth Fort and that appear on the **Shared with me** page in Garth Fort's OneDrive for Business account.|-|Site|The URL of a site or group of sites in your organization.|`site:"https://contoso-my.sharepoint.com"` <p> `site:"https://contoso.sharepoint.com/sites/teams"`|The first example returns items from the OneDrive for Business sites for all users in the organization. The second example returns items from all team sites.| |Size|The size of an item, in bytes.|`size>=1` <p> `size:1..10000`|The first example returns items larger than 1 byte. The second example returns items from 1 through 10,000 bytes in size.| |Title|The title of the document. The Title property is metadata that's specified in Microsoft Office documents. It's different from the file name of the document.|` Title: "communication plan"`|Any document that contains the phrase "communication plan" in the Title metadata property of an Office document.| The following table lists the contact properties that are indexed and that you c |Surname|The name in the **Last** name property.| |Title|The title in the **Job title** property.| -<!--## Searchable sensitive data types --You can use eDiscovery search tools in the compliance portal to search for sensitive data, such as credit card numbers or social security numbers, that is stored in documents on SharePoint and OneDrive for Business sites. You can do this by using the `SensitiveType` property and the name (or ID) of a sensitive information type in a keyword query. For example, the query `SensitiveType:"Credit Card Number"` returns documents that contain a credit card number. The query `SensitiveType:"U.S. Social Security Number (SSN)"` returns documents that contain a U.S. social security number. --To see a list of the sensitive information types that you can search for, go to **Data classifications** \> **Sensitive info types** in the compliance portal. Or you can use the **Get-DlpSensitiveInformationType** cmdlet in Security & Compliance PowerShell to display a list of sensitive information types. --For more information about creating queries using the `SensitiveType` property, see [Form a query to find sensitive data stored on sites](form-a-query-to-find-sensitive-data-stored-on-sites.md). --<!--### Limitations for searching sensitive data types --- To search for custom sensitive information types, you have to specify the ID of the sensitive information type in the `SensitiveType` property. Using the name of a custom sensitive information type (as shown in the example for built-in sensitive information types in the previous section) will return no results. Use the **Publisher** column on the **Sensitive info types** page in the compliance center (or the **Publisher** property in PowerShell) to differentiate between built-in and custom sensitive information types. Built-in sensitive data types have a value of `Microsoft Corporation` for the **Publisher** property.-- To display the name and ID for the custom sensitive data types in your organization, run the following command in Security & Compliance PowerShell: -- ```powershell - Get-DlpSensitiveInformationType | Where-Object {$_.Publisher -ne "Microsoft Corporation"} | FT Name,Id - ``` -- Then you can use the ID in the `SensitiveType` search property to return documents that contain the custom sensitive data type; for example, `SensitiveType:7e13277e-6b04-3b68-94ed-1aeb9d47de37` --- You can't use sensitive information types and the `SensitiveType` search property to search for sensitive data at-rest in Exchange Online mailboxes. This includes 1:1 chat messages, 1:N group chat messages, and team channel conversations in Microsoft Teams because all of this content is stored in mailboxes. However, you can use data loss prevention (DLP) policies to protect sensitive email data in transit. For more information, see [Learn about data loss prevention](dlp-learn-about-dlp.md) and [Search for and find personal data](/compliance/regulatory/gdpr).-->- ## Search operators Boolean search operators, such as **AND**, **OR**, and **NOT**, help you define more-precise searches by including or excluding specific words in the search query. Other techniques, such as using property operators (such as `>=` or `..`), quotation marks, parentheses, and wildcards, help you refine a search query. The following table lists the operators that you can use to narrow or broaden search results. Boolean search operators, such as **AND**, **OR**, and **NOT**, help you define |+|keyword1 + keyword2 + keyword3|Returns items that contain *either* `keyword2` or `keyword3` *and* that also contain `keyword1`. Therefore, this example is equivalent to the query `(keyword2 OR keyword3) AND keyword1`. <p> The query `keyword1 + keyword2` (with a space after the **+** symbol) isn't the same as using the **AND** operator. This query would be equivalent to `"keyword1 + keyword2"` and return items with the exact phase `"keyword1 + keyword2"`.| |OR|keyword1 OR keyword2|Returns items that include one or more of the specified keywords or `property:value` expressions. <sup>2</sup>| |NOT|keyword1 NOT keyword2 <p> NOT from:"Ann Beebe" <p> NOT kind:im|Excludes items specified by a keyword or a `property:value` expression. In the second example excludes messages sent by Ann Beebe. The third example excludes any instant messaging conversations, such as Skype for Business conversations that are saved to the Conversation History mailbox folder. <sup>2</sup>|-|-|keyword1 -keyword2|The same as the **NOT** operator. So this query returns items that contain `keyword1` and would exclude items that contain `keyword2`.| |NEAR|keyword1 NEAR(n) keyword2|Returns items with words that are near each other, where n equals the number of words apart. For example, `best NEAR(5) worst` returns any item where the word "worst" is within five words of "best". If no number is specified, the default distance is eight words. <sup>2</sup>| |:|property:value|The colon (:) in the `property:value` syntax specifies that the value of the property being searched for contains the specified value. For example, `recipients:garthf@contoso.com` returns any message sent to garthf@contoso.com.|-|=|property=value|The same as the **:** operator.| +|=|property=value|The same as the `:` operator.| |\<|property\<value|Denotes that the property being searched is less than the specified value. <sup>1</sup>| |\>|property\>value|Denotes that the property being searched is greater than the specified value.<sup>1</sup>| |\<=|property\<=value|Denotes that the property being searched is less than or equal to a specific value.<sup>1</sup>| Create a condition using common properties when searching mailboxes and sites in ### Conditions for mail properties -Create a condition using mail properties when searching mailboxes or public folders. The following table lists the email properties that you can use for a condition. These properties are a subset of the email properties that were previously described. These descriptions are repeated for your convenience. +Create a condition using mail properties when searching mailboxes or public folders in Exchange Online. The following table lists the email properties that you can use for a condition. These properties are a subset of the email properties that were previously described. These descriptions are repeated for your convenience. |Condition|Description| ||| The following examples show the GUI-based version of a search query with conditi #### Example 1 -This example returns documents on SharePoint and OneDrive for Business sites that contain a credit card number and were last modified before January 1, 2021. --**GUI**: -- --**Search query syntax**: --`SensitiveType:"Credit Card Number"(c:c)(lastmodifiedtime<2021-01-01)` --**Search query logic**: --`SensitiveType:"Credit Card Number" AND (lastmodifiedtime<2021-01-01)` --Notice in the previous screenshot that the search UI reinforces that the keyword query and condition are connected by the **AND** operator. --#### Example 2 - This example returns email items or documents that contain the keyword "report", that were sent or created before April 1, 2021, and that contain the word "northwind" in the subject field of email messages or in the title property of documents. The query excludes Web pages that meet the other search criteria. **GUI**: This example returns email items or documents that contain the keyword "report", `report AND (date<2021-04-01) AND (subject Title: "northwind") NOT (filetype:aspx)` -#### Example 3 +#### Example 2 This example returns email messages or calendar meetings that were sent between December 1, 2019 and November 30, 2020 and that contain words that start with "phone" or "smartphone". For more information about character limits, see [eDiscovery search limits](edis > [!NOTE] > The 4,000 character limit applies to Content search, eDiscovery (Standard), and eDiscovery (Premium).--## Search tips and tricks --- Keyword searches aren't case-sensitive. For example, **cat** and **CAT** return the same results.-- The Boolean operators **AND**, **OR**, **NOT**, and **NEAR** must be uppercase.-- A space between two keywords or two `property:value` expressions is the same as using **AND**. For example, `from:"Sara Davis" subject:reorganization` returns all messages sent by Sara Davis that contain the word reorganization in the subject line.-- Use syntax that matches the `property:value` format. Values aren't case-sensitive, and they can't have a space after the operator. If there's a space, your intended value will be a full-text search. For example `to: pilarp` searches for "pilarp" as a keyword, rather than for messages that were sent to pilarp.-- When searching a recipient property, such as To, From, Cc, or Recipients, you can use an SMTP address, alias, or display name to denote a recipient. For example, you can use pilarp@contoso.com, pilarp, or "Pilar Pinilla".-- You can use only prefix searches; for example, **cat\*** or **set\***. Suffix searches (**\*cat**), infix searches (**c\*t**), and substring searches (**\*cat\***) aren't supported.-- When searching a property, use double quotation marks (" ") if the search value consists of multiple words. For example `subject:budget Q1` returns messages that contain **budget** in the subject line and that contain **Q1** anywhere in the message or in any of the message properties. Using `subject:"budget Q1"` returns all messages that contain **budget Q1** anywhere in the subject line.-- To exclude content marked with a certain property value from your search results, place a minus sign (-) before the name of the property. For example, `-from:"Sara Davis"` excludes any messages sent by Sara Davis.-- You can export items based on message type. For example, to export Skype conversations and chats in Microsoft Teams, use the syntax `kind:im`. To return only email messages, you would use `kind:email`. To return chats, meetings, and calls in Microsoft Teams, use `kind:microsoftteams`.-- As previously explained, when searching sites you have to add the trailing `/` to the end of the URL when using the `path` property to return only items in a specified site. If you don't include the trailing `/`, items from a site with a similar path name will also be returned. For example, if you use `path:sites/HelloWorld` then items from sites named `sites/HelloWorld_East` or `sites/HelloWorld_West` would also be returned. To return items only from the HelloWorld site, you have to use `path:sites/HelloWorld/`. |
| compliance | Ediscovery Kql Editor | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ediscovery-kql-editor.md | The editor also suggests a list of users (in UPN format) when you type email rec ### Detection of potential errors -The KQL editor detects potential errors in search queries, and provides a hint of what is causing the error to help you resolve the error. The editor also indicates a potential error when a property doesn't have a corresponding operation or value. Potential errors in the query are highlighted in red text, and explanations and possible fixes for the error are displayed in the **Potential errors** drop-down section. For example, if you pasted the following query into the KQL editor, four potential errors would be detected. +The KQL editor detects potential errors in search queries, and provides a hint of what is causing the error to help you resolve the error. The editor also indicates a potential error when a property doesn't have a corresponding operation or value. Potential errors in the query are highlighted in red text, and explanations and possible fixes for the error are displayed in the **Potential errors** drop-down section. ++> [!IMPORTANT] +> Nested quotation marks aren't supported in the KQL editor. ++For example, if you pasted the following query into the KQL editor, four potential errors would be detected.  |
| compliance | Ediscovery Load Non Office 365 Data Into A Review Set | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ediscovery-load-non-office-365-data-into-a-review-set.md | f1.keywords: Previously updated : 01/01/2023 Last updated : 02/22/2023 audience: Admin -Not all documents that you need to analyze in Microsoft Purview eDiscovery (Premium) are located in Microsoft 365. With the non-Microsoft 365 data import feature in eDiscovery (Premium), you can upload documents that aren't located in Microsoft 365 to a review set. This article shows you how to bring your non-Microsoft 365 documents into eDiscovery (Premium) for analysis. +Not all documents that you need to analyze in Microsoft Purview eDiscovery (Premium) are in Microsoft 365. With the non-Microsoft 365 data import feature in eDiscovery (Premium), you can upload documents that aren't in Microsoft 365 to a review set. This article shows you how to bring your non-Microsoft 365 documents into eDiscovery (Premium) for analysis. [!INCLUDE [purview-preview](../includes/purview-preview.md)] ## Requirements to upload non-Office 365 content -Using the upload non-Microsoft 365 feature described in this article requires that you have the following: +Using the upload non-Microsoft 365 feature described in this article requires that you've the following: -- All custodians that you want to associate non-Microsoft 365 content to must be assigned the appropriate license. For more information, see [Get started with eDiscovery (Premium)](ediscovery-premium-get-started.md#step-1-verify-and-assign-appropriate-licenses).+- All custodians that you want to associate non-Microsoft 365 content to must have the appropriate license. For more information, see [Get started with eDiscovery (Premium)](ediscovery-premium-get-started.md#step-1-verify-and-assign-appropriate-licenses). - An existing eDiscovery (Premium) case. - Custodians must be added to the case before you can upload and associate the non-Microsoft 365 data to them. - Non-Microsoft 365 data must be a file type that's supported by eDiscovery (Premium). For more information, see [Supported file types in eDiscovery (Premium)](ediscovery-supported-file-types.md). Using the upload non-Microsoft 365 feature described in this article requires th - An account that is assigned to the eDiscovery Manager role group (and added as eDiscovery Administrator). - The AzCopy v10 tool installed on a computer that has access to the non-Microsoft 365 content folder structure. To install AzCopy, see [Transfer data with the AzCopy v10 on Windows](/azure/storage/common/storage-use-azcopy-v10). Be sure to install AzCopy in the default location, which is **%ProgramFiles(x86)%\Microsoft SDKs\Azure\AzCopy**. You must use AzCopy v10. Other versions of AzCopy may not work when loading non-Microsoft 365 data in eDiscovery (Premium). - ## Upload non-Microsoft 365 content into eDiscovery (Premium) 1. As an eDiscovery Manager or eDiscovery Administrator, open eDiscovery (Premium), and go to the case that the non-Microsoft 365 data will be uploaded to. --2. Select **Review sets**, and then select the review set to upload the non-Microsoft 365 data to. If you don't have a review set, you can create one. - +2. Select **Review sets**, and then select the review set to upload the non-Microsoft 365 data to. If you don't have a review set, you can create one. 3. Open the review set by either selecting on it or selecting it and selecting **Open review set**.- 4. In the review set, select **Manage review set** (the down arrow just after the **Actions** option), and then select the **Non-Office 365 data** option.- 5. Select **Upload files** to start the data import wizard.  Using the upload non-Microsoft 365 feature described in this article requires th The first step in the wizard prepares a secure Microsoft-provided Azure Storage location to upload the files to. When the preparation is completed, the **Next: Upload files** button becomes active. - -5. Select **Next: Upload files**. -6. On the **Upload files** page, do the following: +6. Select **Next: Upload files**. +7. On the **Upload files** page, do the following:  Using the upload non-Microsoft 365 feature described in this article requires th b. Select **Copy to clipboard** to copy the command that is displayed in the box. -7. Start a Windows command prompt, paste the command that you copied in the previous step, and then press **Enter** to start the AzCopy command. After you start the command, the non-Microsoft 365 files will be uploaded to the Azure Storage location that was prepared in step 4. +8. Start a Windows command prompt, paste the command that you copied in the previous step, and then press **Enter** to start the AzCopy command. After you start the command, the non-Microsoft 365 files will be uploaded to the Azure Storage location that was prepared in step 4.  > [!NOTE] > As previously stated, you must use AzCopy v10 to successfully use the command that's provided on the **Upload files** page. If the supplied AzCopy command fails, please see [Troubleshoot AzCopy in eDiscovery (Premium)](ediscovery-troubleshooting-azcopy.md). -8. Go back to the Microsoft Purview compliance portal, and select **Next: Process files** in the wizard. This initiates processing, text extraction, and indexing of the non-Microsoft 365 files that were uploaded to the Azure Storage location. +9. Go back to the Microsoft Purview compliance portal, and select **Next: Process files** in the wizard. This initiates processing, text extraction, and indexing of the non-Microsoft 365 files that were uploaded to the Azure Storage location. -9. Track the progress of processing the files on the **Process files** page or on the **Jobs** tab by viewing a job named **Adding non-Microsoft 365 data to a review set**. After the job is finished, the new files will be available in the review set. +10. Track the progress of processing the files on the **Process files** page or on the **Jobs** tab by viewing a job named **Adding non-Microsoft 365 data to a review set**. After the job is finished, the new files will be available in the review set.  -10. After the processing is finished, you can close the wizard. +11. After the processing is finished, you can close the wizard. |
| compliance | Ediscovery Manage Hold Notifications | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ediscovery-manage-hold-notifications.md | f1.keywords: Previously updated : 01/01/2023 Last updated : 02/22/2023 audience: Admin search.appverid: # Manage hold notifications -After you have initiated your legal hold notification workflow, you can use the communications workflow in Microsoft Purview eDiscovery (Premium) to track the status of your communications. The Communications tab contains a list of all notifications within your eDiscovery (Premium) case. You can see details such as the number of custodians that have been assigned or have acknowledged the notice. +After you've initiated your legal hold notification workflow, you can use the communications workflow in Microsoft Purview eDiscovery (Premium) to track the status of your communications. The Communications tab contains a list of all notifications within your eDiscovery (Premium) case. You can see details such as the number of custodians that have been assigned or have acknowledged the notice. [!INCLUDE [purview-preview](../includes/purview-preview.md)] ## Monitor acknowledgments -After you select a communication from the **Communications** tab, you can view a list of custodians that have acknowledged a hold notice. --1. In the compliance center, go to **eDiscovery > eDiscovery (Premium)**. +After you select a communication from the **Communications** tab, you can view a list of custodians that have acknowledged a hold notice. +1. In the compliance portal, go to **eDiscovery > eDiscovery (Premium)**. 2. Select a case and then select the **Communications** tab.- 3. Select a communication to display the **Custodian communication** flyout page. A list of custodians associated with the selected communication is displayed on the communication flyout page. This page also displays insights and about how many acknowledgments were received and how many are outstanding. The page also shows which custodians have sent an acknowledgment that they received the hold notification. -## Re-send a hold notice +## Resend a hold notice -Occasionally, custodians lose track of email messages in their day-to-day work. Or for a long-running litigation case, a custodian may contact you or others and request that you re-send a notice. As you manage the communications workflow for legal hold notices, you may need to re-send a notice to bring it back to the "top of a user's mailbox". +Occasionally, custodians lose track of email messages in their day-to-day work. Or for a long-running litigation case, a custodian may contact you or others and request that you resend a notice. As you manage the communications workflow for legal hold notices, you may need to resend a notice to bring it back to the "top of a user's mailbox". -To re-send a hold notice to a custodian: +To resend a hold notice to a custodian: 1. In eDiscovery (Premium), select a case and then select the **Communications** tab.- 2. Select a communication to display the **Custodian communication** flyout page.- 3. Select **More > Re-send hold notice**.--4. On the **Re-send hold notice** flyout page, select the custodians that you what to re-send the notice and type an optional reason. -+4. On the **Re-send hold notice** flyout page, select the custodians that you what to resend the notice and type an optional reason. 5. Select **Re-send** to send the notice to the selected custodians. If a custodian hasn't acknowledged the hold notification, the reminder and escalation workflow is restarted. If a custodian has acknowledged the hold notice, the custodian will receive a copy of the original hold notice. > [!NOTE]-> You can only resend a legal hold notification to custodians that are assigned to the communication. +> You can only resend a legal hold notification to custodians that are assigned to the communication. ## Update preservation requirements -As the case progresses, custodians may be required to preserve additional or less data than was previously instructed. In eDiscovery terms, you need to re-issue the hold notice with updated content. +As the case progresses, custodians may be required to preserve additional or less data than was previously instructed. In eDiscovery terms, you need to reissue the hold notice with updated content. To update the contents of the initial hold notice: 1. In eDiscovery (Premium), select a case and then select the **Communications** tab.- 2. Select the hold notice that you want to update and select **Edit** on the **Custodian communication** flyout page.- 3. In the **Edit Communication** wizard, select **Define Portal Content** in the left pane of the wizard, and update the contents of the notice.- 4. Select **Save**. -The re-issuance notice will be sent to all the custodians assigned to the legal hold notification. In addition, if the Reminder or Escalation notice is enabled, then the workflows for those types of notices will restart. +The reissuance notice will be sent to all the custodians assigned to the legal hold notification. In addition, if the Reminder or Escalation notice is enabled, then the workflows for those types of notices will restart. ## Update legal hold notifications and settings |
| compliance | Ediscovery Manage Relevance Setup | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ediscovery-manage-relevance-setup.md | f1.keywords: Previously updated : 01/01/2023 Last updated : 02/22/2023 audience: Admin -> Microsoft Purview eDiscovery (Premium) requires an Office 365 E3 with the Advanced Compliance add-on or an E5 subscription for your organization. If you don't have that plan and want to try eDiscovery (Premium), you can [sign up for a trial of Office 365 Enterprise E5](https://go.microsoft.com/fwlink/p/?LinkID=698279). +> Microsoft Purview eDiscovery (Premium) requires an Office 365 E3 with the Advanced Compliance add-on or an E5 subscription for your organization. If you don't have that plan and want to try eDiscovery (Premium), you can [sign up for a trial of Office 365 Enterprise E5](https://go.microsoft.com/fwlink/p/?LinkID=698279). - eDiscovery (Premium) Relevance technology employs expert-guided software for scoring files by their relevance. eDiscovery (Premium) Relevance can be used for Early Case Assessment (ECA), culling, and file sample review. + eDiscovery (Premium) Relevance technology employs expert-guided software for scoring files by their relevance. eDiscovery (Premium) Relevance can be used for Early Case Assessment (ECA), culling, and file sample review. - eDiscovery (Premium) includes components for the Relevance training and tagging of files relevant to a case. eDiscovery (Premium) learns from the trained samples of Relevant and Not Relevant files to provide Relevance scores for each file, and generates analytical results that can be used during and after the file review process. + eDiscovery (Premium) includes components for the Relevance training and tagging of files relevant to a case. eDiscovery (Premium) learns from the trained samples of Relevant and Not Relevant files to provide Relevance scores for each file, and generates analytical results that can be used during and after the file review process. [!INCLUDE [purview-preview](../includes/purview-preview.md)] ## Guidelines for setting up Relevance training - In Advance eDiscovery, in the **Cases** window, select a case and select **Go to case**. Select **Relevance** \> **Relevance setup**. Follow these recommended guidelines to set up Relevance. + In Advance eDiscovery, in the **Cases** window, select a case and select **Go to case**. Select **Relevance** \> **Relevance setup**. Follow these recommended guidelines to set up Relevance. - **Tagging**: The effectiveness of the iterative Relevance training process is dependent on the ability of the expert to tag the file samples with precision and consistency.- - **Case issues**: - - For each issue, use the same expert throughout the entire Relevance training process. Simultaneous tagging of the same issue by multiple experts is not permitted. + - For each issue, use the same expert throughout the entire Relevance training process. Simultaneous tagging of the same issue by multiple experts isn't permitted. - Determine if each group of files is pertinent only to a specific issue.- - If an issue is defined too generally, eDiscovery (Premium) may yield too many files that are not relevant. If an issue is defined too narrowly, the Relevance training process may take more time. + - If an issue is defined too generally, eDiscovery (Premium) may yield too many files that aren't relevant. If an issue is defined too narrowly, the Relevance training process may take more time. - During each Relevance training cycle, eDiscovery (Premium) focuses on a single active issue and interim sample results are displayed accordingly.- - In a multiple-issue scenario, the Sampling mode enables the selection of issues to be included in processing. Issues defined as "off" are not handled until their Sampling mode is changed. An issue can be "idle" or "on" for only one expert. - - eDiscovery (Premium) can be used to generate candidate privilege files. Set up a separate issue for privilege. If possible, train and cull for relevance first, and then train for privilege on the culled set only (reload the culled set as a separate case). - - Batch calculation can be performed only when there are no open samples (when selecting Batch Calculation, there will be a list displayed of users with open samples). To "close" samples of other users (this should be performed only if these users are not tagging these samples), an Administrator can use the "Modify relevance" utility with the "All users sample" option. --- **Metadata**: eDiscovery (Premium) focuses on content. It does not consider metadata as part of the relevance criteria.+ - In a multiple-issue scenario, the Sampling mode enables the selection of issues to be included in processing. Issues defined as "off" aren't handled until their Sampling mode is changed. An issue can be "idle" or "on" for only one expert. + - eDiscovery (Premium) can be used to generate candidate privilege files. Set up a separate issue for privilege. If possible, train and cull for relevance first, and then train for privilege on the culled set only (reload the culled set as a separate case). + - Batch calculation can be performed only when there are no open samples (when selecting Batch Calculation, there will be a list displayed of users with open samples). To "close" samples of other users (this should be performed only if these users aren't tagging these samples), an Administrator can use the "Modify relevance" utility with the "All users sample" option. +- **Metadata**: eDiscovery (Premium) focuses on content. It doesn't consider metadata as part of the relevance criteria. - **Richness**: If the Richness for an issue is less than 3% after Assessment, consider seeding the Relevance training with known Relevant and Not Relevant files.--- **File size**: Large files (over 5,242,880 characters of extracted text) are ignored in Relevance. The files do not participate in the Relevance training process and do not receive a Relevance score after Batch Calculation. Files over 5 MB can be included in the Assessment set.+- **File size**: Large files (over 5,242,880 characters of extracted text) are ignored in Relevance. The files don't participate in the Relevance training process and don't receive a Relevance score after Batch Calculation. Files over 5 MB can be included in the Assessment set. ## Setting up case issues |
| compliance | Ediscovery Managing Holds | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ediscovery-managing-holds.md | f1.keywords: Previously updated : 01/01/2023 Last updated : 02/22/2023 audience: Admin -You can use a Microsoft Purview eDiscovery (Premium) case to create holds to preserve content that might be relevant to your case. Using the eDiscovery (Premium) hold capabilities, you can place holds on custodians and their data sources. Additionally, you can place a non-custodial hold on mailboxes and OneDrive for Business sites. You can also place a hold on the group mailbox, SharePoint site, and OneDrive for Business site for a Microsoft 365 Group. Similarly, you can place a hold on the mailbox and site that are associated with Microsoft Teams. When you place content locations on hold, content is held until you release the custodian, remove a specific data location, or delete the hold policy entirely. +You can use a Microsoft Purview eDiscovery (Premium) case to create holds to preserve content that might be relevant to your case. Using the eDiscovery (Premium) hold capabilities, you can place holds on custodians and their data sources. Additionally, you can place a non-custodial hold on mailboxes and OneDrive for Business sites. You can also place a hold on the group mailbox, SharePoint site, and OneDrive for Business site for a Microsoft 365 group. Similarly, you can place a hold on the mailbox and site that are associated with Microsoft Teams. When you place content locations on hold, content is held until you release the custodian, remove a specific data location, or delete the hold policy entirely. [!INCLUDE [purview-preview](../includes/purview-preview.md)] To create a non-custodial hold for an eDiscovery (Premium) case: 8. Choose the content locations that you want to place on hold. You can place mailboxes, sites, and public folders on hold. - 1. **Exchange email** - select **Choose users, groups, or teams** and then select **Choose users, groups, or teams** again to specify mailboxes to place on hold. Use the search box to find user mailboxes and distribution groups (to place a hold on the mailboxes of group members) to place on hold. You can also place a hold on the associated mailbox for a Microsoft 365 Group or a Microsoft Team. Select the user, group, team check box, select **Choose**, and then select **Done**. + 1. **Exchange email** - select **Choose users, groups, or teams** and then select **Choose users, groups, or teams** again to specify mailboxes to place on hold. Use the search box to find user mailboxes and distribution groups (to place a hold on the mailboxes of group members) to place on hold. You can also place a hold on the associated mailbox for a Microsoft 365 group or a Microsoft Team. Select the user, group, team check box, select **Choose**, and then select **Done**. > [!NOTE] > When you select **Choose users, groups, or teams** to specify mailboxes to place on hold, the mailbox picker that's displayed is empty. This is by design to enhance performance. To add people to this list, type a name (a minimum of 3 characters) in the search box. - 1. **SharePoint Sites** - select **Choose sites** and then select **Choose sites** again to specify SharePoint and OneDrive for Business sites to place on hold. Type the URL for each site that you want to place on hold. You can also add the URL for the SharePoint site for a Microsoft 365 Group or a Microsoft Team. Select **Choose**, and then select **Done**. + 1. **SharePoint Sites** - select **Choose sites** and then select **Choose sites** again to specify SharePoint and OneDrive for Business sites to place on hold. Type the URL for each site that you want to place on hold. You can also add the URL for the SharePoint site for a Microsoft 365 group or a Microsoft Team. Select **Choose**, and then select **Done**. > [!NOTE] > The URL for a user's OneDrive account includes their user principal name (UPN) (for example, `https://alpinehouse-my.sharepoint.com/personal/sarad_alpinehouse_onmicrosoft_com`). In the rare case that a person's UPN is changed, their OneDrive URL will also change to incorporate the new UPN. If a user's OneDrive account is part of a non-custodial hold and their UPN is changed, you need to update the hold and point to the new OneDrive URL. If the URL for the OneDrive site changes, previously placed holds on the site remain effective and content is preserved. For more information, see [How UPN changes affect the OneDrive URL](/onedrive/upn-changes). To create a non-custodial hold for an eDiscovery (Premium) case: > [!NOTE] > If the SMTP address of the user changes after you place the user's mailbox on hold, the mailbox will remain on hold. To use the new SMTP address to place hold, create a new hold. -## Place a hold on Microsoft Teams and Office 365 Groups +## Place a hold on Microsoft Teams and Microsoft 365 groups -Microsoft Teams is built on Office 365 Groups. Therefore, placing them on hold in eDiscovery (Premium) is similar. +Microsoft Teams is built on Microsoft 365 groups. Therefore, placing them on hold in eDiscovery (Premium) is similar. -- **How do I map an additional Microsoft 365 Groups or Microsoft Teams site to a custodian? And what about placing a non-Custodial hold on Microsoft 365 Groups and Microsoft Teams?** Microsoft Teams is built on Microsoft 365 Groups. Therefore, placing them on hold in an eDiscovery case is similar. Keep the following things in mind when placing Microsoft 365 Groups and Microsoft Teams on hold.+- **How do I map an additional Microsoft 365 groups or Microsoft Teams site to a custodian? And what about placing a non-Custodial hold on Microsoft 365 groups and Microsoft Teams?** Microsoft Teams is built on Microsoft 365 groups. Therefore, placing them on hold in an eDiscovery case is similar. Keep the following things in mind when placing Microsoft 365 groups and Microsoft Teams on hold. - - To place content located in Microsoft 365 Groups and Microsoft Teams on hold, you have to specify the mailbox and SharePoint site that associated with a group or team. + - To place content located in Microsoft 365 groups and Microsoft Teams on hold, you have to specify the mailbox and SharePoint site that associated with a group or team. - - Run the **Get-UnifiedGroup** cmdlet in Exchange Online to view properties for a Microsoft 365 Group or Microsoft Team. This is a good way to get the URL for the site that's associated with a Microsoft 365 Group or a Microsoft Team. For example, the following command displays selected properties for a Microsoft 365 Group named Senior Leadership Team: + - Run the **Get-UnifiedGroup** cmdlet in Exchange Online to view properties for a Microsoft 365 group or Microsoft Team. This is a good way to get the URL for the site that's associated with a Microsoft 365 group or a Microsoft Team. For example, the following command displays selected properties for a Microsoft 365 group named Senior Leadership Team: ```console Get-UnifiedGroup "Senior Leadership Team" | FL DisplayName,Alias,PrimarySmtpAddress,SharePointSiteUrl Microsoft Teams is built on Office 365 Groups. Therefore, placing them on hold i > [!NOTE] > To run the Get-UnifiedGroup cmdlet, you have to be assigned the View-Only Recipients role in Exchange Online or be a member of a role group that's assigned the View-Only Recipients role. - - When a user's mailbox is searched, any Microsoft 365 Group or Microsoft Team that the user is a member of won't be searched. Similarly, when you place a Microsoft 365 Group or Microsoft Team hold, only the group mailbox and group site are placed on hold; the mailboxes and OneDrive for Business sites of group members aren't placed on hold unless you explicitly add them as custodians or place their data sources hold. Therefore, if you need to place a Microsoft 365 Group or Microsoft Team on hold for a specific custodian, consider mapping the group site and group mailbox to the custodian (See Managing Custodians in eDiscovery (Premium)). If the Microsoft 365 Group or Microsoft Team isn't attributable to a single custodian, consider adding the source to a non-custodial hold. - - To get a list of the members of a Microsoft 365 Group or Microsoft Team, you can view the properties on the **Home** > [**Groups**](https://go.microsoft.com/fwlink/p/?linkid=2052855) page in the Microsoft 365 admin center. Alternatively, you can run the following command in Exchange Online PowerShell: + - When a user's mailbox is searched, any Microsoft 365 group or Microsoft Team that the user is a member of won't be searched. Similarly, when you place a Microsoft 365 group or Microsoft Team hold, only the group mailbox and group site are placed on hold; the mailboxes and OneDrive for Business sites of group members aren't placed on hold unless you explicitly add them as custodians or place their data sources hold. Therefore, if you need to place a Microsoft 365 group or Microsoft Team on hold for a specific custodian, consider mapping the group site and group mailbox to the custodian (See Managing Custodians in eDiscovery (Premium)). If the Microsoft 365 group or Microsoft Team isn't attributable to a single custodian, consider adding the source to a non-custodial hold. + - To get a list of the members of a Microsoft 365 group or Microsoft Team, you can view the properties on the **Home** > [**Groups**](https://go.microsoft.com/fwlink/p/?linkid=2052855) page in the Microsoft 365 admin center. Alternatively, you can run the following command in Exchange Online PowerShell: ```powershell Get-UnifiedGroupLinks <group or team name> -LinkType Members | FL DisplayName,PrimarySmtpAddress |
| compliance | Ediscovery Predictive Coding Reference | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ediscovery-predictive-coding-reference.md | f1.keywords: Previously updated : 01/01/2023 Last updated : 02/22/2023 audience: Admin This article describes the key concepts and metrics of the predictive coding too ## Confidence level -The confidence level is an advanced setting when you create a predictive coding model. It defines that the model's performance metrics (for example, richness, precision, and recall) fall within a specified range (that's determined the margin of error defined for the model) that's representative of the true values of the prediction scores the model assigns to items in the review set. The values for the confidence level and margin of error also help determine how many items are included in the control set. The default value for the confidence level is 0.95 or 95%. +The confidence level is an advanced setting when you create a predictive coding model. It defines that the model's performance metrics (for example, richness, precision, and recall) fall within a specified range (that's determined the margin of error defined for the model) that's representative of the true values of the prediction scores the model assigns to items in the review set. The values for the confidence level and margin of error also help determine how many items are included in the control set. The default value for the confidence level is 0.95% or 95%. ## Control set After you complete a training round, the model assigns a prediction score to the **** -|Label|Model predicts item is relevant|Model predicts item is not relevant| +|Label|Model predicts item is relevant|Model predicts item isn't relevant| |||| |**Reviewer labels item as relevant**|True positive|False positive| |**Reviewer labels item as not relevant**|False negative|True negative| The F-score is a weighted average of the scores for the precision and recall met ## Margin of error -The margin of error is an advanced setting when you create a predictive coding mode. It specifies the degree of error in performance metrics (for example, richness, precision, and recall) that's derived from the random sampling of items in your control set. A lower margin of error requires a larger control set to ensure that the model's performance metrics fall within a smaller range. The values for the margin of error and confidence level also help determine how many items are included in the control set. The default value for the margin of error is 0.05 or 5%. +The margin of error is an advanced setting when you create a predictive coding mode. It specifies the degree of error in performance metrics (for example, richness, precision, and recall) that's derived from the random sampling of items in your control set. A lower margin of error requires a larger control set to ensure that the model's performance metrics fall within a smaller range. The values for the margin of error and confidence level also help determine how many items are included in the control set. The default value for the margin of error is 0.05% or 5%. ## Model stability The overturn rate is the percentage of items in the review set where the predict ## Precision -The precision metric measures the proportion of items that are actually relevant among the items the model predicted were relevant. This means that items in the control set where label as relevant by the reviewer and predicted as relevant by the model. The range of scores for this metric is from **0** to **1**. A score closer to **1** indicates the model will identify fewer non-relevant items. The precision metric is displayed on the model dashboard and on the flyout page for each training round. +The precision metric measures the proportion of items that are relevant among the items the model predicted were relevant. This means that items in the control set where label as relevant by the reviewer and predicted as relevant by the model. The range of scores for this metric is from **0** to **1**. A score closer to **1** indicates the model will identify fewer non-relevant items. The precision metric is displayed on the model dashboard and on the flyout page for each training round. ## Prediction score This is the score that a model assigns to each document in a review set. The sco ## Recall -The recall metric measures the proportion of items the model predicted were relevant among items that are actually relevant. This means that items in the control set that the model predicted were relevant were also labeled as relevant by the reviewer. The range of scores for this metric is from **0** to **1**. A score closer to **1** indicates the model will identify a larger portion of relevant items. The recall metric is displayed on the model dashboard and on the flyout page for each training round. +The recall metric measures the proportion of items the model predicted were relevant among items that are relevant. This means that relevant items in the control set that the model predicted were also labeled as relevant by the reviewer. The range of scores for this metric is from **0** to **1**. A score closer to **1** indicates the model will identify a larger portion of relevant items. The recall metric is displayed on the model dashboard and on the flyout page for each training round. ## Review set -A review set provides the scope of a predictive coding model. When you create a new model for the review set, items for the control set and training sets are selected from the review set. When the model assigns prediction scores, it assigns those scores the items in the review. You have to add all items to the review set before you create a predictive coding model. If you add items after you create a model, those items will not be assigned a prediction score. +A review set provides the scope of a predictive coding model. When you create a new model for the review set, items for the control set and training sets are selected from the review set. When the model assigns prediction scores, it assigns those scores the items in the review. You have to add all items to the review set before you create a predictive coding model. If you add items after you create a model, those items won't be assigned a prediction score. ## Richness The richness metric measures the percentage of review set items the model predic ## Sampled items -The term *sampled items* is a reference to random sample of items in a review set (that contain text) that are selected and associated with the control set when you create a predictive coding model. A random sample of items is also selected for each training round. Items selected for the control set of a model are never included in a training set for that same model. The reverse is also true: training set items are never included in the control set. +The term *sampled items* is a reference to random sample of items in a review set (that contains text) that are selected and associated with the control set when you create a predictive coding model. A random sample of items is also selected for each training round. Items selected for the control set of a model are never included in a training set for that same model. The reverse is also true: training set items are never included in the control set. ## Training set |
| compliance | Ediscovery Preview Search Results | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ediscovery-preview-search-results.md | f1.keywords: Previously updated : 01/01/2023 Last updated : 02/22/2023 audience: Admin After you run a Content search or a search associated with a Microsoft Purview e To preview a sample of results returned by a search: 1. In the [Microsoft Purview compliance portal](https://compliance.microsoft.com), go to the **Content search** or an eDiscovery (Standard) case.- 2. Select search to display the flyout page.- 3. On the bottom of the flyout page, select **Review sample**.  To preview a sample of results returned by a search:  - In the previous screenshot, notice that keywords from the search query are highlighted when you preview items. + In the previous screenshot, the keywords from the search query are highlighted when you preview items. [!INCLUDE [purview-preview](../includes/purview-preview.md)] To preview a sample of results returned by a search: A maximum of 1,000 randomly selected items are available to preview. In addition to being randomly selected, items available for preview must also meet the following criteria: -- A maximum of 100 items from a single content location (a mailbox or a site) can be previewed. This means that it's possible that less than 1,000 items might be available for preview. For example, if you search four mailboxes and the search returns 1,500 estimated items, only 400 will be available for preview because only 100 items from each mailbox can be previewed.-- For mailbox items, only email messages are available to preview. Items like tasks, calendar items, and contacts can't be previewed.-- For site items, only documents are available to preview. Items like folders, lists, or list attachments can't be previewed.+- A maximum of 100 items from a single content location (a mailbox or a site) can be previewed. This maximum means that it's possible that less than 1,000 items might be available for preview. For example, if you search four mailboxes and the search returns 1,500 estimated items, only 400 are available for preview because only 100 items from each mailbox can be previewed. +- For mailbox items, only email messages are available to preview. Preview for items like tasks, calendar items, and contacts aren't available. +- For site items, only documents are available to preview. Preview for items like folders, lists, or list attachments aren't available. ## File types supported when previewing search results |
| compliance | Ediscovery Supported File Types | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ediscovery-supported-file-types.md | -Microsoft Purview eDiscovery (Premium) supports many file types at many different levels. The support files types are described in the following tables in this article. This list isn't finalized, and we will add new file types as we continue our validation testing. These tables indicate if a file type is supported for text extraction (and Optical Character Recognition or OCR text extraction for image files), viewable in the native viewer and also support in the Annotate viewer in eDiscovery (Premium). +Microsoft Purview eDiscovery (Premium) supports many file types at many different levels. The currently supported files types are described in the following tables in this article. These tables indicate if a file type is supported for text extraction (and Optical Character Recognition or OCR text extraction for image files), viewable in the native viewer, and also supported in the Annotate viewer in eDiscovery (Premium). ++> [!IMPORTANT] +> If a file type isn't listed in the following tables, it isn't currently supported in eDiscovery solutions. [!INCLUDE [purview-preview](../includes/purview-preview.md)] |
| compliance | Ediscovery Troubleshooting Azcopy | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ediscovery-troubleshooting-azcopy.md | f1.keywords: Previously updated : 01/01/2023 Last updated : 02/22/2023 audience: Admin -When loading non-Microsoft 365 data or documents for error remediation in Microsoft Purview eDiscovery (Premium), the user interface supplies an Azure AzCopy command that contains parameters with the location of where the files that you want to upload are stored and the Azure storage location that the files will be uploaded to. To upload your documents, you copy this command and then run it in a Command Prompt on your local computer. The follow screenshot shows an example of an AzCopy command: +When loading non-Microsoft 365 data or documents for error remediation in Microsoft Purview eDiscovery (Premium), the user interface supplies an Azure AzCopy command that contains parameters with the location of where the files that you want to upload are stored and the Azure storage location that the files will be uploaded to. To upload your documents, you copy this command and then run it in a Command Prompt on your local computer. The following screenshot shows an example of an AzCopy command:  -Usually the command that's provided works when you run it. However, there may be cases when the command that's displayed will not run successfully. Here's a few possible reasons. +Usually the command that's provided works when you run it. However, there may be cases when the command that's displayed won't run successfully. Here's a few possible reasons. [!INCLUDE [purview-preview](../includes/purview-preview.md)] If AzCopy isn't installed or it's installed in a location other than the default If AzCopy isn't installed on the local computer, you can find installation information in [Transfer data with the AzCopy v8.1 on Windows](/previous-versions/azure/storage/storage-use-azcopy). Be sure to install it in the default location. -If AzCopy is installed, but it's installed in a location different than the default location, you can copy the command, paste it to a text file, and then change the path to the location where AzCopy is installed. For example, if Azcopy is located in `%ProgramFiles%`, then you can change the first part of the command from `%ProgramFiles(x86)%\Microsoft SDKs\Azure\AzCopy.exe` to `%ProgramFiles%\Microsoft SDKs\Azure\AzCopy`. After you make this change, copy it from the text file and then run it a Command Prompt. +If AzCopy is installed, but it's installed in a location different than the default location, you can copy the command, paste it to a text file, and then change the path to the location where AzCopy is installed. For example, if Azcopy is located in `%ProgramFiles%`, then you can change the first part of the command from `%ProgramFiles(x86)%\Microsoft SDKs\Azure\AzCopy.exe` to `%ProgramFiles%\Microsoft SDKs\Azure\AzCopy`. After you make this change, copy it from the text file, and then run it a Command Prompt. > [!TIP] > If AzCopy is installed in a location other then the default install location, consider uninstalling it and then re-installing it in the default location. This will help prevent this issue in the future. |
| compliance | Ediscovery What Is Stored In A Mailbox | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ediscovery-what-is-stored-in-a-mailbox.md | Title: "Content stored in Exchange Online mailboxes for eDiscovery" -description: "Content produced by cloud-based apps in Microsoft 365 is stored or associated with a user's Exchange Online mailbox. This content can be searched using Microsoft eDiscovery tools." +description: "Content produced by cloud-based apps in Microsoft 365 is stored or associated with a user's Exchange Online mailbox. This content is searchable using Microsoft eDiscovery tools." f1.keywords: - NOCSH Previously updated : 01/01/2023 Last updated : 02/22/2023 audience: Admin The following table lists the apps that either stores or associates data with a |Tasks|Tasks in the Tasks app (which are the same tasks as the ones accessible in Outlook) are stored in a user's mailbox.| |Teams|Conversations that are part of a Teams channel are associated with the Teams mailbox. Conversations that are part of the Chat list in Teams (also called *1 x N chats*) are associated with the mailbox of the users who participate in the chat. Also, summary information for meetings and calls in a Teams channel are associated with mailboxes of users who dialed into the meeting or call. So when searching for Teams content, you would search the Teams mailbox for content in channel conversations and search user mailboxes for content in 1 x N chats.| |To-Do|Tasks (called *to-dos*, which are saved in to-do lists) in the To-Do app are stored in a user's mailbox.|-|Yammer|Conversations and comments within a Yammer community are associated with the Microsoft 365 Group mailbox, as well as the user mailbox of the author and any named recipients (@ mentioned or Cc'ed users). Private messages sent outside of a Yammer community are stored in the mailbox of the users who participate in the private message.| +|Yammer|Conversations and comments within a Yammer community are associated with the Microsoft 365 group mailbox, as well as the user mailbox of the author and any named recipients (@ mentioned or Cc'ed users). Private messages sent outside of a Yammer community are stored in the mailbox of the users who participate in the private message.| | > [!NOTE] |
| compliance | Insider Risk Management Browser Support | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/insider-risk-management-browser-support.md | User this option to configure the extension and requirements for your organizati For the Intune setup option, complete the following steps: -1. Sign-in to the [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com) using Administrator permissions. +1. Sign-in to the [Microsoft Intune admin center](https://endpoint.microsoft.com) using Administrator permissions. 2. Navigate to **Configuration Profiles**. 3. Select **Create Profile**. 4. Choose **Windows 10** as the platform. For the Intune setup option, complete the following steps: Get-Item -path "HKLM:\\SOFTWARE\\Microsoft\\Windows Defender\\Miscellaneous Configuration" | New-ItemProperty -Name DlpDisableBrowserCache -Value 0 -Force ``` -2. Sign-in to the [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com). +2. Sign-in to the [Microsoft Intune admin center](https://endpoint.microsoft.com). 3. Navigate to **Devices** \> **Scripts** and select **Add.** 4. Browse to the location of the script created when prompted. 5. Select the following settings: Get-Item -path "HKLM:\\SOFTWARE\\Microsoft\\Windows Defender\\Miscellaneous Conf Before adding the Microsoft DLP Chrome extension to the list of force installed extensions, you must install the Chrome Administrative Template (.admx) file for Intune management. For step-by-step guidance, see [Manage Chrome Browser with Microsoft Intune](https://support.google.com/chrome/a/answer/9102677?hl=en#zippy=%2Cstep-ingest-the-chrome-admx-file-into-intune). After installing the Administrative Template file, complete the following steps: -1. Sign-in to the [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com). +1. Sign-in to the [Microsoft Intune admin center](https://endpoint.microsoft.com). 2. Navigate to **Configuration Profiles**. 3. Select **Create Profile**. 4. Choose **Windows 10** as the *Platform*. |
| compliance | Insider Risk Management Forensic Evidence Configure | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/insider-risk-management-forensic-evidence-configure.md | To install the Microsoft Purview Client, complete the following steps: 2. Select **Download installer package (x64 version)** to download the installation package for Windows. 3. After downloading the installation package, use your preferred method to install the client on users' devices. These options may include manually installing the client on devices or tools to help automate the client installation: - - **Microsoft Endpoint Manager**: [Microsoft Endpoint Manager](/mem/endpoint-manager-overview) is an integrated solution for managing all of your devices. Microsoft brings together [Configuration Manager](/mem/configmgr/core/understand/introduction) and [Intune](/mem/intune/fundamentals/what-is-intune), without a complex migration, and with simplified licensing. + - **Microsoft Intune**: Microsoft Intune is an integrated solution for managing all of your devices. Microsoft brings together [Configuration Manager](/mem/configmgr/core/understand/introduction) and [Intune](/mem/intune/fundamentals/what-is-intune), without a complex migration, and with simplified licensing. - **Third-party device management solutions**: If your organization is using third-party device management solutions, see the documentation for these tools to install the client. |
| compliance | Sensitivity Labels Office Apps | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-office-apps.md | f1.keywords: Previously updated : 02/21/2023 Last updated : 02/22/2023 audience: Admin For more information about this capability, see the announcement [Apply sensitiv For end user documentation, see [Create protected PDFs from Office files](https://support.microsoft.com/topic/aba7e367-e482-49e7-b746-a385e48d01e4). +### Disabling PDF support ++If you need to disable the PDF support in Office apps for Word, Excel, and PowerPoint, you can do so by using an Office setting under **User Configuration/Administrative Templates/Microsoft Office 2016/Security Settings**: ++- **Use the Sensitivity feature in Office to apply sensitivity labels to PDFs** ++Set the value to **0**. ++Deploy this setting by using Group Policy, or by using the [Cloud Policy service for Microsoft 365](/DeployOffice/overview-office-cloud-policy-service). + ## Sensitivity bar -Supported in preview for built-in labeling in Windows, use the tables in [Minimum versions for sensitivity labels in Office apps](sensitivity-labels-versions.md) to identify which Office versions support this feature. +Supported in preview for built-in labeling, use the tables in [Minimum versions for sensitivity labels in Office apps](sensitivity-labels-versions.md) to identify which Office versions support this feature. -For the supported apps, sensitivity labels are now displayed in a sensitivity bar, next to the file name on the top window bar. For example: +When Word, Excel, and PowerPoint support this feature, sensitivity labels are displayed in a sensitivity bar next to the file name on the top window bar. For example:  +When Outlook supports this feature, the sensitivity bar is displayed on the **Subject** line of the email. For example: ++ + Information about the labels and the ability to select or change a label are also integrated into user workflows that includes save and rename, export, share, print, and [convert to PDF](#pdf-support). For more information and example screenshots, see the blog post announcement, [New sensitivity bar in Office for Windows](https://insider.office.com/blog/sensitivity-bar-in-office-for-windows). As part of this high visibility, these labels also support colors. For more information, see the next section. As part of this high visibility, these labels also support colors. For more info > [!IMPORTANT] > If your labeling apps don't support this capability, they don't display the configured label colors. > -> The Azure Information Protection unified labeling client supports label colors. For labeling built in to Office, label colors are currently supported in preview for Windows, but not yet for macOS, or Office for the web. For more information, see the tables in [Minimum versions for sensitivity labels in Office apps](sensitivity-labels-versions.md). +> The Azure Information Protection unified labeling client supports label colors. For labeling built in to Office apps, see the tables in [Minimum versions for sensitivity labels in Office apps](sensitivity-labels-versions.md). Newly created labels don't have a color by default. If your labels were [migrated from Azure Information Protection](/azure/information-protection/configure-policy-migrate-labels) or you configured label colors for the Azure Information Protection unified labeling client, these label colors are now displayed in apps that support them. |
| compliance | Whats New | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/whats-new.md | Whether it be adding new solutions to the [Microsoft Purview compliance portal]( - **In preview**: [Support for Azure Active Directory administrative units](get-started-with-sensitivity-labels.md#support-for-administrative-units). - **In preview**: Previously available in preview for Word, Excel, and PowerPoint, the [sensitivity bar](sensitivity-labels-office-apps.md#sensitivity-bar) with support for [label colors](sensitivity-labels-office-apps.md#label-colors) is now also in preview for Outlook on Windows. - **In preview**: Now supported for labeling built into Windows, macOS, iOS, and Android, auditing actions for sensitivity labels include encryption details such as a change in the encryption status and settings, and the Rights Management owner.+- New Office setting if you need to [disable the PDF support in Office apps for Word, Excel, and PowerPoint](sensitivity-labels-office-apps.md#disabling-pdf-support). ## January 2023 |
| enterprise | Enroll Ios And Android Devices In Your Microsoft Enterprise 365 Dev Test Environ | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/enroll-ios-and-android-devices-in-your-microsoft-enterprise-365-dev-test-environ.md | In Intune, there are a few ways to enroll your iOS/iPadOS and Android devices. Y If you're ready to use Intune for device management, and want some guidance, then the following information may help: - [Device management overview](/mem/intune/fundamentals/what-is-device-management)-- [Tutorial: Walkthrough Intune in Microsoft Endpoint Manager](/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager)+- [Tutorial: Walkthrough the Microsoft Intune admin center](/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) - [Deployment guide: Setup or move to Microsoft Intune](/mem/intune/fundamentals/deployment-guide-intune-setup) ## Phase 3: Manage your iOS and Android devices remotely |
| enterprise | Mam Policies For Your Microsoft 365 Enterprise Dev Test Environment | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/mam-policies-for-your-microsoft-365-enterprise-dev-test-environment.md | If you want to configure MAM policies in a simulated enterprise, follow the inst ## Phase 2: Create a device compliance policy for Windows 10 devices -In this phase, you create a device compliance policy for Windows 10 devices. This phase uses Microsoft Intune and the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) to add a group, and create a compliance policy. +In this phase, you create a device compliance policy for Windows 10 devices. This phase uses Microsoft Intune and the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) to add a group, and create a compliance policy. -1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com), sign in to your Microsoft 365 test lab subscription with your global administrator account, and select the <a href="https://go.microsoft.com/fwlink/?linkid=2109431" target="_blank">Endpoint Manager admin center</a>. +1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com), sign in to your Microsoft 365 test lab subscription with your global administrator account, and select the <a href="https://go.microsoft.com/fwlink/?linkid=2109431" target="_blank">Intune admin center</a>. If a message similar to **You haven't enabled device management yet** message is shown, then select Intune as the MDM authority. For the specific steps, see [Set the mobile device management authority](/mem/intune/fundamentals/mdm-authority-set). - The Endpoint Manager admin center focuses on device management and app management. For a tour of this admin center, see [Tutorial: Walkthrough Intune in Microsoft Endpoint Manager](/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager). + The Intune admin center focuses on device management and app management. For a tour of this admin center, see [Tutorial: Walkthrough the Microsoft Intune admin center](/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager). 2. In **Groups**, add a new **Microsoft 365** or **Security** group named **Managed Windows 10 device users**, with an **Assigned** membership type. In the next steps, you'll assign your compliance policy to this group. |
| frontline | Flw Devices | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/flw-devices.md | Title: Manage devices for frontline workers--++ Intune is recommended for BYOD scenarios because it provides the best support an ### Enroll Android and iOS personal devices -In addition to your company-owned devices, you can [enroll](/mem/intune/enrollment/device-enrollment) users' personally owned devices into management in Intune. For BYOD enrollment, you add device users in the Microsoft Endpoint Manager admin center, configure their enrollment experience, and set up Intune policies. Users complete enrollment themselves in the Intune Company Portal app that's installed on their device. +In addition to your company-owned devices, you can [enroll](/mem/intune/enrollment/device-enrollment) users' personally owned devices into management in Intune. For BYOD enrollment, you add device users in the Microsoft Intune admin center, configure their enrollment experience, and set up Intune policies. Users complete enrollment themselves in the Intune Company Portal app that's installed on their device. In some cases, users may be reluctant to enroll their personal devices into management. If device enrollment isn't an option, you can choose a mobile application management (MAM) approach and use [app protection policies](/mem/intune/apps/app-protection-policies) to manage apps that contain corporate data. For example, you can apply app protection policies to Teams and Office mobile apps to prevent company data from being copied to personal apps on the device. Shared device mode is an improvement to the app data clear functionality for And Shared device mode also allows a device to be enrolled into Azure AD once for all users so that you can easily create profiles that secure app and data usage on the shared device. This allows you to support conditional access without having to re-enroll the device every time a new user authenticates into the device. -You use a mobile device management (MDM) solution like Microsoft Intune in Microsoft Endpoint Manager to prepare a device to be shared by installing the [Microsoft Authenticator app](https://support.microsoft.com/account-billing/how-to-use-the-microsoft-authenticator-app-9783c865-0308-42fb-a519-8cf666fe0acc) and turning on shared mode. Teams and all other apps that support shared device mode use the shared mode setting to manage users on the device. The MDM solution you use should also perform a device cleanup when sign out occurs. +You use a mobile device management (MDM) solution like Microsoft Intune or Microsoft Configuration Manager to prepare a device to be shared by installing the [Microsoft Authenticator app](https://support.microsoft.com/account-billing/how-to-use-the-microsoft-authenticator-app-9783c865-0308-42fb-a519-8cf666fe0acc) and turning on shared mode. Teams and all other apps that support shared device mode use the shared mode setting to manage users on the device. The MDM solution you use should also perform a device cleanup when sign out occurs. > [!NOTE] > Shared device mode isnΓÇÖt a full data loss prevention solution. Shared device mode should be used in conjunction with Microsoft Application Manager (MAM) policies to ensure that data doesnΓÇÖt leak to areas of the device that arenΓÇÖt leveraging shared device mode (e.g., local file storage). |
| frontline | Flw Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/flw-overview.md | Equip your employees with industry-specific devices tailored for their needs, or |--|| |[Manage mobile devices for frontline workers](flw-devices.md) |Enterprise, F1, F3 | |[Manage devices with Intune](/microsoft-365/solutions/manage-devices-with-intune-overview) |Enterprise, F1, F3 |-|[Microsoft Endpoint Manager overview](/mem/endpoint-manager-overview) |Enterprise, F1, F3 | +|[Microsoft Intune family of products](/mem/endpoint-manager-overview) |Enterprise, F1, F3 | |[Device partner integrations with Intune](/mem/intune/protect/device-compliance-partners) |Enterprise, F1, F3 | ## Adoption principles to help envision and implement business scenarios |
| frontline | Flw Setup Microsoft 365 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/flw-setup-microsoft-365.md | Registering devices in Azure AD creates a unique identity that can be used to se ### Shared device enrollment with Intune -**Android:** Automatically enroll Android devices into shared device mode with [Microsoft Endpoint Manager](/mem/intune/fundamentals/whats-new#intune-support-for-provisioning-azure-active-directory-shared-devices). [Learn more about enrolling shared devices in Intune](https://techcommunity.microsoft.com/t5/intune-customer-success/enroll-android-enterprise-dedicated-devices-into-azure-ad-shared/ba-p/1820093). +**Android:** Automatically enroll Android devices into shared device mode with [Microsoft Intune](/mem/intune/enrollment/android-kiosk-enroll). [Learn more about enrolling shared devices in Intune](https://techcommunity.microsoft.com/t5/intune-customer-success/enroll-android-enterprise-dedicated-devices-into-azure-ad-shared/ba-p/1820093). **iOS:** Not currently available. |
