Updates from: 02/25/2023 02:25:35
Category Microsoft Docs article Related commit history on GitHub Change details
admin Activity Reports https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/activity-reports.md
However, when you select a particular day, up to 28 days from the current date,
## Related content [Microsoft 365 usage analytics](../usage-analytics/usage-analytics.md) (article)\
-[Customize the reports in Microsoft 365 usage analytics](../usage-analytics/customize-reports.md) (article)
+[Customize the reports in Microsoft 365 usage analytics](../usage-analytics/customize-reports.md) (article)\
+[Working with Microsoft 365 usage reports in Microsoft Graph beta](/graph/api/resources/report?view=graph-rest-beta&preserve-view=true) (article)\
+[Working with Microsoft 365 usage reports in Microsoft Graph v1.0](/graph/api/resources/report?view=graph-rest-1.0&preserve-view=true) (article)
admin Adoption Score https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/adoption/adoption-score.md
The details pages are:
- [Microsoft 365 Apps health ΓÇô technology experiences](apps-health.md) - [Endpoint Analytics](/mem/analytics/productivity-score)
-## Business resilience special report
-
-The Business resilience report is a limited-time Workplace Intelligence report available to all Microsoft 365 customers to help them guide their organizations during this challenging time.
-
-This report helps organizations understand:
--- How collaboration and communication are affected by the shift to remote work. --- The impact on work-life balance as people adjust to working from home. --- Whether remote meetings support effective decision-making.-
-[Learn more about the Business resilience report](/Workplace-Analytics/tutorials/bcrps)
-
-[Learn more about Microsoft Graph](/graph/)
-
-> [!NOTE]
-> Users also have the option to get productivity insights from the [MyAnalytics dashboard](/workplace-analytics/myanalytics/use/dashboard-2).
- ## Group Level Aggregates The group-level filters functionality helps admins and adoption strategists understand how different groups, based on data from Azure Active Directory, are performing on the people experiencing insights. It's used to provide higher granularity of insights and actions.
admin M365 Katakana Glossary https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/m365-katakana-glossary.md
- scotvorg description: "Learn how to view the Japanese katakana glossary for the Microsoft 365 admin center." Previously updated : 09/14/2022 Last updated : 2/24/2023 <!-- DO NOT MAKE CHANGES TO THIS ARTICLE WITHOUT FIRST CONTACTING THE MS.REVIEWER --> # Microsoft 365 admin center katakana glossary
-This is a Japanese language-specific article, and isn't available in your language. To view the Japanese article, see [Microsoft 365 admin center katakana glossary](https://go.microsoft.com/fwlink/p/?linkid=2208404).
-
-<!--
-These images are included for the ja-jp article only
->
+Explanations have been added to the main katakana terms used in the Microsoft 365 Management Center. For more detailed information, please refer to the text in the link on each item.
+
+## Account
+
+![Account](../media/katanaglossary/001_account.png)
+
+Refers to an identifying name assigned to an individual within an organization/company for the purpose of using Microsoft 365. It is created for each organization/company and a separate account is usually assigned to each individual. Use this account to use Microsoft 365 services.
+
+[Add users and assign licenses](add-users/add-users.md)
+
+## Add-on
+
+![Add-on](../media/katanaglossary/002_1_addon.png)
+
+This is not a stand-alone offering by itself, but an additional feature to a service that is subscribed to by subscription. It provides more advanced and new features.
+
+[Purchase or manage add-ons](../commerce/buy-or-edit-an-add-on.md)
+
+## Alias
+
+Another name for e-mail, etc. Refers to a name given to an e-mail distribution list, etc., that is shared by several people.
+
+## Custom domain
+
+![Custom domain](../mediomain.png)
+
+Also referred to as an original domain. An Internet domain dedicated to an organization, such as a company or school. The organization can use its own unique name to establish an e-mail address or a website. A domain indicates a location on the Internet and is used in URLs to indicate where to send e-mails or locate websites. Obtaining a name that is easy to understand and remember is effective in branding your company.
+
+[Add a domain to Microsoft 365](setup/add-domain.md)
+
+## Cloud storage
+
+![Cloud storage](../media/katanaglossary/004_cloudstorage.png)
+
+A place or device for storing files on the Internet. It can be beneficial when an individual uses the same file from multiple terminals or devices, or when multiple people work together. It is suitable for referencing and modifying files from different environments such as PCs and mobile devices, internal and remotely.
+
+## Groups
+
+![Groups](../media/katanaglossary/005_group_updated.png)
+
+By using Microsoft 365 Groups, you can easily select teammates to collaborate with, and then share files and information among them to make collaboration easier.
+
+[Create a group](create-groups/create-groups.md)
+
+Various groups
+
+[Compare groups](create-groups/compare-groups.md)
+
+## Global administrator
+
+![Global administrator](../media/katanaglossary/006_globaladmin.png)
+
+The global administrator, usually has the authority to change, delete, or set new settings for all setting items.
+
+If you wish to appoint an administrator with limited administrative functions (e.g. you want to give them administrative functions but not allow them to purchase new services.), please refer to the following article.
+
+[About the administrator role of the Microsoft 365 Management Center](add-users/about-admin-roles.md)
+
+## Guest or guest user
+
+Someone from outside the organization/company who can view or change certain authorized files or information, or participate in authorized meetings.
+
+[Sharing with external or guest in OneDrive, SharePoint, and Lists](https://support.microsoft.com/office/7aa070b8-d094-4921-9dd9-86392f2a79e7)
+
+[Guest access with Microsoft Teams](/microsoftteams/guest-access)
+
+## Collaboration and communication
+
+Cooperating with several different organizations and people toward a common purpose or goal. Refers to a modern work style in which people from different organizations and workplaces collaborate by sharing information and files via Teams, SharePoint, OneDrive, etc., and keeping in touch via Teams.
+
+![Collaboration and communication](../media/katanaglossary/007_collabo-commu.png)
+
+## Service (online service)
+
+A computer or software function that is provided over a network (Internet). It is distinguished from software that is executed directly on the PC at your disposal.
+
+## Website address
+
+In Microsoft 365, it refers to the URL of the SharePoint site.
+
+## Sign-in
+
+To make the service available for use from the account via authentication, or to allow the service to recognize the user. Microsoft 365 services becomes available by signing in.
+
+## Subscription
+
+A type of contract in which the right to use a service for a certain period of time is purchased, as opposed to the purchase of the right to use software on a perpetual basis, which has been the norm in the past. With Microsoft 365, payment is done on a monthly or a yearly basis.
+
+## Security
+
+A system to prevent confidential and personal information of organizations, employees, customers, etc. from being illegally obtained or leaked to outside parties.
+
+## Domain
+
+The part of a website or e-mail address that corresponds to an address on the Internet used for a website or e-mail address.
+E.g.: contoso.com part of www.contoso.com and mail@contoso.com.
+
+## Training and guide
+
+![Training and guide](../media/katanaglossary/008_trainingguide.png)
+
+Refers to learning texts and videos for using and managing Microsoft 365 provided by Microsoft.
+
+## Public
+
+In Microsoft 365, it refers to the state of being viewable or editable by all users in the organization. E.g.: Public group: A group in which anyone in the organization can participate.
+
+## Give feedback
+
+![Feedback](../media/katanaglossary/009_feedback.png)
+
+Refers to sending comments or requests to Microsoft from users of the service.
+
+For matters that require customer support attention in accordance with your support contract, please use the "Help and Support" link at the top of the page. For non-support related issues such as usability or new feature suggestions, please use this feedback form to send your suggestions. The development team looks directly at the content. The more specific your comments and requests are, the more likely it will be implemented.
+
+## Privacy
+
+![Privacy](../media/katanaglossary/010_privacy_updated.png)
+
+A function to set the scope of disclosure of files and information related to the protection of personal information. Different disclosure ranges can be set, such as making files and information available to everyone in the organization (public), or only available to a few designated people (private).
+
+[Manage data privacy and data protection with Microsoft Priva and Microsoft Purview](../solutions/data-privacy-protection.md)
+
+## Private
+
+A state in which only certain people within an organization can view, modify, etc. The owner or administrator of that information or group can set which people are granted permission to connect. E.g.: Private group
+
+## Billing profile
+
+![Billing profile](../media/katanaglossary/011_billpayments.png)
+
+Billing information and other information related to Microsoft 365 payments are stored. It is used to pay for products and services purchased from Microsoft. Note: Billing profiles are not used for products and services purchased from Microsoft.com or the Management Center.
+
+[Understanding the billing profile](../commerce/billing-and-payments/manage-billing-profiles.md)
+
+## Hosted domains
+
+![Hosted domains](../media/katanaglossary/012_domain.png)
+
+The domain service used by Microsoft 365. Used for website URLs and e-mail addresses. You can purchase it from the Microsoft 365 Management Center, or if you already have your own domain you can use that one.
+
+## License
+
+![License](../media/katanaglossary/013_licenses.png)
+
+Refers to the usage and access rights assigned to individual employees when an organization purchases Microsoft 365. To use Microsoft 365, licenses must be purchased for the number of users and assigned to each user.
+
+[Assign a Microsoft 365 license to a user](manage/assign-licenses-to-users.md)
admin Manage Office Scripts Settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-office-scripts-settings.md
description: "Learn how to manage Office Scripts settings for users in your orga
It can take up to 48 hours for changes to Office Scripts settings to take effect.
-## Manage visibility of the Automate tab by using Group Policy
+## Manage the availability of Office Scripts in Excel desktop by using Group Policy
-Group Policy has a setting to show or hide the **Automate** tab or all Excel on Desktop users in your organization. You'll find Office Scripts settings under Computer Configuration\Administrative Templates\Microsoft Excel 2016\Miscellaneous in the Group Policy Management Console.
+Group Policy has a setting to control whether Office Scripts (including the relevant commands on the **Automate** tab) are available for use.
+
+If you enable this policy setting, Office Scripts won't be available for use in the installed Excel app on a desktop. You'll find Office Scripts settings under User Configuration\Administrative Templates\Microsoft Excel 2016\Miscellaneous in the Group Policy Management Console.
+
+After applying this policy setting, users will still see the **Automate** tab, but the **Office Scripts** and **Automate** options will be greyed out. They can select the **Record Actions** button, but if they do, they'll see the following message: "You don't have access to Office Scripts. Your organization's admin may have turned off this feature, or you don't meet the requirements."
To learn more, see [Use Group Policy to configure update settings for Microsoft 365 Apps](/deployoffice/configure-update-settings-microsoft-365-apps#use-group-policy-to-configure-update-settings-for-microsoft-365-apps).
commerce Allowselfservicepurchase Powershell https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/allowselfservicepurchase-powershell.md
The following table lists the available products and their **ProductId**. It als
| Power BI Pro | CFQ7TTC0L3PB | No | | Project Plan 1* | CFQ7TTC0HDB1 | Yes | | Project Plan 3* | CFQ7TTC0HDB0 | No |
+| Teams Exploratory | CFQ7TTC0J1FV | Yes |
| Visio Plan 1* | CFQ7TTC0HD33 | No | | Visio Plan 2* | CFQ7TTC0HD32 | No | | Viva Goals | CFQ7TTC0PW0V | Yes |
compliance Alert Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/alert-policies.md
f1.keywords:
Previously updated : 09/11/2019 Last updated : 01/01/2023 audience: Admin
compliance Classifier Tc Definitions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/classifier-tc-definitions.md
Microsoft Purview comes with multiple pre-trained classifiers. They appear in th
|:-|:--|:--| | Detects tax related content such as tax planning, tax forms, tax filing, tax regulations. | Detects content in .docx, .docm, .doc, .dotx, .dotm, .dot, .pdf, .rtf, .txt, .one, .msg, .eml, .pptx, .pptm, .ppt, .potx, .potm, .pot, .ppsx, .ppsm, .pps, .ppam, .ppa, .xlsx, .xlsm, .xlsb, .xls, .csv, .xltx, .xltm, .xlt, .xlam, xla files. | English |
-## Threat
+## Targeted threat
|**Description**|**File types**|**Languages**| |:-|:--|:--|
compliance Communication Compliance Configure https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-configure.md
f1.keywords:
Previously updated : 02/07/2023 Last updated : 02/24/2023 audience: Admin f1_keywords:
For more information about configuring Yammer in Native Mode, see:
- Enable [optical character recognition (OCR)](/microsoft-365/compliance/communication-compliance-policies#optical-character-recognition-ocr) to identify embedded or attached images in messages for printed or handwritten text that match policy conditions. For custom policies, one or more conditional settings associated with text, keywords, classifiers, or sensitive info types must be configured in the policy to enable the selection of optical character recognition (OCR) documents.
