Docs update tracker

Updates from: 02/28/2023 02:33:19

Category	Microsoft Docs article	Related commit history on GitHub	Change details
admin	Admin Center Overview	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/admin-center-overview.md	The Microsoft 365 admin center gives users a central location to take care of co Here are the features and settings you'll find in the left-hand navigation of the admin center. Learn more about admin tasks in [admin help](/microsoft-365/admin/). \|Menu\|What it's for\| -\|--\|--\| +\|\|\| \|Home\|This is the landing page in the admin center. You'll see where to manage users, billing, service health, and reports.\| \|Users\|Create and manage users in your organization, like employees or students. You can also set their permission level or reset their passwords.\| \|Groups\|Create and manage groups in your organization, such as a Microsoft 365 group, distribution group, security group, or shared mailbox. Learn how to [create](../create-groups/create-groups.md) and [manage](../create-groups/manage-groups.md) groups.\| Here are the features and settings you'll find in the left-hand navigation of th \|Settings\|Manage global settings for apps like email, sites, and the Office suite. Change your password policy and expiration date. Add and update domain names like contoso.com. Change your organization profile and release preferences. And choose whether partners can access your admin center.\| \|Setup\|Manage existing domains, turn on and manage multi-factor authentication, manage admin access, migrate user mailboxes to Office 365, manage feature updates, and help users install their Office apps.\| \|Reports\|See at a glance how your organization is using Microsoft 365 with detailed reports on email use, Office activations, and more. Learn how to use the new [activity reports](../activity-reports/activity-reports.md).\| -\|Health\|View health at a glance. You can also check out more details and the health history. See [How to check service health](../../enterprise/view-service-health.md) and [How to check Windows release health](/windows/deployment/update/check-release-health) for more information. <p>Use Message center to keep track of upcoming changes to features and services. We post announcements there with information that helps you plan for change and understand how it may affect users. Get more details in [Message center](../manage/message-center.md).\| -\|Admin centers\|Open separate admin centers for Exchange, Skype for Business, SharePoint, Yammer, and Azure AD. Each admin center includes all available settings for that service. <p> For example, in the Exchange admin center, set up and manage email, calendars, distribution groups, and more. In the SharePoint admin center, create and manage site collections, site settings, and OneDrive for Business. In the Skype for Business admin center, set up instant messaging notifications, dial-in conferencing, and online presence. <p> Learn more about the [Exchange admin center](/exchange/exchange-admin-center) and [SharePoint Admin Center](/sharepoint/sharepoint-online). <p> Note: The admin centers available to you depend on your plan and region.\|\| +\|Health\|View health at a glance. You can also check out more details and the health history. See [How to check service health](../../enterprise/view-service-health.md) and [How to check Windows release health](/windows/deployment/update/check-release-health) for more information. <p> Use Message center to keep track of upcoming changes to features and services. We post announcements there with information that helps you plan for change and understand how it may affect users. Get more details in [Message center](../manage/message-center.md).\| +\|Admin centers\|Open separate admin centers for Exchange, Skype for Business, SharePoint, Yammer, and Azure AD. Each admin center includes all available settings for that service. <p> For example, in the Exchange admin center, set up and manage email, calendars, distribution groups, and more. In the SharePoint admin center, create and manage site collections, site settings, and OneDrive for Business. In the Skype for Business admin center, set up instant messaging notifications, dial-in conferencing, and online presence. <p> Learn more about the [Exchange admin center](/exchange/exchange-admin-center) and [SharePoint Admin Center](/sharepoint/sharepoint-online). <p> Note: The admin centers available to you depend on your plan and region.\| ## Two dashboard views The <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank"> The Microsoft 365 admin center is fully localized in 40 languages. -\|Language \|Locale \| -\|\|\| -\|Arabic \| ar \| -\|Bulgarian \| bg \| -\|Catalan \| ca \| -\|Czech \| cs \| -\|Danish \| da \| -\|German \| de \| -\|Greek \| el \| -\|Spanish \| es \| -\|English \| en \| -\|Estonian \| et \| -\|Basque \| eu \| -\|Finnish \| fi \| -\|French \| fr \| -\|Galician \| gl \| -\|Hebrew \| he \| -\|Croatian \| hr \| -\|Hungarian \| hu \| -\|Indonesian \| id \| -\|Italian \| it \| -\|Japanese \| ja \| -\|Korean \| ko \| -\|Lithuanian \| lt \| -\|Latvian \| lv \| -\|Dutch \| nl \| -\|Norwegian \| no \| -\|Polish \| pl \| -\|Portuguese (Brazil) \| pt \| -\|Portuguese (Portugal) \| pt-pt \| -\|Romanian \| ro \| -\|Russian \| ru \| -\|Slovak \| sk \| -\|Slovenian \| sl \| -\|Serbian (Cyrillic) \| sr-cyrl \| -\|Serbian Latin \| sr \| -\|Swedish \| sv \| -\|Thai \| th \| -\|Turkish \| tr \| -\|Ukrainian \| uk \| -\|Vietnamese \| vi \| -\|Chinese Simplified \| zh-hans \| -\|Chinese Traditional \| zh-hant \| +\|Language\|Locale\| +\|\|\| +\|Arabic\|ar\| +\|Bulgarian\|bg\| +\|Catalan\|ca\| +\|Czech\|cs\| +\|Danish\|da\| +\|German\|de\| +\|Greek\|el\| +\|Spanish\|es\| +\|English\|en\| +\|Estonian\|et\| +\|Basque\|eu\| +\|Finnish\|fi\| +\|French\|fr\| +\|Galician\|gl\| +\|Hebrew\|he\| +\|Croatian\|hr\| +\|Hungarian\|hu\| +\|Indonesian\|id\| +\|Italian\|it\| +\|Japanese\|ja\| +\|Korean\|ko\| +\|Lithuanian\|lt\| +\|Latvian\|lv\| +\|Dutch\|nl\| +\|Norwegian\|no\| +\|Polish\|pl\| +\|Portuguese (Brazil)\|pt\| +\|Portuguese (Portugal)\|pt-pt\| +\|Romanian\|ro\| +\|Russian\|ru\| +\|Slovak\|sk\| +\|Slovenian\|sl\| +\|Serbian (Cyrillic)\|sr-cyrl\| +\|Serbian Latin\|sr\| +\|Swedish\|sv\| +\|Thai\|th\| +\|Turkish\|tr\| +\|Ukrainian\|uk\| +\|Vietnamese\|vi\| +\|Chinese Simplified\|zh-hans\| +\|Chinese Traditional\|zh-hant\| ## Related content
bookings	Bookings Sms	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/bookings-sms.md	With Microsoft Bookings, you can set up SMS text notifications to be sent to the The SMS notifications will include the Teams meeting link for virtual booking appointments. > [!NOTE] -> We'll be providing unlimited SMS notifications through March 1, 2023 (previously January 31, 2023) for customers with Bookings licenses. As we get closer to the end of the promotion period, we'll provide additional details on licensing requirements. Contact your account team or support to receive pricing details after the promotion period. +> We'll be providing unlimited SMS notifications through April 3rd, 2023 (previously March 1, 2023) for customers with Bookings licenses. As we get closer to the end of the promotion period, we'll provide additional details on licensing requirements. Contact your account team or support to receive pricing details after the promotion period. ## Before you begin You can configure SMS notification in Bookings in a couple of ways: > [!NOTE] > You need to be a Teams admin to see Teams and Bookings data on the Teams admin center. -You can track key data on SMS notifications usage in your organization in the Teams admin center. Usage reports include data such as time and date sent, origin number, message type, event type and delivery status. You can use SMS notification telemetry during the promotional period to help forecast and budget for SMS notifications after March 1, 2023. +You can track key data on SMS notifications usage in your organization in the Teams admin center. Usage reports include data such as time and date sent, origin number, message type, event type and delivery status. You can use SMS notification telemetry during the promotional period to help forecast and budget for SMS notifications after April 3, 2023. 1. On the Teams admin center, go to SMS notifications usage.
compliance	Alert Policies	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/alert-policies.md	The tables also indicate the Office 365 Enterprise and Office 365 US Government > [!NOTE] > The alert policies in this section are in the process of being deprecated based on customer feedback as false positives. To retain the functionality of these alert policies, you can create custom alert policies with the same settings. +<!As of 2/24/23, the only visible Information governance alert policies in a stock M365 E5 tenant is "Unusual volume of external file sharing"> + \|Name\|Description\|Severity\|Automated investigation\|Enterprise subscription\| \|\|\|\|\|\| \|Unusual external user file activity\|Generates an alert when an unusually large number of activities are performed on files in SharePoint or OneDrive by users outside of your organization. This includes activities such as accessing files, downloading files, and deleting files.\|High\|No\|E5/G5, Microsoft Defender for Office 365 P2, or Microsoft 365 E5 add-on subscription\| The tables also indicate the Office 365 Enterprise and Office 365 US Government \|Email messages containing phish URLs removed after delivery\|Note: This alert policy has been replaced by Email messages containing malicious URL removed after delivery. This alert policy will eventually go away, so we recommend disabling this alert policy and using Email messages containing malicious URL removed after delivery instead. For more information, see [New alert policies in Microsoft Defender for Office 365](new-defender-alert-policies.md).\|Informational\|Yes\|E5/G5 or Defender for Office 365 P2 add-on subscription\| \|Email messages from a campaign removed after delivery\|Generates an alert when any messages associated with a [Campaign](../security/office-365-security/campaigns.md) are delivered to mailboxes in your organization. If this event occurs, Microsoft removes the infected messages from Exchange Online mailboxes using [Zero-hour auto purge](../security/office-365-security/zero-hour-auto-purge.md). This policy automatically triggers [automated investigation and response in Office 365](../security/office-365-security/air-about.md). For more information on this new policy, see [New alert policies in Microsoft Defender for Office 365](new-defender-alert-policies.md).\|Informational\|Yes\|E5/G5 or Defender for Office 365 P2 add-on subscription\| \|Email messages removed after delivery\|Generates an alert when any malicious messages that do not contain a malicious entity (URL or File), or associated with a Campaign, are delivered to mailboxes in your organization. If this event occurs, Microsoft removes the infected messages from Exchange Online mailboxes using [Zero-hour auto purge](../security/office-365-security/zero-hour-auto-purge.md). This policy automatically triggers [automated investigation and response in Office 365](../security/office-365-security/air-about.md). For more information on this new policy, see [New alert policies in Microsoft Defender for Office 365](new-defender-alert-policies.md).\|Informational\|Yes\|E5/G5 or Defender for Office 365 P2 add-on subscription\| -\|Email reported by user as malware or phish\|Generates an alert when users in your organization report messages as phishing email using the Report Message add-in. For more information about this add-in, see [Use the Report Message add-in](https://support.office.com/article/b5caa9f1-cdf3-4443-af8c-ff724ea719d2). For Defender for Office 365 P2, E5, G5 customers, this alert automatically triggers [automated investigation and response in Office 365](../security/office-365-security/air-about.md).\|Low\|Yes\|E1/F1/G1, E3/F3/G3, or E5/G5\| +\|Email reported by user as malware or phish\|Generates an alert when users in your organization report messages as phishing using the built-in Report button in Outlook or the Report Message or Report Phishing add-ins. For more information about the add-ins, see [Use the Report Message add-in](https://support.office.com/article/b5caa9f1-cdf3-4443-af8c-ff724ea719d2). For Defender for Office 365 P2, E5, G5 customers, this alert automatically triggers [automated investigation and response in Office 365](../security/office-365-security/air-about.md).\|Low\|Yes\|E1/F1/G1, E3/F3/G3, or E5/G5\| +\|Email reported by user as spam\|Generates an alert when users in your organization report messages as junk using the built-in Report button in Outlook or the Report Message add-in. For more information about the add-ins, see [Use the Report Message add-in](https://support.office.com/article/b5caa9f1-cdf3-4443-af8c-ff724ea719d2).\|Low\|No\|E1/F1/G1, E3/F3/G3, or E5/G5\| +\|Email reported by user as not junk\|Generates an alert when users in your organization report messages as not junk the built-in Report button in Outlook or the Report Message add-in. For more information about the add-ins, see [Use the Report Message add-in](https://support.office.com/article/b5caa9f1-cdf3-4443-af8c-ff724ea719d2).\|Low\|No\|E1/F1/G1, E3/F3/G3, or E5/G5\| \|Email sending limit exceeded\|Generates an alert when someone in your organization has sent more mail than is allowed by the outbound spam policy. This is usually an indication the user is sending too much email or that the account may be compromised. If you get an alert generated by this alert policy, it's a good idea to [check whether the user account is compromised](../security/office-365-security/responding-to-a-compromised-email-account.md).\|Medium\|No\|E1/F1/G1, E3/F3/G3, or E5/G5\| \|Form blocked due to potential phishing attempt\|Generates an alert when someone in your organization has been restricted from sharing forms and collecting responses using Microsoft Forms due to detected repeated phishing attempt behavior.\|High\|No\|E1, E3/F3, or E5\| \|Form flagged and confirmed as phishing\|Generates an alert when a form created in Microsoft Forms from within your organization has been identified as potential phishing through Report Abuse and confirmed as phishing by Microsoft.\|High\|No\|E1, E3/F3, or E5\| +\|Graders disagreement with Tenant Allow/Block List entry\|Generates an alert when Microsoft determines that the admin submission corresponding to an allow entry in the Tenant Allow/Block List is found to be malicious. This event is triggered as soon as the submission has been analyzed by Microsoft. <br/><br/> The allow entry will continue to exist for its stipulated duration. For more information on events that trigger this alert, see [Manage the Tenant Allow/Block list](../security/office-365-security/tenant-allow-block-list-about.md).\|Informational\|No\|E1/F1/G1, E3/F3/G3, or E5/G5\| \|Malware campaign detected after delivery<sup>\</sup>\|Generates an alert when an unusually large number of messages containing malware are delivered to mailboxes in your organization. If this event occurs, Microsoft removes the infected messages from Exchange Online mailboxes.\|High\|No\|E5/G5 or Microsoft Defender for Office 365 P2 add-on subscription\| \|Malware campaign detected and blocked<sup>\</sup>\|Generates an alert when someone has attempted to send an unusually large number of email messages containing a certain type of malware to users in your organization. If this event occurs, the infected messages are blocked by Microsoft and not delivered to mailboxes.\|Low\|No\|E5/G5 or Defender for Office 365 P2 add-on subscription\| \|Malware campaign detected in SharePoint and OneDrive<sup>\</sup>\|Generates an alert when an unusually high volume of malware or viruses is detected in files located in SharePoint sites or OneDrive accounts in your organization.\|High\|No\|E5/G5 or Defender for Office 365 P2 add-on subscription\| The tables also indicate the Office 365 Enterprise and Office 365 US Government \|Phish not zapped because ZAP is disabled<sup>\\</sup>\|Generates an alert when Microsoft detects delivery of a high confidence phishing message to a mailbox because Zero-Hour Auto Purge for Phish messages is disabled.\|Informational\|No\|E5/G5 or Defender for Office 365 P2 add-on subscription\| \|Potential nation-state activity\|Microsoft Threat Intelligence Center detected an attempt to compromise accounts from your tenant.\|High\|No\|E5/G5 or Defender for Office 365 P2 add-on subscription\| \|Remediation action taken by admin on emails or URL or sender\|Note: This alert policy has been replaced by the Administrative action submitted by an Administrator* alert policy. This alert policy will eventually go away, so we recommend disabling this alert policy and using Administrative action submitted by an Administrator instead. <br/><br/> This alert is triggered when an admin takes remediation action on the selected entity\|Informational\|Yes\|E5/G5 or Defender for Office 365 P2 add-on subscription\| +\|Removed an entry in Tenant Allow/Block List\|Generates an alert when an allow entry in the Tenant Allow/Block List is learned from by filtering system and removed. This event is triggered when the allow entry for the affected domain or email address, file, or URL (_entity_) is removed. <br/><br/> You no longer need the affected allow entry. Email messages that contain the affected entities will be delivered to the Inbox if nothing else in the message is determined to be bad. URLs and files will be allowed at time of click. <br/><br/> For more information on events that trigger this alert, see [Manage the Tenant Allow/Block list](../security/office-365-security/tenant-allow-block-list-about.md).\|Informational\|No\|E1/F1/G1, E3/F3/G3, or E5/G5\| \|Suspicious connector activity\|Generates an alert when a suspicious activity is detected on an inbound connector in your organization. Mail is blocked from using the inbound connector. The admin will receive an email notification and an alert. This alert provides guidance on how to investigate, revert changes, and unblock a restricted connector. To learn how to respond to this alert, see [Respond to a compromised connector](/microsoft-365/security/office-365-security/connectors-detect-respond-to-compromise).\|High\|No\|E1/F1/G1, E3/F3/G3, or E5/G5\| \|Suspicious email forwarding activity\|Generates an alert when someone in your organization has autoforwarded email to a suspicious external account. This is an early warning for behavior that may indicate the account is compromised, but not severe enough to restrict the user. Although it's rare, an alert generated by this policy may be an anomaly. It's a good idea to [check whether the user account is compromised](../security/office-365-security/responding-to-a-compromised-email-account.md).\|High\|No\|E1/F1/G1, E3/F3/G3, or E5/G5\| \|Suspicious email sending patterns detected\|Generates an alert when someone in your organization has sent suspicious email and is at risk of being restricted from sending email. This is an early warning for behavior that may indicate that the account is compromised, but not severe enough to restrict the user. Although it's rare, an alert generated by this policy may be an anomaly. However, it's a good idea to [check whether the user account is compromised](../security/office-365-security/responding-to-a-compromised-email-account.md).\|Medium\|Yes\|E1/F1/G1, E3/F3/G3, or E5/G5\| -\|Tenant Allow/Block List entry is about to expire\|Generates an alert when a Tenant Allow/Block List entry is about to be removed. This event is triggered three days prior to expiration date, which is based when the entry was created or last updated. <br/><br/> For blocks, you can extend the expiration date to keep the block in place. For allows, you need to resubmit the item so that our analysts can take another look. However, if the allow has already been graded as a false positive, then the entry will only expire when the system filters have been updated to naturally allow the entry. For more information on events that trigger this alert, see [Manage the Tenant Allow/Block list](../security/office-365-security/tenant-allow-block-list-about.md).\|Informational\|No\|E5/G5 or Defender for Office 365 P2 add-on subscription\| \|Suspicious tenant sending patterns observed\|Generates an alert when Suspicious sending patterns have been observed in your organization, which may lead to your organization being blocked from sending emails. Investigate any potentially compromised user and admin accounts, new connectors, or open relays to avoid tenant exceed threshold blocks. For more information about why organizations are blocked, see [Fix email delivery issues for error code 5.7.7xx in Exchange Online](/Exchange/mail-flow-best-practices/non-delivery-reports-in-exchange-online/fix-error-code-5-7-700-through-5-7-750).\|High\|No\|E1/F1/G1, E3/F3/G3, or E5/G5\| +\|Tenant Allow/Block List entry is about to expire\|Generates an alert when an allow entry or block entry in the Tenant Allow/Block List entry is about to be removed. This event is triggered 7 days before the expiration date, which is based on when the entry was created or last updated. <br/><br/> For both allow entries and block entries, you can extend the expiration date. For more information on events that trigger this alert, see [Manage the Tenant Allow/Block list](../security/office-365-security/tenant-allow-block-list-about.md).\|Informational\|No\|E1/F1/G1, E3/F3/G3, or E5/G5\| \|Tenant restricted from sending email\|Generates an alert when most of the email traffic from your organization has been detected as suspicious and Microsoft has restricted your organization from sending email. Investigate any potentially compromised user and admin accounts, new connectors, or open relays, and then contact Microsoft Support to unblock your organization. For more information about why organizations are blocked, see [Fix email delivery issues for error code 5.7.7xx in Exchange Online](/Exchange/mail-flow-best-practices/non-delivery-reports-in-exchange-online/fix-error-code-5-7-700-through-5-7-750).\|High\|No\|E1/F1/G1, E3/F3/G3, or E5/G5\| \|Tenant restricted from sending unprovisioned email\|Generates an alert when too much email is being sent from unregistered domains (also known as _unprovisioned_ domains). Office 365 allows a reasonable amount of email from unregistered domains, but you should configure every domain that you use to send email as an accepted domain. This alert indicates that all users in the organization can no longer send email. For more information about why organizations are blocked, see [Fix email delivery issues for error code 5.7.7xx in Exchange Online](/Exchange/mail-flow-best-practices/non-delivery-reports-in-exchange-online/fix-error-code-5-7-700-through-5-7-750).\|High\|No\|E1/F1/G1, E3/F3/G3, or E5/G5\| \|Unusual increase in email reported as phish<sup>\*</sup>\|Generates an alert when there's a significant increase in the number of people in your organization using the Report Message add-in in Outlook to report messages as phishing mail. For more information about this add-in, see [Use the Report Message add-in](https://support.office.com/article/b5caa9f1-cdf3-4443-af8c-ff724ea719d2).\|Medium\|No\|E5/G5 or Defender for Office 365 P2 add-on subscription\|
compliance	Apply Retention Labels Automatically	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/apply-retention-labels-automatically.md	If your auto-apply retention label policies aren't working as expected or you se - [Identify errors in Microsoft 365 retention and retention label policies](/microsoft-365/troubleshoot/retention/identify-errors-in-retention-and-retention-label-policies) - [Resolve errors in Microsoft 365 retention and retention label policies](/microsoft-365/troubleshoot/retention/resolve-errors-in-retention-and-retention-label-policies) +Additionally, if you're also using the older feature, [MRM retention tags and retention policies](/exchange/security-and-compliance/messaging-records-management/retention-tags-and-policies), see [Auto-apply retention label doesn't apply to items in a mailbox](/microsoft-365/troubleshoot/retention/auto-apply-retention-label-not-apply-messages). + ## Next steps To help you track the labels applied from your auto-labeling policies:
compliance	Apply Sensitivity Label Automatically	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/apply-sensitivity-label-automatically.md	audience: Admin Previously updated : 09/17/2019 Last updated : 02/27/2023 ms.localizationpriority: high - purview-compliance You can learn more about these configuration options from the DLP documentation: Also similarly to DLP policy configuration, you can choose whether a condition must detect all sensitive information types, or just one of them. And to make your conditions more flexible or complex, you can add [groups and use logical operators between the groups](dlp-policy-design.md#complex-rule-design). -> [!NOTE] -> Auto-labeling based on custom sensitive information types applies only to newly created or modified content in OneDrive and SharePoint; not to existing content. This limitation also applies to auto-labeling polices. - #### Custom sensitive information types with Exact Data Match You can configure a sensitivity label to use [exact data match based sensitive information types](sit-learn-about-exact-data-match-based-sits.md#learn-about-exact-data-match-based-sensitive-information-types) for custom sensitive information types. However, currently, you must also specify at least one sensitive information type that doesn't use EDM. For example, one of the built-in sensitive information types, such as Credit card number. Make sure you're aware of the prerequisites before you configure auto-labeling p - You have [enabled sensitivity labels for Office files in SharePoint and OneDrive](sensitivity-labels-sharepoint-onedrive-files.md). - At the time the auto-labeling policy runs, the file mustn't be open by another process or user. A file that's checked out for editing falls into this category. -- If you plan to use [custom sensitive information types](sensitive-information-type-learn-about.md) rather than the built-in sensitivity types: - - Custom sensitivity information types apply only to content that is added or modified in SharePoint or OneDrive after the custom sensitivity information types are created. +- If you plan to use [sensitive information types](sensitive-information-type-learn-about.md): + - The sensitive information types you select will apply only to content that's created or modified after these information types are [created or modified](audit-log-activities.md#sensitive-information-types). This restriction applies to all custom sensitive information types and any new built-in information types. - To test new custom sensitive information types, create them before you create your auto-labeling policy, and then create new documents with sample data for testing. - One or more sensitivity labels [created and published](create-sensitivity-labels.md) (to at least one user) that you can select for your auto-labeling policies. For these labels:
compliance	Audit Log Activities	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/audit-log-activities.md	f1.keywords: Previously updated : 01/01/2023 Last updated : 02/27/2023 audience: Admin The following table lists the user and admin activities in Yammer that are logge \|Failed to access community<sup></sup>\|CommunityAccessFailure\|User failed to access a community.\| \|Failed to access file<sup></sup>\|FileAccessFailure\|User failed to access a file.\| \|Failed to access message<sup>*</sup>\|MessageAccessFailure\|User failed to access a message.\| +\|Reacted to message\|MarkedMessageChanged\|User reacted to a message.\| \|Shared file\|FileShared\|User shares a file with another user.\| \|Suspended network user\|NetworkUserSuspended\|Network or verified admin suspends (deactivates) a user from Yammer.\| \|Suspended user\|UserSuspension\|User account is suspended (deactivated).\| Additional auditing information for sensitivity labels: - When you use sensitivity labels for Teams meeting invites, and Teams meeting options and chat, see [Search the audit log for events in Microsoft Teams](/microsoftteams/audit-log-events). - When you use sensitivity labels with Power BI, see [Audit schema for sensitivity labels in Power BI](/power-bi/enterprise/service-security-sensitivity-label-audit-schema). - When you use sensitivity labels with Microsoft Defender for cloud apps, see [Governing connected apps](/defender-cloud-apps/governance-actions) and the labeling information for file governance actions.-- When you apply sensitivity labels by using the Azure Information Protection client or scanner, or the Microsoft Information Protection (MIP) SDK, see [Azure Information Protection audit log reference](/azure/information-protection/audit-logs). +- When you apply sensitivity labels by using the Azure Information Protection client or scanner, or the Microsoft Purview Information Protection (MIP) SDK, see [Azure Information Protection audit log reference](/azure/information-protection/audit-logs). ## Retention policy and retention label activities The following table lists the activities for SystemSync that are logged in the M The following table lists the user and admin activities in Viva Goals that are logged for auditing. The table includes the friendly name that's displayed in theΓÇ»ActivitiesΓÇ»column and the name of the corresponding operation that appears in the detailed information of an audit record and in the CSV file when you export the search results. -[Search the audit log in the Security & Compliance Center](audit-log-search.md) details how you can search for the audit logs from the compliance portal. The user needs to be a global admin or have audit read permissions to access audit logs. You can use the Activities filter to search for specific activities and to list all Viva Goals activities you can choose ΓÇÿVivaGoalsΓÇÖ in the Record type filter. You can also use the date range boxes and theΓÇ»UsersΓÇ»list to narrow the search results further. +[Search the audit log in the Microsoft Purview compliance portal](audit-log-search.md) details how you can search for the audit logs from the compliance portal. The user needs to be a global admin or have audit read permissions to access audit logs. You can use the Activities filter to search for specific activities and to list all Viva Goals activities you can choose 'VivaGoals' in the Record type filter. You can also use the date range boxes and theΓÇ»UsersΓÇ»list to narrow the search results further. \|Friendly name\|Operation\|Description\| \|:--\|:--\|:--\|
compliance	Azure Portal Migration	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/azure-portal-migration.md	+ + Title: "Information protection configuration tasks that you used to do in the Azure portal" +f1.keywords: +++ Last updated : 02/27/2023 +audience: Admin ++ +ms.localizationpriority: normal + +- purview-compliance +- tier3 +description: Now you can no longer configure Azure Information Protection from the Azure portal, review the functionality that's deprecated or moved to the Microsoft Purview compliance portal. ++ +# Configuration that you used to do in the Azure portal for Azure Information Protection + +As communicated in the Message Center post MC447310, you can no longer configure Azure Information Protection (AIP) from the Azure portal: ++ +Functionality from these Azure Information Protection pages has either been deprecated or moved to the [Microsoft Purview compliance portal](microsoft-365-compliance-center.md). + +## Functionality that's deprecated or moved + +Use the following table to help you identify which functionality is deprecated, or how to locate the alternative configuration in the Microsoft Purview compliance portal. + +\|Azure portal \> Azure Information protection \| Deprecated or replacement\| +\|\| +General \| +\|Quick Start \| [Overview of Azure Information Protection](/azure/information-protection/what-is-information-protection)\| +\|Diagnose and solve problems \| Support cases can be opened from the Microsoft Purview compliance portal. <br /><br>You might also find it helpful to browse the available [troubleshooting articles](/microsoft-365/troubleshoot/microsoft-365-compliance-welcome). +Analytics \| +\|Usage report \| The analytics feature is deprecated. Instead, use [data classification](data-classification-overview.md) from the Microsoft Purview compliance portal. \| +\|Activity Logs \| The analytics feature is deprecated. Instead, use [data classification](data-classification-overview.md) from the Microsoft Purview compliance portal.\| +\|Data Discovery \| The analytics feature is deprecated. Instead, use [data classification](data-classification-overview.md) from the Microsoft Purview compliance portal.\| +\|Recommendations \| The analytics feature is deprecated. Instead, use [data classification](data-classification-overview.md) from the Microsoft Purview compliance portal.\| +\|Classifications \| +\|Labels \| [Create and configure sensitivity labels in the Microsoft Purview compliance portal](create-sensitivity-labels.md#create-and-configure-sensitivity-labels)\| +\|Policies \| [Create and publish label policies in the Microsoft Purview compliance portal](create-sensitivity-labels.md#publish-sensitivity-labels-by-creating-a-label-policy)\| +\|Scanner \| +\|Clusters \| [Create a scanner cluster in the Microsoft Purview compliance portal](deploy-scanner-configure-install.md#create-a-scanner-cluster) \| +\|Nodes \| [Create nodes using PowerShell](deploy-scanner-configure-install.md#install-the-scanner) \| +\|Network scan jobs \| The network scan jobs feature is deprecated.\| +\|Content scan jobs \| [Create a content scan job in the Microsoft Purview compliance portal](deploy-scanner-configure-install.md#create-a-content-scan-job) \| +\|Repositories \| [Configure repositories within content scan jobs](deploy-scanner-configure-install.md#create-a-content-scan-job) \| +\|Manage \| +\|Configure analytics \| The analytics feature is deprecated.\| +\|Languages \| [Configure a sensitivity label for different languages using PowerShell](create-sensitivity-labels.md#additional-label-settings-with-security--compliance-powershell) +\|Protection activation \| [Activate protection using Enable-AipService PowerShell cmdlet](/powershell/module/aipservice/enable-aipservice)\| +\|Unified labeling \| The ability to migrate the older labels used by the AIP classic client (deprecated) remains available only to select customers by agreement, so they can finish their migration to unified labeling.\| + +## Next steps + +If you're still using the AIP add-on for Office apps, see [Migrate the Azure Information Protection (AIP) add-in to built-in labeling for Office apps](sensitivity-labels-aip.md).