| includes | Microsoft 365 Content Updates | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/microsoft-365-content-updates.md | <!-- This file is generated automatically each week. Changes made to this file will be overwritten.-->--- -## Week of February 13, 2023 ---| Published On |Topic title | Change | -|||--| -| 2/14/2023 | [Microsoft 365 admin center - Overview](/microsoft-365/admin/admin-overview/admin-center-overview?view=o365-worldwide) | modified | -| 2/14/2023 | [Operationalize attack surface reduction (ASR) rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-operationalize?view=o365-worldwide) | modified | -| 2/14/2023 | [Limit guest sharing to specific organizations](/microsoft-365/solutions/limit-guest-sharing-to-specific-organization?view=o365-worldwide) | modified | -| 2/13/2023 | [Virtual Appointments with Teams - Integration into Oracle Health EHR](/microsoft-365/frontline/ehr-admin-oracle-health?view=o365-worldwide) | renamed | -| 2/13/2023 | [Learn about retention policies & labels to retain or delete](/microsoft-365/compliance/retention?view=o365-worldwide) | modified | -| 2/14/2023 | [Manage protected devices with Microsoft 365 Business Premium](/microsoft-365/business/manage-protected-devices?view=o365-worldwide) | modified | -| 2/14/2023 | [All credentials entity definition](/microsoft-365/compliance/sit-defn-all-creds?view=o365-worldwide) | modified | -| 2/16/2023 | [Security defaults and Conditional Access](/microsoft-365/business-premium/m365bp-conditional-access?view=o365-worldwide) | modified | -| 2/16/2023 | [Introduction to information management policies](/microsoft-365/compliance/intro-to-info-mgmt-policies?view=o365-worldwide) | modified | -| 2/16/2023 | [Compare security features in Microsoft 365 plans for small and medium-sized businesses](/microsoft-365/security/defender-business/compare-mdb-m365-plans?view=o365-worldwide) | modified | -| 2/16/2023 | [Get Microsoft Defender for Business](/microsoft-365/security/defender-business/get-defender-business?view=o365-worldwide) | modified | -| 2/16/2023 | [Add users and assign licenses in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-add-users?view=o365-worldwide) | modified | -| 2/16/2023 | [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) | modified | -| 2/16/2023 | [Understand next-generation protection configuration settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-next-gen-configuration-settings?view=o365-worldwide) | modified | -| 2/16/2023 | [Requirements for Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-requirements?view=o365-worldwide) | modified | -| 2/16/2023 | [Set up and configure Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-setup-configuration?view=o365-worldwide) | modified | -| 2/16/2023 | [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-worldwide) | modified | -| 2/16/2023 | [Common Zero Trust identity and device access policies - Microsoft 365 for enterprise](/microsoft-365/security/office-365-security/identity-access-policies?view=o365-worldwide) | modified | -| 2/15/2023 | [Connect your DNS records at IONOS by 1&1 to Microsoft 365](/microsoft-365/admin/dns/create-dns-records-at-1-1-internet?view=o365-worldwide) | modified | -| 2/15/2023 | [Manage self-service purchases and trials (for admins)](/microsoft-365/commerce/subscriptions/manage-self-service-purchases-admins?view=o365-worldwide) | modified | -| 2/16/2023 | [Comment and collaborate using annotations in Microsoft Syntex](/microsoft-365/syntex/annotations) | added | -| 2/16/2023 | [Export documents from a review set in eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-export-documents-from-review-set?view=o365-worldwide) | modified | -| 2/16/2023 | [Integrate your SIEM tools with Microsoft 365 Defender](/microsoft-365/security/defender/configure-siem-defender?view=o365-worldwide) | modified | -| 2/16/2023 | [Microsoft Syntex documentation # < 60 chars](/microsoft-365/syntex/index) | modified | -| 2/16/2023 | [Onboard devices to Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-onboard-devices?view=o365-worldwide) | modified | -| 2/16/2023 | [Cross-tenant mailbox migration](/microsoft-365/enterprise/cross-tenant-mailbox-migration?view=o365-worldwide) | modified | -| 2/16/2023 | [What's new in Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-whatsnew?view=o365-worldwide) | modified | -| 2/16/2023 | [Overview of Microsoft Syntex](/microsoft-365/syntex/syntex-overview) | modified | -| 2/16/2023 | [Bookings with me](/microsoft-365/bookings/bookings-in-outlook?view=o365-worldwide) | modified | -| 2/17/2023 | [Learn about data loss prevention](/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide) | modified | -| 2/17/2023 | [Configure the delivery of third-party phishing simulations to users and unfiltered messages to SecOps mailboxes](/microsoft-365/security/office-365-security/skip-filtering-phishing-simulations-sec-ops-mailboxes?view=o365-worldwide) | modified | -| 2/17/2023 | [Use network protection to help prevent Linux connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection-linux?view=o365-worldwide) | modified | ---## Week of February 06, 2023 ---| Published On |Topic title | Change | -|||--| -| 2/6/2023 | [Help dynamically mitigate risks with Adaptive Protection (preview)](/microsoft-365/compliance/insider-risk-management-adaptive-protection?view=o365-worldwide) | added | -| 2/6/2023 | [Automatically apply a sensitivity label in Microsoft 365](/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide) | modified | -| 2/6/2023 | [Create and publish sensitivity labels](/microsoft-365/compliance/create-sensitivity-labels?view=o365-worldwide) | modified | -| 2/6/2023 | [Create and deploy a data loss prevention policy](/microsoft-365/compliance/dlp-create-deploy-policy?view=o365-worldwide) | modified | -| 2/6/2023 | [Learn about data loss prevention](/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide) | modified | -| 2/6/2023 | [Data Loss Prevention policy reference](/microsoft-365/compliance/dlp-policy-reference?view=o365-worldwide) | modified | -| 2/6/2023 | [Using Endpoint DLP](/microsoft-365/compliance/endpoint-dlp-using?view=o365-worldwide) | modified | -| 2/6/2023 | [Get started with sensitivity labels](/microsoft-365/compliance/get-started-with-sensitivity-labels?view=o365-worldwide) | modified | -| 2/6/2023 | [Get started with insider risk management](/microsoft-365/compliance/insider-risk-management-configure?view=o365-worldwide) | modified | -| 2/6/2023 | [Permissions in the Microsoft Purview compliance portal](/microsoft-365/compliance/microsoft-365-compliance-center-permissions?view=o365-worldwide) | modified | -| 2/6/2023 | [Learn about Adaptive Protection in data loss prevention](/microsoft-365/compliance/dlp-adaptive-protection-learn?view=o365-worldwide) | added | -| 2/6/2023 | [Limit guest sharing to specific organizations](/microsoft-365/solutions/limit-guest-sharing-to-specific-organization?view=o365-worldwide) | modified | -| 2/6/2023 | [Limit sharing in Microsoft 365](/microsoft-365/solutions/microsoft-365-limit-sharing?view=o365-worldwide) | modified | -| 2/6/2023 | [Automatically apply a retention label to Microsoft 365 items](/microsoft-365/compliance/apply-retention-labels-automatically?view=o365-worldwide) | modified | -| 2/6/2023 | [What's new in Microsoft Purview risk and compliance solutions](/microsoft-365/compliance/whats-new?view=o365-worldwide) | modified | -| 2/7/2023 | [Automatic ServiceNow Incident Creation](/microsoft-365/admin/manage/servicenow-incidents?view=o365-worldwide) | added | -| 2/7/2023 | [Email authentication in Microsoft 365](/microsoft-365/security/office-365-security/email-authentication-about?view=o365-worldwide) | modified | -| 2/7/2023 | [Use a prebuilt model to extract information from invoices in Microsoft Syntex](/microsoft-365/syntex/prebuilt-model-invoice?view=o365-worldwide) | modified | -| 2/7/2023 | [Get started with communication compliance](/microsoft-365/compliance/communication-compliance-configure?view=o365-worldwide) | modified | -| 2/7/2023 | [Plan for communication compliance](/microsoft-365/compliance/communication-compliance-plan?view=o365-worldwide) | modified | -| 2/7/2023 | [Create and manage communication compliance policies](/microsoft-365/compliance/communication-compliance-policies?view=o365-worldwide) | modified | -| 2/7/2023 | [Learn about communication compliance](/microsoft-365/compliance/communication-compliance?view=o365-worldwide) | modified | -| 2/7/2023 | [Review data with the insider risk management content explorer](/microsoft-365/compliance/insider-risk-management-content-explorer?view=o365-worldwide) | modified | -| 2/7/2023 | [Attack surface reduction in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-asr?view=o365-worldwide) | modified | -| 2/7/2023 | [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) | modified | -| 2/7/2023 | [Configure authentication for Microsoft 365 support integration with ServiceNow](/microsoft-365/admin/manage/servicenow-authentication?view=o365-worldwide) | modified | -| 2/7/2023 | [Azure Active Directory setup guides](/microsoft-365/admin/misc/azure-ad-setup-guides?view=o365-worldwide) | modified | -| 2/7/2023 | [Compare Microsoft endpoint security plans](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2?view=o365-worldwide) | modified | -| 2/8/2023 | [Audit log activities](/microsoft-365/compliance/audit-log-activities?view=o365-worldwide) | modified | -| 2/8/2023 | [Introduction to information management policies](/microsoft-365/compliance/intro-to-info-mgmt-policies?view=o365-worldwide) | modified | -| 2/8/2023 | [Microsoft Teams Virtual Appointments Call Quality Dashboard](/microsoft-365/frontline/virtual-appointments-call-quality?view=o365-worldwide) | modified | -| 2/8/2023 | [Run the client analyzer on macOS or Linux](/microsoft-365/security/defender-endpoint/run-analyzer-macos-linux?view=o365-worldwide) | modified | -| 2/8/2023 | [Report spam, non-spam, phishing, suspicious emails and files to Microsoft](/microsoft-365/security/office-365-security/submissions-report-messages-files-to-microsoft?view=o365-worldwide) | modified | -| 2/8/2023 | [User reported message settings](/microsoft-365/security/office-365-security/submissions-user-reported-messages-files-custom-mailbox?view=o365-worldwide) | modified | -| 2/8/2023 | [Deploy a task automatically in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-deploy-task-automatically?view=o365-worldwide) | modified | -| 2/8/2023 | [Set up GDAP for your customers](/microsoft-365/lighthouse/m365-lighthouse-setup-gdap?view=o365-worldwide) | modified | -| 2/8/2023 | [Turn on cloud protection in Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus?view=o365-worldwide) | modified | -| 2/9/2023 | [Learn about sensitivity labels](/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide) | modified | -| 2/9/2023 | [Limit guest sharing to specific organizations](/microsoft-365/solutions/limit-guest-sharing-to-specific-organization?view=o365-worldwide) | modified | -| 2/10/2023 | [Set preferences for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-preferences?view=o365-worldwide) | modified | -| 2/10/2023 | [Anti-spam protection](/microsoft-365/security/office-365-security/anti-spam-protection-about?view=o365-worldwide) | modified | -| 2/9/2023 | [Turn pronouns on or off for your organization in the Microsoft 365 admin center](/microsoft-365/admin/add-users/turn-pronouns-on-or-off?view=o365-worldwide) | added | -| 2/9/2023 | [Search for and delete chat messages in Teams](/microsoft-365/compliance/ediscovery-search-and-delete-teams-chat-messages?view=o365-worldwide) | modified | -| 2/10/2023 | [Configure Microsoft Defender for Endpoint on Android risk signals using App Protection Policies (MAM)](/microsoft-365/security/defender-endpoint/android-configure-mam?view=o365-worldwide) | modified | -| 2/10/2023 | [Network device discovery and vulnerability management](/microsoft-365/security/defender-endpoint/network-devices?view=o365-worldwide) | modified | -| 2/10/2023 | [How to schedule an antivirus scan using Anacron in Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/schedule-antivirus-scan-in-mde?view=o365-worldwide) | modified | -| 2/10/2023 | [Performance analyzer for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/tune-performance-defender-antivirus?view=o365-worldwide) | modified | -| 2/10/2023 | [Authenticated scan for Windows in Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/windows-authenticated-scan?view=o365-worldwide) | modified | -| 2/10/2023 | [Application Guard for Office for admins](/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide) | modified | -| 2/10/2023 | [Microsoft recommendations for EOP and Defender for Office 365 security settings](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-worldwide) | modified | -| 2/10/2023 | [Set up Safe Links policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/safe-links-policies-configure?view=o365-worldwide) | modified | -| 2/10/2023 | [Test and deploy Microsoft 365 Apps by partners in the Integrated apps portal](/microsoft-365/admin/manage/test-and-deploy-microsoft-365-apps?view=o365-worldwide) | modified | -| 2/10/2023 | [Create EDM SIT sample file for the new experience](/microsoft-365/compliance/sit-create-edm-sit-unified-ux-sample-file?view=o365-worldwide) | modified | -| 2/10/2023 | [Get started with exact data match based sensitive information types](/microsoft-365/compliance/sit-get-started-exact-data-match-based-sits-overview?view=o365-worldwide) | modified | -| 2/10/2023 | [Export source data for exact data match based sensitive information type](/microsoft-365/compliance/sit-get-started-exact-data-match-export-data?view=o365-worldwide) | modified | -| 2/10/2023 | [Configure anti-malware policies](/microsoft-365/security/office-365-security/anti-malware-policies-configure?view=o365-worldwide) | modified | ---## Week of January 30, 2023 ---| Published On |Topic title | Change | -|||--| -| 2/1/2023 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide) | modified | -| 1/30/2023 | [Create and deploy a data loss prevention policy](/microsoft-365/compliance/dlp-create-deploy-policy?view=o365-worldwide) | added | -| 1/30/2023 | [Learn about data loss prevention](/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide) | modified | -| 1/30/2023 | [Plan for data loss prevention](/microsoft-365/compliance/dlp-overview-plan-for-dlp?view=o365-worldwide) | modified | -| 1/30/2023 | [Design a Data loss prevention policy](/microsoft-365/compliance/dlp-policy-design?view=o365-worldwide) | modified | -| 1/30/2023 | [Data Loss Prevention policy reference](/microsoft-365/compliance/dlp-policy-reference?view=o365-worldwide) | modified | -| 2/1/2023 | [Map Microsoft 365 Defender role-based access control (RBAC) permissions](/microsoft-365/security/defender/compare-rbac-roles?view=o365-worldwide) | modified | -| 1/31/2023 | [Configure endpoint DLP settings](/microsoft-365/compliance/dlp-configure-endpoint-settings?view=o365-worldwide) | modified | -| 1/31/2023 | [Canada drivers license number entity definition](/microsoft-365/compliance/sit-defn-canada-drivers-license-number?view=o365-worldwide) | modified | -| 1/31/2023 | [Use network protection to help prevent macOS connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection-macos?view=o365-worldwide) | modified | -| 1/31/2023 | Create a DLP policy from a template | removed | -| 1/31/2023 | Create, test, and tune a DLP policy | removed | -| 1/31/2023 | [Get started with Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-getting-started?view=o365-worldwide) | modified | -| 1/31/2023 | [Using Endpoint DLP](/microsoft-365/compliance/endpoint-dlp-using?view=o365-worldwide) | modified | -| 1/31/2023 | [Training campaigns in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-training-campaigns?view=o365-worldwide) | added | -| 1/31/2023 | [Training modules for Training campaigns in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-training-modules?view=o365-worldwide) | added | -| 1/31/2023 | [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) | modified | -| 1/31/2023 | [Deploy Microsoft Defender for Endpoint on Android with Microsoft Endpoint Manager](/microsoft-365/security/defender-endpoint/android-intune?view=o365-worldwide) | modified | -| 1/31/2023 | [Microsoft Defender for Endpoint Device Control Removable Storage frequently asked questions](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control-faq?view=o365-worldwide) | modified | -| 1/31/2023 | [Protect your organization's data with device control](/microsoft-365/security/defender-endpoint/device-control-report?view=o365-worldwide) | modified | -| 1/31/2023 | [Deploy Microsoft Defender for Endpoint on iOS with Microsoft Endpoint Manager](/microsoft-365/security/defender-endpoint/ios-install?view=o365-worldwide) | modified | -| 1/31/2023 | [Troubleshoot performance issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-perf?view=o365-worldwide) | modified | -| 1/31/2023 | [Deploy Microsoft Defender for Endpoint on macOS with Microsoft Endpoint Manager](/microsoft-365/security/defender-endpoint/mac-install-with-intune?view=o365-worldwide) | modified | -| 1/31/2023 | [Set up and configure Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/mde-p1-setup-configuration?view=o365-worldwide) | modified | -| 1/31/2023 | [Onboard devices and configure Microsoft Defender for Endpoint capabilities](/microsoft-365/security/defender-endpoint/onboard-configure?view=o365-worldwide) | modified | -| 1/31/2023 | [Onboard to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/onboarding?view=o365-worldwide) | modified | -| 1/31/2023 | [Migrate to Microsoft Defender for Endpoint - Onboard](/microsoft-365/security/defender-endpoint/switch-to-mde-phase-3?view=o365-worldwide) | modified | -| 1/31/2023 | Troubleshoot AuditD performance issues with Microsoft Defender for Endpoint on Linux | removed | -| 2/1/2023 | [Use the Virtual Appointments app in Microsoft Teams](/microsoft-365/frontline/virtual-appointments-app?view=o365-worldwide) | added | -| 2/1/2023 | [Configure endpoint DLP settings](/microsoft-365/compliance/dlp-configure-endpoint-settings?view=o365-worldwide) | modified | -| 2/1/2023 | [Use sensitivity labels to protect calendar items, Teams meetings, and chat](/microsoft-365/compliance/sensitivity-labels-meetings?view=o365-worldwide) | modified | -| 2/1/2023 | [Launch your portal using the Portal launch scheduler](/microsoft-365/enterprise/portallaunchscheduler?view=o365-worldwide) | modified | -| 2/1/2023 | [Microsoft Teams Advanced Virtual Appointments activity report](/microsoft-365/frontline/advanced-virtual-appointments-activity-report?view=o365-worldwide) | modified | -| 2/1/2023 | Virtual Appointments with Microsoft Teams and the Bookings app | removed | -| 2/1/2023 | [Manage the join experience for Teams Virtual Appointments on browsers](/microsoft-365/frontline/browser-join?view=o365-worldwide) | modified | -| 2/1/2023 | [Microsoft 365 for retail organizations](/microsoft-365/frontline/teams-for-retail-landing-page?view=o365-worldwide) | modified | -| 2/1/2023 | [Microsoft Teams Virtual Appointments usage report](/microsoft-365/frontline/virtual-appointments-usage-report?view=o365-worldwide) | modified | -| 2/1/2023 | [Virtual Appointments with Microsoft Teams](/microsoft-365/frontline/virtual-appointments?view=o365-worldwide) | modified | -| 2/1/2023 | [Use network protection to help prevent macOS connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection-macos?view=o365-worldwide) | modified | -| 2/1/2023 | [Training campaigns in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-training-campaigns?view=o365-worldwide) | modified | -| 2/1/2023 | [Create and manage communication compliance policies](/microsoft-365/compliance/communication-compliance-policies?view=o365-worldwide) | modified | -| 2/1/2023 | [Deploy updates for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-updates?view=o365-worldwide) | modified | -| 2/1/2023 | [Investigate users in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-users?view=o365-worldwide) | modified | -| 2/1/2023 | [Application Guard for Office for admins](/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide) | modified | -| 2/1/2023 | [Create a more secure guest sharing environment](/microsoft-365/solutions/create-secure-guest-sharing-environment?view=o365-worldwide) | modified | -| 2/1/2023 | [Get all scan agents](/microsoft-365/security/defender-endpoint/get-all-scan-agents?view=o365-worldwide) | modified | -| 2/1/2023 | [Get scan definitions](/microsoft-365/security/defender-endpoint/get-all-scan-definitions?view=o365-worldwide) | modified | -| 2/1/2023 | [Authenticated scan for Windows in Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/windows-authenticated-scan?view=o365-worldwide) | modified | -| 2/1/2023 | [Deploy and manage using group policy](/microsoft-365/security/defender-endpoint/deploy-and-manage-using-group-policy?view=o365-worldwide) | modified | -| 2/1/2023 | [Run the client analyzer on macOS or Linux](/microsoft-365/security/defender-endpoint/run-analyzer-macos-linux?view=o365-worldwide) | modified | -| 2/1/2023 | [Create and manage inactive mailboxes](/microsoft-365/compliance/create-and-manage-inactive-mailboxes?view=o365-worldwide) | modified | -| 2/1/2023 | [Use a script to create an eDiscovery holds report](/microsoft-365/compliance/ediscovery-create-a-report-on-holds-in-cases?view=o365-worldwide) | modified | -| 2/1/2023 | [Add more SharePoint storage to your subscription](/microsoft-365/commerce/add-storage-space?view=o365-worldwide) | modified | -| 2/1/2023 | [Minimum versions for sensitivity labels in Microsoft 365 Apps](/microsoft-365/compliance/sensitivity-labels-versions?view=o365-worldwide) | added | -| 2/1/2023 | [Understand the Defender Experts for Hunting report in Microsoft 365 Defender](/microsoft-365/security/defender/defender-experts-report?view=o365-worldwide) | modified | -| 2/1/2023 | [Use the eDiscovery Export Tool in Microsoft Edge](/microsoft-365/compliance/ediscovery-configure-edge-to-export-search-results?view=o365-worldwide) | modified | -| 2/1/2023 | [Deploy and manage using group policy](/microsoft-365/security/defender-endpoint/deploy-and-manage-using-group-policy?view=o365-worldwide) | added | -| 2/1/2023 | [Deploy and manage using Intune](/microsoft-365/security/defender-endpoint/deploy-and-manage-using-intune?view=o365-worldwide) | added | -| 2/1/2023 | [Printer Protection frequently asked questions](/microsoft-365/security/defender-endpoint/printer-protection-frequently-asked-questions?view=o365-worldwide) | added | -| 2/1/2023 | [Printer Protection Overview](/microsoft-365/security/defender-endpoint/printer-protection-overview?view=o365-worldwide) | added | -| 2/1/2023 | [Switch to Microsoft Defender for Endpoint - Setup](/microsoft-365/security/defender-endpoint/switch-to-mde-phase-2?view=o365-worldwide) | modified | -| 2/1/2023 | [What's new in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint?view=o365-worldwide) | modified | -| 2/1/2023 | [Bookings with me](/microsoft-365/bookings/bookings-in-outlook?view=o365-worldwide) | modified | -| 2/1/2023 | [Learn about Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-worldwide) | modified | -| 2/1/2023 | [Reduce the attack surface for Microsoft Teams](/microsoft-365/security/office-365-security/step-by-step-guides/reducing-attack-surface-in-microsoft-teams?view=o365-worldwide) | modified | -| 2/1/2023 | [What happens to my data and access when my subscription ends?](/microsoft-365/commerce/subscriptions/what-if-my-subscription-expires?view=o365-worldwide) | modified | -| 2/1/2023 | [Enable attack surface reduction rules](/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-worldwide) | modified | -| 2/1/2023 | [What's new in Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-whatsnew?view=o365-worldwide) | modified | -| 2/1/2023 | [Performance analyzer for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/tune-performance-defender-antivirus?view=o365-worldwide) | modified | -| 2/1/2023 | [What's new in Microsoft Defender for Endpoint on Windows](/microsoft-365/security/defender-endpoint/windows-whatsnew?view=o365-worldwide) | modified | -| 2/1/2023 | [Exposure score in Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/tvm-exposure-score?view=o365-worldwide) | modified | -| 2/1/2023 | [Security recommendations](/microsoft-365/security/defender-vulnerability-management/tvm-security-recommendation?view=o365-worldwide) | modified | -| 2/1/2023 | [Upgrade distribution lists to Microsoft 365 Groups in Exchange Online](/microsoft-365/admin/manage/upgrade-distribution-lists?view=o365-worldwide) | modified | -| 2/1/2023 | [Create and manage insider risk management policies](/microsoft-365/compliance/insider-risk-management-policies?view=o365-worldwide) | modified | -| 2/1/2023 | [Deploy Microsoft Defender for Endpoint on Linux manually](/microsoft-365/security/defender-endpoint/linux-install-manually?view=o365-worldwide) | modified | -| 2/1/2023 | [Canada social insurance number entity definition](/microsoft-365/compliance/sit-defn-canada-social-insurance-number?view=o365-worldwide) | modified | -| 2/1/2023 | [Attack surface reduction in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-asr?view=o365-worldwide) | added | -| 2/1/2023 | [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) | modified | -| 2/1/2023 | [Microsoft Defender for Business troubleshooting](/microsoft-365/security/defender-business/mdb-troubleshooting?view=o365-worldwide) | modified | -| 2/1/2023 | [Microsoft Defender for Endpoint (MDE) attack surface reduction (ASR) rules deployment overview](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment?view=o365-worldwide) | modified | -| 2/1/2023 | [Frequently asked questions on tamper protection](/microsoft-365/security/defender-endpoint/faqs-tamper-protection?view=o365-worldwide) | modified | -| 2/1/2023 | [Understand next-generation protection configuration settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-next-gen-configuration-settings?view=o365-worldwide) | modified | -| 2/1/2023 | [Get scan history by definition](/microsoft-365/security/defender-endpoint/get-scan-history-by-definition?view=o365-worldwide) | modified | -| 2/1/2023 | [Get scan history by session](/microsoft-365/security/defender-endpoint/get-scan-history-by-session?view=o365-worldwide) | modified | -| 2/1/2023 | [Troubleshoot Microsoft Teams EHR connector setup and configuration](/microsoft-365/frontline/ehr-connector-troubleshoot-setup-configuration?view=o365-worldwide) | added | -| 2/1/2023 | [Migrate to Microsoft Defender for Office 365 Phase 1: Prepare](/microsoft-365/security/office-365-security/migrate-to-defender-for-office-365-prepare?view=o365-worldwide) | modified | -| 2/2/2023 | [Manage submissions](/microsoft-365/security/office-365-security/submissions-admin?view=o365-worldwide) | modified | -| 2/2/2023 | [Performance analyzer for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/tune-performance-defender-antivirus?view=o365-worldwide) | modified | -| 2/2/2023 | [Microsoft Adoption Score Organizational Messages](/microsoft-365/admin/adoption/organizational-messages?view=o365-worldwide) | modified | -| 2/2/2023 | [Message center in the Microsoft 365 admin center](/microsoft-365/admin/manage/message-center?view=o365-worldwide) | modified | -| 2/2/2023 | [Configure authentication for Microsoft 365 support integration with ServiceNow](/microsoft-365/admin/manage/servicenow-authentication?view=o365-worldwide) | modified | -| 2/2/2023 | [Test and deploy Microsoft 365 Apps by partners in the Integrated apps portal](/microsoft-365/admin/manage/test-and-deploy-microsoft-365-apps?view=o365-worldwide) | modified | -| 2/2/2023 | [What's new in the Microsoft 365 admin center?](/microsoft-365/admin/whats-new-in-preview?view=o365-worldwide) | modified | -| 2/2/2023 | [Non-Azure Microsoft volume licensing invoices](/microsoft-365/commerce/licenses/volume-licensing-invoices?view=o365-worldwide) | modified | -| 2/2/2023 | [Communication compliance](/microsoft-365/compliance/communication-compliance-solution-overview?view=o365-worldwide) | modified | -| 2/2/2023 | [Collect eDiscovery diagnostic information](/microsoft-365/compliance/ediscovery-diagnostic-info?view=o365-worldwide) | modified | -| 2/2/2023 | [Migrate the Azure Information Protection (AIP) add-in to Microsoft Purview Information Protection built-in labeling for Office apps](/microsoft-365/compliance/sensitivity-labels-aip?view=o365-worldwide) | modified | -| 2/2/2023 | [OneDrive Cross-tenant OneDrive migration Step 2](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step2?view=o365-worldwide) | modified | -| 2/2/2023 | [OneDrive Cross-tenant OneDrive migration Step 6](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step6?view=o365-worldwide) | modified | -| 2/2/2023 | [OneDrive Cross-Tenant User Data Migration Step 7](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step7?view=o365-worldwide) | modified | -| 2/2/2023 | [Cross-tenant OneDrive migration overview](/microsoft-365/enterprise/cross-tenant-onedrive-migration?view=o365-worldwide) | modified | -| 2/2/2023 | [Microsoft 365 Multi-Tenant Organization People Search](/microsoft-365/enterprise/multi-tenant-people-search?view=o365-worldwide) | modified | -| 2/2/2023 | [Block sign-in for shared mailbox accounts in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-block-signin-shared-mailboxes?view=o365-worldwide) | modified | -| 2/2/2023 | [Overview of using Microsoft 365 Lighthouse baselines to deploy standard tenant configurations](/microsoft-365/lighthouse/m365-lighthouse-deploy-standard-tenant-configurations-overview?view=o365-worldwide) | modified | -| 2/2/2023 | [Deploy a task automatically in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-deploy-task-automatically?view=o365-worldwide) | modified | -| 2/2/2023 | [Overview of deployment tasks in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-overview-deployment-task?view=o365-worldwide) | modified | -| 2/2/2023 | [Review a deployment plan in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-review-deployment-plan?view=o365-worldwide) | modified | -| 2/2/2023 | [Understand deployment statuses in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-understand-deployment-statuses?view=o365-worldwide) | modified | -| 2/2/2023 | [View task details in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-view-task-details?view=o365-worldwide) | modified | -| 2/2/2023 | [What's new in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-whats-new?view=o365-worldwide) | modified | -| 2/2/2023 | [Details of custom permissions in Microsoft 365 Defender role-based access control (RBAC)](/microsoft-365/security/defender/custom-permissions-details?view=o365-worldwide) | modified | -| 2/2/2023 | [External Domain Name System records for Office 365](/microsoft-365/enterprise/external-domain-name-system-records?view=o365-worldwide) | modified | -| 2/2/2023 | [Troubleshoot issues and find answers on FAQs related to Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-troubleshoot?view=o365-worldwide) | modified | -| 2/2/2023 | [Microsoft 365 Multi-Tenant Organization People Search](/microsoft-365/enterprise/multi-tenant-people-search?view=o365-worldwide) | added | -| 2/2/2023 | [Test attack surface reduction (ASR) rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-test?view=o365-worldwide) | modified | -| 2/2/2023 | [Attack surface reduction (ASR) rules reporting](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-report?view=o365-worldwide) | modified | -| 2/2/2023 | [Advanced deployment guidance for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/comprehensive-guidance-on-linux-deployment?view=o365-worldwide) | modified | -| 2/2/2023 | [Map Microsoft 365 Defender role-based access control (RBAC) permissions](/microsoft-365/security/defender/compare-rbac-roles?view=o365-worldwide) | modified | -| 2/2/2023 | [What is Microsoft Defender Experts for XDR offering](/microsoft-365/security/defender/dex-xdr-overview?view=o365-worldwide) | modified | -| 2/2/2023 | [Import roles to Microsoft 365 Defender RBAC](/microsoft-365/security/defender/import-rbac-roles?view=o365-worldwide) | modified | -| 2/2/2023 | [How to use the Microsoft Defender Experts for XDR preview service](/microsoft-365/security/defender/start-using-mdex-xdr?view=o365-worldwide) | modified | -| 2/2/2023 | [Bookings with me](/microsoft-365/bookings/bookings-in-outlook?view=o365-worldwide) | modified | -| 2/2/2023 | [Pay for your Microsoft business subscription with a billing profile](/microsoft-365/commerce/billing-and-payments/pay-for-subscription-billing-profile?view=o365-worldwide) | modified | -| 2/2/2023 | [Payment options for your Microsoft business subscription](/microsoft-365/commerce/billing-and-payments/pay-for-your-subscription?view=o365-worldwide) | modified | -| 2/2/2023 | [Attack surface reduction rules reference](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide) | modified | -| 2/2/2023 | [Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/defender-for-office-365?view=o365-worldwide) | modified | -| 2/2/2023 | [Security Operations Guide for Defender for Office 365](/microsoft-365/security/office-365-security/mdo-sec-ops-guide?view=o365-worldwide) | modified | -| 2/2/2023 | [Protect security settings with tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide) | modified | -| 2/2/2023 | [Set up the Microsoft Defender for Endpoint on macOS policies in Jamf Pro](/microsoft-365/security/defender-endpoint/mac-jamfpro-policies?view=o365-worldwide) | modified | -| 2/2/2023 | [Microsoft Adoption Score - Meetings (New)](/microsoft-365/admin/adoption/meetings-new?view=o365-worldwide) | modified | -| 2/2/2023 | [Shifts connectors](/microsoft-365/frontline/shifts-connectors?view=o365-worldwide) | modified | -| 2/2/2023 | [Virtual Appointments with Microsoft Teams](/microsoft-365/frontline/virtual-appointments?view=o365-worldwide) | modified | -| 2/2/2023 | [Turn on cloud protection in Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus?view=o365-worldwide) | modified | -| 2/2/2023 | [View email security reports](/microsoft-365/security/office-365-security/reports-email-security?view=o365-worldwide) | modified | -| 2/2/2023 | [Search the audit log in the Microsoft Purview compliance portal](/microsoft-365/compliance/audit-log-search?view=o365-worldwide) | modified | -| 2/2/2023 | [Microsoft Purview auditing solutions](/microsoft-365/compliance/audit-solutions-overview?view=o365-worldwide) | modified | -| 2/2/2023 | [Track your Microsoft Secure Score history and meet goals](/microsoft-365/security/defender/microsoft-secure-score-history-metrics-trends?view=o365-worldwide) | modified | -| 2/2/2023 | [Assess your security posture through Microsoft Secure Score](/microsoft-365/security/defender/microsoft-secure-score-improvement-actions?view=o365-worldwide) | modified | -| 2/2/2023 | [Microsoft Secure Score](/microsoft-365/security/defender/microsoft-secure-score?view=o365-worldwide) | modified | -| 2/2/2023 | [Microsoft Secure score data storage and privacy](/microsoft-365/security/defender/secure-score-data-storage-privacy?view=o365-worldwide) | added | -| 2/2/2023 | [Advanced deployment guidance for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/comprehensive-guidance-on-linux-deployment?view=o365-worldwide) | added | -| 2/2/2023 | [Microsoft Defender for Endpoint device timeline](/microsoft-365/security/defender-endpoint/device-timeline-event-flag?view=o365-worldwide) | modified | -| 2/2/2023 | [Export information gathering assessment](/microsoft-365/security/defender-endpoint/get-assessment-information-gathering?view=o365-worldwide) | added | -| 2/2/2023 | [Deploy Microsoft Defender for Endpoint on Linux manually](/microsoft-365/security/defender-endpoint/linux-install-manually?view=o365-worldwide) | modified | -| 2/2/2023 | [Scheduling Dynamic Recurring Meetings](/microsoft-365/scheduler/scheduler-recurring-meetings?view=o365-worldwide) | modified | -| 2/2/2023 | [Manage devices for frontline workers](/microsoft-365/frontline/flw-devices?view=o365-worldwide) | modified | -| 2/2/2023 | [Deploy a task automatically in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-deploy-task-automatically?view=o365-worldwide) | added | -| 2/2/2023 | [Deploy a task manually in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-deploy-task-manually?view=o365-worldwide) | added | -| 2/2/2023 | [Dismiss a task in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-dismiss-task?view=o365-worldwide) | modified | -| 2/2/2023 | [Overview of deployment tasks in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-overview-deployment-task?view=o365-worldwide) | added | -| 2/2/2023 | [Review a deployment plan in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-review-deployment-plan?view=o365-worldwide) | added | -| 2/2/2023 | [Understand deployment statuses in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-understand-deployment-statuses?view=o365-worldwide) | added | -| 2/2/2023 | [View task details in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-view-task-details?view=o365-worldwide) | added | -| 2/2/2023 | [App-based deployment for Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-install?view=o365-worldwide) | modified | -| 2/2/2023 | [Trainable classifiers definitions](/microsoft-365/compliance/classifier-tc-definitions?view=o365-worldwide) | modified | -| 2/2/2023 | [Configure automated investigation and response capabilities in Microsoft 365 Defender](/microsoft-365/security/defender/m365d-configure-auto-investigation-response?view=o365-worldwide) | modified | -| 2/2/2023 | [Manage Microsoft LMS Gateway for any LMS](/microsoft-365/lti/manage-microsoft-one-lti?view=o365-worldwide) | modified | -| 2/2/2023 | [Common Microsoft Defender for Endpoint API errors](/microsoft-365/security/defender-endpoint/common-errors?view=o365-worldwide) | modified | -| 2/2/2023 | [Quarantine policies](/microsoft-365/security/office-365-security/quarantine-policies?view=o365-worldwide) | modified | -| 2/2/2023 | [Choose your scenarios for Microsoft 365 for frontline workers](/microsoft-365/frontline/flw-choose-scenarios?view=o365-worldwide) | modified | -| 2/2/2023 | [Corporate communications with frontline workers](/microsoft-365/frontline/flw-corp-comms?view=o365-worldwide) | modified | -| 2/2/2023 | [Microsoft 365 for retail organizations](/microsoft-365/frontline/teams-for-retail-landing-page?view=o365-worldwide) | modified | -| 2/2/2023 | [Migrate from the MDE SIEM API to the Microsoft 365 Defender alerts API](/microsoft-365/security/defender-endpoint/configure-siem?view=o365-worldwide) | modified | -| 2/2/2023 | [FAQs related to Microsoft Defender Experts for XDR preview](/microsoft-365/security/defender/frequently-asked-questions?view=o365-worldwide) | modified | -| 2/2/2023 | [Microsoft 365 Defender streaming event types supported in Event Streaming API](/microsoft-365/security/defender/supported-event-types?view=o365-worldwide) | modified | -| 2/2/2023 | [Email analysis in investigations for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/email-analysis-investigations?view=o365-worldwide) | modified | -| 2/2/2023 | [Set up Microsoft 365 for frontline workers](/microsoft-365/frontline/flw-setup-microsoft-365?view=o365-worldwide) | modified | -| 2/2/2023 | [Build and manage assessments in Microsoft Purview Compliance Manager](/microsoft-365/compliance/compliance-manager-assessments?view=o365-worldwide) | modified | -| 2/2/2023 | [Get started with Microsoft Purview Compliance Manager](/microsoft-365/compliance/compliance-manager-setup?view=o365-worldwide) | modified | -| 2/2/2023 | [Enable co-authoring for encrypted documents](/microsoft-365/compliance/sensitivity-labels-coauthoring?view=o365-worldwide) | modified | -| 2/2/2023 | [Microsoft 365 network connectivity test tool](/microsoft-365/enterprise/office-365-network-mac-perf-onboarding-tool?view=o365-worldwide) | modified | -| 2/2/2023 | [Schedule regular quick and full scans with Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/schedule-antivirus-scans?view=o365-worldwide) | modified | -| 2/2/2023 | [OneDrive Cross-Tenant User Data Migration Step 1](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step1?view=o365-worldwide) | modified | -| 2/2/2023 | [OneDrive Cross-Tenant User Data Migration Step 2](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step2?view=o365-worldwide) | modified | -| 2/2/2023 | [OneDrive Cross-Tenant User Data Migration Step 3](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step3?view=o365-worldwide) | modified | -| 2/2/2023 | [OneDrive Cross-Tenant User Data Migration Step 4](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step4?view=o365-worldwide) | modified | -| 2/2/2023 | [OneDrive Cross-Tenant User Data Migration Step 5](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step5?view=o365-worldwide) | modified | -| 2/2/2023 | [OneDrive Cross-Tenant User Data Migration Step 6](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step6?view=o365-worldwide) | modified | -| 2/2/2023 | [Cross-tenant OneDrive migration](/microsoft-365/enterprise/cross-tenant-onedrive-migration?view=o365-worldwide) | modified | -| 2/2/2023 | [Configure Microsoft 365 support integration with Azure AD Auth Token](/microsoft-365/admin/manage/servicenow-aad-oauth-token-v1?view=o365-worldwide) | added | -| 2/2/2023 | [Configure support integration with ServiceNow - Basic Authentication](/microsoft-365/admin/manage/servicenow-basic-authentication-v1?view=o365-worldwide) | added | -| 2/2/2023 | [Microsoft 365 support integration with ServiceNow configuration overview](/microsoft-365/admin/manage/servicenow-overview-v1?view=o365-worldwide) | added | -| 2/2/2023 | [Testing the ServiceNow configuration](/microsoft-365/admin/manage/servicenow-testing-the-configuration-v1?view=o365-worldwide) | added | -| 2/2/2023 | [Troubleshooting Microsoft 365 support integration with ServiceNow](/microsoft-365/admin/manage/servicenow-troubleshooting-v1?view=o365-worldwide) | added | -| 2/2/2023 | [Integrate Microsoft 365 with ServiceNow Virtual Agent](/microsoft-365/admin/manage/servicenow-virtual-agent-integration-v1?view=o365-worldwide) | added | -| 2/2/2023 | [Non-Azure Microsoft volume licensing invoices](/microsoft-365/commerce/licenses/volume-licensing-invoices?view=o365-worldwide) | added | -| 2/2/2023 | [Exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/defender-endpoint-antivirus-exclusions?view=o365-worldwide) | modified | -| 2/2/2023 | [Microsoft Defender for Endpoint Device Control Removable Storage frequently asked questions](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control-faq?view=o365-worldwide) | modified | -| 2/2/2023 | [Microsoft Defender for Endpoint Device Control Removable Storage Access Control, removable storage media](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control?view=o365-worldwide) | modified | -| 2/2/2023 | [Investigate Microsoft Defender for Endpoint files](/microsoft-365/security/defender-endpoint/investigate-files?view=o365-worldwide) | modified | -| 2/2/2023 | [Get started with sensitivity labels](/microsoft-365/compliance/get-started-with-sensitivity-labels?view=o365-worldwide) | modified | -| 2/2/2023 | [Enable attack surface reduction (ASR) rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-implement?view=o365-worldwide) | modified | -| 2/2/2023 | [Investigate an IP address associated with an alert](/microsoft-365/security/defender-endpoint/investigate-ip?view=o365-worldwide) | modified | -| 2/2/2023 | [Microsoft 365 Defender portal](/microsoft-365/security/defender/microsoft-365-defender-portal?view=o365-worldwide) | modified | -| 2/2/2023 | [Decryption in Microsoft Purview eDiscovery tools](/microsoft-365/compliance/ediscovery-decryption?view=o365-worldwide) | modified | -| 2/2/2023 | [Integrate your SIEM tools with Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/configure-siem?view=o365-worldwide) | modified | -| 2/2/2023 | [What's new in Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-whatsnew?view=o365-worldwide) | modified | -| 2/2/2023 | [Investigate alerts in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-alerts?view=o365-worldwide) | modified | -| 2/2/2023 | [Insider risk management settings](/microsoft-365/compliance/insider-risk-management-settings?view=o365-worldwide) | modified | -| 2/2/2023 | [Service advisories for OAB size limits in Exchange Online monitoring](/microsoft-365/enterprise/microsoft-365-oab-size-limit-service-advisory?view=o365-worldwide) | added | -| 2/2/2023 | [Review events and errors using Event Viewer](/microsoft-365/security/defender-endpoint/event-error-codes?view=o365-worldwide) | modified | -| 2/2/2023 | [How to schedule scans with Microsoft Defender for Endpoint on macOS](/microsoft-365/security/defender-endpoint/mac-schedule-scan?view=o365-worldwide) | modified | -| 2/2/2023 | [What's new in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint?view=o365-worldwide) | modified | -| 2/2/2023 | [What's new in Microsoft Defender Vulnerability Management Public Preview](/microsoft-365/security/defender-vulnerability-management/whats-new-in-microsoft-defender-vulnerability-management?view=o365-worldwide) | modified | -| 2/2/2023 | [How SMTP DNS-based Authentication of Named Entities (DANE) secures email communications](/microsoft-365/compliance/how-smtp-dane-works?view=o365-worldwide) | modified | -| 2/2/2023 | [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-worldwide) | modified | -| 2/2/2023 | [Configure endpoint DLP settings](/microsoft-365/compliance/dlp-configure-endpoint-settings?view=o365-worldwide) | modified | -| 2/2/2023 | [Using Endpoint DLP](/microsoft-365/compliance/endpoint-dlp-using?view=o365-worldwide) | modified | -| 2/2/2023 | [Create and manage custom detection rules in Microsoft 365 Defender](/microsoft-365/security/defender/custom-detection-rules?view=o365-worldwide) | modified | -| 11/2/2022 | [Help your clients and customers use virtual appointments](/microsoft-365/frontline/virtual-appointments-toolkit?view=o365-worldwide) | modified | -| 2/2/2023 | [Service assurance in the Microsoft Purview compliance portal](/microsoft-365/compliance/service-assurance?view=o365-worldwide) | modified | -| 2/2/2023 | [Cross-tenant mailbox migration](/microsoft-365/enterprise/cross-tenant-mailbox-migration?view=o365-worldwide) | modified | -| 2/2/2023 | [Advanced Data Residency Commitments](/microsoft-365/enterprise/m365-dr-commitments?view=o365-worldwide) | modified | -| 2/2/2023 | [Use Microsoft Teams Meetings LTI with any LTI 1.3 compliant LMS](/microsoft-365/lti/integrate-with-other-lms?view=o365-worldwide) | added | -| 2/2/2023 | [Get Microsoft Defender for Business servers](/microsoft-365/security/defender-business/get-defender-business-servers?view=o365-worldwide) | modified | -| 2/2/2023 | [Microsoft Defender for Business](/microsoft-365/security/defender-business/index?view=o365-worldwide) | modified | -| 2/2/2023 | [Microsoft Defender for Business frequently asked questions](/microsoft-365/security/defender-business/mdb-faq?view=o365-worldwide) | modified | -| 2/2/2023 | [Offboard a device from Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-offboard-devices?view=o365-worldwide) | modified | -| 2/2/2023 | [Onboard devices to Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-onboard-devices?view=o365-worldwide) | modified | -| 2/2/2023 | [Device health Microsoft Defender Antivirus health report](/microsoft-365/security/defender-endpoint/device-health-microsoft-defender-antivirus-health?view=o365-worldwide) | modified | -| 2/2/2023 | [Get started with insider risk management](/microsoft-365/compliance/insider-risk-management-configure?view=o365-worldwide) | modified | -| 2/2/2023 | [Insider risk management policies](/microsoft-365/compliance/insider-risk-management-policies?view=o365-worldwide) | modified | -| 2/2/2023 | [Learn about insider risk management](/microsoft-365/compliance/insider-risk-management?view=o365-worldwide) | modified | -| 2/2/2023 | [Windows and Office 365 deployment lab kit](/microsoft-365/enterprise/modern-desktop-deployment-and-management-lab?view=o365-worldwide) | modified | -| 2/2/2023 | [Address false positives/negatives in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/defender-endpoint-false-positives-negatives?view=o365-worldwide) | modified | -| 2/2/2023 | [Microsoft Defender for Cloud Apps in Microsoft 365 Defender (Preview)](/microsoft-365/security/defender/microsoft-365-security-center-defender-cloud-apps?view=o365-worldwide) | modified | -| 2/2/2023 | [Manage Folders and Rules feature in Microsoft 365 Groups](/microsoft-365/enterprise/manage-folders-and-rules-feature?view=o365-worldwide) | added | -| 2/2/2023 | [What is Microsoft 365 Defender?](/microsoft-365/security/defender/microsoft-365-defender?view=o365-worldwide) | modified | -| 2/2/2023 | [Feature update validation](/microsoft-365/test-base/feature?view=o365-worldwide) | modified | -| 2/2/2023 | [Creating and Testing Binary Files on Test Base](/microsoft-365/test-base/testapplication?view=o365-worldwide) | modified | -| 2/2/2023 | [Test your Intune application on Test Base](/microsoft-365/test-base/testintuneapplication?view=o365-worldwide) | modified | -| 2/2/2023 | [Uploading a pre-built zip package](/microsoft-365/test-base/uploadapplication?view=o365-worldwide) | modified | -| 2/2/2023 | [Onboard Windows servers to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-worldwide) | modified | -| 2/2/2023 | [Microsoft 365 alert policies](/microsoft-365/compliance/alert-policies?view=o365-worldwide) | modified | -| 2/2/2023 | [Data Loss Prevention policy reference](/microsoft-365/compliance/dlp-policy-reference?view=o365-worldwide) | modified | -| 2/2/2023 | [Microsoft Defender for Endpoint APIs connection to Power BI](/microsoft-365/security/defender-endpoint/api-power-bi?view=o365-worldwide) | modified | -| 2/2/2023 | [Create indicators for IPs and URLs/domains](/microsoft-365/security/defender-endpoint/indicator-ip-domain?view=o365-worldwide) | modified | -| 2/2/2023 | [Professional services supported by Microsoft 365 Defender](/microsoft-365/security/defender-endpoint/professional-services?view=o365-worldwide) | added | -| 2/2/2023 | [Technological partners of Microsoft 365 Defender](/microsoft-365/security/defender-endpoint/technological-partners?view=o365-worldwide) | added | -| 2/2/2023 | [Learn about auto-expanding archiving](/microsoft-365/compliance/autoexpanding-archiving?view=o365-worldwide) | modified | -| 2/2/2023 | [Azure service bus shared access signature entity definition (preview)](/microsoft-365/compliance/sit-defn-azure-service-bus-shared-access-signature?view=o365-worldwide) | modified | -| 2/2/2023 | [Azure Shared Access key / Web Hook token signature entity definition (preview)](/microsoft-365/compliance/sit-defn-azure-shared-access-key-web-hook-token?view=o365-worldwide) | modified | -| 2/2/2023 | [Microsoft 365 admin center Teams app usage reports](/microsoft-365/admin/activity-reports/microsoft-teams-apps-usage?view=o365-worldwide) | added | -| 2/2/2023 | [Microsoft 365 admin center mailbox usage reports](/microsoft-365/admin/activity-reports/mailbox-usage?view=o365-worldwide) | modified | -| 2/2/2023 | [Customize what happens at the end of the retention period](/microsoft-365/compliance/retention-label-flow?view=o365-worldwide) | added | -| 2/2/2023 | [Azure Active Directory setup guides](/microsoft-365/admin/misc/azure-ad-setup-guides?view=o365-worldwide) | modified | -| 2/2/2023 | [About the Microsoft Purview Compliance Manager premium assessment trial](/microsoft-365/compliance/compliance-easy-trials-compliance-manager-assessments?view=o365-worldwide) | modified | -| 2/2/2023 | [Automatically retain or delete content by using retention policies](/microsoft-365/compliance/create-retention-policies?view=o365-worldwide) | modified | -| 2/2/2023 | [Message encryption FAQ](/microsoft-365/compliance/ome-faq?view=o365-worldwide) | modified | -| 2/2/2023 | [Onboard Windows devices to Microsoft Defender for Endpoint via Group Policy](/microsoft-365/security/defender-endpoint/configure-endpoints-gp?view=o365-worldwide) | modified | -| 2/2/2023 | [Onboard Windows devices using Configuration Manager](/microsoft-365/security/defender-endpoint/configure-endpoints-sccm?view=o365-worldwide) | modified | -| 2/2/2023 | [Microsoft 365 admin center activity reports](/microsoft-365/admin/activity-reports/activity-reports?view=o365-worldwide) | modified | -| 2/2/2023 | [Top 20 most-viewed admin help articles this month # < 60 chars](/microsoft-365/admin/top-m365-admin-articles?view=o365-worldwide) | modified | -| 2/2/2023 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide) | modified | -| 2/2/2023 | [Microsoft 365 admin center help # < 60 chars](/microsoft-365/admin/index?view=o365-worldwide) | modified | -| 2/2/2023 | [Microsoft 365 Business Premium resources # < 60 chars](/microsoft-365/business/index?view=o365-worldwide) | modified | -| 2/2/2023 | [Customize an archive and deletion policy (MRM) for mailboxes](/microsoft-365/compliance/set-up-an-archive-and-deletion-policy-for-mailboxes?view=o365-worldwide) | modified | -| 2/2/2023 | [Microsoft 365 for frontline workers # < 60 chars](/microsoft-365/frontline/index?view=o365-worldwide) | modified | -| 2/2/2023 | [Microsoft 365 documentation # < 60 chars](/microsoft-365/index?view=o365-worldwide) | modified | -| 2/2/2023 | [Investigate domains and URLs associated with a Microsoft Defender for Endpoint alert](/microsoft-365/security/defender-endpoint/investigate-domain?view=o365-worldwide) | modified | -| 2/2/2023 | [What's new in Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-whatsnew?view=o365-worldwide) | modified | -| 2/2/2023 | [Cross-Tenant Identity Mapping (preview)](/microsoft-365/enterprise/cross-tenant-identity-mapping?view=o365-worldwide) | added | -| 2/2/2023 | [Deploy Teams at scale for frontline workers](/microsoft-365/frontline/deploy-teams-at-scale?view=o365-worldwide) | modified | -| 2/2/2023 | [Onboard Microsoft Defender for IoT with Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/enable-microsoft-defender-for-iot-integration?view=o365-worldwide) | modified | -| 2/2/2023 | [Use network protection to help prevent connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection?view=o365-worldwide) | modified | -| 2/2/2023 | [Web protection](/microsoft-365/security/defender-endpoint/web-protection-overview?view=o365-worldwide) | modified | -| 2/2/2023 | [Manage clients for Microsoft Whiteboard in GCC environments](/microsoft-365/whiteboard/manage-clients-gcc?view=o365-worldwide) | modified | -| 2/2/2023 | [Manage data for Microsoft Whiteboard in GCC environments](/microsoft-365/whiteboard/manage-data-gcc?view=o365-worldwide) | modified | -| 2/2/2023 | [Manage sharing for Microsoft Whiteboard in GCC environments](/microsoft-365/whiteboard/manage-sharing-gcc?view=o365-worldwide) | modified | -| 2/2/2023 | [Manage access to Microsoft Whiteboard for GCC environments](/microsoft-365/whiteboard/manage-whiteboard-access-gcc?view=o365-worldwide) | modified | -| 2/2/2023 | [Microsoft Adoption Score](/microsoft-365/admin/adoption/adoption-score?view=o365-worldwide) | renamed | -| 2/2/2023 | [Microsoft Adoption Score - Microsoft 365 apps health](/microsoft-365/admin/adoption/apps-health?view=o365-worldwide) | renamed | -| 2/2/2023 | [Microsoft Adoption Score - Communication](/microsoft-365/admin/adoption/communication?view=o365-worldwide) | renamed | -| 2/2/2023 | [Microsoft Adoption Score - Content collaboration](/microsoft-365/admin/adoption/content-collaboration?view=o365-worldwide) | renamed | -| 2/2/2023 | [Microsoft Adoption Score - Meetings](/microsoft-365/admin/adoption/meetings?view=o365-worldwide) | renamed | -| 2/2/2023 | [Microsoft Adoption Score - Mobility](/microsoft-365/admin/adoption/mobility?view=o365-worldwide) | renamed | -| 2/2/2023 | [Microsoft Adoption Score - Privacy](/microsoft-365/admin/adoption/privacy?view=o365-worldwide) | renamed | -| 2/2/2023 | [Microsoft Adoption Score - Teamwork](/microsoft-365/admin/adoption/teamwork?view=o365-worldwide) | renamed | -| 2/2/2023 | [Troubleshoot issues on Microsoft Defender for Endpoint on Android](/microsoft-365/security/defender-endpoint/android-support-signin?view=o365-worldwide) | modified | -| 2/2/2023 | [What's new in Microsoft Defender for Endpoint on Android](/microsoft-365/security/defender-endpoint/android-whatsnew?view=o365-worldwide) | modified | -| 2/2/2023 | About the Microsoft Defender Vulnerability Management public preview trial | removed | -| 2/2/2023 | [Top 10 ways to secure your business data - Best practices for small and medium-sized businesses](/microsoft-365/admin/security-and-compliance/secure-your-business-data?view=o365-worldwide) | modified | -| 2/2/2023 | [Onboard and offboard macOS devices into Microsoft Purview solutions using Microsoft Intune](/microsoft-365/compliance/device-onboarding-offboarding-macos-intune?view=o365-worldwide) | modified | -| 2/2/2023 | [Integrate Microsoft Teams classes and meetings with Moodle](/microsoft-365/lti/teams-classes-meetings-with-moodle?view=o365-worldwide) | modified | -| 2/2/2023 | [Choose between guided and advanced modes for hunting in Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-modes?view=o365-worldwide) | added | -| 2/2/2023 | [Overview - Advanced hunting](/microsoft-365/security/defender/advanced-hunting-overview?view=o365-worldwide) | modified | -| 2/2/2023 | [Supported data types and filters in guided mode for hunting in Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-query-builder-details?view=o365-worldwide) | added | -| 2/2/2023 | [Work with query results in guided mode for hunting in Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-query-builder-results?view=o365-worldwide) | added | -| 2/2/2023 | [Build queries using guided mode in Microsoft 365 Defender advanced hunting](/microsoft-365/security/defender/advanced-hunting-query-builder?view=o365-worldwide) | added | -| 2/2/2023 | [Move users to a different subscription](/microsoft-365/commerce/subscriptions/move-users-different-subscription?view=o365-worldwide) | modified | -| 2/2/2023 | [EU debit card number entity definition](/microsoft-365/compliance/sit-defn-eu-debit-card-number?view=o365-worldwide) | modified | -| 2/2/2023 | [International banking account number (IBAN) entity definition](/microsoft-365/compliance/sit-defn-international-banking-account-number?view=o365-worldwide) | modified | -| 2/2/2023 | [Integrate Microsoft Teams meetings with Schoology LMS](/microsoft-365/lti/teams-classes-and-meetings-with-schoology?view=o365-worldwide) | added | -| 2/2/2023 | [Export assessment methods and properties per device](/microsoft-365/security/defender-endpoint/get-assessment-methods-properties?view=o365-worldwide) | modified | -| 2/2/2023 | [Learn how to mitigate the Log4Shell vulnerability in Microsoft Defender for Endpoint - Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/tvm-manage-log4shell-guidance?view=o365-worldwide) | modified | -| 2/2/2023 | [Configure your Event Hubs](/microsoft-365/security/defender/configure-event-hub?view=o365-worldwide) | modified | -| 2/2/2023 | [Microsoft 365 Group mailbox size management](/microsoft-365/admin/create-groups/group-mailbox-size-management?view=o365-worldwide) | added | -| 2/2/2023 | [Migrating servers from Microsoft Defender for Endpoint to Microsoft Defender for Cloud](/microsoft-365/security/defender-endpoint/migrating-mde-server-to-cloud?view=o365-worldwide) | modified | -| 2/2/2023 | [Guest users in the Microsoft 365 admin center](/microsoft-365/admin/add-users/about-guest-users?view=o365-worldwide) | modified | -| 2/2/2023 | [Manage guest access in Microsoft 365 groups](/microsoft-365/admin/create-groups/manage-guest-access-in-groups?view=o365-worldwide) | modified | -| 2/2/2023 | [Use Microsoft Teams meetings with Blackboard Learn](/microsoft-365/lti/teams-meetings-with-blackboard-learn?view=o365-worldwide) | added | -| 2/2/2023 | [Manage data for Microsoft Whiteboard](/microsoft-365/whiteboard/manage-data-organizations?view=o365-worldwide) | modified | -| 2/2/2023 | [Manage sharing for Microsoft Whiteboard in GCC High environments](/microsoft-365/whiteboard/manage-sharing-gcc-high?view=o365-worldwide) | modified | -| 2/2/2023 | [Manage sharing for Microsoft Whiteboard](/microsoft-365/whiteboard/manage-sharing-organizations?view=o365-worldwide) | modified | -| 2/2/2023 | [Microsoft 365 Business Premium overview](/microsoft-365/business-premium/index?view=o365-worldwide) | modified | -| 2/2/2023 | [Glossary of security terms for Microsoft 365 security capabilities](/microsoft-365/business-premium/m365bp-glossary?view=o365-worldwide) | modified | -| 2/2/2023 | [Use AllowSelfServicePurchase for the MSCommerce PowerShell module](/microsoft-365/commerce/subscriptions/allowselfservicepurchase-powershell?view=o365-worldwide) | modified | -| 2/2/2023 | [Configure and manage Microsoft Threat Experts capabilities](/microsoft-365/security/defender-endpoint/configure-microsoft-threat-experts?view=o365-worldwide) | modified | -| 2/2/2023 | [Microsoft Defender for Endpoint Device Control Device Installation](/microsoft-365/security/defender-endpoint/mde-device-control-device-installation?view=o365-worldwide) | modified | -| 2/2/2023 | [Review audit logs in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-review-audit-logs?view=o365-worldwide) | modified | -| 2/2/2023 | [What's new in Microsoft Defender Vulnerability Management Public Preview](/microsoft-365/security/defender-vulnerability-management/whats-new-in-microsoft-defender-vulnerability-management?view=o365-worldwide) | added | -| 2/2/2023 | [Upload Application Binaries](/microsoft-365/test-base/binaries?view=o365-worldwide) | modified | -| 2/2/2023 | [Functional testing on Test Base](/microsoft-365/test-base/functional?view=o365-worldwide) | modified | -| 2/2/2023 | [Memory regression analysis](/microsoft-365/test-base/memory?view=o365-worldwide) | modified | -| 2/2/2023 | [Run your test on-demand](/microsoft-365/test-base/ondemandrun?view=o365-worldwide) | added | -| 2/2/2023 | [Test Base SDK for Python](/microsoft-365/test-base/pythonsdkoverview?view=o365-worldwide) | modified | -| 2/2/2023 | [Set your test tasks](/microsoft-365/test-base/testtask?view=o365-worldwide) | modified | -| 2/2/2023 | [Preset security policies](/microsoft-365/security/office-365-security/preset-security-policies?view=o365-worldwide) | modified | -| 2/2/2023 | [Use Power Automate connectors to build Bookings workflows](/microsoft-365/bookings/power-automate-integration?view=o365-worldwide) | added | -| 2/2/2023 | [Learn about archive mailboxes for Microsoft Purview](/microsoft-365/compliance/archive-mailboxes?view=o365-worldwide) | modified | -| 2/2/2023 | [Share DLP alerts](/microsoft-365/compliance/dlp-share-alerts?view=o365-worldwide) | added | -| 2/2/2023 | [Enable auto-expanding archiving](/microsoft-365/compliance/enable-autoexpanding-archiving?view=o365-worldwide) | modified | -| 2/2/2023 | [Azure AD configuration for content encrypted by Microsoft Purview Information Protection](/microsoft-365/compliance/encryption-azure-ad-configuration?view=o365-worldwide) | added | -| 2/2/2023 | [Create exact data match sensitive information type workflow classic experience](/microsoft-365/compliance/sit-create-edm-sit-classic-ux-workflow?view=o365-worldwide) | added | -| 2/2/2023 | [Create EDM SIT sample file for the new experience](/microsoft-365/compliance/sit-create-edm-sit-unified-ux-sample-file?view=o365-worldwide) | added | -| 2/2/2023 | [Create EDM SIT using the new experience](/microsoft-365/compliance/sit-create-edm-sit-unified-ux-schema-rule-package?view=o365-worldwide) | added | -| 2/2/2023 | [Create exact data match sensitive information type workflow new experience](/microsoft-365/compliance/sit-create-edm-sit-unified-ux-workflow?view=o365-worldwide) | added | -| 2/2/2023 | [Get started with exact data match based sensitive information types](/microsoft-365/compliance/sit-get-started-exact-data-match-based-sits-overview?view=o365-worldwide) | modified | -| 2/2/2023 | [Create the schema for exact data match based sensitive information types](/microsoft-365/compliance/sit-get-started-exact-data-match-create-schema?view=o365-worldwide) | modified | -| 2/2/2023 | [Export source data for exact data match based sensitive information type](/microsoft-365/compliance/sit-get-started-exact-data-match-export-data?view=o365-worldwide) | modified | -| 2/2/2023 | [Hash and upload the sensitive information source table for exact data match sensitive information types](/microsoft-365/compliance/sit-get-started-exact-data-match-hash-upload?view=o365-worldwide) | modified | -| 2/2/2023 | [Learn about exact data match based sensitive information types](/microsoft-365/compliance/sit-learn-about-exact-data-match-based-sits?view=o365-worldwide) | modified | -| 2/2/2023 | [Suspicious password-spray-related IP address activity alert](/microsoft-365/security/defender/alert-grading-password-spray?view=o365-worldwide) | added | -| 2/2/2023 | [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) | modified | -| 2/2/2023 | [Get help and support for Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-get-help?view=o365-worldwide) | modified | -| 2/2/2023 | [Visit the Microsoft 365 Defender portal](/microsoft-365/security/defender-business/mdb-get-started?view=o365-worldwide) | modified | -| 2/2/2023 | [Understand next-generation protection configuration settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-next-gen-configuration-settings?view=o365-worldwide) | modified | -| 2/2/2023 | [Use setup wizard in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-use-wizard?view=o365-worldwide) | modified | -| 2/2/2023 | [Set preferences for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-preferences?view=o365-worldwide) | modified | -| 2/2/2023 | [Introduction to Microsoft Whiteboard](/microsoft-365/whiteboard/index?view=o365-worldwide) | modified | -| 2/2/2023 | [Detect and Remediate Illicit Consent Grants](/microsoft-365/security/office-365-security/detect-and-remediate-illicit-consent-grants?view=o365-worldwide) | modified | -| 2/2/2023 | [Set up and configure the Moodle LMS plugins](/microsoft-365/lti/moodle-plugin-configuration?view=o365-worldwide) | modified | -| 2/2/2023 | [Set up and configure the Moodle LMS plugins for Open LMS](/microsoft-365/lti/open-lms-plugin-configuration?view=o365-worldwide) | modified | -| 2/2/2023 | [Top 10 ways to secure your data - Best practices for small and medium-sized businesses](/microsoft-365/admin/security-and-compliance/secure-your-business-data?view=o365-worldwide) | modified | -| 2/2/2023 | [Migrating servers from Microsoft Monitoring Agent to the unified solution](/microsoft-365/security/defender-endpoint/application-deployment-via-mecm?view=o365-worldwide) | modified | -| 2/2/2023 | [Onboard devices and configure Microsoft Defender for Endpoint capabilities](/microsoft-365/security/defender-endpoint/onboard-configure?view=o365-worldwide) | modified | -| 2/2/2023 | [Supported Microsoft Defender for Endpoint capabilities by platform](/microsoft-365/security/defender-endpoint/supported-capabilities-by-platform?view=o365-worldwide) | added | -| 2/2/2023 | [Configure Microsoft Defender for Endpoint on iOS features](/microsoft-365/security/defender-endpoint/ios-configure-features?view=o365-worldwide) | modified | -| 2/2/2023 | [What's new in Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-whatsnew?view=o365-worldwide) | modified | -| 2/2/2023 | [Microsoft Defender Offline in Windows](/microsoft-365/security/defender-endpoint/microsoft-defender-offline?view=o365-worldwide) | modified | -| 2/2/2023 | [Go to the Action center to view and approve your automated investigation and remediation tasks](/microsoft-365/security/defender/m365d-action-center?view=o365-worldwide) | modified | -| 2/2/2023 | [Automated investigation and response in Microsoft 365 Defender](/microsoft-365/security/defender/m365d-autoir?view=o365-worldwide) | modified | -| 2/2/2023 | [Apply encryption using sensitivity labels](/microsoft-365/compliance/encryption-sensitivity-labels?view=o365-worldwide) | modified | -| 2/2/2023 | [Onboard devices without Internet access to Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/onboard-offline-machines?view=o365-worldwide) | modified | -| 2/2/2023 | [Configure Microsoft 365 user account properties with PowerShell](/microsoft-365/enterprise/configure-user-account-properties-with-microsoft-365-powershell?view=o365-worldwide) | modified | -| 2/2/2023 | [Configure and validate exclusions based on extension, name, or location](/microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus?view=o365-worldwide) | modified | -| 2/2/2023 | [Data Residency for Other Microsoft 365 Services](/microsoft-365/enterprise/m365-dr-workload-other?view=o365-worldwide) | modified | -| 2/2/2023 | [Manage Office Scripts settings](/microsoft-365/admin/manage/manage-office-scripts-settings?view=o365-worldwide) | modified | -| 2/2/2023 | [Create and publish sensitivity labels](/microsoft-365/compliance/create-sensitivity-labels?view=o365-worldwide) | modified | -| 2/2/2023 | [Delete items in the Recoverable Items folder of cloud-based mailboxes on hold - Admin Help](/microsoft-365/compliance/delete-items-in-the-recoverable-items-folder-of-mailboxes-on-hold?view=o365-worldwide) | modified | -| 2/2/2023 | [Sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide) | modified | -| 2/2/2023 | [Overview of sensitivity labels](/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide) | modified | -| 2/2/2023 | [Enable sensitivity labels for Office files in SharePoint and OneDrive](/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files?view=o365-worldwide) | modified | -| 2/2/2023 | [Test and deploy Microsoft 365 Apps](/microsoft-365/admin/manage/test-and-deploy-microsoft-365-apps?view=o365-worldwide) | modified | -| 2/2/2023 | [Data loss prevention and Microsoft Teams](/microsoft-365/compliance/dlp-microsoft-teams?view=o365-worldwide) | modified | -| 2/2/2023 | [Alert policies in the security and compliance centers](/microsoft-365/compliance/alert-policies?view=o365-worldwide) | modified | -| 2/3/2023 | [Microsoft Teams Virtual Appointments Call Quality Dashboard](/microsoft-365/frontline/virtual-appointments-call-quality?view=o365-worldwide) | added | -| 2/3/2023 | [Configure alert notifications in Microsoft 365 Defender](/microsoft-365/security/defender/configure-email-notifications?view=o365-worldwide) | renamed | -| 2/3/2023 | [Microsoft Teams Virtual Appointments usage report](/microsoft-365/frontline/virtual-appointments-usage-report?view=o365-worldwide) | modified | -| 2/3/2023 | [Microsoft 365 Lighthouse frequently asked questions (FAQs)](/microsoft-365/lighthouse/m365-lighthouse-faq?view=o365-worldwide) | modified | -| 2/3/2023 | [Advanced deployment guides for Microsoft 365 and Office 365 services](/microsoft-365/enterprise/setup-guides-for-microsoft-365?view=o365-worldwide) | modified | -| 2/3/2023 | Data Loss Prevention Reference | removed | -| 2/3/2023 | [Data loss prevention and Microsoft Teams](/microsoft-365/compliance/dlp-microsoft-teams?view=o365-worldwide) | modified | -| 2/3/2023 | [Get started with the Microsoft Service Trust Portal](/microsoft-365/compliance/get-started-with-service-trust-portal?view=o365-worldwide) | modified | -| 2/3/2023 | [Set up the Microsoft Defender for Endpoint on macOS policies in Jamf Pro](/microsoft-365/security/defender-endpoint/mac-jamfpro-policies?view=o365-worldwide) | modified | ---## Week of January 23, 2023 ---| Published On |Topic title | Change | -|||--| -| 1/23/2023 | [Create and manage inactive mailboxes](/microsoft-365/compliance/create-and-manage-inactive-mailboxes?view=o365-worldwide) | modified | -| 1/23/2023 | [Use a script to create an eDiscovery holds report](/microsoft-365/compliance/ediscovery-create-a-report-on-holds-in-cases?view=o365-worldwide) | modified | -| 1/23/2023 | [How to secure your business data with Microsoft 365 for business](/microsoft-365/admin/security-and-compliance/secure-your-business-data?view=o365-worldwide) | modified | -| 1/23/2023 | [Boost your security protection with Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-security-overview?view=o365-worldwide) | modified | -| 1/23/2023 | [What DLP policy templates include](/microsoft-365/compliance/what-the-dlp-policy-templates-include?view=o365-worldwide) | modified | -| 1/23/2023 | [Microsoft Defender for Business frequently asked questions](/microsoft-365/security/defender-business/mdb-faq?view=o365-worldwide) | modified | -| 1/23/2023 | [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-worldwide) | modified | -| 1/24/2023 | [Deploy and manage using group policy](/microsoft-365/security/defender-endpoint/deploy-and-manage-using-group-policy?view=o365-worldwide) | modified | -| 1/24/2023 | [Run the client analyzer on macOS or Linux](/microsoft-365/security/defender-endpoint/run-analyzer-macos-linux?view=o365-worldwide) | modified | -| 1/24/2023 | [Audit log activities](/microsoft-365/compliance/audit-log-activities?view=o365-worldwide) | modified | -| 1/25/2023 | [Create and manage communication compliance policies](/microsoft-365/compliance/communication-compliance-policies?view=o365-worldwide) | modified | -| 1/25/2023 | [Deploy updates for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-updates?view=o365-worldwide) | modified | -| 1/25/2023 | [Investigate users in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-users?view=o365-worldwide) | modified | -| 1/25/2023 | [Application Guard for Office for admins](/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide) | modified | -| 1/25/2023 | [Create a more secure guest sharing environment](/microsoft-365/solutions/create-secure-guest-sharing-environment?view=o365-worldwide) | modified | -| 1/25/2023 | [Compare security features in Microsoft 365 plans for small and medium-sized businesses](/microsoft-365/security/defender-business/compare-mdb-m365-plans?view=o365-worldwide) | modified | -| 1/25/2023 | [Overview of Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1?view=o365-worldwide) | modified | -| 1/26/2023 | [Get all scan agents](/microsoft-365/security/defender-endpoint/get-all-scan-agents?view=o365-worldwide) | modified | -| 1/26/2023 | [Get scan definitions](/microsoft-365/security/defender-endpoint/get-all-scan-definitions?view=o365-worldwide) | modified | -| 1/26/2023 | [Use network protection to help prevent macOS connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection-macos?view=o365-worldwide) | modified | -| 1/26/2023 | [Authenticated scan for Windows in Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/windows-authenticated-scan?view=o365-worldwide) | modified | -| 1/26/2023 | Employee quick-setup guide | removed | -| 1/27/2023 | [Attack surface reduction in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-asr?view=o365-worldwide) | added | -| 1/27/2023 | [Canada social insurance number entity definition](/microsoft-365/compliance/sit-defn-canada-social-insurance-number?view=o365-worldwide) | modified | -| 1/27/2023 | [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) | modified | -| 1/27/2023 | [Microsoft Defender for Business troubleshooting](/microsoft-365/security/defender-business/mdb-troubleshooting?view=o365-worldwide) | modified | -| 1/27/2023 | [Microsoft Defender for Endpoint (MDE) attack surface reduction (ASR) rules deployment overview](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment?view=o365-worldwide) | modified | -| 1/27/2023 | [Frequently asked questions on tamper protection](/microsoft-365/security/defender-endpoint/faqs-tamper-protection?view=o365-worldwide) | modified | -| 1/27/2023 | [What's new in Microsoft Defender for Endpoint on Windows](/microsoft-365/security/defender-endpoint/windows-whatsnew?view=o365-worldwide) | modified | -| 1/27/2023 | [Address false positives/negatives in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/defender-endpoint-false-positives-negatives?view=o365-worldwide) | modified | -| 1/27/2023 | [Manage Microsoft Defender for Endpoint using PowerShell, WMI, and MPCmdRun.exe](/microsoft-365/security/defender-endpoint/manage-mde-post-migration-other-tools?view=o365-worldwide) | modified | -| 1/27/2023 | [Manage Microsoft Defender for Endpoint after initial setup or migration](/microsoft-365/security/defender-endpoint/manage-mde-post-migration?view=o365-worldwide) | modified | -| 1/27/2023 | [Set up and configure Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/mde-p1-setup-configuration?view=o365-worldwide) | modified | ---## Week of January 16, 2023 ---| Published On |Topic title | Change | -|||--| -| 1/18/2023 | [Audit log activities](/microsoft-365/compliance/audit-log-activities?view=o365-worldwide) | modified | -| 1/18/2023 | [Troubleshoot installation issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-install?view=o365-worldwide) | modified | -| 1/18/2023 | [Allow or block email using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-email-spoof-configure?view=o365-worldwide) | modified | -| 1/18/2023 | [Allow or block files using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-files-configure?view=o365-worldwide) | modified | -| 1/18/2023 | [Allow or block URLs using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-urls-configure?view=o365-worldwide) | modified | -| 1/18/2023 | [Create assessment templates in Microsoft Purview Compliance Manager](/microsoft-365/compliance/compliance-manager-templates-create?view=o365-worldwide) | modified | -| 1/18/2023 | [Modify assessment templates in Microsoft Purview Compliance Manager](/microsoft-365/compliance/compliance-manager-templates-modify?view=o365-worldwide) | modified | -| 1/18/2023 | [Reduce the attack surface for Microsoft Teams](/microsoft-365/security/office-365-security/step-by-step-guides/reducing-attack-surface-in-microsoft-teams?view=o365-worldwide) | added | -| 1/18/2023 | [Troubleshoot performance issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-perf?view=o365-worldwide) | modified | -| 1/18/2023 | [Deploy and manage using Intune](/microsoft-365/security/defender-endpoint/deploy-and-manage-using-intune?view=o365-worldwide) | modified | -| 1/18/2023 | [Sign up for Microsoft 365 Business