- - Choose **Filter email blasts** to exclude messages sent from email blast services. Messages that match specific conditions selected here won't generate alerts. This includes bulk email, such as newsletters, as well as spam, phishing, and malware. When this option is selected, you can view a [report](communication-compliance-reports-audits.md#detailed-reports) containing the bulk email senders that are filtered out.
+ - Choose the **Filter email blasts** check box to exclude messages sent from email blast services. Messages that match specific conditions selected here won't generate alerts. This includes bulk email, such as newsletters, as well as spam, phishing, and malware. When this option is selected, you can view a [report](communication-compliance-reports-audits.md#detailed-reports) containing the bulk email senders that are filtered out.
- Define the percentage of communications to review.
compliance Communication Compliance Investigate Remediate https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-investigate-remediate.md
The following table outlines filter details:
| **Tags** | The tags assigned to a message, either *Questionable*, *Compliant*, or *Non-compliant*. | | **Language** | The detected language of text in the message. The message is classified according to the language of the majority of the message text. For example, for a message containing both German and Italian text, but the majority of text is German, the message is classified as German (DE). For a list of supported languages, see [Learn about trainable classifiers](/microsoft-365/compliance/classifier-learn-about). <br><br> You can also filter by more than one language. For example, to filter messages classified as German and Italian, enter 'DE,IT' (the 2-digit language codes) in the Language filter search box. To view the detected language classification for a message, select a message, select View message details, and scroll to the *EmailDetectedLanguage* field. | | **Escalated To** | The user name of the person included as part of a message escalation action. |
-| **Classifiers** | The name of built-in and custom classifiers that apply to the message. Some examples include *Targeted Harassment*, *Profanity*, *Threat*, and more.
+| **Classifiers** | The name of built-in and custom classifiers that apply to the message. Some examples include *Targeted Harassment*, *Profanity*, *Targeted threat*, and more.
#### To configure a filter
compliance Communication Compliance Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-policies.md
f1.keywords:
Previously updated : 02/07/2023 Last updated : 02/24/2023 audience: Admin f1_keywords:
Policy templates are pre-defined policy settings that you can use to quickly cre
|**Area**|**Policy Template**|**Details**| |:--|:--|:--|
-| **Inappropriate text** | Detect inappropriate text | - Locations: Exchange Online, Microsoft Teams, Yammer <br> - Direction: Inbound, Outbound, Internal <br> - Review Percentage: 100% <br> - Conditions: Threat, Discrimination, and Targeted harassment classifiers |
+| **Inappropriate text** | Detect inappropriate text | - Locations: Exchange Online, Microsoft Teams, Yammer <br> - Direction: Inbound, Outbound, Internal <br> - Review Percentage: 100% <br> - Conditions: Targeted hreat, Discrimination, and Targeted harassment classifiers |
| **Inappropriate images** | Detect inappropriate images | - Locations: Exchange Online, Microsoft Teams, Yammer <br> - Direction: Inbound, Outbound, Internal <br> - Review Percentage: 100% <br> - Conditions: Adult and Racy image classifiers | | **Sensitive information** | Detect sensitive info types | - Locations: Exchange Online, Microsoft Teams, Yammer <br> - Direction: Inbound, Outbound, Internal <br> - Review Percentage: 10% <br> - Conditions: Sensitive information, out-of-the-box content patterns, and types, custom dictionary option, attachments larger than 1 MB | | **Regulatory compliance** | Detect financial regulatory compliance | - Locations: Exchange Online, Microsoft Teams, Yammer <br> - Direction: Inbound, Outbound <br> - Review Percentage: 10% <br> - Conditions: custom dictionary option, attachments larger than 1 MB |
The *Report a concern* option is enabled by default and can be controlled via Te
When users experience employment stressors, they may engage in risky activities. Workplace stress may lead to uncharacteristic or malicious behavior by some users that could surface as potentially inappropriate behavior on your organization's messaging systems. Communication compliance can provide risk signals detected in applicable messages to [insider risk management](/microsoft-365/compliance/insider-risk-management) risky user policies by using a dedicated [Detect inappropriate text](#policy-templates) policy. This policy is automatically created (if selected as an option) during configuration of a [Data leaks by risky employees](/microsoft-365/compliance/insider-risk-management-policies#data-leaks-by-risky-users-preview) or [Security policy violations by risky employees](/microsoft-365/compliance/insider-risk-management-policies#security-policy-violations-by-risky-users-preview) policy in insider risk management.
-When configured for an insider risk management policy, a dedicated policy named *Risky users in messages - (date created)* is created in communication compliance and automatically includes all organization users in the policy. This policy starts detecting risky behavior in messages by using the built-in [Threat, Harassment, and Discrimination classifiers](#classifiers) and automatically sends these signals to insider risk management. If needed, this policy can be edited to update the scope of included users and the policy conditions and classifiers.
+When configured for an insider risk management policy, a dedicated policy named *Risky users in messages - (date created)* is created in communication compliance and automatically includes all organization users in the policy. This policy starts detecting risky behavior in messages by using the built-in [Targeted threat, Harassment, and Discrimination classifiers](#classifiers) and automatically sends these signals to insider risk management. If needed, this policy can be edited to update the scope of included users and the policy conditions and classifiers.
Users that send 5 or more messages classified as potentially risky within 24 hours are automatically brought in-scope for insider risk management policies that include this option. Once in-scope, the insider risk management policy detects potentially risky activities configured in the policy and generates alerts as applicable. It may take up to 48 hours from the time risky messages are sent until the time a user is brought in-scope in an insider risk management policy. If an alert is generated for a potentially risky activity detected by the insider risk management policy, the triggering event for the alert is identified as being sourced from the communication compliance risky activity.
Communication compliance policies using classifiers inspect and evaluate message
| [Profanity](classifier-tc-definitions.md#profanity) | Detects potentially profane content in multiple languages that would likely offend most people. | | [Regulatory collusion (preview)](classifier-tc-definitions.md#regulatory-collusion-preview) | Detects messages that may violate regulatory anti-collusion requirements such as an attempted concealment of sensitive information. This classifier can help customers manage regulatory compliance obligations such as the Sherman Antitrust Act, Securities Exchange Act 1933, Securities Exchange Act of 1934, Investment Advisers Act of 1940, Federal Commission Act, and the Robinson-Patman Act. | | [Stock manipulation (preview)](classifier-tc-definitions.md#stock-manipulation-preview) | Detects signs of possible stock manipulation, such as recommendations to buy, sell or hold stocks that may suggest an attempt to manipulate the stock price. This classifier can help customers manage regulatory compliance obligations such as the Securities Exchange Act of 1934, FINRA Rule 2372, and FINRA Rule 5270. |
-| [Threat](classifier-tc-definitions.md#threat) | Detects potential threatening content in multiple languages aimed at committing violence or physical harm to a person or property. |
+| [Targeted threat](classifier-tc-definitions.md#targeted-threat) | Detects potential threatening content in multiple languages aimed at committing violence or physical harm to a person or property. |
| [Unauthorized disclosure (preview)](classifier-tc-definitions.md#unauthorized-disclosure-preview) | Detects sharing of information containing content that is explicitly designated as confidential or internal to unauthorized individuals. This classifier can help customers manage regulatory compliance obligations such as FINRA Rule 2010 and SEC Rule 10b-5. | > [!IMPORTANT]
-> Classifiers in (preview) may detect a large volume of bulk sender/newsletter content due to a known issue. While these classifiers are in preview, you can mitigate the detection of large volumes of bulk sender/newsletter content by adding the [*Message is not sent to any of these domains* condition](/microsoft-365/compliance/communication-compliance-policies#conditional-settings) to your polices with a list of domains to exclude.
+> Classifiers in (preview) may detect a large volume of bulk sender/newsletter content due to a known issue. You can mitigate the detection of large volumes of bulk sender/newsletter content by selecting the [**Filter email blasts** check box](communication-compliance-configure.md#step-5-required-create-a-communication-compliance-policy) when you create the policy. You can also edit an existing policy to turn on this feature.
### Optical character recognition (OCR)
compliance Communication Compliance Siem https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-siem.md
search.appverid:
> [!IMPORTANT] > Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance (for example, SEC or FINRA) and business conduct violations such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy.
-[Communication compliance](/microsoft-365/compliance/communication-compliance) is an insider risk solution in Microsoft Purview that helps minimize communication risks by helping you detect, capture, and act on potentially inappropriate messages in your organization. Security information and event management (SIEM) solutions such as [Microsoft Sentinel](https://azure.microsoft.com/services/azure-sentinel) or [Splunk](https://www.splunk.com/) are commonly used to aggregate and track threats within an organization.
+[Communication compliance](/microsoft-365/compliance/communication-compliance) is an insider risk solution in Microsoft Purview that helps minimize communication risks by helping you detect, capture, and act on potentially inappropriate messages in your organization. Security information and event management (SIEM) solutions such as [Microsoft Sentinel](https://azure.microsoft.com/services/azure-sentinel) or [Splunk](https://www.splunk.com/) are commonly used to aggregate and track insider risks that may lead to a security incident within an organization.
A common need for organizations is to integrate communication compliance alerts and their SIEM solutions. With this integration, organizations can view communication compliance alerts in their SIEM solution and then remediate alerts within the communication compliance workflow and user experience.
compliance Communication Compliance Solution Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-solution-overview.md
> [!IMPORTANT] > Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance (for example, SEC or FINRA) and business conduct violations such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy.
-Protecting sensitive information and detecting and acting on workplace harassment incidents is an important part of compliance with internal policies and standards. Microsoft Purview Communication Compliance helps minimize these risks by helping you quickly detect, capture, and take remediation actions for email and Microsoft Teams communications. These include potentially inappropriate communications containing profanity, threats, and harassment and communications that share sensitive information inside and outside of your organization.
+Protecting sensitive information and detecting and acting on workplace harassment incidents is an important part of compliance with internal policies and standards. Microsoft Purview Communication Compliance helps minimize these risks by helping you quickly detect, capture, and take remediation actions for email and Microsoft Teams communications. These include potentially inappropriate communications containing profanity, insider risks that may lead to a security event, and harassment and communications that share sensitive information inside and outside of your organization.