compliance	Classifier Tc Definitions	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/classifier-tc-definitions.md	Microsoft Purview comes with multiple pre-trained classifiers. They appear in th \|:-\|:--\|:--\| \| Detects tax related content such as tax planning, tax forms, tax filing, tax regulations. \| Detects content in .docx, .docm, .doc, .dotx, .dotm, .dot, .pdf, .rtf, .txt, .one, .msg, .eml, .pptx, .pptm, .ppt, .potx, .potm, .pot, .ppsx, .ppsm, .pps, .ppam, .ppa, .xlsx, .xlsm, .xlsb, .xls, .csv, .xltx, .xltm, .xlt, .xlam, xla files. \| English \| -## Targeted threat +## Threat \|Description\|File types\|Languages\| \|:-\|:--\|:--\|
compliance	Communication Compliance Investigate Remediate	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-investigate-remediate.md	The following table outlines filter details: \| Tags \| The tags assigned to a message, either Questionable, Compliant, or Non-compliant. \| \| Language \| The detected language of text in the message. The message is classified according to the language of the majority of the message text. For example, for a message containing both German and Italian text, but the majority of text is German, the message is classified as German (DE). For a list of supported languages, see [Learn about trainable classifiers](/microsoft-365/compliance/classifier-learn-about). <br><br> You can also filter by more than one language. For example, to filter messages classified as German and Italian, enter 'DE,IT' (the 2-digit language codes) in the Language filter search box. To view the detected language classification for a message, select a message, select View message details, and scroll to the EmailDetectedLanguage field. \| \| Escalated To \| The user name of the person included as part of a message escalation action. \| -\| Classifiers \| The name of built-in and custom classifiers that apply to the message. Some examples include Targeted Harassment, Profanity, Targeted threat, and more. +\| Classifiers \| The name of built-in and custom classifiers that apply to the message. Some examples include Targeted Harassment, Profanity, Threat, and more. #### To configure a filter
compliance	Communication Compliance Policies	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-policies.md	Policy templates are pre-defined policy settings that you can use to quickly cre \|Area\|Policy Template\|Details\| \|:--\|:--\|:--\| -\| Inappropriate text \| Detect inappropriate text \| - Locations: Exchange Online, Microsoft Teams, Yammer <br> - Direction: Inbound, Outbound, Internal <br> - Review Percentage: 100% <br> - Conditions: Targeted hreat, Discrimination, and Targeted harassment classifiers \| +\| Inappropriate text \| Detect inappropriate text \| - Locations: Exchange Online, Microsoft Teams, Yammer <br> - Direction: Inbound, Outbound, Internal <br> - Review Percentage: 100% <br> - Conditions: Threat, Discrimination, and Targeted harassment classifiers \| \| Inappropriate images \| Detect inappropriate images \| - Locations: Exchange Online, Microsoft Teams, Yammer <br> - Direction: Inbound, Outbound, Internal <br> - Review Percentage: 100% <br> - Conditions: Adult and Racy image classifiers \| \| Sensitive information \| Detect sensitive info types \| - Locations: Exchange Online, Microsoft Teams, Yammer <br> - Direction: Inbound, Outbound, Internal <br> - Review Percentage: 10% <br> - Conditions: Sensitive information, out-of-the-box content patterns, and types, custom dictionary option, attachments larger than 1 MB \| \| Regulatory compliance \| Detect financial regulatory compliance \| - Locations: Exchange Online, Microsoft Teams, Yammer <br> - Direction: Inbound, Outbound <br> - Review Percentage: 10% <br> - Conditions: custom dictionary option, attachments larger than 1 MB \| The Report a concern option is enabled by default and can be controlled via Te When users experience employment stressors, they may engage in risky activities. Workplace stress may lead to uncharacteristic or malicious behavior by some users that could surface as potentially inappropriate behavior on your organization's messaging systems. Communication compliance can provide risk signals detected in applicable messages to [insider risk management](/microsoft-365/compliance/insider-risk-management) risky user policies by using a dedicated [Detect inappropriate text](#policy-templates) policy. This policy is automatically created (if selected as an option) during configuration of a [Data leaks by risky employees](/microsoft-365/compliance/insider-risk-management-policies#data-leaks-by-risky-users-preview) or [Security policy violations by risky employees](/microsoft-365/compliance/insider-risk-management-policies#security-policy-violations-by-risky-users-preview) policy in insider risk management. -When configured for an insider risk management policy, a dedicated policy named Risky users in messages - (date created) is created in communication compliance and automatically includes all organization users in the policy. This policy starts detecting risky behavior in messages by using the built-in [Targeted threat, Harassment, and Discrimination classifiers](#classifiers) and automatically sends these signals to insider risk management. If needed, this policy can be edited to update the scope of included users and the policy conditions and classifiers. +When configured for an insider risk management policy, a dedicated policy named Risky users in messages - (date created) is created in communication compliance and automatically includes all organization users in the policy. This policy starts detecting risky behavior in messages by using the built-in [Threat, Harassment, and Discrimination classifiers](#classifiers) and automatically sends these signals to insider risk management. If needed, this policy can be edited to update the scope of included users and the policy conditions and classifiers. Users that send 5 or more messages classified as potentially risky within 24 hours are automatically brought in-scope for insider risk management policies that include this option. Once in-scope, the insider risk management policy detects potentially risky activities configured in the policy and generates alerts as applicable. It may take up to 48 hours from the time risky messages are sent until the time a user is brought in-scope in an insider risk management policy. If an alert is generated for a potentially risky activity detected by the insider risk management policy, the triggering event for the alert is identified as being sourced from the communication compliance risky activity. Communication compliance policies using classifiers inspect and evaluate message \| [Profanity](classifier-tc-definitions.md#profanity) \| Detects potentially profane content in multiple languages that would likely offend most people. \| \| [Regulatory collusion (preview)](classifier-tc-definitions.md#regulatory-collusion-preview) \| Detects messages that may violate regulatory anti-collusion requirements such as an attempted concealment of sensitive information. This classifier can help customers manage regulatory compliance obligations such as the Sherman Antitrust Act, Securities Exchange Act 1933, Securities Exchange Act of 1934, Investment Advisers Act of 1940, Federal Commission Act, and the Robinson-Patman Act. \| \| [Stock manipulation (preview)](classifier-tc-definitions.md#stock-manipulation-preview) \| Detects signs of possible stock manipulation, such as recommendations to buy, sell or hold stocks that may suggest an attempt to manipulate the stock price. This classifier can help customers manage regulatory compliance obligations such as the Securities Exchange Act of 1934, FINRA Rule 2372, and FINRA Rule 5270. \| -\| [Targeted threat](classifier-tc-definitions.md#targeted-threat) \| Detects potential threatening content in multiple languages aimed at committing violence or physical harm to a person or property. \| +\| [Threat](classifier-tc-definitions.md#threat) \| Detects potential threatening content in multiple languages aimed at committing violence or physical harm to a person or property. \| \| [Unauthorized disclosure (preview)](classifier-tc-definitions.md#unauthorized-disclosure-preview) \| Detects sharing of information containing content that is explicitly designated as confidential or internal to unauthorized individuals. This classifier can help customers manage regulatory compliance obligations such as FINRA Rule 2010 and SEC Rule 10b-5. \| > [!IMPORTANT]
compliance	Communication Compliance Siem	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-siem.md	search.appverid: > [!IMPORTANT] > Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance (for example, SEC or FINRA) and business conduct violations such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy. -[Communication compliance](/microsoft-365/compliance/communication-compliance) is an insider risk solution in Microsoft Purview that helps minimize communication risks by helping you detect, capture, and act on potentially inappropriate messages in your organization. Security information and event management (SIEM) solutions such as [Microsoft Sentinel](https://azure.microsoft.com/services/azure-sentinel) or [Splunk](https://www.splunk.com/) are commonly used to aggregate and track insider risks that may lead to a security incident within an organization. +[Communication compliance](/microsoft-365/compliance/communication-compliance) is an insider risk solution in Microsoft Purview that helps minimize communication risks by helping you detect, capture, and act on potentially inappropriate messages in your organization. Security information and event management (SIEM) solutions such as [Microsoft Sentinel](https://azure.microsoft.com/services/azure-sentinel) or [Splunk](https://www.splunk.com/) are commonly used to aggregate and track threats within an organization. A common need for organizations is to integrate communication compliance alerts and their SIEM solutions. With this integration, organizations can view communication compliance alerts in their SIEM solution and then remediate alerts within the communication compliance workflow and user experience.
compliance	Communication Compliance Solution Overview	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-solution-overview.md	> [!IMPORTANT] > Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance (for example, SEC or FINRA) and business conduct violations such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy. -Protecting sensitive information and detecting and acting on workplace harassment incidents is an important part of compliance with internal policies and standards. Microsoft Purview Communication Compliance helps minimize these risks by helping you quickly detect, capture, and take remediation actions for email and Microsoft Teams communications. These include potentially inappropriate communications containing profanity, insider risks that may lead to a security event, and harassment and communications that share sensitive information inside and outside of your organization. +Protecting sensitive information and detecting and acting on workplace harassment incidents is an important part of compliance with internal policies and standards. Microsoft Purview Communication Compliance helps minimize these risks by helping you quickly detect, capture, and take remediation actions for email and Microsoft Teams communications. These include potentially inappropriate communications containing profanity, threats, and harassment and communications that share sensitive information inside and outside of your organization. [!INCLUDE [purview-preview](../includes/purview-preview.md)] Users are given [permissions](/microsoft-365/compliance/communication-compliance Communication compliance empowers organizations to detect, triage, and remediate communications with potential business conduct and/or regulatory compliance violations. Communication compliance provides the following policy templates that use machine learning classifiers for users: -- Business conduct: Corporate sabotage (preview), Discrimination, Profanity, Targeted threat, and Targeted harassment classifiers +- Business conduct: Corporate sabotage (preview), Discrimination, Profanity, Threat, and Targeted harassment classifiers - Regulatory compliance: Customer complaints, gifts & entertainment (preview), money laundering (preview), regulatory collusion (preview), stock manipulation (preview), unauthorized disclosure (preview) classifiers ## Metrics used to evaluate and measure performance
compliance	Communication Compliance	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance.md	Communication compliance offers several important features to help address compl Intelligent customizable templates in communication compliance allow you to apply machine learning to intelligently detect communication violations in your organization. - Customizable pre-configured templates: Policy templates help address the most common communications risks. Initial policy creation and follow-on updating are now quicker with pre-defined templates to analyze and mitigate potentially inappropriate content, sensitive information, conflict of interest, and regulatory compliance issues.-- New machine learning support: Built-in [classifiers](/microsoft-365/compliance/classifier-get-started-with) to analyze and mitigate discrimination, insider risks that may lead to a security incident, harassment, profanity, and potentially inappropriate images and help reduce misclassified content in communication messages, saving reviewers time during the investigation and remediation process. +- New machine learning support: Built-in [classifiers](/microsoft-365/compliance/classifier-get-started-with) to analyze and mitigate discrimination, threats, harassment, profanity, and potentially inappropriate images and help reduce misclassified content in communication messages, saving reviewers time during the investigation and remediation process. - Improved condition builder: Configure policy conditions that are now streamlined into a single, integrated experience in the policy wizard, reducing confusion in how conditions are applied for policies. ### Flexible remediation workflows
compliance	Dlp On Premises Scanner Get Started	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-on-premises-scanner-get-started.md	Title: "Get started with data loss prevention on-premises scanner" + Title: "Get started with data loss prevention on-premises repositories" f1.keywords: - CSH Previously updated : 01/11/2021 Last updated : 02/21/2023 audience: ITPro f1_keywords: search.appverid: - MET150 -description: "This article describes the prerequisites and configuration for the Microsoft Purview data loss prevention on-premises scanner." +description: "This article describes the prerequisites and configuration for the Microsoft Purview Data Loss Prevention on-premises repositories." -# Get started with the data loss prevention on-premises scanner +# Get started with the data loss prevention on-premises repositories -This article walks you through the prerequisites and configuration for the Microsoft Purview data loss prevention on-premises scanner. +This article walks you through the prerequisites and configuration for using the Microsoft Purview Data Loss Prevention on-premises repositories location in a DLP policy. [!INCLUDE [purview-preview](../includes/purview-preview.md)] This article walks you through the prerequisites and configuration for the Micro ### SKU/subscriptions licensing -Before you get started with DLP on-premises scanner, you should confirm your [Microsoft 365 subscription](https://www.microsoft.com/microsoft-365/compare-microsoft-365-enterprise-plans?rtc=1) and any add-ons. The admin account that sets up the DLP rules must be assigned one of the following licenses: +Before you get started with DLP on-premises repositories, you should confirm your [Microsoft 365 subscription](https://www.microsoft.com/microsoft-365/compare-microsoft-365-enterprise-plans?rtc=1) and any add-ons. The admin account that sets up the DLP rules must be assigned one of the following licenses: - Microsoft 365 E5 - Microsoft 365 E5 Compliance - Microsoft 365 E5 Information Protection & Governance -For full licensing details see: [Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance) +For full licensing details, see: [Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance) > [!IMPORTANT] > All users who contribute to the scanned location either by adding files or consuming files need to have a license, not just the scanner user. ### Permissions -Data from DLP on-premises scanner can be viewed in [Activity explorer](data-classification-activity-explorer.md). There are four roles that grant permission to activity explorer, the account you use for accessing the data must be a member of any one of them. +Data from DLP can be viewed in [Activity explorer](data-classification-activity-explorer.md). There are four roles that grant permission to activity explorer, the account you use for accessing the data must be a member of any one of them. - Global administrator - Compliance administrator Here's a list of applicable role groups that are in preview. To learn more about - Information Protection Investigators - Information Protection Readers -### DLP on-premises scanner prerequisites +### DLP on-premises repositories prerequisites -- The Azure Information Protection (AIP) scanner implements DLP policy matching and policy enforcement. The scanner is installed as part of the AIP client so your installation must meet all the prerequisites for AIP, the AIP client, and the AIP unified labeling scanner.-- Deploy the AIP client and scanner. For more information see, [Install the AIP unified labeling client](/azure/information-protection/rms-client/install-unifiedlabelingclient-app) and, [Configuring and installing the information protection scanner](deploy-scanner-configure-install.md). +- The Microsoft Purview information protection scanner implements DLP policy matching and policy enforcement. The scanner is installed as part of the AIP client so your installation must meet all the prerequisites for AIP, the AIP client, and the AIP unified labeling scanner. +- Deploy the AIP client and scanner. For more information, see, [Install the AIP unified labeling client](/azure/information-protection/rms-client/install-unifiedlabelingclient-app) and, [Configuring and installing the information protection scanner](deploy-scanner-configure-install.md). - There must be at least one label and policy published in the tenant, even if all your detection rules are based on sensitive information types only. ## Deploy the DLP on-premises scanner 1. Follow the procedures in [Install the AIP unified labeling client](/azure/information-protection/rms-client/install-unifiedlabelingclient-app). 2. Follow the procedures in [Configuring and installing the information protection scanner](deploy-scanner-configure-install.md) to complete the scanner installation. - 1. Network discovery jobs configuration is an optional step. You can skip it and define specific repositories to be scanned in your content scan job. - 2. You must create content scan job and specify the repositories that host files that need to be evaluated by the DLP engine. - 3. Enable DLP rules in the created Content scan job, and set the Enforce option to Off, unless you want to proceed directly to the DLP enforcement stage. -3. Verify that you content scan job is assigned to the right cluster. If you still did not create a content scan job create a new one and assign it to the cluster that contains the scanner nodes. + 1. You must create content scan job and specify the repositories that host files that need to be evaluated by the DLP engine. + 2. Enable DLP rules in the created Content scan job, and set the Enforce option to Off, unless you want to proceed directly to the DLP enforcement stage. +3. Verify that your content scan job is assigned to the right cluster. If you still didn't create a content scan job create a new one and assign it to the cluster that contains the scanner nodes. -4. Connect to the [Azure Information Protection extension in Azure portal](https://portal.azure.com/#blade/Microsoft_Azure_InformationProtection/DataClassGroupEditBlade/scannerProfilesBlade) and add your repositories to the content scan job that will perform the scan. +4. Connect to the Microsoft Purview compliance portal and add your repositories to the content scan job that will perform the scan. 5. Do one of the following to run your scan: 1. set the scanner schedule Here's a list of applicable role groups that are in preview. To learn more about > [!IMPORTANT] > Remember that the scanner runs a delta scan of the repository by default and the files that were already scanned in the previous scan cycle will be skipped unless the file was changed or you initiated a full rescan. Full rescan can be initiated by using Rescan all files option in the UI or by running Start-AIPScan-Reset. -6. Open the [Data loss prevention page](https://compliance.microsoft.com/datalossprevention?viewid=policies) in the Microsoft Purview compliance portal. +6. Open the [Data loss prevention page](https://compliance.microsoft.com/datalossprevention?viewid=policies) in the Microsoft Purview compliance portal. -7. Choose Create policy and create a test DLP policy. See [Create and Deploy data loss prevention policies](dlp-create-deploy-policy.md) if you need help creating a policy. Be sure to run it in test until you are comfortable with this feature. Use these parameters for your policy: - 1. Scope the DLP on-premises scanner rule to specific locations if needed. If you scope locations to All, all files scanned by the scanner will be subject to the DLP rule matching and enforcement. +7. Choose Create policy and create a test DLP policy. See [Create and Deploy data loss prevention policies](dlp-create-deploy-policy.md) if you need help with creating a policy. Be sure to run it in test until you're comfortable with this feature. Use these parameters for your policy: + 1. Scope the DLP on-premises repositories rule to specific locations if needed. If you scope locations to All, all files scanned by the scanner will be subject to the DLP rule matching and enforcement. 1. When specifying the locations, you can use either exclusion or inclusion list. You can either define that the rule is relevant only to paths matching one of the patterns listed in inclusion list or, all files, except the files matching the pattern listed in inclusion list. No local paths are supported. Here are some examples of valid paths: - \\\server\share - \\\server\share\folder1\subfolderabc Here's a list of applicable role groups that are in preview. To learn more about > [!IMPORTANT] > The exclusion list takes precedence over the inclusions list. -### Viewing DLP on-premises scanner alerts in DLP Alerts Management dashboard +### Viewing DLP alerts in DLP Alerts Management dashboard 1. Open the [Data loss prevention page](https://compliance.microsoft.com/datalossprevention?viewid=policies) in the Microsoft Purview compliance portal and select Alerts. 2. Refer to the procedures in [How to configure and view alerts for your DLP policies](dlp-configure-view-alerts-policies.md) to view alerts for your on-premises DLP policies. -### Viewing DLP on-premises scanner in activity explorer and audit log +### Viewing DLP data in activity explorer and audit log > [!NOTE] -> The on-premises scanner requires that auditing be enabled. In Microsoft 365 auditing is enabled by default. +> The Information Protection scanner requires that auditing be enabled. In Microsoft 365 auditing is enabled by default. 1. Open the [Data classification page](https://compliance.microsoft.com/dataclassification?viewid=overview) for your domain in the Microsoft Purview compliance portal and select Activity explorer. Here's a list of applicable role groups that are in preview. To learn more about ## Next steps -Now that you have deployed a test policy for DLP on-premises locations and can view the activity data in Activity explorer, you are ready to move on to your next step where you create DLP policies that protect your sensitive items. +Now that you've deployed a test policy for DLP on-premises locations and can view the activity data in Activity explorer, you're ready to move on to your next step where you create DLP policies that protect your sensitive items. - [Using DLP on-premises](dlp-on-premises-scanner-use.md) ## See also -- [Learn about DLP on-premises scanner](dlp-on-premises-scanner-learn.md)-- [Use DLP on-premises scanner](dlp-on-premises-scanner-use.md) +- [Learn about the data loss prevention on-premises repositories](dlp-on-premises-scanner-learn.md) +- [Use the data loss prevention on-premises repositories](dlp-on-premises-scanner-use.md) - [Learn about data loss prevention](dlp-learn-about-dlp.md) - [Create and Deploy data loss prevention policies](dlp-create-deploy-policy.md) - [Get started with Activity explorer](data-classification-activity-explorer.md)
compliance	Dlp On Premises Scanner Learn	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-on-premises-scanner-learn.md	Title: "Learn about data loss prevention on-premises scanner" + Title: "Learn about data loss prevention on-premises repositories" f1.keywords: - CSH Previously updated : 01/15/2021 Last updated : 02/21/2023 audience: ITPro f1_keywords: - highpri search.appverid: - MET150 -description: "The data loss prevention on-premises scanner extends monitoring of file activities and protective actions for those files to on-premises file shares and SharePoint folders and document libraries. Files are scanned and protected by Azure Information Protection (AIP) scanner" +description: "The data loss prevention on-premises location extends monitoring of file activities and protective actions for those files to on-premises file shares and SharePoint folders and document libraries. Files are scanned and protected by Purview Information Protection scanner" -# Learn about the data loss prevention on-premises scanner +# Learn about the data loss prevention on-premises repositories -Data loss prevention on-premises scanner is part of the Microsoft Purview Data Loss Prevention (DLP) suite of features that you can use to discover and protect sensitive items across Microsoft 365 services. For more information about all of MicrosoftΓÇÖs DLP offerings, see [Learn about data loss prevention](dlp-learn-about-dlp.md). - -The DLP on-premises scanner crawls on-premises data-at-rest in file shares and SharePoint document libraries and folders for sensitive items that, if leaked, would pose a risk to your organization or pose a risk of compliance policy violation. This gives you the visibility and control you need to ensure that sensitive items are used and protected properly, and to help prevent risky behavior that might compromise them. The DLP on-premises scanner detects sensitive information by using [built-in](sensitive-information-type-entity-definitions.md) or [custom sensitive information](create-a-custom-sensitive-information-type.md) types, [sensitivity labels](sensitivity-labels.md) or file properties. The information about what users are doing with sensitive items is made visible in [activity explorer](data-classification-activity-explorer.md) and you can enforce protective actions on those items via [DLP policies](dlp-learn-about-dlp.md). +When you select the On-premises repositories location Microsoft Purview Data Loss Prevention (DLP) can enforce protective actions on on-premises data-at-rest in file shares and SharePoint document libraries and folders. This gives you the visibility and control you need to ensure that sensitive items are used and protected properly, and to help prevent risky behavior that might compromise them. The DLP detects sensitive information by using [built-in](sensitive-information-type-entity-definitions.md) or [custom sensitive information](create-a-custom-sensitive-information-type.md) types, [sensitivity labels](sensitivity-labels.md) or file properties. The information about what users are doing with sensitive items is made visible in [activity explorer](data-classification-activity-explorer.md) and you can enforce protective actions on those items via [DLP policies](dlp-learn-about-dlp.md). [!INCLUDE [purview-preview](../includes/purview-preview.md)] -## The DLP on-premises scanner relies on Azure Information Protection scanner +## DLP relies on Microsoft Purview Information Protection scanner -The DLP on-premises scanner relies on a full implementation of the Azure Information Protection (AIP) scanner to monitor, label and protect sensitive items. If you aren't familiar with the AIP scanner, we strongly recommend familiarizing yourself with it. See these articles: +DLP relies on a full implementation of the Microsoft Purview Information Protection scanner to monitor, label and protect sensitive items. If you haven't implemented Information Protection scanner, must do so first. See these articles: - [What is Azure Information Protection](/azure/information-protection/what-is-information-protection) - [Learn about the information protection scanner](deploy-scanner.md) The DLP on-premises scanner relies on a full implementation of the Azure Informa - [Configuring and installing the information protection scanner](deploy-scanner-configure-install.md) - [Azure Information Protection unified labeling client - Version release history and support policy](/azure/information-protection/rms-client/unifiedlabelingclient-version-release-history) -## DLP on-premises scanner actions +## DLP On-premises repository actions -DLP on-premises scanner detects files by one of these four methods: +DLP detects files in on-premises repositories by one of these four methods: - sensitive information types - sensitivity labels - file extension - custom document properties on Office files only -When a detected file poses a potential risk if leaked or a compliance policy violation, the DLP on-premises scanner can take one of these four actions. +When a detected file poses a potential risk if leaked or a compliance policy violation, DLP can take one of these four actions. \|Action \|Description \| \|\|\| -\|Block these people from accessing file stored in on-premises scanner - Everyone \| When enforced, this action blocks access to all accounts except the content owner, the last account that modified the item and the administrator. It does this by removing all accounts from NTFS/SharePoint permissions at the file level except the file owner, repository owner (set in the [Use a DLP policy](deploy-scanner-configure-install.md#use-a-dlp-policy)) setting in content scan job), last modifier (can be identified in SharePoint only) and admin. The scanner account is also granted FC rights on the file.\| -\|Block these people from accessing file stored in on-premises scanner - block org-wide (public) access \|When enforced, this action removes the *Everyone, NT AUTHORITY\authenticated users, and Domain Users* SIDs from the file access control list (ACL). Only users and groups that have been explicitly granted rights to the file or parent folder will be able to access the file.\| -\|Set permissions on the file\|When enforced, this action forces the file to inherit the permissions of its parent folder. Be default, this action will only be enforced if the permissions on the parent folder are more restrictive than the permissions that are already on the file. For example, if the ACL on the file is set to only allow *specific users* and the parent folder is configured to allow *Domain Users* group, the parent folder permissions would not be inherited by the file. You can override this behavior by selecting the Inherit even if parent permissions are less restrictive option.\| +\|Block people from accessing file stored in on-premises scanner - Block everyone \| When enforced, this action blocks access to all accounts except the content owner, the account that last modified the item and the administrator. It does this by removing all accounts from NTFS/SharePoint permissions at the file level except the file owner, repository owner (set in the [Use a DLP policy](deploy-scanner-configure-install.md#use-a-dlp-policy)) setting in content scan job), last modifier (can be identified in SharePoint only) and admin. The scanner account is also granted FC rights on the file.\| +\|Block only people who have access to your on-premises network and users in your organization who weren't granted explicit access to the files from accessing file \|When enforced, this action removes the *Everyone, NT AUTHORITY\authenticated users, and Domain Users* SIDs from the file access control list (ACL). Only users and groups that have been explicitly granted rights to the file or parent folder will be able to access the file.\| +\|Set permissions on the file (permissions will be inherited from the parent folder)\|When enforced, this action forces the file to inherit the permissions of its parent folder. Be default, this action will only be enforced if the permissions on the parent folder are more restrictive than the permissions that are already on the file. For example, if the ACL on the file is set to only allow *specific users* and the parent folder is configured to allow *Domain Users* group, the parent folder permissions wouldn't be inherited by the file. You can override this behavior by selecting the Inherit even if parent permissions are less restrictive option.\| \|Remove the file from improper location\|When enforced, this action replaces the original file with a stub file with .txt extension and places a copy of the original file in a quarantine folder. ## What's different in the on-premises scanner There are a few extra concepts that you need to be aware of before you dig into ### AIP repositories and content scan jobs -You must create an AIP content scan jobs and identify the repositories that host the files that you want to be evaluated by DLP engine. Make sure you enable DLP rules in the created AIP content scan job. +You must create a content scan job in the information protection scanner and identify the repositories that host the files that you want to be evaluated by DLP. Make sure you enable DLP rules in the created AIP content scan job. ### Policy tips -[Policy tips](use-notifications-and-policy-tips.md) are not available in on-premises scanner. +[Policy tips](use-notifications-and-policy-tips.md) aren't available in on-premises scanner. ### Viewing DLP on-premises scanner events -You view DLP on-premises scanner data in the M365 Compliance Center [activity explorer](data-classification-activity-explorer.md). +You view DLP data in the Microsoft Purview compliance portal [activity explorer](data-classification-activity-explorer.md). ## Next steps -Now that you've learned about DLP on-premises scanner, your next steps are: +Now that you've learned about the Information Protection on-premises scanner, your next steps are: -1. [Get started with the DLP on-premises scanner](dlp-on-premises-scanner-get-started.md) +1. [Get started with the On-premises repositories location](dlp-on-premises-scanner-get-started.md) 2. [Use the DLP on-premises scanner](dlp-on-premises-scanner-use.md)- +--> ## See also - [Getting started with the data loss prevention on-premises scanner](dlp-on-premises-scanner-get-started.md)
compliance	Dlp On Premises Scanner Use	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-on-premises-scanner-use.md	Title: "Use data loss prevention on-premises scanner" + Title: "Use data loss prevention on-premises repositories" f1.keywords: - CSH Previously updated : 01/14/2021 Last updated : 02/21/2023 audience: ITPro f1_keywords: - highpri search.appverid: - MET150 -description: "Learn how to use the data loss prevention on premises scanner to scan data at rest and implement protective actions for on premises file shares and on-premises SharePoint folders and document libraries." +description: "Learn how to use data loss prevention on premises repositories location to scan data at rest and implement protective actions for on premises file shares and on-premises SharePoint folders and document libraries." -# Use the data loss prevention on-premises scanner +# Use the data loss prevention on-premises repositories location -To help familiarize you with Microsoft Purview Data Loss Prevention on-premises features and how they surface in DLP policies, we've put together some scenarios for you to follow. +To help familiarize you with Microsoft Purview Data Loss Prevention on-premises features and how they surface in DLP policies, we've put together a scenario for you to follow. > [!IMPORTANT] > These DLP on-premises scenarios are not the official procedures for creating and tuning DLP policies. Refer to the below topics when you need to work with DLP policies in general situations: To help familiarize you with Microsoft Purview Data Loss Prevention on-premises ### Scenario: Discover files matching DLP rules -Data from DLP on-premises scanner surfaces in several areas +Data from DLP surfaces in several areas #### Activity explorer - Microsoft DLP for on-premises detects DLP rule matches and reports them to [Activity Explorer](https://compliance.microsoft.com/dataclassification?viewid=activitiesexplorer). + DLP reports rule matches in [Activity Explorer](https://compliance.microsoft.com/dataclassification?viewid=activitiesexplorer). #### Microsoft 365 Audit log -The DLP rule matches are available in Audit log UI, see [Search the audit log in the Microsoft Purview compliance portal](audit-log-search.md) or accessible by [Search-UnifiedAuditLog](/powershell/module/exchange/search-unifiedauditlog) PowerShell. +The DLP rule matches are also available in Audit log UI, see [Search the audit log in the Microsoft Purview compliance portal](audit-log-search.md) or accessible by [Search-UnifiedAuditLog](/powershell/module/exchange/search-unifiedauditlog) PowerShell. #### AIP Discovery data is available in a local report in csv format which is stored unde ### Scenario: Enforce DLP rule -If you want to enforce DLP rules on the scanned files, enforcement must be enabled on both the content scan job in AIP and at the policy level in DLP. +If you want to enforce DLP rules on scanned files, enforcement must be enabled on both the content scan job and at the policy level in DLP. #### Configure DLP to enforce policy actions If you want to enforce DLP rules on the scanned files, enforcement must be enabl ## See also -- [Learn about DLP on-premises scanner](dlp-on-premises-scanner-learn.md)-- [Get started with DLP on-premises scanner](dlp-on-premises-scanner-get-started.md) +- [Learn about the data loss prevention on-premises repositories](dlp-on-premises-scanner-learn.md) +- [Get started with data loss prevention on-premises repositories](dlp-on-premises-scanner-get-started.md) - [Learn about data loss prevention](dlp-learn-about-dlp.md) - [Create and Deploy data loss prevention policies](dlp-create-deploy-policy.md) - [Get started with Activity explorer](data-classification-activity-explorer.md)
compliance	Dlp Policy Reference	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-policy-reference.md	f1.keywords: CSH Previously updated : 07/20/2021 Last updated : 02/27/2023 audience: Admin A DLP policy can find and protect items that contain sensitive information acros \|Teams chat and channel messages\|Yes \| account or distribution group \|data-in-motion </br> data-in-use \| No \| \|Microsoft Defender for Cloud Apps\|No \| cloud app instance \|data-at-rest \| - [Use data loss prevention policies for non-Microsoft cloud apps](dlp-use-policies-non-microsoft-cloud-apps.md#use-data-loss-prevention-policies-for-non-microsoft-cloud-apps) \| \|Devices\|Yes \|user or group \|data-at-rest </br> data-in-use </br> data-in-motion \|- [Learn about Endpoint data loss prevention](endpoint-dlp-learn-about.md) </br>- [Get started with Endpoint data loss prevention](endpoint-dlp-getting-started.md) </br>- [Configure device proxy and internet connection settings for Information Protection](device-onboarding-configure-proxy.md#configure-device-proxy-and-internet-connection-settings-for-information-protection) \| -\|On-premises repositories (file shares and SharePoint)\|No \|repository \| data-at-rest \| - [Learn about the data loss prevention on-premises scanner](dlp-on-premises-scanner-learn.md) </br> - [Get started with the data loss prevention on-premises scanner](dlp-on-premises-scanner-get-started.md#get-started-with-the-data-loss-prevention-on-premises-scanner) \| +\|On-premises repositories (file shares and SharePoint)\|No \|repository \| data-at-rest \| - [Learn about the data loss prevention on-premises repositories](dlp-on-premises-scanner-learn.md) </br> - [Get started with the data loss prevention on-premises repositories](dlp-on-premises-scanner-get-started.md#get-started-with-the-data-loss-prevention-on-premises-repositories) \| \|Power BI \|No\| workspaces \| data-in-use \| No\| If you choose to include specific distribution groups in Exchange, the DLP policy will be scoped only to the emails sent by members of that group. Similarly excluding a distribution group will exclude all the emails sent by the members of that distribution group from policy evaluation. You can choose to scope a policy to the members of distribution lists, dynamic distribution groups, and security groups. A DLP policy can contain no more than 50 such inclusions and exclusions.