Premium](/microsoft-365/business-premium/get-microsoft-365-business-premium?view=o365-worldwide) | modified | -| 1/18/2023 | [Security defaults and Conditional Access](/microsoft-365/business-premium/m365bp-conditional-access?view=o365-worldwide) | modified | -| 1/18/2023 | [Working with device groups in Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-device-groups-mdb?view=o365-worldwide) | modified | -| 1/18/2023 | [Get started with the Microsoft Service Trust Portal](/microsoft-365/compliance/get-started-with-service-trust-portal?view=o365-worldwide) | modified | -| 1/19/2023 | [Bookings with me](/microsoft-365/bookings/bookings-in-outlook?view=o365-worldwide) | modified | -| 1/19/2023 | [Learn about Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-worldwide) | modified | -| 1/19/2023 | [Reduce the attack surface for Microsoft Teams](/microsoft-365/security/office-365-security/step-by-step-guides/reducing-attack-surface-in-microsoft-teams?view=o365-worldwide) | modified | -| 1/20/2023 | [Add more SharePoint storage to your subscription](/microsoft-365/commerce/add-storage-space?view=o365-worldwide) | modified | -| 1/20/2023 | [Optimize search requests in SharePoint Online modern site pages](/microsoft-365/enterprise/modern-search-optimization?view=o365-worldwide) | added | -| 1/20/2023 | [Deploy Microsoft Defender for Endpoint on Linux with SaltStack](/microsoft-365/security/defender-endpoint/linux-install-with-saltack?view=o365-worldwide) | added | -| 1/20/2023 | [Implementing VPN split tunneling for Microsoft 365](/microsoft-365/enterprise/microsoft-365-vpn-implement-split-tunnel?view=o365-worldwide) | modified | -| 1/20/2023 | [Requirements for Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-requirements?view=o365-worldwide) | modified | -| 1/20/2023 | [Configure Microsoft Defender for Endpoint risk signals using App Protection Policies (MAM)](/microsoft-365/security/defender-endpoint/android-configure-mam?view=o365-worldwide) | modified | -| 1/20/2023 | [Take response actions on a file in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/respond-file-alerts?view=o365-worldwide) | modified | -| 1/18/2023 | [Audit log activities](/microsoft-365/compliance/audit-log-activities?view=o365-worldwide) | modified | -| 1/18/2023 | [Troubleshoot installation issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-install?view=o365-worldwide) | modified | -| 1/18/2023 | [Allow or block email using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-email-spoof-configure?view=o365-worldwide) | modified | -| 1/18/2023 | [Allow or block files using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-files-configure?view=o365-worldwide) | modified | -| 1/18/2023 | [Allow or block URLs using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-urls-configure?view=o365-worldwide) | modified | -| 1/18/2023 | [Create assessment templates in Microsoft Purview Compliance Manager](/microsoft-365/compliance/compliance-manager-templates-create?view=o365-worldwide) | modified | -| 1/18/2023 | [Modify assessment templates in Microsoft Purview Compliance Manager](/microsoft-365/compliance/compliance-manager-templates-modify?view=o365-worldwide) | modified | -| 1/18/2023 | [Reduce the attack surface for Microsoft Teams](/microsoft-365/security/office-365-security/step-by-step-guides/reducing-attack-surface-in-microsoft-teams?view=o365-worldwide) | added | -| 1/18/2023 | [Troubleshoot performance issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-perf?view=o365-worldwide) | modified | -| 1/18/2023 | [Deploy and manage using Intune](/microsoft-365/security/defender-endpoint/deploy-and-manage-using-intune?view=o365-worldwide) | modified | -| 1/18/2023 | [Sign up for Microsoft 365 Business Premium](/microsoft-365/business-premium/get-microsoft-365-business-premium?view=o365-worldwide) | modified | -| 1/18/2023 | [Security defaults and Conditional Access](/microsoft-365/business-premium/m365bp-conditional-access?view=o365-worldwide) | modified | -| 1/18/2023 | [Working with device groups in Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-device-groups-mdb?view=o365-worldwide) | modified | -| 1/18/2023 | [Get started with the Microsoft Service Trust Portal](/microsoft-365/compliance/get-started-with-service-trust-portal?view=o365-worldwide) | modified | -| 1/19/2023 | [Bookings with me](/microsoft-365/bookings/bookings-in-outlook?view=o365-worldwide) | modified | -| 1/19/2023 | [Learn about Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-worldwide) | modified | -| 1/19/2023 | [Reduce the attack surface for Microsoft Teams](/microsoft-365/security/office-365-security/step-by-step-guides/reducing-attack-surface-in-microsoft-teams?view=o365-worldwide) | modified | -| 1/20/2023 | [Add more SharePoint storage to your subscription](/microsoft-365/commerce/add-storage-space?view=o365-worldwide) | modified | -| 1/20/2023 | [Optimize search requests in SharePoint Online modern site pages](/microsoft-365/enterprise/modern-search-optimization?view=o365-worldwide) | added | -| 1/20/2023 | [Deploy Microsoft Defender for Endpoint on Linux with SaltStack](/microsoft-365/security/defender-endpoint/linux-install-with-saltack?view=o365-worldwide) | added | -| 1/20/2023 | [Implementing VPN split tunneling for Microsoft 365](/microsoft-365/enterprise/microsoft-365-vpn-implement-split-tunnel?view=o365-worldwide) | modified | -| 1/20/2023 | [Requirements for Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-requirements?view=o365-worldwide) | modified | -| 1/20/2023 | [Configure Microsoft Defender for Endpoint risk signals using App Protection Policies (MAM)](/microsoft-365/security/defender-endpoint/android-configure-mam?view=o365-worldwide) | modified | -| 1/20/2023 | [Take response actions on a file in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/respond-file-alerts?view=o365-worldwide) | modified | +++++## Week of February 13, 2023 +++| Published On |Topic title | Change | +|||--| +| 2/14/2023 | [Microsoft 365 admin center - Overview](/microsoft-365/admin/admin-overview/admin-center-overview?view=o365-worldwide) | modified | +| 2/14/2023 | [Operationalize attack surface reduction (ASR) rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-operationalize?view=o365-worldwide) | modified | +| 2/14/2023 | [Limit guest sharing to specific organizations](/microsoft-365/solutions/limit-guest-sharing-to-specific-organization?view=o365-worldwide) | modified | +| 2/13/2023 | [Virtual Appointments with Teams - Integration into Oracle Health EHR](/microsoft-365/frontline/ehr-admin-oracle-health?view=o365-worldwide) | renamed | +| 2/13/2023 | [Learn about retention policies & labels to retain or delete](/microsoft-365/compliance/retention?view=o365-worldwide) | modified | +| 2/14/2023 | [Manage protected devices with Microsoft 365 Business Premium](/microsoft-365/business/manage-protected-devices?view=o365-worldwide) | modified | +| 2/14/2023 | [All credentials entity definition](/microsoft-365/compliance/sit-defn-all-creds?view=o365-worldwide) | modified | +| 2/16/2023 | [Security defaults and Conditional Access](/microsoft-365/business-premium/m365bp-conditional-access?view=o365-worldwide) | modified | +| 2/16/2023 | [Introduction to information management policies](/microsoft-365/compliance/intro-to-info-mgmt-policies?view=o365-worldwide) | modified | +| 2/16/2023 | [Compare security features in Microsoft 365 plans for small and medium-sized businesses](/microsoft-365/security/defender-business/compare-mdb-m365-plans?view=o365-worldwide) | modified | +| 2/16/2023 | [Get Microsoft Defender for Business](/microsoft-365/security/defender-business/get-defender-business?view=o365-worldwide) | modified | +| 2/16/2023 | [Add users and assign licenses in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-add-users?view=o365-worldwide) | modified | +| 2/16/2023 | [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) | modified | +| 2/16/2023 | [Understand next-generation protection configuration settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-next-gen-configuration-settings?view=o365-worldwide) | modified | +| 2/16/2023 | [Requirements for Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-requirements?view=o365-worldwide) | modified | +| 2/16/2023 | [Set up and configure Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-setup-configuration?view=o365-worldwide) | modified | +| 2/16/2023 | [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-worldwide) | modified | +| 2/16/2023 | [Common Zero Trust identity and device access policies - Microsoft 365 for enterprise](/microsoft-365/security/office-365-security/identity-access-policies?view=o365-worldwide) | modified | +| 2/15/2023 | [Connect your DNS records at IONOS by 1&1 to Microsoft 365](/microsoft-365/admin/dns/create-dns-records-at-1-1-internet?view=o365-worldwide) | modified | +| 2/15/2023 | [Manage self-service purchases and trials (for admins)](/microsoft-365/commerce/subscriptions/manage-self-service-purchases-admins?view=o365-worldwide) | modified | +| 2/16/2023 | [Comment and collaborate using annotations in Microsoft Syntex](/microsoft-365/syntex/annotations) | added | +| 2/16/2023 | [Export documents from a review set in eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-export-documents-from-review-set?view=o365-worldwide) | modified | +| 2/16/2023 | [Integrate your SIEM tools with Microsoft 365 Defender](/microsoft-365/security/defender/configure-siem-defender?view=o365-worldwide) | modified | +| 2/16/2023 | [Microsoft Syntex documentation # < 60 chars](/microsoft-365/syntex/index) | modified | +| 2/16/2023 | [Onboard devices to Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-onboard-devices?view=o365-worldwide) | modified | +| 2/16/2023 | [Cross-tenant mailbox migration](/microsoft-365/enterprise/cross-tenant-mailbox-migration?view=o365-worldwide) | modified | +| 2/16/2023 | [What's new in Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-whatsnew?view=o365-worldwide) | modified | +| 2/16/2023 | [Overview of Microsoft Syntex](/microsoft-365/syntex/syntex-overview) | modified | +| 2/16/2023 | [Bookings with me](/microsoft-365/bookings/bookings-in-outlook?view=o365-worldwide) | modified | +| 2/17/2023 | [Learn about data loss prevention](/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide) | modified | +| 2/17/2023 | [Configure the delivery of third-party phishing simulations to users and unfiltered messages to SecOps mailboxes](/microsoft-365/security/office-365-security/skip-filtering-phishing-simulations-sec-ops-mailboxes?view=o365-worldwide) | modified | +| 2/17/2023 | [Use network protection to help prevent Linux connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection-linux?view=o365-worldwide) | modified | +++## Week of February 06, 2023 +++| Published On |Topic title | Change | +|||--| +| 2/6/2023 | [Help dynamically mitigate risks with Adaptive Protection (preview)](/microsoft-365/compliance/insider-risk-management-adaptive-protection?view=o365-worldwide) | added | +| 2/6/2023 | [Automatically apply a sensitivity label in Microsoft 365](/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide) | modified | +| 2/6/2023 | [Create and publish sensitivity labels](/microsoft-365/compliance/create-sensitivity-labels?view=o365-worldwide) | modified | +| 2/6/2023 | [Create and deploy a data loss prevention policy](/microsoft-365/compliance/dlp-create-deploy-policy?view=o365-worldwide) | modified | +| 2/6/2023 | [Learn about data loss prevention](/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide) | modified | +| 2/6/2023 | [Data Loss Prevention policy reference](/microsoft-365/compliance/dlp-policy-reference?view=o365-worldwide) | modified | +| 2/6/2023 | [Using Endpoint DLP](/microsoft-365/compliance/endpoint-dlp-using?view=o365-worldwide) | modified | +| 2/6/2023 | [Get started with sensitivity labels](/microsoft-365/compliance/get-started-with-sensitivity-labels?view=o365-worldwide) | modified | +| 2/6/2023 | [Get started with insider risk management](/microsoft-365/compliance/insider-risk-management-configure?view=o365-worldwide) | modified | +| 2/6/2023 | [Permissions in the Microsoft Purview compliance portal](/microsoft-365/compliance/microsoft-365-compliance-center-permissions?view=o365-worldwide) | modified | +| 2/6/2023 | [Learn about Adaptive Protection in data loss prevention](/microsoft-365/compliance/dlp-adaptive-protection-learn?view=o365-worldwide) | added | +| 2/6/2023 | [Limit guest sharing to specific organizations](/microsoft-365/solutions/limit-guest-sharing-to-specific-organization?view=o365-worldwide) | modified | +| 2/6/2023 | [Limit sharing in Microsoft 365](/microsoft-365/solutions/microsoft-365-limit-sharing?view=o365-worldwide) | modified | +| 2/6/2023 | [Automatically apply a retention label to Microsoft 365 items](/microsoft-365/compliance/apply-retention-labels-automatically?view=o365-worldwide) | modified | +| 2/6/2023 | [What's new in Microsoft Purview risk and compliance solutions](/microsoft-365/compliance/whats-new?view=o365-worldwide) | modified | +| 2/7/2023 | [Automatic ServiceNow Incident Creation](/microsoft-365/admin/manage/servicenow-incidents?view=o365-worldwide) | added | +| 2/7/2023 | [Email authentication in Microsoft 365](/microsoft-365/security/office-365-security/email-authentication-about?view=o365-worldwide) | modified | +| 2/7/2023 | [Use a prebuilt model to extract information from invoices in Microsoft Syntex](/microsoft-365/syntex/prebuilt-model-invoice?view=o365-worldwide) | modified | +| 2/7/2023 | [Get started with communication compliance](/microsoft-365/compliance/communication-compliance-configure?view=o365-worldwide) | modified | +| 2/7/2023 | [Plan for communication compliance](/microsoft-365/compliance/communication-compliance-plan?view=o365-worldwide) | modified | +| 2/7/2023 | [Create and manage communication compliance policies](/microsoft-365/compliance/communication-compliance-policies?view=o365-worldwide) | modified | +| 2/7/2023 | [Learn about communication compliance](/microsoft-365/compliance/communication-compliance?view=o365-worldwide) | modified | +| 2/7/2023 | [Review data with the insider risk management content explorer](/microsoft-365/compliance/insider-risk-management-content-explorer?view=o365-worldwide) | modified | +| 2/7/2023 | [Attack surface reduction in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-asr?view=o365-worldwide) | modified | +| 2/7/2023 | [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) | modified | +| 2/7/2023 | [Configure authentication for Microsoft 365 support integration with ServiceNow](/microsoft-365/admin/manage/servicenow-authentication?view=o365-worldwide) | modified | +| 2/7/2023 | [Azure Active Directory setup guides](/microsoft-365/admin/misc/azure-ad-setup-guides?view=o365-worldwide) | modified | +| 2/7/2023 | [Compare Microsoft endpoint security plans](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2?view=o365-worldwide) | modified | +| 2/8/2023 | [Audit log activities](/microsoft-365/compliance/audit-log-activities?view=o365-worldwide) | modified | +| 2/8/2023 | [Introduction to information management policies](/microsoft-365/compliance/intro-to-info-mgmt-policies?view=o365-worldwide) | modified | +| 2/8/2023 | [Microsoft Teams Virtual Appointments Call Quality Dashboard](/microsoft-365/frontline/virtual-appointments-call-quality?view=o365-worldwide) | modified | +| 2/8/2023 | [Run the client analyzer on macOS or Linux](/microsoft-365/security/defender-endpoint/run-analyzer-macos-linux?view=o365-worldwide) | modified | +| 2/8/2023 | [Report spam, non-spam, phishing, suspicious emails and files to Microsoft](/microsoft-365/security/office-365-security/submissions-report-messages-files-to-microsoft?view=o365-worldwide) | modified | +| 2/8/2023 | [User reported message settings](/microsoft-365/security/office-365-security/submissions-user-reported-messages-files-custom-mailbox?view=o365-worldwide) | modified | +| 2/8/2023 | [Deploy a task automatically in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-deploy-task-automatically?view=o365-worldwide) | modified | +| 2/8/2023 | [Set up GDAP for your customers](/microsoft-365/lighthouse/m365-lighthouse-setup-gdap?view=o365-worldwide) | modified | +| 2/8/2023 | [Turn on cloud protection in Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus?view=o365-worldwide) | modified | +| 2/9/2023 | [Learn about sensitivity labels](/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide) | modified | +| 2/9/2023 | [Limit guest sharing to specific organizations](/microsoft-365/solutions/limit-guest-sharing-to-specific-organization?view=o365-worldwide) | modified | +| 2/10/2023 | [Set preferences for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-preferences?view=o365-worldwide) | modified | +| 2/10/2023 | [Anti-spam protection](/microsoft-365/security/office-365-security/anti-spam-protection-about?view=o365-worldwide) | modified | +| 2/9/2023 | [Turn pronouns on or off for your organization in the Microsoft 365 admin center](/microsoft-365/admin/add-users/turn-pronouns-on-or-off?view=o365-worldwide) | added | +| 2/9/2023 | [Search for and delete chat messages in Teams](/microsoft-365/compliance/ediscovery-search-and-delete-teams-chat-messages?view=o365-worldwide) | modified | +| 2/10/2023 | [Configure Microsoft Defender for Endpoint on Android risk signals using App Protection Policies (MAM)](/microsoft-365/security/defender-endpoint/android-configure-mam?view=o365-worldwide) | modified | +| 2/10/2023 | [Network device discovery and vulnerability management](/microsoft-365/security/defender-endpoint/network-devices?view=o365-worldwide) | modified | +| 2/10/2023 | [How to schedule an antivirus scan using Anacron in Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/schedule-antivirus-scan-in-mde?view=o365-worldwide) | modified | +| 2/10/2023 | [Performance analyzer for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/tune-performance-defender-antivirus?view=o365-worldwide) | modified | +| 2/10/2023 | [Authenticated scan for Windows in Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/windows-authenticated-scan?view=o365-worldwide) | modified | +| 2/10/2023 | [Application Guard for Office for admins](/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide) | modified | +| 2/10/2023 | [Microsoft recommendations for EOP and Defender for Office 365 security settings](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-worldwide) | modified | +| 2/10/2023 | [Set up Safe Links policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/safe-links-policies-configure?view=o365-worldwide) | modified | +| 2/10/2023 | [Test and deploy Microsoft 365 Apps by partners in the Integrated apps portal](/microsoft-365/admin/manage/test-and-deploy-microsoft-365-apps?view=o365-worldwide) | modified | +| 2/10/2023 | [Create EDM SIT sample file for the new experience](/microsoft-365/compliance/sit-create-edm-sit-unified-ux-sample-file?view=o365-worldwide) | modified | +| 2/10/2023 | [Get started with exact data match based sensitive information types](/microsoft-365/compliance/sit-get-started-exact-data-match-based-sits-overview?view=o365-worldwide) | modified | +| 2/10/2023 | [Export source data for exact data match based sensitive information type](/microsoft-365/compliance/sit-get-started-exact-data-match-export-data?view=o365-worldwide) | modified | +| 2/10/2023 | [Configure anti-malware policies](/microsoft-365/security/office-365-security/anti-malware-policies-configure?view=o365-worldwide) | modified | +++## Week of January 30, 2023 +++| Published On |Topic title | Change | +|||--| +| 2/1/2023 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide) | modified | +| 1/30/2023 | [Create and deploy a data loss prevention policy](/microsoft-365/compliance/dlp-create-deploy-policy?view=o365-worldwide) | added | +| 1/30/2023 | [Learn about data loss prevention](/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide) | modified | +| 1/30/2023 | [Plan for data loss prevention](/microsoft-365/compliance/dlp-overview-plan-for-dlp?view=o365-worldwide) | modified | +| 1/30/2023 | [Design a Data loss prevention policy](/microsoft-365/compliance/dlp-policy-design?view=o365-worldwide) | modified | +| 1/30/2023 | [Data Loss Prevention policy reference](/microsoft-365/compliance/dlp-policy-reference?view=o365-worldwide) | modified | +| 2/1/2023 | [Map Microsoft 365 Defender role-based access control (RBAC) permissions](/microsoft-365/security/defender/compare-rbac-roles?view=o365-worldwide) | modified | +| 1/31/2023 | [Configure endpoint DLP settings](/microsoft-365/compliance/dlp-configure-endpoint-settings?view=o365-worldwide) | modified | +| 1/31/2023 | [Canada drivers license number entity definition](/microsoft-365/compliance/sit-defn-canada-drivers-license-number?view=o365-worldwide) | modified | +| 1/31/2023 | [Use network protection to help prevent macOS connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection-macos?view=o365-worldwide) | modified | +| 1/31/2023 | Create a DLP policy from a template | removed | +| 1/31/2023 | Create, test, and tune a DLP policy | removed | +| 1/31/2023 | [Get started with Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-getting-started?view=o365-worldwide) | modified | +| 1/31/2023 | [Using Endpoint DLP](/microsoft-365/compliance/endpoint-dlp-using?view=o365-worldwide) | modified | +| 1/31/2023 | [Training campaigns in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-training-campaigns?view=o365-worldwide) | added | +| 1/31/2023 | [Training modules for Training campaigns in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-training-modules?view=o365-worldwide) | added | +| 1/31/2023 | [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) | modified | +| 1/31/2023 | [Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune](/microsoft-365/security/defender-endpoint/android-intune?view=o365-worldwide) | modified | +| 1/31/2023 | [Microsoft Defender for Endpoint Device Control Removable Storage frequently asked questions](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control-faq?view=o365-worldwide) | modified | +| 1/31/2023 | [Protect your organization's data with device control](/microsoft-365/security/defender-endpoint/device-control-report?view=o365-worldwide) | modified | +| 1/31/2023 | [Deploy Microsoft Defender for Endpoint on iOS with Microsoft Intune](/microsoft-365/security/defender-endpoint/ios-install?view=o365-worldwide) | modified | +| 1/31/2023 | [Troubleshoot performance issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-perf?view=o365-worldwide) | modified | +| 1/31/2023 | [Deploy Microsoft Defender for Endpoint on macOS with Microsoft Intune](/microsoft-365/security/defender-endpoint/mac-install-with-intune?view=o365-worldwide) | modified | +| 1/31/2023 | [Set up and configure Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/mde-p1-setup-configuration?view=o365-worldwide) | modified | +| 1/31/2023 | [Onboard devices and configure Microsoft Defender for Endpoint capabilities](/microsoft-365/security/defender-endpoint/onboard-configure?view=o365-worldwide) | modified | +| 1/31/2023 | [Onboard to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/onboarding?view=o365-worldwide) | modified | +| 1/31/2023 | [Migrate to Microsoft Defender for Endpoint - Onboard](/microsoft-365/security/defender-endpoint/switch-to-mde-phase-3?view=o365-worldwide) | modified | +| 1/31/2023 | Troubleshoot AuditD performance issues with Microsoft Defender for Endpoint on Linux | removed | +| 2/1/2023 | [Use the Virtual Appointments app in Microsoft Teams](/microsoft-365/frontline/virtual-appointments-app?view=o365-worldwide) | added | +| 2/1/2023 | [Configure endpoint DLP settings](/microsoft-365/compliance/dlp-configure-endpoint-settings?view=o365-worldwide) | modified | +| 2/1/2023 | [Use sensitivity labels to protect calendar items, Teams meetings, and chat](/microsoft-365/compliance/sensitivity-labels-meetings?view=o365-worldwide) | modified | +| 2/1/2023 | [Launch your portal using the Portal launch scheduler](/microsoft-365/enterprise/portallaunchscheduler?view=o365-worldwide) | modified | +| 2/1/2023 | [Microsoft Teams Advanced Virtual Appointments activity report](/microsoft-365/frontline/advanced-virtual-appointments-activity-report?view=o365-worldwide) | modified | +| 2/1/2023 | Virtual Appointments with Microsoft Teams and the Bookings app | removed | +| 2/1/2023 | [Manage the join experience for Teams Virtual Appointments on browsers](/microsoft-365/frontline/browser-join?view=o365-worldwide) | modified | +| 2/1/2023 | [Microsoft 365 for retail organizations](/microsoft-365/frontline/teams-for-retail-landing-page?view=o365-worldwide) | modified | +| 2/1/2023 | [Microsoft Teams Virtual Appointments usage report](/microsoft-365/frontline/virtual-appointments-usage-report?view=o365-worldwide) | modified | +| 2/1/2023 | [Virtual Appointments with Microsoft Teams](/microsoft-365/frontline/virtual-appointments?view=o365-worldwide) | modified | +| 2/1/2023 | [Use network protection to help prevent macOS connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection-macos?view=o365-worldwide) | modified | +| 2/1/2023 | [Training campaigns in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-training-campaigns?view=o365-worldwide) | modified | +| 2/1/2023 | [Create and manage communication compliance policies](/microsoft-365/compliance/communication-compliance-policies?view=o365-worldwide) | modified | +| 2/1/2023 | [Deploy updates for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-updates?view=o365-worldwide) | modified | +| 2/1/2023 | [Investigate users in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-users?view=o365-worldwide) | modified | +| 2/1/2023 | [Application Guard for Office for admins](/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide) | modified | +| 2/1/2023 | [Create a more secure guest sharing environment](/microsoft-365/solutions/create-secure-guest-sharing-environment?view=o365-worldwide) | modified | +| 2/1/2023 | [Get all scan agents](/microsoft-365/security/defender-endpoint/get-all-scan-agents?view=o365-worldwide) | modified | +| 2/1/2023 | [Get scan definitions](/microsoft-365/security/defender-endpoint/get-all-scan-definitions?view=o365-worldwide) | modified | +| 2/1/2023 | [Authenticated scan for Windows in Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/windows-authenticated-scan?view=o365-worldwide) | modified | +| 2/1/2023 | [Deploy and manage using group policy](/microsoft-365/security/defender-endpoint/deploy-and-manage-using-group-policy?view=o365-worldwide) | modified | +| 2/1/2023 | [Run the client analyzer on macOS or Linux](/microsoft-365/security/defender-endpoint/run-analyzer-macos-linux?view=o365-worldwide) | modified | +| 2/1/2023 | [Create and manage inactive mailboxes](/microsoft-365/compliance/create-and-manage-inactive-mailboxes?view=o365-worldwide) | modified | +| 2/1/2023 | [Use a script to create an eDiscovery holds report](/microsoft-365/compliance/ediscovery-create-a-report-on-holds-in-cases?view=o365-worldwide) | modified | +| 2/1/2023 | [Add more SharePoint storage to your subscription](/microsoft-365/commerce/add-storage-space?view=o365-worldwide) | modified | +| 2/1/2023 | [Minimum versions for sensitivity labels in Microsoft 365 Apps](/microsoft-365/compliance/sensitivity-labels-versions?view=o365-worldwide) | added | +| 2/1/2023 | [Understand the Defender Experts for Hunting report in Microsoft 365 Defender](/microsoft-365/security/defender/defender-experts-report?view=o365-worldwide) | modified | +| 2/1/2023 | [Use the eDiscovery Export Tool in Microsoft Edge](/microsoft-365/compliance/ediscovery-configure-edge-to-export-search-results?view=o365-worldwide) | modified | +| 2/1/2023 | [Deploy and manage using group policy](/microsoft-365/security/defender-endpoint/deploy-and-manage-using-group-policy?view=o365-worldwide) | added | +| 2/1/2023 | [Deploy and manage using Intune](/microsoft-365/security/defender-endpoint/deploy-and-manage-using-intune?view=o365-worldwide) | added | +| 2/1/2023 | [Printer Protection frequently asked questions](/microsoft-365/security/defender-endpoint/printer-protection-frequently-asked-questions?view=o365-worldwide) | added | +| 2/1/2023 | [Printer Protection Overview](/microsoft-365/security/defender-endpoint/printer-protection-overview?view=o365-worldwide) | added | +| 2/1/2023 | [Switch to Microsoft Defender for Endpoint - Setup](/microsoft-365/security/defender-endpoint/switch-to-mde-phase-2?view=o365-worldwide) | modified | +| 2/1/2023 | [What's new in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint?view=o365-worldwide) | modified | +| 2/1/2023 | [Bookings with me](/microsoft-365/bookings/bookings-in-outlook?view=o365-worldwide) | modified | +| 2/1/2023 | [Learn about Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-worldwide) | modified | +| 2/1/2023 | [Reduce the attack surface for Microsoft Teams](/microsoft-365/security/office-365-security/step-by-step-guides/reducing-attack-surface-in-microsoft-teams?view=o365-worldwide) | modified | +| 2/1/2023 | [What happens to my data and access when my subscription ends?](/microsoft-365/commerce/subscriptions/what-if-my-subscription-expires?view=o365-worldwide) | modified | +| 2/1/2023 | [Enable attack surface reduction rules](/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-worldwide) | modified | +| 2/1/2023 | [What's new in Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-whatsnew?view=o365-worldwide) | modified | +| 2/1/2023 | [Performance analyzer for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/tune-performance-defender-antivirus?view=o365-worldwide) | modified | +| 2/1/2023 | [What's new in Microsoft Defender for Endpoint on Windows](/microsoft-365/security/defender-endpoint/windows-whatsnew?view=o365-worldwide) | modified | +| 2/1/2023 | [Exposure score in Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/tvm-exposure-score?view=o365-worldwide) | modified | +| 2/1/2023 | [Security recommendations](/microsoft-365/security/defender-vulnerability-management/tvm-security-recommendation?view=o365-worldwide) | modified | +| 2/1/2023 | [Upgrade distribution lists to Microsoft 365 Groups in Exchange Online](/microsoft-365/admin/manage/upgrade-distribution-lists?view=o365-worldwide) | modified | +| 2/1/2023 | [Create and manage insider risk management policies](/microsoft-365/compliance/insider-risk-management-policies?view=o365-worldwide) | modified | +| 2/1/2023 | [Deploy Microsoft Defender for Endpoint on Linux manually](/microsoft-365/security/defender-endpoint/linux-install-manually?view=o365-worldwide) | modified | +| 2/1/2023 | [Canada social insurance number entity definition](/microsoft-365/compliance/sit-defn-canada-social-insurance-number?view=o365-worldwide) | modified | +| 2/1/2023 | [Attack surface reduction in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-asr?view=o365-worldwide) | added | +| 2/1/2023 | [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) | modified | +| 2/1/2023 | [Microsoft Defender for Business troubleshooting](/microsoft-365/security/defender-business/mdb-troubleshooting?view=o365-worldwide) | modified | +| 2/1/2023 | [Microsoft Defender for Endpoint (MDE) attack surface reduction (ASR) rules deployment overview](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment?view=o365-worldwide) | modified | +| 2/1/2023 | [Frequently asked questions on tamper protection](/microsoft-365/security/defender-endpoint/faqs-tamper-protection?view=o365-worldwide) | modified | +| 2/1/2023 | [Understand next-generation protection configuration settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-next-gen-configuration-settings?view=o365-worldwide) | modified | +| 2/1/2023 | [Get scan history by definition](/microsoft-365/security/defender-endpoint/get-scan-history-by-definition?view=o365-worldwide) | modified | +| 2/1/2023 | [Get scan history by session](/microsoft-365/security/defender-endpoint/get-scan-history-by-session?view=o365-worldwide) | modified | +| 2/1/2023 | [Troubleshoot Microsoft Teams EHR connector setup and configuration](/microsoft-365/frontline/ehr-connector-troubleshoot-setup-configuration?view=o365-worldwide) | added | +| 2/1/2023 | [Migrate to Microsoft Defender for Office 365 Phase 1: Prepare](/microsoft-365/security/office-365-security/migrate-to-defender-for-office-365-prepare?view=o365-worldwide) | modified | +| 2/2/2023 | [Manage submissions](/microsoft-365/security/office-365-security/submissions-admin?view=o365-worldwide) | modified | +| 2/2/2023 | [Performance analyzer for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/tune-performance-defender-antivirus?view=o365-worldwide) | modified | +| 2/2/2023 | [Microsoft Adoption Score Organizational Messages](/microsoft-365/admin/adoption/organizational-messages?view=o365-worldwide) | modified | +| 2/2/2023 | [Message center in the Microsoft 365 admin center](/microsoft-365/admin/manage/message-center?view=o365-worldwide) | modified | +| 2/2/2023 | [Configure authentication for Microsoft 365 support integration with ServiceNow](/microsoft-365/admin/manage/servicenow-authentication?view=o365-worldwide) | modified | +| 2/2/2023 | [Test and deploy Microsoft 365 Apps by partners in the Integrated apps portal](/microsoft-365/admin/manage/test-and-deploy-microsoft-365-apps?view=o365-worldwide) | modified | +| 2/2/2023 | [What's new in the Microsoft 365 admin center?](/microsoft-365/admin/whats-new-in-preview?view=o365-worldwide) | modified | +| 2/2/2023 | [Non-Azure Microsoft volume licensing invoices](/microsoft-365/commerce/licenses/volume-licensing-invoices?view=o365-worldwide) | modified | +| 2/2/2023 | [Communication compliance](/microsoft-365/compliance/communication-compliance-solution-overview?view=o365-worldwide) | modified | +| 2/2/2023 | [Collect eDiscovery diagnostic information](/microsoft-365/compliance/ediscovery-diagnostic-info?view=o365-worldwide) | modified | +| 2/2/2023 | [Migrate the Azure Information Protection (AIP) add-in to Microsoft Purview Information Protection built-in labeling for Office apps](/microsoft-365/compliance/sensitivity-labels-aip?view=o365-worldwide) | modified | +| 2/2/2023 | [OneDrive Cross-tenant OneDrive migration Step 2](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step2?view=o365-worldwide) | modified | +| 2/2/2023 | [OneDrive Cross-tenant OneDrive migration Step 6](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step6?view=o365-worldwide) | modified | +| 2/2/2023 | [OneDrive Cross-Tenant User Data Migration Step 7](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step7?view=o365-worldwide) | modified | +| 2/2/2023 | [Cross-tenant OneDrive migration overview](/microsoft-365/enterprise/cross-tenant-onedrive-migration?view=o365-worldwide) | modified | +| 2/2/2023 | [Microsoft 365 Multi-Tenant Organization People Search](/microsoft-365/enterprise/multi-tenant-people-search?view=o365-worldwide) | modified | +| 2/2/2023 | [Block sign-in for shared mailbox accounts in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-block-signin-shared-mailboxes?view=o365-worldwide) | modified | +| 2/2/2023 | [Overview of using Microsoft 365 Lighthouse baselines to deploy standard tenant configurations](/microsoft-365/lighthouse/m365-lighthouse-deploy-standard-tenant-configurations-overview?view=o365-worldwide) | modified | +| 2/2/2023 | [Deploy a task automatically in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-deploy-task-automatically?view=o365-worldwide) | modified | +| 2/2/2023 | [Overview of deployment tasks in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-overview-deployment-task?view=o365-worldwide) | modified | +| 2/2/2023 | [Review a deployment plan in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-review-deployment-plan?view=o365-worldwide) | modified | +| 2/2/2023 | [Understand deployment statuses in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-understand-deployment-statuses?view=o365-worldwide) | modified | +| 2/2/2023 | [View task details in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-view-task-details?view=o365-worldwide) | modified | +| 2/2/2023 | [What's new in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-whats-new?view=o365-worldwide) | modified | +| 2/2/2023 | [Details of custom permissions in Microsoft 365 Defender role-based access control (RBAC)](/microsoft-365/security/defender/custom-permissions-details?view=o365-worldwide) | modified | +| 2/2/2023 | [External Domain Name System records for Office 365](/microsoft-365/enterprise/external-domain-name-system-records?view=o365-worldwide) | modified | +| 2/2/2023 | [Troubleshoot issues and find answers on FAQs related to Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-troubleshoot?view=o365-worldwide) | modified | +| 2/2/2023 | [Microsoft 365 Multi-Tenant Organization People Search](/microsoft-365/enterprise/multi-tenant-people-search?view=o365-worldwide) | added | +| 2/2/2023 | [Test attack surface reduction (ASR) rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-test?view=o365-worldwide) | modified | +| 2/2/2023 | [Attack surface reduction (ASR) rules reporting](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-report?view=o365-worldwide) | modified | +| 2/2/2023 | [Advanced deployment guidance for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/comprehensive-guidance-on-linux-deployment?view=o365-worldwide) | modified | +| 2/2/2023 | [Map Microsoft 365 Defender role-based access control (RBAC) permissions](/microsoft-365/security/defender/compare-rbac-roles?view=o365-worldwide) | modified | +| 2/2/2023 | [What is Microsoft Defender Experts for XDR offering](/microsoft-365/security/defender/dex-xdr-overview?view=o365-worldwide) | modified | +| 2/2/2023 | [Import roles to Microsoft 365 Defender RBAC](/microsoft-365/security/defender/import-rbac-roles?view=o365-worldwide) | modified | +| 2/2/2023 | [How to use the Microsoft Defender Experts for XDR preview service](/microsoft-365/security/defender/start-using-mdex-xdr?view=o365-worldwide) | modified | +| 2/2/2023 | [Bookings with me](/microsoft-365/bookings/bookings-in-outlook?view=o365-worldwide) | modified | +| 2/2/2023 | [Pay for your Microsoft business subscription with a billing profile](/microsoft-365/commerce/billing-and-payments/pay-for-subscription-billing-profile?view=o365-worldwide) | modified | +| 2/2/2023 | [Payment options for your Microsoft business subscription](/microsoft-365/commerce/billing-and-payments/pay-for-your-subscription?view=o365-worldwide) | modified | +| 2/2/2023 | [Attack surface reduction rules reference](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide) | modified | +| 2/2/2023 | [Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/defender-for-office-365?view=o365-worldwide) | modified | +| 2/2/2023 | [Security Operations Guide for Defender for Office 365](/microsoft-365/security/office-365-security/mdo-sec-ops-guide?view=o365-worldwide) | modified | +| 2/2/2023 | [Protect security settings with tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide) | modified | +| 2/2/2023 | [Set up the Microsoft Defender for Endpoint on macOS policies in Jamf Pro](/microsoft-365/security/defender-endpoint/mac-jamfpro-policies?view=o365-worldwide) | modified | +| 2/2/2023 | [Microsoft Adoption Score - Meetings (New)](/microsoft-365/admin/adoption/meetings-new?view=o365-worldwide) | modified | +| 2/2/2023 | [Shifts connectors](/microsoft-365/frontline/shifts-connectors?view=o365-worldwide) | modified | +| 2/2/2023 | [Virtual Appointments with Microsoft Teams](/microsoft-365/frontline/virtual-appointments?view=o365-worldwide) | modified | +| 2/2/2023 | [Turn on cloud protection in Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus?view=o365-worldwide) | modified | +| 2/2/2023 | [View email security reports](/microsoft-365/security/office-365-security/reports-email-security?view=o365-worldwide) | modified | +| 2/2/2023 | [Search the audit log in the Microsoft Purview compliance portal](/microsoft-365/compliance/audit-log-search?view=o365-worldwide) | modified | +| 2/2/2023 | [Microsoft Purview auditing solutions](/microsoft-365/compliance/audit-solutions-overview?view=o365-worldwide) | modified | +| 2/2/2023 | [Track your Microsoft Secure Score history and meet goals](/microsoft-365/security/defender/microsoft-secure-score-history-metrics-trends?view=o365-worldwide) | modified | +| 2/2/2023 | [Assess your security posture through Microsoft Secure Score](/microsoft-365/security/defender/microsoft-secure-score-improvement-actions?view=o365-worldwide) | modified | +| 2/2/2023 | [Microsoft Secure Score](/microsoft-365/security/defender/microsoft-secure-score?view=o365-worldwide) | modified | +| 2/2/2023 | [Microsoft Secure score data storage and privacy](/microsoft-365/security/defender/secure-score-data-storage-privacy?view=o365-worldwide) | added | +| 2/2/2023 | [Advanced deployment guidance for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/comprehensive-guidance-on-linux-deployment?view=o365-worldwide) | added | +| 2/2/2023 | [Microsoft Defender for Endpoint device timeline](/microsoft-365/security/defender-endpoint/device-timeline-event-flag?view=o365-worldwide) | modified | +| 2/2/2023 | [Export information gathering assessment](/microsoft-365/security/defender-endpoint/get-assessment-information-gathering?view=o365-worldwide) | added | +| 2/2/2023 | [Deploy Microsoft Defender for Endpoint on Linux manually](/microsoft-365/security/defender-endpoint/linux-install-manually?view=o365-worldwide) | modified | +| 2/2/2023 | [Scheduling Dynamic Recurring Meetings](/microsoft-365/scheduler/scheduler-recurring-meetings?view=o365-worldwide) | modified | +| 2/2/2023 | [Manage devices for frontline workers](/microsoft-365/frontline/flw-devices?view=o365-worldwide) | modified | +| 2/2/2023 | [Deploy a task automatically in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-deploy-task-automatically?view=o365-worldwide) | added | +| 2/2/2023 | [Deploy a task manually in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-deploy-task-manually?view=o365-worldwide) | added | +| 2/2/2023 | [Dismiss a task in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-dismiss-task?view=o365-worldwide) | modified | +| 2/2/2023 | [Overview of deployment tasks in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-overview-deployment-task?view=o365-worldwide) | added | +| 2/2/2023 | [Review a deployment plan in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-review-deployment-plan?view=o365-worldwide) | added | +| 2/2/2023 | [Understand deployment statuses in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-understand-deployment-statuses?view=o365-worldwide) | added | +| 2/2/2023 | [View task details in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-view-task-details?view=o365-worldwide) | added | +| 2/2/2023 | [App-based deployment for Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-install?view=o365-worldwide) | modified | +| 2/2/2023 | [Trainable classifiers definitions](/microsoft-365/compliance/classifier-tc-definitions?view=o365-worldwide) | modified | +| 2/2/2023 | [Configure automated investigation and response capabilities in Microsoft 365 Defender](/microsoft-365/security/defender/m365d-configure-auto-investigation-response?view=o365-worldwide) | modified | +| 2/2/2023 | [Manage Microsoft LMS Gateway for any LMS](/microsoft-365/lti/manage-microsoft-one-lti?view=o365-worldwide) | modified | +| 2/2/2023 | [Common Microsoft Defender for Endpoint API errors](/microsoft-365/security/defender-endpoint/common-errors?view=o365-worldwide) | modified | +| 2/2/2023 | [Quarantine policies](/microsoft-365/security/office-365-security/quarantine-policies?view=o365-worldwide) | modified | +| 2/2/2023 | [Choose your scenarios for Microsoft 365 for frontline workers](/microsoft-365/frontline/flw-choose-scenarios?view=o365-worldwide) | modified | +| 2/2/2023 | [Corporate communications with frontline workers](/microsoft-365/frontline/flw-corp-comms?view=o365-worldwide) | modified | +| 2/2/2023 | [Microsoft 365 for retail organizations](/microsoft-365/frontline/teams-for-retail-landing-page?view=o365-worldwide) | modified | +| 2/2/2023 | [Migrate from the MDE SIEM API to the Microsoft 365 Defender alerts API](/microsoft-365/security/defender-endpoint/configure-siem?view=o365-worldwide) | modified | +| 2/2/2023 | [FAQs related to Microsoft Defender Experts for XDR preview](/microsoft-365/security/defender/frequently-asked-questions?view=o365-worldwide) | modified | +| 2/2/2023 | [Microsoft 365 Defender streaming event types supported in Event Streaming API](/microsoft-365/security/defender/supported-event-types?view=o365-worldwide) | modified | +| 2/2/2023 | [Email analysis in investigations for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/email-analysis-investigations?view=o365-worldwide) | modified | +| 2/2/2023 | [Set up Microsoft 365 for frontline workers](/microsoft-365/frontline/flw-setup-microsoft-365?view=o365-worldwide) | modified | +| 2/2/2023 | [Build and manage assessments in Microsoft Purview Compliance Manager](/microsoft-365/compliance/compliance-manager-assessments?view=o365-worldwide) | modified | +| 2/2/2023 | [Get started with Microsoft Purview Compliance Manager](/microsoft-365/compliance/compliance-manager-setup?view=o365-worldwide) | modified | +| 2/2/2023 | [Enable co-authoring for encrypted documents](/microsoft-365/compliance/sensitivity-labels-coauthoring?view=o365-worldwide) | modified | +| 2/2/2023 | [Microsoft 365 network connectivity test tool](/microsoft-365/enterprise/office-365-network-mac-perf-onboarding-tool?view=o365-worldwide) | modified | +| 2/2/2023 | [Schedule regular quick and full scans with Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/schedule-antivirus-scans?view=o365-worldwide) | modified | +| 2/2/2023 | [OneDrive Cross-Tenant User Data Migration Step 1](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step1?view=o365-worldwide) | modified | +| 2/2/2023 | [OneDrive Cross-Tenant User Data Migration Step 2](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step2?view=o365-worldwide) | modified | +| 2/2/2023 | [OneDrive Cross-Tenant User Data Migration Step 3](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step3?view=o365-worldwide) | modified | +| 2/2/2023 | [OneDrive Cross-Tenant User Data Migration Step 4](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step4?view=o365-worldwide) | modified | +| 2/2/2023 | [OneDrive Cross-Tenant User Data Migration Step 5](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step5?view=o365-worldwide) | modified | +| 2/2/2023 | [OneDrive Cross-Tenant User Data Migration Step 6](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step6?view=o365-worldwide) | modified | +| 2/2/2023 | [Cross-tenant OneDrive migration](/microsoft-365/enterprise/cross-tenant-onedrive-migration?view=o365-worldwide) | modified | +| 2/2/2023 | [Configure Microsoft 365 support integration with Azure AD Auth Token](/microsoft-365/admin/manage/servicenow-aad-oauth-token-v1?view=o365-worldwide) | added | +| 2/2/2023 | [Configure support integration with ServiceNow - Basic Authentication](/microsoft-365/admin/manage/servicenow-basic-authentication-v1?view=o365-worldwide) | added | +| 2/2/2023 | [Microsoft 365 support integration with ServiceNow configuration overview](/microsoft-365/admin/manage/servicenow-overview-v1?view=o365-worldwide) | added | +| 2/2/2023 | [Testing the ServiceNow configuration](/microsoft-365/admin/manage/servicenow-testing-the-configuration-v1?view=o365-worldwide) | added | +| 2/2/2023 | [Troubleshooting Microsoft 365 support integration with ServiceNow](/microsoft-365/admin/manage/servicenow-troubleshooting-v1?view=o365-worldwide) | added | +| 2/2/2023 | [Integrate Microsoft 365 with ServiceNow Virtual Agent](/microsoft-365/admin/manage/servicenow-virtual-agent-integration-v1?view=o365-worldwide) | added | +| 2/2/2023 | [Non-Azure Microsoft volume licensing invoices](/microsoft-365/commerce/licenses/volume-licensing-invoices?view=o365-worldwide) | added | +| 2/2/2023 | [Exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/defender-endpoint-antivirus-exclusions?view=o365-worldwide) | modified | +| 2/2/2023 | [Microsoft Defender for Endpoint Device Control Removable Storage frequently asked questions](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control-faq?view=o365-worldwide) | modified | +| 2/2/2023 | [Microsoft Defender for Endpoint Device Control Removable Storage Access Control, removable storage media](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control?view=o365-worldwide) | modified | +| 2/2/2023 | [Investigate Microsoft Defender for Endpoint files](/microsoft-365/security/defender-endpoint/investigate-files?view=o365-worldwide) | modified | +| 2/2/2023 | [Get started with sensitivity labels](/microsoft-365/compliance/get-started-with-sensitivity-labels?view=o365-worldwide) | modified | +| 2/2/2023 | [Enable attack surface reduction (ASR) rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-implement?view=o365-worldwide) | modified | +| 2/2/2023 | [Investigate an IP address associated with an alert](/microsoft-365/security/defender-endpoint/investigate-ip?view=o365-worldwide) | modified | +| 2/2/2023 | [Microsoft 365 Defender portal](/microsoft-365/security/defender/microsoft-365-defender-portal?view=o365-worldwide) | modified | +| 2/2/2023 | [Decryption in Microsoft Purview eDiscovery tools](/microsoft-365/compliance/ediscovery-decryption?view=o365-worldwide) | modified | +| 2/2/2023 | [Integrate your SIEM tools with Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/configure-siem?view=o365-worldwide) | modified | +| 2/2/2023 | [What's new in Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-whatsnew?view=o365-worldwide) | modified | +| 2/2/2023 | [Investigate alerts in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-alerts?view=o365-worldwide) | modified | +| 2/2/2023 | [Insider risk management settings](/microsoft-365/compliance/insider-risk-management-settings?view=o365-worldwide) | modified | +| 2/2/2023 | [Service advisories for OAB size limits in Exchange Online monitoring](/microsoft-365/enterprise/microsoft-365-oab-size-limit-service-advisory?view=o365-worldwide) | added | +| 2/2/2023 | [Review events and errors using Event Viewer](/microsoft-365/security/defender-endpoint/event-error-codes?view=o365-worldwide) | modified | +| 2/2/2023 | [How to schedule scans with Microsoft Defender for Endpoint on macOS](/microsoft-365/security/defender-endpoint/mac-schedule-scan?view=o365-worldwide) | modified | +| 2/2/2023 | [What's new in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint?view=o365-worldwide) | modified | +| 2/2/2023 | [What's new in Microsoft Defender Vulnerability Management Public Preview](/microsoft-365/security/defender-vulnerability-management/whats-new-in-microsoft-defender-vulnerability-management?view=o365-worldwide) | modified | +| 2/2/2023 | [How SMTP DNS-based Authentication of Named Entities (DANE) secures email communications](/microsoft-365/compliance/how-smtp-dane-works?view=o365-worldwide) | modified | +| 2/2/2023 | [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-worldwide) | modified | +| 2/2/2023 | [Configure endpoint DLP settings](/microsoft-365/compliance/dlp-configure-endpoint-settings?view=o365-worldwide) | modified | +| 2/2/2023 | [Using Endpoint DLP](/microsoft-365/compliance/endpoint-dlp-using?view=o365-worldwide) | modified | +| 2/2/2023 | [Create and manage custom detection rules in Microsoft 365 Defender](/microsoft-365/security/defender/custom-detection-rules?view=o365-worldwide) | modified | +| 11/2/2022 | [Help your clients and customers use virtual appointments](/microsoft-365/frontline/virtual-appointments-toolkit?view=o365-worldwide) | modified | +| 2/2/2023 | [Service assurance in the Microsoft Purview compliance portal](/microsoft-365/compliance/service-assurance?view=o365-worldwide) | modified | +| 2/2/2023 | [Cross-tenant mailbox migration](/microsoft-365/enterprise/cross-tenant-mailbox-migration?view=o365-worldwide) | modified | +| 2/2/2023 | [Advanced Data Residency Commitments](/microsoft-365/enterprise/m365-dr-commitments?view=o365-worldwide) | modified | +| 2/2/2023 | [Use Microsoft Teams Meetings LTI with any LTI 1.3 compliant LMS](/microsoft-365/lti/integrate-with-other-lms?view=o365-worldwide) | added | +| 2/2/2023 | [Get Microsoft Defender for Business servers](/microsoft-365/security/defender-business/get-defender-business-servers?view=o365-worldwide) | modified | +| 2/2/2023 | [Microsoft Defender for Business](/microsoft-365/security/defender-business/index?view=o365-worldwide) | modified | +| 2/2/2023 | [Microsoft Defender for Business frequently asked questions](/microsoft-365/security/defender-business/mdb-faq?view=o365-worldwide) | modified | +| 2/2/2023 | [Offboard a device from Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-offboard-devices?view=o365-worldwide) | modified | +| 2/2/2023 | [Onboard devices to Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-onboard-devices?view=o365-worldwide) | modified | +| 2/2/2023 | [Device health Microsoft Defender Antivirus health report](/microsoft-365/security/defender-endpoint/device-health-microsoft-defender-antivirus-health?view=o365-worldwide) | modified | +| 2/2/2023 | [Get started with insider risk management](/microsoft-365/compliance/insider-risk-management-configure?view=o365-worldwide) | modified | +| 2/2/2023 | [Insider risk management policies](/microsoft-365/compliance/insider-risk-management-policies?view=o365-worldwide) | modified | +| 2/2/2023 | [Learn about insider risk management](/microsoft-365/compliance/insider-risk-management?view=o365-worldwide) | modified | +| 2/2/2023 | [Windows and Office 365 deployment lab kit](/microsoft-365/enterprise/modern-desktop-deployment-and-management-lab?view=o365-worldwide) | modified | +| 2/2/2023 | [Address false positives/negatives in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/defender-endpoint-false-positives-negatives?view=o365-worldwide) | modified | +| 2/2/2023 | [Microsoft Defender for Cloud Apps in Microsoft 365 Defender (Preview)](/microsoft-365/security/defender/microsoft-365-security-center-defender-cloud-apps?view=o365-worldwide) | modified | +| 2/2/2023 | [Manage Folders and Rules feature in Microsoft 365 Groups](/microsoft-365/enterprise/manage-folders-and-rules-feature?view=o365-worldwide) | added | +| 2/2/2023 | [What is Microsoft 365 Defender?](/microsoft-365/security/defender/microsoft-365-defender?view=o365-worldwide) | modified | +| 2/2/2023 | [Feature update validation](/microsoft-365/test-base/feature?view=o365-worldwide) | modified | +| 2/2/2023 | [Creating and Testing Binary Files on Test Base](/microsoft-365/test-base/testapplication?view=o365-worldwide) | modified | +| 2/2/2023 | [Test your Intune application on Test Base](/microsoft-365/test-base/testintuneapplication?view=o365-worldwide) | modified | +| 2/2/2023 | [Uploading a pre-built zip package](/microsoft-365/test-base/uploadapplication?view=o365-worldwide) | modified | +| 2/2/2023 | [Onboard Windows servers to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-worldwide) | modified | +| 2/2/2023 | [Microsoft 365 alert policies](/microsoft-365/compliance/alert-policies?view=o365-worldwide) | modified | +| 2/2/2023 | [Data Loss Prevention policy reference](/microsoft-365/compliance/dlp-policy-reference?view=o365-worldwide) | modified | +| 2/2/2023 | [Microsoft Defender for Endpoint APIs connection to Power BI](/microsoft-365/security/defender-endpoint/api-power-bi?view=o365-worldwide) | modified | +| 2/2/2023 | [Create indicators for IPs and URLs/domains](/microsoft-365/security/defender-endpoint/indicator-ip-domain?view=o365-worldwide) | modified | +| 2/2/2023 | [Professional services supported by Microsoft 365 Defender](/microsoft-365/security/defender-endpoint/professional-services?view=o365-worldwide) | added | +| 2/2/2023 | [Technological partners of Microsoft 365 Defender](/microsoft-365/security/defender-endpoint/technological-partners?view=o365-worldwide) | added | +| 2/2/2023 | [Learn about auto-expanding archiving](/microsoft-365/compliance/autoexpanding-archiving?view=o365-worldwide) | modified | +| 2/2/2023 | [Azure service bus shared access signature entity definition (preview)](/microsoft-365/compliance/sit-defn-azure-service-bus-shared-access-signature?view=o365-worldwide) | modified | +| 2/2/2023 | [Azure Shared Access key / Web Hook token signature entity definition (preview)](/microsoft-365/compliance/sit-defn-azure-shared-access-key-web-hook-token?view=o365-worldwide) | modified | +| 2/2/2023 | [Microsoft 365 admin center Teams app usage reports](/microsoft-365/admin/activity-reports/microsoft-teams-apps-usage?view=o365-worldwide) | added | +| 2/2/2023 | [Microsoft 365 admin center mailbox usage reports](/microsoft-365/admin/activity-reports/mailbox-usage?view=o365-worldwide) | modified | +| 2/2/2023 | [Customize what happens at the end of the retention period](/microsoft-365/compliance/retention-label-flow?view=o365-worldwide) | added | +| 2/2/2023 | [Azure Active Directory setup guides](/microsoft-365/admin/misc/azure-ad-setup-guides?view=o365-worldwide) | modified | +| 2/2/2023 | [About the Microsoft Purview Compliance Manager premium assessment trial](/microsoft-365/compliance/compliance-easy-trials-compliance-manager-assessments?view=o365-worldwide) | modified | +| 2/2/2023 | [Automatically retain or delete content by using retention policies](/microsoft-365/compliance/create-retention-policies?view=o365-worldwide) | modified | +| 2/2/2023 | [Message encryption FAQ](/microsoft-365/compliance/ome-faq?view=o365-worldwide) | modified | +| 2/2/2023 | [Onboard Windows devices to Microsoft Defender for Endpoint via Group Policy](/microsoft-365/security/defender-endpoint/configure-endpoints-gp?view=o365-worldwide) | modified | +| 2/2/2023 | [Onboard Windows devices using Configuration Manager](/microsoft-365/security/defender-endpoint/configure-endpoints-sccm?view=o365-worldwide) | modified | +| 2/2/2023 | [Microsoft 365 admin center activity reports](/microsoft-365/admin/activity-reports/activity-reports?view=o365-worldwide) | modified | +| 2/2/2023 | [Top 20 most-viewed admin help articles this month # < 60 chars](/microsoft-365/admin/top-m365-admin-articles?view=o365-worldwide) | modified | +| 2/2/2023 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide) | modified | +| 2/2/2023 | [Microsoft 365 admin center help # < 60 chars](/microsoft-365/admin/index?view=o365-worldwide) | modified | +| 2/2/2023 | [Microsoft 365 Business Premium resources # < 60 chars](/microsoft-365/business/index?view=o365-worldwide) | modified | +| 2/2/2023 | [Customize an archive and deletion policy (MRM) for mailboxes](/microsoft-365/compliance/set-up-an-archive-and-deletion-policy-for-mailboxes?view=o365-worldwide) | modified | +| 2/2/2023 | [Microsoft 365 for frontline workers # < 60 chars](/microsoft-365/frontline/index?view=o365-worldwide) | modified | +| 2/2/2023 | [Microsoft 365 documentation # < 60 chars](/microsoft-365/index?view=o365-worldwide) | modified | +| 2/2/2023 | [Investigate domains and URLs associated with a Microsoft Defender for Endpoint alert](/microsoft-365/security/defender-endpoint/investigate-domain?view=o365-worldwide) | modified | +| 2/2/2023 | [What's new in Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-whatsnew?view=o365-worldwide) | modified | +| 2/2/2023 | [Cross-Tenant Identity Mapping (preview)](/microsoft-365/enterprise/cross-tenant-identity-mapping?view=o365-worldwide) | added | +| 2/2/2023 | [Deploy Teams at scale for frontline workers](/microsoft-365/frontline/deploy-teams-at-scale?view=o365-worldwide) | modified | +| 2/2/2023 | [Onboard Microsoft Defender for IoT with Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/enable-microsoft-defender-for-iot-integration?view=o365-worldwide) | modified | +| 2/2/2023 | [Use network protection to help prevent connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection?view=o365-worldwide) | modified | +| 2/2/2023 | [Web protection](/microsoft-365/security/defender-endpoint/web-protection-overview?view=o365-worldwide) | modified | +| 2/2/2023 | [Manage clients for Microsoft Whiteboard in GCC environments](/microsoft-365/whiteboard/manage-clients-gcc?view=o365-worldwide) | modified | +| 2/2/2023 | [Manage data for Microsoft Whiteboard in GCC environments](/microsoft-365/whiteboard/manage-data-gcc?view=o365-worldwide) | modified | +| 2/2/2023 | [Manage sharing for Microsoft Whiteboard in GCC environments](/microsoft-365/whiteboard/manage-sharing-gcc?view=o365-worldwide) | modified | +| 2/2/2023 | [Manage access to Microsoft Whiteboard for GCC environments](/microsoft-365/whiteboard/manage-whiteboard-access-gcc?view=o365-worldwide) | modified | +| 2/2/2023 | [Microsoft Adoption Score](/microsoft-365/admin/adoption/adoption-score?view=o365-worldwide) | renamed | +| 2/2/2023 | [Microsoft Adoption Score - Microsoft 365 apps health](/microsoft-365/admin/adoption/apps-health?view=o365-worldwide) | renamed | +| 2/2/2023 | [Microsoft Adoption Score - Communication](/microsoft-365/admin/adoption/communication?view=o365-worldwide) | renamed | +| 2/2/2023 | [Microsoft Adoption Score - Content collaboration](/microsoft-365/admin/adoption/content-collaboration?view=o365-worldwide) | renamed | +| 2/2/2023 | [Microsoft Adoption Score - Meetings](/microsoft-365/admin/adoption/meetings?view=o365-worldwide) | renamed | +| 2/2/2023 | [Microsoft Adoption Score - Mobility](/microsoft-365/admin/adoption/mobility?view=o365-worldwide) | renamed | +| 2/2/2023 | [Microsoft Adoption Score - Privacy](/microsoft-365/admin/adoption/privacy?view=o365-worldwide) | renamed | +| 2/2/2023 | [Microsoft Adoption Score - Teamwork](/microsoft-365/admin/adoption/teamwork?view=o365-worldwide) | renamed | +| 2/2/2023 | [Troubleshoot issues on Microsoft Defender for Endpoint on Android](/microsoft-365/security/defender-endpoint/android-support-signin?view=o365-worldwide) | modified | +| 2/2/2023 | [What's new in Microsoft Defender for Endpoint on Android](/microsoft-365/security/defender-endpoint/android-whatsnew?view=o365-worldwide) | modified | +| 2/2/2023 | About the Microsoft Defender Vulnerability Management public preview trial | removed | +| 2/2/2023 | [Top 10 ways to secure your business data - Best practices for small and medium-sized businesses](/microsoft-365/admin/security-and-compliance/secure-your-business-data?view=o365-worldwide) | modified | +| 2/2/2023 | [Onboard and offboard macOS devices into Microsoft Purview solutions using Microsoft Intune](/microsoft-365/compliance/device-onboarding-offboarding-macos-intune?view=o365-worldwide) | modified | +| 2/2/2023 | [Integrate Microsoft Teams classes and meetings with Moodle](/microsoft-365/lti/teams-classes-meetings-with-moodle?view=o365-worldwide) | modified | +| 2/2/2023 | [Choose between guided and advanced modes for hunting in Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-modes?view=o365-worldwide) | added | +| 2/2/2023 | [Overview - Advanced hunting](/microsoft-365/security/defender/advanced-hunting-overview?view=o365-worldwide) | modified | +| 2/2/2023 | [Supported data types and filters in guided mode for hunting in Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-query-builder-details?view=o365-worldwide) | added | +| 2/2/2023 | [Work with query results in guided mode for hunting in Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-query-builder-results?view=o365-worldwide) | added | +| 2/2/2023 | [Build queries using guided mode in Microsoft 365 Defender advanced hunting](/microsoft-365/security/defender/advanced-hunting-query-builder?view=o365-worldwide) | added | +| 2/2/2023 | [Move users to a different subscription](/microsoft-365/commerce/subscriptions/move-users-different-subscription?view=o365-worldwide) | modified | +| 2/2/2023 | [EU debit card number entity definition](/microsoft-365/compliance/sit-defn-eu-debit-card-number?view=o365-worldwide) | modified | +| 2/2/2023 | [International banking account number (IBAN) entity definition](/microsoft-365/compliance/sit-defn-international-banking-account-number?view=o365-worldwide) | modified | +| 2/2/2023 | [Integrate Microsoft Teams meetings with Schoology LMS](/microsoft-365/lti/teams-classes-and-meetings-with-schoology?view=o365-worldwide) | added | +| 2/2/2023 | [Export assessment methods and properties per device](/microsoft-365/security/defender-endpoint/get-assessment-methods-properties?view=o365-worldwide) | modified | +| 2/2/2023 | [Learn how to mitigate the Log4Shell vulnerability in Microsoft Defender for Endpoint - Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/tvm-manage-log4shell-guidance?view=o365-worldwide) | modified | +| 2/2/2023 | [Configure your Event Hubs](/microsoft-365/security/defender/configure-event-hub?view=o365-worldwide) | modified | +| 2/2/2023 | [Microsoft 365 Group mailbox size management](/microsoft-365/admin/create-groups/group-mailbox-size-management?view=o365-worldwide) | added | +| 2/2/2023 | [Migrating servers from Microsoft Defender for Endpoint to Microsoft Defender for Cloud](/microsoft-365/security/defender-endpoint/migrating-mde-server-to-cloud?view=o365-worldwide) | modified | +| 2/2/2023 | [Guest users in the Microsoft 365 admin center](/microsoft-365/admin/add-users/about-guest-users?view=o365-worldwide) | modified | +| 2/2/2023 | [Manage guest access in Microsoft 365 groups](/microsoft-365/admin/create-groups/manage-guest-access-in-groups?view=o365-worldwide) | modified | +| 2/2/2023 | [Use Microsoft Teams meetings with Blackboard Learn](/microsoft-365/lti/teams-meetings-with-blackboard-learn?view=o365-worldwide) | added | +| 2/2/2023 | [Manage data for Microsoft Whiteboard](/microsoft-365/whiteboard/manage-data-organizations?view=o365-worldwide) | modified | +| 2/2/2023 | [Manage sharing for Microsoft Whiteboard in GCC High environments](/microsoft-365/whiteboard/manage-sharing-gcc-high?view=o365-worldwide) | modified | +| 2/2/2023 | [Manage sharing for Microsoft Whiteboard](/microsoft-365/whiteboard/manage-sharing-organizations?view=o365-worldwide) | modified | +| 2/2/2023 | [Microsoft 365 Business Premium overview](/microsoft-365/business-premium/index?view=o365-worldwide) | modified | +| 2/2/2023 | [Glossary of security terms for Microsoft 365 security capabilities](/microsoft-365/business-premium/m365bp-glossary?view=o365-worldwide) | modified | +| 2/2/2023 | [Use AllowSelfServicePurchase for the MSCommerce PowerShell module](/microsoft-365/commerce/subscriptions/allowselfservicepurchase-powershell?view=o365-worldwide) | modified | +| 2/2/2023 | [Configure and manage Microsoft Threat Experts capabilities](/microsoft-365/security/defender-endpoint/configure-microsoft-threat-experts?view=o365-worldwide) | modified | +| 2/2/2023 | [Microsoft Defender for Endpoint Device Control Device Installation](/microsoft-365/security/defender-endpoint/mde-device-control-device-installation?view=o365-worldwide) | modified | +| 2/2/2023 | [Review audit logs in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-review-audit-logs?view=o365-worldwide) | modified | +| 2/2/2023 | [What's new in Microsoft Defender Vulnerability Management Public Preview](/microsoft-365/security/defender-vulnerability-management/whats-new-in-microsoft-defender-vulnerability-management?view=o365-worldwide) | added | +| 2/2/2023 | [Upload Application Binaries](/microsoft-365/test-base/binaries?view=o365-worldwide) | modified | +| 2/2/2023 | [Functional testing on Test Base](/microsoft-365/test-base/functional?view=o365-worldwide) | modified | +| 2/2/2023 | [Memory regression analysis](/microsoft-365/test-base/memory?view=o365-worldwide) | modified | +| 2/2/2023 | [Run your test on-demand](/microsoft-365/test-base/ondemandrun?view=o365-worldwide) | added | +| 2/2/2023 | [Test Base SDK for Python](/microsoft-365/test-base/pythonsdkoverview?view=o365-worldwide) | modified | +| 2/2/2023 | [Set your test tasks](/microsoft-365/test-base/testtask?view=o365-worldwide) | modified | +| 2/2/2023 | [Preset security policies](/microsoft-365/security/office-365-security/preset-security-policies?view=o365-worldwide) | modified | +| 2/2/2023 | [Use Power Automate connectors to build Bookings workflows](/microsoft-365/bookings/power-automate-integration?view=o365-worldwide) | added | +| 2/2/2023 | [Learn about archive mailboxes for Microsoft Purview](/microsoft-365/compliance/archive-mailboxes?view=o365-worldwide) | modified | +| 2/2/2023 | [Share DLP alerts](/microsoft-365/compliance/dlp-share-alerts?view=o365-worldwide) | added | +| 2/2/2023 | [Enable auto-expanding archiving](/microsoft-365/compliance/enable-autoexpanding-archiving?view=o365-worldwide) | modified | +| 2/2/2023 | [Azure AD configuration for content encrypted by Microsoft Purview Information Protection](/microsoft-365/compliance/encryption-azure-ad-configuration?view=o365-worldwide) | added | +| 2/2/2023 | [Create exact data match sensitive information type workflow classic experience](/microsoft-365/compliance/sit-create-edm-sit-classic-ux-workflow?view=o365-worldwide) | added | +| 2/2/2023 | [Create EDM SIT sample file for the new experience](/microsoft-365/compliance/sit-create-edm-sit-unified-ux-sample-file?view=o365-worldwide) | added | +| 2/2/2023 | [Create EDM SIT using the new experience](/microsoft-365/compliance/sit-create-edm-sit-unified-ux-schema-rule-package?view=o365-worldwide) | added | +| 2/2/2023 | [Create exact data match sensitive information type workflow new experience](/microsoft-365/compliance/sit-create-edm-sit-unified-ux-workflow?view=o365-worldwide) | added | +| 2/2/2023 | [Get started with exact data match based sensitive information types](/microsoft-365/compliance/sit-get-started-exact-data-match-based-sits-overview?view=o365-worldwide) | modified | +| 2/2/2023 | [Create the schema for exact data match based sensitive information types](/microsoft-365/compliance/sit-get-started-exact-data-match-create-schema?view=o365-worldwide) | modified | +| 2/2/2023 | [Export source data for exact data match based sensitive information type](/microsoft-365/compliance/sit-get-started-exact-data-match-export-data?view=o365-worldwide) | modified | +| 2/2/2023 | [Hash and upload the sensitive information source table for exact data match sensitive information types](/microsoft-365/compliance/sit-get-started-exact-data-match-hash-upload?view=o365-worldwide) | modified | +| 2/2/2023 | [Learn about exact data match based sensitive information types](/microsoft-365/compliance/sit-learn-about-exact-data-match-based-sits?view=o365-worldwide) | modified | +| 2/2/2023 | [Suspicious password-spray-related IP address activity alert](/microsoft-365/security/defender/alert-grading-password-spray?view=o365-worldwide) | added | +| 2/2/2023 | [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) | modified | +| 2/2/2023 | [Get help and support for Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-get-help?view=o365-worldwide) | modified | +| 2/2/2023 | [Visit the Microsoft 365 Defender portal](/microsoft-365/security/defender-business/mdb-get-started?view=o365-worldwide) | modified | +| 2/2/2023 | [Understand next-generation protection configuration settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-next-gen-configuration-settings?view=o365-worldwide) | modified | +| 2/2/2023 | [Use setup wizard in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-use-wizard?view=o365-worldwide) | modified | +| 2/2/2023 | [Set preferences for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-preferences?view=o365-worldwide) | modified | +| 2/2/2023 | [Introduction to Microsoft Whiteboard](/microsoft-365/whiteboard/index?view=o365-worldwide) | modified | +| 2/2/2023 | [Detect and Remediate Illicit Consent Grants](/microsoft-365/security/office-365-security/detect-and-remediate-illicit-consent-grants?view=o365-worldwide) | modified | +| 2/2/2023 | [Set up and configure the Moodle LMS plugins](/microsoft-365/lti/moodle-plugin-configuration?view=o365-worldwide) | modified | +| 2/2/2023 | [Set up and configure the Moodle LMS plugins for Open LMS](/microsoft-365/lti/open-lms-plugin-configuration?view=o365-worldwide) | modified | +| 2/2/2023 | [Top 10 ways to secure your data - Best practices for small and medium-sized businesses](/microsoft-365/admin/security-and-compliance/secure-your-business-data?view=o365-worldwide) | modified | +| 2/2/2023 | [Migrating servers from Microsoft Monitoring Agent to the unified solution](/microsoft-365/security/defender-endpoint/application-deployment-via-mecm?view=o365-worldwide) | modified | +| 2/2/2023 | [Onboard devices and configure Microsoft Defender for Endpoint capabilities](/microsoft-365/security/defender-endpoint/onboard-configure?view=o365-worldwide) | modified | +| 2/2/2023 | [Supported Microsoft Defender for Endpoint capabilities by platform](/microsoft-365/security/defender-endpoint/supported-capabilities-by-platform?view=o365-worldwide) | added | +| 2/2/2023 | [Configure Microsoft Defender for Endpoint on iOS features](/microsoft-365/security/defender-endpoint/ios-configure-features?view=o365-worldwide) | modified | +| 2/2/2023 | [What's new in Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-whatsnew?view=o365-worldwide) | modified | +| 2/2/2023 | [Microsoft Defender Offline in Windows](/microsoft-365/security/defender-endpoint/microsoft-defender-offline?view=o365-worldwide) | modified | +| 2/2/2023 | [Go to the Action center to view and approve your automated investigation and remediation tasks](/microsoft-365/security/defender/m365d-action-center?view=o365-worldwide) | modified | +| 2/2/2023 | [Automated investigation and response in Microsoft 365 Defender](/microsoft-365/security/defender/m365d-autoir?view=o365-worldwide) | modified | +| 2/2/2023 | [Apply encryption using sensitivity labels](/microsoft-365/compliance/encryption-sensitivity-labels?view=o365-worldwide) | modified | +| 2/2/2023 | [Onboard devices without Internet access to Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/onboard-offline-machines?view=o365-worldwide) | modified | +| 2/2/2023 | [Configure Microsoft 365 user account properties with PowerShell](/microsoft-365/enterprise/configure-user-account-properties-with-microsoft-365-powershell?view=o365-worldwide) | modified | +| 2/2/2023 | [Configure and validate exclusions based on extension, name, or location](/microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus?view=o365-worldwide) | modified | +| 2/2/2023 | [Data Residency for Other Microsoft 365 Services](/microsoft-365/enterprise/m365-dr-workload-other?view=o365-worldwide) | modified | +| 2/2/2023 | [Manage Office Scripts settings](/microsoft-365/admin/manage/manage-office-scripts-settings?view=o365-worldwide) | modified | +| 2/2/2023 | [Create and publish sensitivity labels](/microsoft-365/compliance/create-sensitivity-labels?view=o365-worldwide) | modified | +| 2/2/2023 | [Delete items in the Recoverable Items folder of cloud-based mailboxes on hold - Admin Help](/microsoft-365/compliance/delete-items-in-the-recoverable-items-folder-of-mailboxes-on-hold?view=o365-worldwide) | modified | +| 2/2/2023 | [Sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide) | modified | +| 2/2/2023 | [Overview of sensitivity labels](/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide) | modified | +| 2/2/2023 | [Enable sensitivity labels for Office files in SharePoint and OneDrive](/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files?view=o365-worldwide) | modified | +| 2/2/2023 | [Test and deploy Microsoft 365 Apps](/microsoft-365/admin/manage/test-and-deploy-microsoft-365-apps?view=o365-worldwide) | modified | +| 2/2/2023 | [Data loss prevention and Microsoft