[!INCLUDE [purview-preview](../includes/purview-preview.md)]
Users are given [permissions](/microsoft-365/compliance/communication-compliance
Communication compliance empowers organizations to detect, triage, and remediate communications with potential business conduct and/or regulatory compliance violations. Communication compliance provides the following policy templates that use machine learning classifiers for users: -- **Business conduct**: Corporate sabotage (preview), Discrimination, Profanity, Threat, and Targeted harassment classifiers
+- **Business conduct**: Corporate sabotage (preview), Discrimination, Profanity, Targeted threat, and Targeted harassment classifiers
- **Regulatory compliance**: Customer complaints, gifts & entertainment (preview), money laundering (preview), regulatory collusion (preview), stock manipulation (preview), unauthorized disclosure (preview) classifiers ## Metrics used to evaluate and measure performance
compliance Communication Compliance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance.md
Communication compliance offers several important features to help address compl
Intelligent customizable templates in communication compliance allow you to apply machine learning to intelligently detect communication violations in your organization. - **Customizable pre-configured templates**: Policy templates help address the most common communications risks. Initial policy creation and follow-on updating are now quicker with pre-defined templates to analyze and mitigate potentially inappropriate content, sensitive information, conflict of interest, and regulatory compliance issues.-- **New machine learning support**: Built-in [classifiers](/microsoft-365/compliance/classifier-get-started-with) to analyze and mitigate discrimination, threats, harassment, profanity, and potentially inappropriate images and help reduce misclassified content in communication messages, saving reviewers time during the investigation and remediation process.
+- **New machine learning support**: Built-in [classifiers](/microsoft-365/compliance/classifier-get-started-with) to analyze and mitigate discrimination, insider risks that may lead to a security incident, harassment, profanity, and potentially inappropriate images and help reduce misclassified content in communication messages, saving reviewers time during the investigation and remediation process.
- **Improved condition builder**: Configure policy conditions that are now streamlined into a single, integrated experience in the policy wizard, reducing confusion in how conditions are applied for policies. ### Flexible remediation workflows
compliance Create Info Mgmt Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-info-mgmt-policies.md
- Title: "Create and apply information management policies"-- NOCSH--- Previously updated : 5/16/2017---- SPO160-- OSU150-- OSU160-- MET150--- purview-compliance-- SPO_Content--- seo-marvel-apr2020
-description: Learn how to set up an information management policy to control how long information is kept and track who is using the information.
--
-# Create and apply information management policies
-
-Information management policies enable your organization to control how long to retain content, to audit what people do with content, and to add barcodes or labels to documents. A policy can help enforce compliance with legal and governmental regulations or internal business processes. As an administrator, you can set up a policy to control how to track documents and how long to retain documents.
-
-You can create an information management policy can at three different locations in the site hierarchy, from the broadest to the narrowest:
--- Create a policy to use on multiple content types within a site collection.-- Create a policy for a site content type.-- Create a policy for a list or library.-
-For more information, see [Introduction to information management policies](intro-to-info-mgmt-policies.md).
--
-## Create a policy for multiple content types within a site collection
-<a name="__toc261001590"> </a>
-
-To ensure that an information policy is applied to all documents of a certain type within a site collection, consider creating the policy at the site collection level and then later apply the policy to content types. These are referred to as site collection policies.
-
-1. On the site collection home page \> **Settings**![SharePoint 2016 Settings button on title bar.](../media/1c22d2d8-39e0-4930-82c6-c3eee44211d3.png) \> **Site Settings**.
-
- In a SharePoint group-connected site, click **Settings**, click **Site Contents**, and then click **Site Settings**.
-
-2. On the Site Settings page, under **Site Collection Administration** \> **Content Type Policy Templates**.
-
- ![Content Type Policy Template link on Site Settings page.](../media/26d3466a-23ec-443f-88f0-2aaff38e992b.png)
-
-3. On the Policies page \> **Create**.
-
-4. Enter a name and description for the policy, and then write a brief policy statement that explains to users what the policy is for.
-
-5. See the next section on creating policies for a site content type to learn how to set up the features you want to associate with the policy.
-
-6. Choose **OK**.
-
-## Create a policy for a site content type
-<a name="__create_a_policy"> </a>
-
-Adding an information management policy to a content type makes it easy to associate policy features with multiple lists or libraries. You can choose to add an existing information management policy to a content type or create a unique policy specific to an individual content type.
-
- You can also add an information management policy to a content type that is specific to lists. This has the effect of applying the policy only to items in that list that are using the content type.
-
-1. On the site collection home page \> **Settings**![SharePoint 2016 Settings button on title bar.](../media/1c22d2d8-39e0-4930-82c6-c3eee44211d3.png) \> **Site Settings**.
-
- In a SharePoint group-connected site, click **Settings**, click **Site Contents**, and then click **Site Settings**.
-
-2. On the Site Settings page, under **Web Designer Galleries** \> **Site content types**.
-
- ![Site content types link on Site Settings page.](../media/6f6fa51f-15d7-4782-b06f-a7b36e874cd3.png)
-
-3. On the Site Content Type Settings page, select the content type that you want to add a policy to.
-
-4. On the Site Content Type page, under **Settings** \> **Information management policy settings**.
-
-5. On the Edit Policy page, enter a name and description for the policy, and then write a brief description that explains to users what the policy is for.
-
-6. In the next sections, select the individual policy features that you want to add to your information management policy.
-
- ![Types of content policies.](../media/19fcb8a3-974b-40d3-a13f-b76088d122f8.png)
-
-7. To specify a retention period for documents and items that are subject to this policy, choose **Enable Retention**, and then specify the retention period and the actions that you want to occur when the items expire.
-
- To specify a retention period:
-
- 1. Choose **Add a retention stage for records**.
-
- 2. Select a retention period option to specify when documents or items are set to expire. Do one of the following steps:
- - To set the expiration date based on a date property, under **Event** \> **This stage is based off a date property on the item**, and then select the document or item action (for example, Created or Modified) and the increment of time after this action (for example, the number of days, months, or years) when you want the item to expire.
- - To use a custom retention formula to determine expiration, choose **Set by a custom retention formula installed on this server**.
-
- > [!NOTE]
- > This option is only available if a custom formula has been set up by your administrator.
-
- 3. The **Start a workflow** option is available only if you are defining a policy for a list, library, or content type that already has a workflow associated with it. You will then be given a choice of workflows to choose from.
-
- 4. In the **Recurrence** section, select **Repeat this stage's action...**, and then enter how often you want the action to reoccur.
-
- > [!NOTE]
- > This option is only available if the action you selected can be repeated. For example, you cannot set recurrence for the action **Permanently Delete**.
-
- 5. Choose **OK**.
-
-8. To enable auditing for the documents and items that are subject to this policy, choose **Enable Auditing**, and then specify the events you want to audit.
-
- To enable auditing:
-
- 1. On the Edit Policy page under **Auditing** select **Enable auditing**, and then select the check boxes next to the events you want to keep an audit trail for.
-
- 2. To prompt users to insert these barcodes into documents, choose **Prompt users to insert a barcode before saving or printing**.
-
- 3. Choose **OK** to apply the auditing feature to the policy.
-
- The Auditing Policy feature enables organizations to create and analyze audit trails for documents and to list items such as task lists, issues lists, discussion groups, and calendars. This policy feature provides an audit log that records events, such as when content is viewed, edited, or deleted.
-
- When auditing is enabled as part of an information management policy, administrators can view the audit data in policy usage reports that are based in Microsoft Excel and that summarize current usage. Administrators can use these reports to determine how information is being used within the organization. These reports can also help organizations to verify and document their regulatory compliance or to investigate potential concerns.
-
- The audit log records the following information: event name, date and time of the event, and system name of the user who performed the action.
-
-9. When barcodes are enabled as part of a policy, they are added to document properties and displayed in the header area of the document to which the barcode is applied. Like labels, barcodes can also be manually removed from a document. You can specify whether users should be prompted to include the barcode when printing or saving an item or if the barcode should be inserted manually using the **Insert** tab in 2010 Office release programs.
-
- To enable barcodes:
-
- 1. On the **Edit Policy** page under **Barcodes**, select **Enable Barcodes**.
-
- 2. To prompt users to insert these barcodes into documents, choose **Prompt users to insert a barcode before saving or printing**.
-
- 3. Choose **OK** to apply the barcode feature to the policy.
-
- The barcode policy generates Code 39 standard barcodes. Each barcode image includes text below the barcode symbol that represents the barcode value. This enables the barcode data to be used even when scanning hardware is not available. Users can manually type the barcode number into the search box to locate the item on a site. <br/> |
-
-10. To require that documents that are subject to this policy have labels, choose **Enable Labels**, and then specify the settings that you want for the labels.
-
- To enable labels:
-
- 1. To require users to add a label to a document, choose **Prompt users to insert a label before saving or printing**.
-
- > [!NOTE]
- > If you want labels to be optional, do not select this check box.
-
- 2. To lock a label so that it cannot be changed after it has been inserted, choose **Prevent changes to labels after they are added**.
-
- This setting prevents the label text from updating once the label has been inserted into an item within a client application such as Word, Excel, or PowerPoint. If you want the label to be updated when the properties for this document or item are updated, do not select this check box.
-
- 3. In the Label format box, enter the text for the label as you want it to be displayed. Labels can contain up to 10 column references, each of which can be up to 255 characters long. To create the format for your label, do the following steps:
- - Type the names of the columns that you want to include in the label in the order in which you want them to appear. Enclose the column names in curly brackets ({}), as shown in the example on the Edit Policy page.
- - Type words to identify the columns outside the brackets, as shown in the example on the Edit Policy page.
-
- 4. To add a line break, enter **\n** where you want the line break to appear.
-
- 5. Select the font size and style that you want, and specify whether you want the label positioned left, center, or right within the document.
-
- Select a font and style that are available on the users' computers. The size of the font affects how much text can be displayed on the label.
-
- 6. Enter the height and width of the label. Label height can range from .25 inches to 20 inches, and label width can range from .25 inches to 20 inches. Label text is always vertically centered within the label image.
-
- 7. Choose **Refresh** to preview the label content.
-
-11. Choose **OK**.
-
-## Create a policy for a list, library or folder (location-based retention policy)
-<a name="__create_a_policy"> </a>
-
-You can define a retention policy that applies only to a specific list, library or folder. However, if you create a retention policy this way, you cannot reuse this policy on other lists, libraries, folders or sites, and you cannot apply a site collection policy to a location based policy.
-
-If you want to apply a single retention policy to all types of content in a single location, you will most likely want to use location-based retention. In most other cases, you will want to verify that a retention policy is specified for all content types.
-
-Each subfolder inherits the retention policy of its parent, unless you choose to break inheritance and define a new retention policy at the child level.
-
-If you want to define an information management policy other than retention to a list or library, you need to define an information management policy for each individual list content type associated with that list or library.
-
-If at any point you decide to switch from content type to location-based policies for a list or library, only the retention policy will be used as the location-based policy. All other management policies (audits, barcodes, and barcodes) will be inherited from the associated content types.
-
-Location based policies can be disabled for a site collection by deactivating the Library and Folder Based Retention feature. This enables site collection administrators to ensure that their content type policies are not overridden by a list administrator's location based policies.
-
-You need at least the Manage Lists permission to change the information management policy settings for a list or library.
-
-1. Navigate to the list or library for which you want to specify an information management policy.
-
-2. On the ribbon, choose the **Library** or **List** tab \> **Library Settings** or **List Settings**.
-
- In SharePoint Online, click **Settings** and then click **List settings** or **Library settings**.
-
-3. Under **Permissions and Management**\> **Information management policy settings**.
-
- ![Information management policies link on settings page for document library.](../media/9fa6d366-6aab-49e1-a05c-898ac6f536e6.png)
-
-4. On the Information Management Policy Settings page, make sure that the source of retention for the list or library is set to Library and Folders.
-
- If **Content Type** appears as the source, click **Change Source**, and then click **Library and Folders**. You are alerted that content type retention policies will be ignored. Choose **OK**.