compliance	Endpoint Dlp Using	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/endpoint-dlp-using.md	There are three procedures. 1. Open [Endpoint DLP settings](https://compliance.microsoft.com/datalossprevention?viewid=globalsettings) -1. Expand Unallowed apps. +1. Expand Restricted apps and app groups. -1. Choose Add or edit unallowed apps and add OneDrive as a display name and the executable name onedrive.exe to disallow onedrive.exe from accessing items the Highly Confidential label. +1. Choose Add restricted app group under Restricted app groups, put group name Cloud Sync apps, and add OneDrive as a display name and the executable name onedrive.exe to disallow onedrive.exe from accessing items the Highly Confidential label. 1. Select Auto-quarantine and Save. There are three procedures. 1. Create a rule with these values: 1. Name > Scenario 4 Auto-quarantine. 1. Conditions > Content contains > Sensitivity labels > Highly Confidential. - 1. Actions > Audit or restrict activities on Windows devices > Access by unallowed apps > Block. For the purposes of this scenario, clear all the other activities. + 1. Actions > Audit or restrict activities on Windows devices > File activities for apps in restricted app groups > Add restricted app group, choose created group Cloud Sync apps > Apply a restriction to all activity > Block. For the purposes of this scenario, clear all the other activities. 1. User notifications > On. 1. Endpoint devices > Choose Show users a policy tip notification when an activity if not already enabled.
compliance	Get Started With Data Lifecycle Management	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/get-started-with-data-lifecycle-management.md	f1.keywords: Previously updated : 06/27/2020 Last updated : 02/27/2023 audience: Admin For permissions to manage mailboxes for archiving, inactive mailboxes, and impor Members of your compliance team who will create and manage retention policies and retention labels need permissions to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft Purview compliance portal</a>. By default, the tenant admin (global administrator) has access to this location and can give compliance officers and other people access without giving them all the permissions of a tenant admin. To grant permissions for this limited administration, we recommend that you add users to the Compliance Administrator admin role group. -Alternatively to using this default role, you can create a new role group and add the Retention Management role to this group. For a read-only role, use View-Only Retention Management. +Alternatively to using this default role, you can create a new role group and add the Retention Management role to this group. For a read-only role, use View-Only Retention Management. To use [adaptive policy scopes](retention.md#adaptive-or-static-policy-scopes-for-retention), you'll also need the Scope Manager role. For instructions to add users to the default roles or create your own role groups, see [Permissions in the Microsoft Purview compliance portal](microsoft-365-compliance-center-permissions.md).
compliance	Get Started With Records Management	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/get-started-with-records-management.md	f1.keywords: Previously updated : 06/27/2020 Last updated : 02/27/2023 audience: Admin To see the options for licensing your users to benefit from Microsoft Purview fe ## Permissions -Members of your compliance team who are responsible for records management need permissions to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft Purview compliance portal</a>. By default, the tenant admin (global administrator) has access to this location and can give compliance officers and other people access without giving them all the permissions of a tenant admin. To grant permissions for this limited administration, we recommend that you add users to the Records Management admin role group, which grants permissions for all features related to records management, including [disposition review and verification](disposition.md). +Members of your compliance team who are responsible for records management need permissions to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft Purview compliance portal</a>. By default, the tenant admin (global administrator) has access to this location and can give compliance officers and other people access without giving them all the permissions of a tenant admin. To grant permissions for this limited administration, we recommend that you add users to the Records Management admin role group. This role group grants permissions for all features related to records management, which include the permissions to create and manage [adaptive policy scopes](retention.md#adaptive-or-static-policy-scopes-for-retention), and [disposition review and verification](disposition.md). For a read-only role, you can create a new role group and add the View-Only Record Management role to this group.
compliance	Information Protection Solution	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/information-protection-solution.md	f1.keywords: Previously updated : 12/20/2021 Last updated : 02/27/2023 audience: Admin Use Microsoft Purview Information Protection to help you discover, classify, pro ![Microsoft Purview Information Protection solution overview](../media/mip-solution-overview-extended.png) -Watch the following Ignite session to see how these capabilities support and build on each other: [Know your data, protect your data, and prevent data loss with Microsoft Information Protection](https://myignite.microsoft.com/archives/IG20-OD273). - For data governance, see [Deploy a data governance solution with Microsoft Purview](data-governance-solution.md). ## Licensing
compliance	Named Entities Learn	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/named-entities-learn.md	Bundled named entity SITs detect all possible matches. Use them as broad criteri Unbundled named entity SITs have a narrower focus, like a single country. Use them when you need a DLP policy with a narrower detection scope. -> [!Note] -> To use the named entity SITs, you must activate [Advanced scanning and protection](dlp-configure-endpoint-settings.md) for the relevant [data loss prevention endpoints](dlp-configure-endpoint-settings.md) before they will be discoverable. - +>[!Note] +> To use bundled SITs, you must activate [Advanced classification scanning and protection](dlp-configure-endpoint-settings.md#advanced-classification-scanning-and-protection) for the relevant [data loss prevention settings](dlp-configure-endpoint-settings.md) before they will be discoverable. + Here are some examples of named entity SITs. You can find all of them in [Sensitive information type entity definitions](sensitive-information-type-entity-definitions.md). \|Named Entity \|Description \|Bundled/Unbundled \|
compliance	Purview Adaptive Scopes	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/purview-adaptive-scopes.md	f1.keywords: Previously updated : Last updated : 02/27/2023 audience: Admin For specific advantages of using adaptive scopes specific to policies for retent For configuration information, see [Configuring adaptive scopes](#configure-adaptive-scopes). -To watch a recorded webinar (requires registration), visit [Deep Dive on Adaptive Scopes](https://mipc.eventbuilder.com/event/45703). - ### Maximums for adaptive policy scopes There's no limit to the number of adaptive policy scopes that you can add to a policy, but there are some maximum limits for the query that defines each adaptive scope: The attribute names for users and groups are based on [(https://learn.microsoft. The attributes and properties listed in the table can be easily specified when you configure an adaptive scope by using the simple query builder. Additional attributes and properties are supported with the advanced query builder, as described in the following section. -> [!TIP] -> For more information about using the advanced query builder, see the following webinars: -> - [Building Advanced Queries for Users and Groups with Adaptive Policy Scopes](https://mipc.eventbuilder.com/event/52683/occurrence/49452/recording?rauth=853.3181650.1f2b6e8b4a05b4441f19b890dfeadcec24c4325e90ac492b7a58eb3045c546ea) -> - [Building Advanced Queries for SharePoint Sites with Adaptive Policy Scopes](https://aka.ms/AdaptivePolicyScopes-AdvancedSharePoint) - To configure an adaptive scope: Before you configure your adaptive scope, use the previous section to identify what type of scope to create and what attributes and values you'll use. You might need to work with other administrators to confirm this information. +You'll need to assign the correct role groups to admins to create an adaptive scope. Any role group with the Scope Manager role is allowed to create an adaptive scopes. The Scope Manger role is included in the following [built-in role groups](/microsoft-365/security/office-365-security/scc-permissions): + +- Compliance Administrator +- Compliance Data Administrator +- eDiscovery Manager +- Organization Management +- Records Management +- Communication Compliance +- Communication Compliance Admins + Specifically for SharePoint sites, there might be additional SharePoint configuration needed if you plan to use [custom site properties](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/using-custom-sharepoint-site-properties-to-apply-microsoft-365/ba-p/3133970). 1. Sign into [Microsoft Purview compliance portal](https://compliance.microsoft.com/) using credentials for an admin account in your Microsoft 365 organization. -2. In the compliance portal, select Data lifecycle management or Communication compliance. -3. Select the Adaptive scopes tab, and then + Create scope. +2. In the compliance portal, select Roles and Scopes. +3. Select Adaptive scopes, and then + Create scope. 4. Follow the prompts in the configuration to first select the type of scope, and then select the attributes or properties you want to use to build the dynamic membership, and type in the attribute or property values. For example, to configure an adaptive scope that will be used to identify users in Europe, first select Users as the scope type, and then select the Country or region attribute, and type in Europe:
compliance	Record Versioning	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/record-versioning.md	f1.keywords: Previously updated : 10/01/2019 Last updated : 02/27/2023 audience: Admin You can now do the following things: If the retention label is configured for [disposition review](disposition.md) at the end of the retention period, each version undergoes its own disposition review. -By default, record versioning is automatically available for any document that has a retention label applied that marks the item as a record, and that label is [published to the site](create-apply-retention-labels.md). When a user views the document properties by using the details pane, they can toggle the Record status between Locked and Unlocked. +By default, record versioning is automatically available for any document that has a retention label applied that marks the item as a record, and that label is [published to the site](create-apply-retention-labels.md). When a user views the document properties by using the details pane, they can toggle the Record status between Locked and Unlocked. A padlock icon might also be displayed for the document, to help identify when the file is locked. While the document is unlocked, any user with standard edit permissions can edit the file. However, users can't delete the file, because it's still a record. When editing is complete, a user can then toggle the Record status from Unlocked to Locked, which prevents further edits while in this status. <br/><br/>
compliance	Retention Label Flow	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-label-flow.md	f1.keywords: Previously updated : 08/04/2022 Last updated : 02/27/2023 audience: Admin When the retention period expires, your configured flow runs. Power Automate is a workflow service that automates actions across applications and services. Specific to running a Power Automate flow at the end of the retention period: -- You must have a Power Automate per user plan that includes premium connectors, separate from your Microsoft 365 compliance plan. For more information, see the [Power Automate per user plan](https://admin.microsoft.com/AdminPortal/Home?ref=/catalog/offer-details/power-automate-per-user-plan/7CF37992-A897-4DB2-82C1-BDA8C1C3EB76) details in the Microsoft 365 admin center, where you can also start a free trial.- +- You must have a [Power Automate plan](/power-platform/admin/power-automate-licensing/types) that includes premium connectors, separate from your Microsoft 365 compliance plan. - The Power Automate flow must be an automated cloud flow that is created from blank, and configured to use the trigger When the retention period expires. For more information about how to use and configure the dependent automated cloud flows, see the [Microsoft Power Automate Documentation](/power-automate).
compliance	Retention	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention.md	f1.keywords: Previously updated : 09/17/2019 Last updated : 02/27/2023 audience: Admin Advantages of using static scopes over adaptive scopes: For configuration information, see [Configuring adaptive scopes](purview-adaptive-scopes.md#configure-adaptive-scopes). -To watch a recorded webinar (requires registration), visit [Deep Dive on Adaptive Scopes](https://mipc.eventbuilder.com/event/45703). +> [!NOTE] +> In [February 2023](whats-new.md#february-2023), the configuration of adaptive scopes moved in the Microsoft Purview compliance portal to Roles & Scopes. -> [!IMPORTANT] -> Currently, adaptive scopes don't support [Preservation Lock to restrict changes to retention policies and retention label policies](#use-preservation-lock-to-restrict-changes-to-policies). +Currently, adaptive scopes don't support [Preservation Lock to restrict changes to retention policies and retention label policies](#use-preservation-lock-to-restrict-changes-to-policies). ## Policy lookup If you are using older eDiscovery tools to preserve data, see the following reso If you need to proactively retain or delete content in Microsoft 365 for data lifecycle management, we recommend that you use Microsoft 365 retention policies and retention labels instead of the following older features. -If you currently use these older features, they will continue to work side by side with Microsoft 365 retention policies and retention labels. However, we recommend that going forward, you use Microsoft 365 retention policies and retention labels to benefit from a single solution to manage both retention and deletion of content across multiple workloads in Microsoft 365. +If you currently use these older features, they will usually work side by side with Microsoft 365 retention policies and retention labels. Check their specific documentation for any restrictions. However, we recommend that going forward, you use Microsoft 365 retention policies and retention labels to benefit from a single solution to manage both retention and deletion of content across multiple workloads in Microsoft 365. Older features from Exchange Online:
compliance	Sensitive Information Type Learn About	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitive-information-type-learn-about.md	description: "This article gives an overview of sensitive information types and # Learn about sensitive information types -Identifying and classifying sensitive items that are under your organizations control is the first step in the [Information Protection discipline](./information-protection.md). Microsoft Purview provides three ways of identifying items so that they can be classified: +Identifying and classifying sensitive items that are under your organization's control is the first step in the [Information Protection discipline](./information-protection.md). Microsoft Purview provides three ways of identifying items so that they can be classified: - manually by users - automated pattern recognition, like sensitive information types A DLP policy has medium confidence that it's detected this type of sensitive inf In a sensitive information type entity definition, confidence level reflects how much supporting evidence is detected in addition to the primary element. The more supporting evidence an item contains, the higher the confidence that a matched item contains the sensitive info you're looking for. For example, matches with a high confidence level will contain more supporting evidence in close proximity to the primary element, whereas matches with a low confidence level would contain little to no supporting evidence in close proximity. -A high confidence level returns the fewest false positives but might result in more false negatives. Low or medium confidence levels returns more false positives but few to zero false negatives. +A high confidence level returns the fewest false positives but might result in more false negatives. Low or medium confidence levels return more false positives but few to zero false negatives. - low confidence: Matched items will contain the fewest false negatives but the most false positives. Low confidence returns all low, medium, and high confidence matches. The low confidence level has a value of 65.-- medium confidence: Matched items will contain an average amount of false positives and false negatives. Medium confidence returns all medium, and high confidence matches. The medium confidence level has a value of 75. +- medium confidence: Matched items will contain an average number of false positives and false negatives. Medium confidence returns all medium, and high confidence matches. The medium confidence level has a value of 75. - high confidence: Matched items will contain the fewest false positives but the most false negatives. High confidence only returns high confidence matches and has a value of 85. You should use high confidence level patterns with low counts, say five to ten, and low confidence patterns with higher counts, say 20 or more.