Teams](/microsoft-365/compliance/dlp-microsoft-teams?view=o365-worldwide) | modified | +| 2/2/2023 | [Alert policies in the security and compliance centers](/microsoft-365/compliance/alert-policies?view=o365-worldwide) | modified | +| 2/3/2023 | [Microsoft Teams Virtual Appointments Call Quality Dashboard](/microsoft-365/frontline/virtual-appointments-call-quality?view=o365-worldwide) | added | +| 2/3/2023 | [Configure alert notifications in Microsoft 365 Defender](/microsoft-365/security/defender/configure-email-notifications?view=o365-worldwide) | renamed | +| 2/3/2023 | [Microsoft Teams Virtual Appointments usage report](/microsoft-365/frontline/virtual-appointments-usage-report?view=o365-worldwide) | modified | +| 2/3/2023 | [Microsoft 365 Lighthouse frequently asked questions (FAQs)](/microsoft-365/lighthouse/m365-lighthouse-faq?view=o365-worldwide) | modified | +| 2/3/2023 | [Advanced deployment guides for Microsoft 365 and Office 365 services](/microsoft-365/enterprise/setup-guides-for-microsoft-365?view=o365-worldwide) | modified | +| 2/3/2023 | Data Loss Prevention Reference | removed | +| 2/3/2023 | [Data loss prevention and Microsoft Teams](/microsoft-365/compliance/dlp-microsoft-teams?view=o365-worldwide) | modified | +| 2/3/2023 | [Get started with the Microsoft Service Trust Portal](/microsoft-365/compliance/get-started-with-service-trust-portal?view=o365-worldwide) | modified | +| 2/3/2023 | [Set up the Microsoft Defender for Endpoint on macOS policies in Jamf Pro](/microsoft-365/security/defender-endpoint/mac-jamfpro-policies?view=o365-worldwide) | modified | +++## Week of January 23, 2023 +++| Published On |Topic title | Change | +|||--| +| 1/23/2023 | [Create and manage inactive mailboxes](/microsoft-365/compliance/create-and-manage-inactive-mailboxes?view=o365-worldwide) | modified | +| 1/23/2023 | [Use a script to create an eDiscovery holds report](/microsoft-365/compliance/ediscovery-create-a-report-on-holds-in-cases?view=o365-worldwide) | modified | +| 1/23/2023 | [How to secure your business data with Microsoft 365 for business](/microsoft-365/admin/security-and-compliance/secure-your-business-data?view=o365-worldwide) | modified | +| 1/23/2023 | [Boost your security protection with Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-security-overview?view=o365-worldwide) | modified | +| 1/23/2023 | [What DLP policy templates include](/microsoft-365/compliance/what-the-dlp-policy-templates-include?view=o365-worldwide) | modified | +| 1/23/2023 | [Microsoft Defender for Business frequently asked questions](/microsoft-365/security/defender-business/mdb-faq?view=o365-worldwide) | modified | +| 1/23/2023 | [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-worldwide) | modified | +| 1/24/2023 | [Deploy and manage using group policy](/microsoft-365/security/defender-endpoint/deploy-and-manage-using-group-policy?view=o365-worldwide) | modified | +| 1/24/2023 | [Run the client analyzer on macOS or Linux](/microsoft-365/security/defender-endpoint/run-analyzer-macos-linux?view=o365-worldwide) | modified | +| 1/24/2023 | [Audit log activities](/microsoft-365/compliance/audit-log-activities?view=o365-worldwide) | modified | +| 1/25/2023 | [Create and manage communication compliance policies](/microsoft-365/compliance/communication-compliance-policies?view=o365-worldwide) | modified | +| 1/25/2023 | [Deploy updates for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-updates?view=o365-worldwide) | modified | +| 1/25/2023 | [Investigate users in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-users?view=o365-worldwide) | modified | +| 1/25/2023 | [Application Guard for Office for admins](/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide) | modified | +| 1/25/2023 | [Create a more secure guest sharing environment](/microsoft-365/solutions/create-secure-guest-sharing-environment?view=o365-worldwide) | modified | +| 1/25/2023 | [Compare security features in Microsoft 365 plans for small and medium-sized businesses](/microsoft-365/security/defender-business/compare-mdb-m365-plans?view=o365-worldwide) | modified | +| 1/25/2023 | [Overview of Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1?view=o365-worldwide) | modified | +| 1/26/2023 | [Get all scan agents](/microsoft-365/security/defender-endpoint/get-all-scan-agents?view=o365-worldwide) | modified | +| 1/26/2023 | [Get scan definitions](/microsoft-365/security/defender-endpoint/get-all-scan-definitions?view=o365-worldwide) | modified | +| 1/26/2023 | [Use network protection to help prevent macOS connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection-macos?view=o365-worldwide) | modified | +| 1/26/2023 | [Authenticated scan for Windows in Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/windows-authenticated-scan?view=o365-worldwide) | modified | +| 1/26/2023 | Employee quick-setup guide | removed | +| 1/27/2023 | [Attack surface reduction in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-asr?view=o365-worldwide) | added | +| 1/27/2023 | [Canada social insurance number entity definition](/microsoft-365/compliance/sit-defn-canada-social-insurance-number?view=o365-worldwide) | modified | +| 1/27/2023 | [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) | modified | +| 1/27/2023 | [Microsoft Defender for Business troubleshooting](/microsoft-365/security/defender-business/mdb-troubleshooting?view=o365-worldwide) | modified | +| 1/27/2023 | [Microsoft Defender for Endpoint (MDE) attack surface reduction (ASR) rules deployment overview](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment?view=o365-worldwide) | modified | +| 1/27/2023 | [Frequently asked questions on tamper protection](/microsoft-365/security/defender-endpoint/faqs-tamper-protection?view=o365-worldwide) | modified | +| 1/27/2023 | [What's new in Microsoft Defender for Endpoint on Windows](/microsoft-365/security/defender-endpoint/windows-whatsnew?view=o365-worldwide) | modified | +| 1/27/2023 | [Address false positives/negatives in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/defender-endpoint-false-positives-negatives?view=o365-worldwide) | modified | +| 1/27/2023 | [Manage Microsoft Defender for Endpoint using PowerShell, WMI, and MPCmdRun.exe](/microsoft-365/security/defender-endpoint/manage-mde-post-migration-other-tools?view=o365-worldwide) | modified | +| 1/27/2023 | [Manage Microsoft Defender for Endpoint after initial setup or migration](/microsoft-365/security/defender-endpoint/manage-mde-post-migration?view=o365-worldwide) | modified | +| 1/27/2023 | [Set up and configure Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/mde-p1-setup-configuration?view=o365-worldwide) | modified | +++## Week of January 16, 2023 +++| Published On |Topic title | Change | +|||--| +| 1/18/2023 | [Audit log activities](/microsoft-365/compliance/audit-log-activities?view=o365-worldwide) | modified | +| 1/18/2023 | [Troubleshoot installation issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-install?view=o365-worldwide) | modified | +| 1/18/2023 | [Allow or block email using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-email-spoof-configure?view=o365-worldwide) | modified | +| 1/18/2023 | [Allow or block files using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-files-configure?view=o365-worldwide) | modified | +| 1/18/2023 | [Allow or block URLs using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-urls-configure?view=o365-worldwide) | modified | +| 1/18/2023 | [Create assessment templates in Microsoft Purview Compliance Manager](/microsoft-365/compliance/compliance-manager-templates-create?view=o365-worldwide) | modified | +| 1/18/2023 | [Modify assessment templates in Microsoft Purview Compliance Manager](/microsoft-365/compliance/compliance-manager-templates-modify?view=o365-worldwide) | modified | +| 1/18/2023 | [Reduce the attack surface for Microsoft Teams](/microsoft-365/security/office-365-security/step-by-step-guides/reducing-attack-surface-in-microsoft-teams?view=o365-worldwide) | added | +| 1/18/2023 | [Troubleshoot performance issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-perf?view=o365-worldwide) | modified | +| 1/18/2023 | [Deploy and manage using Intune](/microsoft-365/security/defender-endpoint/deploy-and-manage-using-intune?view=o365-worldwide) | modified | +| 1/18/2023 | [Sign up for Microsoft 365 Business Premium](/microsoft-365/business-premium/get-microsoft-365-business-premium?view=o365-worldwide) | modified | +| 1/18/2023 | [Security defaults and Conditional Access](/microsoft-365/business-premium/m365bp-conditional-access?view=o365-worldwide) | modified | +| 1/18/2023 | [Working with device groups in Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-device-groups-mdb?view=o365-worldwide) | modified | +| 1/18/2023 | [Get started with the Microsoft Service Trust Portal](/microsoft-365/compliance/get-started-with-service-trust-portal?view=o365-worldwide) | modified | +| 1/19/2023 | [Bookings with me](/microsoft-365/bookings/bookings-in-outlook?view=o365-worldwide) | modified | +| 1/19/2023 | [Learn about Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-worldwide) | modified | +| 1/19/2023 | [Reduce the attack surface for Microsoft Teams](/microsoft-365/security/office-365-security/step-by-step-guides/reducing-attack-surface-in-microsoft-teams?view=o365-worldwide) | modified | +| 1/20/2023 | [Add more SharePoint storage to your subscription](/microsoft-365/commerce/add-storage-space?view=o365-worldwide) | modified | +| 1/20/2023 | [Optimize search requests in SharePoint Online modern site pages](/microsoft-365/enterprise/modern-search-optimization?view=o365-worldwide) | added | +| 1/20/2023 | [Deploy Microsoft Defender for Endpoint on Linux with SaltStack](/microsoft-365/security/defender-endpoint/linux-install-with-saltack?view=o365-worldwide) | added | +| 1/20/2023 | [Implementing VPN split tunneling for Microsoft 365](/microsoft-365/enterprise/microsoft-365-vpn-implement-split-tunnel?view=o365-worldwide) | modified | +| 1/20/2023 | [Requirements for Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-requirements?view=o365-worldwide) | modified | +| 1/20/2023 | [Configure Microsoft Defender for Endpoint risk signals using App Protection Policies (MAM)](/microsoft-365/security/defender-endpoint/android-configure-mam?view=o365-worldwide) | modified | +| 1/20/2023 | [Take response actions on a file in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/respond-file-alerts?view=o365-worldwide) | modified | +| 1/18/2023 | [Audit log activities](/microsoft-365/compliance/audit-log-activities?view=o365-worldwide) | modified | +| 1/18/2023 | [Troubleshoot installation issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-install?view=o365-worldwide) | modified | +| 1/18/2023 | [Allow or block email using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-email-spoof-configure?view=o365-worldwide) | modified | +| 1/18/2023 | [Allow or block files using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-files-configure?view=o365-worldwide) | modified | +| 1/18/2023 | [Allow or block URLs using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-urls-configure?view=o365-worldwide) | modified | +| 1/18/2023 | [Create assessment templates in Microsoft Purview Compliance Manager](/microsoft-365/compliance/compliance-manager-templates-create?view=o365-worldwide) | modified | +| 1/18/2023 | [Modify assessment templates in Microsoft Purview Compliance Manager](/microsoft-365/compliance/compliance-manager-templates-modify?view=o365-worldwide) | modified | +| 1/18/2023 | [Reduce the attack surface for Microsoft Teams](/microsoft-365/security/office-365-security/step-by-step-guides/reducing-attack-surface-in-microsoft-teams?view=o365-worldwide) | added | +| 1/18/2023 | [Troubleshoot performance issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-perf?view=o365-worldwide) | modified | +| 1/18/2023 | [Deploy and manage using Intune](/microsoft-365/security/defender-endpoint/deploy-and-manage-using-intune?view=o365-worldwide) | modified | +| 1/18/2023 | [Sign up for Microsoft 365 Business Premium](/microsoft-365/business-premium/get-microsoft-365-business-premium?view=o365-worldwide) | modified | +| 1/18/2023 | [Security defaults and Conditional Access](/microsoft-365/business-premium/m365bp-conditional-access?view=o365-worldwide) | modified | +| 1/18/2023 | [Working with device groups in Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-device-groups-mdb?view=o365-worldwide) | modified | +| 1/18/2023 | [Get started with the Microsoft Service Trust Portal](/microsoft-365/compliance/get-started-with-service-trust-portal?view=o365-worldwide) | modified | +| 1/19/2023 | [Bookings with me](/microsoft-365/bookings/bookings-in-outlook?view=o365-worldwide) | modified | +| 1/19/2023 | [Learn about Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-worldwide) | modified | +| 1/19/2023 | [Reduce the attack surface for Microsoft Teams](/microsoft-365/security/office-365-security/step-by-step-guides/reducing-attack-surface-in-microsoft-teams?view=o365-worldwide) | modified | +| 1/20/2023 | [Add more SharePoint storage to your subscription](/microsoft-365/commerce/add-storage-space?view=o365-worldwide) | modified | +| 1/20/2023 | [Optimize search requests in SharePoint Online modern site pages](/microsoft-365/enterprise/modern-search-optimization?view=o365-worldwide) | added | +| 1/20/2023 | [Deploy Microsoft Defender for Endpoint on Linux with SaltStack](/microsoft-365/security/defender-endpoint/linux-install-with-saltack?view=o365-worldwide) | added | +| 1/20/2023 | [Implementing VPN split tunneling for Microsoft 365](/microsoft-365/enterprise/microsoft-365-vpn-implement-split-tunnel?view=o365-worldwide) | modified | +| 1/20/2023 | [Requirements for Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-requirements?view=o365-worldwide) | modified | +| 1/20/2023 | [Configure Microsoft Defender for Endpoint risk signals using App Protection Policies (MAM)](/microsoft-365/security/defender-endpoint/android-configure-mam?view=o365-worldwide) | modified | +| 1/20/2023 | [Take response actions on a file in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/respond-file-alerts?view=o365-worldwide) | modified | |
| includes | Security Config Mgt Prerequisites | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/security-config-mgt-prerequisites.md | Review the following sections for requirements for the Security Management for M When a device onboards to Microsoft Defender for Endpoint: -- The device is surveyed for an existing Endpoint Manager presence, which is a mobile device management (MDM) enrollment to Intune-- Devices without an Endpoint Manager presence will enable the Security Management feature+- The device is surveyed for an existing Intune presence, which is a mobile device management (MDM) enrollment to Intune +- Devices without an Intune presence will enable the Security Management feature - A trust is created with Azure Active Directory if one doesn't already exist-- Azure Active Directory trust is used to communicate with Endpoint Manager (Intune) and retrieve policies-- Policy retrieve from Endpoint Manager is enforced on the device by Microsoft Defender for Endpoint+- Azure Active Directory trust is used to communicate with Intune and retrieve policies +- Policy retrieve from Intune is enforced on the device by Microsoft Defender for Endpoint ### Active Directory requirements Security management for Microsoft Defender for Endpoint will not work on non-per To use security management for Microsoft Defender for Endpoint, you need: -- A subscription that grants licenses for Microsoft Defender for Endpoint, like Microsoft 365, or a standalone license for only Microsoft Defender for Endpoint. A subscription that grants Microsoft Defender for Endpoint licenses also grants your tenant access to the Endpoint security node of the Microsoft Endpoint Manager admin center.+- A subscription that grants licenses for Microsoft Defender for Endpoint, like Microsoft 365, or a standalone license for only Microsoft Defender for Endpoint. A subscription that grants Microsoft Defender for Endpoint licenses also grants your tenant access to the Endpoint security node of the Microsoft Intune admin center. > [!NOTE] > **Exception**: If you have access to Microsoft Defender for Endpoint *only* through Microsoft Defender for servers (part of Microsoft Defender for Cloud, formerly Azure Security Center), the Security Management for Microsoft Defender for Endpoint functionality is not available. You will need to have at least one Microsoft Defender for Endpoint (user) subscription license active. The following diagram is a conceptual representation of the Microsoft Defender f 2. A trust is established between each device and Azure AD. When a device has an existing trust, that is used. When devices haven't registered, a new trust is created. -3. Devices use their Azure AD Identity to communicate with Endpoint Manager. This identity enables Microsoft Endpoint Manager to distribute policies that are targeted to the devices when they check in. +3. Devices use their Azure AD Identity to communicate with Intune. This identity enables Microsoft Intune to distribute policies that are targeted to the devices when they check in. -4. Defender for Endpoint reports the status of the policy back to Endpoint Manager. +4. Defender for Endpoint reports the status of the policy back to Intune. ## Which solution should I use? -Microsoft Endpoint Manager includes several methods and policy types to manage the configuration of Defender for Endpoint on devices. +Microsoft Intune includes several methods and policy types to manage the configuration of Defender for Endpoint on devices. -When your device protection needs extend beyond managing Defender for Endpoint, see [Device protection overview](/mem/intune/protect/device-protect) to learn about additional capabilities provided by Microsoft Endpoint Manager to help protect devices, including *device compliance*, *managed apps*, *app protection policies*, and integration with third-party compliance and *mobile threat defense* partners. +When your device protection needs extend beyond managing Defender for Endpoint, see [Device protection overview](/mem/intune/protect/device-protect) to learn about additional capabilities provided by Microsoft Intune to help protect devices, including *device compliance*, *managed apps*, *app protection policies*, and integration with third-party compliance and *mobile threat defense* partners. -The following table can help you understand which policies that can configure MDE settings are supported by devices that are managed by the different scenarios. When you deploy a policy thatΓÇÖs supported for both *MDE security configuration* and *Microsoft Endpoint Manager*, a single instance of that policy can be processed by devices that run Microsoft Defender for Endpoint only and devices that are managed by either Intune or Configuration Manager. +The following table can help you understand which policies that can configure MDE settings are supported by devices that are managed by the different scenarios. When you deploy a policy that's supported for both *MDE security configuration* and *Microsoft Intune*, a single instance of that policy can be processed by devices that run Microsoft Defender for Endpoint only and devices that are managed by either Intune or Configuration Manager. -| Microsoft Endpoint Manager | Workload |Policy| MDE Security configuration | Microsoft Endpoint Manager | +| Microsoft Intune | Workload |Policy| MDE Security configuration | Microsoft Intune | |-|-|-|| | Endpoint security | Antivirus | Antivirus |  |  | | | Antivirus | Antivirus Exclusions |  |  | The following table can help you understand which policies that can configure MD ## Configure your tenant to support Microsoft Defender for Endpoint Security Configuration Management -To support Microsoft Defender for Endpoint security configuration management through the Microsoft Endpoint Manager admin center, you must enable communication between them from within each console. +To support Microsoft Defender for Endpoint security configuration management through the Microsoft Intune admin center, you must enable communication between them from within each console. 1. Sign in to [Microsoft 365 Defender portal](https://security.microsoft.com/) and go to **Settings** > **Endpoints** > **Configuration Management** > **Enforcement Scope** and enable the platforms for security settings management: To support Microsoft Defender for Endpoint security configuration management thr > [!TIP] > Use pilot mode and the proper device tags to test and validate your rollout on a small number of devices. Without using pilot mode, any device that falls into the scope configured will automatically be enrolled. -1. Make sure the relevant users have permissions to manage endpoint security settings in Microsoft Endpoint Manager. If not already provided, request for your IT administrator to grant applicable users the Microsoft Endpoint ManagerΓÇÖs **Endpoint Security Manager** [built-in RBAC role](/mem/intune/fundamentals/role-based-access-control). +1. Make sure the relevant users have permissions to manage endpoint security settings in Microsoft Intune. If not already provided, request for your IT administrator to grant applicable users the Microsoft Intune's **Endpoint Security Manager** [built-in RBAC role](/mem/intune/fundamentals/role-based-access-control). -1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). +1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 1. Select **Endpoint security** > **Microsoft Defender for Endpoint**, and set **Allow Microsoft Defender for Endpoint to enforce Endpoint Security Configurations** to **On**. - :::image type="content" source="../medie-settings-management-mem.png" alt-text="Enable Microsoft Defender for Endpoint settings management in the Microsoft Endpoint Manager admin center."::: + :::image type="content" source="../medie-settings-management-mem.png" alt-text="Enable Microsoft Defender for Endpoint settings management in the Microsoft Intune admin center."::: - When you set this option to *On*, all devices in the platform scope in Microsoft Defender for Endpoint that aren't managed by Microsoft Endpoint Manager will qualify to onboard to Microsoft Defender for Endpoint. + When you set this option to *On*, all devices in the platform scope in Microsoft Defender for Endpoint that aren't managed by Microsoft Intune will qualify to onboard to Microsoft Defender for Endpoint. > [!TIP]-> Users that are delegated the ability to manage endpoint security settings may not have the ability to implement tenant-wide configurations in Endpoint Manager. Check with your Endpoint Manager administrator for more information on roles and permissions in your organization. +> Users that are delegated the ability to manage endpoint security settings may not have the ability to implement tenant-wide configurations in Intune. Check with your Intune administrator for more information on roles and permissions in your organization. ## Onboard devices to Microsoft Defender for Endpoint After devices onboard to Defender for Endpoint, you'll need to create device gro To identify devices that have enrolled with Microsoft Defender for Endpoint but aren't managed by Intune or Configuration -1. Sign in to [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). +1. Sign in to [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 2. Go to **Devices** > **All devices**, and then select the column **Managed by** to sort the view of devices. To identify devices that have enrolled with Microsoft Defender for Endpoint but - **MDEJoined** - Added to devices that are joined to the directory as part of this scenario. - **MDEManaged** - Added to devices that are actively using the security management scenario. This tag is removed from the device if Defender for Endpoint stops managing the security configuration. -You can create groups for these devices [in Azure AD](/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal) or [from within the Microsoft Endpoint Manager admin center](/mem/intune/fundamentals/groups-add). +You can create groups for these devices [in Azure AD](/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal) or [from within the Microsoft Intune admin center](/mem/intune/fundamentals/groups-add). ## Deploy policy After creating one or more Azure AD groups that contain devices managed by Micro > [!TIP] > Avoid deploying multiple policies that manage the same setting to a device. >-> Microsoft Endpoint Manager supports deploying multiple instances of each endpoint security policy type to the same device, with each policy instance being received by the device separately. Therefore, a device might receive separate configurations for the same setting from different policies, which results in a conflict. Some settings (like Antivirus Exclusions) will merge on the client and apply successfully. +> Microsoft Intune supports deploying multiple instances of each endpoint security policy type to the same device, with each policy instance being received by the device separately. Therefore, a device might receive separate configurations for the same setting from different policies, which results in a conflict. Some settings (like Antivirus Exclusions) will merge on the client and apply successfully. -1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). +1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 2. Go to **Endpoint security** and then select the type of policy you want to configure, either Antivirus or Firewall, and then select **Create Policy**. |
| lighthouse | M365 Lighthouse Compare Compliance Policies | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-compare-compliance-policies.md | Microsoft 365 Lighthouse lets you view compliance policies across your tenants i ## Before you begin -Make sure devices have a Microsoft Intune license and are enrolled in Microsoft Endpoint Manager (MEM). +Make sure devices have a Microsoft Intune license and are enrolled in Microsoft Intune. ## Compare policy settings You can filter the results to see **Settings that differ**, **Settings that matc 4. In the policy details pane, select **View this policy in Microsoft Endpoint Manager**. -5. In MEM, edit the policy settings as needed. +5. In the Microsoft Intune admin center, edit the policy settings as needed. ## Next steps |
| lighthouse | M365 Lighthouse Deploy Standard Tenant Configurations Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-deploy-standard-tenant-configurations-overview.md | The Microsoft 365 Lighthouse default baseline is designed to ensure all managed |Require MFA for admins|A Conditional Access policy requiring multi-factor authentication for all admins. It's required for all cloud applications. For more information about this baseline, see [Conditional Access: Require MFA for all administrators](/azure/active-directory/conditional-access/howto-conditional-access-policy-admin-mfa).| |Require MFA for end users|A Conditional Access policy that requires multi-factor authentication for all users. It's required for all cloud applications. For more information about this baseline, see [Conditional Access: Require MFA for all users](/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa).| |Block legacy authentication|A Conditional Access policy to block legacy client authentication. For more information about this baseline, see [Block legacy authentication to Azure AD with Conditional Access](/azure/active-directory/conditional-access/block-legacy-authentication).|-|Set up device enrollment|Device enrollment allows your tenant devices to enroll in Microsoft Endpoint Manager and provide Endpoint Analytics visibility into your devices through device health monitoring. This configuration is done by setting up Auto Enrollment between Azure Active Directory and Microsoft Endpoint Manager. For more information about this baseline, see [Set up enrollment for Windows devices](/mem/intune/enrollment/windows-enroll).| +|Set up device enrollment|Device enrollment allows your tenant devices to enroll in Microsoft Intune and provide Endpoint Analytics visibility into your devices through device health monitoring. This configuration is done by setting up Auto Enrollment between Azure Active Directory and Microsoft Intune. For more information about this baseline, see [Set up enrollment for Windows devices](/mem/intune/enrollment/windows-enroll).| |Configure app protection policy|A set of protection policies that allow you to manage and protect a managed tenant's organization's data within an application, independent of any mobile device management (MDM) solution. The organization's data will be protected with or without enrolling devices in an MDM solution.|-|Set up Microsoft Defender for Business|Provisions the tenant for Microsoft Defender for Business and onboards the devices already enrolled in Microsoft Endpoint Manager to Microsoft Defender for Business. For more information, see [What is Microsoft Defender for Business?](../security/defender-business/mdb-overview.md)| +|Set up Microsoft Defender for Business|Provisions the tenant for Microsoft Defender for Business and onboards the devices already enrolled in Microsoft Intune to Microsoft Defender for Business. For more information, see [What is Microsoft Defender for Business?](../security/defender-business/mdb-overview.md)| |Set up Exchange Online Protection and Microsoft Defender for Office 365|A policy to apply recommended anti-spam, anti-malware, anti-phishing, safe links and safe attachment policies to your tenants Exchange Online mailboxes.| |Configure Microsoft Defender Antivirus for Windows 10 and later|A device configuration profile for Windows devices with pre-configured Microsoft Defender Antivirus settings. For more information about this baseline, see [Configure Microsoft Defender for Endpoint in Intune](/mem/intune/protect/advanced-threat-protection-configure).| |Configure Microsoft Defender Firewall for Windows 10 and later|A firewall policy to help secure devices by preventing unwanted and unauthorized network traffic. For more information about this baseline, see [Best practices for configuring Windows Defender Firewall](/windows/security/threat-protection/windows-firewall/best-practices-configuring).| |
| lighthouse | M365 Lighthouse Device Security Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-device-security-overview.md | The Incidents and alerts tab provides a multi-tenant view of incidents and alert ## Devices tab -The Devices tab lists all of the devices in your managed tenants that have been onboarded to Microsoft Defender for Endpoint. This list includes devices that are managed by Microsoft Endpoint Manager and Microsoft Defender for Endpoint. +The Devices tab lists all of the devices in your managed tenants that have been onboarded to Microsoft Defender for Endpoint. This list includes devices that are managed by Microsoft Intune and Microsoft Defender for Endpoint. The Devices tab also includes the following options: |
| lighthouse | M365 Lighthouse Mitigate Threats | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-mitigate-threats.md | To update Microsoft Defender Antivirus on a single device: You can get updates for multiple devices by selecting the checkbox next to each device name in the list and then select **Update antivirus**. -If you need to create a new policy, select **Update policy** in the device details pane. Lighthouse will redirect you to Microsoft Endpoint Manager (MEM). For more information about creating a policy, see [Create a compliance policy in Microsoft Intune](/mem/intune/protect/create-compliance-policy). +If you need to create a new policy, select **Update policy** in the device details pane. Lighthouse will redirect you to the Microsoft Intune admin center. For more information about creating a policy, see [Create a compliance policy in Microsoft Intune](/mem/intune/protect/create-compliance-policy). ## Check pending antivirus actions on a device |
| lighthouse | M365 Lighthouse Requirements | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-requirements.md | Customer tenants that don't meet these requirements will have access to only a l To view customer tenant devices on the device management pages, an MSP must: -- Enroll all customer devices in Microsoft Endpoint Manager (MEM). For more information, see [Enroll devices in Microsoft Intune](/mem/intune/enrollment/).+- Enroll all customer devices in Microsoft Intune. For more information, see [Enroll devices in Microsoft Intune](/mem/intune/enrollment/). - Assign compliance policies to all customer devices. For more information, see [Create a compliance policy in Microsoft Intune](/mem/intune/protect/create-compliance-policy). ## Requirements for enabling user management For customer data to show up in reports on user management pages, including Risk ## Requirements for enabling threat management -To view customer tenant devices and threats on the threat management pages, you must enroll all customer tenant devices in Microsoft Endpoint Manager (MEM) and protect them by running Microsoft Defender Antivirus. +To view customer tenant devices and threats on the threat management pages, you must enroll all customer tenant devices in Microsoft Intune and protect them by running Microsoft Defender Antivirus. For more information, see [Enroll devices in Microsoft Intune](/mem/intune/enrollment/). |
| lighthouse | M365 Lighthouse Review Audit Logs | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-review-audit-logs.md | The following table lists activities captured within Lighthouse audit logs. The | Activity name | Area in Lighthouse | Action initiated | Service impacted | |--|--|--|--|-| **apply** or **deploy** | Tenants | Apply a deployment plan | Azure AD, Microsoft Endpoint Manager (MEM) | +| **apply** or **deploy** | Tenants | Apply a deployment plan | Azure AD, Microsoft Intune | | **assignTag** | Tenants | Apply a tag from a customer | Lighthouse | | **changeDeploymentStatus** or **assign** | Tenants | Update action plan status for deployment plan | Lighthouse | | **offboardTenant** | Tenants | Inactivate a customer | Lighthouse | The following table lists activities captured within Lighthouse audit logs. The | **dismissUsersRisk** | Users | Dismiss user risk | Azure AD | | **resetUserPassword** | Users | Reset password | Azure AD | | **setCustomerSecurityDefaultsEnabledStatus** | Users | Enable multifactor authentication (MFA) with security defaults | Azure AD |-| **restartDevice** | Devices | Restart | MEM | -| **syncDevice** | Devices | Sync | MEM | -| **rebootNow** | Threat management | Reboot | MEM | +| **restartDevice** | Devices | Restart | Microsoft Intune | +| **syncDevice** | Devices | Sync | Microsoft Intune | +| **rebootNow** | Threat management | Reboot | Microsoft Intune | | **reprovision** | Windows 365 | Retry provisioning | Windows 365 |-| **windowsDefenderScanFull** | Threat management | Full scan | MEM | -| **windowsDefenderScan** | Threat management | Quick scan | MEM | -| **windowsDefenderUpdateSignatures** | Threat management | Update antivirus | MEM | +| **windowsDefenderScanFull** | Threat management | Full scan | Microsoft Intune | +| **windowsDefenderScan** | Threat management | Quick scan | Microsoft Intune | +| **windowsDefenderUpdateSignatures** | Threat management | Update antivirus | Microsoft Intune | ## Next steps |
| lighthouse | M365 Lighthouse View Failed Network Connections | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-view-failed-network-connections.md | description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthous # View an enterprise Cloud PC failed network connection in Microsoft 365 Lighthouse -Microsoft 365 Lighthouse provides the connection status between your customer tenants and Azure Active Directory (Azure AD). When a Cloud PC has a failed network connection, you can view detailed information in the Microsoft Endpoint Manager admin center. +Microsoft 365 Lighthouse provides the connection status between your customer tenants and Azure Active Directory (Azure AD). When a Cloud PC has a failed network connection, you can view detailed information in the Microsoft Intune admin center. ## Before you begin Microsoft 365 Lighthouse provides the connection status between your customer te 4. From the filtered list, select **View connection details in Microsoft Endpoint Manager** next to the connection you want to investigate. -5. From the Microsoft Endpoint Manager admin center, select **View details** to learn more about the error. +5. From the Microsoft Intune admin center, select **View details** to learn more about the error. ## Next steps |
| lighthouse | M365 Lighthouse Whats New | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-whats-new.md | Managed Service Providers (MSPs) can now deploy app protection policies for thei ### Device health monitoring -We've added a new deployment sub-task called **Enable Device Health Monitoring** within the default baseline under the **Set up device enrollment** task. Once the new sub-task is enabled and the deployment task is deployed, Endpoint analytics in Microsoft Endpoint Manager will be able to analyze device data and can recommend software, help improve startup performance, and fix common support issues. +We've added a new deployment sub-task called **Enable Device Health Monitoring** within the default baseline under the **Set up device enrollment** task. Once the new sub-task is enabled and the deployment task is deployed, Endpoint analytics in Microsoft Intune will be able to analyze device data and can recommend software, help improve startup performance, and fix common support issues. For more information, see [What is Endpoint analytics?](/mem/analytics/overview). With the new baselines feature, you can now deploy standard configurations to he - Require MFA for admins - Require MFA for users - Block Legacy Authentication-- Enroll Windows Devices in Microsoft Endpoint Manager ΓÇô Azure AD Join+- Enroll Windows Devices in Microsoft Intune ΓÇô Azure AD Join - Configure Defender AV policy for Windows devices - Configure Compliance Policy for Windows devices |
| lighthouse | M365 Lighthouse Win365 Page Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-win365-page-overview.md | description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthous # Overview of the Windows 365 (Cloud PCs) page in Microsoft 365 Lighthouse -Windows 365 is a cloud-based service that lets Microsoft Endpoint Manager (MEM) admins provision and manage Cloud PCs for their users who have a Windows 365 license. Windows 365 is fully integrated with MEM for device management, and with Microsoft 365 Lighthouse for Managed Service Provider (MSP) management of Cloud PCs across all their customer tenants. +Windows 365 is a cloud-based service that lets Microsoft Intune admins provision and manage Cloud PCs for their users who have a Windows 365 license. Windows 365 is fully integrated with Intune for device management, and with Microsoft 365 Lighthouse for Managed Service Provider (MSP) management of Cloud PCs across all their customer tenants. For more information about Windows 365, see [What is Windows 365?](/windows-365/overview) For a list of Windows 365 requirements, see [Requirements for Windows 365](/windows-365/enterprise/requirements). > [!IMPORTANT]-> You must go to [MEM](https://go.microsoft.com/fwlink/p/?linkid=2150463) to provision Cloud PCs for each customer tenant before you can manage them in Lighthouse. You can't provision from within Lighthouse. +> You must go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/p/?linkid=2150463) to provision Cloud PCs for each customer tenant before you can manage them in Lighthouse. You can't provision from within Lighthouse. Once you've provisioned Cloud PCs for your customer tenant, the Windows 365 card on the Microsoft 365 Lighthouse Home page provides a brief alert on the Cloud PCs in need of action, such as the number of Cloud PCs that failed to provision and Azure network connection failures. To get a detailed status, select the button on the Windows 365 card (or select **Devices** > **Windows 365** in the left navigation pane in Lighthouse) to open the Windows 365 page. From this page, you can get a status overview of the Cloud PCs assigned to your customer tenants, view a list of all the Cloud PCs you manage and the tenants they're assigned to, and view the Azure network connections between your customer tenants and Azure Active Directory (Azure AD) and their status. To see which tenants have Cloud PCs with a specific provisioning status, select Select any Cloud PC in the list to view more details and execute management actions such as: - **Restart:** Select to reboot the device. -- **Reprovision:** Select to reset the device. You can also view the provisioning policy in the Microsoft Endpoint Manager link.+- **Reprovision:** Select to reset the device. You can also view the provisioning policy in the Microsoft Intune link. - **Rename:** Select to rename the device assigned to a user. - **Change account type:** Select the account type for the user: Standard user (recommended) or Local administrator. |
| security | Active Content In Trusted Docs | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/active-content-in-trusted-docs.md | For more information, see the following articles: Admins have many ways to configure Office in an organization. For example: - **Office cloud policy service**: Set up a user-based policy that applies to a user on any device accessing files in Office apps with their Azure AD account. See the steps for [creating an Office cloud policy configuration](/DeployOffice/overview-office-cloud-policy-service) in the [Office Cloud Policy Service](https://config.office.com/officeSettings/officePolicies).-- **Office policies in Intune**: Use the Intune Settings catalog or Administrative templates to deploy HKCU policies to Windows 10 PCs: In the [MEM admin center](https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/DevicesMenu/configurationProfiles) under **Devices** \> **Configuration Profiles**.+- **Office policies in Intune**: Use the Intune Settings catalog or Administrative templates to deploy HKCU policies to Windows 10 PCs: In the [Intune admin center](https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/DevicesMenu/configurationProfiles) under **Devices** \> **Configuration Profiles**. - ***Administrative Templates***: See instructions to use Windows 10 templates to configure [Administrative Templates](/mem/intune/configuration/administrative-templates-windows).- - ***Settings catalog (preview)***: See instructions to use the [Settings catalog (preview)](/mem/intune/configuration/settings-catalog). + - ***Settings catalog (preview)***: See instructions to use the [Settings catalog](/mem/intune/configuration/settings-catalog). - **Group policy**: Use your on-premise Active Directory to deploy group policy objects (GPOs) to users and computers. To create a GPO for this setting, download the latest [Administrative Template files (ADMX/ADML) and Office Customization Tool for Microsoft 365 Apps for enterprise, Office 2019, and Office 2016](https://www.microsoft.com/download/details.aspx?id=49030). ## Known issues |
| security | Mdb Onboard Devices | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-onboard-devices.md | Onboard your business devices to protect them right away. You can choose from se ## Windows 10 and 11 +> [!NOTE] +> Windows devices must be running one of the following operating systems: +> - Windows 10 or 11 Business +> - Windows 10 or 11 Professional +> - Windows 10 or 11 Enterprise +> +> For more details, see [Microsoft Defender for Business requirements](mdb-requirements.md). +> Choose one of the following options to onboard Windows client devices to Defender for Business: - [Local script](#local-script-for-windows-10-and-11) (for onboarding devices manually in the Microsoft 365 Defender portal) |
| security | Mdb Tutorials | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-tutorials.md | The following table summarizes several scenarios to try with Defender for Busine | Scenario | Description | ||| | Onboard devices using a local script | In Defender for Business, you can onboard Windows and Mac devices by using a script that you download and run on each device. The script creates a trust with Azure Active Directory (Azure AD), if that trust doesn't already exist; enrolls the device with Microsoft Intune, if you have Intune; and onboards the device to Defender for Business. To learn more, see [Onboard devices to Defender for Business](mdb-onboard-devices.md). |-| Onboard devices using Intune | If you were already using Intune before getting Defender for Business, you can continue to use Endpoint Manager admin center to onboard devices. Try onboarding your Windows, Mac, iOS, and Android devices with Microsoft Intune. To learn more, see [Device enrollment in Microsoft Intune](/mem/intune/enrollment/device-enrollment). | +| Onboard devices using Intune | If you were already using Intune before getting Defender for Business, you can continue to use Intune admin center to onboard devices. Try onboarding your Windows, Mac, iOS, and Android devices with Microsoft Intune. To learn more, see [Device enrollment in Microsoft Intune](/mem/intune/enrollment/device-enrollment). | | Edit security policies | If you're managing your security policies in Defender for Business, use the **Device configuration** page to view and edit your policies. Defender for Business comes with default policies that use recommended settings to secure your company's devices as soon as they're onboarded. You can keep the default policies, edit them, and define your own policies to suit your business needs. To learn more, see [View or edit policies in Defender for Business](mdb-view-edit-policies.md). | | Run a simulated attack | Several tutorials and simulations are available in Defender for Business. These tutorials and simulations show how the threat-protection features of Defender for Business can work for your company. You can also use a simulated attack as a training exercise for your team. To try the tutorials, see [Recommended tutorials for Defender for Business](#recommended-tutorials-for-defender-for-business). | | View incidents in Microsoft 365 Lighthouse | If you're a [Microsoft Cloud Solution Provider](/partner-center/enrolling-in-the-csp-program) using Microsoft 365 Lighthouse, you can view incidents across your customers' tenants in your Microsoft 365 Lighthouse portal. To learn more, see [Microsoft 365 Lighthouse and Defender for Business](mdb-lighthouse-integration.md). | |
| security | Android Configure Mam | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/android-configure-mam.md | Microsoft Defender for Endpoint on Android supports both the configurations of M - **Intune MDM + MAM**: IT administrators can only manage apps using App Protection Policies on devices that are enrolled with Intune mobile device management (MDM). - **MAM without device enrollment**: MAM without device enrollment, or MAM-WE, allows IT administrators to manage apps using [App Protection Policies](/mem/intune/apps/app-protection-policy) on devices not enrolled with Intune MDM. This provision means that apps can be managed by Intune on devices enrolled with third-party EMM providers.-To manage apps in both these configurations customers should use Intune in the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). +To manage apps in both these configurations customers should use Intune in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). To enable this capability an administrator needs to configure the connection between Microsoft Defender for Endpoint and Intune, create the app protection policy, and apply the policy on targeted devices and applications. End users also need to take steps to install Microsoft Defender for Endpoint on :::image type="content" source="images/enable-intune-connection.png" alt-text="The Advanced features section in the Microsoft 365 Defender portal." lightbox="images/enable-intune-connection.png"::: - d. Go to **Microsoft Endpoint Manager (Intune)** and Validate whether Microsoft Defender for Endpoint-Intune connector is enabled. + d. Go to the **Microsoft Intune admin center** and Validate whether Microsoft Defender for Endpoint-Intune connector is enabled. :::image type="content" source="images/validate-intune-connector.png" alt-text="The intune-connector status pane in the Microsoft 365 Defender portal." lightbox="images/validate-intune-connector.png"::: - **Enable Microsoft Defender for Endpoint on Android Connector for App Protection Policy (APP)**. - Configure the connector on Intune Microsoft Endpoint Manager for App protection policies: + Configure the connector on Microsoft Intune for App protection policies: a. Go to **Tenant Administration > Connectors and Tokens > Microsoft Defender for Endpoint**. End users also need to take steps to install Microsoft Defender for Endpoint on ## Configure Web protection -Defender for Endpoint on Android allows IT Administrators to configure web protection. Web protection is available within the [Microsoft Endpoint Manager Admin center](https://endpoint.microsoft.com). +Defender for Endpoint on Android allows IT Administrators to configure web protection. Web protection is available within the [Microsoft Intune admin center](https://endpoint.microsoft.com). Web protection helps to secure devices against web threats and protect users from phishing attacks. Note that anti-phishing and custom indicators (URL and IP addresses) are supported as part of web protection. Web content filtering is currently not supported on mobile platforms. -1. In the Microsoft Endpoint Manager admin center, go to **Apps > App configuration policies > Add > Managed apps**. +1. In the Microsoft Intune admin center, go to **Apps > App configuration policies > Add > Managed apps**. 2. Give the policy a **name**. Web protection helps to secure devices against web threats and protect users fro ## Configure Network Protection -1. In Microsoft Endpoint Manager Admin center, navigate to **Apps** \> **App configuration policies**. Create a new App configuration policy. Click Managed Apps. +1. In Microsoft Intune admin center, navigate to **Apps** \> **App configuration policies**. Create a new App configuration policy. Click Managed Apps. 2. Provide a name and description to uniquely identify the policy. Target the policy to **'Selected apps'** and search for **'Microsoft Defender Endpoint for Android'**. Click the entry and then click **Select** and then **Next**. Web protection helps to secure devices against web threats and protect users fro Admins can use the following steps to enable privacy and not collect the domain name, app details and network information as part of the alert report for corresponding threats. -1. In Microsoft Endpoint Manager admin center, go to **Apps > App configuration policies > Add > Managed apps**. +1. In Microsoft Intune admin center, go to **Apps > App configuration policies > Add > Managed apps**. 1. Give the policy a **name**. Microsoft Defender for Endpoint on Android enables Optional Permissions in the o Use the following steps to enable Optional permissions for devices. -1. In Microsoft Endpoint Manager admin center, go to **Apps > App configuration policies > Add > Managed apps**. +1. In Microsoft Intune admin center, go to **Apps > App configuration policies > Add > Managed apps**. 1. Give the policy a **name**. |
| security | Android Configure | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/android-configure.md | For more information about how to set up Defender for Endpoint on Android and Co Defender for Endpoint on Android enables admins to configure custom indicators to support Android devices as well. For more information on how to configure custom indicators, see [Manage indicators](manage-indicators.md). ## Configure web protection-Defender for Endpoint on Android allows IT Administrators the ability to configure the web protection feature. This capability is available within the Microsoft Endpoint Manager Admin center. +Defender for Endpoint on Android allows IT Administrators the ability to configure the web protection feature. This capability is available within the Microsoft Intune admin center. [Web protection](web-protection-overview.md) helps to secure devices against web threats and protect users from phishing attacks. Note that anti-phishing and custom indicators (URL and IP addresses) are supported as part of web protection. Web content filtering is currently not supported on mobile platforms. Defender for Endpoint on Android allows IT Administrators the ability to configu ## Network Protection -This feature provides protection against rogue Wi-Fi related threats and rogue certificates which are the primary attack vector for Wi-Fi networks. Admins can list the root Certificate Authority (CA) and private root CA certificates in Microsoft Endpoint Manager Admin center and establish trust with endpoints. It provides the user a guided experience to connect to secure networks and also notifies them if a related threat is detected. +This feature provides protection against rogue Wi-Fi related threats and rogue certificates which are the primary attack vector for Wi-Fi networks. Admins can list the root Certificate Authority (CA) and private root CA certificates in Microsoft Intune admin center and establish trust with endpoints. It provides the user a guided experience to connect to secure networks and also notifies them if a related threat is detected. -It includes several admin controls to offer flexibility, such as the ability to configure the feature from within the Microsoft Endpoint Manager Admin center as well as add trusted certificates. Admins can also enable [privacy controls](/microsoft-365/security/defender-endpoint/android-configure#privacy-controls) to configure the data that is sent by Defender for Endpoint from Android devices. +It includes several admin controls to offer flexibility, such as the ability to configure the feature from within the Microsoft Intune admin center as well as add trusted certificates. Admins can also enable [privacy controls](/microsoft-365/security/defender-endpoint/android-configure#privacy-controls) to configure the data that is sent by Defender for Endpoint from Android devices. Network protection in Microsoft Defender for endpoint is disabled by default. Admins can use the following steps to **configure Network protection in Android devices.** -1. In Microsoft Endpoint Manager Admin, navigate to Apps > App configuration policies. Create a new App configuration policy. +1. In the Microsoft Intune admin center, navigate to Apps > App configuration policies. Create a new App configuration policy. > [!div class="mx-imgBorder"] >  1. Provide a name and description to uniquely identify the policy. Select **'Android Enterprise'** as the platform and **'Personally-owned work profile only'** as the profile type and **'Microsoft Defender'** as the Targeted app. Admins can now enable privacy control for the phish report, malware report and n Admin Privacy Controls (MDM) Use the following steps to enable privacy. -1. In Microsoft Endpoint Manager admin center, go to **Apps > App configuration policies > Add > Managed devices**. +1. In Microsoft Intune admin center, go to **Apps > App configuration policies > Add > Managed devices**. 2. Give the policy a **name, Platform > Android enterprise, select the profile type**. From version 1.0.3425.0303 of Microsoft Defender for Endpoint on Android, you'll **Notes about privacy related to apps from personal devices (BYOD):** - For Android Enterprise with a work profile, only apps installed on the work profile will be supported.-- For other BYOD modes, by default, vulnerability assessment of apps will **not** be enabled. However, when the device is on administrator mode, admins can explicitly enable this feature through Microsoft Endpoint Manager to get the list of apps installed on the device. For more information, see details below.+- For other BYOD modes, by default, vulnerability assessment of apps will **not** be enabled. However, when the device is on administrator mode, admins can explicitly enable this feature through Microsoft Intune to get the list of apps installed on the device. For more information, see details below. ### Configure privacy for device administrator mode Use the following steps to **enable vulnerability assessment of apps** from devi > [!NOTE] > By default, this is turned off for devices enrolled with device admin mode. -1. In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Devices** > **Configuration profiles** > **Create profile** and enter the following settings: +1. In [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Devices** > **Configuration profiles** > **Create profile** and enter the following settings: - **Platform**: Select Android device administrator - **Profile**: Select "Custom" and click Create Use the following steps to **enable vulnerability assessment of apps** from devi Defender for Endpoint supports vulnerability assessment of apps in the work profile. However, in case you want to turn this feature off for targeted users, you can use the following steps: -1. In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and go to **Apps** > **App configuration policies** > **Add** > **Managed devices**. +1. In [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and go to **Apps** > **App configuration policies** > **Add** > **Managed devices**. 2. Give the policy a name; **Platform > Android Enterprise**; select the profile type. 3. Select **Microsoft Defender for Endpoint** as the target app. 4. In Settings page, select **Use configuration designer** and add **DefenderTVMPrivacyMode** as the key and value type as **Integer** Privacy control for phish report can be used to disable the collection of domain Use the following steps to turn it on for targeted users: -1. In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Devices** > **Configuration profiles** > **Create profile** and enter the following settings: +1. In [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Devices** > **Configuration profiles** > **Create profile** and enter the following settings: - **Platform**: Select Android device administrator. - **Profile**: Select "Custom" and click **Create**. Using this privacy control will not impact the device compliance check or condit Use the following steps to turn on privacy for targeted users in the work profile: -1. In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and go to **Apps** > **App configuration policies** > **Add** > **Managed devices**. +1. In [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and go to **Apps** > **App configuration policies** > **Add** > **Managed devices**. 2. Give the policy a name, **Platform > Android Enterprise**, select the profile type. 3. Select **Microsoft Defender for Endpoint** as the target app. 4. In Settings page, select **Use configuration designer** and add **DefenderExcludeURLInReport** as the key and value type as **Integer**. Privacy control for malware threat report can be used to disable the collection Use the following steps to turn it on for targeted users: -1. In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Devices** > **Configuration profiles** > **Create profile** and enter the following settings: +1. In [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Devices** > **Configuration profiles** > **Create profile** and enter the following settings: - **Platform**: Select Android device administrator. - **Profile**: Select "Custom" and click **Create**. Using this privacy control will not impact the device compliance check or condit Use the following steps to turn on privacy for targeted users in the work profile: -1. In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and go to **Apps** > **App configuration policies** > **Add** > **Managed devices**. +1. In [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and go to **Apps** > **App configuration policies** > **Add** > **Managed devices**. 2. Give the policy a name, **Platform > Android Enterprise**, select the profile type. 3. Select **Microsoft Defender for Endpoint** as the target app. 4. In Settings page, select **Use configuration designer** and add **DefenderExcludeAppInReport** as the key and value type as **Integer** |
| security | Android Intune | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/android-intune.md | Title: Deploy Microsoft Defender for Endpoint on Android with Microsoft Endpoint Manager -description: Describes how to deploy Microsoft Defender for Endpoint on Android with Microsoft Endpoint Manager + Title: Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune +description: Describes how to deploy Microsoft Defender for Endpoint on Android with Microsoft Intune keywords: microsoft, defender, Microsoft Defender for Endpoint, mde, android, installation, deploy, uninstallation, ms.mktglfcycl: deploy search.appverid: met150 Last updated 12/18/2020 -# Deploy Microsoft Defender for Endpoint on Android with Microsoft Endpoint Manager +# Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] Last updated 12/18/2020 > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink) -Learn how to deploy Defender for Endpoint on Android on Microsoft Endpoint Manager (also known as Intune) Company Portal enrolled devices. For more information about Microsoft Endpoint Manager device enrollment, see [Enroll your device](/mem/intune/user-help/enroll-device-android-company-portal). +Learn how to deploy Defender for Endpoint on Android on Microsoft Intune Company Portal enrolled devices. For more information about Microsoft Intune device enrollment, see [Enroll your device](/mem/intune/user-help/enroll-device-android-company-portal). > [!NOTE] > **Defender for Endpoint on Android is now available on [Google Play](https://play.google.com/store/apps/details?id=com.microsoft.scmx)** >-> You can connect to Google Play from Microsoft Endpoint Manager to deploy Defender for Endpoint app across Device Administrator and Android Enterprise enrollment modes. +> You can connect to Google Play from Microsoft Intune to deploy Defender for Endpoint app across Device Administrator and Android Enterprise enrollment modes. > > Updates to the app are automatic via Google Play. ## Deploy on Device Administrator enrolled devices -Learn how to deploy Defender for Endpoint on Android with Microsoft Endpoint Manager Company Portal - Device Administrator enrolled devices. +Learn how to deploy Defender for Endpoint on Android with Microsoft Intune Company Portal - Device Administrator enrolled devices. ### Add as Android store app -1. In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \> +1. In [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \> **Android Apps** \> **Add \> Android store app** and choose **Select**. - :::image type="content" source="images/mda-addandroidstoreapp.png" alt-text="The Add Android store application pane in the Microsoft Endpoint Manager Admin Center portal" lightbox="images/mda-addandroidstoreapp.png"::: + :::image type="content" source="images/mda-addandroidstoreapp.png" alt-text="The Add Android store application pane in the Microsoft Intune admin center portal" lightbox="images/mda-addandroidstoreapp.png"::: 2. On the **Add app** page and in the *App Information* section enter: Learn how to deploy Defender for Endpoint on Android with Microsoft Endpoint Man Other fields are optional. Select **Next**. - :::image type="content" source="images/mda-addappinfo.png" alt-text=" The Add App page displaying the application's publisher and URL information in the Microsoft Endpoint Manager Admin Center portal" lightbox="images/mda-addappinfo.png"::: + :::image type="content" source="images/mda-addappinfo.png" alt-text=" The Add App page displaying the application's publisher and URL information in the Microsoft Intune admin center portal" lightbox="images/mda-addappinfo.png"::: 3. In the *Assignments* section, go to the **Required** section and select **Add group.** You can then choose the user group(s) that you would like to target Defender for Endpoint on Android app. Choose **Select** and then **Next**. > [!NOTE] > The selected user group should consist of Intune enrolled users. >- > :::image type="content" source="images/363bf30f7d69a94db578e8af0ddd044b.png" alt-text="The Add group pane in the Add App page in the Microsoft Endpoint Manager Admin Center portal" lightbox="images/363bf30f7d69a94db578e8af0ddd044b.png"::: + > :::image type="content" source="images/363bf30f7d69a94db578e8af0ddd044b.png" alt-text="The Add group pane in the Add App page in the Microsoft Intune admin center portal" lightbox="images/363bf30f7d69a94db578e8af0ddd044b.png"::: 4. In the **Review+Create** section, verify that all the information entered is correct and then select **Create**. In a few moments, the Defender for Endpoint app would be created successfully, and a notification would show up at the top-right corner of the page. - :::image type="content" source="images/86cbe56f88bb6e93e9c63303397fc24f.png" alt-text="The application status pane in the Microsoft Endpoint Manager Admin Center portal" lightbox="images/86cbe56f88bb6e93e9c63303397fc24f.png"::: + :::image type="content" source="images/86cbe56f88bb6e93e9c63303397fc24f.png" alt-text="The application status pane in the Microsoft Intune admin center portal" lightbox="images/86cbe56f88bb6e93e9c63303397fc24f.png"::: 5. In the app information page that is displayed, in the **Monitor** section, select **Device install status** to verify that the device installation has completed successfully. Learn how to deploy Defender for Endpoint on Android with Microsoft Endpoint Man Defender for Endpoint on Android supports Android Enterprise enrolled devices. -For more information on the enrollment options supported by Microsoft Endpoint Manager (Intune), see [Enrollment Options](/mem/intune/enrollment/android-enroll). +For more information on the enrollment options supported by Microsoft Intune, see [Enrollment Options](/mem/intune/enrollment/android-enroll). **Currently, Personally owned devices with work profile and Corporate-owned fully managed user device enrollments are supported for deployment.** For more information on the enrollment options supported by Microsoft Endpoint M Follow the steps below to add Microsoft Defender for Endpoint app into your managed Google Play. -1. In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \> **Android Apps** \> **Add** and select **Managed Google Play app**. +1. In [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \> **Android Apps** \> **Add** and select **Managed Google Play app**. - :::image type="content" source="images/579ff59f31f599414cedf63051628b2e.png" alt-text="The application-adding pane in the Microsoft Endpoint Manager admin center portal" lightbox="images/579ff59f31f599414cedf63051628b2e.png"::: + :::image type="content" source="images/579ff59f31f599414cedf63051628b2e.png" alt-text="The application-adding pane in the Microsoft Intune admin center portal" lightbox="images/579ff59f31f599414cedf63051628b2e.png"::: 2. On your managed Google Play page that loads subsequently, go to the search box and enter `Microsoft Defender`. Your search should display the Microsoft Defender for Endpoint app in your Managed Google Play. Click on the Microsoft Defender for Endpoint app from the Apps search result. - :::image type="content" source="images/0f79cb37900b57c3e2bb0effad1c19cb.png" alt-text="The Managed Google Play page in the Microsoft Endpoint Manager admin center portal" lightbox="images/0f79cb37900b57c3e2bb0effad1c19cb.png"::: + :::image type="content" source="images/0f79cb37900b57c3e2bb0effad1c19cb.png" alt-text="The Managed Google Play page in the Microsoft Intune admin center portal" lightbox="images/0f79cb37900b57c3e2bb0effad1c19cb.png"::: 3. In the App description page that comes up next, you should be able to see app details on Defender for Endpoint. Review the information on the page and then select **Approve**. > [!div class="mx-imgBorder"]- > :::image type="content" source="images/07e6d4119f265037e3b80a20a73b856f.png" alt-text="The page of Managed Google Play in the Microsoft Endpoint Manager admin center portal" lightbox="images/07e6d4119f265037e3b80a20a73b856f.png"::: + > :::image type="content" source="images/07e6d4119f265037e3b80a20a73b856f.png" alt-text="The page of Managed Google Play in the Microsoft Intune admin center portal" lightbox="images/07e6d4119f265037e3b80a20a73b856f.png"::: 4. You'll be presented with the permissions that Defender for Endpoint obtains for it to work. Review them and then select **Approve**. Follow the steps below to add Microsoft Defender for Endpoint app into your mana :::image type="content" source="images/fa4ac18a6333335db3775630b8e6b353.png" alt-text="The page displaying the synced application" lightbox="images/fa4ac18a6333335db3775630b8e6b353.png"::: -9. Defender for Endpoint supports App configuration policies for managed devices via Microsoft Endpoint Manager (Intune). This capability can be leveraged to select different configurations for Defender. +9. Defender for Endpoint supports App configuration policies for managed devices via Microsoft Intune. This capability can be leveraged to select different configurations for Defender. 1. In the **Apps** page, go to **Policy > App configuration policies > Add > Managed devices**. - :::image type="content" source="images/android-mem.png" alt-text="The App configuration policies pane in the Microsoft Endpoint Manager admin center portal" lightbox="images/android-mem.png"::: + :::image type="content" source="images/android-mem.png" alt-text="The App configuration policies pane in the Microsoft Intune admin center portal" lightbox="images/android-mem.png"::: 1. In the **Create app configuration policy** page, enter the following details: Follow the steps below to add Microsoft Defender for Endpoint app into your mana ### Auto Setup of Always-on VPN -Defender for Endpoint supports Device configuration policies for managed devices via Microsoft Endpoint Manager (Intune). This capability can be leveraged to **Auto setup of Always-on VPN** on Android Enterprise enrolled devices, so the end user does not need to set up VPN service while onboarding. +Defender for Endpoint supports Device configuration policies for managed devices via Microsoft Intune. This capability can be leveraged to **Auto setup of Always-on VPN** on Android Enterprise enrolled devices, so the end user does not need to set up VPN service while onboarding. 1. On **Devices**, select **Configuration Profiles** \> **Create Profile** \> **Platform** \> **Android Enterprise** Admins can go to the [Microsoft Endpoint Management admin center](https://endpoi > [!div class="mx-imgBorder"] >  -Admins also can set up **privacy controls** from the Microsoft Endpoint Manager admin center to control what data can be sent by the Defender mobile client to the security portal. For more information, see [configuring privacy controls](android-configure.md). +Admins also can set up **privacy controls** from the Microsoft Intune admin center to control what data can be sent by the Defender mobile client to the security portal. For more information, see [configuring privacy controls](android-configure.md). Organizations can communicate to their users to protect Personal profile with Microsoft Defender on their enrolled BYOD devices. |
| security | Android Whatsnew | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/android-whatsnew.md | Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.]( > If users can't access the play store, the app can be updated through the company portal. ## Microsoft Defender for Endpoint on Company-owned personally enabled devices-MDE is now generally available on AE COPE devices. Enterprises can onboard devices on COPE mode and push MDE to user's devices through the [Microsoft Endpoint Manager Admin center](https://endpoint.microsoft.com). With this support, Android Enterprise COPE devices will get the full capabilities of our offering on Android including phishing and web protection, malware scanning, Network protection (preview) and additional breach prevention through integration with Microsoft Endpoint Manager and Conditional Access. Read the announcement [here](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-for-endpoint-is-now-available-on-android/ba-p/3626100). +MDE is now generally available on AE COPE devices. Enterprises can onboard devices on COPE mode and push MDE to user's devices through the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). With this support, Android Enterprise COPE devices will get the full capabilities of our offering on Android including phishing and web protection, malware scanning, Network protection (preview) and additional breach prevention through integration with Microsoft Intune and Conditional Access. Read the announcement [here](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-for-endpoint-is-now-available-on-android/ba-p/3626100). ## Privacy Controls Microsoft Defender for Endpoint is now supported on Android Enterprise personal ## Network protection Network Protection on Microsoft Defender for Endpoint is now available. Network protection provides protection against rogue Wi-Fi related threats, rogue hardware like pineapple devices and notifies the user if a related threat is detected. Users will also see a guided experience to connect to secure networks and change networks when they are connected to an unsecure connection. -It includes several admin controls to offer flexibility, such as the ability to configure the feature from within the Microsoft Endpoint Manager Admin center. Admins can also enable privacy controls to configure the data that is sent by Defender for Endpoint from Android devices. +It includes several admin controls to offer flexibility, such as the ability to configure the feature from within the Microsoft Intune admin center. Admins can also enable privacy controls to configure the data that is sent by Defender for Endpoint from Android devices. If you are interested in participating in this public preview, please share your tenant id with us on networkprotection@microsoft.com. For more information, see [network protection](/microsoft-365/security/defender-endpoint/android-configure). Microsoft Defender for Endpoint has released this update required by [Google](ht These changes will take effect if you are using Microsoft Defender for Endpoint on devices running Android 11 or later and updated Defender for Endpoint to release build 1.0.3501.0301 or later. > [!NOTE]-> The new storage permissions cannot be configured by admin to 'Auto Approve' through Microsoft Endpoint Manager. User will need to take action to provide access to this permission. +> The new storage permissions cannot be configured by admin to 'Auto Approve' through Microsoft Intune. User will need to take action to provide access to this permission. - **User experience:** Users will receive a notification indicating a missing permission for app security. If the user denies this permission, the 'App security' functionality will be turned off on the device. If user doesn't accept or deny permission, they will continue to receive the prompt when unlocking their device or opening the app, until it has been approved. |