-
-5. On the Edit Policy page, under **Library Based Retention Schedule**, enter a brief description for the policy you are creating.
-
-6. Choose **Add a retention stage...**
-
- Note that under Records, you can choose to define different retention policies for records by selecting the Define different retention stages for records option.
-
-7. In the Stage properties dialog, select a retention period option to specify when documents or items are set to expire. Do one of the following:
-
- - To set the expiration date based on a date property, under **Event** \> **This stage is based off a date property on the item**, and then select the document or item action (for example, Created or Modified) and the increment of time after this action (for example, the number of days, months, or years) when you want the item to expire.
-
- - To use a custom retention formula to determine expiration, choose **Set by a custom retention formula installed on this server**.
-
- > [!NOTE]
- > This option is only available if a custom formula has been set up by your administrator.
-
- - Under **Action**, specify what you want to happen when the document or item expires. To enable a specific action to happen to the document or item (such as deletion), select an action from the list.
-
-8. The **Start a workflow** option is available only if you are defining a policy for a list, library, or content type that already has a workflow associated with it. You will then be given a choice of workflows to choose from.
-
-9. Under **Recurrence**, choose **Repeat this stage's action...** and enter how often you want the action to reoccur.
-
- > [!NOTE]
- > This option is only available if the action you selected can be repeated. For example, you cannot set recurrence for the action **Permanently Delete**.
-
-10. Choose **OK**.
-
-## Apply a site collection policy to a content type
-<a name="__apply_a_site"> </a>
-
-If information management policies have already been created for your site as site collection policies, you can apply one of the policies to a content type. By doing this, you can apply the same policy to multiple content types in a site collection that do not share the same parent content type.
-
- If you want to apply policies to multiple content types in a site collection, and you have a Managed Metadata Service configured, you can use Content Type Publishing to publish out information management policies to multiple site collections. See the section [Apply a policy across site collections](#apply-a-policy-across-site-collections) for more information.
-
-1. Navigate to the list or library that contains the content type to which you want to apply a policy.
-
-2. On the ribbon, choose the **Library** or **List** tab \> **Library Settings** or **List Settings**.
-
- In SharePoint Online, click **Settings** and then click **List settings** or **Library settings**.
-
-3. Under **Permissions and Management** \> **Information management policy settings**.
-
- ![Information management policies link on settings page for document library.](../media/9fa6d366-6aab-49e1-a05c-898ac6f536e6.png)
-
-4. Verify that the policy source is set to **Content Types**, and under **Content Type Policies** select the content type you want to apply the policy to.
-
-5. Under **Specify the Policy** \> **Use a site collection policy**, and then select the policy that you want to apply from the list.
-
- > [!NOTE]
- > If the **Use a site collection policy** option is not available, no site collection policies have been defined for the site collection.
-
-6. Choose **OK**.
-
- If the list or library you are working with supports the management of multiple content types, under **Content Types** you can choose the content type for which you want to specify an information management policy. This will take you directly to Step 5 above.
-
-## Apply a policy across site collections
-<a name="__toc260646789"> </a>
-
-Share content types across site collections by using a Managed Metadata service application to set up content type publishing. Content type publishing helps you manage content and metadata consistently across your sites because content types can be created and updated centrally, and updates can be published out to multiple subscribing site collections or Web applications.
-
-## Create a template from an existing policy to use across site collections
-<a name="__toc262125409"> </a>
-
-You can define an information management policy and then create a template from it to use as needed across multiple site collections. This method can be used if you want to have a backup of your information policies, or it can also be used as an alternate method to using content type publishing for applying one policy across site collections. You create a template or backup of the policy by exporting the policy from one site collection and then importing it to a saved location or to another site collection.
-
-> [!IMPORTANT]
-> If you using the export/import feature as a way to make a set of policy templates, keep in mind that a unique identifier exists in the policy .xml file. Because of this, you cannot import that policy into a site more than once without changing this unique identifier.
-
-### Export a policy
-<a name="__toc260646790"> </a>
-
-1. On the site collection home page, choose **Settings**![Small Settings gear that took the place of Site Settings.](../media/a47a06c3-83fb-46b2-9c52-d1bad63e3e60.png)\> **Site Settings**.
-
- In a SharePoint group-connected site, click **Settings**, click **Site Contents**, and then click **Site Settings**.
-
-2. On the Site Settings page, under **Site Collection Administration** \> **Content Type Policy Templates**.
-
- ![Content Type Policy Template link on Site Settings page.](../media/26d3466a-23ec-443f-88f0-2aaff38e992b.png)
-
-3. Choose the policy you want to export \> scroll to the bottom \> **Export**.
-
-4. At the prompt to save or open the file, choose **Save**, and then select a location to save the file to. Be sure to select a location that is available to the site collections that are importing the policy.
-
-5. When the Download Complete dialog is displayed, choose **Close**.
-
-### Import a policy to a different site collection
-<a name="__toc260646791"> </a>
-
-Importing an information management policy enables you to apply it to multiple content types at the site or list level within any given site collection. The benefits of doing this are twofold: you don't have to re-define and apply the policy on each content type, and you can more easily manage policy modifications by making changes to the policy in just one place.
-
-1. On the home page of the site collection to which you want to apply the policy, choose **Settings**![Small Settings gear that took the place of Site Settings.](../media/a47a06c3-83fb-46b2-9c52-d1bad63e3e60.png)\> **Site Settings**.
-
- In a SharePoint group-connected site, click **Settings**, click **Site Contents**, and then click **Site Settings**.
-
-2. On the Site Settings page, under **Site Collection Administration** \> **Content Type Policy Templates**.
-
-3. On the Policies page \> **Import** \> **Browse** to find the XML file for the policy.
-
-4. Select the XML file in which the policy has been saved \> **Open**.
-
-5. On the Import a Site Collection Policy page \> **Import** to add the policy to the site collection.
-
-Your imported policy can now be applied to one or many content types at the site or list level.
-
-Information management policies enable your organization to control how long to retain content, to audit what people do with content, and to add barcodes or labels to documents. A policy can help enforce compliance with legal and governmental regulations or internal business processes. As an administrator, you can set up a policy to control how to track documents and how long to retain documents.
-
-You can create an information management policy can at three different locations in the site hierarchy, from the broadest to the narrowest:
--- Create a policy to use on multiple content types within a site collection.-- Create a policy for a site content type.-- Create a policy for a list or library.-
-For more information, see [Introduction to information management policies](intro-to-info-mgmt-policies.md).
compliance Dlp Configure Endpoint Settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-configure-endpoint-settings.md
When you list a website in Sensitive services domains you can audit, block with
- print from a website - copy data from a website - save a website as local files-- upload a sensitive file to an excluded website (this is configured in the policy)
+- upload or drag/drop a sensitive file to an excluded website (this is configured in the policy)
For the print, copy data and save actions, each website must be listed in a website group and the user must be accessing the website through Microsoft Edge. For the upload action, the user can be using Microsoft Edge or Google Chrome with the Purview extension. Sensitive service domains is used in conjunction with a DLP policy for Devices. You can also define website groups that you want to assign policy actions to that are different from the global website group actions. See, [Scenario 6 Monitor or restrict user activities on sensitive service domains](endpoint-dlp-using.md#scenario-6-monitor-or-restrict-user-activities-on-sensitive-service-domains) for more information.
compliance Intro To Info Mgmt Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/intro-to-info-mgmt-policies.md
- Title: "Introduction to information management policies"-- NOCSH--- Previously updated : 5/16/2014---- WSU150-- SPO160-- OSU150-- MET150--- purview-compliance--- seo-marvel-apr2020
-description: Learn how to use information management policies to control and track things like how long content is retained or what actions users can take with that content.
--
-# Introduction to information management policies
-
-An information management policy is a set of rules for a type of content. Information management policies enable organizations to control and track things like how long content is retained and what actions users can take with that content. Information management policies can help organizations comply with legal or governmental regulations, or they can simply enforce internal business processes.
-
-For example, an organization that must follow government regulations requiring that they demonstrate "adequate controls" of their financial statements might create one or more information management policies that audit specific actions in the authoring and approval process for all documents related to financial filings.
-
-For how-to information, see [Create and apply information management policies](create-info-mgmt-policies.md).
-
-
-## Features of information management policies
-<a name="__top"> </a>
-
-There are four basic categories of predefined policy features that organizations can use individually or in combination to manage content and processes.
-
-![Types of content policies.](../media/19fcb8a3-974b-40d3-a13f-b76088d122f8.png)
-
-The Auditing policy feature helps organizations analyze how their content management systems are used by logging events and operations that are performed on documents and list items. You can configure the Auditing policy feature to log events such as when a document or item is edited, viewed, checked in, checked out, deleted, or has its permissions changed. All of the audit information is stored in a single audit log on the server, and site administrators can run reports on it.
-
-The Expiration policy feature helps organizations delete or remove out-of-date content from their sites in a consistent, trackable way. This helps you manage both the cost and risk associated with retaining out-of-date content. You can configure an Expiration policy to specify that certain types of content expire on a particular date or within a period of time after the document was created or last modified.
-
-Organizations can also create and deploy custom policy features to meet specific needs. For example, a manufacturing organization might want to define an information management policy for all draft product-design specification documents that prohibits users from printing copies of these documents on nonsecure printers. To define this kind of information management policy, you can create and deploy a Printing Restriction policy feature that can be added to the relevant information management policy for the product design specification content type.
-
-## Locations to use an information management policy
-<a name="__toc340213528"> </a>
-
-To implement an information management policy, you must add it to a list, library, or content type in a site. The location where you create or add an information management policy affects how broadly the policy applies or how broadly it can be used. You can:
-
- **Create a site collection policy and then add this policy to a content type, list, or library** You can create a site collection policy in the Policies list in the top-level site of a site collection. After you create a site collection policy, you can export it so that administrators of other site collections can import it into their Policies list. Creating an exportable site collection policy enables you to standardize the information management policies across the sites in your organization.
-
-When you add a site collection policy to a site content type, and an instance of that site content type is added to a list or library, the owner of that list or library cannot modify the site collection policy for the list or library. Adding a site collection policy to a site content type is a good way to ensure that site collection policies are enforced at each level of your site hierarchy.
-
-![Content Type Policy Template link on Site Settings page.](../media/26d3466a-23ec-443f-88f0-2aaff38e992b.png)
-
-
- **Create an information management policy for a site content type in the top-level site's Site Content Type Gallery, and then add that content type to one or more lists or libraries** You can also create an information management policy directly for a site content type and then associate an instance of that site content type with multiple lists or libraries. If you create an information management policy this way, every item in the site collection of that content type or a content type that inherits from that content type has the policy. However, if you create an information management policy directly for a site content type, it is more difficult to reuse this information management policy in other site collections because policies that are created this way cannot be exported.
--
-> [!NOTE]
-> If the content type of an item changes, it might impact the enforcement of policy actions on that item. For more information about content types, see [Introduction to content types](https://support.microsoft.com/office/introduction-to-content-types-and-content-type-publishing-e1277a2e-a1e8-4473-9126-91a0647766e5d).
-
-
-![Site content types link on Site Settings page.](../media/6f6fa51f-15d7-4782-b06f-a7b36e874cd3.png)
-
-![Information management policy link on settings page for a site content type.](../media/15d83a34-6c8f-4b6e-b6ee-e9b0a70cbb4b.png)
-
-> [!NOTE]
-> To control which policies are used in a site collection, site collection administrators can disable the ability to set policy features directly on a content type. When this restriction is in effect, users who create content types are limited to selecting
-policies from the site collection Policies list.