compliance	Sensitivity Labels Versions	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-versions.md	f1.keywords: - NOCSH + Previously updated : 02/24/2023 Last updated : 02/27/2023 audience: Admin The numbers listed are the minimum Office application versions required for each \|[Different settings for default label and mandatory labeling](sensitivity-labels-office-apps.md#outlook-specific-options-for-default-label-and-mandatory-labeling) \| Current Channel: 2105+ <br /><br> Monthly Enterprise Channel: 2105+ <br /><br> Semi-Annual Enterprise Channel: 2108+ \| 16.43+ <sup>\</sup> \| 4.2111+ \| 4.2111+ \| Yes \| \|[PDF support](sensitivity-labels-office-apps.md#pdf-support) \| Current Channel: 2205+ <br /><br> Monthly Enterprise Channel: 2205+ <br /><br> Semi-Annual Enterprise Channel: Under review\| Under review \| Under review \| Under review \| Under review \| \|[Apply S/MIME protection](sensitivity-labels-office-apps.md#configure-a-label-to-apply-smime-protection-in-outlook) \| Current Channel: 2211+ <br /><br> Monthly Enterprise Channel: 2211+ <br /><br> Semi-Annual Enterprise Channel: 2302+ \| 16.61+ <sup>\</sup> \| 4.2226+ \| 4.2203+ \| Under review \| -\|[Sensitivity bar](sensitivity-labels-office-apps.md#sensitivity-bar) and [display label color](sensitivity-labels-office-apps.md#label-colors) \| Preview: [Beta Channel](https://office.com/insider) \| Under review \| Under review \| Under review \| Under review \| +\|[Sensitivity bar](sensitivity-labels-office-apps.md#sensitivity-bar) and [display label color](sensitivity-labels-office-apps.md#label-colors) \| Preview: Rolling out to [Current Channel (Preview)](https://office.com/insider) \| Under review \| Under review \| Under review \| Under review \| \|[Default sublabel for parent label](sensitivity-labels-office-apps.md#specify-a-default-sublabel-for-a-parent-label)\| Preview: [Beta Channel](https://office.com/insider) \| Under review \| Under review \| Under review \| Under review \| Footnotes:
compliance	Sit Defn All Creds	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-all-creds.md	description: "All credentials sensitive information type entity definition." "All credentials" is a bundled-entity sensitive information type (SIT). It detects credentials from all supported services and environments, which include Amazon, Azure, GitHub, Google, Microsoft general, Slack and more. -For information about implementing bundled SITs, see [Learn about named entities](named-entities-learn.md). For information about configuring endpoints and the supported file types, see [Configure endpoint data loss prevention settings](dlp-configure-endpoint-settings.md#advanced-classification-scanning-and-protection). - +For information about implementing bundled SITs, see [Learn about named entities](named-entities-learn.md). For information about configuring endpoints and the supported file types, see [Advanced classification scanning and protection](dlp-configure-endpoint-settings.md#advanced-classification-scanning-and-protection). [!INCLUDE [purview-preview](../includes/purview-preview.md)]
compliance	Sit Get Started Exact Data Match Hash Upload	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-get-started-exact-data-match-hash-upload.md	This article shows you how to hash and upload your sensitive information source ## Hash and upload the sensitive information source table -In this phase you: +In this phase, you: 1. Set up a custom security group and user account. 2. Set up the EDM Upload Agent tool. The hashing and uploading can be done using one computer or you can separate the If you want to hash and upload from one computer, you need to do it from a computer that can directly connect to your Microsoft 365 tenant. This requires that your clear text sensitive information source table file is on that computer for hashing. -If you do not want to expose your clear text sensitive information source table file on the direct access computer, you can hash it on a computer that's in a secure location and then copy the hash file and the salt file to a computer that can directly connect to your Microsoft 365 tenant for upload. In the separated hash and upload scenario, you'll need the EDMUploadAgent on both computers. +If you don't want to expose your clear-text sensitive information source table file on the direct access computer, you can hash it on a computer in a secure location. Then you can copy the hash file and the salt file to a computer that can directly connect to your Microsoft 365 tenant for upload. In the separated hash and upload scenario, you need the EDMUploadAgent on both computers. > [!IMPORTANT] > If you used the Exact Data Match schema and sensitive information type wizard to create your schema file, you *must* download the schema for this procedure if you haven't already done so. See, [Export of the EDM schema file in XML format](sit-get-started-exact-data-match-create-schema.md#export-of-the-edm-schema-file-in-xml-format). If you do not want to expose your clear text sensitive information source table Separate the processes of hashing and uploading the sensitive data so you can more easily isolate any issues in the process. -Once in production, keep the two steps separate in most cases. Performing the hashing process on an isolated computer and then transferring the file for upload to an internet-facing computer ensures the actual data is never available in clear text form in a computer that could have been compromised due to its connection to the Internet. +Once in production, keep the two steps separate in most cases. Performing the hashing process on an isolated computer and then transferring the file for upload to an internet-facing computer ensures that the actual data is never available in clear text form on a computer that could have been compromised due to its connection to the Internet. ### Ensure your sensitive data table doesn't have formatting issues You can validate that the table is in a format suitable to use with EDM by using EdmUploadAgent.exe /ValidateData /DataFile [data file] /Schema [schema file] ``` -If the tool indicates a mismatch in number of columns it might be due to the presence of commas or quote characters within values in the table which are being confused with column delimiters. Unless they are surrounding a whole value, single and double quotes can cause the tool to misidentify where an individual column starts or ends. +If the tool indicates a mismatch in number of columns, it might be due to the presence of commas or quote characters within values in the table that are being confused with column delimiters. Unless they're surrounding a whole value, single and double quotes can cause the tool to misidentify where an individual column starts or ends. If you find single or double quote characters surrounding full values: you can leave them as they are. -If you find single quote characters or commas inside a value: for example the person's name Tom O'Neil or the city 's-Gravenhage which starts with an apostrophe character, you will need to modify the data export process used to generate the sensitive information table to surround such columns with double quotes. +If you find single quote characters or commas inside a value: for example the person's name Tom O'Neil or the city 's-Gravenhage, which starts with an apostrophe character, you need to modify the data export process used to generate the sensitive information table and surround such columns with double quotes. -If double quote characters are found inside values, it might be preferable to use the Tab-delimited format for the table which is less susceptible to such issues. +If double quote characters are found inside values, it might be preferable to use the Tab-delimited format for the table that is less susceptible to such issues. ### Prerequisites -- a work or school account for Microsoft 365 that will be added to the EDM\_DataUploaders security group +- a work or school account for Microsoft 365 to add to the EDM\_DataUploaders security group - a Windows 10, Windows Server 2016 with .NET version 4.6.2, or a Windows Server 2019 machine<!--4.7.2 un comment this around 9/29--> for running the EDMUploadAgent - a directory on your upload machine for the: - [EDM Upload Agent](#links-to-edm-upload-agent-by-subscription-type) Install the [EDM Upload Agent](#links-to-edm-upload-agent-by-subscription-type) 1. As a global administrator, go to the admin center using the appropriate [link for your subscription](sit-get-started-exact-data-match-based-sits-overview.md#portal-links-for-your-subscription) and [create a security group](/office365/admin/email/create-edit-or-delete-a-security-group) called EDM\_DataUploaders. -2. Add one or more users to the EDM\_DataUploaders security group. (These users will manage the database of sensitive information.) +2. Add one or more users to the EDM\_DataUploaders security group. (These users manage the database of sensitive information.) ### Hash and upload from one computer This computer must have direct access to your Microsoft 365 tenant. #### Links to EDM upload agent by subscription type -- [Commercial + GCC](https://go.microsoft.com/fwlink/?linkid=2088639) - most commercial customers should use this-- [GCC-High](https://go.microsoft.com/fwlink/?linkid=2137521) - This is specifically for high security government cloud subscribers-- [DoD](https://go.microsoft.com/fwlink/?linkid=2137807) - this is specifically for United States Department of Defense cloud customers- 1. Create a working directory for the EDMUploadAgent. For example, C:\EDM\Data. Place the PatientRecords.csv file there. 2. Download and install the appropriate [EDM Upload Agent](#links-to-edm-upload-agent-by-subscription-type) for your subscription into the directory you created in step 1. + - [Commercial + GCC](https://go.microsoft.com/fwlink/?linkid=2088639) - Most commercial customers should use this option. + - [GCC-High](https://go.microsoft.com/fwlink/?linkid=2137521) - This option is specifically for high-security government cloud subscribers. + - [DoD](https://go.microsoft.com/fwlink/?linkid=2137807) - This option is specifically for United States Department of Defense cloud customers. + > [!NOTE] > The EDMUploadAgent at the above links has been updated to automatically add a salt value to the hashed data. Alternately, you can provide your own salt value. Once you have used this version, you will not be able to use the previous version of the EDMUploadAgent. > This computer must have direct access to your Microsoft 365 tenant. 4. Sign in with your work or school account for Microsoft 365 that was added to the EDM_DataUploaders security group. Your tenant information is extracted from the user account to make the connection. - OPTIONAL: If you used the Exact Data Match schema and sensitive information type wizard to create your schema, you *must* download it for use in this procedures if you haven't already. Run this command in a Command Prompt window: + OPTIONAL: If you used the Exact Data Match schema and sensitive information type wizard to create your schema, you *must* download it for use in this procedure if you haven't already. Run this command in a Command Prompt window: ```dos EdmUploadAgent.exe /SaveSchema /DataStoreName <schema name> /OutputDir <path to output folder> This computer must have direct access to your Microsoft 365 tenant. > > Example: `EdmUploadAgent.exe /UploadData /DataStoreName PatientRecords /DataFile C:\Edm\Hash\PatientRecords.csv /HashLocation C:\Edm\Hash /Schema edm.xml /AllowedBadLinesPercentage 5` - If your sensitive information table has some incorrectly formatted values, but you want to import the remaining data while ignoring invalid rows anyway, you can use the /AllowedBadLinesPercentage parameter in the command. The example above specifies a five percent threshold. This means that the tool will hash and upload the sensitive information table even if up to five percent of the rows are invalid. + If your sensitive information table has some incorrectly formatted values, but you still want to import the remaining data while ignoring invalid rows, you can use the /AllowedBadLinesPercentage parameter in the command. The example above specifies a five percent threshold. This means that the tool hashes and uploads the sensitive information table, even if up to five percent of the rows are invalid. - This command will automatically add a randomly generated salt value to the hash for greater security. Optionally, if you want to use your own salt value, add the /Salt \<saltvalue\> to the command. This value must be 64 characters in length and can only contain the a-z characters and 0-9 characters. + This command automatically adds a randomly generated salt value to the hash for greater security. Optionally, if you want to use your own salt value, add the /Salt \<saltvalue\> to the command. This value must be 64 characters in length and can only contain the a-z characters and 0-9 characters. 6. Check the upload status by running this command: EdmUploadAgent.exe /SaveSchema /DataStoreName <schema name> /OutputDir <path to > [!NOTE] > The default format for the sensitive data file is comma-separated values. You can specify a tab-separated file by indicating the "{Tab}" option with the /ColumnSeparator parameter, or you can specify a pipe-separated file by indicating the "\|" option. - This will output a hashed file and a salt file with these extensions if you didn't specify the /Salt \<saltvalue\> option: + This outputs a hashed file and a salt file with these extensions if you didn't specify the /Salt \<saltvalue\> option: - .EdmHash - .EdmSalt -2. Copy these files in a secure fashion to the computer you will use to upload your sensitive information source table file (PatientRecords) to your tenant. +2. Copy these files in a secure fashion to the computer you use to upload your sensitive information source table file (PatientRecords) to your tenant. 3. Authorize the EDM Upload Agent, open Command Prompt window as an administrator, switch to the C:\EDM\Data directory and then run the following command: EdmUploadAgent.exe /SaveSchema /DataStoreName <schema name> /OutputDir <path to EdmUploadAgent.exe /GetDataStore ``` - You'll see a list of data stores and when they were last updated. + You see a list of data stores and when they were last updated. 7. If you want to see all the data uploads to a particular store, run the following command in a Windows command prompt to see a list of all the data stores and when they were updated:
compliance	Whats New	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/whats-new.md	f1.keywords: Previously updated : 01/01/2023 Last updated : 02/27/2023 audience: Admin Whether it be adding new solutions to the [Microsoft Purview compliance portal]( ### Data lifecycle management and records management - Rolling out in preview: Auto-labeling retention policies now support [simulation mode](apply-retention-labels-automatically.md#learn-about-simulation-mode), so you can test out your policy configuration and view results before deploying in production. +- The configuration and management of [adaptive policy scopes](retention.md#adaptive-or-static-policy-scopes-for-retention) is moving to a new location in the Microsoft Purview compliance portal: Roles & Scopes \> Adaptive scopes. Additionally, a new role, Scope Manager, is required to create and manage adaptive scopes. This new role is included in the Records Management role group and other built-in role groups, such as Compliance Administrator. - New troubleshooting resources: - [Identify errors in Microsoft 365 retention and retention label policies](/microsoft-365/troubleshoot/retention/identify-errors-in-retention-and-retention-label-policies) - [Resolve errors in Microsoft 365 retention and retention label policies](/microsoft-365/troubleshoot/retention/resolve-errors-in-retention-and-retention-label-policies) Whether it be adding new solutions to the [Microsoft Purview compliance portal]( - In preview: New [Adaptive Protection guidance](/microsoft-365/compliance/insider-risk-management-adaptive-protection). Adaptive Protection in Microsoft Purview uses machine learning to identify and mitigate the most critical risks with the most effective [data loss prevention (DLP)](/microsoft-365/compliance/dlp-adaptive-protection-learn) protection controls dynamically, saving security teams valuable time while ensuring better data security. +### On-premises scanner + +- You can no longer configure the scanner in the Azure portal. To help you locate the equivalent configuration in the Microsoft Purview compliance portal, see [Configuration that you used to do in the Azure portal for Azure Information Protection](azure-portal-migration.md). + ### Permissions - In preview: [Support for Azure Active Directory administrative units](/microsoft-365/compliance/microsoft-365-compliance-center-permissions#administrative-units-preview). Administrative units let you subdivide your organization into smaller units, and then assign specific administrators that can manage only the members of those units.
enterprise	Setup Guides For Microsoft 365	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/setup-guides-for-microsoft-365.md	In this article: ## How to access advanced deployment guides in the Microsoft 365 admin center -Advanced deployment guides are accessible from the [Advanced deployment guides & assistance](https://aka.ms/advanceddeploymentguides) page in the Microsoft 365 admin center. When you access advanced deployment guides from the admin center, you can keep track of the status of your progress and return at any time to complete a guide. This functionality is not available when you access guides from the [Microsoft 365 Setup portal](https://aka.ms/setupguides). +Advanced deployment guides are accessible from the [Advanced deployment guides & assistance](https://go.microsoft.com/fwlink/?linkid=2224913) page in the Microsoft 365 admin center. When you access advanced deployment guides from the admin center, you can keep track of the status of your progress and return at any time to complete a guide. This functionality is not available when you access guides from the [Microsoft 365 Setup portal](https://aka.ms/setupguides). > [!NOTE] > You must be assigned an admin role such as _Global Reader_ to access advanced deployment guides in the Microsoft 365 admin center. Only admins with the _Global Administrator_ role can use the guides to change settings in the tenant. Advanced deployment guides are accessible from the [Advanced deployment guides & To reach the Advanced deployment guides & assistance page: -1. In the [Microsoft 365 admin center](https://aka.ms/advanceddeploymentguides), go to the Home page. +1. In the [Microsoft 365 admin center](https://go.microsoft.com/fwlink/?linkid=2224913), go to the Home page. 2. Find the _Training, guides & assistance_ card and click Advanced deployment guides & assistance. To reach the Advanced deployment guides & assistance page: Advanced deployment guides in the admin center require authentication to a Microsoft 365 tenant as an administrator or other role with access to the admin center, but guides in the Microsoft 365 Setup portal can be accessed by anyone. -\|Guide - [Setup Portal](https://aka.ms/setupguides) \|Guide - [Admin Center](https://aka.ms/advanceddeploymentguides) \|Description \| +\|Guide - [Setup Portal](https://aka.ms/setupguides) \|Guide - [Admin Center](https://go.microsoft.com/fwlink/?linkid=2224913) \|Description \| \|\|\|\| -\|[Prepare your environment guide](https://go.microsoft.com/fwlink/?linkid=2223234)\|[Prepare your environment guide](https://aka.ms/prepareyourenvironment)\|The Prepare your environment guide helps you prepare your organization's environment for Microsoft 365 and Office 365 services. Whatever your goals are, there are tasks you'll need to complete to ensure a successful deployment. To avoid any errors while preparing your environment, you're provided with step-by-step instructions to connect your domain, add users, assign licenses, set up email with Exchange Online, and install or deploy Office apps.\| -\|[Email setup guide](https://go.microsoft.com/fwlink/?linkid=2223145)\|[Email setup guide](https://aka.ms/office365setup)\|The Email setup guide provides you with the step-by-step guidance needed for configuring Exchange Online for your organization. This guidance includes setting up new email accounts, migrating email, and configuring email protection. For a successful email setup, use this advisor and you'll receive the recommended migration method based on your organization's current mail system, the number of mailboxes being migrated, and how you want to manage users and their access.\| -\|[Gmail contacts and calendar advisor](https://go.microsoft.com/fwlink/?linkid=2222987)\|[Gmail contacts and calendar advisor](https://aka.ms/gmailcontactscalendar)\|When you migrate a Gmail user's mailbox to Microsoft 365, email messages are migrated, but contacts and calendar items are not. The Gmail contacts and calendar advisor provides steps for importing Google contacts and Google calendar items to Microsoft 365 using import and export methods with Outlook.com, the Outlook client, or PowerShell.\| -\|\|[Microsoft 365 setup guide](https://aka.ms/microsoft365setupguide)\|The Microsoft 365 setup guide provides you with guidance when setting up productivity tools, security policies, and device management capabilities. With a Microsoft 365 Business Premium or Microsoft 365 for enterprise subscription, you can use this advisor to set up and configure your organization's devices.<br>You'll receive guidance and access to resources to enable your cloud services, update devices to the latest supported version of Windows 10, and join devices to Azure Active Directory (Azure AD), all in one central location.\| -\|\|[Remote work setup guide](https://aka.ms/remoteworksetup)\|The Remote work setup guide provides organizations with the tips and resources needed to ensure your users can successfully work remotely, your data is secure, and users' credentials are safeguarded.<br>You'll receive guidance to optimize remote workers' device traffic to both Microsoft 365 resources in the cloud and your organization's network, which will reduce the strain on your remote access VPN infrastructure.\| -\|[Windows 11 setup guide](https://go.microsoft.com/fwlink/?linkid=2223054)\|[Security analyzer](https://aka.ms/windows11setupguide)\|The Windows 11 setup guide helps customers find the best way to deploy or upgrade devices to Windows 11 and configure them for cloud management. The Windows 11 setup guide includes information on servicing strategy, automatic enrollment, Windows Autopilot, Configuration Manager integration, and more.\| -\|[Microsoft Edge setup guide](https://go.microsoft.com/fwlink/?linkid=2223317)\|[Microsoft Edge setup guide](https://aka.ms/edgeadvisoradmin)\|Microsoft Edge has been rebuilt from the ground up to bring you world-class compatibility and performance, the security and privacy you deserve, and new features designed to bring you the best of the web.<br>The Microsoft Edge setup guide will help you configure Enterprise Site Discovery to see which sites accessed in your org might need to use IE mode, review and configure important security features, configure privacy policies and compliance policies to meet your org's requirements, and manage web access on your devices. You can download Microsoft Edge to individual devices, or we'll show you how to deploy to multiple users in your org with Group Policy, Configuration Manager, or Microsoft Intune.\| -\|[Configure IE mode for Microsoft Edge guide](https://go.microsoft.com/fwlink/?linkid=2223137)\|[Configure IE mode for Microsoft Edge guide](https://aka.ms/configureiemodeadmin)\|If you've already deployed Microsoft Edge and only want to configure IE mode, the Configure IE mode for Microsoft Edge guide will give you scripts to automate the configuration of Enterprise Site Discovery. You'll also get IE mode recommendations from a cloud-based tool that will help you create an Enterprise Mode Site List to deploy to your users.\| -\|\|[Microsoft Search setup guide](https://aka.ms/MicrosoftSearchSetup)\|Microsoft Search helps your organization find what they need to complete what they're working on. Whether it's searching for people, files, org charts, sites, or answers to common questions, your org can use Microsoft Search throughout their workday to get answers.<br>The Microsoft Search setup guide helps you configure Microsoft Search whether you want to pilot it to a group of users or roll it out to everyone in your org. You'll assign Search admins and Search editors and then customize the search experience for your users with answers and more options, like adding the Bing extension to Chrome or setting Bing as your default search engine.\| -\|\|[Block use of Internet Explorer in your organization guide](https://aka.ms/retireinternetexplorer)\|Microsoft support for Internet Explorer 11 is ending soon for most versions of Windows 10. The Block use of Internet Explorer in your organization guide ensures that your users can still run legacy web apps that rely on Internet Explorer. This guide also helps you move those users to Microsoft Edge with IE mode.\| +\|[Prepare your environment guide](https://go.microsoft.com/fwlink/?linkid=2223234)\|[Prepare your environment guide](https://go.microsoft.com/fwlink/?linkid=2224195)\|The Prepare your environment guide helps you prepare your organization's environment for Microsoft 365 and Office 365 services. Whatever your goals are, there are tasks you'll need to complete to ensure a successful deployment. To avoid any errors while preparing your environment, you're provided with step-by-step instructions to connect your domain, add users, assign licenses, set up email with Exchange Online, and install or deploy Office apps.\| +\|[Email setup guide](https://go.microsoft.com/fwlink/?linkid=2223145)\|[Email setup guide](https://go.microsoft.com/fwlink/?linkid=2224461)\|The Email setup guide provides you with the step-by-step guidance needed for configuring Exchange Online for your organization. This guidance includes setting up new email accounts, migrating email, and configuring email protection. For a successful email setup, use this advisor and you'll receive the recommended migration method based on your organization's current mail system, the number of mailboxes being migrated, and how you want to manage users and their access.\| +\|[Gmail contacts and calendar advisor](https://go.microsoft.com/fwlink/?linkid=2222987)\|[Gmail contacts and calendar advisor](https://go.microsoft.com/fwlink/?linkid=2224296)\|When you migrate a Gmail user's mailbox to Microsoft 365, email messages are migrated, but contacts and calendar items are not. The Gmail contacts and calendar advisor provides steps for importing Google contacts and Google calendar items to Microsoft 365 using import and export methods with Outlook.com, the Outlook client, or PowerShell.\| +\|\|[Microsoft 365 setup guide](https://go.microsoft.com/fwlink/?linkid=2224293)\|The Microsoft 365 setup guide provides you with guidance when setting up productivity tools, security policies, and device management capabilities. With a Microsoft 365 Business Premium or Microsoft 365 for enterprise subscription, you can use this guide to set up and configure your organization's devices.<br>You'll receive guidance and access to resources to enable your cloud services, update devices to the latest supported version of Windows 10, and join devices to Azure Active Directory (Azure AD), all in one central location.\| +\|\|[Remote work setup guide](https://go.microsoft.com/fwlink/?linkid=2224692)\|The Remote work setup guide provides organizations with the tips and resources needed to ensure your users can successfully work remotely, your data is secure, and users' credentials are safeguarded.<br>You'll receive guidance to optimize remote workers' device traffic to both Microsoft 365 resources in the cloud and your organization's network, which will reduce the strain on your remote access VPN infrastructure.\| +\|[Windows 11 setup guide](https://go.microsoft.com/fwlink/?linkid=2223054)\|[Windows 11 setup guide](https://go.microsoft.com/fwlink/?linkid=2224778)\|The Windows 11 setup guide helps customers find the best way to deploy or upgrade devices to Windows 11 and configure them for cloud management. The Windows 11 setup guide includes information on servicing strategy, automatic enrollment, Windows Autopilot, Configuration Manager integration, and more.\| +\|[Microsoft Edge setup guide](https://go.microsoft.com/fwlink/?linkid=2223317)\|[Microsoft Edge setup guide](https://go.microsoft.com/fwlink/?linkid=2224189)\|Microsoft Edge has been rebuilt from the ground up to bring you world-class compatibility and performance, the security and privacy you deserve, and new features designed to bring you the best of the web.<br>The Microsoft Edge setup guide will help you configure Enterprise Site Discovery to see which sites accessed in your org might need to use IE mode, review and configure important security features, configure privacy policies and compliance policies to meet your org's requirements, and manage web access on your devices. You can download Microsoft Edge to individual devices, or we'll show you how to deploy to multiple users in your org with Group Policy, Configuration Manager, or Microsoft Intune.\| +\|[Configure IE mode for Microsoft Edge guide](https://go.microsoft.com/fwlink/?linkid=2223137)\|[Configure IE mode for Microsoft Edge guide](https://go.microsoft.com/fwlink/?linkid=2224688)\|If you've already deployed Microsoft Edge and only want to configure IE mode, the Configure IE mode for Microsoft Edge guide will give you scripts to automate the configuration of Enterprise Site Discovery. You'll also get IE mode recommendations from a cloud-based tool that will help you create an Enterprise Mode Site List to deploy to your users.\| +\|\|[Microsoft Search setup guide](https://go.microsoft.com/fwlink/?linkid=2224295)\|Microsoft Search helps your organization find what they need to complete what they're working on. Whether it's searching for people, files, org charts, sites, or answers to common questions, your org can use Microsoft Search throughout their workday to get answers.<br>The Microsoft Search setup guide helps you configure Microsoft Search whether you want to pilot it to a group of users or roll it out to everyone in your org. You'll assign Search admins and Search editors and then customize the search experience for your users with answers and more options, like adding the Bing extension to Chrome or setting Bing as your default search engine.\| +\|\|[Block use of Internet Explorer in your organization guide](https://go.microsoft.com/fwlink/?linkid=2225100)\|Microsoft support for Internet Explorer 11 is ending soon for most versions of Windows 10. The Block use of Internet Explorer in your organization guide ensures that your users can still run legacy web apps that rely on Internet Explorer. This guide also helps you move those users to Microsoft Edge with IE mode.\| ## Guides for authentication and access -\|Guide - [Setup Portal](https://aka.ms/setupguides) \|Guide - [Admin Center](https://aka.ms/advanceddeploymentguides) \|Description \| +\|Guide - [Setup Portal](https://aka.ms/setupguides) \|Guide - [Admin Center](https://go.microsoft.com/fwlink/?linkid=2224913) \|Description \| \|\|\|\| -\|\|[Configure multi-factor authentication (MFA) guide](https://aka.ms/MFASetupGuide)\|The Configure multi-factor authentication (MFA) guide provides information to secure your organization against breaches due to lost or stolen credentials. MFA immediately increases account security by prompting for multiple forms of verification to prove a user's identity when they sign in to an app or other company resource. This prompt could be to enter a code on the user's mobile device or to provide a fingerprint scan. MFA is enabled through Conditional Access, security defaults, or per-user MFA. This guide will provide the recommended MFA option for your org, based on your licenses and existing configuration.\| -\|\|[Identity security for Teams guide](https://aka.ms/teamsidentity)\|The Identity security for Teams guide helps you with some basic security steps you can take to ensure your users are safe and have the most productive time using Teams.\| -\|[Add or sync users to Microsoft 365 guide](https://go.microsoft.com/fwlink/?linkid=2223230)\|[Add or sync users to Microsoft 365 guide](https://aka.ms/directorysyncsetup)\|The Add or sync users to Microsoft 365 guide will help streamline the process of getting your user accounts set up in Microsoft 365. Based on your environment and needs, you can choose to add users individually, migrate your on-premises directory with Azure AD cloud sync or Azure AD Connect, or troubleshoot existing sync problems when necessary.\| +\|\|[Configure multi-factor authentication (MFA) guide](https://go.microsoft.com/fwlink/?linkid=2224780)\|The Configure multi-factor authentication (MFA) guide provides information to secure your organization against breaches due to lost or stolen credentials. MFA immediately increases account security by prompting for multiple forms of verification to prove a user's identity when they sign in to an app or other company resource. This prompt could be to enter a code on the user's mobile device or to provide a fingerprint scan. MFA is enabled through Conditional Access, security defaults, or per-user MFA. This guide will provide the recommended MFA option for your org, based on your licenses and existing configuration.\| +\|\|[Identity security for Teams guide](https://go.microsoft.com/fwlink/?linkid=2224786)\|The Identity security for Teams guide helps you with some basic security steps you can take to ensure your users are safe and have the most productive time using Teams.\| \|[Azure AD setup guide](https://go.microsoft.com/fwlink/?linkid=2223229)\|[Azure AD setup guide](https://aka.ms/aadpguidance)\|The Azure AD setup guide provides information to ensure your organization has a strong security foundation. In this guide you'll set up initial features, like Azure Role-based access control (Azure RBAC) for admins, Azure AD Connect for your on-premises directory, and Azure AD Connect Health, so you can monitor your hybrid identity's health during automated syncs.<br>It also includes essential information on enabling self-service password resets, conditional access and integrated third party sign-on including optional advanced identity protection and user provisioning automation.\| -\|[Sync users from your Windows Server Active Directory guide](https://go.microsoft.com/fwlink/?linkid=2223230)\|[Sync users from your Windows Server Active Directory guide](https://aka.ms/directorysyncsetup)\|The Sync users from your Windows Server Active Directory guide walks you through turning on directory synchronization. Directory synchronization brings your on-premises and cloud identities together for easier access and simplified management. Unlock new capabilities, like single sign-on, self-service options, automatic account provisioning, conditional access controls, and compliance policies. These capabilities ensure your users have access to the resources they need from anywhere.\| -\|\|[Plan your passwordless deployment guide](https://aka.ms/passwordlesssetup)\|Use the Plan your passwordless deployment guide to discover the best passwordless authentication methods to use and receive guidance on how to upgrade to an alternative sign-in approach that allows users to access their devices securely with one of the following passwordless authentication methods:<ul><li>Windows Hello for Business</li><li>The Microsoft Authenticator app</li><li>Security keys</li></ul>\| -\|\|[Integrate a third-party cloud app with Azure AD guide](https://aka.ms/AzureAppSetup)\|The Integrate a third-party cloud app with Azure AD guide helps IT admins select and configure the app.\| -\|[Plan your self-service password reset (SSPR) deployment guide](https://go.microsoft.com/fwlink/?linkid=2223231)\|[Plan your self-service password reset (SSPR) deployment guide](https://aka.ms/SSPRSetupGuide)\|Give users the ability to change or reset their password independently, if their account is locked, or they forget their password without the need to contact a helpdesk engineer.<br>Use the Plan your self-service password reset (SSPR) deployment guide to receive relevant articles and instructions for configuring the appropriate Azure portal options to help you deploy SSPR in your environment.\| +\|[Add or sync users to Azure AD guide](https://go.microsoft.com/fwlink/?linkid=2223230)\|[Add or sync users to Azure AD guide](https://go.microsoft.com/fwlink/?linkid=2224811)\|The Add or sync users to Azure AD guide walks you through turning on directory synchronization. Directory synchronization brings your on-premises and cloud identities together for easier access and simplified management. Unlock new capabilities, like single sign-on, self-service options, automatic account provisioning, conditional access controls, and compliance policies. These capabilities ensure your users have access to the resources they need from anywhere.\| +\|\|[Plan your passwordless deployment guide](https://go.microsoft.com/fwlink/?linkid=2224194)\|Use the Plan your passwordless deployment guide to discover the best passwordless authentication methods to use and receive guidance on how to upgrade to an alternative sign-in approach that allows users to access their devices securely with one of the following passwordless authentication methods:<ul><li>Windows Hello for Business</li><li>The Microsoft Authenticator app</li><li>Security keys</li></ul>\| +\|\|[Secure your cloud apps with Single Sign on (SSO) guide](https://go.microsoft.com/fwlink/?linkid=2224689)\|The Secure your cloud apps with Single Sign on (SSO) guide helps IT admins configure third-party cloud apps with single sign-on, which reduces or eliminates sign-in prompts.