| security | Application Deployment Via Mecm | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/application-deployment-via-mecm.md | This article guides you in migrating down-level servers from Microsoft Monitorin ## Prerequisites -- Microsoft Endpoint Configuration Manager (MECM) older than 2207.+- Microsoft Endpoint Configuration Manager (MECM) higher than 2207. - Down-level OS devices in your environment onboarded with Microsoft Monitoring Agent. To confirm, verify that `MsSenseS.exe` is running in Task Manager. - Presence of the MMA agent. You can verify it by checking if the correct Workspace ID is present in the Control Panel> Microsoft Monitoring Agent. - Active Microsoft 365 Defender portal with devices onboarded. |
| security | Attack Surface Reduction Rules Deployment Test | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-test.md | Title: Test attack surface reduction (ASR) rules -description: Provides guidance to test your attack surface reduction (ASR) rules deployment. Microsoft Defender for Endpoint (MDE) ASR test includes, audit defender ASR rules, configure ASR rules using MEM, Microsoft ASR rules reporting, ASR rules exclusions, ASR rules event viewer. +description: Provides guidance to test your attack surface reduction (ASR) rules deployment. Microsoft Defender for Endpoint (MDE) ASR test includes, audit defender ASR rules, configure ASR rules using Intune, Microsoft ASR rules reporting, ASR rules exclusions, ASR rules event viewer. keywords: Microsoft Defender for Endpoint (MDE) Attack surface reduction (ASR) rules deployment, Attack surface reduction guide, ASR deployment, test asr rules, ASR rules exclusions, Microsoft ASR, configure ASR rules, attack surface reduction rules best practice, attack surface reduction intune, ASR rules event viewer, attack surface reduction defender, asr rules powershell, attack surface reduction best practice, disable ASR rules, host intrusion prevention system, protection rules, anti-exploit rules, anti-exploit, exploit rules, infection prevention rules, Microsoft Defender for Endpoint, configure ASR rules search.product: eADQiWindows 10XVcnh ms.mktglfcycl: manage Testing Microsoft Defender for Endpoint (MDE) attack surface reduction (ASR) rul In this section of the ASR rules deployment guide, you will learn how to: -- configure rules using MEM+- configure rules using Microsoft Intune - use Microsoft Defender for Endpoint ASR rules reports - configure ASR rules exclusions - enable ASR rules using PowerShell In this section of the ASR rules deployment guide, you will learn how to: Begin your attack surface reduction (ASR) rules deployment with ring 1. -> :::image type="content" source="images/asr-rules-testing-steps.png" alt-text="The Microsoft Defender for Endpoint (MDE) attack surface reduction (ASR rules) test steps. Audit ASR rules, configure ASR rules exclusions. Configure ASR rules MEM. ASR rules exclusions. ASR rules event viewer." lightbox="images/asr-rules-testing-steps.png"::: +> :::image type="content" source="images/asr-rules-testing-steps.png" alt-text="The Microsoft Defender for Endpoint (MDE) attack surface reduction (ASR rules) test steps. Audit ASR rules, configure ASR rules exclusions. Configure ASR rules Intune. ASR rules exclusions. ASR rules event viewer." lightbox="images/asr-rules-testing-steps.png"::: ## Step 1: Test ASR rules using Audit Begin the testing phase by turning on the ASR rules with the rules set to Audit, starting with your champion users or devices in ring 1. Typically, the recommendation is that you enable all the rules (in Audit) so that you can determine which rules are triggered during the testing phase. Note that rules that are set to Audit do not generally impact functionality of the entity or entities to which the rule is applied but do generate logged events for the evaluation; there is no effect on end users. -### Configure ASR rules using MEM +### Configure ASR rules using Intune -You can use Microsoft Endpoint Manager (MEM) Endpoint Security to configure custom ASR rules. +You can use Microsoft Intune Endpoint Security to configure custom ASR rules. -1. Open [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/#home). +1. Open the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 2. Go to **Endpoint Security** > **Attack surface reduction**. 3. Select **Create Policy**. 4. In **Platform**, select **Windows 10 and later**, and in **Profile**, select **Attack surface reduction rules**. On the Configurations tab, you can checkΓÇöon a per-device basisΓÇöwhich ASR rul >:::image type="content" source="images/attack-surface-reduction-rules-report-configuration-add-to-policy.png" alt-text="Screenshot that shows the ASR rules fly-out to add ASR rules to devices." lightbox="images/attack-surface-reduction-rules-report-configuration-add-to-policy.png"::: -The **Get started** link opens the Microsoft Endpoint Manager admin center, where you can create or modify an endpoint protection policy for ASR: +The **Get started** link opens the Microsoft Intune admin center, where you can create or modify an endpoint protection policy for ASR: > [!div class="mx-imgBorder"] > :::image type="content" source="images/asr-defender365-05b-mem1.png" alt-text="The *Endpoint security menu item on the Overview page" lightbox="images/asr-defender365-05b-mem1.png"::: The **Get started** link opens the Microsoft Endpoint Manager admin center, wher In Endpoint security | Overview, select **Attack surface reduction**: > [!div class="mx-imgBorder"]-> :::image type="content" source="images/asr-defender365-05b-mem2.png" alt-text="The Attack surface reduction in MEM" lightbox="images/asr-defender365-05b-mem2.png"::: +> :::image type="content" source="images/asr-defender365-05b-mem2.png" alt-text="The Attack surface reduction in Intune" lightbox="images/asr-defender365-05b-mem2.png"::: The Endpoint Security | Attack surface reduction pane opens: ASR rules now provide the capability to configure rule-specific exclusions, know > [!NOTE] > Per-rule exclusions cannot currently be configured by using PowerShell or Group Policy.-> In Microsoft Endpoint Manager (MEM), per-rule exclusions cannot be added to the existing policy. As it is currently implemented, in order to configure per-rule exclusions, you must create a new policy in MEM to replace the existing policy. +> In Microsoft Intune, per-rule exclusions cannot be added to the existing policy. As it is currently implemented, in order to configure per-rule exclusions, you must create a new policy in Intune to replace the existing policy. To configure per-rule exclusions: -1. Open [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/#home) console, and navigate to **Home** > **Endpoint security** > **Attack surface reduction**. +1. Open the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), and navigate to **Home** > **Endpoint security** > **Attack surface reduction**. 1. If it is not already configured, set the rule for which you want to configure exclusions to **Block*. 1. In **ASR Only Per Rule Exclusion**, click the toggle to change from **Not configured** to **Configured.** 1. Enter the names of the files or application that you want to exclude. To configure per-rule exclusions: ### Use PowerShell as an alternative method to enable ASR rules -You can use PowerShell - as an alternative to MEM - to enable ASR rules in audit mode to view a record of apps that would have been blocked if the feature was fully enabled. You can also get an idea of how often the rules will fire during normal use. +You can use PowerShell - as an alternative to Intune - to enable ASR rules in audit mode to view a record of apps that would have been blocked if the feature was fully enabled. You can also get an idea of how often the rules will fire during normal use. To enable an attack surface reduction rule in audit mode, use the following PowerShell cmdlet: |
| security | Attack Surface Reduction Rules Deployment | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment.md | This deployment collection provides information about the following aspects of M As with any new, wide-scale implementation which could potentially impact your line-of-business operations, it is important to be methodical in your planning and implementation. Because of the powerful capabilities of ASR rules in preventing malware, careful planning and deployment of these rules is necessary to ensure they work best for your unique customer workflows. To work in your environment, you need to plan, test, implement, and operationalize ASR rules carefully. -> :::image type="content" source="images/asr-rules-deployment-phases.png" alt-text="Plan Microsoft Defender for Endpoint (MDE) attack surface reduction (ASR) rules, test MDE ASR rules, Enable MDE ASR rules, maintain ASR rules." lightbox="images/asr-rules-deployment-phases.png"::: + :::image type="content" source="images/asr-rules-deployment-phases.png" alt-text="Plan Microsoft Defender for Endpoint (MDE) attack surface reduction (ASR) rules, test MDE ASR rules, Enable MDE ASR rules, maintain ASR rules." lightbox="images/asr-rules-deployment-phases.png"::: ## Important pre-deployment caveat While you're going through the process of planning, auditing, and enable ASR rul - [Block abuse of exploited vulnerable signed drivers](attack-surface-reduction-rules-reference.md#block-abuse-of-exploited-vulnerable-signed-drivers) - [Block persistence through Windows Management Instrumentation (WMI) event subscription](attack-surface-reduction-rules-reference.md#block-persistence-through-wmi-event-subscription) -Typically, you can enable the standard protection rules with minimal-to-no noticeable impact to the end user. For an easy method to enable the standard protection rules, see: [Simplified standard protection option](attack-surface-reduction-rules-report.md#simplified-standard-protection-option) +Typically, you can enable the standard protection rules with minimal-to-no noticeable impact to the end user. For an easy method to enable the standard protection rules, see: [Simplified standard protection option](attack-surface-reduction-rules-report.md#simplified-standard-protection-option). > [!NOTE] > For Customers who are using a non-Microsoft HIPS and are transitioning to Microsoft Defender for Endpoint attack surface reduction rules: Microsoft advises customers to run their HIPS solution side-by-side with their ASR rules deployment until the moment you shift from Audit to Block mode. Keep in mind that you must reach out to your 3rd-party antivirus vendor for exclusion recommendations. As outlined in [Use attack surface reduction rules to prevent malware infection] | Use advanced protection against ransomware | Block persistence through WMI event subscription | Block Office apps from injecting code into other processes | Block Office communication apps from creating child processes | | | | | | Block Adobe Reader from creating child processes | | | | -(<a id="fn1">1</a>) _Block abuse of exploited vulnerable signed drivers_ isn't currently available in MEM Endpoint security. You can configure this rule using [MEM OMA-URI](enable-attack-surface-reduction.md#mem). +(<a id="fn1">1</a>) _Block abuse of exploited vulnerable signed drivers_ isn't currently available in Intune Endpoint security. You can configure this rule using [Intune OMA-URI](enable-attack-surface-reduction.md#custom-profile-in-intune). (<a id="fn1">2</a>) Some ASR rules generate considerable noise, but won't block functionality. For example, if you're updating Chrome; Chrome will access lsass.exe; passwords are stored in lsass on the device. However, Chrome should not be accessing local device lsass.exe. If you enable the rule to block access to lsass, it will generate a lot of events. Those events are good events because the software update process should not access lsass.exe. Enabling this rule will block Chrome updates from accessing lsass, but will not block Chrome from updating; this is also true of other applications that make unnecessary calls to lsass.exe. The _block access to lsass_ rule will block unnecessary calls to lsass, but won't block the application from running. ### ASR infrastructure requirements -Although multiple methods of implementing ASR rules are possible, this guide is based on an infrastructure consisting of: +Although multiple methods of implementing ASR rules are possible, this guide is based on an infrastructure consisting of - Azure Active Directory-- Microsoft Endpoint Management (MEM)+- Microsoft Intune - Windows 10 and Windows 11 devices - Microsoft Defender for Endpoint E5 or Windows E5 licenses -To take full advantage of ASR rules and reporting, we recommend using a Microsoft 365 Defender E5 or Windows E5 license, and A5. Learn more: [Minimum requirements for Microsoft Defender for Endpoint](minimum-requirements.md). +To take full advantage of ASR rules and reporting, we recommend using a Microsoft 365 Defender E5 or Windows E5 license, and A5. Learn more at [Minimum requirements for Microsoft Defender for Endpoint](minimum-requirements.md). > [!NOTE]-> There are multiple methods to configure ASR rules. ASR rules can be configured using: Microsoft Endpoint Manager (MEM), PowerShell, Group Policy, Microsoft Endpoint Configuration Manager (ConfigMgr), MEM OMA-URI. +> There are multiple methods to configure ASR rules. ASR rules can be configured using: Microsoft Intune, PowerShell, Group Policy, Microsoft Configuration Manager (ConfigMgr), Intune OMA-URI. > If you are using a different infrastructure configuration than what is listed for _Infrastructure requirements_ (above), you can learn more about deploying attack surface reduction rules using other configurations here: [Enable attack surface reduction rules](enable-attack-surface-reduction.md). ### ASR rules dependencies Microsoft Defender Antivirus must not be in any of the following modes: - Limited periodic scanning (LPS) - Off -See: [Cloud-delivered protection and Microsoft Defender Antivirus](cloud-protection-microsoft-defender-antivirus.md). +See [Cloud-delivered protection and Microsoft Defender Antivirus](cloud-protection-microsoft-defender-antivirus.md) for more. ### Cloud Protection (MAPS) must be enabled to enable ASR rules Some rules don't work well if un-signed, internally developed application and sc ### Management sites -[Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/#home) +[Microsoft Intune admin center](https://endpoint.microsoft.com/#home) [Attack surface reduction](https://security.microsoft.com/asr?viewid=detections) |
| security | Attack Surface Reduction Rules Reference | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference.md | Links to information about configuration management system versions referenced i - [Configuration Manager CB 1710](/configmgr/core/servers/manage/updates) - [Configuration Manager CB 1802](/configmgr/core/servers/manage/updates)-- [Microsoft Endpoint Manager CB 1710](/configmgr/core/servers/manage/updates)-- [System Center Configuration Manager (SCCM) CB 1710](/configmgr/core/servers/manage/updates) <br>_SCCM is now Microsoft Endpoint Configuration Manager._+- [Microsoft Configuration Manager CB 1710](/configmgr/core/servers/manage/updates) +- [System Center Configuration Manager (SCCM) CB 1710](/configmgr/core/servers/manage/updates) <br>_SCCM is now Microsoft Configuration Manager._ ## Per ASR rule alert and notification details The **Block abuse of exploited vulnerable signed drivers** rule doesn't block a > [!NOTE] >-> You can configure this rule using MEM OMA-URI. See [MEM OMA-URI](enable-attack-surface-reduction.md#mem) for configuring custom rules. +> You can configure this rule using Intune OMA-URI. See [Intune OMA-URI](enable-attack-surface-reduction.md#custom-profile-in-intune) for configuring custom rules. > > You can also configure this rule using [PowerShell](enable-attack-surface-reduction.md#powershell). > This rule blocks the following file types from launching from email opened withi Intune name: `Execution of executable content (exe, dll, ps, js, vbs, etc.) dropped from email (webmail/mail client) (no exceptions)` -Microsoft Endpoint Manager name: `Block executable content from email client and webmail` +Microsoft Configuration Manager name: `Block executable content from email client and webmail` GUID: `be9ba2d9-53ea-4cdc-84e5-9b1eeee46550` Dependencies: Microsoft Defender Antivirus > The rule **Block executable content from email client and webmail** has the following alternative descriptions, depending on which application you use: > > - Intune (Configuration Profiles): Execution of executable content (exe, dll, ps, js, vbs, etc.) dropped from email (webmail/mail client) (no exceptions).-> - Endpoint +> - Configuration > - Group Policy: Block executable content from email client and webmail. ### Block executable files from running unless they meet a prevalence, age, or trusted list criterion |
| security | Attack Surface Reduction Rules Report | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-report.md | Clicking on the **ASR rules detections** link at the top of the card also opens **The top section** focuses on three recommended rules, which protect against common attack techniques. This card shows current-state information about the computers in your organization that have the following [Three \(ASR\) standard protection rules](#simplified-standard-protection-option) set in **Block mode**, **Audit mode**, or **off** (not configured).The **Protect devices** button will show full configuration details for only the three rules; customers can quickly take action to enable these rules. -**The bottom section** surfaces six rules based on the number of unprotected devices per rule. The "View configuration" button surfaces all configuration details for all ASR rules. The "Add exclusion" button shows the add exclusion page with all detected file/process names listed for Security Operation Center (SOC) to evaluate. The **Add exclusion** page is linked to Microsoft Endpoint Manager (MEM). +**The bottom section** surfaces six rules based on the number of unprotected devices per rule. The "View configuration" button surfaces all configuration details for all ASR rules. The "Add exclusion" button shows the add exclusion page with all detected file/process names listed for Security Operation Center (SOC) to evaluate. The **Add exclusion** page is linked to Microsoft Intune. Provides two 'action' buttons: When you select a file, a **Summary & expected impact** fly out opens, presentin The Add exclusion page has two buttons for actions that can be used on any detected files (after selection). You can: -- **Add exclusion** which will open Microsoft Endpoint Manager (MEM) ASR policy page. For more information, see: [MEM](https://enable-attack-surface-reduction.md#mem) in "Enable ASR rules alternate configuration methods."+- **Add exclusion** which will open Microsoft Intune ASR policy page. For more information, see: [Intune](https://enable-attack-surface-reduction.md#mem) in "Enable ASR rules alternate configuration methods." - **Get exclusion paths** which will download file paths in a csv format >:::image type="content" source="images/attack-surface-reduction-rules-report-main-add-exclusions-flyout.png" alt-text="Shows the ASR rules report add exclusions tab flyout impact summary" lightbox="images/attack-surface-reduction-rules-report-main-add-exclusions-flyout.png"::: |
| security | Attack Surface Reduction | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction.md | For more information and to get your updates, see [Update for Microsoft Defender ### Cases where warn mode is not supported -Warn mode isn't supported for three attack surface reduction rules when you configure them in Microsoft Endpoint Manager. (If you use Group Policy to configure your attack surface reduction rules, warn mode is supported.) The three rules that do not support warn mode when you configure them in Microsoft Endpoint Manager are as follows: +Warn mode isn't supported for three attack surface reduction rules when you configure them in Microsoft Intune. (If you use Group Policy to configure your attack surface reduction rules, warn mode is supported.) The three rules that do not support warn mode when you configure them in Microsoft Intune are as follows: - [Block JavaScript or VBScript from launching downloaded executable content](attack-surface-reduction-rules-reference.md#block-javascript-or-vbscript-from-launching-downloaded-executable-content) (GUID `d3e037e1-3eb8-44c8-a917-57927947596d`) - [Block persistence through WMI event subscription](attack-surface-reduction-rules-reference.md#block-persistence-through-wmi-event-subscription) (GUID `e6db77e5-3df2-4cf1-b95a-636979351e5b`) |
| security | Built In Protection | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/built-in-protection.md | Built-in protection is a set of default settings. You aren't required to keep th | Determine whether tamper protection is turned on for your organization | 1. Go to the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) and sign in.<br/>2. Go to **Settings** > **Endpoints** > **Advanced features** > **Tamper protection**. | | Manage tamper protection tenant wide using the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) | 1. Go to the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) and sign in.<br/>2. Go to **Settings** > **Endpoints** > **Advanced features**.<br/>3. Set **Tamper protection** to **On** (*recommended*) or **Off**.<br/>4. Select **Save preferences**.<br/>See [Manage tamper protection for your organization using Microsoft 365 Defender portal](manage-tamper-protection-microsoft-365-defender.md). | | Set tamper protection settings for some, but not all, devices | Use endpoint security policies and profiles that are applied to specific devices. See the following articles:<br/>- [Manage tamper protection using Microsoft Intune](manage-tamper-protection-microsoft-endpoint-manager.md)<br/>- [Manage tamper protection using tenant attach with Configuration Manager, version 2006](manage-tamper-protection-configuration-manager.md)|-| Turn tamper protection on or off on an individual Windows device | 1. On your Windows device, select **Start**, and start typing *Security*.<br/>2. In the search results, select **Windows Security**.<br/>3. Select **Virus & threat protection** > **Virus & threat protection settings**.<br/>4. Set **Tamper Protection** to **On** (*recommended*) or **Off**. <br/><br/>If the device is onboarded to Defender for Endpoint, or the device is managed in the Microsoft Endpoint Manager admin center, those settings will override user settings on the individual device. See [Manage tamper protection on an individual device](manage-tamper-protection-individual-device.md). | +| Turn tamper protection on or off on an individual Windows device | 1. On your Windows device, select **Start**, and start typing *Security*.<br/>2. In the search results, select **Windows Security**.<br/>3. Select **Virus & threat protection** > **Virus & threat protection settings**.<br/>4. Set **Tamper Protection** to **On** (*recommended*) or **Off**. <br/><br/>If the device is onboarded to Defender for Endpoint, or the device is managed in the Microsoft Intune admin center, those settings will override user settings on the individual device. See [Manage tamper protection on an individual device](manage-tamper-protection-individual-device.md). | | Turn tamper protection on or off manually on a Mac | 1. On your Mac, open Finder, and go to **Applications** > **Utilities** > **Terminal**.<br/>2. In Terminal, type the following command `sudo mdatp config tamper-protection enforcement-level --value (chosen mode)`.<br/><br/>See [Manual configuration](tamperprotection-macos.md#manual-configuration). | | Change tamper protection settings using a Mobile Device Management (MDM) solution | To change the tamper protection mode using an MDM, go to the configuration profile and change the enforcement level in [Intune](tamperprotection-macos.md#intune) or [JAMF](tamperprotection-macos.md#jamf).<br/><br/>The configuration profile set with the MDM will be your first point of reference. Any settings defined in the profile will be enforced on the device, and built-in-protection default settings won't override these applied settings. | | Temporarily disable tamper protection on a device for troubleshooting purposes | See the following articles:<br/>- [Get started with troubleshooting mode in Microsoft Defender for Endpoint](enable-troubleshooting-mode.md)<br/>- [Troubleshooting mode scenarios in Microsoft Defender for Endpoint](troubleshooting-mode-scenarios.md) | Built-in protection is a set of default settings. You aren't required to keep th - [Protect security settings with tamper protection](prevent-changes-to-security-settings-with-tamper-protection.md) - [Manage endpoint security in Microsoft Intune](/mem/intune/protect/endpoint-security) - [Configure Microsoft Defender for Endpoint in Intune](/mem/intune/protect/advanced-threat-protection-configure)-- [Manage Microsoft Defender for Endpoint on devices with Microsoft Endpoint Manager](/mem/intune/protect/mde-security-integration)+- [Manage Microsoft Defender for Endpoint on devices with Microsoft Intune](/mem/intune/protect/mde-security-integration) - [Responding to ransomware attacks](../defender/playbook-responding-ransomware-m365-defender.md) |
| security | Configuration Management Reference Microsoft Defender Antivirus | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configuration-management-reference-microsoft-defender-antivirus.md | search.appverid: met150 You can manage and configure Microsoft Defender Antivirus with the following tools: - [Performance analyzer for Microsoft Defender Antivirus](tune-performance-defender-antivirus.md)-- [Microsoft Intune](/mem/intune/protect/endpoint-security-antivirus-policy) (now part of Microsoft Endpoint Manager)-- [Microsoft Endpoint Configuration Manager](/mem/configmgr/protect/deploy-use/endpoint-protection-configure) (now part of Microsoft Endpoint Manager)+- [Microsoft Intune](/mem/intune/protect/endpoint-security-antivirus-policy) +- [Microsoft Configuration Manager](/mem/configmgr/protect/deploy-use/endpoint-protection-configure) - [Group Policy](./use-group-policy-microsoft-defender-antivirus.md) - [PowerShell cmdlets](./use-powershell-cmdlets-microsoft-defender-antivirus.md) - [Windows Management Instrumentation (WMI)](./use-wmi-microsoft-defender-antivirus.md) |
| security | Configure Advanced Scan Types Microsoft Defender Antivirus | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus.md | search.appverid: met150 For more information, see [Configure device restriction settings in Microsoft Intune](/intune/device-restrictions-configure) and [Microsoft Defender Antivirus device restriction settings for Windows 10 in Intune](/intune/device-restrictions-windows-10#microsoft-defender-antivirus). -## Use Microsoft Endpoint Manager to configure scanning options +## Use Microsoft Configuration Manager to configure scanning options -For details on configuring Microsoft Endpoint Manager (current branch), see [How to create and deploy antimalware policies: Scan settings](/configmgr/protect/deploy-use/endpoint-antimalware-policies#scan-settings). +For details on configuring Microsoft Configuration Manager (current branch), see [How to create and deploy antimalware policies: Scan settings](/configmgr/protect/deploy-use/endpoint-antimalware-policies#scan-settings). ## Use Group Policy to configure scanning options |
| security | Configure Block At First Sight Microsoft Defender Antivirus | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus.md | Microsoft Defender Antivirus uses multiple detection and prevention technologies ## Turn on block at first sight with Microsoft Intune -> [!TIP] -> Microsoft Intune is now part of Microsoft Endpoint Manager. +### Create a device configuration profile -1. In the Microsoft Endpoint Manager admin center (<https://endpoint.microsoft.com>), navigate to **Devices** \> **Configuration profiles**. +1. In the Microsoft Intune admin center (<https://endpoint.microsoft.com>), navigate to **Devices** \> **Configuration profiles**. 2. Select or create a profile using the **Device restrictions** profile type. Microsoft Defender Antivirus uses multiple detection and prevention technologies > - For more information about configuring Microsoft Defender Antivirus device restrictions in Intune, see [Configure device restriction settings in Microsoft Intune](/intune/device-restrictions-configure). > - For a list of Microsoft Defender Antivirus device restrictions in Intune, see [Device restriction for Windows 10 (and newer) settings in Intune](/intune/device-restrictions-windows-10#microsoft-defender-antivirus). -## Turn on block at first sight with Microsoft Endpoint Manager --> [!TIP] -> If you're looking for Microsoft Endpoint Configuration Manager, it's now part of Microsoft Endpoint Manager. +### Create an endpoint security policy -1. In Microsoft Endpoint Manager (<https://endpoint.microsoft.com>), go to **Endpoint security** \> **Antivirus**. +1. In the Microsoft Intune admin center (<https://endpoint.microsoft.com>), go to **Endpoint security** \> **Antivirus**. 2. Select an existing policy, or create a new policy using the **Microsoft Defender Antivirus** profile type. Microsoft Defender Antivirus uses multiple detection and prevention technologies - **Cloud-delivered protection level**: High - **Microsoft Defender Antivirus Extended Timeout in Seconds**: 50 - :::image type="content" source="images/endpointmgr-antivirus-cloudprotection.png" alt-text="Block at first sight settings in the Microsoft Endpoint Manager portal" lightbox="images/endpointmgr-antivirus-cloudprotection.png"::: + :::image type="content" source="images/endpointmgr-antivirus-cloudprotection.png" alt-text="Block at first sight settings in the Microsoft Intune admin center portal" lightbox="images/endpointmgr-antivirus-cloudprotection.png"::: 4. Apply the Microsoft Defender Antivirus profile to a group, such as **All users**, **All devices**, or **All users and devices**. ## Turn on block at first sight with Group Policy > [!NOTE]-> We recommend using Intune or Microsoft Endpoint Manager to turn on block at first sight. +> We recommend using Intune or Microsoft Configuration Manager to turn on block at first sight. 1. On your Group Policy management computer, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**. You can confirm that block at first sight is enabled on individual client device You might choose to disable block at first sight if you want to retain the prerequisite settings without actually using block at first sight protection. You might temporarily turn block at first sight off to see how this feature affects your network. However, we do not recommend disabling block at first sight protection permanently. -### Turn off block at first sight with Microsoft Endpoint Manager +### Turn off block at first sight with Microsoft Intune -1. Go to Microsoft Endpoint Manager admin center (<https://endpoint.microsoft.com>) and sign in. +1. Go to the Microsoft Intune admin center (<https://endpoint.microsoft.com>) and sign in. 2. Go to **Endpoint security** \> **Antivirus**, and then select your Microsoft Defender Antivirus policy. |
| security | Configure Cloud Block Timeout Period Microsoft Defender Antivirus | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md | The default period that the file is [blocked](configure-block-at-first-sight-mic [Block at first sight](configure-block-at-first-sight-microsoft-defender-antivirus.md) and its prerequisites must be enabled before you can specify an extended timeout period. -## Specify the extended timeout period using Microsoft Endpoint Manager +## Specify the extended timeout period using Microsoft Intune -You can specify the cloud block timeout period with an [endpoint security policy in Microsoft Endpoint Manager](/mem/intune/protect/endpoint-security-policy). +You can specify the cloud block timeout period with an [endpoint security policy in Microsoft Intune](/mem/intune/protect/endpoint-security-policy). -1. Go to the Endpoint Manager admin center ([https://endpoint.microsoft.com/](https://endpoint.microsoft.com/)) and sign in. +1. Go to the Intune admin center ([https://endpoint.microsoft.com/](https://endpoint.microsoft.com/)) and sign in. 2. Select **Endpoint security**, and then under **Manage**, choose **Antivirus**. |
| security | Configure Endpoints Sccm | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-endpoints-sccm.md | search.appverid: met150 - [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)-- Microsoft Endpoint Configuration Manager current branch+- Microsoft Configuration Manager current branch - System Center 2012 R2 Configuration Manager > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-configureendpointssccm-abovefoldlink) After onboarding devices to the service, it's important to take advantage of the ### Device collection configuration -If you're using Endpoint Configuration Manager, version 2002 or later, you can choose to broaden the deployment to include servers or down-level clients. +If you're using Configuration Manager, version 2002 or later, you can choose to broaden the deployment to include servers or down-level clients. ### Next generation protection configuration Configure all available rules to Audit. > [!NOTE] > Blocking these activities may interrupt legitimate business processes. The best approach is setting everything to audit, identifying which ones are safe to turn on, and then enabling those settings on endpoints which do not have false positive detections. -For deploying Antivirus (AV) and Attack Surface Reduction (ASR) policies through Microsoft Endpoint Configuration Manager (SCCM) follow the steps: +For deploying Antivirus (AV) and Attack Surface Reduction (ASR) policies through Microsoft Configuration Manager (SCCM) follow the steps: - Enable Endpoint Protection and configure custom client settings. - Install the Endpoint Protection client from a command prompt. For security reasons, the package used to Offboard devices will expire 30 days a > [!NOTE] > Onboarding and offboarding policies must not be deployed on the same device at the same time, otherwise this will cause unpredictable collisions. -### Offboard devices using Microsoft Endpoint Manager current branch +### Offboard devices using Microsoft Configuration Manager current branch -If you use Microsoft Endpoint Manager current branch, see [Create an offboarding configuration file](/configmgr/protect/deploy-use/windows-defender-advanced-threat-protection#create-an-offboarding-configuration-file). +If you use Microsoft Configuration Manager current branch, see [Create an offboarding configuration file](/configmgr/protect/deploy-use/windows-defender-advanced-threat-protection#create-an-offboarding-configuration-file). ### Offboard devices using System Center 2012 R2 Configuration Manager If you use Microsoft Endpoint Manager current branch, see [Create an offboarding ## Monitor device configuration -If you're using Microsoft Endpoint Manager current branch, use the built-in Defender for Endpoint dashboard in the Configuration Manager console. For more information, see [Defender for Endpoint - Monitor](/configmgr/protect/deploy-use/windows-defender-advanced-threat-protection#monitor). +If you're using Microsoft Configuration Manager current branch, use the built-in Defender for Endpoint dashboard in the Configuration Manager console. For more information, see [Defender for Endpoint - Monitor](/configmgr/protect/deploy-use/windows-defender-advanced-threat-protection#monitor). If you're using System Center 2012 R2 Configuration Manager, monitoring consists of two parts: |
| security | Configure Endpoints Vdi | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-endpoints-vdi.md | Like any other system in an IT environment, these too should have an Endpoint De > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-configvdi-abovefoldlink) > [!NOTE]- > **Persistent VDI's** - Onboarding a persistent VDI machine into Microsoft Defender for Endpoint is handled the same way you would onboard a physical machine, such as a desktop or laptop. Group policy, Microsoft Endpoint Manager, and other methods can be used to onboard a persistent machine. In the Microsoft 365 Defender portal, (https://security.microsoft.com) under onboarding, select your preferred onboarding method, and follow the instructions for that type. For more information see [Onboarding Windows client](onboard-windows-client.md). + > **Persistent VDI's** - Onboarding a persistent VDI machine into Microsoft Defender for Endpoint is handled the same way you would onboard a physical machine, such as a desktop or laptop. Group policy, Microsoft Configuration Manager, and other methods can be used to onboard a persistent machine. In the Microsoft 365 Defender portal, (https://security.microsoft.com) under onboarding, select your preferred onboarding method, and follow the instructions for that type. For more information see [Onboarding Windows client](onboard-windows-client.md). ## Onboarding non-persistent virtual desktop infrastructure (VDI) devices The following configuration settings are recommended: ## Related topics - [Onboard Windows devices using Group Policy](configure-endpoints-gp.md)-- [Onboard Windows devices using Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md)+- [Onboard Windows devices using Microsoft Configuration Manager](configure-endpoints-sccm.md) - [Onboard Windows devices using Mobile Device Management tools](configure-endpoints-mdm.md) - [Onboard Windows devices using a local script](configure-endpoints-script.md) - [Troubleshoot Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md) |
| security | Configure Extension File Exclusions Microsoft Defender Antivirus | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus.md | See the following articles: ### Use Configuration Manager to configure file name, folder, or file extension exclusions -See [How to create and deploy antimalware policies: Exclusion settings](/configmgr/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings) for details on configuring Microsoft Endpoint Manager (current branch). +See [How to create and deploy antimalware policies: Exclusion settings](/configmgr/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings) for details on configuring Microsoft Configuration Manager (current branch). ### Use Group Policy to configure folder or file extension exclusions The following table lists and describes the system account environment variables You can retrieve the items in the exclusion list by using one of the following methods: - [Intune](/mem/intune/fundamentals/deployment-guide-intune-setup)-- [Microsoft Endpoint Configuration Manager](/configmgr/protect/deploy-use/endpoint-antimalware-policies)+- [Microsoft Configuration Manager](/configmgr/protect/deploy-use/endpoint-antimalware-policies) - [MpCmdRun](command-line-arguments-microsoft-defender-antivirus.md) - [PowerShell](/powershell/module/defender) - [Windows Security app](microsoft-defender-security-center-antivirus.md) |
| security | Configure Local Policy Overrides Microsoft Defender Antivirus | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-local-policy-overrides-microsoft-defender-antivirus.md | By default, lists that have been configured in local group policy and the Window 4. Double-click **Configure local administrator merge behavior for lists** and set the option to **Disabled**. Then select **OK**. -### Use Microsoft Endpoint Manager to disable local list merging +### Use Microsoft Intune to disable local list merging -1. In the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com), select **Endpoint security** > **Antivirus**. +1. In the [Microsoft Intune admin center](https://endpoint.microsoft.com), select **Endpoint security** > **Antivirus**. 2. Choose **Create Policy**, or modify an existing Microsoft Defender Antivirus policy. By default, lists that have been configured in local group policy and the Window ## Related topics -- [Microsoft Endpoint Manager](/mem/endpoint-manager-overview)+- [Microsoft Intune](/protect/advanced-threat-protection-configure) - [Microsoft Defender Antivirus in Windows](microsoft-defender-antivirus-in-windows-10.md) - [Configure end-user interaction with Microsoft Defender Antivirus](configure-end-user-interaction-microsoft-defender-antivirus.md) |
| security | Configure Microsoft Defender Antivirus Features | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-microsoft-defender-antivirus-features.md | Title: Configure Microsoft Defender Antivirus features -description: You can configure Microsoft Defender Antivirus features with Intune, Microsoft Endpoint Configuration Manager, Group Policy, and PowerShell. -keywords: Microsoft Defender Antivirus, antimalware, security, defender, configure, configuration, Config Manager, Microsoft Endpoint Configuration Manager, SCCM, Intune, MDM, mobile device management, GP, group policy, PowerShell +description: You can configure Microsoft Defender Antivirus features with Intune, Microsoft Configuration Manager, Group Policy, and PowerShell. +keywords: Microsoft Defender Antivirus, antimalware, security, defender, configure, configuration, Config Manager, Microsoft Configuration Manager, SCCM, Intune, MDM, mobile device management, GP, group policy, PowerShell ms.mktglfcycl: manage Last updated 04/08/2021 You can configure Microsoft Defender Antivirus with a number of tools, such as: -- Microsoft Endpoint Manager (which includes Microsoft Intune and Microsoft Endpoint Configuration Manager)+- Microsoft Intune +- Microsoft Configuration Manager - Group Policy - PowerShell cmdlets - Windows Management Instrumentation (WMI) |
| security | Configure Notifications Microsoft Defender Antivirus | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-notifications-microsoft-defender-antivirus.md | You can use Group Policy to: - Hide all notifications on endpoints - Hide reboot notifications on endpoints -Hiding notifications can be useful in situations where you can't hide the entire Microsoft Defender Antivirus interface. See [Prevent users from seeing or interacting with the Microsoft Defender Antivirus user interface](prevent-end-user-interaction-microsoft-defender-antivirus.md) for more information. Hiding notifications will only occur on endpoints to which the policy has been deployed. Notifications related to actions that must be taken (such as a reboot) will still appear on the [Microsoft Endpoint Manager Endpoint Protection monitoring dashboard and reports](/configmgr/protect/deploy-use/monitor-endpoint-protection). +Hiding notifications can be useful in situations where you can't hide the entire Microsoft Defender Antivirus interface. See [Prevent users from seeing or interacting with the Microsoft Defender Antivirus user interface](prevent-end-user-interaction-microsoft-defender-antivirus.md) for more information. Hiding notifications will only occur on endpoints to which the policy has been deployed. Notifications related to actions that must be taken (such as a reboot) will still appear on the [Microsoft Configuration Manager Endpoint Protection monitoring dashboard and reports](/configmgr/protect/deploy-use/monitor-endpoint-protection). To add custom contact information to endpoint notifications, see [Customize the Windows Security app for your organization](/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center). |
| security | Configure Process Opened File Exclusions Microsoft Defender Antivirus | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md | The exclusions only apply to [always-on real-time protection and monitoring](con Changes made with Group Policy to the exclusion lists **will show** in the lists in the [Windows Security app](microsoft-defender-security-center-antivirus.md). However, changes made in the Windows Security app **will not show** in the Group Policy lists. -You can add, remove, and review the lists for exclusions in Group Policy, Microsoft Endpoint Configuration Manager, Microsoft Intune, and with the Windows Security app, and you can use wildcards to further customize the lists. +You can add, remove, and review the lists for exclusions in Group Policy, Microsoft Configuration Manager, Microsoft Intune, and with the Windows Security app, and you can use wildcards to further customize the lists. You can also use PowerShell cmdlets and WMI to configure the exclusion lists, including reviewing your lists. You can [configure how locally and globally defined exclusions lists are merged] See [Configure device restriction settings in Microsoft Intune](/intune/device-restrictions-configure) and [Microsoft Defender Antivirus device restriction settings for Windows 10 in Intune](/intune/device-restrictions-windows-10#microsoft-defender-antivirus) for more details. -### Use Microsoft Endpoint Manager to exclude files that have been opened by specified processes from scans +### Use Microsoft Configuration Manager to exclude files that have been opened by specified processes from scans -See [How to create and deploy antimalware policies: Exclusion settings](/configmgr/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings) for details on configuring Microsoft Endpoint Manager (current branch). +See [How to create and deploy antimalware policies: Exclusion settings](/configmgr/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings) for details on configuring Microsoft Configuration Manager (current branch). ### Use Group Policy to exclude files that have been opened by specified processes from scans The following table describes how the wildcards can be used in the process exclu ## Review the list of exclusions -You can retrieve the items in the exclusion list with MpCmdRun, PowerShell, [Microsoft Endpoint Configuration Manager](/configmgr/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings), [Intune](/intune/device-restrictions-configure), or the [Windows Security app](microsoft-defender-security-center-antivirus.md). +You can retrieve the items in the exclusion list with MpCmdRun, PowerShell, [Microsoft Configuration Manager](/configmgr/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings), [Intune](/intune/device-restrictions-configure), or the [Windows Security app](microsoft-defender-security-center-antivirus.md). If you use PowerShell, you can retrieve the list in two ways: |
| security | Configure Updates | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-updates.md | Last updated 05/12/2021 > [!NOTE] > This functionality requires Microsoft Defender Antivirus version 4.18.2106.X or newer. -To create your own custom gradual rollout process for Defender updates, you can use Group Policy, Microsoft Endpoint Manager, and PowerShell. +To create your own custom gradual rollout process for Defender updates, you can use Group Policy, Microsoft Configuration Manager, and PowerShell. The following table lists the available group policy settings for configuring update channels: |
| security | Deploy And Manage Using Intune | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/deploy-and-manage-using-intune.md | For policy deployment in Intune, the account must have permissions to create, ed ## Deploy using Intune OMA-URI -Go to Microsoft Endpoint Manager admin center (<https://endpoint.microsoft.com/>) > **Devices** > **Configuration profiles** > **Create profile** > **Platform: Windows 10 and later, Profile type: Templates** > **Custom** > **Create**. +Go to the Microsoft Intune admin center (<https://endpoint.microsoft.com/>) > **Devices** > **Configuration profiles** > **Create profile** > **Platform: Windows 10 and later, Profile type: Templates** > **Custom** > **Create**. 1. Enable or Disable Device control (Optional): |
| security | Deploy Manage Removable Storage Intune | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/deploy-manage-removable-storage-intune.md | For policy deployment in Intune, the account must have permissions to create, ed ## Deploy Removable Storage Access Control by using Intune OMA-URI -Go to Microsoft Endpoint Manager admin center (<https://endpoint.microsoft.com/>) > **Devices** > **Configuration profiles** > **Create profile** > **Platform: Windows 10 and later, Profile type: Templates** > **Custom** > **Create**. +Go to the Microsoft Intune admin center (<https://endpoint.microsoft.com/>) > **Devices** > **Configuration profiles** > **Create profile** > **Platform: Windows 10 and later, Profile type: Templates** > **Custom** > **Create**. 1. Enable or Disable Device control (Optional): For this scenario, you need to create two groups: one removable storage group fo ## Deploy Removable Storage Access Control by using Intune user interface -This capability is available in the Microsoft Endpoint Manager admin center (<https://endpoint.microsoft.com/>). +This capability is available in the Microsoft Intune admin center (<https://endpoint.microsoft.com/>). Go to **Endpoint Security** > **Attack Surface Reduction** > **Create Policy**. Choose **Platform: Windows 10 and later** with **Profile: Device Control**. |
| security | Deploy Manage Report Microsoft Defender Antivirus | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/deploy-manage-report-microsoft-defender-antivirus.md | Title: Deploy, manage, and report on Microsoft Defender Antivirus -description: You can deploy and manage Microsoft Defender Antivirus with Intune, Microsoft Endpoint Configuration Manager, Group Policy, PowerShell, or WMI +description: You can deploy and manage Microsoft Defender Antivirus with Intune, Microsoft Configuration Manager, Group Policy, PowerShell, or WMI keywords: deploy, manage, update, protection, Microsoft Defender Antivirus ms.mktglfcycl: manage You can deploy, manage, and report on Microsoft Defender Antivirus in many ways. Because the Microsoft Defender Antivirus client is installed as a core part of Windows 10 and Windows 11, traditional deployment of a client to your endpoints doesn't apply. -However, in most cases you'll still need to enable the protection service on your endpoints with Microsoft Intune, Microsoft Endpoint Configuration Manager, Microsoft Defender for Cloud, or Group Policy Objects, which is described in the following table. +However, in most cases you'll still need to enable the protection service on your endpoints with Microsoft Intune, Microsoft Configuration Manager, Microsoft Defender for Cloud, or Group Policy Objects, which is described in the following table. You'll also see other links for: You'll also see other links for: | Tool|Deployment options (<a href="#fn2" id="ref2">2</a>)|Management options (network-wide configuration and policy or baseline deployment) ([3](#fn3))|Reporting options | ||| | Microsoft Intune|[Add endpoint protection settings in Intune](/intune/endpoint-protection-configure)|[Configure device restriction settings in Intune](/intune/device-restrictions-configure)| [Use the Intune console to manage devices](/intune/device-management)-Microsoft Endpoint Manager ([1](#fn1))|Use the [Endpoint Protection point site system role](/mem/configmgr/protect/deploy-use/endpoint-protection-site-role) and [enable Endpoint Protection with custom client settings](/mem/configmgr/protect/deploy-use/endpoint-protection-configure-client).|With [default and customized antimalware policies](/microsoft-365/security/office-365-security/anti-malware-policies-configure) and client management.|With the default [Configuration Manager Monitoring workspace](/mem/configmgr/apps/deploy-use/monitor-applications-from-the-console) and email alerts. | +Microsoft Configuration Manager ([1](#fn1))|Use the [Endpoint Protection point site system role](/mem/configmgr/protect/deploy-use/endpoint-protection-site-role) and [enable Endpoint Protection with custom client settings](/mem/configmgr/protect/deploy-use/endpoint-protection-configure-client).|With [default and customized antimalware policies](/microsoft-365/security/office-365-security/anti-malware-policies-configure) and client management.|With the default [Configuration Manager Monitoring workspace](/mem/configmgr/apps/deploy-use/monitor-applications-from-the-console) and email alerts. | | Group Policy and Active Directory (domain-joined)|Use a Group Policy Object to deploy configuration changes and ensure Microsoft Defender Antivirus is enabled.|Use Group Policy Objects (GPOs) to [configure update options for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/manage-protection-update-schedule-microsoft-defender-antivirus) and [configure Windows Defender features](/microsoft-365/security/defender-endpoint/configure-microsoft-defender-antivirus-features).|Endpoint reporting isn't available with Group Policy. You can generate a list of Group Policies to determine if any settings or policies aren't applied. |-| PowerShell|Deploy with Group Policy, Microsoft Endpoint Configuration Manager, or manually on individual endpoints.|Use the [Set-MpPreference](/powershell/module/defender/set-mppreference) and [Update-MpSignature](/powershell/module/defender/update-mpsignature) cmdlets available in the Defender module.|Use the appropriate [Get- cmdlets available in the Defender module](/powershell/module/defender). | -| Windows Management Instrumentation|Deploy with Group Policy, Microsoft Endpoint Configuration Manager, or manually on individual endpoints.|Use the [Set method of the MSFT_MpPreference class](/previous-versions/windows/desktop/defender/set-msft-mppreference) and the [Update method of the MSFT_MpSignature class](/previous-versions/windows/desktop/defender/update-msft-mpsignature).|Use the [MSFT_MpComputerStatus](/previous-versions/windows/desktop/defender/msft-mpcomputerstatus) class and the get method of associated classes in the [Windows Defender WMIv2 Provider](/windows/win32/wmisdk/wmi-providers). | +| PowerShell|Deploy with Group Policy, Microsoft Configuration Manager, or manually on individual endpoints.|Use the [Set-MpPreference](/powershell/module/defender/set-mppreference) and [Update-MpSignature](/powershell/module/defender/update-mpsignature) cmdlets available in the Defender module.|Use the appropriate [Get- cmdlets available in the Defender module](/powershell/module/defender). | +| Windows Management Instrumentation|Deploy with Group Policy, Microsoft Configuration Manager, or manually on individual endpoints.|Use the [Set method of the MSFT_MpPreference class](/previous-versions/windows/desktop/defender/set-msft-mppreference) and the [Update method of the MSFT_MpSignature class](/previous-versions/windows/desktop/defender/update-msft-mpsignature).|Use the [MSFT_MpComputerStatus](/previous-versions/windows/desktop/defender/msft-mpcomputerstatus) class and the get method of associated classes in the [Windows Defender WMIv2 Provider](/windows/win32/wmisdk/wmi-providers). | | Microsoft Azure|Deploy Microsoft Antimalware for Azure in the [Azure portal, by using Visual Studio virtual machine configuration, or using Azure PowerShell cmdlets](/azure/security/azure-security-antimalware#antimalware-deployment-scenarios). You can also [Install Endpoint protection in Microsoft Defender for Cloud](/azure/defender-for-cloud/endpoint-protection-recommendations-technical).|Configure [Microsoft Antimalware for Virtual Machines and Cloud Services with Azure PowerShell cmdlets](/azure/security/azure-security-antimalware#enable-and-configure-antimalware-using-powershell-cmdlets) or [use code samples](https://gallery.technet.microsoft.com/Antimalware-For-Azure-5ce70efe).|Use [Microsoft Antimalware for Virtual Machines and Cloud Services with Azure PowerShell cmdlets](/azure/security/azure-security-antimalware#enable-and-configure-antimalware-using-powershell-cmdlets) to enable monitoring. You can also review usage reports in Azure Active Directory to determine suspicious activity, including the Possibly infected devices report, and configure an SIEM tool to report on [event logs and error codes in Microsoft Defender Antivirus](troubleshoot-microsoft-defender-antivirus.md) and add that tool as an app in Azure AD. | -1. <span id="fn1" />The availability of some functions and features, especially related to cloud-delivered protection, differ between Microsoft Endpoint Manager (Current Branch) and System Center 2012 Configuration Manager. In this library, we've focused on Windows 10, Windows 11, Windows Server 2016, and Microsoft Endpoint Manager (Current Branch). See [Use Microsoft cloud-provided protection in Microsoft Defender Antivirus](cloud-protection-microsoft-defender-antivirus.md) for a table that describes the major differences. [(Return to table)](#ref2) +1. <span id="fn1" />The availability of some functions and features, especially related to cloud-delivered protection, differ between Microsoft Configuration Manager (Current Branch) and System Center 2012 Configuration Manager. In this library, we've focused on Windows 10, Windows 11, Windows Server 2016, and Microsoft Configuration Manager (Current Branch). See [Use Microsoft cloud-provided protection in Microsoft Defender Antivirus](cloud-protection-microsoft-defender-antivirus.md) for a table that describes the major differences. [(Return to table)](#ref2) 2. <span id="fn2" />In Windows 10 and Windows 11, Microsoft Defender Antivirus is a component available without installation or deployment of another client or service. It will automatically be enabled when third-party antivirus products are either uninstalled or out of date (except on Windows Server 2016). Traditional deployment, therefore, isn't required. Deployment here refers to ensuring the Microsoft Defender Antivirus component is available and enabled on endpoints or servers. [(Return to table)](#ref2) Microsoft Endpoint Manager ([1](#fn1))|Use the [Endpoint Protection point site s Article | Description |-[Deploy and enable Microsoft Defender Antivirus protection](deploy-microsoft-defender-antivirus.md) | While the client is installed as a core part of Windows 10 or Windows 11, and traditional deployment doesn't apply, you'll still need to enable the client on your endpoints with Microsoft Endpoint Configuration Manager, Microsoft Intune, or Group Policy Objects. -[Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md) | There are two parts to updating Microsoft Defender Antivirus: updating the client on endpoints (product updates), and updating Security intelligence (protection updates). You can update Security intelligence in many ways, using Microsoft Endpoint Configuration Manager, Group Policy, PowerShell, and WMI. -[Monitor and report on Microsoft Defender Antivirus protection](report-monitor-microsoft-defender-antivirus.md) | You can use Microsoft Intune, Microsoft Endpoint Configuration Manager, the Update Compliance add-in for Microsoft Operations Management Suite, or a third-party SIEM product (by consuming Windows event logs) to monitor protection status and create reports about endpoint protection. +[Deploy and enable Microsoft Defender Antivirus protection](deploy-microsoft-defender-antivirus.md) | While the client is installed as a core part of Windows 10 or Windows 11, and traditional deployment doesn't apply, you'll still need to enable the client on your endpoints with Microsoft Configuration Manager, Microsoft Intune, or Group Policy Objects. +[Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md) | There are two parts to updating Microsoft Defender Antivirus: updating the client on endpoints (product updates), and updating Security intelligence (protection updates). You can update Security intelligence in many ways, using Microsoft Configuration Manager, Group Policy, PowerShell, and WMI. +[Monitor and report on Microsoft Defender Antivirus protection](report-monitor-microsoft-defender-antivirus.md) | You can use Microsoft Intune, Microsoft Configuration Manager, the Update Compliance add-in for Microsoft Operations Management Suite, or a third-party SIEM product (by consuming Windows event logs) to monitor protection status and create reports about endpoint protection. > [!TIP] > If you're looking for Antivirus related information for other platforms, see: |
| security | Deployment Phases | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/deployment-phases.md | All these capabilities are available for Microsoft Defender for Endpoint license ### In scope -- Use of Microsoft Endpoint Manager and Microsoft Endpoint Configuration Manager to onboard endpoints into the service and configure capabilities+- Use of Microsoft Intune and Microsoft Configuration Manager to onboard endpoints into the service and configure capabilities - Enabling Defender for Endpoint endpoint detection and response (EDR) capabilities - Enabling Defender for Endpoint endpoint protection platform (EPP) capabilities - Next-generation protection |
| security | Deployment Rings | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/deployment-rings.md | The following table shows the supported endpoints and the corresponding tool you |Endpoint|Deployment tool| |||-|**Windows**|[Local script (up to 10 devices)](configure-endpoints-script.md) <br> [Group Policy](configure-endpoints-gp.md) <br> [Microsoft Endpoint Manager/ Mobile Device Manager](configure-endpoints-mdm.md) <br> [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) <br> [VDI scripts](configure-endpoints-vdi.md)| +|**Windows**|[Local script (up to 10 devices)](configure-endpoints-script.md) <br> [Group Policy](configure-endpoints-gp.md) <br> [Microsoft Intune/ Mobile Device Manager](configure-endpoints-mdm.md) <br> [Microsoft Configuration Manager](configure-endpoints-sccm.md) <br> [VDI scripts](configure-endpoints-vdi.md)| |**Windows servers<br><br>Linux servers** | [Integration with Microsoft Defender for Cloud](azure-server-integration.md)-|**macOS**|[Local script](mac-install-manually.md) <br> [Microsoft Endpoint Manager](mac-install-with-intune.md) <br> [JAMF Pro](mac-install-with-jamf.md) <br> [Mobile Device Management](mac-install-with-other-mdm.md)| +|**macOS**|[Local script](mac-install-manually.md) <br> [Microsoft Intune](mac-install-with-intune.md) <br> [JAMF Pro](mac-install-with-jamf.md) <br> [Mobile Device Management](mac-install-with-other-mdm.md)| |**Linux servers**|[Local script](linux-install-manually.md) <br> [Puppet](linux-install-with-puppet.md) <br> [Ansible](linux-install-with-ansible.md) <br> [Chef](linux-deploy-defender-for-endpoint-with-chef.md)<br> [Saltstack](linux-install-with-saltack.md)|-|**Android**|[Microsoft Endpoint Manager](android-intune.md)| -|**iOS**|[Microsoft Endpoint Manager](ios-install.md) <br> [Mobile Application Manager](ios-install-unmanaged.md) | +|**Android**|[Microsoft Intune](android-intune.md)| +|**iOS**|[Microsoft Intune](ios-install.md) <br> [Mobile Application Manager](ios-install-unmanaged.md) | ### Full deployment |
| security | Deployment Strategy | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/deployment-strategy.md | Title: Plan your Microsoft Defender for Endpoint deployment description: Select the best Microsoft Defender for Endpoint deployment strategy for your environment -keywords: deploy, plan, deployment strategy, cloud native, management, on prem, evaluation, onboarding, local, group policy, gp, endpoint manager, mem +keywords: deploy, plan, deployment strategy, cloud native, management, on prem, evaluation, onboarding, local, group policy, gp, endpoint manager, mem, intune search.product: eADQiWindows 10XVcnh ms.mktglfcycl: deploy The following table lists the supported endpoints and the corresponding deployme |Endpoint|Deployment tool| |||-|**Windows**|[Local script (up to 10 devices)](configure-endpoints-script.md) <br> [Group Policy](configure-endpoints-gp.md) <br> [Microsoft Endpoint Manager/ Mobile Device Manager](configure-endpoints-mdm.md) <br> [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) <br> [VDI scripts](configure-endpoints-vdi.md)| +|**Windows**|[Local script (up to 10 devices)](configure-endpoints-script.md) <br> [Group Policy](configure-endpoints-gp.md) <br> [Microsoft Intune/ Mobile Device Manager](configure-endpoints-mdm.md) <br> [Microsoft Configuration Manager](configure-endpoints-sccm.md) <br> [VDI scripts](configure-endpoints-vdi.md)| |**Windows servers<br><br>Linux servers** | [Integration with Microsoft Defender for Cloud](azure-server-integration.md)-|**macOS**|[Local script](mac-install-manually.md) <br> [Microsoft Endpoint Manager](mac-install-with-intune.md) <br> [JAMF Pro](mac-install-with-jamf.md) <br> [Mobile Device Management](mac-install-with-other-mdm.md)| +|**macOS**|[Local script](mac-install-manually.md) <br> [Microsoft Intune](mac-install-with-intune.md) <br> [JAMF Pro](mac-install-with-jamf.md) <br> [Mobile Device Management](mac-install-with-other-mdm.md)| |**Linux servers**|[Local script](linux-install-manually.md) <br> [Puppet](linux-install-with-puppet.md) <br> [Ansible](linux-install-with-ansible.md) <br> [Chef](linux-deploy-defender-for-endpoint-with-chef.md)<br> [Saltstack](linux-install-with-saltack.md)|-|**Android**|[Microsoft Endpoint Manager](android-intune.md)| -|**iOS**|[Microsoft Endpoint Manager](ios-install.md) <br> [Mobile Application Manager](ios-install-unmanaged.md) | +|**Android**|[Microsoft Intune](android-intune.md)| +|**iOS**|[Microsoft Intune](ios-install.md) <br> [Mobile Application Manager](ios-install-unmanaged.md) | ## Step 3: Configure capabilities |
| security | Detect Block Potentially Unwanted Apps Microsoft Defender Antivirus | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md | The notification appears in the usual [quarantine list within the Windows Securi ## Configure PUA protection in Microsoft Defender Antivirus -You can enable PUA protection with [Microsoft Intune](/mem/intune/protect/device-protect), [Microsoft Endpoint Configuration Manager](/mem/configmgr/protect/deploy-use/endpoint-protection), [Group Policy](/azure/active-directory-domain-services/manage-group-policy), or via [PowerShell cmdlets](/powershell/module/defender/?preserve-view=true&view=win10-ps). +You can enable PUA protection with [Microsoft Intune](/mem/intune/protect/device-protect), [Microsoft Configuration Manager](/mem/configmgr/protect/deploy-use/endpoint-protection), [Group Policy](/azure/active-directory-domain-services/manage-group-policy), or via [PowerShell cmdlets](/powershell/module/defender/?preserve-view=true&view=win10-ps). You can also use PUA protection in audit mode to detect potentially unwanted applications without blocking them. The detections are captured in the Windows event log. PUA protection in audit mode is useful if your company is conducting an internal software security compliance check and you'd like to avoid any false positives. See [Configure device restriction settings in Microsoft Intune](/intune/device-r ### Use Configuration Manager to configure PUA protection -PUA protection is enabled by default in the Microsoft Endpoint Manager (Current Branch). +PUA protection is enabled by default in the Microsoft Configuration Manager (Current Branch). -See [How to create and deploy antimalware policies: Scheduled scans settings](/configmgr/protect/deploy-use/endpoint-antimalware-policies#real-time-protection-settings) for details on configuring Microsoft Endpoint Manager (Current Branch). +See [How to create and deploy antimalware policies: Scheduled scans settings](/configmgr/protect/deploy-use/endpoint-antimalware-policies#real-time-protection-settings) for details on configuring Microsoft Configuration Manager (Current Branch). For System Center 2012 Configuration Manager, see [How to Deploy Potentially Unwanted Application Protection Policy for Endpoint Protection in Configuration Manager](/previous-versions/system-center/system-center-2012-R2/hh508770(v=technet.10)#BKMK_PUA). > [!NOTE]-> PUA events blocked by Microsoft Defender Antivirus are reported in the Windows Event Viewer and not in Microsoft Endpoint Configuration Manager. +> PUA events blocked by Microsoft Defender Antivirus are reported in the Windows Event Viewer and not in Microsoft Configuration Manager. ### Use Group Policy to configure PUA protection For more information, see [Use PowerShell cmdlets to configure and run Microsoft ## View PUA events using PowerShell -PUA events are reported in the Windows Event Viewer, but not in Microsoft Endpoint Manager or in Intune. You can also use the `Get-MpThreat` cmdlet to view threats that Microsoft Defender Antivirus handled. Here's an example: +PUA events are reported in the Windows Event Viewer, but not in Microsoft Configuration Manager or in Intune. You can also use the `Get-MpThreat` cmdlet to view threats that Microsoft Defender Antivirus handled. Here's an example: ```console CategoryID : 27 |
| security | Device Control Removable Storage Protection | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-control-removable-storage-protection.md | To manage external storage, use removable storage access control instead of [dev **Windows 10 and Windows 11 support details**: - Applied at either the device level, user level. or both. Only allow specific people performing Read/Write/Execute access to specific removable storage on specific machine.-- Support MEM OMA-URI and GPO.+- Support Intune OMA-URI and GPO. - For Windows devices, see [Removable storage Access Control](device-control-removable-storage-access-control.md). **Supported Platform** - Windows 10, Windows 11 To manage external storage, use removable storage access control instead of [dev **Windows 10 and Windows 11 support details**: - Applied at the device level: the same policy applies for any logged on user.-- Supports Microsoft Endpoint Manager and Group Policy Objects.+- Supports Microsoft Configuration Manager and Group Policy Objects. - For more information on Windows, see [How to control USB devices and other removable media using Microsoft Defender for Endpoint](control-usb-devices-using-intune.md). **Supported Platform** - Windows 10, Windows 11 |
| security | Device Discovery Faq | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-discovery-faq.md | This mode allows every Microsoft Defender for Endpoint onboarded device to colle ## Can I disable Basic discovery? -You have the option to turn off device discovery through the [Advanced features](advanced-features.md) page. However, you will lose visibility on unmanaged devices in your network. Note that SenseNDR.exe will still be running on the onboarded devices regardless discovery is turned off. +You have the option to turn off device discovery through the [Advanced features](advanced-features.md) page. However, you will lose visibility on unmanaged devices in your network. Note that even if device discovery is turned off, SenseNDR.exe will still be running on the onboarded devices. ## What is Standard discovery mode? |
| security | Enable Attack Surface Reduction | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction.md | You can enable attack surface reduction rules by using any of these methods: - [Microsoft Intune](#intune) - [Mobile Device Management (MDM)](#mdm)-- [Microsoft Endpoint Configuration Manager](#microsoft-endpoint-configuration-manager)+- [Microsoft Configuration Manager](#microsoft-configuration-manager) - [Group Policy](#group-policy) - [PowerShell](#powershell) -Enterprise-level management such as Intune or Microsoft Endpoint Manager is recommended. Enterprise-level management will overwrite any conflicting Group Policy or PowerShell settings on startup. +Enterprise-level management such as Intune or Microsoft Configuration Manager is recommended. Enterprise-level management will overwrite any conflicting Group Policy or PowerShell settings on startup. ## Exclude files and folders from ASR rules ASR rules support environment variables and wildcards. For information about usi 1. If a conflicting policy is applied via MDM and GP, the setting applied from MDM will take precedence. -2. Attack surface reduction rules for MEM-managed devices now support behavior for merger of settings from different policies, to create a superset of policy for each device. Only the settings that are not in conflict are merged, while those that are in conflict are not added to the superset of rules. Previously, if two policies included conflicts for a single setting, both policies were flagged as being in conflict, and no settings from either profile would be deployed. Attack surface reduction rule merge behavior is as follows: +2. Attack surface reduction rules for managed devices now support behavior for merger of settings from different policies, to create a superset of policy for each device. Only the settings that are not in conflict are merged, while those that are in conflict are not added to the superset of rules. Previously, if two policies included conflicts for a single setting, both policies were flagged as being in conflict, and no settings from either profile would be deployed. Attack surface reduction rule merge behavior is as follows: - Attack surface reduction rules from the following profiles are evaluated for each device to which the rules apply: - Devices > Configuration policy > Endpoint protection profile > **Microsoft Defender Exploit Guard** > [Attack Surface Reduction](/mem/intune/protect/endpoint-protection-windows-10#attack-surface-reduction-rules). - Endpoint security > **Attack surface reduction policy** > [Attack surface reduction rules](/mem/intune/protect/endpoint-security-asr-policy#devices-managed-by-intune). ASR rules support environment variables and wildcards. For information about usi This section provides configuration details for the following configuration methods: - [Intune](#intune)-- [MEM](#mem)+- [Custom profile in Intune](#custom-profile-in-intune) - [MDM](#mdm)-- [Microsoft Endpoint Configuration Manager](#microsoft-endpoint-configuration-manager)+- [Microsoft Configuration Manager](#microsoft-configuration-manager) - [Group Policy](#group-policy) - [PowerShell](#powershell) The following procedures for enabling ASR rules include instructions for how to 4. Select **Next** on the three configuration panes, then select **Create** if you're creating a new policy or **Save** if you're editing an existing policy. -### MEM +### Custom profile in Intune -You can use Microsoft Endpoint Manager (MEM) OMA-URI to configure custom ASR rules. The following procedure uses the rule [Block abuse of exploited vulnerable signed drivers](attack-surface-reduction-rules-reference.md#block-abuse-of-exploited-vulnerable-signed-drivers) for the example. +You can use Microsoft Intune OMA-URI to configure custom ASR rules. The following procedure uses the rule [Block abuse of exploited vulnerable signed drivers](attack-surface-reduction-rules-reference.md#block-abuse-of-exploited-vulnerable-signed-drivers) for the example. -1. Open the Microsoft Endpoint Manager (MEM) admin center. In the **Home** menu, click **Devices**, select **Configuration profiles**, and then click **Create profile**. +1. Open the Microsoft Intune admin center. In the **Home** menu, click **Devices**, select **Configuration profiles**, and then click **Create profile**. - :::image type="content" source="images/mem01-create-profile.png" alt-text="The Create profile page in the Microsoft Endpoint Manager admin center portal" lightbox="images/mem01-create-profile.png"::: + :::image type="content" source="images/mem01-create-profile.png" alt-text="The Create profile page in the Microsoft Intune admin center portal." lightbox="images/mem01-create-profile.png"::: 2. In **Create a profile**, in the following two drop-down lists, select the following: You can use Microsoft Endpoint Manager (MEM) OMA-URI to configure custom ASR rul Select **Custom**, and then select **Create**. - :::image type="content" source="images/mem02-profile-attributes.png" alt-text="The rule profile attributes in the Microsoft Endpoint Manager admin center portal" lightbox="images/mem02-profile-attributes.png"::: + :::image type="content" source="images/mem02-profile-attributes.png" alt-text="The rule profile attributes in the Microsoft Intune admin center portal." lightbox="images/mem02-profile-attributes.png"::: 3. The Custom template tool opens to step **1 Basics**. In **1 Basics**, in **Name**, type a name for your template, and in **Description** you can type a description (optional). - :::image type="content" source="images/mem03-1-basics.png" alt-text="The basic attributes in the Microsoft Endpoint Manager admin center portal" lightbox="images/mem03-1-basics.png"::: + :::image type="content" source="images/mem03-1-basics.png" alt-text="The basic attributes in the Microsoft Intune admin center portal" lightbox="images/mem03-1-basics.png"::: 4. Click **Next**. Step **2 Configuration settings** opens. For OMA-URI Settings, click **Add**. Two options now appear: **Add** and **Export**. - :::image type="content" source="images/mem04-2-configuration-settings.png" alt-text="The configuration settings in the Microsoft Endpoint Manager admin center portal" lightbox="images/mem04-2-configuration-settings.png"::: + :::image type="content" source="images/mem04-2-configuration-settings.png" alt-text="The configuration settings in the Microsoft Intune admin center portal." lightbox="images/mem04-2-configuration-settings.png"::: 5. Click **Add** again. The **Add Row OMA-URI Settings** opens. In **Add Row**, do the following: You can use Microsoft Endpoint Manager (MEM) OMA-URI to configure custom ASR rul - 2 : Audit (Evaluate how the ASR rule would impact your organization if enabled) - 6 : Warn (Enable the ASR rule but allow the end-user to bypass the block) - :::image type="content" source="images/mem05-add-row-oma-uri.png" alt-text="The OMA URI configuration in the Microsoft Endpoint Manager admin center portal" lightbox="images/mem05-add-row-oma-uri.png"::: + :::image type="content" source="images/mem05-add-row-oma-uri.png" alt-text="The OMA URI configuration in the Microsoft Intune admin center portal" lightbox="images/mem05-add-row-oma-uri.png"::: 6. Select **Save**. **Add Row** closes. In **Custom**, select **Next**. In step **3 Scope tags**, scope tags are optional. Do one of the following: You can use Microsoft Endpoint Manager (MEM) OMA-URI to configure custom ASR rul - **Add all users** - **Add all devices** - :::image type="content" source="images/mem06-4-assignments.png" alt-text="The assignments in the Microsoft Endpoint Manager admin center portal" lightbox="images/mem06-4-assignments.png"::: + :::image type="content" source="images/mem06-4-assignments.png" alt-text="The assignments in the Microsoft Intune admin center portal" lightbox="images/mem06-4-assignments.png"::: 8. In **Excluded groups**, select any groups that you want to exclude from this rule, and then select **Next**. You can use Microsoft Endpoint Manager (MEM) OMA-URI to configure custom ASR rul - In **Property**, select the property to which you want this rule to apply - In **Value**, enter the applicable value or value range - :::image type="content" source="images/mem07-5-applicability-rules.png" alt-text="The applicability rules in the Microsoft Endpoint Manager admin center portal" lightbox="images/mem07-5-applicability-rules.png"::: + :::image type="content" source="images/mem07-5-applicability-rules.png" alt-text="The applicability rules in the Microsoft Intune admin center portal" lightbox="images/mem07-5-applicability-rules.png"::: 10. Select **Next**. In step **6 Review + create**, review the settings and information you have selected and entered, and then select **Create**. - :::image type="content" source="images/mem08-6-review-create.png" alt-text="The Review and create option in the Microsoft Endpoint Manager admin center portal" lightbox="images/mem08-6-review-create.png"::: + :::image type="content" source="images/mem08-6-review-create.png" alt-text="The Review and create option in the Microsoft Intune admin center portal" lightbox="images/mem08-6-review-create.png"::: > [!NOTE] > Rules are active and live within minutes. Example: > [!NOTE] > Be sure to enter OMA-URI values without spaces. -### Microsoft Endpoint Configuration Manager +### Microsoft Configuration Manager -1. In Microsoft Endpoint Configuration Manager, go to **Assets and Compliance** \> **Endpoint Protection** \> **Windows Defender Exploit Guard**. +1. In Microsoft Configuration Manager, go to **Assets and Compliance** \> **Endpoint Protection** \> **Windows Defender Exploit Guard**. 2. Select **Home** \> **Create Exploit Guard Policy**. |