-
-**Create an information management policy for a list or library** If your organization needs to apply a specific information management policy to a very limited set of content, you can create an information management policy that applies only to an individual list or library. This method of creating an information management policy is the least flexible, because the policy applies only to one location, and it cannot be exported or reused for other locations. However, sometimes you may need to create unique information management policies with limited applicability to address specific situations.
-
-![Information management policies link on settings page for document library.](../media/9fa6d366-6aab-49e1-a05c-898ac6f536e6.png)
-
-
-You can create an information management policy for a list or library only if that list or library does not support multiple content types. If a list or library supports multiple content types, you need to define an information management policy for each individual list content type that is associated with that list or library. (Instances of a site content type that are associated with a specific list or library are known as list content types.)
-
-To control which policies are used in a site collection, site collection administrators can disable the ability to set policy features directly on a list or library. When this restriction is in effect, users who manage lists or libraries are limited to selecting policies from the site collection Policies list.
-
compliance Named Entities Learn https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/named-entities-learn.md
Bundled named entity SITs detect all possible matches. Use them as broad criteri
Unbundled named entity SITs have a narrower focus, like a single country. Use them when you need a DLP policy with a narrower detection scope. > [!Note]
-> To use bundled SITs, you must activate [Advanced scanning and protection](dlp-configure-endpoint-settings.md) for the relevant [data loss prevention endpoints](dlp-configure-endpoint-settings.md) before they will be discoverable.
+> To use the named entity SITs, you must activate [Advanced scanning and protection](dlp-configure-endpoint-settings.md) for the relevant [data loss prevention endpoints](dlp-configure-endpoint-settings.md) before they will be discoverable.
Here are some examples of named entity SITs. You can find all of them in [Sensitive information type entity definitions](sensitive-information-type-entity-definitions.md).
compliance Retention https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention.md
If you currently use these older features, they will continue to work side by si
- [Use policies for site closure and deletion](https://support.microsoft.com/en-us/office/use-policies-for-site-closure-and-deletion-a8280d82-27fd-48c5-9adf-8a5431208ba5) (deletion only) -- [Information management policies](intro-to-info-mgmt-policies.md) (deletion only)
+- [Information management policies](/sharepoint/intro-to-info-mgmt-policies) (deletion only)
If you have configured SharePoint sites for content type policies or information management policies to retain content for a list or library, those policies are ignored while a retention policy or retention label policy is in effect.
compliance Sensitivity Labels Sharepoint Default Label https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-sharepoint-default-label.md
f1.keywords:
Previously updated : 02/04/2022 Last updated : 02/23/2023 audience: Admin
Summary of outcomes:
- You've [created and published](create-sensitivity-labels.md) sensitivity labels, and they're published to the users who will select a default sensitivity label for a SharePoint document library. -- You've [enabled sensitivity labels for Office files in SharePoint and OneDrive](sensitivity-labels-sharepoint-onedrive-files.md). To check this status, you can run `Get-SPOTenant -EnableAIPIntegration` from the [SharePoint Online Management Shell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online) to confirm the value is set to true.
+- You've [enabled sensitivity labels for Office files in SharePoint and OneDrive](sensitivity-labels-sharepoint-onedrive-files.md). To check this status, you can run `(Get-SPOTenant).EnableAIPIntegration` from the [SharePoint Online Management Shell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online) to confirm the value is set to **True**.
- [SharePoint Information Rights Management (IRM) is not enabled for the library](set-up-irm-in-sp-admin-center.md#irm-enable-sharepoint-document-libraries-and-lists). This older technology isn't compatible with using a default sensitivity label for a SharePoint document library. If a library is enabled for IRM, you won't be able to select a default sensitivity label.
compliance Sensitivity Labels Versions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-versions.md
f1.keywords:
Previously updated : 02/21/2023 Last updated : 02/24/2023 audience: Admin
The numbers listed are the minimum Office application versions required for each
|[Apply a sensitivity label to emails automatically](apply-sensitivity-label-automatically.md) <br /> - Using trainable classifiers | Current Channel: 2105+ <br /><br> Monthly Enterprise Channel: 2105+ <br /><br> Semi-Annual Enterprise Channel: 2108+ | 16.49+ | Under review | Under review | Yes | |[Different settings for default label and mandatory labeling](sensitivity-labels-office-apps.md#outlook-specific-options-for-default-label-and-mandatory-labeling) | Current Channel: 2105+ <br /><br> Monthly Enterprise Channel: 2105+ <br /><br> Semi-Annual Enterprise Channel: 2108+ | 16.43+ <sup>\*</sup> | 4.2111+ | 4.2111+ | Yes | |[PDF support](sensitivity-labels-office-apps.md#pdf-support) | Current Channel: 2205+ <br /><br> Monthly Enterprise Channel: 2205+ <br /><br> Semi-Annual Enterprise Channel: Under review| Under review | Under review | Under review | Under review |
-|[Apply S/MIME protection](sensitivity-labels-office-apps.md#configure-a-label-to-apply-smime-protection-in-outlook) | Current Channel: 2211+ <br /><br> Monthly Enterprise Channel: 2211+ <br /><br> Semi-Annual Enterprise Channel:Under review | 16.61+ <sup>\*</sup> | 4.2226+ | 4.2203+ | Under review |
+|[Apply S/MIME protection](sensitivity-labels-office-apps.md#configure-a-label-to-apply-smime-protection-in-outlook) | Current Channel: 2211+ <br /><br> Monthly Enterprise Channel: 2211+ <br /><br> Semi-Annual Enterprise Channel: 2302+ | 16.61+ <sup>\*</sup> | 4.2226+ | 4.2203+ | Under review |
|[Sensitivity bar](sensitivity-labels-office-apps.md#sensitivity-bar) and [display label color](sensitivity-labels-office-apps.md#label-colors) | Preview: [Beta Channel](https://office.com/insider) | Under review | Under review | Under review | Under review | |[Default sublabel for parent label](sensitivity-labels-office-apps.md#specify-a-default-sublabel-for-a-parent-label)| Preview: [Beta Channel](https://office.com/insider) | Under review | Under review | Under review | Under review |
compliance Sit Limits https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-limits.md
To ensure high performance and lower latency, there are limitations in custom SI
|maximum number of terms in keyword list| 2048| |maximum number of distinct regexes per sensitive information type| 20| |maximum size of a keyword dictionary (post compression)| 1MB (~1,000,000 characters)|
-|maximum number of keyword dictionary based SITs in a tenant|50 |
+|maximum number of keyword dictionary based SITs in a tenant| 50 |
+|maximum number of MIP+MIG ppolicies in a tenant| 10,000 |
+|maximum number of DLP rules in a policy | Limited by the size of policy (100KB) |
+|maximum number of DLP rules in a tenant | 600 |
+|maximum size of an individual DLP rule | 80KB |
+|maximum size of a DLP policy | 100KB |
+|Policy name character limit | 64 |
+|Policy rule character limit | 64 |
+|Comments character limit | 1024 |
+|Description character limit | 1024 |
+|GIR evidence limit | 100 with each SIT evidence in proportion of occurence |
+|Text extraction limit | 1MB |
+|Regex size limit (for all matches predicates) | 20KB |
+ > [!NOTE] > If you have a business need to create more than 500 custom SITs, please raise a support ticket.
lighthouse M365 Lighthouse Requirements https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-requirements.md
Microsoft 365 Lighthouse is an admin portal that helps Managed Service Providers
MSPs must be enrolled in the Cloud Solution Provider (CSP) program as an Indirect Reseller or Direct Bill partner to use Lighthouse.
+> [!NOTE]
+> Only MSPs are required to enroll in the CSP program; the customers they manage do not need to enroll in the CSP program.
+ In addition, each MSP customer tenant must meet the following requirements to be actively monitored and managed in Lighthouse: - Must have delegated access set up for the Managed Service Provider (MSP) to be able to manage the customer tenant
security Schedule Antivirus Scans Group Policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/schedule-antivirus-scans-group-policy.md
ms.localizationpriority: medium
Previously updated : 11/10/2021 Last updated : 02/24/2023
For more information, see the [Manage when protection updates should be download
| Scan | Specify the scan type to use for a scheduled scan | Quick scan | | Scan | Specify the day of the week to run a scheduled scan | Specify the day (or never) to run a scan. | Never | | Scan | Specify the time of day to run a scheduled scan | Specify the number of minutes after midnight (for example, enter **60** for 1 a.m.). | 2 a.m. |
-| Root | Randomize scheduled task times |In Microsoft Defender Antivirus, randomize the start time of the scan to any interval from 0 to 23 hours. <p>In [SCEP](/mem/intune/protect/certificates-scep-configure), randomize scans to any interval plus or minus 30 minutes. This can be useful in virtual machines or VDI deployments. | Enabled |
+| Root | Randomize scheduled task times |In Microsoft Defender Antivirus, randomize the start time of the scan to any interval from 0 to 23 hours. By default, scheduled tasks will begin at a random time within four hours of the time specified in Task Scheduler. <br/><br/>In [SCEP](/mem/intune/protect/certificates-scep-configure), randomize scans to any interval plus or minus 30 minutes. This can be useful in virtual machines or VDI deployments. | Enabled |
## Group Policy settings for scheduling scans for when an endpoint is not in use
For more information, see the [Manage when protection updates should be download
> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md) > - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md) > - [Configure Defender for Endpoint on Android features](android-configure.md)
-> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
security Defender Vulnerability Management Trial https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management-trial.md
See the [terms and conditions](/legal/microsoft-365/microsoft-365-trial) for Mic
Wondering what you can experience in your free trial? The Defender Vulnerability Management trial includes: - **[Security baselines assessment](tvm-security-baselines.md)**: When the trial ends security baseline profiles may be stored for a short additional time before being deleted.-- **[Blocking vulnerable applications (beta)](tvm-block-vuln-apps.md)**: When the trial ends blocked applications will be immediately unblocked whereas baseline profiles may be stored for a short additional time before being deleted.
+- **[Blocking vulnerable applications](tvm-block-vuln-apps.md)**: When the trial ends blocked applications will be immediately unblocked whereas baseline profiles may be stored for a short additional time before being deleted.
- **[Browser extensions assessment](tvm-browser-extensions.md)** - **[Digital certificates assessment](tvm-certificate-inventory.md)** - **[Network shares analysis](tvm-network-share-assessment.md)**
security Tvm Block Vuln Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/tvm-block-vuln-apps.md
Title: Block vulnerable applications (beta)
+ Title: Block vulnerable applications
description: Use Microsoft Defender Vulnerability Management to block vulnerable applications keywords: Microsoft Defender Vulnerability Management, Microsoft Defender for Endpoint block vulnerable applications, mdvm, vulnerability management
search.appverid: met150
Last updated 04/12/2022
-# Block vulnerable applications (beta)
+# Block vulnerable applications
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
While taking the remediation steps suggested by a security recommendation, secur
The **block action** is intended to block all installed vulnerable versions of the application in your organization from running. For example, if there is an active zero-day vulnerability you can block your users from running the affected software while you determine work-around options.
-The **warn action** is intended to send a warning to your users when they open vulnerable versions of the application. Users can choose to bypass the warning and access the application.
+The **warn action** is intended to send a warning to your users when they open vulnerable versions of the application. Users can choose to bypass the warning and access the application for subsequent launches.
-For both actions, you can customize the message the users will see. For example, you can encourage them to install the latest version.
+For both actions, you can customize the message the users will see. For example, you can encourage them to install the latest version. Additionally, you can provide a custom URL the users will navigate to when they select the notification. This can be used to provide additional details specific to the application management in your organization.
> [!NOTE] > The block and warn actions are typically enforced within a couple of minutes but can take up to 3 hours.