\| +\|[Plan your self-service password reset (SSPR) deployment guide](https://go.microsoft.com/fwlink/?linkid=2223231)\|[Plan your self-service password reset (SSPR) deployment guide](https://go.microsoft.com/fwlink/?linkid=2224781)\|Give users the ability to change or reset their password independently, if their account is locked, or they forget their password without the need to contact a helpdesk engineer.<br>Use the Plan your self-service password reset (SSPR) deployment guide to receive relevant articles and instructions for configuring the appropriate Azure portal options to help you deploy SSPR in your environment.\| ## Guides for security and compliance -\|Guide - [Setup Portal](https://aka.ms/setupguides) \|Guide - [Admin Center](https://aka.ms/advanceddeploymentguides) \|Description \| +\|Guide - [Setup Portal](https://aka.ms/setupguides) \|Guide - [Admin Center](https://go.microsoft.com/fwlink/?linkid=2224913) \|Description \| \|\|\|\| -\|[Security analyzer](https://go.microsoft.com/fwlink/?linkid=2223325)\|[Security analyzer](https://aka.ms/securityanalyzer)\|The Security analyzer will analyze your security approach and introduce you to Microsoft integrated security and compliance solutions that can improve your security posture. You'll learn about advanced features, such as managing identities and helping to protect against modern attacks. You can then sign up for a trial subscription and be pointed to the corresponding setup guidance for each solution.\| -\|[Set up your Microsoft Zero Trust security model](https://go.microsoft.com/fwlink/?linkid=2222968)\|[Set up your Microsoft Zero Trust security model](https://aka.ms/zerotrustsetup )\|Use the Set up your Zero Trust security model guide to configure security that effectively adapts to the complexity of the modern environment, embraces the hybrid workplace, and helps protect people, devices, apps, and data wherever they're located. Key recommendations include: always authenticate, limit user access, minimize the blast radius, segment access, verify end-to-end encryption, and use analytics to get visibility, drive threat detection, and improve defenses.\| -\|[Microsoft Intune setup guide](https://go.microsoft.com/fwlink/?linkid=2223058)\|[Microsoft Intune setup guide](https://aka.ms/intunesetupguide)\|Set up Microsoft Intune to manage devices in your organization. For full control of corporate devices, you'll use Intune's mobile device management (MDM) features. To manage your organization's data on shared and personal devices, you can use Intune's mobile application management (MAM) features.<br>With the Microsoft Intune setup guide, you'll set up device and app compliance policies, assign app protection policies, and monitor the device and app protection status.\| -\|[Microsoft Defender for Endpoint setup guide](https://go.microsoft.com/fwlink/?linkid=2223155)\|[Microsoft Defender for Endpoint setup guide](https://aka.ms/mdatpsetup)\|The Microsoft Defender for Endpoint setup guide provides instructions that will help your enterprise network prevent, detect, investigate, and respond to advanced threats. Make an informed assessment of your organization's vulnerability and decide which deployment package and configuration methods are best.<br>NOTE: A Microsoft Volume License is required for Microsoft Defender for Endpoint.\| -\|\|[Exchange Online Protection setup guide](https://aka.ms/EOPguidance)\|Microsoft Exchange Online Protection (EOP) is a cloud-based email filtering service for protection against spam and malware, with features to safeguard your organization from messaging policy violations.<br>Use the Exchange Online Protection setup guide to set up EOP by selecting which of the three deployment scenarios—on-premises mailboxes, hybrid (mix of on-premises and cloud) mailboxes, or all cloud mailboxes—fits your organization. The guide provides information and resources to set up and review your user's licensing, assign permissions in the Microsoft 365 admin center, and configure your organization's anti-malware and spam policies in the Security & Compliance Center.\| -\|[Microsoft Defender for Office 365 setup guide](https://go.microsoft.com/fwlink/?linkid=2222971)\|[Microsoft Defender for Office 365 setup guide](https://aka.ms/oatpsetup)\|The Microsoft Defender for Office 365 setup guide safeguards your organization against malicious threats that your environment might come across through email messages, links, and third party collaboration tools. This guide provides you with the resources and information to help you prepare and identify the Defender for Office 365 plan to fit your organization's needs.\| -\|[Microsoft Defender for Identity setup guide](https://go.microsoft.com/fwlink/?linkid=2222970)\|[Microsoft Defender for Identity setup guide](https://aka.ms/DefenderforIdentitysetup)\|The Microsoft Defender for Identity setup guide provides security solution set-up guidance to identify, detect, and investigate advanced threats that might compromise user identities. These include detecting suspicious user activities and malicious insider actions directed at your organization. You'll create a Defender for Identity instance, connect to your organization's Active Directory, and then set up sensors, alerts, notifications, and configure your unique portal preferences.\| -\|[Insider risk solutions setup guide](https://go.microsoft.com/fwlink/?linkid=2223415)\|[Insider risk solutions setup guide](https://aka.ms/Insiderrisksetup)\|The Insider risk solutions setup guide helps you protect your organization against insider risks that can be challenging to identify and difficult to mitigate. Insider risks occur in a variety of areas and can cause major problems for organizations, ranging from the loss of intellectual property to workplace harassment, and more.<br>The solutions in this guide will help you gain visibility into user activities, actions, and communications with native signals and enrichments from across your organization:<ul><li>With the communication compliance solution, you can identify and act on communication risks for items like workplace violence, insider trading, harassment, code of conduct, and regulatory compliance violations.</li><li>The insider risk management solution helps you identify, investigate, and take action on risks for intellectual property theft, sensitive data leaks, security violations, data spillage, and confidentiality violations.</li></ul>\| -\|[Microsoft Purview Information Protection setup guide](https://go.microsoft.com/fwlink/?linkid=2222967)\|[Microsoft Purview Information Protection setup guide](https://aka.ms/microsoftpurviewinformationprotectionsetupguide)\|Get an overview of the capabilities you can apply to your information protection strategy so you can be confident your sensitive information is protected. Use a four-stage lifecycle approach in which you discover, classify, protect, and monitor sensitive information. The Microsoft Purview Information Protection setup guide provides guidance for completing each of these stages.\| -\|[Microsoft Purview Data Lifecycle Management setup guide](https://go.microsoft.com/fwlink/?linkid=2223154)\|[Microsoft Purview Data Lifecycle Management setup guide](https://aka.ms/migsetupguide)\|The Microsoft Purview Data Lifecycle Management setup guide provides you with the information you'll need to set up and manage your organization's governance strategy, to ensure that your data is classified and managed according to the specific lifecycle guidelines you set. With this guide, you'll learn how to create, auto-apply, or publish retention labels, retention label policies, and retention policies that are applied to your organization's content and compliance records. You'll also get information on importing CSV files with a file plan for bulk scenarios or for applying them manually to individual documents.\| -\|[Microsoft Defender for Cloud Apps setup guide](https://go.microsoft.com/fwlink/?linkid=2222969)\|[Microsoft Defender for Cloud Apps setup guide](https://aka.ms/cloudappsecuritysetup)\|The Microsoft Defender for Cloud Apps setup guide provides easy to follow deployment and management guidance to set up your Cloud Discovery solution. With Cloud Discovery, you'll integrate your supported security apps, and then you'll use traffic logs to dynamically discover and analyze the cloud apps that your organization uses. You'll also set up features available through the Defender for Cloud Apps solution, including threat detection policies to identify high-risk use, information protection policies to define access, and real-time session controls to monitor activity. With these features, your environment gets enhanced visibility, control over data movement, and analytics to identify and combat cyberthreats across all your Microsoft and third party cloud services.\| -\|[Microsoft 365 auditing solutions guide](https://go.microsoft.com/fwlink/?linkid=2223153)\|[Microsoft 365 auditing solutions guide](https://aka.ms/auditsolutionsetup)\|The Microsoft 365 auditing solutions guide provides an integrated solution to help organizations effectively respond to security events, forensic investigations, and compliance obligations. When you use the auditing solutions in Microsoft 365, you can search the audit log for activities performed in different Microsoft 365 services.\| -\|[eDiscovery solutions setup guide](https://go.microsoft.com/fwlink/?linkid=2223416)\|[eDiscovery solutions setup guide](https://aka.ms/ediscoverysolutionsetup)\|eDiscovery is the process of identifying and delivering electronic information that can be used as evidence in legal cases. The eDiscovery solutions setup guide assists in the use of eDiscovery tools in Microsoft Purview that allow you to search for content in Exchange Online, OneDrive for Business, SharePoint Online, Microsoft Teams, Microsoft 365 Groups, and Yammer communities.\| +\|[Security analyzer](https://go.microsoft.com/fwlink/?linkid=2223325)\|[Security analyzer](https://go.microsoft.com/fwlink/?linkid=2224900)\|The Security analyzer will analyze your security approach and introduce you to Microsoft integrated security and compliance solutions that can improve your security posture. You'll learn about advanced features, such as managing identities and helping to protect against modern attacks. You can then sign up for a trial subscription and be pointed to the corresponding setup guidance for each solution.\| +\|[Set up your Microsoft Zero Trust security model](https://go.microsoft.com/fwlink/?linkid=2222968)\|[Set up your Microsoft Zero Trust security model](https://go.microsoft.com/fwlink/?linkid=2224820)\|Use the Set up your Zero Trust security model guide to configure security that effectively adapts to the complexity of the modern environment, embraces the hybrid workplace, and helps protect people, devices, apps, and data wherever they're located. Key recommendations include: always authenticate, limit user access, minimize the blast radius, segment access, verify end-to-end encryption, and use analytics to get visibility, drive threat detection, and improve defenses.\| +\|[Microsoft Intune setup guide](https://go.microsoft.com/fwlink/?linkid=2223058)\|[Microsoft Intune setup guide](https://go.microsoft.com/fwlink/?linkid=2224812)\|Set up Microsoft Intune to manage devices in your organization. For full control of corporate devices, you'll use Intune's mobile device management (MDM) features. To manage your organization's data on shared and personal devices, you can use Intune's mobile application management (MAM) features.<br>With the Microsoft Intune setup guide, you'll set up device and app compliance policies, assign app protection policies, and monitor the device and app protection status.\| +\|[Microsoft Defender for Endpoint setup guide](https://go.microsoft.com/fwlink/?linkid=2223155)\|[Microsoft Defender for Endpoint setup guide](https://go.microsoft.com/fwlink/?linkid=2224785)\|The Microsoft Defender for Endpoint setup guide provides instructions that will help your enterprise network prevent, detect, investigate, and respond to advanced threats. Make an informed assessment of your organization's vulnerability and decide which deployment package and configuration methods are best.<br>NOTE: A Microsoft Volume License is required for Microsoft Defender for Endpoint.\| +\|\|[Exchange Online Protection setup guide](https://go.microsoft.com/fwlink/?linkid=2224191)\|Microsoft Exchange Online Protection (EOP) is a cloud-based email filtering service for protection against spam and malware, with features to safeguard your organization from messaging policy violations.<br>Use the Exchange Online Protection setup guide to set up EOP by selecting which of the three deployment scenarios—on-premises mailboxes, hybrid (mix of on-premises and cloud) mailboxes, or all cloud mailboxes—fits your organization. The guide provides information and resources to set up and review your user's licensing, assign permissions in the Microsoft 365 admin center, and configure your organization's anti-malware and spam policies in the Security & Compliance Center.\| +\|[Microsoft Defender for Office 365 setup guide](https://go.microsoft.com/fwlink/?linkid=2222971)\|[Microsoft Defender for Office 365 setup guide](https://go.microsoft.com/fwlink/?linkid=2224784)\|The Microsoft Defender for Office 365 setup guide safeguards your organization against malicious threats that your environment might come across through email messages, links, and third party collaboration tools. This guide provides you with the resources and information to help you prepare and identify the Defender for Office 365 plan to fit your organization's needs.\| +\|[Microsoft Defender for Identity setup guide](https://go.microsoft.com/fwlink/?linkid=2222970)\|[Microsoft Defender for Identity setup guide](https://go.microsoft.com/fwlink/?linkid=2224783)\|The Microsoft Defender for Identity setup guide provides security solution set-up guidance to identify, detect, and investigate advanced threats that might compromise user identities. These include detecting suspicious user activities and malicious insider actions directed at your organization. You'll create a Defender for Identity instance, connect to your organization's Active Directory, and then set up sensors, alerts, notifications, and configure your unique portal preferences.\| +\|[Microsoft Purview Communication Compliance and Insider Risk Management setup guide](https://go.microsoft.com/fwlink/?linkid=2223415)\|[Microsoft Purview Communication Compliance and Insider Risk Management setup guide](https://go.microsoft.com/fwlink/?linkid=2224188)\|The Microsoft Purview Communication Compliance and Insider Risk Management setup guide helps you protect your organization against insider risks that can be challenging to identify and difficult to mitigate. Insider risks occur in a variety of areas and can cause major problems for organizations, ranging from the loss of intellectual property to workplace harassment, and more.<br>The solutions in this guide will help you gain visibility into user activities, actions, and communications with native signals and enrichments from across your organization:<ul><li>With the communication compliance solution, you can identify and act on communication risks for items like workplace violence, insider trading, harassment, code of conduct, and regulatory compliance violations.</li><li>The insider risk management solution helps you identify, investigate, and take action on risks for intellectual property theft, sensitive data leaks, security violations, data spillage, and confidentiality violations.</li></ul>\| +\|[Microsoft Purview Information Protection setup guide](https://go.microsoft.com/fwlink/?linkid=2222967)\|[Microsoft Purview Information Protection setup guide](https://go.microsoft.com/fwlink/?linkid=2224687)\|Get an overview of the capabilities you can apply to your information protection strategy so you can be confident your sensitive information is protected. Use a four-stage lifecycle approach in which you discover, classify, protect, and monitor sensitive information. The Microsoft Purview Information Protection setup guide provides guidance for completing each of these stages.\| +\|[Microsoft Purview Data Lifecycle Management setup guide](https://go.microsoft.com/fwlink/?linkid=2223154)\|[Microsoft Purview Data Lifecycle Management setup guide](https://go.microsoft.com/fwlink/?linkid=2224686)\|The Microsoft Purview Data Lifecycle Management setup guide provides you with the information you'll need to set up and manage your organization's governance strategy, to ensure that your data is classified and managed according to the specific lifecycle guidelines you set. With this guide, you'll learn how to create, auto-apply, or publish retention labels, retention label policies, and retention policies that are applied to your organization's content and compliance records. You'll also get information on importing CSV files with a file plan for bulk scenarios or for applying them manually to individual documents.\| +\|[Microsoft Defender for Cloud Apps setup guide](https://go.microsoft.com/fwlink/?linkid=2222969)\|[Microsoft Defender for Cloud Apps setup guide](https://go.microsoft.com/fwlink/?linkid=2224814)\|The Microsoft Defender for Cloud Apps setup guide provides easy to follow deployment and management guidance to set up your Cloud Discovery solution. With Cloud Discovery, you'll integrate your supported security apps, and then you'll use traffic logs to dynamically discover and analyze the cloud apps that your organization uses. You'll also set up features available through the Defender for Cloud Apps solution, including threat detection policies to identify high-risk use, information protection policies to define access, and real-time session controls to monitor activity. With these features, your environment gets enhanced visibility, control over data movement, and analytics to identify and combat cyberthreats across all your Microsoft and third party cloud services.\| +\|[Microsoft Purview Auditing solutions in Microsoft 365 guide](https://go.microsoft.com/fwlink/?linkid=2223153)\|[Microsoft 365 Auditing solutions in Microsoft 365 guide](https://go.microsoft.com/fwlink/?linkid=2224816)\|The Microsoft Purview Auditing solutions in Microsoft 365 guide provides an integrated solution to help organizations effectively respond to security events, forensic investigations, and compliance obligations. When you use the auditing solutions in Microsoft 365, you can search the audit log for activities performed in different Microsoft 365 services.\| +\|[Microsoft Purview eDiscovery solutions setup guide](https://go.microsoft.com/fwlink/?linkid=2223416)\|[Microsoft Purview eDiscovery solutions setup guide](https://go.microsoft.com/fwlink/?linkid=2224465)\|eDiscovery is the process of identifying and delivering electronic information that can be used as evidence in legal cases. The Microsoft Purview eDiscovery solutions setup guide assists in the use of eDiscovery tools in Microsoft Purview that allow you to search for content in Exchange Online, OneDrive for Business, SharePoint Online, Microsoft Teams, Microsoft 365 Groups, and Yammer communities.\| ## Guides for collaboration -\|Guide - [Setup Portal](https://aka.ms/setupguides) \|Guide - [Admin Center](https://aka.ms/advanceddeploymentguides) \|Description \| +\|Guide - [Setup Portal](https://aka.ms/setupguides) \|Guide - [Admin Center](https://go.microsoft.com/fwlink/?linkid=2224913) \|Description \| \|\|\|\| -\|[Build your employee experience](https://go.microsoft.com/fwlink/?linkid=2223653)\|[Build your employee experience](https://aka.ms/EmployeeExperienceDashboard)\|Transform how your employees work together with the Employee experience dashboard. For seamless teamwork, use Microsoft 365 to create productive, aligned teams, and keep employees engaged with leadership and the rest of the organization. Help your employees be effective in all work activities. These guides will provide instructions on how to use SharePoint, Teams, and Yammer to build collaboration across your org to help drive productivity.\| -\|[Microsoft 365 Apps setup guide](https://go.microsoft.com/fwlink/?linkid=2223409)\|[Microsoft 365 Apps setup guide](https://aka.ms/OPPquickstartguide)\|The Microsoft 365 Apps setup guide helps you get your users' devices running the latest version of Office products like Word, Excel, PowerPoint, and OneNote. You'll get guidance on the various deployment methods that include easy self-install options to enterprise deployments with management tools. The instructions will help you assess your environment, figure out your specific deployment requirements, and implement the necessary support tools to ensure a successful installation.\| -\|\|[Mobile apps setup guide](https://aka.ms/officeappguidance)\|The Mobile apps setup guide provides instructions for the download and installation of Office apps on your Windows, iOS, and Android mobile devices. This guide provides you with step-by-step information to download and install Microsoft 365 and Office 365 apps on your phone and tablet devices.\| -\|[Microsoft Teams setup guide]( https://go.microsoft.com/fwlink/?linkid=2222975)\|[Microsoft Teams setup guide](https://aka.ms/teamsguidance)\|The Microsoft Teams setup guide provides your organization with guidance to set up team workspaces that host real-time conversations through messaging, calls, and audio or video meetings for both team and private communication. Use the tools in this guide to configure Guest access, set who can create teams, and add team members from a .csv file, all without the need to open a PowerShell session. You'll also get best practices for determining your organization's network requirements and ensuring a successful Teams deployment.\| -\|[Teams Phone setup guide](https://go.microsoft.com/fwlink/?linkid=2223356)\|[Teams Phone setup guide](https://aka.ms/teamsphonesetupguide)\|The Teams Phone setup guide helps you stay connected with the use of modern calling solutions. Apply key capabilities with a cloud-based, call-control system that supports the telephony workload for Teams. You can choose and deploy features from the available public switched telephone network (PSTN) connectivity options. You can also find assistance for other features, such as auto attendant, call queues, Audio Conferencing, caller ID, and live events.\| -\|[SharePoint setup guide](https://go.microsoft.com/fwlink/?linkid=2223320)\|[SharePoint setup guide](https://aka.ms/spoguidance)\|The SharePoint setup guide helps you set up your SharePoint document storage and content management, create sites, configure external sharing, migrate data and configure advanced settings, and drive user engagement and communication within your organization. You'll follow steps for configuring your content-sharing permission policies, choose your migration sync tools, and enable the security settings for your SharePoint environment.\| -\|[Surface Hub and Microsoft Teams Rooms setup guide](https://go.microsoft.com/fwlink/?linkid=2222974)\|[Surface Hub and Microsoft Teams Rooms setup guide](https://aka.ms/SetupSurfaceHub)\|The Surface Hub and Microsoft Teams Rooms setup guide will customize your experience based on your environment. If you're hosted in Exchange Online and using Microsoft Teams, the guide will automatically create your device account with the correct settings.\| -\|[OneDrive setup guide](https://go.microsoft.com/fwlink/?linkid=2223143)\|[OneDrive setup guide](https://aka.ms/ODfBquickstartguide)\|Use the OneDrive setup guide to get started with OneDrive file storage, sharing, collaboration, and syncing capabilities. OneDrive provides a central location where users can sync their Microsoft 365 Apps files, configure external sharing, migrate user data, and configure advanced security and device access settings. The OneDrive setup guide can be deployed using a OneDrive subscription or a standalone OneDrive plan.\| -\|[Yammer deployment advisor](https://go.microsoft.com/fwlink/?linkid=2223165)\|[Yammer deployment advisor](https://aka.ms/yammerdeploymentguide)\|Connect and engage across your organization with Yammer. The Yammer deployment advisor prepares your Yammer network by adding domains, defining admins, and combining Yammer networks. You'll get guidance to deploy Yammer and then customize the look, configure security and compliance, and refine the settings.\| +\|[Build your employee experience with Microsoft 365 and Microsoft Viva dashboard](https://go.microsoft.com/fwlink/?linkid=2223653)\|[Build your employee experience with Microsoft 365 and Microsoft Viva dashboard](https://go.microsoft.com/fwlink/?linkid=2224787)\|Transform how your employees work together with the Build your employee experience with Microsoft 365 and Microsoft Viva dashboard. For seamless teamwork, use Microsoft 365 to create productive, aligned teams, and keep employees engaged with leadership and the rest of the organization. Help your employees be effective in all work activities. These guides will provide instructions on how to use SharePoint, Teams, and Yammer to build collaboration across your org to help drive productivity.\| +\|[Microsoft 365 Apps setup guide](https://go.microsoft.com/fwlink/?linkid=2223409)\|[Microsoft 365 Apps setup guide](https://go.microsoft.com/fwlink/?linkid=2224187)\|The Microsoft 365 Apps setup guide helps you get your users' devices running the latest version of Office products like Word, Excel, PowerPoint, and OneNote. You'll get guidance on the various deployment methods that include easy self-install options to enterprise deployments with management tools. The instructions will help you assess your environment, figure out your specific deployment requirements, and implement the necessary support tools to ensure a successful installation.\| +\|\|[Mobile apps setup guide](https://go.microsoft.com/fwlink/?linkid=2224813)\|The Mobile apps setup guide provides instructions for the download and installation of Office apps on your Windows, iOS, and Android mobile devices. This guide provides you with step-by-step information to download and install Microsoft 365 and Office 365 apps on your phone and tablet devices.\| +\|[Microsoft Teams setup guide]( https://go.microsoft.com/fwlink/?linkid=2222975)\|[Microsoft Teams setup guide](https://go.microsoft.com/fwlink/?linkid=2224815)\|The Microsoft Teams setup guide provides your organization with guidance to set up team workspaces that host real-time conversations through messaging, calls, and audio or video meetings for both team and private communication. Use the tools in this guide to configure Guest access, set who can create teams, and add team members from a .csv file, all without the need to open a PowerShell session. You'll also get best practices for determining your organization's network requirements and ensuring a successful Teams deployment.\| +\|[Microsoft Teams Phone setup guide](https://go.microsoft.com/fwlink/?linkid=2223356)\|[Microsoft Teams Phone setup guide](https://go.microsoft.com/fwlink/?linkid=2224790)\|The Microsoft Teams Phone setup guide helps you stay connected with the use of modern calling solutions. Apply key capabilities with a cloud-based, call-control system that supports the telephony workload for Teams. You can choose and deploy features from the available public switched telephone network (PSTN) connectivity options. You can also find assistance for other features, such as auto attendant, call queues, Audio Conferencing, caller ID, and live events.\| +\|[SharePoint setup guide](https://go.microsoft.com/fwlink/?linkid=2223320)\|[SharePoint setup guide](https://go.microsoft.com/fwlink/?linkid=2224196)\|The SharePoint setup guide helps you set up your SharePoint document storage and content management, create sites, configure external sharing, migrate data and configure advanced settings, and drive user engagement and communication within your organization. You'll follow steps for configuring your content-sharing permission policies, choose your migration sync tools, and enable the security settings for your SharePoint environment.\| +\|[Surface Hub and Microsoft Teams Rooms setup guide](https://go.microsoft.com/fwlink/?linkid=2222974)\|[Surface Hub and Microsoft Teams Rooms setup guide](https://go.microsoft.com/fwlink/?linkid=2224463)\|The Surface Hub and Microsoft Teams Rooms setup guide will customize your experience based on your environment. If you're hosted in Exchange Online and using Microsoft Teams, the guide will automatically create your device account with the correct settings.\| +\|[OneDrive setup guide](https://go.microsoft.com/fwlink/?linkid=2223143)\|[OneDrive setup guide](https://go.microsoft.com/fwlink/?linkid=2224690)\|Use the OneDrive setup guide to get started with OneDrive file storage, sharing, collaboration, and syncing capabilities. OneDrive provides a central location where users can sync their Microsoft 365 Apps files, configure external sharing, migrate user data, and configure advanced security and device access settings. The OneDrive setup guide can be deployed using a OneDrive subscription or a standalone OneDrive plan.\| +\|[Yammer deployment advisor](https://go.microsoft.com/fwlink/?linkid=2223165)\|[Yammer deployment advisor](https://go.microsoft.com/fwlink/?linkid=2224694)\|Connect and engage across your organization with Yammer. The Yammer deployment advisor prepares your Yammer network by adding domains, defining admins, and combining Yammer networks. You'll get guidance to deploy Yammer and then customize the look, configure security and compliance, and refine the settings.\| ## Advanced guides -\|Guide - [Setup Portal](https://aka.ms/setupguides) \|Guide - [Admin Center](https://aka.ms/advanceddeploymentguides) \|Description \| +\|Guide - [Setup Portal](https://aka.ms/setupguides) \|Guide - [Admin Center](https://go.microsoft.com/fwlink/?linkid=2224913) \|Description \| \|\|\|\| -\|\|[In-place upgrade with Configuration Manager guide](https://aka.ms/win10upgradedemo)\|Use the In-place upgrade with Configuration Manager guide when upgrading Windows 7 and Windows 8.1 devices to the latest version of Windows 10. You'll use the script provided to check the prerequisites and automatically configure an in-place upgrade.\| -\|\|[Deploy Office to your users guide](https://aka.ms/proplusodt)\|Deploy Office apps from the cloud with the ability to customize your installation by using the Office Deployment Tool. The Deploy Office to your users guide helps you create a customized Office configuration with advanced settings, or you can use a pre-built recommended configuration. Whether your users are conducting a self-install or you're deploying to your users individually or in bulk, this advanced guide provides you with step-by-step instructions to give users an Office installation tailored to your organization.\| -\|\|[Deploy Office to remote users guide](https://aka.ms/officeremoteinstall)\|Now that working remotely is the norm, users need to receive your organization's Office settings when they're not connected to your internal network or when using their own devices.<br>Use the Deploy Office to remote users guide to create a customized Office installation and then send users a generated PowerShell script that will seamlessly install Office with your configuration.\| -\|\|[Deploy and update Microsoft 365 Apps with Configuration Manager advisor](https://aka.ms/oppinstall)\|For organizations using Configuration Manager, you can use the Deploy and update Microsoft 365 Apps with Configuration Manager advisor to generate a script that will automatically configure your Microsoft 365 Apps deployment using best practices recommended by FastTrack engineers. Use this guide to build your deployment groups, customize your Office apps and features, configure dynamic or lean installations, and then run the script to create the applications, automatic deployment rules, and device collections you need to target your deployment.\| -\|\|[Intune Configuration Manager co-management setup guide](https://aka.ms/comanagementsetup)\|Use the Intune Configuration Manager co-management setup guide to set up existing Configuration Manager client devices and new internet-based devices that your org wants to co-manage with both Microsoft Intune and Configuration Manager. Co-management allows you to manage Windows 10 devices and adds new functionality to your org's devices, while receiving the benefits of both solutions.\| -\|\|[SDS Rollover setup guide](https://aka.ms/sdsrolloversetupguide)\|The SDS Rollover setup guide provides the steps to help your organization sync student information data to Azure Active Directory and Office 365. This guide streamlines the term lifecycle management process by creating Office 365 Groups for Exchange Online and SharePoint Online, class teams for Microsoft Teams and OneNote, as well as Intune for Education, and rostering and single sign-on integration for third-party apps. You'll perform end-of-year closeout, tenant cleanup and archive, new school year preparation, and new school year launch. Then you can create new profiles using the sync deployment method that suits your organization.\| +\|\|[In-place upgrade with Configuration Manager guide](https://go.microsoft.com/fwlink/?linkid=2224789)\|Use the In-place upgrade with Configuration Manager guide when upgrading Windows 7 and Windows 8.1 devices to the latest version of Windows 10. You'll use the script provided to check the prerequisites and automatically configure an in-place upgrade.\| +\|\|[Deploy Office to your users guide](https://go.microsoft.com/fwlink/?linkid=2224458)\|Deploy Office apps from the cloud with the ability to customize your installation by using the Office Deployment Tool. The Deploy Office to your users guide helps you create a customized Office configuration with advanced settings, or you can use a pre-built recommended configuration. Whether your users are conducting a self-install or you're deploying to your users individually or in bulk, this advanced guide provides you with step-by-step instructions to give users an Office installation tailored to your organization.\| +\|\|[Deploy Office to remote users guide](https://go.microsoft.com/fwlink/?linkid=2224292)\|Now that working remotely is the norm, users need to receive your organization's Office settings when they're not connected to your internal network or when using their own devices.<br>Use the Deploy Office to remote users guide to create a customized Office installation and then send users a generated PowerShell script that will seamlessly install Office with your configuration.\| +\|\|[Deploy and update Microsoft 365 Apps with Configuration Manager advisor](https://go.microsoft.com/fwlink/?linkid=2224459)\|For organizations using Configuration Manager, you can use the Deploy and update Microsoft 365 Apps with Configuration Manager advisor to generate a script that will automatically configure your Microsoft 365 Apps deployment using best practices recommended by FastTrack engineers. Use this guide to build your deployment groups, customize your Office apps and features, configure dynamic or lean installations, and then run the script to create the applications, automatic deployment rules, and device collections you need to target your deployment.\| +\|\|[Intune Configuration Manager co-management setup guide](https://go.microsoft.com/fwlink/?linkid=2224782)\|Use the Intune Configuration Manager co-management setup guide to set up existing Configuration Manager client devices and new internet-based devices that your org wants to co-manage with both Microsoft Intune and Configuration Manager. Co-management allows you to manage Windows 10 devices and adds new functionality to your org's devices, while receiving the benefits of both solutions.\| +\|\|[SDS Rollover setup guide](https://go.microsoft.com/fwlink/?linkid=2224792)\|The SDS Rollover setup guide provides the steps to help your organization sync student information data to Azure Active Directory and Office 365. This guide streamlines the term lifecycle management process by creating Office 365 Groups for Exchange Online and SharePoint Online, class teams for Microsoft Teams and OneNote, as well as Intune for Education, and rostering and single sign-on integration for third-party apps. You'll perform end-of-year closeout, tenant cleanup and archive, new school year preparation, and new school year launch. Then you can create new profiles using the sync deployment method that suits your organization.\|
frontline	Virtual Appointments App	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/virtual-appointments-app.md	You can configure options such as whether attendees can [join from a a desktop o ![Information icon](media/info.png) This feature is now part of [Teams Premium](/microsoftteams/teams-add-on-licensing/licensing-enhance-teams). > [!NOTE] -> We'll be providing unlimited SMS notifications through March 1, 2023 (previously January 31, 2023) for customers with Bookings licenses. As we get closer to the end of the promotion period, we'll provide additional details on licensing requirements. Contact your account team or support to receive pricing details after the promotion period. +> We'll be providing unlimited SMS notifications through April 3, 2023 (previously March 1, 2023) for customers with Bookings licenses. As we get closer to the end of the promotion period, we'll provide more details on licensing requirements. Contact your account team or support to receive pricing details after the promotion period. Attendees need a valid United States, Canada, or United Kingdom phone number before they can receive SMS notifications.