| security | Enable Controlled Folders | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/enable-controlled-folders.md | Last updated 12/18/2020 You can enable controlled folder access by using any of these methods: - [Windows Security app *](#windows-security-app)-- [Microsoft Endpoint Manager](#endpoint-manager)+- [Microsoft Intune](#microsoft-intune) - [Mobile Device Management (MDM)](#mobile-device-management-mdm)-- [Microsoft Endpoint Configuration Manager](#microsoft-endpoint-configuration-manager)+- [Microsoft Configuration Manager](#microsoft-configuration-manager) - [Group Policy](#group-policy) - [PowerShell](#powershell) For more information about disabling local list merging, see [Prevent or allow u > If the feature is set to **Audit mode** with any of those tools, the Windows Security app will show the state as **Off**. > If you are protecting user profile data, we recommend that the user profile should be on the default Windows installation drive. -## Endpoint Manager +## Microsoft Intune -1. Sign in to the [Endpoint Manager](https://endpoint.microsoft.com) and open **Endpoint Security**. +1. Sign in to the [Microsoft Intune admin center](https://endpoint.microsoft.com) and open **Endpoint Security**. 2. Go to **Attack Surface Reduction** \> **Policy**. For more information about disabling local list merging, see [Prevent or allow u Use the [./Vendor/MSFT/Policy/Config/ControlledFolderAccessProtectedFolders](/windows/client-management/mdm/policy-csp-defender) configuration service provider (CSP) to allow apps to make changes to protected folders. -## Microsoft Endpoint Configuration Manager +## Microsoft Configuration Manager -1. In Microsoft Endpoint Configuration Manager, go to **Assets and Compliance** \> **Endpoint Protection** \> **Windows Defender Exploit Guard**. +1. In Microsoft Configuration Manager, go to **Assets and Compliance** \> **Endpoint Protection** \> **Windows Defender Exploit Guard**. 2. Select **Home** \> **Create Exploit Guard Policy**. |
| security | Enable Exploit Protection | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/enable-exploit-protection.md | You can enable each mitigation separately by using any of these methods: - [Windows Security app](#windows-security-app) - [Microsoft Intune](#intune) - [Mobile Device Management (MDM)](#mdm)-- [Microsoft Endpoint Configuration Manager](#microsoft-endpoint-configuration-manager)+- [Microsoft Configuration Manager](#microsoft-configuration-manager) - [Group Policy](#group-policy) - [PowerShell](#powershell) The result is that DEP is enabled for *test.exe*. DEP will not be enabled for an Use the [./Vendor/MSFT/Policy/Config/ExploitGuard/ExploitProtectionSettings](/windows/client-management/mdm/policy-csp-exploitguard) configuration service provider (CSP) to enable or disable exploit protection mitigations or to use audit mode. -## Microsoft Endpoint Manager +## Microsoft Configuration Manager -1. In Microsoft Endpoint Manager, go to **Endpoint Security** \> **Attack surface reduction**. +### Endpoint Security ++1. In Microsoft Configuration Manager, go to **Endpoint Security** \> **Attack surface reduction**. 2. Select **Create Policy** \> **Platform**, and for **Profile**, choose **Exploit Protection**. Then select **Create**. Use the [./Vendor/MSFT/Policy/Config/ExploitGuard/ExploitProtectionSettings](/wi 6. Under **Review + create**, review your configuration settings, and then choose **Create**. -## Microsoft Endpoint Configuration Manager +### Assets and Compliance -1. In Microsoft Endpoint Configuration Manager, go to **Assets and Compliance** \> **Endpoint Protection** \> **Windows Defender Exploit Guard**. +1. In Microsoft Configuration Manager, go to **Assets and Compliance** \> **Endpoint Protection** \> **Windows Defender Exploit Guard**. 2. Select **Home** \> **Create Exploit Guard Policy**. |
| security | Enable Network Protection | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/enable-network-protection.md | Enable network protection by using any of these methods: - [PowerShell](#powershell) - [Mobile Device Management (MDM)](#mobile-device-management-mdm)-- [Microsoft Endpoint Manager](#microsoft-endpoint-manager)+- [Microsoft Intune](#microsoft-intune) - [Group Policy](#group-policy)-- [Microsoft Endpoint Configuration Manager](#microsoft-endpoint-configuration-manager)+- [Microsoft Configuration Manager](#microsoft-configuration-manager) ### PowerShell Use the [./Vendor/MSFT/Policy/Config/Defender/EnableNetworkProtection](/windows/ [Update Microsoft Defender antimalware platform to the latest version](https://support.microsoft.com/topic/update-for-microsoft-defender-antimalware-platform-92e21611-8cf1-8e0e-56d6-561a07d144cc) before you enable or disable network protection or enable audit mode. -### Microsoft Endpoint Manager +### Microsoft Intune #### Microsoft Defender for Endpoint Baseline method -1. Sign into the Microsoft Endpoint Manager admin center (https://endpoint.microsoft.com). +1. Sign into the Microsoft Intune admin center (https://endpoint.microsoft.com). 2. Go to **Endpoint security** > **Security baselines** > **Microsoft Defender for Endpoint Baseline**. 3. Select **Create a profile**, then provide a name for your profile, and then select **Next**. 4. In the **Configuration settings** section, go to **Attack Surface Reduction Rules** > set **Block**, **Enable** or **Audit** for **Enable network protection**. Select **Next**. Use the [./Vendor/MSFT/Policy/Config/Defender/EnableNetworkProtection](/windows/ 7. Review all the information, and then select **Create**. #### Antivirus policy method-1. Sign into the Microsoft Endpoint Manager admin center (https://endpoint.microsoft.com). +1. Sign into the Microsoft Intune admin center (https://endpoint.microsoft.com). 2. Go to **Endpoint security** > **Antivirus** 3. Select **Create a policy** 4. In the **Create a policy** flyout, choose **Windows 10, Windows 11, and Windows Server** from the **Platform** list. Use the [./Vendor/MSFT/Policy/Config/Defender/EnableNetworkProtection](/windows/ #### Configuration profile method -1. Sign into the Microsoft Endpoint Manager admin center (https://endpoint.microsoft.com). +1. Sign into the Microsoft Intune admin center (https://endpoint.microsoft.com). 2. Go to **Devices** > **Configuration profiles** > **Create profile**. Use the following procedure to enable network protection on domain-joined comput > [!NOTE] > Optional: Follow the steps in [Check if network protection is enabled](#check-if-network-protection-is-enabled) to verify that your Group Policy settings are correct. -### Microsoft Endpoint Configuration Manager +### Microsoft Configuration Manager 1. Open the Configuration Manager console. |
| security | Evaluate Controlled Folder Access | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/evaluate-controlled-folder-access.md | Set-MpPreference -EnableControlledFolderAccess AuditMode > [!TIP] > If you want to fully audit how controlled folder access will work in your organization, you'll need to use a management tool to deploy this setting to devices in your network(s).-You can also use Group Policy, Intune, mobile device management (MDM), or Microsoft Endpoint Manager to configure and deploy the setting, as described in the main [controlled folder access topic](controlled-folders.md). +You can also use Group Policy, Intune, mobile device management (MDM), or Microsoft Configuration Manager to configure and deploy the setting, as described in the main [controlled folder access topic](controlled-folders.md). ## Review controlled folder access events in Windows Event Viewer |
| security | Faqs Tamper Protection | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/faqs-tamper-protection.md | Devices that are onboarded to Microsoft Defender for Endpoint will have Microsof If you're an organization using [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint), you should be able to manage tamper protection in Intune similar to how you manage other endpoint protection features. See the following sections of this article: -- [Manage tamper protection using Microsoft Endpoint Manager](manage-tamper-protection-microsoft-endpoint-manager.md)+- [Manage tamper protection using Microsoft Intune](manage-tamper-protection-microsoft-endpoint-manager.md) - [Manage tamper protection using Microsoft 365 Defender](manage-tamper-protection-microsoft-365-defender.md) If you're a home user, see [Manage tamper protection on an individual device](manage-tamper-protection-individual-device.md). You can use a registry key to determine whether the functionality to protect Mic > [!CAUTION] > Do not change the value of **TPExclusions**. Use the preceding procedure for information only. Changing the key will have no effect on whether tamper protection applies to exclusions. -## Can I configure tamper protection with Microsoft Endpoint Configuration Manager? +## Can I configure tamper protection with Microsoft Configuration Manager? -If you're using tenant attach, you can use Microsoft Endpoint Configuration Manager. See the following resources: +If you're using tenant attach, you can use Microsoft Configuration Manager. See the following resources: - [Manage tamper protection using tenant attach with Configuration Manager, version 2006](manage-tamper-protection-configuration-manager.md) - [Tech Community blog: Announcing Tamper Protection for Configuration Manager Tenant Attach clients](https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/announcing-tamper-protection-for-configuration-manager-tenant/ba-p/1700246#.X3QLR5Ziqq8.linkedin) |
| security | Ios Configure Features | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/ios-configure-features.md | This configuration is available for both the enrolled (MDM) devices as well as u 1. **Disable Web Protection(MDM)** Use the following steps to disable **Web Protection** for enrolled devices. - - In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** > **App configuration policies** > **Add** > **Managed devices**. + - In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** > **App configuration policies** > **Add** > **Managed devices**. - Give the policy a name, **Platform > iOS/iPadOS**. - Select Microsoft Defender for Endpoint as the target app. - In Settings page, select Use configuration designer and add **WebProtection** as the key and value type as **String**. This configuration is available for both the enrolled (MDM) devices as well as u 1. **Disable Web Protection(MAM)** Use the following steps to disable **Web Protection** for unenrolled devices. - - In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** > **App configuration policies** > **Add** > **Managed apps**. + - In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** > **App configuration policies** > **Add** > **Managed apps**. - Give the policy a name. - Under the Select Public Apps, choose Microsoft Defender for Endpoint as the target app. - In Settings page, under the General Configuration Settings, add **WebProtection** as the key and value as **false**. Network protection in Microsoft Defender for endpoint is disabled by default. Ad Follow the below steps for setting up MDM configuration for enrolled devices for Network protection. -1. In Microsoft Endpoint Manager Admin, navigate to **Apps** > **App configuration policies** > **Add** > **Managed devices**. +1. In the Microsoft Intune admin center, navigate to **Apps** > **App configuration policies** > **Add** > **Managed devices**. 1. Provide name and description for the policy. In Platform choose **iOS/iPad**. 1. In targeted app choose **Microsoft Defender for Endpoint**. 1. In the Settings page, choose configuration settings format **Use configuration designer**. Follow the below steps for setting up MDM configuration for enrolled devices for Follow the below steps for setting up MAM config for unenrolled devices for Network protection (Authenticator device registration is required for MAM configuration) in iOS devices. Network Protection initialization will require the end user to open the app once. -1. In the Microsoft Endpoint Manager admin center, navigate to **Apps** > **App configuration policies** > **Add** > **Managed apps** > **Create a new App configuration policy**. +1. In the Microsoft Intune admin center, navigate to **Apps** > **App configuration policies** > **Add** > **Managed apps** > **Create a new App configuration policy**. :::image type="content" source="images/addiosconfig.png" alt-text="Add configuration policy." lightbox="images/addiosconfig.png"::: Microsoft Defender for Endpoint can be configured to send threat signals to be u The steps to set up app protection policies with Microsoft Defender for Endpoint are below: -1. Set up the connection from your Microsoft Endpoint Manager tenant to Microsoft Defender for Endpoint. In the [Microsoft Endpoint manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Tenant Administration** \> **Connectors and tokens** \> **Microsoft Defender for Endpoint** (under Cross platform) or **Endpoint Security** \> **Microsoft Defender for Endpoint** (under Setup) and turn on the toggles under **App Protection Policy Settings for iOS**. +1. Set up the connection from your Microsoft Intune tenant to Microsoft Defender for Endpoint. In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Tenant Administration** \> **Connectors and tokens** \> **Microsoft Defender for Endpoint** (under Cross platform) or **Endpoint Security** \> **Microsoft Defender for Endpoint** (under Setup) and turn on the toggles under **App Protection Policy Settings for iOS**. 2. Select **Save**. You should see **Connection status** is now set to **Enabled**. Customers can now enable privacy control for the phish report sent by Microsoft 1. **Admin Privacy Controls (MDM)** Use the following steps to enable privacy and not collect the domain name as part of the phish alert report for enrolled devices. - - In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** > **App configuration policies** > **Add** > **Managed devices**. + - In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** > **App configuration policies** > **Add** > **Managed devices**. - Give the policy a name, **Platform > iOS/iPadOS**, select the profile type. Customers can now enable privacy control for the phish report sent by Microsoft 1. **Admin Privacy Controls (MAM)** Use the following steps to enable privacy and not collect the domain name as part of the phish alert report for unenrolled devices. - - In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** > **App configuration policies** > **Add** > **Managed apps**. + - In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** > **App configuration policies** > **Add** > **Managed apps**. - Give the policy a name. Microsoft Defender for Endpoint on iOS enables **Optional Permissions** in the o 1. **Admin flow (MDM)** Use the following steps to enable **Optional VPN** permission for enrolled devices. - - In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** > **App configuration policies** > **Add** > **Managed devices**. + - In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** > **App configuration policies** > **Add** > **Managed devices**. - Give the policy a name, select **Platform > iOS/iPadOS**. To protect corporate data from being accessed on jailbroken iOS devices, we reco Follow the steps below to create a compliance policy against jailbroken devices. -1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** > **Compliance policies** > **Create Policy**. Select "iOS/iPadOS" as platform and click **Create**. +1. In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** > **Compliance policies** > **Create Policy**. Select "iOS/iPadOS" as platform and click **Create**. :::image type="content" source="images/ios-jb-policy.png" alt-text="The Create Policy tab" lightbox="images/ios-jb-policy.png"::: Defender for Endpoint on iOS supports vulnerability assessments of apps only for 1. Ensure the device is configured in the [Supervised mode](ios-install.md#complete-deployment-for-supervised-devices). -1. To enable the feature in [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint Security** > **Microsoft Defender for Endpoint** > **Enable App sync for iOS/iPadOS devices**. +1. To enable the feature in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint Security** > **Microsoft Defender for Endpoint** > **Enable App sync for iOS/iPadOS devices**. :::image type="content" source="images/tvm-app-sync-toggle.png" alt-text="App sync toggleSup" lightbox="images/tvm-app-sync-toggle.png"::: ### On an Unsupervised Device -1. To enable the feature in [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint Security** > **Microsoft Defender for Endpoint** > **Enable App sync for iOS/iPadOS devices**. +1. To enable the feature in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint Security** > **Microsoft Defender for Endpoint** > **Enable App sync for iOS/iPadOS devices**. :::image type="content" source="images/tvm-app-sync-toggle.png" alt-text="App sync toggle" lightbox="images/tvm-app-sync-toggle.png"::: Customers now have the option to configure the ability to send feedback data to Use the following steps to configure the option to send feedback data to Microsoft: -1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** > **App configuration policies** > **Add** > **Managed devices**. +1. In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** > **App configuration policies** > **Add** > **Managed devices**. 1. Give the policy a name, and select **Platform > iOS/iPadOS** as the profile type. |
| security | Ios Install Unmanaged | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/ios-install-unmanaged.md | Microsoft Defender for Endpoint on iOS threat information is leveraged by Intune Microsoft Defender for Endpoint on iOS supports both the configurations of MAM - **Intune MDM + MAM**: IT administrators can only manage apps using App Protection Policies on devices that are enrolled with Intune mobile device management (MDM). - **MAM without device enrollment**: MAM without device enrollment, or MAM-WE, allows IT administrators to manage apps using [App Protection Policies](/mem/intune/apps/app-protection-policy) on devices not enrolled with Intune MDM. This means apps can be managed by Intune on devices enrolled with third-party EMM providers. -To manage apps using in both the above configurations customers should use Intune in the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) +To manage apps using in both the above configurations customers should use Intune in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) To enable this capability an administrator needs to configure the connection between Microsoft Defender for Endpoint and Intune, create the app protection policy, and apply the policy on targeted devices and applications. End users also need to take steps to install Microsoft Defender for Endpoint on :::image type="content" source="images/enable-intune-connection.png" alt-text="The Defender for Endpoint - Intune connector" lightbox="images/enable-intune-connection.png"::: -2. **Verify that the connector is enabled on the Intune portal**. <br> In [Microsoft Endpoint manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint Security** > **Microsoft Defender for Endpoint** and ensure that the Connection status is enabled. +2. **Verify that the connector is enabled on the Intune portal**. <br> In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint Security** > **Microsoft Defender for Endpoint** and ensure that the Connection status is enabled. :::image type="content" source="images/app-settings.png" alt-text="The application settings" lightbox="images/app-settings.png"::: |
| security | Ios Install | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/ios-install.md | Title: Deploy Microsoft Defender for Endpoint on iOS with Microsoft Endpoint Manager + Title: Deploy Microsoft Defender for Endpoint on iOS with Microsoft Intune description: Describes how to deploy Microsoft Defender for Endpoint on iOS using an app. keywords: microsoft, defender, Microsoft Defender for Endpoint, ios, app, installation, deploy, uninstallation, intune search.appverid: met150 Last updated 12/18/2020 -# Deploy Microsoft Defender for Endpoint on iOS with Microsoft Endpoint Manager +# Deploy Microsoft Defender for Endpoint on iOS with Microsoft Intune [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] Last updated 12/18/2020 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-investigateip-abovefoldlink) -This topic describes deploying Defender for Endpoint on iOS on Microsoft Endpoint Manager (also known as Intune) Company Portal enrolled devices. For more information about Microsoft Endpoint Manager device enrollment, see [Enroll iOS/iPadOS devices in Microsoft Endpoint Manager](/mem/intune/enrollment/ios-enroll). +This topic describes deploying Defender for Endpoint on iOS on Microsoft Intune Company Portal enrolled devices. For more information about Microsoft Intune device enrollment, see [Enroll iOS/iPadOS devices in Microsoft Intune](/mem/intune/enrollment/ios-enroll). ## Before you begin -- Ensure you have access to [Microsoft Endpoint manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).+- Ensure you have access to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). - Ensure iOS enrollment is done for your users. Users need to have a Defender for Endpoint license assigned in order to use Defender for Endpoint on iOS. Refer to [Assign licenses to users](/azure/active-directory/users-groups-roles/licensing-groups-assign) for instructions on how to assign licenses. This topic describes deploying Defender for Endpoint on iOS on Microsoft Endpoin This section covers: -1. **Deployment steps** (applicable for both **Supervised** and **Unsupervised** devices)- Admins can deploy Defender for Endpoint on iOS via Microsoft Endpoint Manager Company Portal. This step is not needed for VPP (volume purchase) apps. +1. **Deployment steps** (applicable for both **Supervised** and **Unsupervised** devices)- Admins can deploy Defender for Endpoint on iOS via Microsoft Intune Company Portal. This step is not needed for VPP (volume purchase) apps. 1. **Complete deployment** (only for Supervised devices)- Admins can select to deploy any one of the given profiles. 1. **Zero touch (Silent) Control Filter** - Provides Web Protection without the local loopback VPN and also enables silent onboarding for users. App is automatically installed and activated without the need for user to open the app. This section covers: ## Deployment steps (applicable for both Supervised and Unsupervised devices) -Deploy Defender for Endpoint on iOS via Microsoft Endpoint Manager Company Portal. +Deploy Defender for Endpoint on iOS via Microsoft Intune Company Portal. ### Add iOS store app -1. In [Microsoft Endpoint manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** > **iOS/iPadOS** > **Add** > **iOS store app** and click **Select**. +1. In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** > **iOS/iPadOS** > **Add** > **iOS store app** and click **Select**. - :::image type="content" source="images/ios-deploy-1.png" alt-text="The Add applications tab in the Microsoft Endpoint Manager Admin Center" lightbox="images/ios-deploy-1.png"::: + :::image type="content" source="images/ios-deploy-1.png" alt-text="The Add applications tab in the Microsoft Intune admin center" lightbox="images/ios-deploy-1.png"::: 1. On the **Add app** page, click on **Search the App Store** and type **Microsoft Defender** in the search bar. In the search results section, click on *Microsoft Defender* and click **Select**. Deploy Defender for Endpoint on iOS via Microsoft Endpoint Manager Company Porta 1. In the **Assignments** section, go to the **Required** section and select **Add group**. You can then choose the user group(s) that you would like to target Defender for Endpoint on iOS app. Click **Select** and then **Next**. > [!NOTE]- > The selected user group should consist of Microsoft Endpoint Manager (Intune) enrolled users. + > The selected user group should consist of Microsoft Intune enrolled users. - :::image type="content" source="images/ios-deploy-2.png" alt-text="The Add group tab in the Microsoft Endpoint Manager Admin Center" lightbox="images/ios-deploy-2.png"::: + :::image type="content" source="images/ios-deploy-2.png" alt-text="The Add group tab in the Microsoft Intune admin center" lightbox="images/ios-deploy-2.png"::: 1. In the *Review + Create* section, verify that all the information entered is correct and then select **Create**. In a few moments, the Defender for Endpoint app should be created successfully, and a notification should show up at the top-right corner of the page. The Microsoft Defender for Endpoint on iOS app has specialized ability on superv Admins can use the following steps to configure supervised devices. -### Configure Supervised Mode via Microsoft Endpoint Manager (Intune) +### Configure Supervised Mode via Microsoft Intune Configure the supervised mode for Defender for Endpoint app through an App configuration policy and Device configuration profile. Configure the supervised mode for Defender for Endpoint app through an App confi > [!NOTE] > This app configuration policy for supervised devices is applicable only to managed devices and should be targeted for ALL managed iOS devices as a best practice. -1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and go to **Apps** \> **App configuration policies** \> **Add**. Select **Managed devices**. +1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and go to **Apps** \> **App configuration policies** \> **Add**. Select **Managed devices**. - :::image type="content" source="images/ios-deploy-4.png" alt-text="Image of Microsoft Endpoint Manager Admin Center4." lightbox="images/ios-deploy-4.png"::: + :::image type="content" source="images/ios-deploy-4.png" alt-text="Image of Microsoft Intune admin center4." lightbox="images/ios-deploy-4.png"::: 1. In the *Create app configuration policy* page, provide the following information: - Policy Name - Platform: Select iOS/iPadOS - Targeted app: Select **Microsoft Defender for Endpoint** from the list - :::image type="content" source="images/ios-deploy-5.png" alt-text="Image of Microsoft Endpoint Manager Admin Center5." lightbox="images/ios-deploy-5.png"::: + :::image type="content" source="images/ios-deploy-5.png" alt-text="Image of Microsoft Intune admin center5." lightbox="images/ios-deploy-5.png"::: 1. In the next screen, select **Use configuration designer** as the format. Specify the following properties: - Configuration Key: `issupervised` - Value type: String - Configuration Value: `{{issupervised}}` - :::image type="content" source="images/ios-deploy-6.png" alt-text="Image of Microsoft Endpoint Manager Admin Center6." lightbox="images/ios-deploy-6.png"::: + :::image type="content" source="images/ios-deploy-6.png" alt-text="Image of Microsoft Intune admin center6." lightbox="images/ios-deploy-6.png"::: 1. Select **Next** to open the **Scope tags** page. Scope tags are optional. Select **Next** to continue. Once the profile has been downloaded, deploy the custom profile. Follow the step 1. Navigate to **Devices** > **iOS/iPadOS** > **Configuration profiles** > **Create Profile**. 1. Select **Profile Type** > **Templates** and **Template name** > **Custom**. - :::image type="content" source="images/ios-deploy-7.png" alt-text="Image of Microsoft Endpoint Manager Admin Center7." lightbox="images/ios-deploy-7.png"::: + :::image type="content" source="images/ios-deploy-7.png" alt-text="Image of Microsoft Intune admin center7." lightbox="images/ios-deploy-7.png"::: 1. Provide a name of the profile. When prompted to import a Configuration profile file, select the one downloaded from the previous step. 1. In the **Assignment** section, select the device group to which you want to apply this profile. As a best practice, this should be applied to all managed iOS devices. Select **Next**. Admins can automate the Defender onboarding for users in two different ways with Admins can configure Microsoft Defender for Endpoint to deploy and activate silently. In this flow, the administrator creates a deployment profile and the user is simply notified of the installation. Defender for Endpoint is automatically installed without the need for the user to open the app. Follow the steps below to set up zero-touch or silent deployment of Defender for Endpoint on enrolled iOS devices: -1. In [Microsoft Endpoint manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** > **Configuration Profiles** > **Create Profile**. +1. In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** > **Configuration Profiles** > **Create Profile**. 1. Choose **Platform** as **iOS/iPadOS** and **Profile type** as **VPN**. Select **Create**. 1. Type a name for the profile and select **Next**. 1. Select **Custom VPN** for Connection Type and in the **Base VPN** section, enter the following: For unsupervised devices, a VPN is used to provide the Web Protection feature. T Admins can configure auto-setup of VPN profile. This will automatically set up the Defender for Endpoint VPN profile without having the user to do so while onboarding. -1. In [Microsoft Endpoint manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** > **Configuration Profiles** > **Create Profile**. +1. In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** > **Configuration Profiles** > **Create Profile**. 1. Choose **Platform** as **iOS/iPadOS** and **Profile type** as **VPN**. Click **Create**. 1. Type a name for the profile and click **Next**. 1. Select **Custom VPN** for Connection Type and in the **Base VPN** section, enter the following: |
| security | Ios Troubleshoot | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/ios-troubleshoot.md | In addition, a notification is shown on the iOS device. Tapping on the notificat After onboarding, it takes few hours for device to show up in the Device inventory in the Defender for Endpoint security console. Also, ensure that device is registered correctly with Azure Active Directory and device has internet connectivity. For successful onboarding, the device has to be registered via Microsoft Authenticator or Intune Company Portal and the user needs to sign-in using the same account with which device is registered with Azure AD. > [!NOTE]-> Sometimes, the device name is not consistent with that in Microsoft Endpoint Manager (Intune) console. The device name in Defender for Endpoint console is of the format <username_iPhone/iPad model>. You can also use Azure AD device ID to identify the device in the Defender for Endpoint console. +> Sometimes, the device name is not consistent with that in Microsoft Intune admin center. The device name in Defender for Endpoint console is of the format <username_iPhone/iPad model>. You can also use Azure AD device ID to identify the device in the Defender for Endpoint console. ## Data and Privacy |
| security | Ios Whatsnew | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/ios-whatsnew.md | Vulnerability assessment of apps on Microsoft Defender for Endpoint for iOS is n Network Protection on Microsoft Defender for Endpoint is now generally available. Network protection provides protection against rogue Wi-Fi related threats, rogue hardware like pineapple devices and notifies the user if a related threat is detected. Users will also see a guided experience to connect to secure networks and change networks when they are connected to an unsecure connection. -It includes several admin controls to offer flexibility, such as the ability to configure the feature from within the Microsoft Endpoint Manager Admin center. Admins can also enable privacy controls to configure the data that is sent by Defender for Endpoint from iOS devices. For more information, read [Configure Network Protection](/microsoft-365/security/defender-endpoint/ios-configure-features#configure-network-protection). +It includes several admin controls to offer flexibility, such as the ability to configure the feature from within the Microsoft Intune admin center. Admins can also enable privacy controls to configure the data that is sent by Defender for Endpoint from iOS devices. For more information, read [Configure Network Protection](/microsoft-365/security/defender-endpoint/ios-configure-features#configure-network-protection). ## Privacy Controls On January 25, 2022, we announced the general availability of Vulnerability mana ## 1.1.28250101 - **Integration with Tunnel** - Microsoft Defender for Endpoint on iOS can now integrate with Microsoft Tunnel, a VPN gateway solution to enable security and connectivity in a single app. For more information, see [Microsoft Tunnel Overview](/mem/intune/protect/microsoft-tunnel-overview).-- **Zero-touch onboard for enrolled iOS devices** enrolled through Microsoft Endpoint Manager (Intune) is generally available. For more information, see [Zero touch onboarding of Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/ios-install#zero-touch-onboarding-of-microsoft-defender-for-endpoint).+- **Zero-touch onboard for enrolled iOS devices** enrolled through Microsoft Intune is generally available. For more information, see [Zero touch onboarding of Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/ios-install#zero-touch-onboarding-of-microsoft-defender-for-endpoint). - Bug fixes. ## 1.1.24210103 On January 25, 2022, we announced the general availability of Vulnerability mana ## 1.1.23250104 - Performance optimizations - Test battery performance with this version and let us know your feedback.-- **Zero-touch onboard for enrolled iOS devices** - With this version, the preview of Zero-touch onboard for devices enrolled through Microsoft Endpoint Manager (Intune) has been added. For more information, see this [documentation](ios-install.md#zero-touch-silent-onboarding-of-microsoft-defender-for-endpoint) for more details on setup and configuration.+- **Zero-touch onboard for enrolled iOS devices** - With this version, the preview of Zero-touch onboard for devices enrolled through Microsoft Intune has been added. For more information, see this [documentation](ios-install.md#zero-touch-silent-onboarding-of-microsoft-defender-for-endpoint) for more details on setup and configuration. - **Privacy Controls** - Configure privacy controls for phish alert report. For more information, see [Configure iOS features](ios-configure-features.md). ## 1.1.23010101 On January 25, 2022, we announced the general availability of Vulnerability mana ## 1.1.17240101 - Support for Mobile Application Management (MAM) via Intune is generally available with this version. For more information, see [Microsoft Defender for Endpoint risk signals available for your App protection policies](https://techcommunity.microsoft.com/t5/intune-customer-success/microsoft-defender-for-endpoint-risk-signals-available-for-your/ba-p/2186322) - **Jailbreak Detection** is generally available. For more information, see [Setup Conditional Access Policy based on device risk signals](ios-configure-features.md#conditional-access-with-defender-for-endpoint-on-ios).-- **Auto-setup of VPN profile** for enrolled devices via Microsoft Endpoint Manager (Intune) is generally available. For more information, see [Auto-Setup VPN profile for enrolled iOS devices](ios-install.md#auto-onboarding-of-vpn-profile-simplified-onboarding).+- **Auto-setup of VPN profile** for enrolled devices via Microsoft Intune is generally available. For more information, see [Auto-Setup VPN profile for enrolled iOS devices](ios-install.md#auto-onboarding-of-vpn-profile-simplified-onboarding). - Bug fixes. ## 1.1.15140101 - **Jailbreak Detection** is in preview. For more information, see [Setup Conditional Access Policy based on device risk signals](ios-configure-features.md#conditional-access-with-defender-for-endpoint-on-ios).-- **Auto-setup of VPN profile** is in preview for enrolled devices via Microsoft Endpoint Manager (Intune). For more information, see [Auto-Setup VPN profile for enrolled iOS devices](ios-install.md#auto-onboarding-of-vpn-profile-simplified-onboarding).+- **Auto-setup of VPN profile** is in preview for enrolled devices via Microsoft Intune. For more information, see [Auto-Setup VPN profile for enrolled iOS devices](ios-install.md#auto-onboarding-of-vpn-profile-simplified-onboarding). - The Microsoft Defender ATP product name has now been updated to Microsoft Defender for Endpoint in the app store. - Improved sign-in experience. - Bug fixes. |
| security | Mac Install With Intune | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-install-with-intune.md | search.appverid: met150 Last updated 12/18/2020 -# Deploy Microsoft Defender for Endpoint on macOS with Microsoft Endpoint Manager +# Deploy Microsoft Defender for Endpoint on macOS with Microsoft Intune [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] Last updated 12/18/2020 - [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) -This topic describes how to deploy Microsoft Defender for Endpoint on macOS through Microsoft Endpoint Manager (also known as Intune). A successful deployment requires the completion of all of the following steps: +This topic describes how to deploy Microsoft Defender for Endpoint on macOS through Microsoft Intune. A successful deployment requires the completion of all of the following steps: 1. [Download the onboarding package](#download-the-onboarding-package) 1. [Client device setup](#client-device-setup) Before you get started, see [the main Microsoft Defender for Endpoint on macOS p ## Overview -The following table summarizes the steps you would need to take to deploy and manage Microsoft Defender for Endpoint on Macs, via Microsoft Endpoint Manager. More detailed steps are available below. +The following table summarizes the steps you would need to take to deploy and manage Microsoft Defender for Endpoint on Macs, via Microsoft Intune. More detailed steps are available below. <br> Download the onboarding packages from Microsoft 365 Defender portal: ## Create System Configuration profiles The next step is to create system configuration profiles that Microsoft Defender for Endpoint needs.-In the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/), open **Devices** \> **Configuration profiles**. +In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), open **Devices** \> **Configuration profiles**. ### Onboarding blob Follow the instructions for [Onboarding blob](#onboarding-blob) from above, usin > [!CAUTION] > macOS 13 (Ventura) contains new privacy enhancements. Beginning with this version, by default, applications cannot run in background without explicit consent. Microsoft Defender for Endpoint must run its daemon process in background. >- > This configuration profile grants Background Service permissions to Microsoft Defender for Endpoint. If you previously configured Microsoft Defender for Endpoint through Microsoft Endpoint Manager, we recommend you update the deployment with this configuration profile. + > This configuration profile grants Background Service permissions to Microsoft Defender for Endpoint. If you previously configured Microsoft Defender for Endpoint through Microsoft Intune, we recommend you update the deployment with this configuration profile. Download [**background_services.mobileconfig**](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/background_services.mobileconfig) from [our GitHub repository](https://github.com/microsoft/mdatp-xplat/tree/master/macos/mobileconfig/profiles). Once the Intune changes are propagated to the enrolled devices, you can see them This step enables deploying Microsoft Defender for Endpoint to enrolled machines. -1. In the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/), open **Apps**. +1. In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), open **Apps**. > [!div class="mx-imgBorder"] > :::image type="content" source="images/mdatp-8-app-before.png" alt-text="The application's overview page" lightbox="images/mdatp-8-app-before.png"::: |
| security | Machines View Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/machines-view-overview.md | Filter | Description **Onboarding status** </br> | Onboarding status indicates whether the device is currently onboarded to Microsoft Defender for Endpoint or not. You can filter by the following states: </br> - **Onboarded**: The endpoint is onboarded to Microsoft Defender for Endpoint. </br> - **Can be onboarded**: The endpoint was discovered in the network as a supported device, but it's not currently onboarded. Microsoft highly recommends onboarding these devices. </br> - **Unsupported**: The endpoint was discovered in the network, but is not supported by Microsoft Defender for Endpoint. </br> - **Insufficient info**: The system couldn't determine the supportability of the device.</br></br> (_Computers and mobile only_) **Antivirus status** </br> | Filter the view based on whether the antivirus status is disabled, not updated or unknown.</br></br> (_Computers and mobile only_) **Group** </br> | Filter the list based on the group you're interested in investigating. </br></br> (_Computers and mobile only_)-**Managed by** </br> | Managed by indicates how the device is being managed. You can filter by:</br> - Microsoft Defender for Endpoint</br> - Microsoft Endpoint Manager (MEM), including co-management with Microsoft Configuration Manager via tenant attach</br>- Microsoft Configuration manager (ConfigMgr)</br> - Unknown: This could be due the running an outdated Windows version, GPO management, or another third party MDM.</br></br> (_Computers and mobile only_) +**Managed by** </br> | Managed by indicates how the device is being managed. You can filter by:</br> - Microsoft Defender for Endpoint</br> - Microsoft Intune, including co-management with Microsoft Configuration Manager via tenant attach</br>- Microsoft Configuration manager (ConfigMgr)</br> - Unknown: This could be due the running an outdated Windows version, GPO management, or another third party MDM.</br></br> (_Computers and mobile only_) **Device Type** </br> | Filter by the device type you're interested in investigating.</br></br> (_IoT devices only_) ## Use columns to customize the device inventory views |
| security | Manage Event Based Updates Microsoft Defender Antivirus | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-event-based-updates-microsoft-defender-antivirus.md | Microsoft Defender Antivirus allows you to determine if updates should (or shoul ## Check for protection updates before running a scan -You can use Microsoft Endpoint Configuration Manager, Group Policy, PowerShell cmdlets, and WMI to force Microsoft Defender Antivirus to check and download protection updates before running a scheduled scan. +You can use Microsoft Configuration Manager, Group Policy, PowerShell cmdlets, and WMI to force Microsoft Defender Antivirus to check and download protection updates before running a scheduled scan. ### Use Configuration Manager to check for protection updates before running a scan -1. On your Microsoft Endpoint Manager console, open the antimalware policy you want to change (click **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** \> **Endpoint Protection** \> **Antimalware Policies**) +1. On your Microsoft Configuration Manager console, open the antimalware policy you want to change (click **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** \> **Endpoint Protection** \> **Antimalware Policies**) 2. Go to the **Scheduled scans** section and set **Check for the latest security intelligence updates before running a scan** to **Yes**. |
| security | Manage Gradual Rollout | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-gradual-rollout.md | If your machines are receiving Defender updates from Windows Update, the gradual > [!NOTE] > When planning for your own gradual release, please make sure to always have a selection of devices subscribed to the preview and staged channels. This will provide your organization as well as Microsoft the opportunity to prevent or find and fix issues specific to your environment. -For machines receiving updates through, for example, Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager (MECM), more options are available to all Windows updates, including options for Microsoft Defender for Endpoint. +For machines receiving updates through, for example, Windows Server Update Services (WSUS) or Microsoft Configuration Manager, more options are available to all Windows updates, including options for Microsoft Defender for Endpoint. - Read more about how to use a solution like WSUS, MECM to manage the distribution and application of updates at [Manage Microsoft Defender Antivirus updates and apply baselines - Windows security](manage-updates-baselines-microsoft-defender-antivirus.md#product-updates). Adopting this model: To create your own custom gradual rollout process for monthly updates, you can use the following tools: - Group policy-- Microsoft Endpoint Manager+- Microsoft Configuration Manager - PowerShell For details on how to use these tools, see [Create a custom gradual rollout process for Microsoft Defender updates](configure-updates.md). |
| security | Manage Mde Post Migration | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-mde-post-migration.md | search.appverid: met150 > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink) -After you have set up and configured Microsoft Defender for Endpoint, your next step is to manage your features and capabilities. We recommend using [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) to manage your organization's devices and security settings. However, you can use other tools/methods, such as [Microsoft Endpoint Configuration Manager](/mem/configmgr/core/understand/introduction) or [Group Policy Objects in Azure Active Directory Domain Services](/azure/active-directory-domain-services/manage-group-policy). +After you have set up and configured Microsoft Defender for Endpoint, your next step is to manage your features and capabilities. We recommend using [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) to manage your organization's devices and security settings. However, you can use other tools/methods, such as [Microsoft Configuration Manager](/mem/configmgr/core/understand/introduction) or [Group Policy Objects in Azure Active Directory Domain Services](/azure/active-directory-domain-services/manage-group-policy). The following table lists various tools/methods you can use, with links to learn more. The following table lists various tools/methods you can use, with links to learn ||| |**[Microsoft Defender Vulnerability Management dashboard insights](/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights)** in the [Microsoft 365 Defender](https://security.microsoft.com/) portal|The Defender Vulnerability Management dashboard provides actionable information that your security operations team can use to reduce exposure and improve your organization's security posture. <br/><br/> See [Defender Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt) and [Overview of Microsoft 365 Defender](/microsoft-365/security/defender-endpoint/use).| |**[Microsoft Intune](/mem/intune/fundamentals/what-is-intune)** (recommended)| Intune provides mobile device management (MDM) and mobile application management (MAM) capabilities. With Intune, you control how your organization's devices are used, including mobile phones, tablets, and laptops. You can also configure specific policies to control applications. <br/><br/> See [Manage Microsoft Defender for Endpoint using Intune](manage-mde-post-migration-intune.md).|-|**[Microsoft Endpoint Configuration Manager](/mem/configmgr/core/understand/introduction)**|Microsoft Endpoint Manager (Configuration Manager), formerly known as System Center Configuration Manager, is a powerful tool to manage your users, devices, and software. <br/><br/> See [Manage Microsoft Defender for Endpoint with Configuration Manager](manage-mde-post-migration-configuration-manager.md).| +|**[Microsoft Configuration Manager](/mem/configmgr/core/understand/introduction)**|Microsoft Configuration Manager, formerly known as System Center Configuration Manager, is a powerful tool to manage your users, devices, and software. <br/><br/> See [Manage Microsoft Defender for Endpoint with Configuration Manager](manage-mde-post-migration-configuration-manager.md).| |**[Group Policy Objects in Azure Active Directory Domain Services](/azure/active-directory-domain-services/manage-group-policy)**|[Azure Active Directory Domain Services](/azure/active-directory-domain-services/overview) includes built-in Group Policy Objects for users and devices. You can customize the built-in Group Policy Objects as needed for your environment, as well as create custom Group Policy Objects and organizational units (OUs). <br/><br/> See [Manage Microsoft Defender for Endpoint with Group Policy Objects](manage-mde-post-migration-group-policy-objects.md).| |**[PowerShell, WMI, and MPCmdRun.exe](manage-mde-post-migration-other-tools.md)**|*We recommend using Microsoft Intune or Configuration Manager to manage threat protection features on your organization's devices. However, you can configure some settings, such as Microsoft Defender Antivirus settings on individual devices (endpoints) with PowerShell, WMI, or the MPCmdRun.exe tool.* <br/><br/> You can use PowerShell to manage Microsoft Defender Antivirus, exploit protection, and your attack surface reduction rules. See [Configure Microsoft Defender for Endpoint with PowerShell](manage-mde-post-migration-other-tools.md#configure-microsoft-defender-for-endpoint-with-powershell). <br/><br/> You can use Windows Management Instrumentation (WMI) to manage Microsoft Defender Antivirus and exclusions. See [Configure Microsoft Defender for Endpoint with WMI](manage-mde-post-migration-other-tools.md#configure-microsoft-defender-for-endpoint-with-windows-management-instrumentation-wmi). <br/><br/> You can use the Microsoft Malware Protection Command-Line Utility (MPCmdRun.exe) to manage Microsoft Defender Antivirus and exclusions, as well as validate connections between your network and the cloud. See [Configure Microsoft Defender for Endpoint with MPCmdRun.exe](manage-mde-post-migration-other-tools.md#configure-microsoft-defender-for-endpoint-with-microsoft-malware-protection-command-line-utility-mpcmdrunexe).| |
| security | Manage Outdated Endpoints Microsoft Defender Antivirus | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-outdated-endpoints-microsoft-defender-antivirus.md | You can use one of several methods to set up catch-up protection updates: ### Use Configuration Manager to configure catch-up protection updates -1. On your Microsoft Endpoint Manager console, open the antimalware policy you want to change (select **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** \> **Endpoint Protection** \> **Antimalware Policies**) +1. On your Microsoft Configuration Manager console, open the antimalware policy you want to change (select **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** \> **Endpoint Protection** \> **Antimalware Policies**) 2. Go to the **Security intelligence updates** section and configure the following settings: See the following article for more information and allowed parameters: ### Use Configuration Manager to configure catch-up scans -1. On your Microsoft Endpoint Manager console, open the antimalware policy you want to change (select **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** \> **Endpoint Protection** \> **Antimalware Policies**) +1. On your Microsoft Configuration Manager console, open the antimalware policy you want to change (select **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** \> **Endpoint Protection** \> **Antimalware Policies**) 2. Go to the **Scheduled scans** section and **Force a scan of the selected scan type if client computer is offline...** to **Yes**. |
| security | Manage Protection Update Schedule Microsoft Defender Antivirus | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-protection-update-schedule-microsoft-defender-antivirus.md | You can also randomize the times when each endpoint checks and downloads protect ## Use Configuration Manager to schedule protection updates -1. On your Microsoft Endpoint Manager console, open the antimalware policy you want to change (click **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** \> **Endpoint Protection** \> **Antimalware Policies**) +1. On your Microsoft Configuration Manager console, open the antimalware policy you want to change (click **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** \> **Endpoint Protection** \> **Antimalware Policies**) 2. Go to the **Security intelligence updates** section. |
| security | Manage Protection Updates Microsoft Defender Antivirus | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-protection-updates-microsoft-defender-antivirus.md | Each source has typical scenarios that depend on how your network is configured, |Windows Server Update Service|You are using Windows Server Update Service to manage updates for your network.| |Microsoft Update|You want your endpoints to connect directly to Microsoft Update. This can be useful for endpoints that irregularly connect to your enterprise network, or if you do not use Windows Server Update Service to manage your updates.| |File share|You have non-Internet-connected devices (such as VMs). You can use your Internet-connected VM host to download the updates to a network share, from which the VMs can obtain the updates. See the [VDI deployment guide](deployment-vdi-microsoft-defender-antivirus.md) for how file shares can be used in virtual desktop infrastructure (VDI) environments.|-|Microsoft Endpoint Manager|You are using Microsoft Endpoint Manager to update your endpoints.| +|Microsoft Configuration Manager|You are using Microsoft Configuration Manager to update your endpoints.| |Security intelligence updates and platform updates for Microsoft Defender Antivirus and other Microsoft anti-malware (formerly referred to as MMPC)|[Make sure your devices are updated to support SHA-2](https://support.microsoft.com/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus). Microsoft Defender Antivirus Security intelligence and platform updates are delivered through Windows Update, and starting Monday October 21, 2019 security intelligence updates and platform updates will be SHA-2 signed exclusively. <br/>Download the latest protection updates because of a recent infection or to help provision a strong, base image for [VDI deployment](deployment-vdi-microsoft-defender-antivirus.md). This option should generally be used only as a final fallback source, and not the primary source. It will only be used if updates cannot be downloaded from Windows Server Update Service or Microsoft Update for [a specified number of days](/microsoft-365/security/defender-endpoint/manage-outdated-endpoints-microsoft-defender-antivirus#set-the-number-of-days-before-protection-is-reported-as-out-of-date).| You can manage the order in which update sources are used with Group Policy, Microsoft Endpoint Configuration Manager, PowerShell cmdlets, and WMI. The procedures in this article first describe how to set the order, and then how ## Use Configuration Manager to manage the update location -See [Configure Security intelligence Updates for Endpoint Protection](/configmgr/protect/deploy-use/endpoint-definition-updates) for details on configuring Microsoft Endpoint Manager (current branch). +See [Configure Security intelligence Updates for Endpoint Protection](/configmgr/protect/deploy-use/endpoint-definition-updates) for details on configuring Microsoft Configuration Manager (current branch). ## Use PowerShell cmdlets to manage the update location |
| security | Management Apis | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/management-apis.md | Acknowledging that customer environments and structures can vary, Defender for E ## Endpoint onboarding and portal access -Device onboarding is fully integrated into Microsoft Endpoint Manager and Microsoft Intune for client devices and Microsoft Defender for server devices, providing complete end-to-end experience of configuration, deployment, and monitoring. In addition, Microsoft Defender for Endpoint supports Group Policy and other third-party tools used for devices management. +Device onboarding is fully integrated into Microsoft Configuration Manager and Microsoft Intune for client devices and Microsoft Defender for server devices, providing complete end-to-end experience of configuration, deployment, and monitoring. In addition, Microsoft Defender for Endpoint supports Group Policy and other third-party tools used for devices management. Defender for Endpoint provides fine-grained control over what users with access to the portal can see and do through the flexibility of role-based access control (RBAC). The RBAC model supports all flavors of security teams structure: |
| security | Mde Device Control Device Installation | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mde-device-control-device-installation.md | For Policy deployment in Intune, the account must have permissions to create, ed #### Deploying policy -In Microsoft Endpoint Manager [https://endpoint.microsoft.com/](https://endpoint.microsoft.com/) +In the Microsoft Intune admin center [https://endpoint.microsoft.com/](https://endpoint.microsoft.com/) 1. Configure **Prevent installation of devices using drivers that match these device setup classes**. |
| security | Mde P1 Setup Configuration | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mde-p1-setup-configuration.md | When you're ready to onboard your organization's endpoints, you can choose from |Endpoint|Deployment tool| |||-|**Windows**|[Local script (up to 10 devices)](configure-endpoints-script.md) <br> [Group Policy](configure-endpoints-gp.md) <br> [Microsoft Endpoint Manager/ Mobile Device Manager](configure-endpoints-mdm.md) <br> [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) <br> [VDI scripts](configure-endpoints-vdi.md)| -|**macOS**|[Local script](mac-install-manually.md) <br> [Microsoft Endpoint Manager](mac-install-with-intune.md) <br> [JAMF Pro](mac-install-with-jamf.md) <br> [Mobile Device Management](mac-install-with-other-mdm.md)| -|**Android**|[Microsoft Endpoint Manager](android-intune.md)| -|**iOS**|[Microsoft Endpoint Manager](ios-install.md) <br> [Mobile Application Manager](ios-install-unmanaged.md) | +|**Windows**|[Local script (up to 10 devices)](configure-endpoints-script.md) <br> [Group Policy](configure-endpoints-gp.md) <br> [Microsoft Intune/ Mobile Device Manager](configure-endpoints-mdm.md) <br> [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) <br> [VDI scripts](configure-endpoints-vdi.md)| +|**macOS**|[Local script](mac-install-manually.md) <br> [Microsoft Intune](mac-install-with-intune.md) <br> [JAMF Pro](mac-install-with-jamf.md) <br> [Mobile Device Management](mac-install-with-other-mdm.md)| +|**Android**|[Microsoft Intune](android-intune.md)| +|**iOS**|[Microsoft Intune](ios-install.md) <br> [Mobile Application Manager](ios-install-unmanaged.md) | Then, proceed to configure your next-generation protection and attack surface reduction capabilities. |
| security | Microsoft Defender Antivirus Compatibility | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility.md | The following sections describe what to expect when Microsoft Defender Antivirus ### Active mode -In active mode, Microsoft Defender Antivirus is used as the antivirus app on the machine. Settings that are configured by using Configuration Manager, Group Policy, Microsoft Intune, or other management products will apply. Files are scanned, threats are remediated, and detection information is reported in your configuration tool (such as in the Microsoft Endpoint Manager admin center or the Microsoft Defender Antivirus app on the endpoint). +In active mode, Microsoft Defender Antivirus is used as the antivirus app on the machine. Settings that are configured by using Configuration Manager, Group Policy, Microsoft Intune, or other management products will apply. Files are scanned, threats are remediated, and detection information is reported in your configuration tool (such as in the Microsoft Intune admin center or the Microsoft Defender Antivirus app on the endpoint). ### Passive mode or EDR Block mode |
| security | Microsoft Defender Endpoint Android | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-android.md | This topic describes how to install, configure, update, and use Defender for End - **For Administrators**: - Access to the Microsoft 365 Defender portal.- - Access [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) to: + - Access to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) to: - Deploy the app to enrolled user groups in your organization. - Configure Microsoft Defender for Endpoint risk signals in app protection policy. |
| security | Microsoft Defender Endpoint Ios | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-ios.md | Last updated 03/22/2021 - Access to the Microsoft 365 Defender portal. -- Access to [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), to:+- Access to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), to: - Deploy the app to enrolled user groups in your organization. - Configure Microsoft Defender for Endpoint risk signals in app protection policy (MAM) Last updated 03/22/2021 ## Installation instructions -Deployment of Microsoft Defender for Endpoint on iOS can be done via Microsoft Endpoint Manager (MEM) and both supervised and unsupervised devices are supported. End-users can also directly install the app from the [Apple app store](https://aka.ms/mdatpiosappstore). +Deployment of Microsoft Defender for Endpoint on iOS can be done via Microsoft Intune and both supervised and unsupervised devices are supported. End-users can also directly install the app from the [Apple app store](https://aka.ms/mdatpiosappstore). -- For information on deploying on enrolled devices through Microsoft Endpoint Manager or Intune, see [Deploy Microsoft Defender for Endpoint on iOS](ios-install.md).+- For information on deploying on enrolled devices through Microsoft Configuration Manager or Intune, see [Deploy Microsoft Defender for Endpoint on iOS](ios-install.md). - For information on using Defender for Endpoint in app protection policy (MAM), see [Configure app protection policy to include Defender for Endpoint risk signals (MAM)](ios-install-unmanaged.md) ## Resources |
| security | Microsoft Defender Offline | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-offline.md | See the [Manage Microsoft Defender Antivirus Security intelligence updates](man In Windows 10, version 1607, you can manually force an offline scan. Alternatively, if Windows Defender determines that Microsoft Defender Offline needs to run, it will prompt the user on the endpoint. -The need to perform an offline scan will also be revealed in Microsoft Endpoint Manager if you're using it to manage your endpoints. +The need to perform an offline scan will also be revealed in Microsoft Intune if you're using it to manage your endpoints. The prompt can occur via a notification, similar to the following: |
| security | Minimum Requirements | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/minimum-requirements.md | If you're onboarding servers and Microsoft Defender Antivirus isn't the active a If you're running Microsoft Defender Antivirus as the primary antimalware product on your devices, the Defender for Endpoint agent will successfully onboard. -If you're running a third-party antimalware client and use Mobile Device Management solutions or Microsoft Endpoint Manager (current branch), you'll need to ensure the Microsoft Defender Antivirus ELAM driver is enabled. For more information, see [Ensure that Microsoft Defender Antivirus is not disabled by policy](troubleshoot-onboarding.md#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy). +If you're running a third-party antimalware client and use Mobile Device Management solutions or Microsoft Configuration Manager (current branch), you'll need to ensure the Microsoft Defender Antivirus ELAM driver is enabled. For more information, see [Ensure that Microsoft Defender Antivirus is not disabled by policy](troubleshoot-onboarding.md#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy). ## Related topics |
| security | Mtd | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mtd.md | All these capabilities are available for Microsoft Defender for Endpoint license ## Overview and Deploy -Deployment of Microsoft Defender for Endpoint on mobile can be done via Microsoft Endpoint Manager (MEM). Watch this video for a quick overview of MTD capabilities and deployment: +Deployment of Microsoft Defender for Endpoint on mobile can be done via Microsoft Intune. Watch this video for a quick overview of MTD capabilities and deployment: <br/> |
| security | Network Devices | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/network-devices.md | To configure scan jobs, the following user permission option is required: **Mana The scanner is supported on Windows 10, version 1903 and Windows Server, version 1903 and later. For more information, see [Windows 10, version 1903 and Windows Server, version 1903](https://support.microsoft.com/topic/windows-10-update-history-e6058e7c-4116-38f1-b984-4fcacfba5e5d). +> [!NOTE] +> There's a limit of 40 scanner installations per tenant. + ## Install the scanner 1. Go to **Microsoft 365 security** \> **Settings** \> **Device discovery** \> **Authenticated scans**. |
| security | Non Windows | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/non-windows.md | With Microsoft Defender for Endpoint, customers benefit from a unified view of a ## Microsoft Defender for Endpoint on macOS -Microsoft Defender for Endpoint on macOS offers antivirus, endpoint detection and response (EDR), and vulnerability management capabilities for the three latest released versions of macOS. Customers can deploy and manage the solution through Microsoft Endpoint Manager and Jamf. Just like with Microsoft Office applications on macOS, Microsoft Auto Update is used to manage Microsoft Defender for Endpoint on Mac updates. For information about the key features and benefits, read our [announcements](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/macOS). +Microsoft Defender for Endpoint on macOS offers antivirus, endpoint detection and response (EDR), and vulnerability management capabilities for the three latest released versions of macOS. Customers can deploy and manage the solution through Microsoft Intune and Jamf. Just like with Microsoft Office applications on macOS, Microsoft Auto Update is used to manage Microsoft Defender for Endpoint on Mac updates. For information about the key features and benefits, read our [announcements](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/macOS). For more details on how to get started, visit the Defender for Endpoint on macOS [documentation](microsoft-defender-endpoint-mac.md). For more details on how to get started, visit the Microsoft Defender for Endpoin ## Microsoft Defender for Endpoint on Android -Microsoft Defender for Endpoint on Android is our mobile threat defense solution for devices running Android 6.0 and higher. Both Android Enterprise (Work Profile) and Device Administrator modes are supported. On Android, we offer web protection, which includes anti-phishing, blocking of unsafe connections, and setting of custom indicators. The solution scans for malware and potentially unwanted applications (PUA) and offers additional breach prevention capabilities through integration with Microsoft Endpoint Manager and Conditional Access. For information about the key features and benefits, read our [announcements](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/Android). +Microsoft Defender for Endpoint on Android is our mobile threat defense solution for devices running Android 6.0 and higher. Both Android Enterprise (Work Profile) and Device Administrator modes are supported. On Android, we offer web protection, which includes anti-phishing, blocking of unsafe connections, and setting of custom indicators. The solution scans for malware and potentially unwanted applications (PUA) and offers additional breach prevention capabilities through integration with Microsoft Intune and Conditional Access. For information about the key features and benefits, read our [announcements](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/Android). For more details on how to get started, visit the Microsoft Defender for Endpoint on Android [documentation](microsoft-defender-endpoint-android.md). |
| security | Onboard Configure | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/onboard-configure.md | The following table lists the available tools based on the endpoint that you nee | Endpoint | Tool options | |--||-|**Windows**|[Local script (up to 10 devices)](configure-endpoints-script.md) <br> [Group Policy](configure-endpoints-gp.md) <br> [Microsoft Endpoint Manager/ Mobile Device Manager](configure-endpoints-mdm.md) <br> [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) <br> [VDI scripts](configure-endpoints-vdi.md)| +|**Windows**|[Local script (up to 10 devices)](configure-endpoints-script.md) <br> [Group Policy](configure-endpoints-gp.md) <br> [Microsoft Intune/ Mobile Device Manager](configure-endpoints-mdm.md) <br> [Microsoft Configuration Manager](configure-endpoints-sccm.md) <br> [VDI scripts](configure-endpoints-vdi.md)| |**Windows servers<br><br>Linux servers** | [Integration with Microsoft Defender for Cloud](azure-server-integration.md)-|**macOS**|[Local script](mac-install-manually.md) <br> [Microsoft Endpoint Manager](mac-install-with-intune.md) <br> [JAMF Pro](mac-install-with-jamf.md) <br> [Mobile Device Management](mac-install-with-other-mdm.md)| +|**macOS**|[Local script](mac-install-manually.md) <br> [Microsoft Intune](mac-install-with-intune.md) <br> [JAMF Pro](mac-install-with-jamf.md) <br> [Mobile Device Management](mac-install-with-other-mdm.md)| |**Linux servers**|[Local script](linux-install-manually.md) <br> [Puppet](linux-install-with-puppet.md) <br> [Ansible](linux-install-with-ansible.md) <br> [Chef](linux-deploy-defender-for-endpoint-with-chef.md)<br> [Saltstack](linux-install-with-saltack.md)|-|**Android**|[Microsoft Endpoint Manager](android-intune.md)| -|**iOS**|[Microsoft Endpoint Manager](ios-install.md) <br> [Mobile Application Manager](ios-install-unmanaged.md) | +|**Android**|[Microsoft Intune](android-intune.md)| +|**iOS**|[Microsoft Intune](ios-install.md) <br> [Mobile Application Manager](ios-install-unmanaged.md) | > [!NOTE]-> For devices that aren't managed by a Microsoft Endpoint Manager (either Microsoft Intune or Microsoft Endpoint Configuration Manager), you can use the Security Management for Microsoft Defender for Endpoint to receive security configurations for Microsoft Defender directly from Endpoint Manager. +> For devices that aren't managed by Microsoft Intune or Microsoft Configuration Manager, you can use the Security Management for Microsoft Defender for Endpoint to receive security configurations for Microsoft Defender directly from Intune. The following table lists the available tools based on the endpoint that you need to onboard. |