For both actions, you can customize the message the users will see. For example,
- **Microsoft Defender Antivirus (active mode)**: The detection of file execution events and blocking requires Microsoft Defender Antivirus to be enabled in active mode. By design, passive mode and EDR in block mode can't detect and block based on file execution. To learn more, see [deploy Microsoft Defender Antivirus](../defender-endpoint/deploy-manage-report-microsoft-defender-antivirus.md). - **Cloud-delivered protection (enabled)**: For more information, see [Manage cloud-based protection](../defender-endpoint/cloud-protection-microsoft-defender-antivirus.md).-- **Allow or block file (on)**: Go to **Settings** > **Advanced features** > **Allow or block file.** To learn more, see [Advanced features](../defender-endpoint/advanced-features.md).
+- **Allow or block file (on)**: Go to **Settings** > **Endpoints** > **Advanced features** > **Allow or block file.** To learn more, see [Advanced features](../defender-endpoint/advanced-features.md).
## Version requirements
Find the list of blocked applications by going to **Remediation** > **Blocked ap
Select a blocked application to view a flyout with details about the number of vulnerabilities, whether exploits are available, blocked versions, and remediation activities.
-The option to **View details of blocked versions in the Indicator page** brings you to the **Settings > Indicators** page where you can view the file hashes and response actions.
+The option to **View details of blocked versions in the Indicator page** brings you to the **Settings** > **Endpoints** > **Indicators** page where you can view the file hashes and response actions.
> [!NOTE] > If you use the Indicators API with programmatic indicator queries as part of your workflows, be aware that the block action will give additional results.
+> [!NOTE]
+> Currently some detections related to warn policies may show up as active malware in Microsoft 365 Defender and/or Microsoft Intune. This behavior will be fixed in an upcoming release.
+ You can also **Unblock software** or **Open software page**: :::image type="content" alt-text="Blocked application details" source="../../media/defender-vulnerability-management/blocked-application-details.png" lightbox="../../media/defender-vulnerability-management/blocked-application-details.png":::
When users try to access a blocked application, they'll receive a message inform
For applications where the warn mitigation option was applied, users will receive a message informing them that the application has been blocked by their organization, but the user has the option to bypass the block for subsequent launches, by choosing "Allow". This allow is only temporary, and the application will be blocked again after a while. > [!NOTE]
-> You may experience instances where the first launch of an application isn't blocked or the notification that the application was blocked doesn't display. This behavior will be fixed in an upcoming release.
+> If your organization has deployed the DisableLocalAdminMerge group policy, you may experience instances where allowing an application does not take effect. This behavior will be fixed in an upcoming release.
## End-user updating blocked applications
security Whats New In Microsoft Defender Vulnerability Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/whats-new-in-microsoft-defender-vulnerability-management.md
To address this, Defender Vulnerability Management will no longer report such CV
## May 2022 - **[Security baselines assessment](tvm-security-baselines.md)**: Create and manage baseline profiles to monitor the posture of your devices against their desired security state.-- **[Blocking vulnerable applications (beta)](tvm-block-vuln-apps.md)**: Give security admins the ability to block all currently known vulnerable versions of an application.
+- **[Blocking vulnerable applications](tvm-block-vuln-apps.md)**: Give security admins the ability to block all currently known vulnerable versions of an application.
- **[Browser extensions assessment](tvm-browser-extensions.md)**: View all browser extensions installed on devices in your organization, including installed versions, permissions requested, and associated risk. - **[Digital certificates assessment](tvm-certificate-inventory.md)**: View certificate details on devices in your organization, including expiration date, algorithm used, and key size. - **[Network shares analysis](tvm-network-share-assessment.md)**: View information about exposed network shares and the recommendations that can help protect against vulnerabilities that could be exploited by attackers.
security Api Advanced Hunting https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/api-advanced-hunting.md
Last updated 02/08/2023
- Microsoft 365 Defender > [!NOTE]
-> **Try our new APIs using MS Graph security API**. Find out more at: [Use the Microsoft Graph security API - Microsoft Graph | Microsoft Learn](/graph/api/resources/security-api-overview).
+> **Try our new APIs using MS Graph security API**. Find out more at: [Use the Microsoft Graph security API - Microsoft Graph | Microsoft Learn](/graph/api/resources/security-api-overview?view=graph-rest-1.0&preserve-view=true).
> [!IMPORTANT] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
security Api Incident https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/api-incident.md
Last updated 02/08/2023
**Applies to:** -- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+- [Microsoft 365 Defender](/fwlink/?linkid=2118804)
> [!NOTE]
-> **Try our new APIs using MS Graph security API**. Find out more at: [Use the Microsoft Graph security API - Microsoft Graph | Microsoft Learn](/graph/api/resources/security-api-overview).
+> **Try our new APIs using MS Graph security API**. Find out more at: [Use the Microsoft Graph security API - Microsoft Graph | Microsoft Learn](/graph/api/resources/security-api-overview?view=graph-rest-1.0&preserve-view=true).
> [!IMPORTANT] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
security Streaming Api https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/streaming-api.md
Last updated 02/08/2023
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:**-- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+- [Microsoft 365 Defender](/fwlink/?linkid=2118804)
> [!NOTE]
-> **Try our new APIs using MS Graph security API**. Find out more at: [Use the Microsoft Graph security API - Microsoft Graph | Microsoft Learn](/graph/api/resources/security-api-overview).
+> **Try our new APIs using MS Graph security API**. Find out more at: [Use the Microsoft Graph security API - Microsoft Graph | Microsoft Learn](/graph/api/resources/security-api-overview?view=graph-rest-1.0&preserve-view=true).
[!include[Prerelease information](../../includes/prerelease.md)]
security Secure By Default https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/secure-by-default.md
You should only consider using overrides in the following scenarios:
- Phishing simulations: Simulated attacks can help you identify vulnerable users before a real attack impacts your organization. To prevent phishing simulation messages from being filtered, see [Configure third-party phishing simulations in the advanced delivery policy](/microsoft-365/security/office-365-security/skip-filtering-phishing-simulations-sec-ops-mailboxes#use-the-microsoft-365-defender-portal-to-configure-third-party-phishing-simulations-in-the-advanced-delivery-policy). - Security/SecOps mailboxes: Dedicated mailboxes used by security teams to get unfiltered messages (both good and bad). Teams can then review to see if they contain malicious content. For more information, see [Configure SecOps mailboxes in the advanced delivery policy](/microsoft-365/security/office-365-security/skip-filtering-phishing-simulations-sec-ops-mailboxes#use-the-microsoft-365-defender-portal-to-configure-secops-mailboxes-in-the-advanced-delivery-policy).-- Third-party filters: Secure by default only applies when the MX record for your domain is set to Exchange Online Protection (contoso.mail.protection.outlook.com). If it's set to another service or device, it is possible to override Secure by default with a [Transport Rule](/exchange/security-and-compliance/mail-flow-rules/use-rules-to-set-scl) to bypass all spam filtering. When Microsoft detects messages as High Confidence Phish with this rule in place, they still deliver to the Inbox. -- False positives: To temporarily allow certain messages that are still being blocked by Microsoft, use [admin submissions](submissions-admin.md#report-good-email-to-microsoft). By default, allow entries for domains and email addresses, files, and URLs exist for 30 days, while allow entries for spoofed senders never expire. Within those 30 days, Microsoft will learn from the allow entries or automatically extend them for you.
+- Third-party filters: Secure by default only applies when the MX record for your domain is set to Exchange Online Protection (contoso.mail.protection.outlook.com). If it's set to another service or device, it is possible to override Secure by default with a [Transport Rule](/exchange/security-and-compliance/mail-flow-rules/use-rules-to-set-scl) to bypass all spam filtering. When Microsoft detects messages as High Confidence Phish with this rule in place, they still deliver to the Inbox.
+- False positives: To temporarily allow certain messages that are still being blocked by Microsoft, use [admin submissions](submissions-admin.md#report-good-email-to-microsoft). By default, allow entries for domains and email addresses, files, and URLs exist for 30 days. During those 30 days, Microsoft will learn from the allow entries and [remove them or automatically extend them](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/automatic-tenant-allow-block-list-expiration-management-is-now/ba-p/3723447). By default, allow entries for spoofed senders never expire.
security Submissions Admin https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/submissions-admin.md
After a few moments, the allow entries will appear on the **Domains & addresses*
> - When that entity (domain or email address, URL, file) is encountered again, all filters associated with that entity are skipped. For an email, all other entities are still evaluated by the filtering system before making a decision. > - For messages that were incorrectly blocked by [domain or user impersonation protection](anti-phishing-policies-about.md#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365), the allow entry for the domain or sender is not created in the Tenant Allow/Block List. Instead, the domain or sender is added to the **Trusted senders and domains** section in the [anti-phishing policy](anti-phishing-policies-mdo-configure.md#use-the-microsoft-365-defender-portal-to-modify-anti-phishing-policies) that detected the message. > - During mail flow, if messages from the domain or email address pass other checks in the filtering stack, the messages will be delivered. For example, if [email authentication](email-authentication-about.md) passes, a message from a sender in the allow entry will be delivered.
-> - By default, allow entries for domains and email addresses, files, and URLs exist for 30 days. During those 30 days, Microsoft will learn from the allow entries or automatically extend them for you. By default, allow entries for spoofed senders never expire.
+> - By default, allow entries for domains and email addresses, files, and URLs exist for 30 days. During those 30 days, Microsoft will learn from the allow entries and [remove them or automatically extend them](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/automatic-tenant-allow-block-list-expiration-management-is-now/ba-p/3723447). By default, allow entries for spoofed senders never expire.
## Report good email attachments to Microsoft
After a few moments, the allow entries will appear on the **Domains & addresses*
After a few moments, the allow entry will appear on the **Files** tab on the **Tenant Allow/Block List** page. For more information about the Tenant Allow/Block List, see [Manage your allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md). > [!NOTE]
-> - By default, allow entries for domains and email addresses, files, and URLs exist for 30 days. During those 30 days, Microsoft will learn from the allow entries or automatically extend them for you. By default, allow entries for spoofed senders never expire.
+>
+> - By default, allow entries for domains and email addresses, files, and URLs exist for 30 days. During those 30 days, Microsoft will learn from the allow entries and [remove them or automatically extend them](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/automatic-tenant-allow-block-list-expiration-management-is-now/ba-p/3723447). By default, allow entries for spoofed senders never expire.
> - When the file is encountered again during mail flow, [Safe Attachments](safe-attachments-about.md) detonation or file reputation checks and all other file-based filters are overridden. If the filtering system determines that all other entities in the email message are clean, the message will be delivered. > - During selection, all file-based filters, including [Safe Attachments](safe-attachments-about.md) detonation or file reputation checks are overridden, allowing user access the file.
After a few moments, the allow entry will appear on the **Files** tab on the **T
- **Select the submission type**: Verify the value **URL** is selected.
- - **URL**: Enter the full URL (for example, `https://www.fabrikam.com/marketing.html`), and then select it in the box that appears. You can also provide a top level domain (for example, `https://www.fabrikam.com/*`), and then select it in the box that appears.
+ - **URL**: Enter the full URL (for example, `https://www.fabrikam.com/marketing.html`), and then select it in the box that appears. You can also provide a top level domain (for example, `https://www.fabrikam.com/*`), and then select it in the box that appears.
- **Select a reason for submitting to Microsoft**: Select **Should not have been blocked (False positive)**, and then configure the following settings:
After a few moments, the allow entry will appear on the **URL** tab on the **Ten
> [!NOTE] >
-> - By default, allow entries for domains and email addresses, files, and URLs exist for 30 days. During those 30 days, Microsoft will learn from the allow entries or automatically extend them for you. By default, allow entries for spoofed senders never expire.