includes	Microsoft 365 Content Updates	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/microsoft-365-content-updates.md	<!-- This file is generated automatically each week. Changes made to this file will be overwritten.-->---- -## Week of February 13, 2023 -- -\| Published On \|Topic title \| Change \| -\|\|\|--\| -\| 2/14/2023 \| [Microsoft 365 admin center - Overview](/microsoft-365/admin/admin-overview/admin-center-overview?view=o365-worldwide) \| modified \| -\| 2/14/2023 \| [Operationalize attack surface reduction (ASR) rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-operationalize?view=o365-worldwide) \| modified \| -\| 2/14/2023 \| [Limit guest sharing to specific organizations](/microsoft-365/solutions/limit-guest-sharing-to-specific-organization?view=o365-worldwide) \| modified \| -\| 2/13/2023 \| [Virtual Appointments with Teams - Integration into Oracle Health EHR](/microsoft-365/frontline/ehr-admin-oracle-health?view=o365-worldwide) \| renamed \| -\| 2/13/2023 \| [Learn about retention policies & labels to retain or delete](/microsoft-365/compliance/retention?view=o365-worldwide) \| modified \| -\| 2/14/2023 \| [Manage protected devices with Microsoft 365 Business Premium](/microsoft-365/business/manage-protected-devices?view=o365-worldwide) \| modified \| -\| 2/14/2023 \| [All credentials entity definition](/microsoft-365/compliance/sit-defn-all-creds?view=o365-worldwide) \| modified \| -\| 2/16/2023 \| [Security defaults and Conditional Access](/microsoft-365/business-premium/m365bp-conditional-access?view=o365-worldwide) \| modified \| -\| 2/16/2023 \| [Introduction to information management policies](/microsoft-365/compliance/intro-to-info-mgmt-policies?view=o365-worldwide) \| modified \| -\| 2/16/2023 \| [Compare security features in Microsoft 365 plans for small and medium-sized businesses](/microsoft-365/security/defender-business/compare-mdb-m365-plans?view=o365-worldwide) \| modified \| -\| 2/16/2023 \| [Get Microsoft Defender for Business](/microsoft-365/security/defender-business/get-defender-business?view=o365-worldwide) \| modified \| -\| 2/16/2023 \| [Add users and assign licenses in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-add-users?view=o365-worldwide) \| modified \| -\| 2/16/2023 \| [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) \| modified \| -\| 2/16/2023 \| [Understand next-generation protection configuration settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-next-gen-configuration-settings?view=o365-worldwide) \| modified \| -\| 2/16/2023 \| [Requirements for Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-requirements?view=o365-worldwide) \| modified \| -\| 2/16/2023 \| [Set up and configure Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-setup-configuration?view=o365-worldwide) \| modified \| -\| 2/16/2023 \| [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-worldwide) \| modified \| -\| 2/16/2023 \| [Common Zero Trust identity and device access policies - Microsoft 365 for enterprise](/microsoft-365/security/office-365-security/identity-access-policies?view=o365-worldwide) \| modified \| -\| 2/15/2023 \| [Connect your DNS records at IONOS by 1&1 to Microsoft 365](/microsoft-365/admin/dns/create-dns-records-at-1-1-internet?view=o365-worldwide) \| modified \| -\| 2/15/2023 \| [Manage self-service purchases and trials (for admins)](/microsoft-365/commerce/subscriptions/manage-self-service-purchases-admins?view=o365-worldwide) \| modified \| -\| 2/16/2023 \| [Comment and collaborate using annotations in Microsoft Syntex](/microsoft-365/syntex/annotations) \| added \| -\| 2/16/2023 \| [Export documents from a review set in eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-export-documents-from-review-set?view=o365-worldwide) \| modified \| -\| 2/16/2023 \| [Integrate your SIEM tools with Microsoft 365 Defender](/microsoft-365/security/defender/configure-siem-defender?view=o365-worldwide) \| modified \| -\| 2/16/2023 \| [Microsoft Syntex documentation # < 60 chars](/microsoft-365/syntex/index) \| modified \| -\| 2/16/2023 \| [Onboard devices to Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-onboard-devices?view=o365-worldwide) \| modified \| -\| 2/16/2023 \| [Cross-tenant mailbox migration](/microsoft-365/enterprise/cross-tenant-mailbox-migration?view=o365-worldwide) \| modified \| -\| 2/16/2023 \| [What's new in Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-whatsnew?view=o365-worldwide) \| modified \| -\| 2/16/2023 \| [Overview of Microsoft Syntex](/microsoft-365/syntex/syntex-overview) \| modified \| -\| 2/16/2023 \| [Bookings with me](/microsoft-365/bookings/bookings-in-outlook?view=o365-worldwide) \| modified \| -\| 2/17/2023 \| [Learn about data loss prevention](/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide) \| modified \| -\| 2/17/2023 \| [Configure the delivery of third-party phishing simulations to users and unfiltered messages to SecOps mailboxes](/microsoft-365/security/office-365-security/skip-filtering-phishing-simulations-sec-ops-mailboxes?view=o365-worldwide) \| modified \| -\| 2/17/2023 \| [Use network protection to help prevent Linux connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection-linux?view=o365-worldwide) \| modified \| -- -## Week of February 06, 2023 -- -\| Published On \|Topic title \| Change \| -\|\|\|--\| -\| 2/6/2023 \| [Help dynamically mitigate risks with Adaptive Protection (preview)](/microsoft-365/compliance/insider-risk-management-adaptive-protection?view=o365-worldwide) \| added \| -\| 2/6/2023 \| [Automatically apply a sensitivity label in Microsoft 365](/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide) \| modified \| -\| 2/6/2023 \| [Create and publish sensitivity labels](/microsoft-365/compliance/create-sensitivity-labels?view=o365-worldwide) \| modified \| -\| 2/6/2023 \| [Create and deploy a data loss prevention policy](/microsoft-365/compliance/dlp-create-deploy-policy?view=o365-worldwide) \| modified \| -\| 2/6/2023 \| [Learn about data loss prevention](/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide) \| modified \| -\| 2/6/2023 \| [Data Loss Prevention policy reference](/microsoft-365/compliance/dlp-policy-reference?view=o365-worldwide) \| modified \| -\| 2/6/2023 \| [Using Endpoint DLP](/microsoft-365/compliance/endpoint-dlp-using?view=o365-worldwide) \| modified \| -\| 2/6/2023 \| [Get started with sensitivity labels](/microsoft-365/compliance/get-started-with-sensitivity-labels?view=o365-worldwide) \| modified \| -\| 2/6/2023 \| [Get started with insider risk management](/microsoft-365/compliance/insider-risk-management-configure?view=o365-worldwide) \| modified \| -\| 2/6/2023 \| [Permissions in the Microsoft Purview compliance portal](/microsoft-365/compliance/microsoft-365-compliance-center-permissions?view=o365-worldwide) \| modified \| -\| 2/6/2023 \| [Learn about Adaptive Protection in data loss prevention](/microsoft-365/compliance/dlp-adaptive-protection-learn?view=o365-worldwide) \| added \| -\| 2/6/2023 \| [Limit guest sharing to specific organizations](/microsoft-365/solutions/limit-guest-sharing-to-specific-organization?view=o365-worldwide) \| modified \| -\| 2/6/2023 \| [Limit sharing in Microsoft 365](/microsoft-365/solutions/microsoft-365-limit-sharing?view=o365-worldwide) \| modified \| -\| 2/6/2023 \| [Automatically apply a retention label to Microsoft 365 items](/microsoft-365/compliance/apply-retention-labels-automatically?view=o365-worldwide) \| modified \| -\| 2/6/2023 \| [What's new in Microsoft Purview risk and compliance solutions](/microsoft-365/compliance/whats-new?view=o365-worldwide) \| modified \| -\| 2/7/2023 \| [Automatic ServiceNow Incident Creation](/microsoft-365/admin/manage/servicenow-incidents?view=o365-worldwide) \| added \| -\| 2/7/2023 \| [Email authentication in Microsoft 365](/microsoft-365/security/office-365-security/email-authentication-about?view=o365-worldwide) \| modified \| -\| 2/7/2023 \| [Use a prebuilt model to extract information from invoices in Microsoft Syntex](/microsoft-365/syntex/prebuilt-model-invoice?view=o365-worldwide) \| modified \| -\| 2/7/2023 \| [Get started with communication compliance](/microsoft-365/compliance/communication-compliance-configure?view=o365-worldwide) \| modified \| -\| 2/7/2023 \| [Plan for communication compliance](/microsoft-365/compliance/communication-compliance-plan?view=o365-worldwide) \| modified \| -\| 2/7/2023 \| [Create and manage communication compliance policies](/microsoft-365/compliance/communication-compliance-policies?view=o365-worldwide) \| modified \| -\| 2/7/2023 \| [Learn about communication compliance](/microsoft-365/compliance/communication-compliance?view=o365-worldwide) \| modified \| -\| 2/7/2023 \| [Review data with the insider risk management content explorer](/microsoft-365/compliance/insider-risk-management-content-explorer?view=o365-worldwide) \| modified \| -\| 2/7/2023 \| [Attack surface reduction in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-asr?view=o365-worldwide) \| modified \| -\| 2/7/2023 \| [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) \| modified \| -\| 2/7/2023 \| [Configure authentication for Microsoft 365 support integration with ServiceNow](/microsoft-365/admin/manage/servicenow-authentication?view=o365-worldwide) \| modified \| -\| 2/7/2023 \| [Azure Active Directory setup guides](/microsoft-365/admin/misc/azure-ad-setup-guides?view=o365-worldwide) \| modified \| -\| 2/7/2023 \| [Compare Microsoft endpoint security plans](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2?view=o365-worldwide) \| modified \| -\| 2/8/2023 \| [Audit log activities](/microsoft-365/compliance/audit-log-activities?view=o365-worldwide) \| modified \| -\| 2/8/2023 \| [Introduction to information management policies](/microsoft-365/compliance/intro-to-info-mgmt-policies?view=o365-worldwide) \| modified \| -\| 2/8/2023 \| [Microsoft Teams Virtual Appointments Call Quality Dashboard](/microsoft-365/frontline/virtual-appointments-call-quality?view=o365-worldwide) \| modified \| -\| 2/8/2023 \| [Run the client analyzer on macOS or Linux](/microsoft-365/security/defender-endpoint/run-analyzer-macos-linux?view=o365-worldwide) \| modified \| -\| 2/8/2023 \| [Report spam, non-spam, phishing, suspicious emails and files to Microsoft](/microsoft-365/security/office-365-security/submissions-report-messages-files-to-microsoft?view=o365-worldwide) \| modified \| -\| 2/8/2023 \| [User reported message settings](/microsoft-365/security/office-365-security/submissions-user-reported-messages-files-custom-mailbox?view=o365-worldwide) \| modified \| -\| 2/8/2023 \| [Deploy a task automatically in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-deploy-task-automatically?view=o365-worldwide) \| modified \| -\| 2/8/2023 \| [Set up GDAP for your customers](/microsoft-365/lighthouse/m365-lighthouse-setup-gdap?view=o365-worldwide) \| modified \| -\| 2/8/2023 \| [Turn on cloud protection in Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus?view=o365-worldwide) \| modified \| -\| 2/9/2023 \| [Learn about sensitivity labels](/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide) \| modified \| -\| 2/9/2023 \| [Limit guest sharing to specific organizations](/microsoft-365/solutions/limit-guest-sharing-to-specific-organization?view=o365-worldwide) \| modified \| -\| 2/10/2023 \| [Set preferences for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-preferences?view=o365-worldwide) \| modified \| -\| 2/10/2023 \| [Anti-spam protection](/microsoft-365/security/office-365-security/anti-spam-protection-about?view=o365-worldwide) \| modified \| -\| 2/9/2023 \| [Turn pronouns on or off for your organization in the Microsoft 365 admin center](/microsoft-365/admin/add-users/turn-pronouns-on-or-off?view=o365-worldwide) \| added \| -\| 2/9/2023 \| [Search for and delete chat messages in Teams](/microsoft-365/compliance/ediscovery-search-and-delete-teams-chat-messages?view=o365-worldwide) \| modified \| -\| 2/10/2023 \| [Configure Microsoft Defender for Endpoint on Android risk signals using App Protection Policies (MAM)](/microsoft-365/security/defender-endpoint/android-configure-mam?view=o365-worldwide) \| modified \| -\| 2/10/2023 \| [Network device discovery and vulnerability management](/microsoft-365/security/defender-endpoint/network-devices?view=o365-worldwide) \| modified \| -\| 2/10/2023 \| [How to schedule an antivirus scan using Anacron in Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/schedule-antivirus-scan-in-mde?view=o365-worldwide) \| modified \| -\| 2/10/2023 \| [Performance analyzer for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/tune-performance-defender-antivirus?view=o365-worldwide) \| modified \| -\| 2/10/2023 \| [Authenticated scan for Windows in Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/windows-authenticated-scan?view=o365-worldwide) \| modified \| -\| 2/10/2023 \| [Application Guard for Office for admins](/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide) \| modified \| -\| 2/10/2023 \| [Microsoft recommendations for EOP and Defender for Office 365 security settings](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-worldwide) \| modified \| -\| 2/10/2023 \| [Set up Safe Links policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/safe-links-policies-configure?view=o365-worldwide) \| modified \| -\| 2/10/2023 \| [Test and deploy Microsoft 365 Apps by partners in the Integrated apps portal](/microsoft-365/admin/manage/test-and-deploy-microsoft-365-apps?view=o365-worldwide) \| modified \| -\| 2/10/2023 \| [Create EDM SIT sample file for the new experience](/microsoft-365/compliance/sit-create-edm-sit-unified-ux-sample-file?view=o365-worldwide) \| modified \| -\| 2/10/2023 \| [Get started with exact data match based sensitive information types](/microsoft-365/compliance/sit-get-started-exact-data-match-based-sits-overview?view=o365-worldwide) \| modified \| -\| 2/10/2023 \| [Export source data for exact data match based sensitive information type](/microsoft-365/compliance/sit-get-started-exact-data-match-export-data?view=o365-worldwide) \| modified \| -\| 2/10/2023 \| [Configure anti-malware policies](/microsoft-365/security/office-365-security/anti-malware-policies-configure?view=o365-worldwide) \| modified \| -- -## Week of January 30, 2023 -- -\| Published On \|Topic title \| Change \| -\|\|\|--\| -\| 2/1/2023 \| [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide) \| modified \| -\| 1/30/2023 \| [Create and deploy a data loss prevention policy](/microsoft-365/compliance/dlp-create-deploy-policy?view=o365-worldwide) \| added \| -\| 1/30/2023 \| [Learn about data loss prevention](/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide) \| modified \| -\| 1/30/2023 \| [Plan for data loss prevention](/microsoft-365/compliance/dlp-overview-plan-for-dlp?view=o365-worldwide) \| modified \| -\| 1/30/2023 \| [Design a Data loss prevention policy](/microsoft-365/compliance/dlp-policy-design?view=o365-worldwide) \| modified \| -\| 1/30/2023 \| [Data Loss Prevention policy reference](/microsoft-365/compliance/dlp-policy-reference?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Map Microsoft 365 Defender role-based access control (RBAC) permissions](/microsoft-365/security/defender/compare-rbac-roles?view=o365-worldwide) \| modified \| -\| 1/31/2023 \| [Configure endpoint DLP settings](/microsoft-365/compliance/dlp-configure-endpoint-settings?view=o365-worldwide) \| modified \| -\| 1/31/2023 \| [Canada drivers license number entity definition](/microsoft-365/compliance/sit-defn-canada-drivers-license-number?view=o365-worldwide) \| modified \| -\| 1/31/2023 \| [Use network protection to help prevent macOS connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection-macos?view=o365-worldwide) \| modified \| -\| 1/31/2023 \| Create a DLP policy from a template \| removed \| -\| 1/31/2023 \| Create, test, and tune a DLP policy \| removed \| -\| 1/31/2023 \| [Get started with Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-getting-started?view=o365-worldwide) \| modified \| -\| 1/31/2023 \| [Using Endpoint DLP](/microsoft-365/compliance/endpoint-dlp-using?view=o365-worldwide) \| modified \| -\| 1/31/2023 \| [Training campaigns in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-training-campaigns?view=o365-worldwide) \| added \| -\| 1/31/2023 \| [Training modules for Training campaigns in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-training-modules?view=o365-worldwide) \| added \| -\| 1/31/2023 \| [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) \| modified \| -\| 1/31/2023 \| [Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune](/microsoft-365/security/defender-endpoint/android-intune?view=o365-worldwide) \| modified \| -\| 1/31/2023 \| [Microsoft Defender for Endpoint Device Control Removable Storage frequently asked questions](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control-faq?view=o365-worldwide) \| modified \| -\| 1/31/2023 \| [Protect your organization's data with device control](/microsoft-365/security/defender-endpoint/device-control-report?view=o365-worldwide) \| modified \| -\| 1/31/2023 \| [Deploy Microsoft Defender for Endpoint on iOS with Microsoft Intune](/microsoft-365/security/defender-endpoint/ios-install?view=o365-worldwide) \| modified \| -\| 1/31/2023 \| [Troubleshoot performance issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-perf?view=o365-worldwide) \| modified \| -\| 1/31/2023 \| [Deploy Microsoft Defender for Endpoint on macOS with Microsoft Intune](/microsoft-365/security/defender-endpoint/mac-install-with-intune?view=o365-worldwide) \| modified \| -\| 1/31/2023 \| [Set up and configure Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/mde-p1-setup-configuration?view=o365-worldwide) \| modified \| -\| 1/31/2023 \| [Onboard devices and configure Microsoft Defender for Endpoint capabilities](/microsoft-365/security/defender-endpoint/onboard-configure?view=o365-worldwide) \| modified \| -\| 1/31/2023 \| [Onboard to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/onboarding?view=o365-worldwide) \| modified \| -\| 1/31/2023 \| [Migrate to Microsoft Defender for Endpoint - Onboard](/microsoft-365/security/defender-endpoint/switch-to-mde-phase-3?view=o365-worldwide) \| modified \| -\| 1/31/2023 \| Troubleshoot AuditD performance issues with Microsoft Defender for Endpoint on Linux \| removed \| -\| 2/1/2023 \| [Use the Virtual Appointments app in Microsoft Teams](/microsoft-365/frontline/virtual-appointments-app?view=o365-worldwide) \| added \| -\| 2/1/2023 \| [Configure endpoint DLP settings](/microsoft-365/compliance/dlp-configure-endpoint-settings?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Use sensitivity labels to protect calendar items, Teams meetings, and chat](/microsoft-365/compliance/sensitivity-labels-meetings?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Launch your portal using the Portal launch scheduler](/microsoft-365/enterprise/portallaunchscheduler?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Microsoft Teams Advanced Virtual Appointments activity report](/microsoft-365/frontline/advanced-virtual-appointments-activity-report?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| Virtual Appointments with Microsoft Teams and the Bookings app \| removed \| -\| 2/1/2023 \| [Manage the join experience for Teams Virtual Appointments on browsers](/microsoft-365/frontline/browser-join?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Microsoft 365 for retail organizations](/microsoft-365/frontline/teams-for-retail-landing-page?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Microsoft Teams Virtual Appointments usage report](/microsoft-365/frontline/virtual-appointments-usage-report?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Virtual Appointments with Microsoft Teams](/microsoft-365/frontline/virtual-appointments?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Use network protection to help prevent macOS connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection-macos?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Training campaigns in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-training-campaigns?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Create and manage communication compliance policies](/microsoft-365/compliance/communication-compliance-policies?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Deploy updates for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-updates?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Investigate users in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-users?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Application Guard for Office for admins](/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Create a more secure guest sharing environment](/microsoft-365/solutions/create-secure-guest-sharing-environment?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Get all scan agents](/microsoft-365/security/defender-endpoint/get-all-scan-agents?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Get scan definitions](/microsoft-365/security/defender-endpoint/get-all-scan-definitions?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Authenticated scan for Windows in Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/windows-authenticated-scan?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Deploy and manage using group policy](/microsoft-365/security/defender-endpoint/deploy-and-manage-using-group-policy?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Run the client analyzer on macOS or Linux](/microsoft-365/security/defender-endpoint/run-analyzer-macos-linux?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Create and manage inactive mailboxes](/microsoft-365/compliance/create-and-manage-inactive-mailboxes?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Use a script to create an eDiscovery holds report](/microsoft-365/compliance/ediscovery-create-a-report-on-holds-in-cases?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Add more SharePoint storage to your subscription](/microsoft-365/commerce/add-storage-space?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Minimum versions for sensitivity labels in Microsoft 365 Apps](/microsoft-365/compliance/sensitivity-labels-versions?view=o365-worldwide) \| added \| -\| 2/1/2023 \| [Understand the Defender Experts for Hunting report in Microsoft 365 Defender](/microsoft-365/security/defender/defender-experts-report?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Use the eDiscovery Export Tool in Microsoft Edge](/microsoft-365/compliance/ediscovery-configure-edge-to-export-search-results?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Deploy and manage using group policy](/microsoft-365/security/defender-endpoint/deploy-and-manage-using-group-policy?view=o365-worldwide) \| added \| -\| 2/1/2023 \| [Deploy and manage using Intune](/microsoft-365/security/defender-endpoint/deploy-and-manage-using-intune?view=o365-worldwide) \| added \| -\| 2/1/2023 \| [Printer Protection frequently asked questions](/microsoft-365/security/defender-endpoint/printer-protection-frequently-asked-questions?view=o365-worldwide) \| added \| -\| 2/1/2023 \| [Printer Protection Overview](/microsoft-365/security/defender-endpoint/printer-protection-overview?view=o365-worldwide) \| added \| -\| 2/1/2023 \| [Switch to Microsoft Defender for Endpoint - Setup](/microsoft-365/security/defender-endpoint/switch-to-mde-phase-2?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [What's new in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Bookings with me](/microsoft-365/bookings/bookings-in-outlook?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Learn about Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Reduce the attack surface for Microsoft Teams](/microsoft-365/security/office-365-security/step-by-step-guides/reducing-attack-surface-in-microsoft-teams?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [What happens to my data and access when my subscription ends?](/microsoft-365/commerce/subscriptions/what-if-my-subscription-expires?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Enable attack surface reduction rules](/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [What's new in Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-whatsnew?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Performance analyzer for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/tune-performance-defender-antivirus?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [What's new in Microsoft Defender for Endpoint on Windows](/microsoft-365/security/defender-endpoint/windows-whatsnew?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Exposure score in Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/tvm-exposure-score?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Security recommendations](/microsoft-365/security/defender-vulnerability-management/tvm-security-recommendation?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Upgrade distribution lists to Microsoft 365 Groups in Exchange Online](/microsoft-365/admin/manage/upgrade-distribution-lists?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Create and manage insider risk management policies](/microsoft-365/compliance/insider-risk-management-policies?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Deploy Microsoft Defender for Endpoint on Linux manually](/microsoft-365/security/defender-endpoint/linux-install-manually?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Canada social insurance number entity definition](/microsoft-365/compliance/sit-defn-canada-social-insurance-number?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Attack surface reduction in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-asr?view=o365-worldwide) \| added \| -\| 2/1/2023 \| [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Microsoft Defender for Business troubleshooting](/microsoft-365/security/defender-business/mdb-troubleshooting?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Microsoft Defender for Endpoint (MDE) attack surface reduction (ASR) rules deployment overview](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Frequently asked questions on tamper protection](/microsoft-365/security/defender-endpoint/faqs-tamper-protection?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Understand next-generation protection configuration settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-next-gen-configuration-settings?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Get scan history by definition](/microsoft-365/security/defender-endpoint/get-scan-history-by-definition?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Get scan history by session](/microsoft-365/security/defender-endpoint/get-scan-history-by-session?view=o365-worldwide) \| modified \| -\| 2/1/2023 \| [Troubleshoot Microsoft Teams EHR connector setup and configuration](/microsoft-365/frontline/ehr-connector-troubleshoot-setup-configuration?view=o365-worldwide) \| added \| -\| 2/1/2023 \| [Migrate to Microsoft Defender for Office 365 Phase 1: Prepare](/microsoft-365/security/office-365-security/migrate-to-defender-for-office-365-prepare?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Manage submissions](/microsoft-365/security/office-365-security/submissions-admin?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Performance analyzer for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/tune-performance-defender-antivirus?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Microsoft Adoption Score Organizational Messages](/microsoft-365/admin/adoption/organizational-messages?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Message center in the Microsoft 365 admin center](/microsoft-365/admin/manage/message-center?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Configure authentication for Microsoft 365 support integration with ServiceNow](/microsoft-365/admin/manage/servicenow-authentication?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Test and deploy Microsoft 365 Apps by partners in the Integrated apps portal](/microsoft-365/admin/manage/test-and-deploy-microsoft-365-apps?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [What's new in the Microsoft 365 admin center?](/microsoft-365/admin/whats-new-in-preview?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Non-Azure Microsoft volume licensing invoices](/microsoft-365/commerce/licenses/volume-licensing-invoices?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Communication compliance](/microsoft-365/compliance/communication-compliance-solution-overview?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Collect eDiscovery diagnostic information](/microsoft-365/compliance/ediscovery-diagnostic-info?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Migrate the Azure Information Protection (AIP) add-in to Microsoft Purview Information Protection built-in labeling for Office apps](/microsoft-365/compliance/sensitivity-labels-aip?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [OneDrive Cross-tenant OneDrive migration Step 2](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step2?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [OneDrive Cross-tenant OneDrive migration Step 6](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step6?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [OneDrive Cross-Tenant User Data Migration Step 7](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step7?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Cross-tenant OneDrive migration overview](/microsoft-365/enterprise/cross-tenant-onedrive-migration?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Microsoft 365 Multi-Tenant Organization People Search](/microsoft-365/enterprise/multi-tenant-people-search?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Block sign-in for shared mailbox accounts in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-block-signin-shared-mailboxes?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Overview of using Microsoft 365 Lighthouse baselines to deploy standard tenant configurations](/microsoft-365/lighthouse/m365-lighthouse-deploy-standard-tenant-configurations-overview?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Deploy a task automatically in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-deploy-task-automatically?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Overview of deployment tasks in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-overview-deployment-task?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Review a deployment plan in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-review-deployment-plan?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Understand deployment statuses in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-understand-deployment-statuses?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [View task details in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-view-task-details?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [What's new in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-whats-new?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Details of custom permissions in Microsoft 365 Defender role-based access control (RBAC)](/microsoft-365/security/defender/custom-permissions-details?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [External Domain Name System records for Office 365](/microsoft-365/enterprise/external-domain-name-system-records?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Troubleshoot issues and find answers on FAQs related to Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-troubleshoot?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Microsoft 365 Multi-Tenant Organization People Search](/microsoft-365/enterprise/multi-tenant-people-search?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Test attack surface reduction (ASR) rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-test?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Attack surface reduction (ASR) rules reporting](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-report?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Advanced deployment guidance for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/comprehensive-guidance-on-linux-deployment?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Map Microsoft 365 Defender role-based access control (RBAC) permissions](/microsoft-365/security/defender/compare-rbac-roles?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [What is Microsoft Defender Experts for XDR offering](/microsoft-365/security/defender/dex-xdr-overview?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Import roles to Microsoft 365 Defender RBAC](/microsoft-365/security/defender/import-rbac-roles?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [How to use the Microsoft Defender Experts for XDR preview service](/microsoft-365/security/defender/start-using-mdex-xdr?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Bookings with me](/microsoft-365/bookings/bookings-in-outlook?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Pay for your Microsoft business subscription with a billing profile](/microsoft-365/commerce/billing-and-payments/pay-for-subscription-billing-profile?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Payment options for your Microsoft business subscription](/microsoft-365/commerce/billing-and-payments/pay-for-your-subscription?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Attack surface reduction rules reference](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/defender-for-office-365?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Security Operations Guide for Defender for Office 365](/microsoft-365/security/office-365-security/mdo-sec-ops-guide?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Protect security settings with tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Set up the Microsoft Defender for Endpoint on macOS policies in Jamf Pro](/microsoft-365/security/defender-endpoint/mac-jamfpro-policies?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Microsoft Adoption Score - Meetings (New)](/microsoft-365/admin/adoption/meetings-new?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Shifts connectors](/microsoft-365/frontline/shifts-connectors?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Virtual Appointments with Microsoft Teams](/microsoft-365/frontline/virtual-appointments?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Turn on cloud protection in Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [View email security reports](/microsoft-365/security/office-365-security/reports-email-security?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Search the audit log in the Microsoft Purview compliance portal](/microsoft-365/compliance/audit-log-search?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Microsoft Purview auditing solutions](/microsoft-365/compliance/audit-solutions-overview?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Track your Microsoft Secure Score history and meet goals](/microsoft-365/security/defender/microsoft-secure-score-history-metrics-trends?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Assess your security posture through Microsoft Secure Score](/microsoft-365/security/defender/microsoft-secure-score-improvement-actions?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Microsoft Secure Score](/microsoft-365/security/defender/microsoft-secure-score?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Microsoft Secure score data storage and privacy](/microsoft-365/security/defender/secure-score-data-storage-privacy?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Advanced deployment guidance for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/comprehensive-guidance-on-linux-deployment?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Microsoft Defender for Endpoint device timeline](/microsoft-365/security/defender-endpoint/device-timeline-event-flag?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Export information gathering assessment](/microsoft-365/security/defender-endpoint/get-assessment-information-gathering?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Deploy Microsoft Defender for Endpoint on Linux manually](/microsoft-365/security/defender-endpoint/linux-install-manually?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Scheduling Dynamic Recurring Meetings](/microsoft-365/scheduler/scheduler-recurring-meetings?