| security | Onboard Downlevel | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/onboard-downlevel.md | Verify that Microsoft Defender Antivirus and Microsoft Defender for Endpoint are > [!NOTE] > Running Microsoft Defender Antivirus is not required but it is recommended. If another antivirus vendor product is the primary endpoint protection solution, you can run Defender Antivirus in Passive mode. You can only confirm that passive mode is on after verifying that Microsoft Defender for Endpoint sensor (SENSE) is running. +> [!NOTE] +> As Microsoft Defender Antivirus is only supported for Windows 10 and Windows 11, step 1 does not apply when running Windows Server 2008 R2 SP1. + 1. Run the following command to verify that Microsoft Defender Antivirus is installed: ```sc.exe query Windefend```+ +If the result is 'The specified service doesn't exist as an installed service', then you'll need to install Microsoft Defender Antivirus. For more information, see [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-windows.md). - If the result is 'The specified service doesn't exist as an installed service', then you'll need to install Microsoft Defender Antivirus. For more information, see [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-windows.md). -- For information on how to use Group Policy to configure and manage Microsoft Defender Antivirus on your Windows servers, see [Use Group Policy settings to configure and manage Microsoft Defender Antivirus](use-group-policy-microsoft-defender-antivirus.md). +For information on how to use Group Policy to configure and manage Microsoft Defender Antivirus on your Windows servers, see [Use Group Policy settings to configure and manage Microsoft Defender Antivirus](use-group-policy-microsoft-defender-antivirus.md). 2. Run the following command to verify that Microsoft Defender for Endpoint is running: ```sc.exe query sense``` - The result should show it is running. If you encounter issues with onboarding, see [Troubleshoot onboarding](troubleshoot-onboarding.md). +The result should show it is running. If you encounter issues with onboarding, see [Troubleshoot onboarding](troubleshoot-onboarding.md). ## Run a detection test Follow the steps in [Run a detection test on a newly onboarded device](run-detection-test.md) to verify that the server is reporting to Defender for the Endpoint service. |
| security | Onboarding Endpoint Configuration Manager | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/onboarding-endpoint-configuration-manager.md | Title: Onboarding using Microsoft Endpoint Configuration Manager -description: Learn how to onboard to Microsoft Defender for Endpoint using Microsoft Endpoint Configuration Manager -keywords: onboarding, configuration, deploy, deployment, endpoint configuration manager, Microsoft Defender for Endpoint, collection creation, endpoint detection response, next generation protection, attack surface reduction, microsoft endpoint configuration manager + Title: Onboarding using Microsoft Configuration Manager +description: Learn how to onboard to Microsoft Defender for Endpoint using Microsoft Configuration Manager +keywords: onboarding, configuration, deploy, deployment, configuration manager, Microsoft Defender for Endpoint, collection creation, endpoint detection response, next generation protection, attack surface reduction, microsoft configuration manager ms.mktglfcycl: deploy ms.sitesec: library search.appverid: met150 Last updated 12/18/2020 -# Onboarding using Microsoft Endpoint Configuration Manager +# Onboarding using Microsoft Configuration Manager [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] This topic guides users in: - Step 1: Onboarding Windows devices to the service - Step 2: Configuring Defender for Endpoint capabilities -This onboarding guidance will walk you through the following basic steps that you need to take when using Microsoft Endpoint Configuration +This onboarding guidance will walk you through the following basic steps that you need to take when using Microsoft Configuration -- **Creating a collection in Microsoft Endpoint Configuration Manager**-- **Configuring Microsoft Defender for Endpoint capabilities using Microsoft Endpoint Configuration Manager**+- **Creating a collection in Microsoft Configuration Manager** +- **Configuring Microsoft Defender for Endpoint capabilities using Microsoft Configuration Manager** > [!NOTE] > Only Windows devices are covered in this example deployment. -## Step 1: Onboard Windows devices using Microsoft Endpoint Configuration Manager +## Step 1: Onboard Windows devices using Microsoft Configuration Manager ### Collection creation -To onboard Windows devices with Microsoft Endpoint Configuration Manager, the deployment can target an existing collection or a new collection can be created for testing. +To onboard Windows devices with Microsoft Configuration Manager, the deployment can target an existing collection or a new collection can be created for testing. Onboarding using tools such as Group policy or manual method does not install any agent on the system. -Within the Microsoft Endpoint Configuration Manager console the onboarding process will be configured as part of the compliance settings within the console. +Within the Microsoft Configuration Manager console the onboarding process will be configured as part of the compliance settings within the console. Any system that receives this required configuration will maintain that configuration for as long as the Configuration Manager client continues to receive this policy from the management point. -Follow the steps below to onboard endpoints using Microsoft Endpoint Configuration Manager. +Follow the steps below to onboard endpoints using Microsoft Configuration Manager. -1. In Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Device Collections**. +1. In Microsoft Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Device Collections**. - :::image type="content" source="images/configmgr-device-collections.png" alt-text="The Microsoft Endpoint Configuration Manager wizard1" lightbox="images/configmgr-device-collections.png"::: + :::image type="content" source="images/configmgr-device-collections.png" alt-text="The Microsoft Configuration Manager wizard1" lightbox="images/configmgr-device-collections.png"::: 2. Right select **Device Collection** and select **Create Device Collection**. - :::image type="content" source="images/configmgr-create-device-collection.png" alt-text="The Microsoft Endpoint Configuration Manager wizard2" lightbox="images/configmgr-create-device-collection.png"::: + :::image type="content" source="images/configmgr-create-device-collection.png" alt-text="The Microsoft Configuration Manager wizard2" lightbox="images/configmgr-create-device-collection.png"::: 3. Provide a **Name** and **Limiting Collection**, then select **Next**. - :::image type="content" source="images/configmgr-limiting-collection.png" alt-text="The Microsoft Endpoint Configuration Manager wizard3" lightbox="images/configmgr-limiting-collection.png"::: + :::image type="content" source="images/configmgr-limiting-collection.png" alt-text="The Microsoft Configuration Manager wizard3" lightbox="images/configmgr-limiting-collection.png"::: 4. Select **Add Rule** and choose **Query Rule**. - :::image type="content" source="images/configmgr-query-rule.png" alt-text="The Microsoft Endpoint Configuration Manager wizard4" lightbox="images/configmgr-query-rule.png"::: + :::image type="content" source="images/configmgr-query-rule.png" alt-text="The Microsoft Configuration Manager wizard4" lightbox="images/configmgr-query-rule.png"::: 5. Select **Next** on the **Direct Membership Wizard** and select on **Edit Query Statement**. - :::image type="content" source="images/configmgr-direct-membership.png" alt-text="The Microsoft Endpoint Configuration Manager wizard5" lightbox="images/configmgr-direct-membership.png"::: + :::image type="content" source="images/configmgr-direct-membership.png" alt-text="The Microsoft Configuration Manager wizard5" lightbox="images/configmgr-direct-membership.png"::: 6. Select **Criteria** and then choose the star icon. - :::image type="content" source="images/configmgr-criteria.png" alt-text="The Microsoft Endpoint Configuration Manager wizard6" lightbox="images/configmgr-criteria.png"::: + :::image type="content" source="images/configmgr-criteria.png" alt-text="The Microsoft Configuration Manager wizard6" lightbox="images/configmgr-criteria.png"::: 7. Keep criterion type as **simple value**, choose where as **Operating System - build number**, operator as **is greater than or equal to** and value **14393** and select on **OK**. - :::image type="content" source="images/configmgr-simple-value.png" alt-text="The Microsoft Endpoint Configuration Manager wizard7" lightbox="images/configmgr-simple-value.png"::: + :::image type="content" source="images/configmgr-simple-value.png" alt-text="The Microsoft Configuration Manager wizard7" lightbox="images/configmgr-simple-value.png"::: 8. Select **Next** and **Close**. - :::image type="content" source="images/configmgr-membership-rules.png" alt-text="The Microsoft Endpoint Configuration Manager wizard8" lightbox="images/configmgr-membership-rules.png"::: + :::image type="content" source="images/configmgr-membership-rules.png" alt-text="The Microsoft Configuration Manager wizard8" lightbox="images/configmgr-membership-rules.png"::: 9. Select **Next**. - :::image type="content" source="images/configmgr-confirm.png" alt-text="The Microsoft Endpoint Configuration Manager wizard9" lightbox="images/configmgr-confirm.png"::: + :::image type="content" source="images/configmgr-confirm.png" alt-text="The Microsoft Configuration Manager wizard9" lightbox="images/configmgr-confirm.png"::: After completing this task, you now have a device collection with all the Windows endpoints in the environment. ## Step 2: Configure Microsoft Defender for Endpoint capabilities -This section guides you in configuring the following capabilities using Microsoft Endpoint Configuration Manager on Windows devices: +This section guides you in configuring the following capabilities using Microsoft Configuration Manager on Windows devices: - [**Endpoint detection and response**](#endpoint-detection-and-response) - [**Next-generation protection**](#next-generation-protection) From within the Microsoft 365 Defender portal it is possible to download the `.o 1. From a <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender portal</a>, select [Settings and then Onboarding](https://security.microsoft.com/preferences2/onboarding). -2. Under Deployment method, select the supported version of **Microsoft Endpoint Configuration Manager**. +2. Under Deployment method, select the supported version of **Microsoft Configuration Manager**. - :::image type="content" source="images/mdatp-onboarding-wizard.png" alt-text="The Microsoft Endpoint Configuration Manager wizard10" lightbox="images/mdatp-onboarding-wizard.png"::: + :::image type="content" source="images/mdatp-onboarding-wizard.png" alt-text="The Microsoft Configuration Manager wizard10" lightbox="images/mdatp-onboarding-wizard.png"::: 3. Select **Download package**. - :::image type="content" source="images/mdatp-download-package.png" alt-text="The Microsoft Endpoint Configuration Manager wizard11" lightbox="images/mdatp-download-package.png"::: + :::image type="content" source="images/mdatp-download-package.png" alt-text="The Microsoft Configuration Manager wizard11" lightbox="images/mdatp-download-package.png"::: 4. Save the package to an accessible location.-5. In Microsoft Endpoint Configuration Manager, navigate to: **Assets and Compliance > Overview > Endpoint Protection > Microsoft Defender ATP Policies**. +5. In Microsoft Configuration Manager, navigate to: **Assets and Compliance > Overview > Endpoint Protection > Microsoft Defender ATP Policies**. 6. Right-click **Microsoft Defender ATP Policies** and select **Create Microsoft Defender ATP Policy**. - :::image type="content" source="images/configmgr-create-policy.png" alt-text="The Microsoft Endpoint Configuration Manager wizard12" lightbox="images/configmgr-create-policy.png"::: + :::image type="content" source="images/configmgr-create-policy.png" alt-text="The Microsoft Configuration Manager wizard12" lightbox="images/configmgr-create-policy.png"::: 7. Enter the name and description, verify **Onboarding** is selected, then select **Next**. - :::image type="content" source="images/configmgr-policy-name.png" alt-text="The Microsoft Endpoint Configuration Manager wizard13" lightbox="images/configmgr-policy-name.png"::: + :::image type="content" source="images/configmgr-policy-name.png" alt-text="The Microsoft Configuration Manager wizard13" lightbox="images/configmgr-policy-name.png"::: 8. Select **Browse**. From within the Microsoft 365 Defender portal it is possible to download the `.o 14. Select **Close** when the Wizard completes. -15. In the Microsoft Endpoint Configuration Manager console, right-click the Defender for Endpoint policy you just created and select **Deploy**. +15. In the Microsoft Configuration Manager console, right-click the Defender for Endpoint policy you just created and select **Deploy**. :::image type="content" source="images/configmgr-deploy.png" alt-text="The configuration settings4" lightbox="images/configmgr-deploy.png"::: Once completed, you should see onboarded endpoints in the portal within an hour. Microsoft Defender Antivirus is a built-in anti-malware solution that provides next generation protection for desktops, portable computers, and servers. -1. In the Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Antimalware Polices** and choose **Create Antimalware Policy**. +1. In the Microsoft Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Antimalware Polices** and choose **Create Antimalware Policy**. :::image type="content" source="images/9736e0358e86bc778ce1bd4c516adb8b.png" alt-text="The antimalware policy" lightbox="images/9736e0358e86bc778ce1bd4c516adb8b.png"::: All these features provide a test mode and a block mode. In test mode, there's n To set ASR rules in test mode: -1. In the Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**. +1. In the Microsoft Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**. - :::image type="content" source="images/728c10ef26042bbdbcd270b6343f1a8a.png" alt-text="The Microsoft Endpoint Configuration Manager console0" lightbox="images/728c10ef26042bbdbcd270b6343f1a8a.png"::: + :::image type="content" source="images/728c10ef26042bbdbcd270b6343f1a8a.png" alt-text="The Microsoft Configuration Manager console0" lightbox="images/728c10ef26042bbdbcd270b6343f1a8a.png"::: 2. Select **Attack Surface Reduction**. 3. Set rules to **Audit** and select **Next**. - :::image type="content" source="images/d18e40c9e60aecf1f9a93065cb7567bd.png" alt-text="The Microsoft Endpoint Configuration Manager console1" lightbox="images/d18e40c9e60aecf1f9a93065cb7567bd.png"::: + :::image type="content" source="images/d18e40c9e60aecf1f9a93065cb7567bd.png" alt-text="The Microsoft Configuration Manager console1" lightbox="images/d18e40c9e60aecf1f9a93065cb7567bd.png"::: 4. Confirm the new Exploit Guard policy by selecting **Next**. - :::image type="content" source="images/0a6536f2c4024c08709cac8fcf800060.png" alt-text="The Microsoft Endpoint Configuration Manager console2" lightbox="images/0a6536f2c4024c08709cac8fcf800060.png"::: + :::image type="content" source="images/0a6536f2c4024c08709cac8fcf800060.png" alt-text="The Microsoft Configuration Manager console2" lightbox="images/0a6536f2c4024c08709cac8fcf800060.png"::: 5. Once the policy is created select **Close**. - :::image type="content" source="images/95d23a07c2c8bc79176788f28cef7557.png" alt-text="The Microsoft Endpoint Configuration Manager console3" lightbox="images/95d23a07c2c8bc79176788f28cef7557.png"::: + :::image type="content" source="images/95d23a07c2c8bc79176788f28cef7557.png" alt-text="The Microsoft Configuration Manager console3" lightbox="images/95d23a07c2c8bc79176788f28cef7557.png"::: 6. Right-click on the newly created policy and choose **Deploy**. - :::image type="content" source="images/8999dd697e3b495c04eb911f8b68a1ef.png" alt-text="The Microsoft Endpoint Configuration Manager console4" lightbox="images/8999dd697e3b495c04eb911f8b68a1ef.png"::: + :::image type="content" source="images/8999dd697e3b495c04eb911f8b68a1ef.png" alt-text="The Microsoft Configuration Manager console4" lightbox="images/8999dd697e3b495c04eb911f8b68a1ef.png"::: 7. Target the policy to the newly created Windows collection and select **OK**. - :::image type="content" source="images/0ccfe3e803be4b56c668b220b51da7f7.png" alt-text="The Microsoft Endpoint Configuration Manager console5" lightbox="images/0ccfe3e803be4b56c668b220b51da7f7.png"::: + :::image type="content" source="images/0ccfe3e803be4b56c668b220b51da7f7.png" alt-text="The Microsoft Configuration Manager console5" lightbox="images/0ccfe3e803be4b56c668b220b51da7f7.png"::: After completing this task, you now have successfully configured ASR rules in test mode. See [Optimize ASR rule deployment and detections](/microsoft-365/security/defend #### Set Network Protection rules in test mode -1. In the Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**. +1. In the Microsoft Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**. :::image type="content" source="images/728c10ef26042bbdbcd270b6343f1a8a.png" alt-text="The System Center Configuration Manager1" lightbox="images/728c10ef26042bbdbcd270b6343f1a8a.png"::: See [Optimize ASR rule deployment and detections](/microsoft-365/security/defend 6. Right-click on the newly created policy and choose **Deploy**. - :::image type="content" source="images/8999dd697e3b495c04eb911f8b68a1ef.png" alt-text="The Microsoft Endpoint Configuration Manager-1" lightbox="images/8999dd697e3b495c04eb911f8b68a1ef.png"::: + :::image type="content" source="images/8999dd697e3b495c04eb911f8b68a1ef.png" alt-text="The Microsoft Configuration Manager-1" lightbox="images/8999dd697e3b495c04eb911f8b68a1ef.png"::: 7. Select the policy to the newly created Windows collection and choose **OK**. - :::image type="content" source="images/0ccfe3e803be4b56c668b220b51da7f7.png" alt-text="The Microsoft Endpoint Configuration Manager-2" lightbox="images/0ccfe3e803be4b56c668b220b51da7f7.png"::: + :::image type="content" source="images/0ccfe3e803be4b56c668b220b51da7f7.png" alt-text="The Microsoft Configuration Manager-2" lightbox="images/0ccfe3e803be4b56c668b220b51da7f7.png"::: After completing this task, you now have successfully configured Network Protection in test mode. #### To set Controlled Folder Access rules in test mode -1. In the Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance** > **Overview** > **Endpoint Protection** > **Windows Defender Exploit Guard** and then choose **Create Exploit Guard Policy**. +1. In the Microsoft Configuration Manager console, navigate to **Assets and Compliance** > **Overview** > **Endpoint Protection** > **Windows Defender Exploit Guard** and then choose **Create Exploit Guard Policy**. - :::image type="content" source="images/728c10ef26042bbdbcd270b6343f1a8a.png" alt-text="The Microsoft Endpoint Configuration Manager-3" lightbox="images/728c10ef26042bbdbcd270b6343f1a8a.png"::: + :::image type="content" source="images/728c10ef26042bbdbcd270b6343f1a8a.png" alt-text="The Microsoft Configuration Manager-3" lightbox="images/728c10ef26042bbdbcd270b6343f1a8a.png"::: 2. Select **Controlled folder access**. 3. Set the configuration to **Audit** and select **Next**. - :::image type="content" source="images/a8b934dab2dbba289cf64fe30e0e8aa4.png" alt-text="The Microsoft Endpoint Configuration Manager-4" lightbox="images/a8b934dab2dbba289cf64fe30e0e8aa4.png"::: + :::image type="content" source="images/a8b934dab2dbba289cf64fe30e0e8aa4.png" alt-text="The Microsoft Configuration Manager-4" lightbox="images/a8b934dab2dbba289cf64fe30e0e8aa4.png"::: 4. Confirm the new Exploit Guard Policy by selecting **Next**. - :::image type="content" source="images/0a6536f2c4024c08709cac8fcf800060.png" alt-text="The Microsoft Endpoint Configuration Manager-5" lightbox="images/0a6536f2c4024c08709cac8fcf800060.png"::: + :::image type="content" source="images/0a6536f2c4024c08709cac8fcf800060.png" alt-text="The Microsoft Configuration Manager-5" lightbox="images/0a6536f2c4024c08709cac8fcf800060.png"::: 5. Once the policy is created select on **Close**. - :::image type="content" source="images/95d23a07c2c8bc79176788f28cef7557.png" alt-text="The Microsoft Endpoint Configuration Manager-6" lightbox="images/95d23a07c2c8bc79176788f28cef7557.png"::: + :::image type="content" source="images/95d23a07c2c8bc79176788f28cef7557.png" alt-text="The Microsoft Configuration Manager-6" lightbox="images/95d23a07c2c8bc79176788f28cef7557.png"::: 6. Right-click on the newly created policy and choose **Deploy**. - :::image type="content" source="images/8999dd697e3b495c04eb911f8b68a1ef.png" alt-text="The Microsoft Endpoint Configuration Manager-7" lightbox="images/8999dd697e3b495c04eb911f8b68a1ef.png"::: + :::image type="content" source="images/8999dd697e3b495c04eb911f8b68a1ef.png" alt-text="The Microsoft Configuration Manager-7" lightbox="images/8999dd697e3b495c04eb911f8b68a1ef.png"::: 7. Target the policy to the newly created Windows collection and select **OK**. You have now successfully configured Controlled folder access in test mode. ## Related topic -- [Onboarding using Microsoft Endpoint Manager](onboarding-endpoint-manager.md)+- [Onboarding using Microsoft Configuration Manager](onboarding-endpoint-manager.md) |
| security | Onboarding Endpoint Manager | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/onboarding-endpoint-manager.md | Title: Onboarding using Microsoft Endpoint Manager -description: Learn how to onboard to Microsoft Defender for Endpoint using Microsoft Endpoint Manager -keywords: onboarding, configuration, deploy, deployment, endpoint manager, Microsoft Defender for Endpoint, collection creation, endpoint detection response, next generation protection, attack surface reduction, microsoft endpoint manager + Title: Onboarding using Microsoft Intune +description: Learn how to onboard to Microsoft Defender for Endpoint using Microsoft Intune +keywords: onboarding, configuration, deploy, deployment, endpoint manager, Microsoft Defender for Endpoint, collection creation, endpoint detection response, next generation protection, attack surface reduction, microsoft intune ms.mktglfcycl: deploy ms.sitesec: library search.appverid: met150 Last updated 12/18/2020 -# Onboarding using Microsoft Endpoint Manager +# Onboarding using Microsoft Intune [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] In the [Planning](deployment-strategy.md) topic, there were several methods prov While Defender for Endpoint supports onboarding of various endpoints and tools, this article does not cover them. For information on general onboarding using other supported deployment tools and methods, see [Onboarding overview](onboarding.md). -[Microsoft Endpoint Manager](/mem/endpoint-manager-overview) is a solution platform that unifies several services. It includes [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) and [Microsoft Endpoint Configuration Manager](/mem/configmgr). +The Microsoft Intune family of products is a solution platform that unifies several services. It includes [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) and [Microsoft Configuration Manager](/mem/configmgr). This topic guides users in: -- Step 1: Onboarding devices to the service by creating a group in Microsoft Endpoint Manager (MEM) to assign configurations on-- Step 2: Configuring Defender for Endpoint capabilities using Microsoft Endpoint Manager+- Step 1: Onboarding devices to the service by creating a group in Microsoft Intune to assign configurations on +- Step 2: Configuring Defender for Endpoint capabilities using Microsoft Intune -This onboarding guidance will walk you through the following basic steps that you need to take when using Microsoft Endpoint +This onboarding guidance will walk you through the following basic steps that you need to take when using Microsoft Intune: - [Identifying target devices or users](#identify-target-devices-or-users) - Creating an Azure Active Directory group (User or Device) - [Creating a Configuration Profile](#step-2-create-configuration-policies-to-configure-microsoft-defender-for-endpoint-capabilities)- - In Microsoft Endpoint Manager, we'll guide you in creating a separate policy for each capability. + - In Microsoft Intune, we'll guide you in creating a separate policy for each capability. ## Resources Here are the links you'll need for the rest of the process: -- [MEM portal](https://aka.ms/memac)+- [Intune admin center](https://aka.ms/memac) - [Microsoft 365 Defender](https://security.microsoft.com) - [Intune Security baselines](/mem/intune/protect/security-baseline-settings-defender-atp#microsoft-defender) -For more information about Microsoft Endpoint Manager, check out these resources: +For more information about Microsoft Intune, go to [Microsoft Intune securely manages identities, manages apps, and manages devices](/mem/intune/fundamentals/what-is-intune). -- [Microsoft Endpoint Manager page](/mem/)-- [Blog post on convergence of Intune and ConfigMgr](https://www.microsoft.com/microsoft-365/blog/2019/11/04/use-the-power-of-cloud-intelligence-to-simplify-and-accelerate-it-and-the-move-to-a-modern-workplace/)-- [Introduction video on MEM](https://www.microsoft.com/microsoft-365/blog/2019/11/04/use-the-power-of-cloud-intelligence-to-simplify-and-accelerate-it-and-the-move-to-a-modern-workplace)--## Step 1: Onboard devices by creating a group in MEM to assign configurations on +## Step 1: Onboard devices by creating a group in Intune to assign configurations on ### Identify target devices or users In this section, we will create a test group to assign your configurations on. ### Create a group -1. Open the MEM portal. +1. Open the Microsoft Intune admin center. 2. Open **Groups > New Group**. > [!div class="mx-imgBorder"]- > :::image type="content" source="images/66f724598d9c3319cba27f79dd4617a4.png" alt-text="The Microsoft Endpoint Manager portal1" lightbox="images/66f724598d9c3319cba27f79dd4617a4.png"::: + > :::image type="content" source="images/66f724598d9c3319cba27f79dd4617a4.png" alt-text="The Microsoft Intune admin center1" lightbox="images/66f724598d9c3319cba27f79dd4617a4.png"::: 3. Enter details and create a new group. > [!div class="mx-imgBorder"]- > :::image type="content" source="images/b1e0206d675ad07db218b63cd9b9abc3.png" alt-text="The Microsoft Endpoint Manager portal2" lightbox="images/b1e0206d675ad07db218b63cd9b9abc3.png"::: + > :::image type="content" source="images/b1e0206d675ad07db218b63cd9b9abc3.png" alt-text="The Microsoft Intune admin center2" lightbox="images/b1e0206d675ad07db218b63cd9b9abc3.png"::: 4. Add your test user or device. In this section, we will create a test group to assign your configurations on. 7. Find your test user or device and select it. > [!div class="mx-imgBorder"]- > :::image type="content" source="images/149cbfdf221cdbde8159d0ab72644cd0.png" alt-text="The Microsoft Endpoint Manager portal3" lightbox="images/149cbfdf221cdbde8159d0ab72644cd0.png"::: + > :::image type="content" source="images/149cbfdf221cdbde8159d0ab72644cd0.png" alt-text="The Microsoft Intune admin center3" lightbox="images/149cbfdf221cdbde8159d0ab72644cd0.png"::: 8. Your testing group now has a member to test. Then you will continue by creating several different types of endpoint security ### Endpoint detection and response -1. Open the MEM portal. +1. Open the Intune admin center. 2. Navigate to **Endpoint security > Endpoint detection and response**. Click on **Create Profile**. > [!div class="mx-imgBorder"]- > :::image type="content" source="images/58dcd48811147feb4ddc17212b7fe840.png" alt-text="The Microsoft Endpoint Manager portal4" lightbox="images/58dcd48811147feb4ddc17212b7fe840.png"::: + > :::image type="content" source="images/58dcd48811147feb4ddc17212b7fe840.png" alt-text="The Microsoft Intune admin center4" lightbox="images/58dcd48811147feb4ddc17212b7fe840.png"::: 3. Under **Platform, select Windows 10 and Later, Profile - Endpoint detection and response > Create**. Then you will continue by creating several different types of endpoint security 4. Enter a name and description, then select **Next**. > [!div class="mx-imgBorder"]- > :::image type="content" source="images/a5b2d23bdd50b160fef4afd25dda28d4.png" alt-text="The Microsoft Endpoint Manager portal5" lightbox="images/a5b2d23bdd50b160fef4afd25dda28d4.png"::: + > :::image type="content" source="images/a5b2d23bdd50b160fef4afd25dda28d4.png" alt-text="The Microsoft Intune admin center5" lightbox="images/a5b2d23bdd50b160fef4afd25dda28d4.png"::: 5. Select settings as required, then select **Next**. > [!div class="mx-imgBorder"]- > :::image type="content" source="images/cea7e288b5d42a9baf1aef0754ade910.png" alt-text="The Microsoft Endpoint Manager portal6" lightbox="images/cea7e288b5d42a9baf1aef0754ade910.png"::: + > :::image type="content" source="images/cea7e288b5d42a9baf1aef0754ade910.png" alt-text="The Microsoft Intune admin center6" lightbox="images/cea7e288b5d42a9baf1aef0754ade910.png"::: > [!NOTE] > In this instance, this has been auto populated as Defender for Endpoint has already been integrated with Intune. For more information on the integration, see [Enable Microsoft Defender for Endpoint in Intune](/mem/intune/protect/advanced-threat-protection-configure#to-enable-microsoft-defender-atp). > > The following image is an example of what you'll see when Microsoft Defender for Endpoint is NOT integrated with Intune: >- > :::image type="content" source="images/2466460812371ffae2d19a10c347d6f4.png" alt-text="The Microsoft Endpoint Manager portal7" lightbox="images/2466460812371ffae2d19a10c347d6f4.png"::: + > :::image type="content" source="images/2466460812371ffae2d19a10c347d6f4.png" alt-text="The Microsoft Intune admin center7" lightbox="images/2466460812371ffae2d19a10c347d6f4.png"::: 6. Add scope tags if necessary, then select **Next**. > [!div class="mx-imgBorder"]- > :::image type="content" source="images/ef844f52ec2c0d737ce793f68b5e8408.png" alt-text="The Microsoft Endpoint Manager portal8" lightbox="images/ef844f52ec2c0d737ce793f68b5e8408.png"::: + > :::image type="content" source="images/ef844f52ec2c0d737ce793f68b5e8408.png" alt-text="The Microsoft Intune admin center8" lightbox="images/ef844f52ec2c0d737ce793f68b5e8408.png"::: 7. Add test group by clicking on **Select groups to include** and choose your group, then select **Next**. > [!div class="mx-imgBorder"]- > :::image type="content" source="images/fc3525e20752da026ec9f46ab4fec64f.png" alt-text="The Microsoft Endpoint Manager portal9" lightbox="images/fc3525e20752da026ec9f46ab4fec64f.png"::: + > :::image type="content" source="images/fc3525e20752da026ec9f46ab4fec64f.png" alt-text="The Microsoft Intune admin center9" lightbox="images/fc3525e20752da026ec9f46ab4fec64f.png"::: 8. Review and accept, then select **Create**. > [!div class="mx-imgBorder"]- > :::image type="content" source="images/289172dbd7bd34d55d24810d9d4d8158.png" alt-text="The Microsoft Endpoint Manager portal10" lightbox="images/289172dbd7bd34d55d24810d9d4d8158.png"::: + > :::image type="content" source="images/289172dbd7bd34d55d24810d9d4d8158.png" alt-text="The Microsoft Intune admin center10" lightbox="images/289172dbd7bd34d55d24810d9d4d8158.png"::: 9. You can view your completed policy. > [!div class="mx-imgBorder"]- > :::image type="content" source="images/5a568b6878be8243ea2b9d82d41ed297.png" alt-text="The Microsoft Endpoint Manager portal11" lightbox="images/5a568b6878be8243ea2b9d82d41ed297.png"::: + > :::image type="content" source="images/5a568b6878be8243ea2b9d82d41ed297.png" alt-text="The Microsoft Intune admin center11" lightbox="images/5a568b6878be8243ea2b9d82d41ed297.png"::: ### Next-generation protection -1. Open the MEM portal. +1. Open the Intune admin center. 2. Navigate to **Endpoint security > Antivirus > Create Policy**. > [!div class="mx-imgBorder"]- > :::image type="content" source="images/6b728d6e0d71108d768e368b416ff8ba.png" alt-text="The Microsoft Endpoint Manager portal12" lightbox="images/6b728d6e0d71108d768e368b416ff8ba.png"::: + > :::image type="content" source="images/6b728d6e0d71108d768e368b416ff8ba.png" alt-text="The Microsoft Intune admin center12" lightbox="images/6b728d6e0d71108d768e368b416ff8ba.png"::: 3. Select **Platform - Windows 10 and Later - Windows and Profile - Microsoft Defender Antivirus > Create**. 4. Enter name and description, then select **Next**. > [!div class="mx-imgBorder"]- > :::image type="content" source="images/a7d738dd4509d65407b7d12beaa3e917.png" alt-text="The Microsoft Endpoint Manager portal13" lightbox="images/a7d738dd4509d65407b7d12beaa3e917.png"::: + > :::image type="content" source="images/a7d738dd4509d65407b7d12beaa3e917.png" alt-text="The Microsoft Intune admin center13" lightbox="images/a7d738dd4509d65407b7d12beaa3e917.png"::: 5. In the **Configuration settings page**: Set the configurations you require for Microsoft Defender Antivirus (Cloud Protection, Exclusions, Real-Time Protection, and Remediation). > [!div class="mx-imgBorder"]- > :::image type="content" source="images/3840b1576d6f79a1d72eb14760ef5e8c.png" alt-text="The Microsoft Endpoint Manager portal14" lightbox="images/3840b1576d6f79a1d72eb14760ef5e8c.png"::: + > :::image type="content" source="images/3840b1576d6f79a1d72eb14760ef5e8c.png" alt-text="The Microsoft Intune admin center14" lightbox="images/3840b1576d6f79a1d72eb14760ef5e8c.png"::: 6. Add scope tags if necessary, then select **Next**. > [!div class="mx-imgBorder"]- > :::image type="content" source="images/2055e4f9b9141525c0eb681e7ba19381.png" alt-text="The Microsoft Endpoint Manager portal15" lightbox="images/2055e4f9b9141525c0eb681e7ba19381.png"::: + > :::image type="content" source="images/2055e4f9b9141525c0eb681e7ba19381.png" alt-text="The Microsoft Intune admin center15" lightbox="images/2055e4f9b9141525c0eb681e7ba19381.png"::: 7. Select groups to include, assign to your test group, then select **Next**. > [!div class="mx-imgBorder"]- > :::image type="content" source="images/48318a51adee06bff3908e8ad4944dc9.png" alt-text="The Microsoft Endpoint Manager portal16" lightbox="images/48318a51adee06bff3908e8ad4944dc9.png"::: + > :::image type="content" source="images/48318a51adee06bff3908e8ad4944dc9.png" alt-text="The Microsoft Intune admin center16" lightbox="images/48318a51adee06bff3908e8ad4944dc9.png"::: 8. Review and create, then select **Create**. > [!div class="mx-imgBorder"]- > :::image type="content" source="images/dfdadab79112d61bd3693d957084b0ec.png" alt-text="The Microsoft Endpoint Manager portal17" lightbox="images/dfdadab79112d61bd3693d957084b0ec.png"::: + > :::image type="content" source="images/dfdadab79112d61bd3693d957084b0ec.png" alt-text="The Microsoft Intune admin center17" lightbox="images/dfdadab79112d61bd3693d957084b0ec.png"::: 9. You'll see the configuration policy you created. > [!div class="mx-imgBorder"]- > :::image type="content" source="images/38180219e632d6e4ec7bd25a46398da8.png" alt-text="The Microsoft Endpoint Manager portal18" lightbox="images/38180219e632d6e4ec7bd25a46398da8.png"::: + > :::image type="content" source="images/38180219e632d6e4ec7bd25a46398da8.png" alt-text="The Microsoft Intune admin center18" lightbox="images/38180219e632d6e4ec7bd25a46398da8.png"::: ### Attack Surface Reduction - Attack surface reduction rules -1. Open the MEM portal. +1. Open the Intune admin center. 2. Navigate to **Endpoint security > Attack surface reduction**. Then you will continue by creating several different types of endpoint security rules > Create**. > [!div class="mx-imgBorder"]- > :::image type="content" source="images/522d9bb4288dc9c1a957392b51384fdd.png" alt-text="The Microsoft Endpoint Manager portal19" lightbox="images/522d9bb4288dc9c1a957392b51384fdd.png"::: + > :::image type="content" source="images/522d9bb4288dc9c1a957392b51384fdd.png" alt-text="The Microsoft Intune admin center19" lightbox="images/522d9bb4288dc9c1a957392b51384fdd.png"::: 5. Enter a name and description, then select **Next**. > [!div class="mx-imgBorder"]- > :::image type="content" source="images/a5a71fd73ec389f3cdce6d1a6bd1ff31.png" alt-text="The Microsoft Endpoint Manager portal20" lightbox="images/a5a71fd73ec389f3cdce6d1a6bd1ff31.png"::: + > :::image type="content" source="images/a5a71fd73ec389f3cdce6d1a6bd1ff31.png" alt-text="The Microsoft Intune admin center20" lightbox="images/a5a71fd73ec389f3cdce6d1a6bd1ff31.png"::: 6. In the **Configuration settings page**: Set the configurations you require for Attack surface reduction rules, then select **Next**. Then you will continue by creating several different types of endpoint security > For more information, see [Attack surface reduction rules](attack-surface-reduction.md). > [!div class="mx-imgBorder"]- > :::image type="content" source="images/dd0c00efe615a64a4a368f54257777d0.png" alt-text="The Microsoft Endpoint Manager portal21" lightbox="images/dd0c00efe615a64a4a368f54257777d0.png"::: + > :::image type="content" source="images/dd0c00efe615a64a4a368f54257777d0.png" alt-text="The Microsoft Intune admin center21" lightbox="images/dd0c00efe615a64a4a368f54257777d0.png"::: 7. Add Scope Tags as required, then select **Next**. > [!div class="mx-imgBorder"]- > :::image type="content" source="images/6daa8d347c98fe94a0d9c22797ff6f28.png" alt-text="The Microsoft Endpoint Manager portal22" lightbox="images/6daa8d347c98fe94a0d9c22797ff6f28.png"::: + > :::image type="content" source="images/6daa8d347c98fe94a0d9c22797ff6f28.png" alt-text="The Microsoft Intune admin center22" lightbox="images/6daa8d347c98fe94a0d9c22797ff6f28.png"::: 8. Select groups to include and assign to test group, then select **Next**. > [!div class="mx-imgBorder"]- > :::image type="content" source="images/45cefc8e4e474321b4d47b4626346597.png" alt-text="The Microsoft Endpoint Manager portal23" lightbox="images/45cefc8e4e474321b4d47b4626346597.png"::: + > :::image type="content" source="images/45cefc8e4e474321b4d47b4626346597.png" alt-text="The Microsoft Intune admin center23" lightbox="images/45cefc8e4e474321b4d47b4626346597.png"::: 9. Review the details, then select **Create**. > [!div class="mx-imgBorder"]- > :::image type="content" source="images/2c2e87c5fedc87eba17be0cdeffdb17f.png" alt-text="The Microsoft Endpoint Manager portal24" lightbox="images/2c2e87c5fedc87eba17be0cdeffdb17f.png"::: + > :::image type="content" source="images/2c2e87c5fedc87eba17be0cdeffdb17f.png" alt-text="The Microsoft Intune admin center24" lightbox="images/2c2e87c5fedc87eba17be0cdeffdb17f.png"::: 10. View the policy. > [!div class="mx-imgBorder"]- > :::image type="content" source="images/7a631d17cc42500dacad4e995823ffef.png" alt-text="The Microsoft Endpoint Manager portal25" lightbox="images/7a631d17cc42500dacad4e995823ffef.png"::: + > :::image type="content" source="images/7a631d17cc42500dacad4e995823ffef.png" alt-text="The Microsoft Intune admin center25" lightbox="images/7a631d17cc42500dacad4e995823ffef.png"::: ### Attack Surface Reduction - Web Protection -1. Open the MEM portal. +1. Open the Intune admin center. 2. Navigate to **Endpoint security > Attack surface reduction**. Then you will continue by creating several different types of endpoint security 4. Select **Windows 10 and Later - Web protection > Create**. > [!div class="mx-imgBorder"]- > :::image type="content" source="images/cd7b5a1cbc16cc05f878cdc99ba4c27f.png" alt-text="The Microsoft Endpoint Manager portal26" lightbox="images/cd7b5a1cbc16cc05f878cdc99ba4c27f.png"::: + > :::image type="content" source="images/cd7b5a1cbc16cc05f878cdc99ba4c27f.png" alt-text="The Microsoft Intune admin center26" lightbox="images/cd7b5a1cbc16cc05f878cdc99ba4c27f.png"::: 5. Enter a name and description, then select **Next**. > [!div class="mx-imgBorder"]- > :::image type="content" source="images/5be573a60cd4fa56a86a6668b62dd808.png" alt-text="The Microsoft Endpoint Manager portal27" lightbox="images/5be573a60cd4fa56a86a6668b62dd808.png"::: + > :::image type="content" source="images/5be573a60cd4fa56a86a6668b62dd808.png" alt-text="The Microsoft Intune admin center27" lightbox="images/5be573a60cd4fa56a86a6668b62dd808.png"::: 6. In the **Configuration settings page**: Set the configurations you require for Web Protection, then select **Next**. Then you will continue by creating several different types of endpoint security > For more information, see [Web Protection](web-protection-overview.md). > [!div class="mx-imgBorder"]- > :::image type="content" source="images/6104aa33a56fab750cf30ecabef9f5b6.png" alt-text="The Microsoft Endpoint Manager portal28" lightbox="images/6104aa33a56fab750cf30ecabef9f5b6.png"::: + > :::image type="content" source="images/6104aa33a56fab750cf30ecabef9f5b6.png" alt-text="The Microsoft Intune admin center28" lightbox="images/6104aa33a56fab750cf30ecabef9f5b6.png"::: 7. Add **Scope Tags as required > Next**. > [!div class="mx-imgBorder"]- > :::image type="content" source="images/6daa8d347c98fe94a0d9c22797ff6f28.png" alt-text="The Microsoft Endpoint Manager portal29" lightbox="images/6daa8d347c98fe94a0d9c22797ff6f28.png"::: + > :::image type="content" source="images/6daa8d347c98fe94a0d9c22797ff6f28.png" alt-text="The Microsoft Intune admin center29" lightbox="images/6daa8d347c98fe94a0d9c22797ff6f28.png"::: 8. Select **Assign to test group > Next**. > [!div class="mx-imgBorder"]- > :::image type="content" source="images/45cefc8e4e474321b4d47b4626346597.png" alt-text="The Microsoft Endpoint Manager portal30" lightbox="images/45cefc8e4e474321b4d47b4626346597.png"::: + > :::image type="content" source="images/45cefc8e4e474321b4d47b4626346597.png" alt-text="The Microsoft Intune admin center30" lightbox="images/45cefc8e4e474321b4d47b4626346597.png"::: 9. Select **Review and Create > Create**. > [!div class="mx-imgBorder"]- > :::image type="content" source="images/8ee0405f1a96c23d2eb6f737f11c1ae5.png" alt-text="The Microsoft Endpoint Manager portal31" lightbox="images/8ee0405f1a96c23d2eb6f737f11c1ae5.png"::: + > :::image type="content" source="images/8ee0405f1a96c23d2eb6f737f11c1ae5.png" alt-text="The Microsoft Intune admin center31" lightbox="images/8ee0405f1a96c23d2eb6f737f11c1ae5.png"::: 10. View the policy. > [!div class="mx-imgBorder"]- > :::image type="content" source="images/e74f6f6c150d017a286e6ed3dffb7757.png" alt-text="The Microsoft Endpoint Manager portal32" lightbox="images/e74f6f6c150d017a286e6ed3dffb7757.png"::: + > :::image type="content" source="images/e74f6f6c150d017a286e6ed3dffb7757.png" alt-text="The Microsoft Intune admin center32" lightbox="images/e74f6f6c150d017a286e6ed3dffb7757.png"::: ## Validate configuration settings For information on timing, see [Intune configuration information](/mem/intune/co To confirm that the configuration policy has been applied to your test device, follow the following process for each configuration policy. -1. Open the MEM portal and navigate to the relevant policy as shown in the +1. Open the Intune admin center and navigate to the relevant policy as shown in the steps above. The following example shows the next generation protection settings. > [!div class="mx-imgBorder"]- > [](images/43ab6aa74471ee2977e154a4a5ef2d39.png#lightbox) + > [](images/43ab6aa74471ee2977e154a4a5ef2d39.png#lightbox) 2. Select the **Configuration Policy** to view the policy status. > [!div class="mx-imgBorder"]- > [](images/55ecaca0e4a022f0e29d45aeed724e6c.png#lightbox) + > [](images/55ecaca0e4a022f0e29d45aeed724e6c.png#lightbox) 3. Select **Device Status** to see the status. > [!div class="mx-imgBorder"]- > [](images/18a50df62cc38749000dbfb48e9a4c9b.png#lightbox) + > [](images/18a50df62cc38749000dbfb48e9a4c9b.png#lightbox) 4. Select **User Status** to see the status. > [!div class="mx-imgBorder"]- > [](images/4e965749ff71178af8873bc91f9fe525.png#lightbox) + > [](images/4e965749ff71178af8873bc91f9fe525.png#lightbox) 5. Select **Per-setting status** to see the status. To confirm that the configuration policy has been applied to your test device, f > This view is very useful to identify any settings that conflict with another policy. > [!div class="mx-imgBorder"]- > [](images/42acc69d0128ed09804010bdbdf0a43c.png#lightbox) + > [](images/42acc69d0128ed09804010bdbdf0a43c.png#lightbox) ### Confirm endpoint detection and response |
| security | Onboarding | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/onboarding.md | The following table lists the available tools based on the endpoint that you nee |Endpoint|Deployment tool| |||-|**Windows**|[Local script (up to 10 devices)](configure-endpoints-script.md) <br> [Group Policy](configure-endpoints-gp.md) <br> [Microsoft Endpoint Manager/ Mobile Device Manager](configure-endpoints-mdm.md) <br> [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) <br> [VDI scripts](configure-endpoints-vdi.md)| +|**Windows**|[Local script (up to 10 devices)](configure-endpoints-script.md) <br> [Group Policy](configure-endpoints-gp.md) <br> [Microsoft Intune/ Mobile Device Manager](configure-endpoints-mdm.md) <br> [Microsoft Configuration Manager](configure-endpoints-sccm.md) <br> [VDI scripts](configure-endpoints-vdi.md)| |**Windows servers<br><br>Linux servers** | [Integration with Microsoft Defender for Cloud](azure-server-integration.md)-|**macOS**|[Local script](mac-install-manually.md) <br> [Microsoft Endpoint Manager](mac-install-with-intune.md) <br> [JAMF Pro](mac-install-with-jamf.md) <br> [Mobile Device Management](mac-install-with-other-mdm.md)| +|**macOS**|[Local script](mac-install-manually.md) <br> [Microsoft Intune](mac-install-with-intune.md) <br> [JAMF Pro](mac-install-with-jamf.md) <br> [Mobile Device Management](mac-install-with-other-mdm.md)| |**Linux servers**|[Local script](linux-install-manually.md) <br> [Puppet](linux-install-with-puppet.md) <br> [Ansible](linux-install-with-ansible.md) <br> [Chef](linux-deploy-defender-for-endpoint-with-chef.md)<br> [Saltstack](linux-install-with-saltack.md)|-|**Android**|[Microsoft Endpoint Manager](android-intune.md)| -|**iOS**|[Microsoft Endpoint Manager](ios-install.md) <br> [Mobile Application Manager](ios-install-unmanaged.md) | +|**Android**|[Microsoft Intune](android-intune.md)| +|**iOS**|[Microsoft Intune](ios-install.md) <br> [Mobile Application Manager](ios-install-unmanaged.md) | ## Step 2: Configure capabilities In this deployment guide, we'll guide you through using two deployment tools to The tools in the example deployments are: -- [Onboarding using Microsoft Endpoint Configuration Manager](onboarding-endpoint-configuration-manager.md)-- [Onboarding using Microsoft Endpoint Manager](onboarding-endpoint-manager.md)+- [Onboarding using Microsoft Configuration Manager](onboarding-endpoint-configuration-manager.md) +- [Onboarding using Microsoft Intune](onboarding-endpoint-manager.md) Using the mentioned deployment tools above, you'll then be guided in configuring the following Defender for Endpoint capabilities: Using the mentioned deployment tools above, you'll then be guided in configuring ## Related topics -- [Onboarding using Microsoft Endpoint Configuration Manager](onboarding-endpoint-configuration-manager.md)-- [Onboarding using Microsoft Endpoint Manager](onboarding-endpoint-manager.md)+- [Onboarding using Microsoft Configuration Manager](onboarding-endpoint-configuration-manager.md) +- [Onboarding using Microsoft Intune](onboarding-endpoint-manager.md) - [Safe Documents in Microsoft 365 E5](../office-365-security/safe-documents-in-e5-plus-security-about.md) |
| security | Overview Attack Surface Reduction | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction.md | To configure attack surface reduction in your environment, follow these steps: > [!TIP] > In most cases, when you configure attack surface reduction capabilities, you can choose from among several methods: >-> - Microsoft Endpoint Manager (which now includes Microsoft Intune and Microsoft Endpoint Configuration Manager) +> - Microsoft Intune +> - Microsoft Configuration Manager > - Group Policy > - PowerShell cmdlets |
| security | Printer Protection | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/printer-protection.md | Make sure that the Windows 10 or Windows 11 devices that you plan on deploying P - For Windows 1909: install Windows Update [KB5003212](https://support.microsoft.com/topic/may-20-2021-kb5003212-os-build-18363-1593-preview-05381524-8380-4b30-b783-e330cad3d4a1) - For Windows 2004 or later -2. If you're planning to deploy policy via Group Policy, the device must be onboarded to Microsoft Defender for Endpoint joined; if you're planning to deploy policy via Microsoft Endpoint Manager, the device must be joined by using Microsoft Intune. +2. If you're planning to deploy policy via Group Policy, the device must be onboarded to Microsoft Defender for Endpoint joined; if you're planning to deploy policy via Microsoft Intune, the device must be joined by using Microsoft Intune. ## Deploy Device Control Printer Protection policy |
| security | Professional Services | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/professional-services.md | Protect your organization proactively by evaluating your organization's ability |[Microsoft Defender Experts](https://go.microsoft.com/fwlink/?linkid=2203232)|Microsoft|Defender Experts for Hunting is a proactive threat hunting service for Microsoft 365 Defender.| |[Microsoft Consulting Services - Security Operations and Threat Protection Services](https://www.microsoft.com/industrysolutions/solutions/security?activetab=pivot1:primaryr4)|Microsoft|The Microsoft Consulting Services (MCS) Security Operations and Threat Protection Services (SOTPS), provides a structured approach to modern Security Operations Center (SOC) design and implementation using effective change management techniques so your security professionals can detect attacks faster and respond more effectively.| |[Onevinn Threat Hunting](https://go.microsoft.com/fwlink/?linkid=2202584)|Onevinn|If your Internal SOC needs an extra pair of eyes looking for threats, Onevinn's Threat Hunters can be purchased as your extended hunting team.|-|[Microsoft 365 Security Assessment](https://go.microsoft.com/fwlink/?linkid=2202389)|Nedscaper|The Microsoft 365 Security assessment provides a risk-based approach to scan and analyze the security baseline (prevention is better than the cure) and settings of the Microsoft 365 Security products, from Microsoft 365 E3 security products like Azure AD Conditional Access and Microsoft Endpoint Manager (Microsoft Defender Antivirus policies) to the Microsoft 365 E5 Security products like Microsoft 365 Defender, Azure AD identity Protection and Microsoft Defender for Identity, Devices, Office 365 and Cloud Apps.| +|[Microsoft 365 Security Assessment](https://go.microsoft.com/fwlink/?linkid=2202389)|Nedscaper|The Microsoft 365 Security assessment provides a risk-based approach to scan and analyze the security baseline (prevention is better than the cure) and settings of the Microsoft 365 Security products, from Microsoft 365 E3 security products like Azure AD Conditional Access and Microsoft Intune (Microsoft Defender Antivirus policies) to the Microsoft 365 E5 Security products like Microsoft 365 Defender, Azure AD identity Protection and Microsoft Defender for Identity, Devices, Office 365 and Cloud Apps.| |[Invoke Monthly Microsoft 365 Security Assessments](https://go.microsoft.com/fwlink/?linkid=2202583)|Invoke LLC|Provides monthly detailed assessment reports of active threats, vulnerabilities active and Phishing/malware campaigns targeted on your Microsoft 365 Environment. Helps with prescribed mitigations for active threats and improvement actions for recurring threats if any.Monitor Secure score and recommendations, giving your security teams an extra set of eyes to stay on top of risks.| |[Cloud Security Operations Center](https://go.microsoft.com/fwlink/?linkid=2202671)|glueckkanja-gab AG|Monitors your Microsoft Security Solutions 24/7, respond to threats on your behalf and work closely with your IT to continuously improve your security posture.| |[Wortell Protect](https://go.microsoft.com/fwlink/?linkid=2202480)|Wortell|Wortell offers a 24.7.365 Managed Detection and Response service, SOC-as-a-service, to secure your Azure subscriptions and Microsoft 365 environment. With this managed service, Wortell will provide security monitoring and incident response, and operate Microsoft Defender and (optionally) Microsoft Sentinel on your behalf. The service also includes threat intelligence feeds and custom machine learning models| |
| security | Report Monitor Microsoft Defender Antivirus | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/report-monitor-microsoft-defender-antivirus.md | Last updated 04/08/2021 Microsoft Defender Antivirus is built into Windows 10, Windows 11, Windows Server 2019, Windows Server 2022, and Windows Server 2016. Microsoft Defender Antivirus is of your next-generation protection in Microsoft Defender for Endpoint. Next-generation protection helps protect your devices from software threats like viruses, malware, and spyware across email, apps, the cloud, and the web. -With Microsoft Defender Antivirus, you have several options for reviewing protection status and alerts. You can use Microsoft Endpoint Manager to [monitor Microsoft Defender Antivirus](/configmgr/protect/deploy-use/monitor-endpoint-protection) or [create email alerts](/configmgr/protect/deploy-use/endpoint-configure-alerts). Or, you can monitor protection using [Microsoft Intune](/intune/introduction-intune). +With Microsoft Defender Antivirus, you have several options for reviewing protection status and alerts. You can use Microsoft Configuration Manager to [monitor Microsoft Defender Antivirus](/configmgr/protect/deploy-use/monitor-endpoint-protection) or [create email alerts](/configmgr/protect/deploy-use/endpoint-configure-alerts). Or, you can monitor protection using [Microsoft Intune](/intune/introduction-intune). If you have a third-party security information and event management (SIEM) server, you can also consume [Windows Defender client events](/windows/win32/events/windows-events). |
| security | Run Scan Microsoft Defender Antivirus | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/run-scan-microsoft-defender-antivirus.md | Combined with always-on, real-time protection, which reviews files when they are > [!IMPORTANT] > Microsoft Defender Antivirus runs in the context of the [LocalSystem](/windows/win32/services/localsystem-account) account when performing a local scan. For network scans, it uses the context of the device account. If the domain device account doesn't have appropriate permissions to access the share, the scan won't work. Ensure that the device has permissions to the access network share. -## Use Microsoft Endpoint Manager to run a scan +## Use Microsoft Intune to run a scan ++### Use endpoint security to run a scan on Windows devices -1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and log in. +1. Go to the Microsoft Intune admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and log in. 2. Choose **Endpoint security** \> **Antivirus**. Combined with always-on, real-time protection, which reviews files when they are [](images/mem-antivirus-scan-on-demand.png#lightbox) > [!TIP]-> For more information about using Microsoft Endpoint Manager to run a scan, see [Antimalware and firewall tasks: How to perform an on-demand scan](/configmgr/protect/deploy-use/endpoint-antimalware-firewall#how-to-perform-an-on-demand-scan-of-computers). +> For more information about using Microsoft Configuration Manager to run a scan, see [Antimalware and firewall tasks: How to perform an on-demand scan](/configmgr/protect/deploy-use/endpoint-antimalware-firewall#how-to-perform-an-on-demand-scan-of-computers). ++### Use devices to run a scan on a single device ++1. Go to the Microsoft Intune admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and log in. ++2. From the sidebar, select **Devices** \> **All Devices** and choose the device you want to scan. ++3. Select **...More**. From the options, select **Quick Scan** (recommended) or **Full Scan**. ## Use the mpcmdrun.exe command-line utility to run a scan mpcmdrun.exe -scan -scantype 1 For more information about how to use the tool and additional parameters, including starting a full scan, or defining paths, see [Use the mpcmdrun.exe commandline tool to configure and manage Microsoft Defender Antivirus](command-line-arguments-microsoft-defender-antivirus.md). -## Use Microsoft Intune to run a scan --1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and log in. --2. From the sidebar, select **Devices** \> **All Devices** and choose the device you want to scan. --3. Select **...More**. From the options, select **Quick Scan** (recommended) or **Full Scan**. - ## Use the Windows Security app to run a scan See [Run a scan in the Windows Security app](microsoft-defender-security-center-antivirus.md) for instructions on running a scan on individual endpoints. |
| security | Specify Additional Definitions Network Traffic Inspection Mdav | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/specify-additional-definitions-network-traffic-inspection-mdav.md | You can specify additional definition sets for network traffic inspection using 7. Select **OK**, and then deploy your updated Group Policy Object. See [Group Policy Management Console](/windows/win32/srvnodes/group-policy). > [!TIP]-> Are you using Group Policy Objects on premises? See how they translate in the cloud. [Analyze your on-premises group policy objects using Group Policy analytics in Microsoft Endpoint Manager - Preview](/mem/intune/configuration/group-policy-analytics). +> Are you using Group Policy Objects on premises? See how they translate in the cloud. [Analyze your on-premises group policy objects using Group Policy analytics in Microsoft Intune](/mem/intune/configuration/group-policy-analytics). ## Related articles |
| security | Specify Cloud Protection Level Microsoft Defender Antivirus | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/specify-cloud-protection-level-microsoft-defender-antivirus.md | search.appverid: met150 **Platforms** - Windows -Cloud protection works together with Microsoft Defender Antivirus to deliver protection to your endpoints much faster than through traditional security intelligence updates. You can configure your level of cloud protection by using Microsoft Endpoint Manager (recommended) or Group Policy. +Cloud protection works together with Microsoft Defender Antivirus to deliver protection to your endpoints much faster than through traditional security intelligence updates. You can configure your level of cloud protection by using Microsoft Intune (recommended) or Group Policy. > [!NOTE] > Selecting **High**, **High +**, or **Zero tolerance** could cause some legitimate files to be detected. If that happens, you can unblock the detected file or dispute that detection in the Microsoft 365 Defender portal. -## Use Microsoft Endpoint Manager to specify the level of cloud protection +## Use Microsoft Intune to specify the level of cloud protection -1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in. +1. Go to the Microsoft Intune admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in. 2. Choose **Endpoint security** \> **Antivirus**. Cloud protection works together with Microsoft Defender Antivirus to deliver pro 7. Deploy your updated Group Policy Object. See [Group Policy Management Console](/windows/win32/srvnodes/group-policy) > [!TIP]-> Are you using Group Policy Objects on premises? See how they translate in the cloud. [Analyze your on-premises group policy objects using Group Policy analytics in Microsoft Endpoint Manager - Preview](/mem/intune/configuration/group-policy-analytics). +> Are you using Group Policy Objects on premises? See how they translate in the cloud. [Analyze your on-premises group policy objects using Group Policy analytics in Microsoft Intune](/mem/intune/configuration/group-policy-analytics). > [!TIP] > If you're looking for Antivirus related information for other platforms, see: |
| security | Switch To Mde Phase 2 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/switch-to-mde-phase-2.md | You can now run Microsoft Defender Antivirus in passive mode on Windows Server 2 3. If you're going to use either [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) or [Microsoft Endpoint Configuration Manager](/mem/endpoint-manager-overview) to onboard devices and configure device policies, set up integration with Defender for Endpoint by following these steps: <br/> - 1. In the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)), go to **Endpoint security**. + 1. In the Microsoft Intune admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)), go to **Endpoint security**. 2. Under **Setup**, choose **Microsoft Defender for Endpoint**. You can now run Microsoft Defender Antivirus in passive mode on Windows Server 2 | Capability | Configuration methods | |:|:|- | [Intune](/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) |1. In the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices** \> **Configuration profiles**, and then select the profile type you want to configure. If you haven't yet created a **Device restrictions** profile type, or if you want to create a new one, see [Configure device restriction settings in Microsoft Intune](/intune/device-restrictions-configure).<br/><br/>2. Select **Properties**, and then select **Configuration settings: Edit**<br/><br/>3. Expand **Microsoft Defender Antivirus**.<br/><br/>4. Enable **Cloud-delivered protection**.<br/><br/>5. In the **Prompt users before sample submission** dropdown, select **Send all samples automatically**.<br/><br/>6. In the **Detect potentially unwanted applications** dropdown, select **Enable** or **Audit**.<br/><br/>7. Select **Review + save**, and then choose **Save**. <br/><br/> **TIP**: For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](/intune/device-profiles).| + | [Intune](/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) |1. In the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices** \> **Configuration profiles**, and then select the profile type you want to configure. If you haven't yet created a **Device restrictions** profile type, or if you want to create a new one, see [Configure device restriction settings in Microsoft Intune](/intune/device-restrictions-configure).<br/><br/>2. Select **Properties**, and then select **Configuration settings: Edit**<br/><br/>3. Expand **Microsoft Defender Antivirus**.<br/><br/>4. Enable **Cloud-delivered protection**.<br/><br/>5. In the **Prompt users before sample submission** dropdown, select **Send all samples automatically**.<br/><br/>6. In the **Detect potentially unwanted applications** dropdown, select **Enable** or **Audit**.<br/><br/>7. Select **Review + save**, and then choose **Save**. <br/><br/> **TIP**: For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](/intune/device-profiles).| |[Configuration Manager](/mem/configmgr)|See [Create and deploy antimalware policies for Endpoint Protection in Configuration Manager](/mem/configmgr/protect/deploy-use/endpoint-antimalware-policies). <br/><br/> When you create and configure your antimalware policies, make sure to review the [real-time protection settings](/mem/configmgr/protect/deploy-use/endpoint-antimalware-policies#real-time-protection-settings) and [enable block at first sight](configure-block-at-first-sight-microsoft-defender-antivirus.md). |[Advanced Group Policy Management](/microsoft-desktop-optimization-pack/agpm/) <br/> or <br/> [Group Policy Management Console](/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus)|1. Go to **Computer configuration** \> **Administrative templates** \> **Windows components** \> **Microsoft Defender Antivirus**.<br/><br/>2. Look for a policy called **Turn off Microsoft Defender Antivirus**.<br/><br/>3. Choose **Edit policy setting**, and make sure that policy is disabled. This action enables Microsoft Defender Antivirus. (You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.)| |Control Panel in Windows|Follow the guidance here: [Turn on Microsoft Defender Antivirus](/mem/intune/user-help/turn-on-defender-windows). (You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.)| *If you have Defender for Endpoint Plan 1, your initial setup and configuration is done for now. If you have Defender for Endpoint Plan 2, continue to steps 6-7.* -6. Configure your endpoint detection and response (EDR) policies in the Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)). To get help with this task, see [Create EDR policies](/mem/intune/protect/endpoint-security-edr-policy#create-edr-policies). +6. Configure your endpoint detection and response (EDR) policies in the Intune admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)). To get help with this task, see [Create EDR policies](/mem/intune/protect/endpoint-security-edr-policy#create-edr-policies). 7. Configure your automated investigation and remediation capabilities in the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)). To get help with this task, see [Configure automated investigation and remediation capabilities in Microsoft Defender for Endpoint](configure-automated-investigations-remediation.md). During this step of the setup process, you add your existing solution to the lis |Method|What to do| |||-|[Intune](/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<br/><br/>2. Select **Devices** \> **Configuration profiles**, and then select the profile that you want to configure.<br/><br/>3. Under **Manage**, select **Properties**.<br/><br/>4. Select **Configuration settings: Edit**.<br/><br/>5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<br/><br/>6. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. For reference, see [Microsoft Defender Antivirus exclusions](/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).<br/><br/>7. Choose **Review + save**, and then choose **Save**.| +|[Intune](/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) |1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<br/><br/>2. Select **Devices** \> **Configuration profiles**, and then select the profile that you want to configure.<br/><br/>3. Under **Manage**, select **Properties**.<br/><br/>4. Select **Configuration settings: Edit**.<br/><br/>5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<br/><br/>6. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. For reference, see [Microsoft Defender Antivirus exclusions](/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).<br/><br/>7. Choose **Review + save**, and then choose **Save**.| |[Microsoft Endpoint Configuration Manager](/mem/configmgr/)|1. Using the [Configuration Manager console](/mem/configmgr/core/servers/manage/admin-console), go to **Assets and Compliance** \> **Endpoint Protection** \> **Antimalware Policies**, and then select the policy that you want to modify.<br/><br/>2. Specify exclusion settings for files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans.| |[Group Policy Object](/previous-versions/windows/desktop/Policy/group-policy-objects)|1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and then select **Edit**.<br/><br/>2. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.<br/><br/>3. Expand the tree to **Windows components \> Microsoft Defender Antivirus \> Exclusions**. (You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.)<br/><br/>4. Double-click the **Path Exclusions** setting and add the exclusions.<br/><br/>5. Set the option to **Enabled**.<br/><br/>6. Under the **Options** section, select **Show...**.<br/><br/>7. Specify each folder on its own line under the **Value name** column. If you specify a file, make sure to enter a fully qualified path to the file, including the drive letter, folder path, filename, and extension. Enter **0** in the **Value** column.<br/><br/>8. Select **OK**.<br/><br/>9. Double-click the **Extension Exclusions** setting and add the exclusions.<br/><br/>10. Set the option to **Enabled**.<br/><br/>11. Under the **Options** section, select **Show...**.<br/><br/>12. Enter each file extension on its own line under the **Value name** column. Enter **0** in the **Value** column.<br/><br/>13. Select **OK**.| |Local group policy object|1. On the endpoint or device, open the Local Group Policy Editor.<br/><br/>2. Go to **Computer Configuration** \> **Administrative Templates** \> **Windows Components** \> **Microsoft Defender Antivirus** \> **Exclusions**. (You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.)<br/><br/>3. Specify your path and process exclusions.| |
| security | Switch To Mde Phase 3 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/switch-to-mde-phase-3.md | Deployment methods vary, depending on operating system and preferred methods. Th |Operating systems |Methods | |||-|Windows 10 or later<br/><br/>Windows Server 2019 or later<br/><br/>Windows Server, version 1803 or later<br/><br/>Windows Server 2016 or Windows Server 2012 R2<sup>[[1](#fn1)]<sup> | [Microsoft Intune or Mobile Device Management](configure-endpoints-mdm.md)<br/><br/>[Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md)<br/><br/>[Group Policy](configure-endpoints-gp.md)<br/><br/>[VDI scripts](configure-endpoints-vdi.md)<br/><br/>[Local script (up to 10 devices)](configure-endpoints-script.md)<br/> Note that the local script method is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune. | +|Windows 10 or later<br/><br/>Windows Server 2019 or later<br/><br/>Windows Server, version 1803 or later<br/><br/>Windows Server 2016 or Windows Server 2012 R2<sup>[[1](#fn1)]<sup> | [Microsoft Intune or Mobile Device Management](configure-endpoints-mdm.md)<br/><br/>[Microsoft Configuration Manager](configure-endpoints-sccm.md)<br/><br/>[Group Policy](configure-endpoints-gp.md)<br/><br/>[VDI scripts](configure-endpoints-vdi.md)<br/><br/>[Local script (up to 10 devices)](configure-endpoints-script.md)<br/> Note that the local script method is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Configuration Manager, or Intune. | |Windows Server 2008 R2 SP1 | [Microsoft Monitoring Agent (MMA)](onboard-downlevel.md#install-and-configure-microsoft-monitoring-agent-mma) or [Microsoft Defender for Cloud](/azure/security-center/security-center-wdatp) <br> Note that the Microsoft Monitoring Agent is now Azure Log Analytics agent. To learn more, see [Log Analytics agent overview](/azure/azure-monitor/platform/log-analytics-agent). | |Windows 8.1 Enterprise<br/><br/>Windows 8.1 Pro<br/><br/>Windows 7 SP1 Pro<br/><br/>Windows 7 SP1| [Microsoft Monitoring Agent (MMA)](onboard-downlevel.md) <br>Note that the Microsoft Monitoring Agent is now Azure Log Analytics agent. To learn more, see [Log Analytics agent overview](/azure/azure-monitor/platform/log-analytics-agent). |**Windows servers<br><br>Linux servers** | [Integration with Microsoft Defender for Cloud](azure-server-integration.md)-|macOS|[Local script](mac-install-manually.md) <br> [Microsoft Endpoint Manager](mac-install-with-intune.md) <br> [JAMF Pro](mac-install-with-jamf.md) <br> [Mobile Device Management](mac-install-with-other-mdm.md)| +|macOS|[Local script](mac-install-manually.md) <br> [Microsoft Intune](mac-install-with-intune.md) <br> [JAMF Pro](mac-install-with-jamf.md) <br> [Mobile Device Management](mac-install-with-other-mdm.md)| |Linux Server|[Local script](linux-install-manually.md) <br> [Puppet](linux-install-with-puppet.md) <br> [Ansible](linux-install-with-ansible.md) <br> [Chef](linux-deploy-defender-for-endpoint-with-chef.md)|-|Android|[Microsoft Endpoint Manager](android-intune.md)| -|iOS|[Microsoft Endpoint Manager](ios-install.md) <br> [Mobile Application Manager](ios-install-unmanaged.md) | +|Android|[Microsoft Intune](android-intune.md)| +|iOS|[Microsoft Intune](ios-install.md) <br> [Mobile Application Manager](ios-install-unmanaged.md) | (<a id="fn1">1</a>) Windows Server 2016 and Windows Server 2012 R2 will need to be onboarded using the instructions in [Onboard Windows servers](configure-server-endpoints.md#windows-server-2012-r2-and-windows-server-2016). |
| security | Troubleshoot Np | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/troubleshoot-np.md | Set-MpPreference -ProxyServer <proxy IP address: Port> Set-MpPreference -ProxyPacUrl <Proxy PAC url> ``` -You can configure the registry key by using PowerShell, Microsoft Endpoint Manager, or Group Policy. Here are some resources to help: +You can configure the registry key by using PowerShell, Microsoft Configuration Manager, or Group Policy. Here are some resources to help: - [Working with Registry Keys](/powershell/scripting/samples/working-with-registry-keys) - [Configure custom client settings for Endpoint Protection](/mem/configmgr/protect/deploy-use/endpoint-protection-configure-client) |
| security | Troubleshoot Reporting | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/troubleshoot-reporting.md | Last updated 04/08/2021 - Windows > [!IMPORTANT]-> On March 31, 2020, the Microsoft Defender Antivirus reporting feature of Update Compliance will be removed. You can continue to define and review security compliance policies using [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager), which allows finer control over security features and updates. +> On March 31, 2020, the Microsoft Defender Antivirus reporting feature of Update Compliance will be removed. You can continue to define and review security compliance policies using [Microsoft Intune family of products](https://www.microsoft.com/security/business/endpoint-management/microsoft-intune), which allows finer control over security features and updates. You can use Microsoft Defender Antivirus with Update Compliance. You'll see status for E3, B, F1, VL, and Pro licenses. However, for E5 licenses, you need to use the [Microsoft Defender for Endpoint portal](/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints). To learn more about licensing options, see [Windows 10 product licensing options](https://www.microsoft.com/licensing/product-licensing/windows10.aspx). |