-> - When the URL is encountered again during mail flow, [Safe Links](safe-links-about.md) detonation or URL reputation checks, and all other URL-based filters are overridden. If the filtering system determines that all other entities in the email message are clean, the message will be delivered.
+> - By default, allow entries for domains and email addresses, files, and URLs exist for 30 days. During those 30 days, Microsoft will learn from the allow entries and [remove them or automatically extend them](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/automatic-tenant-allow-block-list-expiration-management-is-now/ba-p/3723447). By default, allow entries for spoofed senders never expire.
+> - When the URL is encountered again during mail flow, [Safe Links](safe-links-about.md) detonation or URL reputation checks and all other URL-based filters are overridden. If the filtering system determines that all other entities in the email message are clean, the message will be delivered.
> - During selection, all URL-based filters, including [Safe Links](safe-links-about.md) detonation or URL reputation checks are overridden, allowing user access to content hosted by the URL. ## View email admin submissions to Microsoft
security Tenant Allow Block List About https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/tenant-allow-block-list-about.md
The following list describes what happens in the Tenant Allow/Block List when yo
- If the message was blocked for any other reason, an allow entry for the sender email address or domain is created, and the entry appears on the **Domains & addresses** tab in the Tenant Allow Block List. - If the message was not blocked due to filtering, no allow entries are created anywhere.
+ - If the message was blocked for other reasons, an allow entry for the sender is created, and it appears on the **Domains & addresses** tab in the Tenant Allow Block List.
+
+ - If the message was not blocked, and an allow entry for the sender is not created, it won't show on the **Spoofed senders** tab or the **Domains & addresses** tab.
+ By default, allow entries for domains and email addresses, files, and URLs exist for 30 days. During those 30 days, Microsoft will learn from the allow entries and [remove them or automatically extend them](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/automatic-tenant-allow-block-list-expiration-management-is-now/ba-p/3723447). After Microsoft learns from these allow entries, messages that contain these entities will be delivered, unless something else is the message is detected as malicious. By default, allow entries for spoofed senders never expire. > [!NOTE]
security Tenant Allow Block List Email Spoof Configure https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/tenant-allow-block-list-email-spoof-configure.md
You can make the following modifications to entries for domains and email addres
When you're finished, click **Save**.
-An allow is created by default for 30 days so that Microsoft could learn from it and then remove it. With **[allow expiry management](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/automatic-tenant-allow-block-list-expiration-management-is-now/ba-p/3723447)**, if Microsoft has not learned from the allow entry, Microsoft will automatically extend the expiry time of allow entries that will soon expire by another 30 days. This extension helps to prevent legitimate email from going to junk or quarantine again. If Microsoft does not learn within 90 calendar days from the date of the original creation of the allow entry, Microsoft will remove the allow entry. You will be kept informed throughout the process using emails.
-
-If Microsoft has learned from the allow, the allow will be removed and you will get an alert informing you about it.
+By default, allow entries for domains and email addresses, files, and URLs exist for 30 days. During those 30 days, Microsoft will learn from the allow entries and [remove them or automatically extend them](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/automatic-tenant-allow-block-list-expiration-management-is-now/ba-p/3723447). By default, allow entries for spoofed senders never expire.
> [!NOTE] > For allow entries only, if you select the entry by clicking anywhere in the row other than the check box, you can select ![View submission icon.](../../media/m365-cc-sc-view-submission-icon.png) **View submission** in the details flyout that appears to go to the **Submissions** page at <https://security.microsoft.com/reportsubmission>.
security Tenant Allow Block List Files Configure https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/tenant-allow-block-list-files-configure.md
By default, allow entries for files are created for 30 days. Microsoft will eith
> > Microsoft manages the allow creation process from Submission by creating allows for those entities (domains or email addresses, spoofed senders, URLs, or files) which were determined to be malicious by filters during mail flow. For example, if a file being submitted was determined to be bad by our filtering, an allow entry is created for that file. >
-> When that entity (domain or email address, URL, file) is encountered again, all filters associated with that entity are overriden.
+> When that entity (domain or email address, URL, file) is encountered again, all filters associated with that entity are overridden.
> > During mail flow, if messages containing the file pass other checks in the filtering stack, the messages will be delivered. For example, if [email authentication](email-authentication-about.md) passes, a message containing the file in the allow entry will be delivered. >
security Tenant Allow Block List Urls Configure https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/tenant-allow-block-list-urls-configure.md
You can't create URL allow entries directly in the Tenant Allow/Block List. Inst
For instructions, see [Report good URLs to Microsoft](submissions-admin.md#report-good-urls-to-microsoft).
-By default, allow entries for domains and email addresses, files and URLs are created for 30 days, while allow entries for spoofed senders never expire. Microsoft will either learn from the allow entries for domains and email addresses, files and URLs within those 30 days, or automatically extend it for you.
+By default, allow entries for domains and email addresses, files, and URLs exist for 30 days. During those 30 days, Microsoft will learn from the allow entries and [remove them or automatically extend them](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/automatic-tenant-allow-block-list-expiration-management-is-now/ba-p/3723447). By default, allow entries for spoofed senders never expire.
> [!NOTE] > Microsoft does not allow you to create allow entries directly. Unnecessary allow entries expose your organization to malicious email which could have been filtered by the system. > > Microsoft manages the allow creation process from Submission by creating allows for those entities (domains or email addresses, spoofed senders, URLs, or files) which were determined to be malicious by filters during mail flow or time of click. For example, if a URL being submitted was determined to be bad by our filtering, an allow entry is created for that URL. >
-> When that entity (domain or email address, URL, file) is encountered again, all filters associated with that entity are overriden.
+> When that entity (domain or email address, URL, file) is encountered again, all filters associated with that entity are overridden.
>
-> During mail flow, if messages containing the URL pass other checks in the filtering stack, the messages will be delivered. For example, if [email authentication](email-authentication-about.md) passes, a message containing the URL in the allow entry will be delivered.
+> During mail flow, if messages containing the URL pass other checks in the filtering stack, the messages will be delivered. For example, if [email authentication](email-authentication-about.md) passes, a message containing the URL in the allow entry will be delivered.
> > During time of click, the URL allow entry overrides all filters associated with the URL entity, allowing the user to access the content in the URL. >
security Security Posture Solution Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/security-posture-solution-overview.md
+
+ Title: "Strengthen your security posture"
+f1.keywords:
+- security posture
+- strengthen security posture
+++
+audience: Admin
+description: Learn how to strengthen your organization's security posture.
++
+ms.localizationpriority: medium
+search.appverid:
+- MET150
+
+- m365solution-securityposture
+- m365solution-overview
+- m365-security
+- securityposture-solution
+- highpri
+- tier1
++
+# Strengthen your security posture
+
+It has never been more important to be able to detect and defend your organization against cyber security threats. Knowing your assets, using the built-in configurations available to you, and taking recommended actions helps you build great security posture and resilience while also empowering you to respond rapidly to new and evolving threats.
+
+As an organizationΓÇÖs security posture is constantly changing alongside the cybersecurity landscape, making security posture improvements should be a continuous process. This article provides an overview of how you can strengthen your organization's security posture using capabilities available in Microsoft 365 Defender and other Microsoft security products, such as Microsoft Defender for Endpoint and Microsoft Defender Vulnerability Management.
+
+It will help you better understand your overall security posture and provide a framework to help you continually assess, improve, and maintain a security posture to fit your organization's security needs.
+
+## Before you begin
+
+This solution guide provides specific and actionable steps to strengthen your security posture, and assumes the following facts:
+
+- You're a global admin
+- You have successfully deployed [Microsoft Defender for Endpoint Plan 2](../security/defender-endpoint/microsoft-defender-endpoint.md)
+- You're beyond the initial stage of onboarding devices and have a management tool in place to support future device onboarding. For more information on Onboarding devices, see [Onboarding and configuration tool options](../security/defender-endpoint/onboard-configure.md#onboarding-and-configuration-tool-options).
+
+## Overview of the solution
+
+This illustration provides a representation of the high level flow you can follow to improve your security posture.
++
+The four phases are described here and each section corresponds to a separate article in this solution.
+
+## 1. Configure capabilities
+
+It's critical to have full visibility into your assets and to the attack surface of your organization. You can't protect what you can't see. The Microsoft 365 Defender portal provides many capabilities to discover and protect the devices in your organization against threats. This can include, configuring device discovery to help you find unmanaged devices, taking advantage of available integrations to increase visibility into a complete OT/IOT asset inventory, and testing available attack surface reduction rules to see how they might impact your environment.
+
+For more information, see [Strengthen your security posture - Configure capabilities](strengthen-security-posture-configure-capabilities.md).
+
+## 2. Assess and protect
+
+Central to understanding your security posture is having a comprehensive inventory of all your assets. The Microsoft Defender for Endpoint device inventory provides you with an accurate view into the assets in your network along with detailed information about those assets. The more information you have about your assets the better you can manage and assess the risks associated with them.
+
+For more information, see [Strengthen your security posture - Assess and protect](strengthen-security-posture-assess-protect.md).
+
+## 3. Investigate and improve
+
+Now that you've started to get to know your assets and taken some initial steps to protect them, it's a good time to take a measurement of your current security posture with Microsoft Secure Score. Secure Score reports on the current state of an organization's security posture, provides visibility into vulnerabilities in your organization, and guidance around taking recommended actions. The more recommended actions you take, the higher your score will be.
+
+Defender Vulnerability Management also provides security recommendations for cybersecurity weaknesses identified in your organization and maps them to actionable security recommendations that can be prioritized.
+
+For more information on how to start taking action to investigate and protect against weaknesses in your organization, see [Strengthen your security posture - Investigate and improve](strengthen-security-posture-investigate-improve.md).
+
+## 4. Track and maintain
+
+Capabilities we already discussed like continually onboarding newly discovered devices and reviewing and prioritizing security recommendations can help to maintain, and continue to improve, your security posture. The Microsoft 365 Defender portal also provides capabilities to help you keep up to date with new vulnerabilities and provides tools to proactively explore your network for threats.
+
+For more information, see [Strengthen your security posture - Track and maintain](strengthen-security-posture-track-maintain.md).
+
+## Next step
+
+- [Phase 1: Configure capabilities](strengthen-security-posture-configure-capabilities.md)
security Strengthen Security Posture Assess Protect https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/strengthen-security-posture-assess-protect.md
++
+ Title: "Strengthen your security posture - Assess and protect"
+f1.keywords:
+- security posture
+- strengthen security posture
+++
+audience: Admin
+description: Learn how to strengthen your organization's security posture - assess and protect.
++
+ms.localizationpriority: medium
+search.appverid:
+ - MET150
+ - MOE150
+
+- m365solution-securityposture
+- m365solution-overview
+- m365-security
+- securityposture-solution
+- highpri
+- tier1
++
+# Strengthen your security posture - Assess and protect
+
+Welcome to Phase 2 of [Strengthen your security posture](../security/security-posture-solution-overview.md): **Assess and protect**.
+
+Central to understanding your security posture is having a comprehensive inventory of all your assets. This article describes capabilities you can use to get an accurate view of the assets in your network and ways to help you protect them.