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Manage devices for frontline workers](/microsoft-365/frontline/flw-devices?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Deploy a task automatically in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-deploy-task-automatically?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Deploy a task manually in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-deploy-task-manually?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Dismiss a task in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-dismiss-task?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Overview of deployment tasks in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-overview-deployment-task?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Review a deployment plan in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-review-deployment-plan?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Understand deployment statuses in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-understand-deployment-statuses?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [View task details in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-view-task-details?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [App-based deployment for Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-install?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Trainable classifiers definitions](/microsoft-365/compliance/classifier-tc-definitions?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Configure automated investigation and response capabilities in Microsoft 365 Defender](/microsoft-365/security/defender/m365d-configure-auto-investigation-response?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Manage Microsoft LMS Gateway for any LMS](/microsoft-365/lti/manage-microsoft-one-lti?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Common Microsoft Defender for Endpoint API errors](/microsoft-365/security/defender-endpoint/common-errors?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Quarantine policies](/microsoft-365/security/office-365-security/quarantine-policies?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Choose your scenarios for Microsoft 365 for frontline workers](/microsoft-365/frontline/flw-choose-scenarios?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Corporate communications with frontline workers](/microsoft-365/frontline/flw-corp-comms?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Microsoft 365 for retail organizations](/microsoft-365/frontline/teams-for-retail-landing-page?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Migrate from the MDE SIEM API to the Microsoft 365 Defender alerts API](/microsoft-365/security/defender-endpoint/configure-siem?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [FAQs related to Microsoft Defender Experts for XDR preview](/microsoft-365/security/defender/frequently-asked-questions?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Microsoft 365 Defender streaming event types supported in Event Streaming API](/microsoft-365/security/defender/supported-event-types?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Email analysis in investigations for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/email-analysis-investigations?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Set up Microsoft 365 for frontline workers](/microsoft-365/frontline/flw-setup-microsoft-365?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Build and manage assessments in Microsoft Purview Compliance Manager](/microsoft-365/compliance/compliance-manager-assessments?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Get started with Microsoft Purview Compliance Manager](/microsoft-365/compliance/compliance-manager-setup?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Enable co-authoring for encrypted documents](/microsoft-365/compliance/sensitivity-labels-coauthoring?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Microsoft 365 network connectivity test tool](/microsoft-365/enterprise/office-365-network-mac-perf-onboarding-tool?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Schedule regular quick and full scans with Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/schedule-antivirus-scans?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [OneDrive Cross-Tenant User Data Migration Step 1](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step1?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [OneDrive Cross-Tenant User Data Migration Step 2](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step2?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [OneDrive Cross-Tenant User Data Migration Step 3](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step3?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [OneDrive Cross-Tenant User Data Migration Step 4](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step4?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [OneDrive Cross-Tenant User Data Migration Step 5](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step5?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [OneDrive Cross-Tenant User Data Migration Step 6](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step6?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Cross-tenant OneDrive migration](/microsoft-365/enterprise/cross-tenant-onedrive-migration?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Configure Microsoft 365 support integration with Azure AD Auth Token](/microsoft-365/admin/manage/servicenow-aad-oauth-token-v1?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Configure support integration with ServiceNow - Basic Authentication](/microsoft-365/admin/manage/servicenow-basic-authentication-v1?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Microsoft 365 support integration with ServiceNow configuration overview](/microsoft-365/admin/manage/servicenow-overview-v1?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Testing the ServiceNow configuration](/microsoft-365/admin/manage/servicenow-testing-the-configuration-v1?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Troubleshooting Microsoft 365 support integration with ServiceNow](/microsoft-365/admin/manage/servicenow-troubleshooting-v1?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Integrate Microsoft 365 with ServiceNow Virtual Agent](/microsoft-365/admin/manage/servicenow-virtual-agent-integration-v1?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Non-Azure Microsoft volume licensing invoices](/microsoft-365/commerce/licenses/volume-licensing-invoices?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/defender-endpoint-antivirus-exclusions?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Microsoft Defender for Endpoint Device Control Removable Storage frequently asked questions](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control-faq?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Microsoft Defender for Endpoint Device Control Removable Storage Access Control, removable storage media](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Investigate Microsoft Defender for Endpoint files](/microsoft-365/security/defender-endpoint/investigate-files?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Get started with sensitivity labels](/microsoft-365/compliance/get-started-with-sensitivity-labels?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Enable attack surface reduction (ASR) rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-implement?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Investigate an IP address associated with an alert](/microsoft-365/security/defender-endpoint/investigate-ip?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Microsoft 365 Defender portal](/microsoft-365/security/defender/microsoft-365-defender-portal?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Decryption in Microsoft Purview eDiscovery tools](/microsoft-365/compliance/ediscovery-decryption?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Integrate your SIEM tools with Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/configure-siem?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [What's new in Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-whatsnew?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Investigate alerts in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-alerts?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Insider risk management settings](/microsoft-365/compliance/insider-risk-management-settings?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Service advisories for OAB size limits in Exchange Online monitoring](/microsoft-365/enterprise/microsoft-365-oab-size-limit-service-advisory?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Review events and errors using Event Viewer](/microsoft-365/security/defender-endpoint/event-error-codes?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [How to schedule scans with Microsoft Defender for Endpoint on macOS](/microsoft-365/security/defender-endpoint/mac-schedule-scan?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [What's new in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [What's new in Microsoft Defender Vulnerability Management Public Preview](/microsoft-365/security/defender-vulnerability-management/whats-new-in-microsoft-defender-vulnerability-management?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [How SMTP DNS-based Authentication of Named Entities (DANE) secures email communications](/microsoft-365/compliance/how-smtp-dane-works?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Configure endpoint DLP settings](/microsoft-365/compliance/dlp-configure-endpoint-settings?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Using Endpoint DLP](/microsoft-365/compliance/endpoint-dlp-using?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Create and manage custom detection rules in Microsoft 365 Defender](/microsoft-365/security/defender/custom-detection-rules?view=o365-worldwide) \| modified \| -\| 11/2/2022 \| [Help your clients and customers use virtual appointments](/microsoft-365/frontline/virtual-appointments-toolkit?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Service assurance in the Microsoft Purview compliance portal](/microsoft-365/compliance/service-assurance?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Cross-tenant mailbox migration](/microsoft-365/enterprise/cross-tenant-mailbox-migration?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Advanced Data Residency Commitments](/microsoft-365/enterprise/m365-dr-commitments?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Use Microsoft Teams Meetings LTI with any LTI 1.3 compliant LMS](/microsoft-365/lti/integrate-with-other-lms?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Get Microsoft Defender for Business servers](/microsoft-365/security/defender-business/get-defender-business-servers?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Microsoft Defender for Business](/microsoft-365/security/defender-business/index?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Microsoft Defender for Business frequently asked questions](/microsoft-365/security/defender-business/mdb-faq?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Offboard a device from Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-offboard-devices?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Onboard devices to Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-onboard-devices?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Device health Microsoft Defender Antivirus health report](/microsoft-365/security/defender-endpoint/device-health-microsoft-defender-antivirus-health?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Get started with insider risk management](/microsoft-365/compliance/insider-risk-management-configure?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Insider risk management policies](/microsoft-365/compliance/insider-risk-management-policies?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Learn about insider risk management](/microsoft-365/compliance/insider-risk-management?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Windows and Office 365 deployment lab kit](/microsoft-365/enterprise/modern-desktop-deployment-and-management-lab?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Address false positives/negatives in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/defender-endpoint-false-positives-negatives?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Microsoft Defender for Cloud Apps in Microsoft 365 Defender (Preview)](/microsoft-365/security/defender/microsoft-365-security-center-defender-cloud-apps?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Manage Folders and Rules feature in Microsoft 365 Groups](/microsoft-365/enterprise/manage-folders-and-rules-feature?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [What is Microsoft 365 Defender?](/microsoft-365/security/defender/microsoft-365-defender?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Feature update validation](/microsoft-365/test-base/feature?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Creating and Testing Binary Files on Test Base](/microsoft-365/test-base/testapplication?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Test your Intune application on Test Base](/microsoft-365/test-base/testintuneapplication?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Uploading a pre-built zip package](/microsoft-365/test-base/uploadapplication?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Onboard Windows servers to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Microsoft 365 alert policies](/microsoft-365/compliance/alert-policies?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Data Loss Prevention policy reference](/microsoft-365/compliance/dlp-policy-reference?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Microsoft Defender for Endpoint APIs connection to Power BI](/microsoft-365/security/defender-endpoint/api-power-bi?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Create indicators for IPs and URLs/domains](/microsoft-365/security/defender-endpoint/indicator-ip-domain?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Professional services supported by Microsoft 365 Defender](/microsoft-365/security/defender-endpoint/professional-services?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Technological partners of Microsoft 365 Defender](/microsoft-365/security/defender-endpoint/technological-partners?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Learn about auto-expanding archiving](/microsoft-365/compliance/autoexpanding-archiving?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Azure service bus shared access signature entity definition (preview)](/microsoft-365/compliance/sit-defn-azure-service-bus-shared-access-signature?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Azure Shared Access key / Web Hook token signature entity definition (preview)](/microsoft-365/compliance/sit-defn-azure-shared-access-key-web-hook-token?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Microsoft 365 admin center Teams app usage reports](/microsoft-365/admin/activity-reports/microsoft-teams-apps-usage?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Microsoft 365 admin center mailbox usage reports](/microsoft-365/admin/activity-reports/mailbox-usage?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Customize what happens at the end of the retention period](/microsoft-365/compliance/retention-label-flow?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Azure Active Directory setup guides](/microsoft-365/admin/misc/azure-ad-setup-guides?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [About the Microsoft Purview Compliance Manager premium assessment trial](/microsoft-365/compliance/compliance-easy-trials-compliance-manager-assessments?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Automatically retain or delete content by using retention policies](/microsoft-365/compliance/create-retention-policies?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Message encryption FAQ](/microsoft-365/compliance/ome-faq?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Onboard Windows devices to Microsoft Defender for Endpoint via Group Policy](/microsoft-365/security/defender-endpoint/configure-endpoints-gp?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Onboard Windows devices using Configuration Manager](/microsoft-365/security/defender-endpoint/configure-endpoints-sccm?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Microsoft 365 admin center activity reports](/microsoft-365/admin/activity-reports/activity-reports?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Top 20 most-viewed admin help articles this month # < 60 chars](/microsoft-365/admin/top-m365-admin-articles?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Microsoft 365 admin center help # < 60 chars](/microsoft-365/admin/index?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Microsoft 365 Business Premium resources # < 60 chars](/microsoft-365/business/index?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Customize an archive and deletion policy (MRM) for mailboxes](/microsoft-365/compliance/set-up-an-archive-and-deletion-policy-for-mailboxes?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Microsoft 365 for frontline workers # < 60 chars](/microsoft-365/frontline/index?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Microsoft 365 documentation # < 60 chars](/microsoft-365/index?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Investigate domains and URLs associated with a Microsoft Defender for Endpoint alert](/microsoft-365/security/defender-endpoint/investigate-domain?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [What's new in Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-whatsnew?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Cross-Tenant Identity Mapping (preview)](/microsoft-365/enterprise/cross-tenant-identity-mapping?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Deploy Teams at scale for frontline workers](/microsoft-365/frontline/deploy-teams-at-scale?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Onboard Microsoft Defender for IoT with Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/enable-microsoft-defender-for-iot-integration?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Use network protection to help prevent connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Web protection](/microsoft-365/security/defender-endpoint/web-protection-overview?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Manage clients for Microsoft Whiteboard in GCC environments](/microsoft-365/whiteboard/manage-clients-gcc?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Manage data for Microsoft Whiteboard in GCC environments](/microsoft-365/whiteboard/manage-data-gcc?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Manage sharing for Microsoft Whiteboard in GCC environments](/microsoft-365/whiteboard/manage-sharing-gcc?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Manage access to Microsoft Whiteboard for GCC environments](/microsoft-365/whiteboard/manage-whiteboard-access-gcc?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Microsoft Adoption Score](/microsoft-365/admin/adoption/adoption-score?view=o365-worldwide) \| renamed \| -\| 2/2/2023 \| [Microsoft Adoption Score - Microsoft 365 apps health](/microsoft-365/admin/adoption/apps-health?view=o365-worldwide) \| renamed \| -\| 2/2/2023 \| [Microsoft Adoption Score - Communication](/microsoft-365/admin/adoption/communication?view=o365-worldwide) \| renamed \| -\| 2/2/2023 \| [Microsoft Adoption Score - Content collaboration](/microsoft-365/admin/adoption/content-collaboration?view=o365-worldwide) \| renamed \| -\| 2/2/2023 \| [Microsoft Adoption Score - Meetings](/microsoft-365/admin/adoption/meetings?view=o365-worldwide) \| renamed \| -\| 2/2/2023 \| [Microsoft Adoption Score - Mobility](/microsoft-365/admin/adoption/mobility?view=o365-worldwide) \| renamed \| -\| 2/2/2023 \| [Microsoft Adoption Score - Privacy](/microsoft-365/admin/adoption/privacy?view=o365-worldwide) \| renamed \| -\| 2/2/2023 \| [Microsoft Adoption Score - Teamwork](/microsoft-365/admin/adoption/teamwork?view=o365-worldwide) \| renamed \| -\| 2/2/2023 \| [Troubleshoot issues on Microsoft Defender for Endpoint on Android](/microsoft-365/security/defender-endpoint/android-support-signin?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [What's new in Microsoft Defender for Endpoint on Android](/microsoft-365/security/defender-endpoint/android-whatsnew?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| About the Microsoft Defender Vulnerability Management public preview trial \| removed \| -\| 2/2/2023 \| [Top 10 ways to secure your business data - Best practices for small and medium-sized businesses](/microsoft-365/admin/security-and-compliance/secure-your-business-data?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Onboard and offboard macOS devices into Microsoft Purview solutions using Microsoft Intune](/microsoft-365/compliance/device-onboarding-offboarding-macos-intune?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Integrate Microsoft Teams classes and meetings with Moodle](/microsoft-365/lti/teams-classes-meetings-with-moodle?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Choose between guided and advanced modes for hunting in Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-modes?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Overview - Advanced hunting](/microsoft-365/security/defender/advanced-hunting-overview?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Supported data types and filters in guided mode for hunting in Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-query-builder-details?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Work with query results in guided mode for hunting in Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-query-builder-results?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Build queries using guided mode in Microsoft 365 Defender advanced hunting](/microsoft-365/security/defender/advanced-hunting-query-builder?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Move users to a different subscription](/microsoft-365/commerce/subscriptions/move-users-different-subscription?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [EU debit card number entity definition](/microsoft-365/compliance/sit-defn-eu-debit-card-number?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [International banking account number (IBAN) entity definition](/microsoft-365/compliance/sit-defn-international-banking-account-number?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Integrate Microsoft Teams meetings with Schoology LMS](/microsoft-365/lti/teams-classes-and-meetings-with-schoology?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Export assessment methods and properties per device](/microsoft-365/security/defender-endpoint/get-assessment-methods-properties?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Learn how to mitigate the Log4Shell vulnerability in Microsoft Defender for Endpoint - Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/tvm-manage-log4shell-guidance?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Configure your Event Hubs](/microsoft-365/security/defender/configure-event-hub?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Microsoft 365 Group mailbox size management](/microsoft-365/admin/create-groups/group-mailbox-size-management?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Migrating servers from Microsoft Defender for Endpoint to Microsoft Defender for Cloud](/microsoft-365/security/defender-endpoint/migrating-mde-server-to-cloud?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Guest users in the Microsoft 365 admin center](/microsoft-365/admin/add-users/about-guest-users?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Manage guest access in Microsoft 365 groups](/microsoft-365/admin/create-groups/manage-guest-access-in-groups?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Use Microsoft Teams meetings with Blackboard Learn](/microsoft-365/lti/teams-meetings-with-blackboard-learn?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Manage data for Microsoft Whiteboard](/microsoft-365/whiteboard/manage-data-organizations?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Manage sharing for Microsoft Whiteboard in GCC High environments](/microsoft-365/whiteboard/manage-sharing-gcc-high?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Manage sharing for Microsoft Whiteboard](/microsoft-365/whiteboard/manage-sharing-organizations?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Microsoft 365 Business Premium overview](/microsoft-365/business-premium/index?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Glossary of security terms for Microsoft 365 security capabilities](/microsoft-365/business-premium/m365bp-glossary?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Use AllowSelfServicePurchase for the MSCommerce PowerShell module](/microsoft-365/commerce/subscriptions/allowselfservicepurchase-powershell?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Configure and manage Microsoft Threat Experts capabilities](/microsoft-365/security/defender-endpoint/configure-microsoft-threat-experts?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Microsoft Defender for Endpoint Device Control Device Installation](/microsoft-365/security/defender-endpoint/mde-device-control-device-installation?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Review audit logs in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-review-audit-logs?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [What's new in Microsoft Defender Vulnerability Management Public Preview](/microsoft-365/security/defender-vulnerability-management/whats-new-in-microsoft-defender-vulnerability-management?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Upload Application Binaries](/microsoft-365/test-base/binaries?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Functional testing on Test Base](/microsoft-365/test-base/functional?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Memory regression analysis](/microsoft-365/test-base/memory?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Run your test on-demand](/microsoft-365/test-base/ondemandrun?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Test Base SDK for Python](/microsoft-365/test-base/pythonsdkoverview?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Set your test tasks](/microsoft-365/test-base/testtask?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Preset security policies](/microsoft-365/security/office-365-security/preset-security-policies?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Use Power Automate connectors to build Bookings workflows](/microsoft-365/bookings/power-automate-integration?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Learn about archive mailboxes for Microsoft Purview](/microsoft-365/compliance/archive-mailboxes?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Share DLP alerts](/microsoft-365/compliance/dlp-share-alerts?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Enable auto-expanding archiving](/microsoft-365/compliance/enable-autoexpanding-archiving?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Azure AD configuration for content encrypted by Microsoft Purview Information Protection](/microsoft-365/compliance/encryption-azure-ad-configuration?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Create exact data match sensitive information type workflow classic experience](/microsoft-365/compliance/sit-create-edm-sit-classic-ux-workflow?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Create EDM SIT sample file for the new experience](/microsoft-365/compliance/sit-create-edm-sit-unified-ux-sample-file?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Create EDM SIT using the new experience](/microsoft-365/compliance/sit-create-edm-sit-unified-ux-schema-rule-package?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Create exact data match sensitive information type workflow new experience](/microsoft-365/compliance/sit-create-edm-sit-unified-ux-workflow?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Get started with exact data match based sensitive information types](/microsoft-365/compliance/sit-get-started-exact-data-match-based-sits-overview?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Create the schema for exact data match based sensitive information types](/microsoft-365/compliance/sit-get-started-exact-data-match-create-schema?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Export source data for exact data match based sensitive information type](/microsoft-365/compliance/sit-get-started-exact-data-match-export-data?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Hash and upload the sensitive information source table for exact data match sensitive information types](/microsoft-365/compliance/sit-get-started-exact-data-match-hash-upload?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Learn about exact data match based sensitive information types](/microsoft-365/compliance/sit-learn-about-exact-data-match-based-sits?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Suspicious password-spray-related IP address activity alert](/microsoft-365/security/defender/alert-grading-password-spray?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Get help and support for Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-get-help?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Visit the Microsoft 365 Defender portal](/microsoft-365/security/defender-business/mdb-get-started?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Understand next-generation protection configuration settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-next-gen-configuration-settings?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Use setup wizard in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-use-wizard?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Set preferences for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-preferences?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Introduction to Microsoft Whiteboard](/microsoft-365/whiteboard/index?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Detect and Remediate Illicit Consent Grants](/microsoft-365/security/office-365-security/detect-and-remediate-illicit-consent-grants?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Set up and configure the Moodle LMS plugins](/microsoft-365/lti/moodle-plugin-configuration?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Set up and configure the Moodle LMS plugins for Open LMS](/microsoft-365/lti/open-lms-plugin-configuration?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Top 10 ways to secure your data - Best practices for small and medium-sized businesses](/microsoft-365/admin/security-and-compliance/secure-your-business-data?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Migrating servers from Microsoft Monitoring Agent to the unified solution](/microsoft-365/security/defender-endpoint/application-deployment-via-mecm?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Onboard devices and configure Microsoft Defender for Endpoint capabilities](/microsoft-365/security/defender-endpoint/onboard-configure?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Supported Microsoft Defender for Endpoint capabilities by platform](/microsoft-365/security/defender-endpoint/supported-capabilities-by-platform?view=o365-worldwide) \| added \| -\| 2/2/2023 \| [Configure Microsoft Defender for Endpoint on iOS features](/microsoft-365/security/defender-endpoint/ios-configure-features?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [What's new in Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-whatsnew?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Microsoft Defender Offline in Windows](/microsoft-365/security/defender-endpoint/microsoft-defender-offline?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Go to the Action center to view and approve your automated investigation and remediation tasks](/microsoft-365/security/defender/m365d-action-center?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Automated investigation and response in Microsoft 365 Defender](/microsoft-365/security/defender/m365d-autoir?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Apply encryption using sensitivity labels](/microsoft-365/compliance/encryption-sensitivity-labels?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Onboard devices without Internet access to Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/onboard-offline-machines?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Configure Microsoft 365 user account properties with PowerShell](/microsoft-365/enterprise/configure-user-account-properties-with-microsoft-365-powershell?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Configure and validate exclusions based on extension, name, or location](/microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Data Residency for Other Microsoft 365 Services](/microsoft-365/enterprise/m365-dr-workload-other?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Manage Office Scripts settings](/microsoft-365/admin/manage/manage-office-scripts-settings?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Create and publish sensitivity labels](/microsoft-365/compliance/create-sensitivity-labels?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Delete items in the Recoverable Items folder of cloud-based mailboxes on hold - Admin Help](/microsoft-365/compliance/delete-items-in-the-recoverable-items-folder-of-mailboxes-on-hold?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Overview of sensitivity labels](/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Enable sensitivity labels for Office files in SharePoint and OneDrive](/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Test and deploy Microsoft 365 Apps](/microsoft-365/admin/manage/test-and-deploy-microsoft-365-apps?