| security | Troubleshoot Security Config Mgt | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/troubleshoot-security-config-mgt.md | Last updated 10/19/2021 **Applies to:** -- [Manage Microsoft Defender for Endpoint on devices with Microsoft Endpoint Manager](/mem/intune/protect/mde-security-integration)+- [Manage Microsoft Defender for Endpoint on devices with Microsoft Intune](/mem/intune/protect/mde-security-integration) - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -Security Management for Microsoft Defender for Endpoint is a capability for devices that aren't managed by a Microsoft Endpoint Manager, either Microsoft Intune or Microsoft Endpoint Configuration Manager, to receive security configurations for Microsoft Defender for Endpoint directly from Endpoint Manager. -For more information on Security Management for Microsoft Defender for Endpoint, see [Manage Microsoft Defender for Endpoint on devices with Microsoft Endpoint Manager](/mem/intune/protect/mde-security-integration). +Security Management for Microsoft Defender for Endpoint is a capability for devices that aren't managed by Microsoft Intune or Microsoft Configuration Manager to receive security configurations for Microsoft Defender for Endpoint directly from Intune. +For more information on Security Management for Microsoft Defender for Endpoint, see [Manage Microsoft Defender for Endpoint on devices with Microsoft Intune](/mem/intune/protect/mde-security-integration). For Security Management for Microsoft Defender for Endpoint onboarding instructions, see [Microsoft Defender for Endpoint Security Configuration Management](security-config-management.md) For example, as part of the Security Management onboarding flow, it is required ## General troubleshooting -If you weren't able to identify the onboarded device in AAD or MEM, and did not receive an error during the enrollment, checking the registry key `Computer\\HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SenseCM\\EnrollmentStatus` can provide additional troubleshooting information. +If you weren't able to identify the onboarded device in Azure AD or in the Intune admin center, and did not receive an error during the enrollment, checking the registry key `Computer\\HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SenseCM\\EnrollmentStatus` can provide additional troubleshooting information. :::image type="content" source="images/enrollment-status.png" alt-text="The page displaying the enrollment status" lightbox="images/enrollment-status.png"::: The following table lists errors and directions on what to try/check in order to |Error Code|Enrollment Status|Administrator Actions| |||| |`5-7`, `9`, `11-12`, `26-33`|General error|The device was successfully onboarded to Microsoft Defender for Endpoint. However, there was an error in the security configuration management flow. This could be due to the device not meeting [prerequisites for Microsoft Defender for Endpoint management channel](security-config-management.md). Running the [Client Analyzer](https://aka.ms/BetaMDEAnalyzer) on the device can help identify the root cause of the issue. If this doesn't help, please contact support.|-| `8`, `44` | Microsoft Endpoint Manager Configuration issue | The device was successfully onboarded to Microsoft Defender for Endpoint. However, Microsoft Endpoint Manager has not been configured through the Admin Center to allow Microsoft Defender for Endpoint Security Configuration. Make sure the [Microsoft Endpoint Manager tenant is configured and the feature is turned on](/mem/intune/protect/mde-security-integration#configure-your-tenant-to-support-microsoft-defender-for-endpoint-security-configuration-management).| -|`13-14`,`20`,`24`,`25`|Connectivity issue|The device was successfully onboarded to Microsoft Defender for Endpoint. However, there was an error in the security configuration management flow which could be due to a connectivity issue. Verify that the [Azure Active Directory and Microsoft Endpoint Manager endpoints](security-config-management.md#connectivity-requirements) are opened in your firewall.| +| `8`, `44` | Microsoft Intune Configuration issue | The device was successfully onboarded to Microsoft Defender for Endpoint. However, Microsoft Intune has not been configured through the Admin Center to allow Microsoft Defender for Endpoint Security Configuration. Make sure the [Microsoft Intune tenant is configured and the feature is turned on](/mem/intune/protect/mde-security-integration#configure-your-tenant-to-support-microsoft-defender-for-endpoint-security-configuration-management).| +|`13-14`,`20`,`24`,`25`|Connectivity issue|The device was successfully onboarded to Microsoft Defender for Endpoint. However, there was an error in the security configuration management flow which could be due to a connectivity issue. Verify that the [Azure Active Directory and Microsoft Intune endpoints](security-config-management.md#connectivity-requirements) are opened in your firewall.| |`10`,`42`|General Hybrid join failure|The device was successfully onboarded to Microsoft Defender for Endpoint. However, there was an error in the security configuration management flow and the OS failed to perform hybrid join. Use [Troubleshoot hybrid Azure Active Directory-joined devices](/azure/active-directory/devices/troubleshoot-hybrid-join-windows-current) for troubleshooting OS-level hybrid join failures.| |`15`|Tenant mismatch|The device was successfully onboarded to Microsoft Defender for Endpoint. However, there was an error in the security configuration management flow because your Microsoft Defender for Endpoint tenant ID doesn't match your Azure Active Directory tenant ID. Make sure that the Azure Active Directory tenant ID from your Defender for Endpoint tenant matches the tenant ID in the SCP entry of your domain. For more details, [Troubleshoot onboarding issues related to Security Management for Microsoft Defender for Endpoint](troubleshoot-security-config-mgt.md).| |`16`,`17`|Hybrid error - Service Connection Point|The device was successfully onboarded to Microsoft Defender for Endpoint. However, Service Connection Point (SCP) record is not configured correctly and the device couldn't be joined to Azure AD. This could be due to the SCP being configured to join Enterprise DRS. Make sure the SCP record points to AAD and SCP is configured following best practices. For more information, see [Configure a service connection point](/azure/active-directory/devices/hybrid-azuread-join-manual#configure-a-service-connection-point).| For Security Management for Microsoft Defender for Endpoint on Windows Server 20 ## Related topic -- [Manage Microsoft Defender for Endpoint on devices with Microsoft Endpoint Manager](/mem/intune/protect/mde-security-integration)+- [Manage Microsoft Defender for Endpoint on devices with Microsoft Intune](/mem/intune/protect/mde-security-integration) |
| security | Turn On Definition Retirement | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/turn-on-definition-retirement.md | You can configure definition retirement using Group Policy. Definition retiremen 6. Deploy your updated Group Policy Object. See [Group Policy Management Console](/windows/win32/srvnodes/group-policy). > [!TIP]-> Are you using Group Policy Objects on premises? See how they translate in the cloud. [Analyze your on-premises group policy objects using Group Policy analytics in Microsoft Endpoint Manager - Preview](/mem/intune/configuration/group-policy-analytics). +> Are you using Group Policy Objects on premises? See how they translate in the cloud. [Analyze your on-premises group policy objects using Group Policy analytics in Microsoft Intune](/mem/intune/configuration/group-policy-analytics). |
| security | Use Intune Config Manager Microsoft Defender Antivirus | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/use-intune-config-manager-microsoft-defender-antivirus.md | Title: Configure Microsoft Defender Antivirus using Microsoft Endpoint Manager -description: Use Microsoft Endpoint Manager and Microsoft Intune to configure Microsoft Defender Antivirus and Endpoint Protection + Title: Configure Microsoft Defender Antivirus using Microsoft Intune +description: Use Microsoft Intune to configure Microsoft Defender Antivirus and Endpoint Protection keywords: scep, intune, endpoint protection, configuration ms.mktglfcycl: manage-# Use Microsoft Endpoint Manager to configure and manage Microsoft Defender Antivirus +# Use Microsoft Intune to configure and manage Microsoft Defender Antivirus [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] search.appverid: met150 **Platforms** - Windows -You can use [Microsoft Endpoint Manager](/mem/endpoint-manager-overview) to configure Microsoft Defender Antivirus scans. [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) and [Configuration Manager](/mem/configmgr/core/understand/introduction) are now part of Endpoint Manager. +You can use the Microsoft Intune family of products to configure Microsoft Defender Antivirus scans, like [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) and [Configuration Manager](/mem/configmgr/core/understand/introduction). -## Configure Microsoft Defender Antivirus scans in Endpoint Manager +## Configure Microsoft Defender Antivirus scans in Intune -1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)), and sign in. +1. Go to the Microsoft Intune admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)), and sign in. 2. Navigate to **Endpoint Security**. |
| security | Web Threat Protection | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/web-threat-protection.md | To turn on network protection on your devices: ## Configure web threat protection -The following procedure describes how to configure web threat protection using the Microsoft Endpoint Manager admin center. +The following procedure describes how to configure web threat protection using the Microsoft Intune admin center. -1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)), and sign in. +1. Go to the Microsoft Intune admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)), and sign in. 2. Choose **Endpoint security** \> **Attack surface reduction**, and then choose **+ Create policy**. |
| security | Whats New In Microsoft Defender Endpoint | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint.md | For more information on Microsoft Defender for Endpoint on specific operating sy ## December 2022 - Microsoft Defender for Endpoint Device control removable storage access control updates:- 1. Microsoft Endpoint Manager support for removable storage access control is now available in Intune. See [Deploy Removable Storage Access Control by using Intune user interface](deploy-manage-removable-storage-intune.md#deploy-removable-storage-access-control-by-using-intune-user-interface) + 1. Microsoft Intune support for removable storage access control is now available. See [Deploy Removable Storage Access Control by using Intune user interface](deploy-manage-removable-storage-intune.md#deploy-removable-storage-access-control-by-using-intune-user-interface) 2. The new default enforcement policy of removable storage access control is designed for all device control features. Printer Protection is now available for this policy. If you create a Default Deny policy, printers will be blocked in your organization. - Intune:*./Vendor/MSFT/Defender/Configuration/DefaultEnforcement* <br> See [Deploy and manage Removable Storage Access Control using Intune](deploy-manage-removable-storage-intune.md) - Group policy: *Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Features > Device Control > Select Device Control Default Enforcement*<br> See [Deploy and manage Removable Storage Access Control using group policy](deploy-manage-removable-storage-group-policy.md) For more information on Microsoft Defender for Endpoint on specific operating sy - [Announcing the public preview of Defender for Endpoint personal profile for Android Enterprise](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-the-public-preview-of-defender-for-endpoint-personal/ba-p/3370979)<br>We're happy to announce that users who wish to enroll their own devices in their workplace’s BYOD program can now benefit from the protection provided by Microsoft Defender for Endpoint in their personal profile as well. -- [Security Settings Management in Microsoft Defender for Endpoint is now generally available](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/security-settings-management-in-microsoft-defender-for-endpoint/ba-p/3356970)<br>In late 2021, we announced that Microsoft Defender for Endpoint expanded its configuration management capabilities. This release empowered security teams to configure devices with their desired security settings without needing to deploy and implement other tools or infrastructure. Made possible with Microsoft Endpoint Manager, organizations have been able to manage antivirus (AV), endpoint detection and response (EDR), and firewall (FW) policies from a single view for all enlisted devices. Today, we're announcing that this capability is now generally available for Windows client and Windows server, supporting Windows 10, Windows 11, and Windows Server 2012 R2 or later.+- [Security Settings Management in Microsoft Defender for Endpoint is now generally available](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/security-settings-management-in-microsoft-defender-for-endpoint/ba-p/3356970)<br>In late 2021, we announced that Microsoft Defender for Endpoint expanded its configuration management capabilities. This release empowered security teams to configure devices with their desired security settings without needing to deploy and implement other tools or infrastructure. Made possible with Microsoft Intune, organizations have been able to manage antivirus (AV), endpoint detection and response (EDR), and firewall (FW) policies from a single view for all enlisted devices. Today, we're announcing that this capability is now generally available for Windows client and Windows server, supporting Windows 10, Windows 11, and Windows Server 2012 R2 or later. ## April 2022 For more information on Microsoft Defender for Endpoint on specific operating sy - [Microsoft Defender for Endpoint Plan 1 Now Included in Microsoft 365 E3/A3 Licenses](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-for-endpoint-plan-1-now-included-in-m365-e3/ba-p/3060639)<br>Starting January 14, Microsoft Defender for Endpoint Plan 1 (P1) will be automatically included in Microsoft 365 E3/A3 licenses. -- [Zero-touch onboarding of Microsoft Defender for Endpoint on iOS now in public preview](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/zero-touch-onboarding-of-microsoft-defender-for-endpoint-on-ios/ba-p/3038045)<br>With this new capability, enterprises can now deploy Microsoft Defender for Endpoint on iOS devices that are enrolled with Microsoft Endpoint Manager automatically, without needing end-users to interact with the app. This eases the deployment frictions and significantly reduces the time needed to deploy the app across all devices as Microsoft Defender for Endpoint gets silently activated on targeted devices and starts protecting your iOS estate.+- [Zero-touch onboarding of Microsoft Defender for Endpoint on iOS now in public preview](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/zero-touch-onboarding-of-microsoft-defender-for-endpoint-on-ios/ba-p/3038045)<br>With this new capability, enterprises can now deploy Microsoft Defender for Endpoint on iOS devices that are enrolled with Microsoft Intune automatically, without needing end-users to interact with the app. This eases the deployment frictions and significantly reduces the time needed to deploy the app across all devices as Microsoft Defender for Endpoint gets silently activated on targeted devices and starts protecting your iOS estate. |
| security | Why Cloud Protection Should Be On Mdav | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/why-cloud-protection-should-be-on-mdav.md | The following table summarizes the features and capabilities that depend on clou Now that you have an overview of cloud protection and its role in Microsoft Defender Antivirus, here are some next steps: -1. **[Enable cloud protection](enable-cloud-protection-microsoft-defender-antivirus.md)**. You can enable cloud protection with Microsoft Endpoint Manager (which now includes Microsoft Endpoint Configuration Manager and Microsoft Intune), Group Policy, or PowerShell cmdlets. +1. **[Enable cloud protection](enable-cloud-protection-microsoft-defender-antivirus.md)**. You can enable cloud protection with Microsoft Configuration Manager, Microsoft Intune, Group Policy, or PowerShell cmdlets. -2. **[Specify the cloud protection level](specify-cloud-protection-level-microsoft-defender-antivirus.md)**. You can specify the level of protection offered by the cloud by using Microsoft Endpoint Manager or Group Policy. The protection level affects the amount of information shared with the cloud and how aggressively new files are blocked. +2. **[Specify the cloud protection level](specify-cloud-protection-level-microsoft-defender-antivirus.md)**. You can specify the level of protection offered by the cloud by using Microsoft Intune, Configuration Manager, or Group Policy. The protection level affects the amount of information shared with the cloud and how aggressively new files are blocked. 3. **[Configure and validate network connections for Microsoft Defender Antivirus](configure-network-connections-microsoft-defender-antivirus.md)**. There are certain Microsoft URLs that your network and endpoints must be able to connect to for cloud protection to work effectively. This article lists the URLs that should be allowed via firewall or network filtering rules, and instructions for confirming your network is properly enrolled in cloud protection. -4. **[Configure the "block at first sight" feature](configure-block-at-first-sight-microsoft-defender-antivirus.md)**. The "block at first sight" feature can block new malware within seconds, without having to wait hours for traditional Security intelligence. You can enable and configure it by using Microsoft Endpoint Manager or Group Policy. +4. **[Configure the "block at first sight" feature](configure-block-at-first-sight-microsoft-defender-antivirus.md)**. The "block at first sight" feature can block new malware within seconds, without having to wait hours for traditional Security intelligence. You can enable and configure it by using Microsoft Intune, Configuration Manager, or Group Policy. -5. **[Configure the cloud block timeout period](configure-cloud-block-timeout-period-microsoft-defender-antivirus.md)**. Microsoft Defender Antivirus can block suspicious files from running while it queries our cloud protection service. You can configure the amount of time the file will be prevented from running by using Microsoft Endpoint Manager or Group Policy. +5. **[Configure the cloud block timeout period](configure-cloud-block-timeout-period-microsoft-defender-antivirus.md)**. Microsoft Defender Antivirus can block suspicious files from running while it queries our cloud protection service. You can configure the amount of time the file will be prevented from running by using Microsoft Intune, Configuration Manager, or Group Policy. > [!TIP] > If you're looking for Antivirus related information for other platforms, see: |
| security | Autoad Results | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/autoad-results.md | To release a user account or a device from containment, click on the contained a The Action center ([https://security.microsoft.com/action-center](https://security.microsoft.com/action-center)) brings together [remediation](m365d-remediation-actions.md) and response actions across your devices, email & collaboration content, and identities. Actions listed include remediation actions that were taken automatically or manually. You can view automatic attack disruption actions in the Action center. -After you mitigate the risk and complete the investigation of an incident, you can release the contained assets from the action details pane (e.g., enable a disabled user account or release a device from containment). For more information about the action center, see [Action center](/m365d-action-center.md). +After you mitigate the risk and complete the investigation of an incident, you can release the contained assets from the action details pane (e.g., enable a disabled user account or release a device from containment). For more information about the action center, see [Action center](m365d-action-center.md). |
| security | Automatic Attack Disruption | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/automatic-attack-disruption.md | This article provides an overview of automated attack disruption and includes li [!include[Prerelease information](../../includes/prerelease.md)] -Automatic attack disruption is designed to contain attacks in progress, limit the impact on an organizationΓÇÖs assets, and provide more time for the SOC to remediate the attack fully. Unlike known protection methods such as prevention and blocking based on a single indicator of compromise, the attack disruption in Microsoft 365 Defender leverages the full breadth of our XDR signal to act at the incident level, taking the entire attack into account. While many XDR and SOAR solutions allow you to create your automatic response actions, the key difference to Microsoft 365 DefenderΓÇÖs automatic attack disruption is that it is built-in and uses insights from our security researchers and advanced AI models to counteract the complexities of advanced attacks. It considers the entire context of signals from different sources to determine compromised assets. +Automatic attack disruption is designed to contain attacks in progress, limit the impact on an organizationΓÇÖs assets, and provide more time for the SOC to remediate the attack fully. Unlike known protection methods such as prevention and blocking based on a single indicator of compromise, the attack disruption in Microsoft 365 Defender leverages the full breadth of our XDR signal to act at the incident level, taking the entire attack into account. ++While many XDR and SOAR solutions allow you to create your automatic response actions, the key difference to Microsoft 365 DefenderΓÇÖs automatic attack disruption is that it is built-in and uses insights from our security researchers and advanced AI models to counteract the complexities of advanced attacks. It considers the entire context of signals from different sources to determine compromised assets. Automatic attack disruption operates in three key stages: We understand that taking automatic action sometimes comes with hesitation from Investigations are integral to monitoring our signals and the attack threat landscape to ensure high quality and accurate protection. > [!TIP]-> This article describes how attack disruption works. To configure these capabilities, see [Configure attack disruption capabilities in Microsoft 365 Defender.](/microsoft-365/security/defender/configure-attack-disruption.md) +> This article describes how attack disruption works. To configure these capabilities, see [Configure attack disruption capabilities](configure-attack-disruption.md) in Microsoft 365 Defender. ## Automated response actions In automatic attack disruption, we leverage Microsoft-based XDR response actions. Examples of these actions are: In automatic attack disruption, we leverage Microsoft-based XDR response actions - [Device contain](/microsoft-365/security/defender-endpoint/respond-machine-alerts#contain-devices-from-the-network) - based on Microsoft Defender for EndpointΓÇÖs capability, this action is an automatic containment of a suspicious device to block any incoming/outgoing communication with the said device. - [Disable user](/defender-for-identity/remediation-actions) - based on Microsoft Defender for IdentityΓÇÖs capability, this action is an automatic suspension of a compromised account to prevent additional damage like lateral movement, malicious mailbox use, or malware execution. -For more information, see [remediation actions](/microsoft-365/security/defender/m365d-remediation-actions.md) in Microsoft 365 Defender. +For more information, see [remediation actions](m365d-remediation-actions.md) in Microsoft 365 Defender. ## Identify when an attack disruption happens in your environment For more information see ΓÇÿview attack disruption details and resultsΓÇÖ. ## Next steps -- [Configuring automatic attack disruption in Microsoft 365 Defender](/microsoft-365/security/defender/configure-attack-disruption.md)-- [View details and results](/microsoft-365/security/defender/autoad-results.md)+- [Configuring automatic attack disruption in Microsoft 365 Defender](configure-attack-disruption.md) +- [View details and results](autoad-results.md) |
| security | Compare Rbac Roles | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/compare-rbac-roles.md | Use the tables in the following sections to learn more about how your existing i |Live response capabilities - advanced|Security operations \ Advanced live response (manage)| |Manage security settings in the Security Center|Authorization and settings \ Security setting (All permissions)| |Manage portal system settings|Authorization and settings \ System setting (All permissions)|-|Manage endpoint security settings in Microsoft Endpoint Manager|Not supported - this permission is managed in the Microsoft Endpoint Management portal| +|Manage endpoint security settings in Microsoft Intune|Not supported - this permission is managed in the Microsoft Intune admin center| ### Map Defender for Office 365 (Exchange Online Protection) roles to the Microsoft 365 Defender RBAC permissions |
| security | Configure Attack Disruption | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/configure-attack-disruption.md | f1.keywords: CSH [!INCLUDE [Microsoft 365 Defender rebranding](../includes/microsoft-defender.md)] -Microsoft 365 Defender includes powerful [automated attack disruption](/microsoft-365/security/defender/) capabilities that can protect your environment from sophisticated, high-impact attacks. +Microsoft 365 Defender includes powerful [automated attack disruption](automatic-attack-disruption.md) capabilities that can protect your environment from sophisticated, high-impact attacks. This article describes how to configure automatic attack disruption capabilities in <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender</a> with these steps: Excluding user accounts is not recommended, and accounts added to this list won ## Next step -- [View details and results](/microsoft-365/security/defender/autoad-results.md)+- [View details and results](autoad-results.md) ## See also -- [Automatic attack disruption in Microsoft 365 Defender](/microsoft-365/security/defender/automatic-attack-disruption.md)+- [Automatic attack disruption in Microsoft 365 Defender](automatic-attack-disruption.md) |
| security | Eval Defender Endpoint Enable Eval | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/eval-defender-endpoint-enable-eval.md | The following table lists the available tools based on the endpoint that you nee | Endpoint | Tool options | |:|:|-| **Windows** |- [Local script (up to 10 devices)](../defender-endpoint/configure-endpoints-script.md)<br/>- [Group Policy](../defender-endpoint/configure-endpoints-gp.md)<br/>- [Microsoft Endpoint Manager/ Mobile Device Manager](../defender-endpoint/configure-endpoints-mdm.md)<br/>- [Microsoft Endpoint Configuration Manager](../defender-endpoint/configure-endpoints-sccm.md)<br/>- [VDI scripts](../defender-endpoint/configure-endpoints-vdi.md) | -| **macOS** | - [Local scripts](../defender-endpoint/mac-install-manually.md)<br/>- [Microsoft Endpoint Manager](../defender-endpoint/mac-install-with-intune.md)<br/>- [JAMF Pro](../defender-endpoint/mac-install-with-jamf.md)<br/>- [Mobile Device Management](../defender-endpoint/mac-install-with-other-mdm.md) | +| **Windows** |- [Local script (up to 10 devices)](../defender-endpoint/configure-endpoints-script.md)<br/>- [Group Policy](../defender-endpoint/configure-endpoints-gp.md)<br/>- [Microsoft Intune / Mobile Device Manager](../defender-endpoint/configure-endpoints-mdm.md)<br/>- [Microsoft Endpoint Configuration Manager](../defender-endpoint/configure-endpoints-sccm.md)<br/>- [VDI scripts](../defender-endpoint/configure-endpoints-vdi.md) | +| **macOS** | - [Local scripts](../defender-endpoint/mac-install-manually.md)<br/>- [Microsoft Intune](../defender-endpoint/mac-install-with-intune.md)<br/>- [JAMF Pro](../defender-endpoint/mac-install-with-jamf.md)<br/>- [Mobile Device Management](../defender-endpoint/mac-install-with-other-mdm.md) | | **iOS** | [App-based](../defender-endpoint/ios-install.md) |-| **Android** | [Microsoft Endpoint Manager](../defender-endpoint/android-intune.md) | +| **Android** | [Microsoft Intune](../defender-endpoint/android-intune.md) | |
| security | Portals | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/portals.md | While these portals are not specifically for managing security, they support var | Azure Active Directory portal | View and manage [Azure Active Directory](/azure/active-directory/fundamentals/active-directory-whatis) | [aad.portal.azure.com](https://aad.portal.azure.com/) | | Microsoft Purview compliance portal | Manage data handling policies and ensure [compliance with regulations](/compliance/regulatory/offering-home) | [compliance.microsoft.com](https://compliance.microsoft.com/) | | Microsoft 365 admin center | Configure Microsoft 365 services; manage roles, licenses, and track updates to your Microsoft 365 services | [admin.microsoft.com](https://go.microsoft.com/fwlink/p/?linkid=2166757) |-| Microsoft Endpoint Manager admin center | Use [Microsoft Endpoint Manager](/mem/configmgr/) to manage and secure devices using combined Intune and Configuration Manager capabilities | [endpoint.microsoft.com](https://endpoint.microsoft.com/) | +| Microsoft Intune admin center | Use [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) to manage and secure devices. Can also combine Intune and Configuration Manager capabilities. | [endpoint.microsoft.com](https://endpoint.microsoft.com/) | | Microsoft Intune portal | Use [Microsoft Intune](/intune/fundamentals/what-is-intune) to deploy device policies and monitor devices for compliance | [endpoint.microsoft.com](https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/DevicesMenu/overview) |
| security | Identity Access Policies | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/identity-access-policies.md | You must create a policy for each PC, phone, or tablet platform. This article wi ### Create device compliance policies -To create device compliance policies, sign in to the [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com), and navigate to **Devices** > **Compliance policies** > **Policies**. Select **Create Policy**. +To create device compliance policies, sign in to the [Microsoft Intune admin center](https://endpoint.microsoft.com), and navigate to **Devices** > **Compliance policies** > **Policies**. Select **Create Policy**. For step-by-step guidance on creating compliance policies in Intune, see [Create a compliance policy in Microsoft Intune](/mem/intune/protect/create-compliance-policy). |
| security | Tune Bulk Mail Filtering Walkthrough | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/tune-bulk-mail-filtering-walkthrough.md | + + Title: Assess and tune your filtering for bulk mail in Defender for Office 365 +description: Tune bulk filtering settings within Exchange Online and Microsoft Defender for Office 365 +search.product: +++ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +f1.keywords: + - NOCSH +++ms.localizationpriority: medium ++audience: ITPro ++- m365-guidance-templates +- m365-security +- tier3 ++search.appverid: met150 Last updated : 02/22/2023+++# Tune Bulk mail (grey mail) filtering in Defender for Office 365 ++This guide describes how to tune your bulk email filtering settings in Exchange Online or Microsoft Defender for Office 365. This process includes configuring the delivery location of detected bulk mail and, if necessary, optional transport rules you can use to achieve a more aggressive filtering stance should this suit your organization's needs. ++## What you'll need ++- Exchange Online as a minimum. (Microsoft Defender for Office 365 offers extra functionality) +- Sufficient permissions. (Security Administrator) +- Basic understanding of checking message headers (for more information, see [View internet message headers in Outlook](https://support.microsoft.com/office/view-internet-message-headers-in-outlook-cd039382-dc6e-4264-ac74-c048563d212c)) +- 30 minutes to complete the following steps ++## Understanding the bulk (BCL) value ++Bulk mail is typically advertising emails or marketing messages. These emails can be more challenging to filter as some customers want these emails. Other customers consider these emails spam and don't want to receive them. We add a "BCL" value stamp on emails based on the number of complaints we get about that sender and allow you to select the threshold to accept so you can tune the number of bulk messages you receive. ++## Check the BCL value of an email and the threshold in your policies ++1. Take the headers of a message you're concerned with and search for the **"X-Microsoft-Antispam:"** header, which contains a **BCL value**. Note this number. +1. Repeat this process until you have an average BCL value. We'll use this value as the threshold. Any mail with a **BCL** value **above** this number will be impacted by the changes we make. +1. **Login** to the Microsoft Security portal at https://security.microsoft.com. +1. On the **left nav**, under **Email & collaboration**, select **Policies & rules**. +1. Select **Threat policies** and then **Anti-Spam**. +1. When the page loads, the next action you'll take depends on the type of policy you're using: + 1. Preset Policies can't be edited. The threshold is 6 in standard, 5 in strict. + 1. The default (inbuilt) policy is 7. + 1. Custom policies are set to 7 by default unless another value is provided. +1. **Edit** (or create a custom policy) to set the BCL threshold that meets your needs. For example, if most of the messages you collected (which were all unwanted) have a BCL value of 4 or higher, setting the BCL value to 4 in the policy would filter out these messages for your end users. +1. Within that policy, under the **"Edit actions"** section, select the **"bulk message action"** and select what to do when the threshold is exceeded. For example, you could select Quarantine if you would like to keep all bulk out of the mailbox or use the Junk email folder for a less aggressive stance. +1. If you receive complaints from users about too many bulk emails being blocked, you can adjust this threshold, or alternatively, submit the message to us, which will also add the sender to the TABL (Tenant Allow Block List). ++> [!TIP] +> Review this step-by-step guide for more details on allowing senders using the TABL (Tenant Allow Block List): [How to handle legitimate emails getting blocked from delivery using Microsoft Defender for Office 365](how-to-handle-false-positives-in-microsoft-defender-for-office-365.md). ++## More aggressive strategies for managing bulk senders ++In some cases, the sender of bulk mail doesn't generate enough complaints for its messages to be assigned a BCL value high enough to be caught by your tuned threshold value. In this situation, it's possible to use transport rules to take an aggressive approach; however, use caution, as false positives (unwanted blocking) will occur. Tune the rules with exceptions and management to stay relevant for your organization's mail patterns. ++> [!TIP] +>To better protect certain groups of users, such as your c-suite and priority accounts, you can create a specialized policy specifically scoped to them and set a higher BCL threshold, alongside a separate transport rule (if applicable). These groups of users might be more vulnerable to unsolicited emails due to their email addresses being readily accessible in the public domain. ++See [Use mail flow rules to filter bulk email in Exchange Online | Microsoft Learn](/exchange/security-and-compliance/mail-flow-rules/use-rules-to-filter-bulk-mail) for more information. ++## For customers with Microsoft Defender for Office 365 ++- Customers with Microsoft Defender for Office 365 Plan 1 or higher can use the [email entity page](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/introducing-the-email-entity-page-in-microsoft-defender-for/ba-p/2275420) to discover the BCL value of messages instead of interrogating headers. ++- Customers with Microsoft Defender for Office 365 Plan 2 can interrogate bulk values at scale using [advanced hunting](/microsoft-365/security/office-365-security/anti-spam-spam-vs-bulk-about#how-to-tune-bulk-email.md). ++## More Information ++[Email Protection Basics in Microsoft 365: Bulk Email - Microsoft Community Hub](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/email-protection-basics-in-microsoft-365-bulk-email/ba-p/3445337) ++[What's the difference between junk email and bulk email? - Office 365 | Microsoft Learn](../anti-spam-spam-vs-bulk-about.md) |
| security | Tenant Allow Block List Email Spoof Configure | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/tenant-allow-block-list-email-spoof-configure.md | You manage allow and block entries for email in the Microsoft 365 Defender Porta For more information, see [Permissions in Exchange Online](/exchange/permissions-exo/permissions-exo). - > [!Note] + > [!NOTE] + > > - Adding users to the corresponding Azure Active Directory role in the Microsoft 365 admin center gives users the required permissions *and* permissions for other features in Microsoft 365. For more information, see [About admin roles](../../admin/add-users/about-admin-roles.md). > - The **View-Only Organization Management** role group in [Exchange Online](/Exchange/permissions-exo/permissions-exo#role-groups) also gives read-only access to the feature. You have the following options to create block entries for domains and email add - [The Submissions page in the Microsoft 365 Defender portal](#use-the-microsoft-365-defender-portal-to-create-block-entries-for-domains-and-email-addresses-in-the-submissions-portal) - The Tenant Allow/Block List in [the Microsoft 365 Defender portal](#use-the-microsoft-365-defender-portal-to-create-block-entries-for-domains-and-email-addresses-in-the-tenant-allowblock-list) or in [PowerShell](#use-powershell-to-create-block-entries-for-domains-and-email-addresses-in-the-tenant-allowblock-list) -To create block entries for spoofed senders, see the [Use the Microsoft 365 Defender portal to view allow or block entries for spoofed senders in the Tenant Allow/Block List](#use-the-microsoft-365-defender-portal-to-view-allow-or-block-entries-for-spoofed-senders-in-the-tenant-allowblock-list) section later in this article. +To create block entries for spoofed senders, see the [Use the Microsoft 365 Defender portal to view existing allow or block entries for domains and email addresses in the Tenant Allow/Block List](#use-the-microsoft-365-defender-portal-to-view-existing-allow-or-block-entries-for-domains-and-email-addresses-in-the-tenant-allowblock-list) section later in this article. #### Use the Microsoft 365 Defender portal to create block entries for domains and email addresses in the Submissions portal For detailed syntax and parameter information, see [New-TenantAllowBlockListItem You can't create allow entries for domains and email addresses directly in the Tenant Allow/Block List. Instead, you use the Submissions portal at <https://security.microsoft.com/reportsubmission> to report the message as a false positive, which also adds an allow entry for the sender on the **Domains & addresses** tab in the Tenant Allow/Block List. +By default, allow entries for domains and email addresses, files, and URLs exist for 30 days, while allow entries for spoofed senders never expire. Within those 30 days, Microsoft will learn from the allow entries or automatically extend the allow entries for you. + For instructions, see [Report good email to Microsoft](submissions-admin.md#report-good-email-to-microsoft). > [!NOTE]-> Microsoft does not allow you to create allow entries directly as it leads to creation of allows that are not needed, thus exposing your organization to malicious email which might otherwise have been filtered by the system. +> Microsoft does not allow you to create allow entries directly. Unnecessary allow entries expose your organization to malicious email which could have been filtered by the system. >-> Microsoft manages the allow creation process from Submission by creating allows for those entities (domains or email addresses, spoofed senders, URLs, files) which were determined to be malicious by filters during mail flow. For example, if the sender and a URL in the message were determined to be bad, an allow entry is created for the sender, and an allow entry is created for the URL. +> Microsoft manages the allow creation process from Submission by creating allows for those entities (domains or email addresses, spoofed senders, URLs, or files) which were determined to be malicious by filters during mail flow. For example, if the sender and a URL in the message were determined to be bad, an allow entry is created for the sender, and an allow entry is created for the URL. > > When that entity (domain or email address, URL, file) is encountered again, all filters associated with that entity are skipped. > > During mail flow, if messages from the domain or email address pass other checks in the filtering stack, the messages will be delivered. For example, if [email authentication](email-authentication-about.md) passes, a message from a sender in the allow entry will be delivered. -### Use the Microsoft 365 Defender portal to view allow or block entries for domains and email addresses in the Tenant Allow/Block List +### Use the Microsoft 365 Defender portal to view existing allow or block entries for domains and email addresses in the Tenant Allow/Block List 1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to **Policies & rules** \> **Threat Policies** \> **Tenant Allow/Block Lists** in the **Rules** section. Or, to go directly to the **Tenant Allow/Block Lists** page, use <https://security.microsoft.com/tenantAllowBlockList>. For instructions, see [Report good email to Microsoft](submissions-admin.md#repo When you're finished, click **Apply**. To clear existing filters, click  **Clear filters** in the **Filter** flyout. -#### Use PowerShell to view allow or block entries for domains and email addresses in the Tenant Allow/Block List +#### Use PowerShell to view existing allow or block entries for domains and email addresses in the Tenant Allow/Block List In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), use the following syntax: Get-TenantAllowBlockListItems -ListType Sender -Block For detailed syntax and parameter information, see [Get-TenantAllowBlockListItems](/powershell/module/exchange/get-tenantallowblocklistitems). -### Use the Microsoft 365 Defender portal to modify allow or block entries for domains and email addresses in the Tenant Allow/Block List +### Use the Microsoft 365 Defender portal to modify existing allow or block entries for domains and email addresses in the Tenant Allow/Block List You can make the following modifications to entries for domains and email addresses in the Tenant Allow/Block list: If Microsoft has learned from the allow, the allow will be removed and you will > [!NOTE] > For allow entries only, if you select the entry by clicking anywhere in the row other than the check box, you can select  **View submission** in the details flyout that appears to go to the **Submissions** page at <https://security.microsoft.com/reportsubmission>. -#### Use PowerShell to modify allow or block entries for domains and email addresses in the Tenant Allow/Block List +#### Use PowerShell to modify existing allow or block entries for domains and email addresses in the Tenant Allow/Block List In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), use the following syntax: Set-TenantAllowBlockListItems -ListType Sender -Entries "julia@fabrikam.com" -Ex For detailed syntax and parameter information, see [Set-TenantAllowBlockListItems](/powershell/module/exchange/set-tenantallowblocklistitems). -### Use the Microsoft 365 Defender portal to remove allow or block entries for domains and email addresses in the Tenant Allow/Block List +### Use the Microsoft 365 Defender portal to remove existing allow or block entries for domains and email addresses in the Tenant Allow/Block List 1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to **Policies & rules** \> **Threat Policies** \> **Rules** section \> **Tenant Allow/Block Lists**. Or, to go directly to the **Tenant Allow/Block List** page, use <https://security.microsoft.com/tenantAllowBlockList>. For detailed syntax and parameter information, see [Set-TenantAllowBlockListItem > [!NOTE] > You can select multiple entries by selecting each check box, or select all entries by selecting the check box next to the **Value** column header. -#### Use PowerShell to remove allow or block entries for domains and email addresses from the Tenant Allow/Block List +#### Use PowerShell to remove existing allow or block entries for domains and email addresses from the Tenant Allow/Block List In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), use the following syntax: New-TenantAllowBlockListSpoofItems -Identity Default -Action Allow -SendingInfra For detailed syntax and parameter information, see [New-TenantAllowBlockListSpoofItems](/powershell/module/exchange/new-tenantallowblocklistspoofitems). -### Use the Microsoft 365 Defender portal to view allow or block entries for spoofed senders in the Tenant Allow/Block List +### Use the Microsoft 365 Defender portal to view existing allow or block entries for spoofed senders in the Tenant Allow/Block List 1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to **Policies & rules** \> **Threat Policies** \> **Tenant Allow/Block Lists** in the **Rules** section. Or, to go directly to the **Tenant Allow/Block Lists** page, use <https://security.microsoft.com/tenantAllowBlockList>. For detailed syntax and parameter information, see [New-TenantAllowBlockListSpoo When you're finished, click **Apply**. To clear existing filters, click  **Clear filters** in the **Filter** flyout. -#### Use PowerShell to view allow or block entries for spoofed senders in the Tenant Allow/Block List +#### Use PowerShell to view existing allow or block entries for spoofed senders in the Tenant Allow/Block List In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), use the following syntax: Get-TenantAllowBlockListSpoofItems -Action Block -SpoofType External For detailed syntax and parameter information, see [Get-TenantAllowBlockListSpoofItems](/powershell/module/exchange/get-tenantallowblocklistspoofitems). -### Use the Microsoft 365 Defender portal to modify allow or block entries for spoofed senders in the Tenant Allow/Block List +### Use the Microsoft 365 Defender portal to modify existing allow or block entries for spoofed senders in the Tenant Allow/Block List When you modify an allow or block entry for spoofed senders in the Tenant Allow/Block list, you can only change the entry from **Allow** to **Block**, or vice-versa. When you modify an allow or block entry for spoofed senders in the Tenant Allow/ 5. When you're finished, click **Save**. -#### Use PowerShell to modify allow or block entries for spoofed senders in the Tenant Allow/Block List +#### Use PowerShell to modify existing allow or block entries for spoofed senders in the Tenant Allow/Block List In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), use the following syntax: Set-TenantAllowBlockListItems -Identity Default -Ids 3429424b-781a-53c3-17f9-c0b For detailed syntax and parameter information, see [Set-TenantAllowBlockListSpoofItems](/powershell/module/exchange/set-tenantallowblocklistspoofitems). -### Use the Microsoft 365 Defender portal to remove allow or block entries for spoofed senders in the Tenant Allow/Block List +### Use the Microsoft 365 Defender portal to remove existing allow or block entries for spoofed senders in the Tenant Allow/Block List 1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to **Policies & rules** \> **Threat Policies** \> **Rules** section \> **Tenant Allow/Block Lists**. Or, to go directly to the **Tenant Allow/Block List** page, use <https://security.microsoft.com/tenantAllowBlockList>. For detailed syntax and parameter information, see [Set-TenantAllowBlockListSpoo > [!NOTE] > You can select multiple entries by selecting each check box, or selecting all entries by selecting the check box next to the **Spoofed user** column header. -#### Use PowerShell to remove allow or block entries for spoofed senders from the Tenant Allow/Block List +#### Use PowerShell to remove existing allow or block entries for spoofed senders from the Tenant Allow/Block List In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), use the following syntax: |
| security | Tenant Allow Block List Files Configure | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/tenant-allow-block-list-files-configure.md | You can't create allow entries for files directly in the Tenant Allow/Block List For instructions, see [Report good email attachments to Microsoft](submissions-admin.md#report-good-email-attachments-to-microsoft). -> [!IMPORTANT] -> Because Microsoft manages allow entries for you, unneeded allow entries for files will be removed. This behavior protects your organization and helps prevent misconfigured allow entries. If you disagree with the verdict, you might need to open a support case to help determine why a file is still considered bad. +By default, allow entries for domains and email addresses, files and URLs are created for 30 days, while allow entries for spoofed senders never expire. Microsoft will either learn from the allow entries for domains and email addresses, files and URLs within those 30 days, or automatically extend it for you. -## Use the Microsoft 365 Defender portal to view allow or block entries for files in the Tenant Allow/Block List +> [!NOTE] +> Microsoft does not allow you to create allow entries directly. Unnecessary allow entries expose your organization to malicious email which could have been filtered by the system. +> +> Microsoft manages the allow creation process from Submission by creating allows for those entities (domains or email addresses, spoofed senders, URLs, or files) which were determined to be malicious by filters during mail flow. For example, if a file being submitted was determined to be bad by our filtering, an allow entry is created for that file. +> +> When that entity (domain or email address, URL, file) is encountered again, all filters associated with that entity are overriden. +> +> During mail flow, if messages containing the file pass other checks in the filtering stack, the messages will be delivered. For example, if [email authentication](email-authentication-about.md) passes, a message containing the file in the allow entry will be delivered. +> During time of click, the file allow overrides all filters associated with the file entity, allowing the end user to access the file. ++## Use the Microsoft 365 Defender portal to view existing allow or block entries for files in the Tenant Allow/Block List 1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to **Policies & rules** \> **Threat Policies** \> **Tenant Allow/Block Lists** in the **Rules** section. Or, to go directly to the **Tenant Allow/Block Lists** page, use <https://security.microsoft.com/tenantAllowBlockList>. For instructions, see [Report good email attachments to Microsoft](submissions-a When you're finished, click **Apply**. To clear existing filters, click  **Clear filters** in the **Filter** flyout. -### Use PowerShell to view allow or block entries for files in the Tenant Allow/Block List +### Use PowerShell to view existing allow or block entries for files in the Tenant Allow/Block List In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), use the following syntax: Get-TenantAllowBlockListItems -ListType FileHash -Block For detailed syntax and parameter information, see [Get-TenantAllowBlockListItems](/powershell/module/exchange/get-tenantallowblocklistitems). -## Use the Microsoft 365 Defender portal to modify allow or block entries for files in the Tenant Allow/Block List +## Use the Microsoft 365 Defender portal to modify existing allow or block entries for files in the Tenant Allow/Block List You can make the following modifications to entries for files in the Tenant Allow/Block list: You can make the following modifications to entries for files in the Tenant Allo > [!NOTE] > For allow entries only, if you select the entry by clicking anywhere in the row other than the check box, you can select  **View submission** in the details flyout that appears to go to the **Submissions** page at <https://security.microsoft.com/reportsubmission>. -### Use PowerShell to modify allow or block entries for files in the Tenant Allow/Block List +### Use PowerShell to modify existing allow or block entries for files in the Tenant Allow/Block List In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), use the following syntax: Set-TenantAllowBlockListItems -ListType FileHash -Entries "27c5973b2451db9deeb01 For detailed syntax and parameter information, see [Set-TenantAllowBlockListItems](/powershell/module/exchange/set-tenantallowblocklistitems). -## Use the Microsoft 365 Defender portal to remove allow or block entries for files from the Tenant Allow/Block List +## Use the Microsoft 365 Defender portal to remove existing allow or block entries for files from the Tenant Allow/Block List 1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to **Policies & rules** \> **Threat Policies** \> **Rules** section \> **Tenant Allow/Block Lists**. Or, to go directly to the **Tenant Allow/Block List** page, use <https://security.microsoft.com/tenantAllowBlockList>. For detailed syntax and parameter information, see [Set-TenantAllowBlockListItem > [!NOTE] > You can select multiple entries by selecting each check box, or select all entries by selecting the check box next to the **Value** column header. -### Use PowerShell to remove allow or block entries for files from the Tenant Allow/Block List +### Use PowerShell to remove existing allow or block entries for files from the Tenant Allow/Block List In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), use the following syntax: |
| security | Tenant Allow Block List Urls Configure | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/tenant-allow-block-list-urls-configure.md | You can't create URL allow entries directly in the Tenant Allow/Block List. Inst For instructions, see [Report good URLs to Microsoft](submissions-admin.md#report-good-urls-to-microsoft). -> [!IMPORTANT] -> Because Microsoft manages allow entries for you, unneeded URL allow entries will be removed. This behavior protects your organization and helps prevent misconfigured allow entries. If you disagree with the verdict, you might need to open a support case to help determine why a URL is still considered bad. +By default, allow entries for domains and email addresses, files and URLs are created for 30 days, while allow entries for spoofed senders never expire. Microsoft will either learn from the allow entries for domains and email addresses, files and URLs within those 30 days, or automatically extend it for you. -## Use the Microsoft 365 Defender portal to view allow or block entries for URLs in the Tenant Allow/Block List +> [!NOTE] +> Microsoft does not allow you to create allow entries directly. Unnecessary allow entries expose your organization to malicious email which could have been filtered by the system. +> +> Microsoft manages the allow creation process from Submission by creating allows for those entities (domains or email addresses, spoofed senders, URLs, or files) which were determined to be malicious by filters during mail flow or time of click. For example, if a URL being submitted was determined to be bad by our filtering, an allow entry is created for that URL. +> +> When that entity (domain or email address, URL, file) is encountered again, all filters associated with that entity are overriden. +> +> During mail flow, if messages containing the URL pass other checks in the filtering stack, the messages will be delivered. For example, if [email authentication](email-authentication-about.md) passes, a message containing the URL in the allow entry will be delivered. +> +> During time of click, the URL allow entry overrides all filters associated with the URL entity, allowing the user to access the content in the URL. +> +> Adding an allow entry for a URL does not prevent it from being wrapped by Safe Links. For more information, see [Do not rewrite list in SafeLinks](safe-links-about.md#do-not-rewrite-the-following-urls-lists-in-safe-links-policies). ++## Use the Microsoft 365 Defender portal to view existing allow or block entries for URLs in the Tenant Allow/Block List 1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to **Policies & rules** \> **Threat Policies** \> **Tenant Allow/Block Lists** in the **Rules** section. Or, to go directly to the **Tenant Allow/Block Lists** page, use <https://security.microsoft.com/tenantAllowBlockList>. For instructions, see [Report good URLs to Microsoft](submissions-admin.md#repor When you're finished, click **Apply**. To clear existing filters, click  **Clear filters** in the **Filter** flyout. -### Use PowerShell to view allow or block entries for URLs in the Tenant Allow/Block List +### Use PowerShell to view existing allow or block entries for URLs in the Tenant Allow/Block List In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), use the following syntax: Get-TenantAllowBlockListItems -ListType Url -Block For detailed syntax and parameter information, see [Get-TenantAllowBlockListItems](/powershell/module/exchange/get-tenantallowblocklistitems). -## Use the Microsoft 365 Defender portal to modify allow or block entries for URLs in the Tenant Allow/Block List +## Use the Microsoft 365 Defender portal to modify existing allow or block entries for URLs in the Tenant Allow/Block List You can make the following modifications to entries for URLs in the Tenant Allow/Block list: You can make the following modifications to entries for URLs in the Tenant Allow > [!NOTE] > For allow entries only, if you select the entry by clicking anywhere in the row other than the check box, you can select  **View submission** in the details flyout that appears to go to the **Submissions** page at <https://security.microsoft.com/reportsubmission>. -### Use PowerShell to modify allow or block entries for URLs in the Tenant Allow/Block List +### Use PowerShell to modify existing allow or block entries for URLs in the Tenant Allow/Block List In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), use the following syntax: Set-TenantAllowBlockListItems -ListType Url -Entries "~contoso.com" -ExpirationD For detailed syntax and parameter information, see [Set-TenantAllowBlockListItems](/powershell/module/exchange/set-tenantallowblocklistitems). -## Use the Microsoft 365 Defender portal to remove allow or block entries for URLs from the Tenant Allow/Block List +## Use the Microsoft 365 Defender portal to remove existing allow or block entries for URLs from the Tenant Allow/Block List 1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to **Policies & rules** \> **Threat Policies** \> **Rules** section \> **Tenant Allow/Block Lists**. Or, to go directly to the **Tenant Allow/Block List** page, use <https://security.microsoft.com/tenantAllowBlockList>. For detailed syntax and parameter information, see [Set-TenantAllowBlockListItem > [!NOTE] > You can select multiple entries by selecting each check box, or select all entries by selecting the check box next to the **Value** column header. -### Use PowerShell to remove allow or block entries for URLs from the Tenant Allow/Block List +### Use PowerShell to remove existing allow or block entries for URLs from the Tenant Allow/Block List In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), use the following syntax: |
| security | Walkthrough Spoof Intelligence Insight | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/walkthrough-spoof-intelligence-insight.md | Last updated 1/31/2023 > > Spoofed sender management in Exchange Online PowerShell or Standalone EOP PowerShell is in the process of being migrated exclusively to the related **\*-TenantAllowBlockListSpoofItems**, **Get-SpoofIntelligenceInsight**, and **Get-SpoofMailReport** cmdlets. For procedures using these cmdlets, see the following articles: >-> - [Use PowerShell to view allow or block entries for spoofed senders in the Tenant Allow/Block List](tenant-allow-block-list-email-spoof-configure.md#use-powershell-to-view-allow-or-block-entries-for-spoofed-senders-in-the-tenant-allowblock-list) -> - [Use PowerShell to create allow entries for spoofed senders](tenant-allow-block-list-email-spoof-configure.md#use-powershell-to-create-allow-entries-for-spoofed-senders-in-the-tenant-allowblock-list) -> - [Use PowerShell to create block entries for spoofed senders](tenant-allow-block-list-email-spoof-configure.md#use-powershell-to-create-block-entries-for-spoofed-senders-in-the-tenant-allowblock-list) -> - [Use PowerShell to modify allow or block entries for spoofed senders in the Tenant Allow/Block List](tenant-allow-block-list-email-spoof-configure.md#use-powershell-to-modify-allow-or-block-entries-for-spoofed-senders-in-the-tenant-allowblock-list) -> - [Use PowerShell to remove allow or block entries for spoofed senders from the Tenant Allow/Block List](tenant-allow-block-list-email-spoof-configure.md#use-powershell-to-remove-allow-or-block-entries-for-spoofed-senders-from-the-tenant-allowblock-list) +> - [Use PowerShell to view existing allow or block entries for spoofed senders in the Tenant Allow/Block List](tenant-allow-block-list-email-spoof-configure.md#use-powershell-to-view-existing-allow-or-block-entries-for-spoofed-senders-in-the-tenant-allowblock-list) +> - [Use PowerShell to create allow entries for spoofed senders in the Tenant Allow/Block List](tenant-allow-block-list-email-spoof-configure.md#use-powershell-to-create-allow-entries-for-spoofed-senders-in-the-tenant-allowblock-list) +> - [Use PowerShell to create block entries for spoofed senders in the Tenant Allow/Block List](tenant-allow-block-list-email-spoof-configure.md#use-powershell-to-create-block-entries-for-spoofed-senders-in-the-tenant-allowblock-list) +> - [Use PowerShell to modify existing allow or block entries for spoofed senders in the Tenant Allow/Block List](tenant-allow-block-list-email-spoof-configure.md#use-powershell-to-modify-existing-allow-or-block-entries-for-spoofed-senders-in-the-tenant-allowblock-list) +> - [Use PowerShell to remove existing allow or block entries for spoofed senders from the Tenant Allow/Block List](tenant-allow-block-list-email-spoof-configure.md#use-powershell-to-remove-existing-allow-or-block-entries-for-spoofed-senders-from-the-tenant-allowblock-list) > > The older spoofed sender management experience using the **Get-PhishFilterPolicy** and **Set-PhishFilterPolicy** cmdlets is in the process of being deprecated, but is still presented in this article for completeness until the cmdlets are removed everywhere. |
| solutions | Empower People To Work Remotely Manage Endpoints | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/empower-people-to-work-remotely-manage-endpoints.md | -description: Use Microsoft Endpoint Manager to manage your manage devices, PCs, and other endpoints. +description: Use Microsoft Intune family of products to manage your manage devices, PCs, and other endpoints. # Step 4. Deploy endpoint management for your devices, PCs, and other endpoints -With hybrid workers, you need to support a growing number of personal devices. Endpoint management is a policy-based approach to security that requires devices to comply with specific criteria before they are granted access to resources. Microsoft Endpoint Manager delivers modern management capabilities to keep your data secure in the cloud and on-premises. +With hybrid workers, you need to support a growing number of personal devices. Endpoint management is a policy-based approach to security that requires devices to comply with specific criteria before they are granted access to resources. The Microsoft Intune family of products delivers modern management capabilities to keep your data secure in the cloud and on-premises. -[Microsoft Endpoint Manager](/mem/endpoint-manager-overview) provides services and tools for managing mobile devices, desktop computers, virtual machines, embedded devices, and servers by combining the following services you may already know and be using. +[Microsoft Intune family of products](/mem/endpoint-manager-overview) provides services and tools for managing mobile devices, desktop computers, virtual machines, embedded devices, and servers by combining the following services you may already know and be using. :::image type="content" source="../media/empower-people-to-work-remotely/endpoint-managment-step-grid.png" alt-text="The components of endpoint management for Microsoft 365" lightbox="../media/empower-people-to-work-remotely/endpoint-managment-step-grid.png"::: For more information, see this [overview of Windows Autopilot](/windows/deployme ## Results of Step 4 -You are using the suite of Endpoint Manager features and capabilities to manage mobile devices, desktop computers, virtual machines, embedded devices, and servers. +You are using the Microsoft Intune product family's features and capabilities to manage mobile devices, desktop computers, virtual machines, embedded devices, and servers. ## Next step |
| solutions | Identity Design Principles | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/identity-design-principles.md | As stated earlier, many customers are looking to achieve a more granular delegat Note: data platform security and delegation (which Power BI is a component) is a complex area. -- **MEM/Intune** - (/mem/intune/fundamentals/role-based-access-control)+- **Intune** - (/mem/intune/fundamentals/role-based-access-control) - **Microsoft Defender for Endpoint** - (/windows/security/threat-protection/microsoft-defender-atp/user-roles) - **Microsoft 365 Defender** - (../security/defender/m365d-permissions.md) - **Microsoft Defender for Cloud Apps** - (/cloud-app-security/manage-admins) |
| solutions | Manage Devices With Intune Compliance Policies | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/manage-devices-with-intune-compliance-policies.md | Enrolling devices to Intune gives you the ability to achieve even greater securi  -You want to be sure devices that are accessing your apps and data meet minimum requirements. For example, theyΓÇÖre password or pin-protected and the operating system is up to date. Compliance policies are the way to define the requirements that devices must meet. MEM uses these compliance policies to mark a device as compliant or non-compliant. This binary status is passed to Azure AD which can use this status in conditional access rules to allow or prevent a device from accessing resources. +You want to be sure devices that are accessing your apps and data meet minimum requirements. For example, theyΓÇÖre password or pin-protected and the operating system is up to date. Compliance policies are the way to define the requirements that devices must meet. Intune uses these compliance policies to mark a device as compliant or non-compliant. This binary status is passed to Azure AD which can use this status in conditional access rules to allow or prevent a device from accessing resources. ## Configuring device compliance policies |
| solutions | Manage Devices With Intune Configuration Profiles | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/manage-devices-with-intune-configuration-profiles.md | To give you an idea of the kind of configuration profiles you can create, see [A ## Deploy Windows security baselines for Intune -As a starting point, if you want to align your device configurations to Microsoft security baselines, we recommend the security baselines within Microsoft Endpoint Manager. The advantage of this approach is you can rely on Microsoft to keep the baselines up to date as Windows 10 and 11 features are released. +As a starting point, if you want to align your device configurations to Microsoft security baselines, we recommend the security baselines within Microsoft Intune. The advantage of this approach is you can rely on Microsoft to keep the baselines up to date as Windows 10 and 11 features are released. To deploy the Windows security baselines for Intune, available for Windows 10 and Windows 11. See [Use security baselines to configure Windows devices in Intune](/mem/intune/protect/security-baselines) to learn about the available baselines. When customizing configuration profiles for your organization, use the following - Simplify your security governance strategy by keeping the overall number of policies small. - Group settings into the categories listed above, or categories that make sense for your organization. - When moving security controls from Group Policy Objects (GPO) to Intune configuration profiles, consider whether the settings configured by each GPO are still relevant, and needed to contribute to your overall cloud security strategy. Conditional access and the many policies that can be configured across cloud services, including Intune, provide more sophisticated protection than could be configured in an on-premises environment where custom GPOs were originally designed.-- Utilize Group Policy Analytics to compare and map your current GPO settings to capabilities within Microsoft Endpoint Manager. See [Analyze your on-premises group policy objects (GPO) using Group Policy analytics](/mem/intune/configuration/group-policy-analytics) in Microsoft Endpoint Manager.+- Utilize Group Policy Analytics to compare and map your current GPO settings to capabilities within Microsoft Intune. See [Analyze your on-premises group policy objects (GPO) using Group Policy analytics](/mem/intune/configuration/group-policy-analytics) in Microsoft Intune. - When utilizing custom configuration profiles, be sure to use the guidance here: [Create a profile with custom settings in Intune](/mem/intune/configuration/custom-settings-configure). ## Additional resources |
| solutions | Manage Devices With Intune Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/manage-devices-with-intune-overview.md | While Microsoft 365 includes several tools and methodologies for managing and pr - Plan to manually enroll devices into Intune. - Allow BYOD devices with plans to implement protection for apps and data and/or enroll these devices to Intune. -On the other hand, if your environment includes plans for co-management including Microsoft Endpoint Configuration Manager, see [Co-management documentation](/mem/configmgr/comanage/) to develop the best path for your organization. If your environment includes plans for Windows 365 Cloud PC, see [Windows 365 Enterprise documentation](/windows-365/enterprise/) to develop the best path for your organization. +On the other hand, if your environment includes plans for co-management including Microsoft Configuration Manager, see [Co-management documentation](/mem/configmgr/comanage/) to develop the best path for your organization. If your environment includes plans for Windows 365 Cloud PC, see [Windows 365 Enterprise documentation](/windows-365/enterprise/) to develop the best path for your organization. Watch this video for an overview of the deployment process. <br> In this illustration: This guidance is tightly coordinated with the recommended [**Zero Trust identity and device access policies**](../security/office-365-security/microsoft-365-policies-configurations.md). You will be working with your identity team to carry through protection that you configure with Intune into Conditional Access policies in Azure AD. -HereΓÇÖs an illustration of the recommended policy set with step callouts for the work you will do in Intune/MEM and the related Conditional Access policies you will help coordinate in Azure AD. +HereΓÇÖs an illustration of the recommended policy set with step callouts for the work you will do in Intune and the related Conditional Access policies you will help coordinate in Azure AD. [](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/media/devices/identity-device-overview-steps.png) Note that only Intune is managing devices. Onboarding refers to the ability for ## Learning for administrators -The following resources help administrators learn concepts about using MEM and Intune. +The following resources help administrators learn concepts about using Intune. -[Simplify device management with Microsoft Endpoint Manager](/training/modules/simplify-device-management-with-microsoft-endpoint-manager/) -Description: Learn about modern management and the Microsoft Endpoint Manager and how the business management tools in Microsoft 365 can simplify management of all your devices. +[Simplify device management with Microsoft Intune](/training/modules/simplify-device-management-with-microsoft-endpoint-manager/) +Description: Learn about modern management and the Microsoft Intune family of products, and how the business management tools in Microsoft 365 can simplify management of all your devices. [Set up Microsoft Intune](/training/modules/set-up-microsoft-intune/)-Description: Microsoft Intune, which is a part of Microsoft Endpoint Manager, helps you protect the devices, apps, and data that the people at your organization use to be productive. After completing this module, you will have set up Microsoft Intune. Set up includes reviewing the supported configurations, signing up for Intune, adding users and groups, assigning licenses to users, granting admin permissions, and setting the MDM authority. +Description: Microsoft Intune helps you protect the devices, apps, and data that the people at your organization use to be productive. After completing this module, you will have set up Microsoft Intune. Set up includes reviewing the supported configurations, signing up for Intune, adding users and groups, assigning licenses to users, granting admin permissions, and setting the MDM authority. |
| syntex | Syntex Licensing | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/syntex-licensing.md | The following tasks require a [Syntex license](https://www.microsoft.com/microso - Run an unstructured document processing model on-demand - Create a modern template with content assembly - Generate a document from a modern template-- Use of advanced metadata search+- Use of content query to search for metadata +- Use of annotations to add notes and comments - Use of premium taxonomy services. (Premium taxonomy services comprise SKOS-based term set import, pushing enterprise content types to hub-associated sites, and term store reports.) Unlicensed users can be granted access to a content center and can create models there, but can't apply them to a document library. |
| test-base | Testintuneapplication | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/testintuneapplication.md | f1.keywords: NOCSH Base package upload instruction, please refer to this [doc](https://microsoft.sharepoint.com/:w:/t/AzureSUVPCoreTeam/EeHQIT3qA0FKqBDWI5TzmzgBiH2Syz39o5VbY2kdugMn4A?e=Rk1KD9). ## Intunewin Upload Flow-As an effort to further enable commercial utilization, Test Base started to support intunewin format for IT Pros who manages apps for their apps within Intune as the standard onboarding package format. The intunewin upload flow provides the experience for IT Pros to reuse their intunewin format packages, which contain the apps they deployed to their end devices via MEM/Intune to onboarding their apps and test configurations quickly to Test Base. +As an effort to further enable commercial utilization, Test Base started to support intunewin format for IT Pros who manages apps for their apps within Intune as the standard onboarding package format. The intunewin upload flow provides the experience for IT Pros to reuse their intunewin format packages, which contain the apps they deployed to their end devices via Intune to onboarding their apps and test configurations quickly to Test Base. **Prerequisites** - Currently Test Base support synchronizing via the same subscription between Intune account and Test Base account (you donΓÇÖt have to have an Intune account to upload your intunewin package however if youΓÇÖd like to synchronize the Intune configuration for the intunewin fileΓÇÖs corresponding apps from Intune, you'll need to make sure your Intune account is created under the same subscription as your Test Base account). |