+
+|Capability |Description|Get started|
+|:-|:|:--|
+|**Assess your devices** | Use the device inventory page in Microsoft Defender for Endpoint to get a comprehensive view of the devices discovered in your organization. Explore the information available like the risk level, platform information, and the onboarding status of a device. Use the filters available to customize your view. | [Device inventory](../security/defender-endpoint/machines-view-overview.md)|
+|**Assign device value** | Every device can potentially pose a risk to your organization but the impact of some devices being compromised compared to others can vary. You might have devices that belong to people who have access to sensitive, proprietary, or high priority information, this means the impact could be high if these devices are compromised. In contrast, devices that are only used for internet access with no data could be classified as having a lower risk. <br /><br /> Identifying and assigning value to your devices can help identify how vulnerable your organization is to cybersecurity threats. How assets affect your vulnerability is reflected in your exposure score in the Microsoft 365 Defender portal. Devices assigned as "high value" receive more weight meaning your score will be higher. | [Assign device value](../security/defender-vulnerability-management/tvm-assign-device-value.md)|
+|**Onboard newly discovered devices** | Devices that have been discovered, but aren't yet onboarded and secured by Microsoft Defender for Endpoint, appear in the device inventory Computers and Mobile tab. <br /><br /> To start onboarding these devices, see [Onboard newly discovered devices](#onboard-newly-discovered-devices). |[About onboarding status](../security/defender-endpoint/device-discovery.md#device-inventory) |
+
+## Onboard newly discovered devices
+
+The device inventory provides a clear view into newly discovered devices in your network that aren't yet protected. At the top of each device inventory tab, you can see the total number of devices that aren't onboarded:
++
+Once you're ready, you can start onboarding these devices by choosing the **Onboard them now** card. This card brings you directly to the **Onboard devices to Microsoft Defender for Endpoint** security recommendation.
++
+To learn more about how to request remediation to onboard your devices using this security recommendation, see [request remediation](../security/defender-vulnerability-management/tvm-security-recommendation.md#how-to-request-remediation).
+
+## Next step
+
+- [Phase 3: Investigate and improve](strengthen-security-posture-investigate-improve.md)
security Strengthen Security Posture Configure Capabilities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/strengthen-security-posture-configure-capabilities.md
++
+ Title: "Strengthen your security posture - Configure capabilities"
+f1.keywords:
+- security posture
+- strengthen security posture
+++
+audience: Admin
+description: Learn how to strengthen your organization's security posture - configure capabilities.
++
+ms.localizationpriority: medium
+search.appverid:
+ - MET150
+ - MOE150
+
+- m365solution-securityposture
+- m365solution-overview
+- m365-security
+- securityposture-solution
+- highpri
+- tier1
++
+# Strengthen your security posture - Configure capabilities
+
+Welcome to Phase 1 of [Strengthen your security posture](../security/security-posture-solution-overview.md): **Configure capabilities**.
+
+This article includes information on the capabilities you can configure within the Microsoft 365 Defender portal to discover and protect the devices in your organization against threats.
+
+|Capability |Description|Get started|
+|:-|:|:--|
+|**Configure device discovery** | Device discovery actively finds unmanaged endpoints that can be onboarded and secured by Microsoft Defender for Endpoint on your corporate network. <br /><br /> Network discovery capabilities ensure network devices are discovered and added to the asset inventory and integrations with products like Microsoft Defender for IoT will help you locate, identify, and secure IoT devices across your network.| [Device discovery](../security/defender-endpoint/device-discovery.md) <br /><br /> [Configure device discovery](../security/defender-endpoint/configure-device-discovery.md)|
+|**Configure attack surface reduction rules (ASR) in audit mode** | Attack surface reduction rules help reduce your attack surface by minimizing the places where your organization might be vulnerable to cyber attacks. You can test ASR rules to determine if the rules would affect your organization if enabled. <br /><br /> The first step in this process is to turn on the ASR rules with the rules set to Audit. | [Test attack surface reduction (ASR) rules](../security/defender-endpoint/attack-surface-reduction-rules-deployment-test.md)|
+|**Configure Microsoft Defender for Identity** | Use [Microsoft Defender for Identity](/azure-advanced-threat-protection/what-is-atp) with Microsoft Defender for Endpoint to further improve you device discovery capabilities. <br /><br /> To learn more about how Microsoft Defender for Identity and Microsoft Defender for Endpoint work together, see [improving-device-discoverability-and-classification-within-mde](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/improving-device-discoverability-and-classification-within-mde/ba-p/3625559).|[Deploy Microsoft Defender for Identity with Microsoft 365 Defender](/defender-for-identity/deploy-defender-identity)|
+
+## Next step
+
+- [Phase 2: Assess and protect](strengthen-security-posture-assess-protect.md)
security Strengthen Security Posture Investigate Improve https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/strengthen-security-posture-investigate-improve.md
++
+ Title: "Strengthen your security posture - Investigate and improve"
+f1.keywords:
+- security posture
+- strengthen security posture
+++
+audience: Admin
+description: Learn how to strengthen your organization's security posture - investigate and improve.
++
+ms.localizationpriority: medium
+search.appverid:
+ - MET150
+ - MOE150
+
+- m365solution-securityposture
+- m365solution-overview
+- m365-security
+- securityposture-solution
+- highpri
+- tier1
++
+# Strengthen your security posture - Investigate and improve
+
+Welcome to Phase 3 of [Strengthen your security posture](../security/security-posture-solution-overview.md): **Investigate and improve**.
+
+This article describes capabilities you can use to measure your current security posture and actions you can take to start improving it.
+
+|Capability |Description|Get started|
+|:-|:|:--|-|
+|**Review Microsoft Secure Score** |Microsoft Secure Score reports on the current state of an organization's security posture, with a higher number indicating more recommended actions taken. <br /><br /> You'll see recommended actions for the [products included in Secure Score](../security/defender/microsoft-secure-score.md#products-included-in-secure-score) you have licenses for. You're given points for taking actions and your score is updated to reflect the actions you take.|[Secure Score Overview](../security/defender/microsoft-secure-score.md) <br /><br /> [Check your score](../security/defender/microsoft-secure-score-improvement-actions.md#check-your-current-score)|
+|**Take Secure Score recommended actions** | Review the recommended actions tab for a list of improvement actions you can take to strengthen your posture and improve your score. By default this is sorted by score impact, with the most impactful actions appearing at the top. You can use filters or group by product, status, license, or category to help focus your efforts. |[Take actions to improve your Secure Score](../security/defender/microsoft-secure-score-improvement-actions.md#take-action-to-improve-your-score)|
+|**Security recommendations** | Defender Vulnerability Management provides security recommendations to address cybersecurity weaknesses identified in your organization. <br /><br /> To start addressing security recommendations, see [Address vulnerabilities with Microsoft Defender Vulnerability Management](#address-vulnerabilities-with-microsoft-defender-vulnerability-management). | [Security Recommendations](../security/defender-vulnerability-management/tvm-security-recommendation.md)|
+
+## Address vulnerabilities with Microsoft Defender Vulnerability Management
+
+Use the **Remediation type** filter to review security recommendations you can take to improve your organization's security posture by lowering your exposure to these vulnerabilities.
+
+### Address software and firmware security recommendations
+
+Keeping your software and firmware up to date can help mitigate known vulnerabilities affecting your devices. To review software and firmware security recommendations:
+
+1. Go to the Vulnerability management navigation menu in the [Microsoft 365 Defender portal](https://security.microsoft.com) and select **Recommendations**.
+2. Select **Filter**.
+3. Select the Firmware and Software related remediation types:
+
+4. Prioritize the software and firmware related recommendations that will lower your exposure score and raise your Secure Score the most.
+
+### Address configuration change security recommendations
+
+Minimize attack surface and improve your posture by taking configuration hardening actions to reduce the risk of your devices being compromised and vulnerable to malicious attacks.
+
+1. Go to the Vulnerability management navigation menu in the [Microsoft 365 Defender portal](https://security.microsoft.com) and select **Recommendations**.
+2. Select **Filter**.
+3. Select **Configuration changes** remediation type.
+4. Prioritize the configuration changes related recommendations that will lower your exposure score and raise your Secure Score the most.
+
+For more information on how to request remediation, see [request remediation](../security/defender-vulnerability-management/tvm-security-recommendation.md#how-to-request-remediation).
+
+## Next step
+
+- [Phase 4: Track and maintain](../security/strengthen-security-posture-track-maintain.md)
security Strengthen Security Posture Track Maintain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/strengthen-security-posture-track-maintain.md
++
+ Title: "Strengthen your security posture - Track and maintain"
+f1.keywords:
+- security posture
+- strengthen security posture
+++
+audience: Admin
+description: Learn how to strengthen your organization's security posture - track and maintain.
++
+ms.localizationpriority: medium
+search.appverid:
+ - MET150
+ - MOE150
+
+- m365solution-securityposture
+- m365solution-overview
+- m365-security
+- securityposture-solution
+- highpri
+- tier1
++
+# Strengthen your security posture - Track and maintain
+
+Welcome to Phase 4 of [Strengthen your security posture](../security/security-posture-solution-overview.md): **Track and maintain**.
+
+This article describes tasks you can undertake to continue to assess and protect your organization.
+
+|Capability |Description|
+|:-|:|
+|**Enable email notifications for new vulnerabilities** |Stay on top of threats that could affect your organization by configuring Microsoft Defender for Endpoint to send email notifications to specified recipients for new vulnerability events. For more information, see [Enable email notifications for new vulnerabilities](../security/defender-endpoint/configure-email-notifications.md).|
+|**Hunt for threats with advanced hunting** | Learn how advanced hunting, a query-based threat hunting tool, lets you proactively inspect events in your network to locate threat indicators and entities. To get started with advanced hunting, see [Hunt for threats with advanced hunting](../security/defender/advanced-hunting-overview.md).|
+|**Understand your exposure to zero days threats** | Zero-day vulnerabilities often have high severity levels and are actively exploited. Information on zero-day vulnerabilities, known to Defender Vulnerability Management, is available in the Microsoft 365 Defender portal. For more information on reviewing and addressing zero-day vulnerabilities, see [Mitigate zero-day vulnerabilities](../security/defender-vulnerability-management/tvm-zero-day-vulnerabilities.md).|
+|**Schedule regular monitoring tasks** | Regularly review and implement security recommendations as described in [Investigate and improve](strengthen-security-posture-investigate-improve.md). <br /><br /> Regularly review and onboard newly discovered devices as described in [Assess and protect](strengthen-security-posture-assess-protect.md). <br /><br /> Other resources that are useful to stay up to date with are: <br /><br /> - [What's new in Microsoft Defender for Endpoint](../security/defender-endpoint/whats-new-in-microsoft-defender-endpoint.md) <br /><br /> - [What's new in Microsoft Defender Vulnerability Management](../security/defender-vulnerability-management/whats-new-in-microsoft-defender-vulnerability-management.md) <br /><br /> - [What's new in Microsoft 365 Defender](../security/defender/whats-new.md) <br /><br /> - [Microsoft Defender for Endpoint Blog](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/bg-p/MicrosoftDefenderATPBlog) <br /><br /> - [Microsoft Defender Vulnerability Blog](https://techcommunity.microsoft.com/t5/microsoft-defender-vulnerability/bg-p/Vulnerability-Management) <br /><br /> - [Microsoft 365 Defender Blog](https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/bg-p/MicrosoftThreatProtectionBlog)|
syntex Annotations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/annotations.md
Annotation tools currently include pen and highlighter, where can choose the col
![Screenshot of a document library showing a file selected to open.](../media/content-understanding/annotation-select-file.png)
-2. On the upper-right side of the document viewer, select the annotation icon (![Screenshot of the annotation icon.](../media/content-understanding/annotation-icon.png)).
+2. On the upper-right side of the document viewer, select **Annotate**.
![Screenshot of a document viewer showing the annotation icon highlighted.](../media/content-understanding/annotation-icon-document-page.png)