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Data loss prevention and Microsoft Teams](/microsoft-365/compliance/dlp-microsoft-teams?view=o365-worldwide) \| modified \| -\| 2/2/2023 \| [Alert policies in the security and compliance centers](/microsoft-365/compliance/alert-policies?view=o365-worldwide) \| modified \| -\| 2/3/2023 \| [Microsoft Teams Virtual Appointments Call Quality Dashboard](/microsoft-365/frontline/virtual-appointments-call-quality?view=o365-worldwide) \| added \| -\| 2/3/2023 \| [Configure alert notifications in Microsoft 365 Defender](/microsoft-365/security/defender/configure-email-notifications?view=o365-worldwide) \| renamed \| -\| 2/3/2023 \| [Microsoft Teams Virtual Appointments usage report](/microsoft-365/frontline/virtual-appointments-usage-report?view=o365-worldwide) \| modified \| -\| 2/3/2023 \| [Microsoft 365 Lighthouse frequently asked questions (FAQs)](/microsoft-365/lighthouse/m365-lighthouse-faq?view=o365-worldwide) \| modified \| -\| 2/3/2023 \| [Advanced deployment guides for Microsoft 365 and Office 365 services](/microsoft-365/enterprise/setup-guides-for-microsoft-365?view=o365-worldwide) \| modified \| -\| 2/3/2023 \| Data Loss Prevention Reference \| removed \| -\| 2/3/2023 \| [Data loss prevention and Microsoft Teams](/microsoft-365/compliance/dlp-microsoft-teams?view=o365-worldwide) \| modified \| -\| 2/3/2023 \| [Get started with the Microsoft Service Trust Portal](/microsoft-365/compliance/get-started-with-service-trust-portal?view=o365-worldwide) \| modified \| -\| 2/3/2023 \| [Set up the Microsoft Defender for Endpoint on macOS policies in Jamf Pro](/microsoft-365/security/defender-endpoint/mac-jamfpro-policies?view=o365-worldwide) \| modified \| -- -## Week of January 23, 2023 -- -\| Published On \|Topic title \| Change \| -\|\|\|--\| -\| 1/23/2023 \| [Create and manage inactive mailboxes](/microsoft-365/compliance/create-and-manage-inactive-mailboxes?view=o365-worldwide) \| modified \| -\| 1/23/2023 \| [Use a script to create an eDiscovery holds report](/microsoft-365/compliance/ediscovery-create-a-report-on-holds-in-cases?view=o365-worldwide) \| modified \| -\| 1/23/2023 \| [How to secure your business data with Microsoft 365 for business](/microsoft-365/admin/security-and-compliance/secure-your-business-data?view=o365-worldwide) \| modified \| -\| 1/23/2023 \| [Boost your security protection with Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-security-overview?view=o365-worldwide) \| modified \| -\| 1/23/2023 \| [What DLP policy templates include](/microsoft-365/compliance/what-the-dlp-policy-templates-include?view=o365-worldwide) \| modified \| -\| 1/23/2023 \| [Microsoft Defender for Business frequently asked questions](/microsoft-365/security/defender-business/mdb-faq?view=o365-worldwide) \| modified \| -\| 1/23/2023 \| [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-worldwide) \| modified \| -\| 1/24/2023 \| [Deploy and manage using group policy](/microsoft-365/security/defender-endpoint/deploy-and-manage-using-group-policy?view=o365-worldwide) \| modified \| -\| 1/24/2023 \| [Run the client analyzer on macOS or Linux](/microsoft-365/security/defender-endpoint/run-analyzer-macos-linux?view=o365-worldwide) \| modified \| -\| 1/24/2023 \| [Audit log activities](/microsoft-365/compliance/audit-log-activities?view=o365-worldwide) \| modified \| -\| 1/25/2023 \| [Create and manage communication compliance policies](/microsoft-365/compliance/communication-compliance-policies?view=o365-worldwide) \| modified \| -\| 1/25/2023 \| [Deploy updates for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-updates?view=o365-worldwide) \| modified \| -\| 1/25/2023 \| [Investigate users in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-users?view=o365-worldwide) \| modified \| -\| 1/25/2023 \| [Application Guard for Office for admins](/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide) \| modified \| -\| 1/25/2023 \| [Create a more secure guest sharing environment](/microsoft-365/solutions/create-secure-guest-sharing-environment?view=o365-worldwide) \| modified \| -\| 1/25/2023 \| [Compare security features in Microsoft 365 plans for small and medium-sized businesses](/microsoft-365/security/defender-business/compare-mdb-m365-plans?view=o365-worldwide) \| modified \| -\| 1/25/2023 \| [Overview of Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1?view=o365-worldwide) \| modified \| -\| 1/26/2023 \| [Get all scan agents](/microsoft-365/security/defender-endpoint/get-all-scan-agents?view=o365-worldwide) \| modified \| -\| 1/26/2023 \| [Get scan definitions](/microsoft-365/security/defender-endpoint/get-all-scan-definitions?view=o365-worldwide) \| modified \| -\| 1/26/2023 \| [Use network protection to help prevent macOS connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection-macos?view=o365-worldwide) \| modified \| -\| 1/26/2023 \| [Authenticated scan for Windows in Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/windows-authenticated-scan?view=o365-worldwide) \| modified \| -\| 1/26/2023 \| Employee quick-setup guide \| removed \| -\| 1/27/2023 \| [Attack surface reduction in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-asr?view=o365-worldwide) \| added \| -\| 1/27/2023 \| [Canada social insurance number entity definition](/microsoft-365/compliance/sit-defn-canada-social-insurance-number?view=o365-worldwide) \| modified \| -\| 1/27/2023 \| [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) \| modified \| -\| 1/27/2023 \| [Microsoft Defender for Business troubleshooting](/microsoft-365/security/defender-business/mdb-troubleshooting?view=o365-worldwide) \| modified \| -\| 1/27/2023 \| [Microsoft Defender for Endpoint (MDE) attack surface reduction (ASR) rules deployment overview](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment?view=o365-worldwide) \| modified \| -\| 1/27/2023 \| [Frequently asked questions on tamper protection](/microsoft-365/security/defender-endpoint/faqs-tamper-protection?view=o365-worldwide) \| modified \| -\| 1/27/2023 \| [What's new in Microsoft Defender for Endpoint on Windows](/microsoft-365/security/defender-endpoint/windows-whatsnew?view=o365-worldwide) \| modified \| -\| 1/27/2023 \| [Address false positives/negatives in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/defender-endpoint-false-positives-negatives?view=o365-worldwide) \| modified \| -\| 1/27/2023 \| [Manage Microsoft Defender for Endpoint using PowerShell, WMI, and MPCmdRun.exe](/microsoft-365/security/defender-endpoint/manage-mde-post-migration-other-tools?view=o365-worldwide) \| modified \| -\| 1/27/2023 \| [Manage Microsoft Defender for Endpoint after initial setup or migration](/microsoft-365/security/defender-endpoint/manage-mde-post-migration?view=o365-worldwide) \| modified \| -\| 1/27/2023 \| [Set up and configure Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/mde-p1-setup-configuration?view=o365-worldwide) \| modified \| -- -## Week of January 16, 2023 -- -\| Published On \|Topic title \| Change \| -\|\|\|--\| -\| 1/18/2023 \| [Audit log activities](/microsoft-365/compliance/audit-log-activities?view=o365-worldwide) \| modified \| -\| 1/18/2023 \| [Troubleshoot installation issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-install?view=o365-worldwide) \| modified \| -\| 1/18/2023 \| [Allow or block email using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-email-spoof-configure?view=o365-worldwide) \| modified \| -\| 1/18/2023 \| [Allow or block files using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-files-configure?view=o365-worldwide) \| modified \| -\| 1/18/2023 \| [Allow or block URLs using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-urls-configure?view=o365-worldwide) \| modified \| -\| 1/18/2023 \| [Create assessment templates in Microsoft Purview Compliance Manager](/microsoft-365/compliance/compliance-manager-templates-create?view=o365-worldwide) \| modified \| -\| 1/18/2023 \| [Modify assessment templates in Microsoft Purview Compliance Manager](/microsoft-365/compliance/compliance-manager-templates-modify?view=o365-worldwide) \| modified \| -\| 1/18/2023 \| [Reduce the attack surface for Microsoft Teams](/microsoft-365/security/office-365-security/step-by-step-guides/reducing-attack-surface-in-microsoft-teams?view=o365-worldwide) \| added \| -\| 1/18/2023 \| [Troubleshoot performance issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-perf?view=o365-worldwide) \| modified \| -\| 1/18/2023 \| [Deploy and manage using Intune](/microsoft-365/security/defender-endpoint/deploy-and-manage-using-intune?view=o365-worldwide) \| modified \| -\| 1/18/2023 \| [Sign up for Microsoft 365 Business Premium](/microsoft-365/business-premium/get-microsoft-365-business-premium?view=o365-worldwide) \| modified \| -\| 1/18/2023 \| [Security defaults and Conditional Access](/microsoft-365/business-premium/m365bp-conditional-access?view=o365-worldwide) \| modified \| -\| 1/18/2023 \| [Working with device groups in Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-device-groups-mdb?view=o365-worldwide) \| modified \| -\| 1/18/2023 \| [Get started with the Microsoft Service Trust Portal](/microsoft-365/compliance/get-started-with-service-trust-portal?view=o365-worldwide) \| modified \| -\| 1/19/2023 \| [Bookings with me](/microsoft-365/bookings/bookings-in-outlook?view=o365-worldwide) \| modified \| -\| 1/19/2023 \| [Learn about Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-worldwide) \| modified \| -\| 1/19/2023 \| [Reduce the attack surface for Microsoft Teams](/microsoft-365/security/office-365-security/step-by-step-guides/reducing-attack-surface-in-microsoft-teams?view=o365-worldwide) \| modified \| -\| 1/20/2023 \| [Add more SharePoint storage to your subscription](/microsoft-365/commerce/add-storage-space?view=o365-worldwide) \| modified \| -\| 1/20/2023 \| [Optimize search requests in SharePoint Online modern site pages](/microsoft-365/enterprise/modern-search-optimization?view=o365-worldwide) \| added \| -\| 1/20/2023 \| [Deploy Microsoft Defender for Endpoint on Linux with SaltStack](/microsoft-365/security/defender-endpoint/linux-install-with-saltack?view=o365-worldwide) \| added \| -\| 1/20/2023 \| [Implementing VPN split tunneling for Microsoft 365](/microsoft-365/enterprise/microsoft-365-vpn-implement-split-tunnel?view=o365-worldwide) \| modified \| -\| 1/20/2023 \| [Requirements for Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-requirements?view=o365-worldwide) \| modified \| -\| 1/20/2023 \| [Configure Microsoft Defender for Endpoint risk signals using App Protection Policies (MAM)](/microsoft-365/security/defender-endpoint/android-configure-mam?view=o365-worldwide) \| modified \| -\| 1/20/2023 \| [Take response actions on a file in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/respond-file-alerts?view=o365-worldwide) \| modified \| -\| 1/18/2023 \| [Audit log activities](/microsoft-365/compliance/audit-log-activities?view=o365-worldwide) \| modified \| -\| 1/18/2023 \| [Troubleshoot installation issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-install?view=o365-worldwide) \| modified \| -\| 1/18/2023 \| [Allow or block email using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-email-spoof-configure?view=o365-worldwide) \| modified \| -\| 1/18/2023 \| [Allow or block files using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-files-configure?view=o365-worldwide) \| modified \| -\| 1/18/2023 \| [Allow or block URLs using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-urls-configure?view=o365-worldwide) \| modified \| -\| 1/18/2023 \| [Create assessment templates in Microsoft Purview Compliance Manager](/microsoft-365/compliance/compliance-manager-templates-create?view=o365-worldwide) \| modified \| -\| 1/18/2023 \| [Modify assessment templates in Microsoft Purview Compliance Manager](/microsoft-365/compliance/compliance-manager-templates-modify?view=o365-worldwide) \| modified \| -\| 1/18/2023 \| [Reduce the attack surface for Microsoft Teams](/microsoft-365/security/office-365-security/step-by-step-guides/reducing-attack-surface-in-microsoft-teams?view=o365-worldwide) \| added \| -\| 1/18/2023 \| [Troubleshoot performance issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-perf?view=o365-worldwide) \| modified \| -\| 1/18/2023 \| [Deploy and manage using Intune](/microsoft-365/security/defender-endpoint/deploy-and-manage-using-intune?view=o365-worldwide) \| modified \| -\| 1/18/2023 \| [Sign up for Microsoft 365 Business Premium](/microsoft-365/business-premium/get-microsoft-365-business-premium?view=o365-worldwide) \| modified \| -\| 1/18/2023 \| [Security defaults and Conditional Access](/microsoft-365/business-premium/m365bp-conditional-access?view=o365-worldwide) \| modified \| -\| 1/18/2023 \| [Working with device groups in Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-device-groups-mdb?view=o365-worldwide) \| modified \| -\| 1/18/2023 \| [Get started with the Microsoft Service Trust Portal](/microsoft-365/compliance/get-started-with-service-trust-portal?view=o365-worldwide) \| modified \| -\| 1/19/2023 \| [Bookings with me](/microsoft-365/bookings/bookings-in-outlook?view=o365-worldwide) \| modified \| -\| 1/19/2023 \| [Learn about Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-worldwide) \| modified \| -\| 1/19/2023 \| [Reduce the attack surface for Microsoft Teams](/microsoft-365/security/office-365-security/step-by-step-guides/reducing-attack-surface-in-microsoft-teams?view=o365-worldwide) \| modified \| -\| 1/20/2023 \| [Add more SharePoint storage to your subscription](/microsoft-365/commerce/add-storage-space?view=o365-worldwide) \| modified \| -\| 1/20/2023 \| [Optimize search requests in SharePoint Online modern site pages](/microsoft-365/enterprise/modern-search-optimization?view=o365-worldwide) \| added \| -\| 1/20/2023 \| [Deploy Microsoft Defender for Endpoint on Linux with SaltStack](/microsoft-365/security/defender-endpoint/linux-install-with-saltack?view=o365-worldwide) \| added \| -\| 1/20/2023 \| [Implementing VPN split tunneling for Microsoft 365](/microsoft-365/enterprise/microsoft-365-vpn-implement-split-tunnel?view=o365-worldwide) \| modified \| -\| 1/20/2023 \| [Requirements for Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-requirements?view=o365-worldwide) \| modified \| -\| 1/20/2023 \| [Configure Microsoft Defender for Endpoint risk signals using App Protection Policies (MAM)](/microsoft-365/security/defender-endpoint/android-configure-mam?view=o365-worldwide) \| modified \| -\| 1/20/2023 \| [Take response actions on a file in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/respond-file-alerts?view=o365-worldwide) \| modified \| +++ +## Week of February 20, 2023 ++ +\| Published On \|Topic title \| Change \| +\|\|\|--\| +\| 2/21/2023 \| [Learn about data loss prevention](/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide) \| modified \| +\| 2/21/2023 \| [Configure the delivery of third-party phishing simulations to users and unfiltered messages to SecOps mailboxes](/microsoft-365/security/office-365-security/skip-filtering-phishing-simulations-sec-ops-mailboxes?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Automatically apply a retention label to Microsoft 365 items](/microsoft-365/compliance/apply-retention-labels-automatically?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Turn auditing on or off](/microsoft-365/compliance/audit-log-enable-disable?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Search the audit log in the Microsoft Purview compliance portal](/microsoft-365/compliance/audit-log-search?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Detect channel signals with communication compliance](/microsoft-365/compliance/communication-compliance-channels?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Automatically retain or delete content by using retention policies](/microsoft-365/compliance/create-retention-policies?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Information barriers](/microsoft-365/compliance/information-barriers-solution-overview?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [New alert policies in Microsoft Defender for Office 365](/microsoft-365/compliance/new-defender-alert-policies?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Details and results of an automatic attack disruption action](/microsoft-365/security/defender/autoad-results?view=o365-worldwide) \| added \| +\| 2/22/2023 \| [Automatic attack disruption in Microsoft 365 Defender](/microsoft-365/security/defender/automatic-attack-disruption?view=o365-worldwide) \| added \| +\| 2/22/2023 \| [Configure automatic attack disruption capabilities in Microsoft 365 Defender](/microsoft-365/security/defender/configure-attack-disruption?view=o365-worldwide) \| added \| +\| 2/21/2023 \| [Adaptive scopes](/microsoft-365/compliance/purview-adaptive-scopes?view=o365-worldwide) \| added \| +\| 2/21/2023 \| [Get started with communication compliance](/microsoft-365/compliance/communication-compliance-configure?view=o365-worldwide) \| modified \| +\| 2/21/2023 \| [Microsoft Purview solutions trial user guide](/microsoft-365/compliance/compliance-easy-trials-compliance-playbook?view=o365-worldwide) \| modified \| +\| 2/21/2023 \| [Limits for Microsoft 365 retention policies and retention label policies](/microsoft-365/compliance/retention-limits?view=o365-worldwide) \| modified \| +\| 2/21/2023 \| [Configure Microsoft 365 retention settings to automatically retain or delete content](/microsoft-365/compliance/retention-settings?view=o365-worldwide) \| modified \| +\| 2/21/2023 \| [Learn about retention policies & labels to retain or delete](/microsoft-365/compliance/retention?view=o365-worldwide) \| modified \| +\| 2/21/2023 \| [Commit a collection estimate to a review set](/microsoft-365/compliance/ediscovery-commit-draft-collection?view=o365-worldwide) \| modified \| +\| 2/21/2023 \| [Create a collection estimate](/microsoft-365/compliance/ediscovery-create-draft-collection?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Document metadata fields in eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-document-metadata-fields?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Keyword queries and search conditions for eDiscovery](/microsoft-365/compliance/ediscovery-keyword-queries-and-search-conditions?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Microsoft Defender for Business frequently asked questions](/microsoft-365/security/defender-business/mdb-faq?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Onboard devices to Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-onboard-devices?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Onboard previous versions of Windows on Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/onboard-downlevel?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Automatic attack disruption in Microsoft 365 Defender](/microsoft-365/security/defender/automatic-attack-disruption?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Assess and tune your filtering for bulk mail in Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/tune-bulk-mail-filtering-walkthrough?view=o365-worldwide) \| added \| +\| 2/22/2023 \| [Cortana in Microsoft 365](/microsoft-365/admin/misc/cortana-integration?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Admin roles for Intune in the Microsoft 365 admin center](/microsoft-365/business-premium/m365bp-intune-admin-roles-in-the-mac?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Review detected threats on devices and take action](/microsoft-365/business-premium/m365bp-review-threats-take-action?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [View or edit device protection policies](/microsoft-365/business-premium/m365bp-view-edit-create-mdb-policies?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Get started with the Microsoft Purview Chrome Extension](/microsoft-365/compliance/dlp-chrome-get-started?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Get started with the Microsoft Purview Firefox Extension](/microsoft-365/compliance/dlp-firefox-extension-get-started?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Create eDiscovery holds in a eDiscovery (Standard) case](/microsoft-365/compliance/ediscovery-create-holds?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Decryption in Microsoft Purview eDiscovery tools](/microsoft-365/compliance/ediscovery-decryption?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Load non-Microsoft 365 data into a review set](/microsoft-365/compliance/ediscovery-load-non-office-365-data-into-a-review-set?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Manage hold notifications](/microsoft-365/compliance/ediscovery-manage-hold-notifications?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Manage Relevance setup in eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-manage-relevance-setup?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Manage holds in eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-managing-holds?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Predictive coding reference](/microsoft-365/compliance/ediscovery-predictive-coding-reference?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Preview the results of an eDiscovery search](/microsoft-365/compliance/ediscovery-preview-search-results?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Review audit logs in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-review-audit-logs?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Configure Microsoft Defender for Endpoint on Android risk signals using App Protection Policies (MAM)](/microsoft-365/security/defender-endpoint/android-configure-mam?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Configure Microsoft Defender for Endpoint on Android features](/microsoft-365/security/defender-endpoint/android-configure?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune](/microsoft-365/security/defender-endpoint/android-intune?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Test attack surface reduction (ASR) rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-test?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Microsoft Defender for Endpoint (MDE) attack surface reduction (ASR) rules deployment overview](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Attack surface reduction rules reference](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Enable block at first sight to detect malware in seconds](/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Onboard Windows devices using Configuration Manager](/microsoft-365/security/defender-endpoint/configure-endpoints-sccm?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Deploy, manage, and report on Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/deploy-manage-report-microsoft-defender-antivirus?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Plan your Microsoft Defender for Endpoint deployment](/microsoft-365/security/defender-endpoint/deployment-strategy?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Block potentially unwanted applications with Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Enable attack surface reduction rules](/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Enable controlled folder access](/microsoft-365/security/defender-endpoint/enable-controlled-folders?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Turn on exploit protection to help mitigate against attacks](/microsoft-365/security/defender-endpoint/enable-exploit-protection?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Turn on network protection](/microsoft-365/security/defender-endpoint/enable-network-protection?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Configure Microsoft Defender for Endpoint on iOS features](/microsoft-365/security/defender-endpoint/ios-configure-features?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Deploy Microsoft Defender for Endpoint on iOS with Microsoft Intune](/microsoft-365/security/defender-endpoint/ios-install?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [What's new in Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-whatsnew?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Intune-based deployment for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-install-with-intune?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Onboard devices and configure Microsoft Defender for Endpoint capabilities](/microsoft-365/security/defender-endpoint/onboard-configure?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Onboarding using Microsoft Configuration Manager](/microsoft-365/security/defender-endpoint/onboarding-endpoint-configuration-manager?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Onboarding using Microsoft Intune](/microsoft-365/security/defender-endpoint/onboarding-endpoint-manager?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Onboard to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/onboarding?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Run and customize on-demand scans in Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/run-scan-microsoft-defender-antivirus?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Troubleshoot onboarding issues related to Security Management for Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/troubleshoot-security-config-mgt?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Configure Microsoft Defender Antivirus using Microsoft Intune](/microsoft-365/security/defender-endpoint/use-intune-config-manager-microsoft-defender-antivirus?view=o365-worldwide) \| modified \| +\| 2/22/2023 \| [Manage devices with Intune](/microsoft-365/solutions/manage-devices-with-intune-overview?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [What's new in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-whats-new?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Microsoft Defender Antivirus security intelligence and product updates](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Microsoft Defender Antivirus updates - Previous versions for technical upgrade support](/microsoft-365/security/defender-endpoint/msda-updates-previous-versions-technical-upgrade-support?view=o365-worldwide) \| added \| +\| 2/24/2023 \| [Configure anti-malware policies](/microsoft-365/security/office-365-security/anti-malware-policies-configure?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Impersonation insight](/microsoft-365/security/office-365-security/anti-phishing-mdo-impersonation-insight?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Configure anti-phishing policies in EOP](/microsoft-365/security/office-365-security/anti-phishing-policies-eop-configure?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Configure anti-phishing policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/anti-phishing-policies-mdo-configure?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Configure spam filter policies](/microsoft-365/security/office-365-security/anti-spam-policies-configure?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Spoof intelligence insight](/microsoft-365/security/office-365-security/anti-spoofing-spoof-intelligence?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Get started using Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-get-started?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Configuration analyzer for security policies](/microsoft-365/security/office-365-security/configuration-analyzer-for-security-policies?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Configure the default connection filter policy](/microsoft-365/security/office-365-security/connection-filter-policies-configure?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Remove blocked connectors from the Restricted entities portal in Microsoft 365](/microsoft-365/security/office-365-security/connectors-remove-blocked?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Configure outbound spam filtering](/microsoft-365/security/office-365-security/outbound-spam-policies-configure?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Preset security policies](/microsoft-365/security/office-365-security/preset-security-policies?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Manage quarantined messages and files as an admin](/microsoft-365/security/office-365-security/quarantine-admin-manage-messages-files?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Remove blocked users from the Restricted users portal](/microsoft-365/security/office-365-security/removing-user-from-restricted-users-portal-after-spam?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [View Defender for Office 365 reports](/microsoft-365/security/office-365-security/reports-defender-for-office-365?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [View email security reports](/microsoft-365/security/office-365-security/reports-email-security?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Set up Safe Attachments policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/safe-attachments-policies-configure?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Safe Documents in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/safe-documents-in-e5-plus-security-about?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Set up Safe Links policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/safe-links-policies-configure?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Configure global settings for Safe Links settings in Defender for Office 365](/microsoft-365/security/office-365-security/safe-links-policies-global-settings-configure?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Configure the delivery of third-party phishing simulations to users and unfiltered messages to SecOps mailboxes](/microsoft-365/security/office-365-security/skip-filtering-phishing-simulations-sec-ops-mailboxes?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Manage submissions](/microsoft-365/security/office-365-security/submissions-admin?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Allow or block email using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-email-spoof-configure?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Allow or block files using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-files-configure?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Allow or block URLs using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-urls-configure?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [User tags in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/user-tags-about?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Manage spoofed senders using the spoof intelligence policy and spoof intelligence insight](/microsoft-365/security/office-365-security/walkthrough-spoof-intelligence-insight?view=o365-worldwide) \| modified \| +\| 2/23/2023 \| [Block vulnerable applications](/microsoft-365/security/defender-vulnerability-management/tvm-block-vuln-apps?view=o365-worldwide) \| modified \| +\| 2/23/2023 \| [Manage submissions](/microsoft-365/security/office-365-security/submissions-admin?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| Create and apply information management policies \| removed \| +\| 2/24/2023 \| Introduction to information management policies \| removed \| +\| 2/24/2023 \| [Strengthen your security posture](/microsoft-365/security/security-posture-solution-overview?view=o365-worldwide) \| added \| +\| 2/24/2023 \| [Strengthen your security posture - Assess and protect](/microsoft-365/security/strengthen-security-posture-assess-protect?view=o365-worldwide) \| added \| +\| 2/24/2023 \| [Strengthen your security posture - Configure capabilities](/microsoft-365/security/strengthen-security-posture-configure-capabilities?view=o365-worldwide) \| added \| +\| 2/24/2023 \| [Strengthen your security posture - Investigate and improve](/microsoft-365/security/strengthen-security-posture-investigate-improve?view=o365-worldwide) \| added \| +\| 2/24/2023 \| [Strengthen your security posture - Track and maintain](/microsoft-365/security/strengthen-security-posture-track-maintain?view=o365-worldwide) \| added \| +\| 2/24/2023 \| [Sensitive information type limits](/microsoft-365/compliance/sit-limits?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Admin review for user reported messages](/microsoft-365/security/office-365-security/submissions-admin-review-user-reported-messages?view=o365-worldwide) \| renamed \| +\| 2/24/2023 \| [User reported settings](/microsoft-365/security/office-365-security/submissions-user-reported-messages-custom-mailbox?view=o365-worldwide) \| renamed \| +\| 2/24/2023 \| [Microsoft 365 alert policies](/microsoft-365/compliance/alert-policies?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Adaptive scopes](/microsoft-365/compliance/purview-adaptive-scopes?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [What's new in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/defender-for-office-365-whats-new?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Security Operations Guide for Defender for Office 365](/microsoft-365/security/office-365-security/mdo-sec-ops-guide?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Roles and role groups in Microsoft Defender for Office 365 and Microsoft Purview compliance](/microsoft-365/security/office-365-security/scc-permissions?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [How-to deploy and configure the report message add-in](/microsoft-365/security/office-365-security/step-by-step-guides/deploy-and-configure-the-report-message-add-in?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Report false positives and false negatives in Outlook](/microsoft-365/security/office-365-security/submissions-outlook-report-messages?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Report spam, non-spam, phishing, suspicious emails and files to Microsoft](/microsoft-365/security/office-365-security/submissions-report-messages-files-to-microsoft?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Enable the Report Message or the Report Phishing add-ins](/microsoft-365/security/office-365-security/submissions-users-report-message-add-in-configure?view=o365-worldwide) \| modified \| +\| 2/24/2023 \| [Manage allows and blocks in the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-about?view=o365-worldwide) \| modified \| ++ +## Week of February 13, 2023 ++ +\| Published On \|Topic title \| Change \| +\|\|\|--\| +\| 2/14/2023 \| [Microsoft 365 admin center - Overview](/microsoft-365/admin/admin-overview/admin-center-overview?view=o365-worldwide) \| modified \| +\| 2/14/2023 \| [Operationalize attack surface reduction (ASR) rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-operationalize?view=o365-worldwide) \| modified \| +\| 2/14/2023 \| [Limit guest sharing to specific organizations](/microsoft-365/solutions/limit-guest-sharing-to-specific-organization?view=o365-worldwide) \| modified \| +\| 2/13/2023 \| [Virtual Appointments with Teams - Integration into Oracle Health EHR](/microsoft-365/frontline/ehr-admin-oracle-health?view=o365-worldwide) \| renamed \| +\| 2/13/2023 \| [Learn about retention policies & labels to retain or delete](/microsoft-365/compliance/retention?view=o365-worldwide) \| modified \| +\| 2/14/2023 \| [Manage protected devices with Microsoft 365 Business Premium](/microsoft-365/business/manage-protected-devices?view=o365-worldwide) \| modified \| +\| 2/14/2023 \| [All credentials entity definition](/microsoft-365/compliance/sit-defn-all-creds?view=o365-worldwide) \| modified \| +\| 2/16/2023 \| [Security defaults and Conditional Access](/microsoft-365/business-premium/m365bp-conditional-access?view=o365-worldwide) \| modified \| +\| 2/16/2023 \| [Introduction to information management policies](/microsoft-365/compliance/intro-to-info-mgmt-policies?view=o365-worldwide) \| modified \| +\| 2/16/2023 \| [Compare security features in Microsoft 365 plans for small and medium-sized businesses](/microsoft-365/security/defender-business/compare-mdb-m365-plans?view=o365-worldwide) \| modified \| +\| 2/16/2023 \| [Get Microsoft Defender for Business](/microsoft-365/security/defender-business/get-defender-business?view=o365-worldwide) \| modified \| +\| 2/16/2023 \| [Add users and assign licenses in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-add-users?view=o365-worldwide) \| modified \| +\| 2/16/2023 \| [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) \| modified \| +\| 2/16/2023 \| [Understand next-generation protection configuration settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-next-gen-configuration-settings?view=o365-worldwide) \| modified \| +\| 2/16/2023 \| [Requirements for Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-requirements?view=o365-worldwide) \| modified \| +\| 2/16/2023 \| [Set up and configure Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-setup-configuration?view=o365-worldwide) \| modified \| +\| 2/16/2023 \| [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-worldwide) \| modified \| +\| 2/16/2023 \| [Common Zero Trust identity and device access policies - Microsoft 365 for enterprise](/microsoft-365/security/office-365-security/identity-access-policies?view=o365-worldwide) \| modified \| +\| 2/15/2023 \| [Connect your DNS records at IONOS by 1&1 to Microsoft 365](/microsoft-365/admin/dns/create-dns-records-at-1-1-internet?view=o365-worldwide) \| modified \| +\| 2/15/2023 \| [Manage self-service purchases and trials (for admins)](/microsoft-365/commerce/subscriptions/manage-self-service-purchases-admins?view=o365-worldwide) \| modified \| +\| 2/16/2023 \| [Comment and collaborate using annotations in Microsoft Syntex](/microsoft-365/syntex/annotations) \| added \| +\| 2/16/2023 \| [Export documents from a review set in eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-export-documents-from-review-set?view=o365-worldwide) \| modified \| +\| 2/16/2023 \| [Integrate your SIEM tools with Microsoft 365 Defender](/microsoft-365/security/defender/configure-siem-defender?view=o365-worldwide) \| modified \| +\| 2/16/2023 \| [Microsoft Syntex documentation # < 60 chars](/microsoft-365/syntex/index) \| modified \| +\| 2/16/2023 \| [Onboard devices to Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-onboard-devices?view=o365-worldwide) \| modified \| +\| 2/16/2023 \| [Cross-tenant mailbox migration](/microsoft-365/enterprise/cross-tenant-mailbox-migration?view=o365-worldwide) \| modified \| +\| 2/16/2023 \| [What's new in Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-whatsnew?view=o365-worldwide) \| modified \| +\| 2/16/2023 \| [Overview of Microsoft Syntex](/microsoft-365/syntex/syntex-overview) \| modified \| +\| 2/16/2023 \| [Bookings with me](/microsoft-365/bookings/bookings-in-outlook?view=o365-worldwide) \| modified \| +\| 2/17/2023 \| [Learn about data loss prevention](/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide) \| modified \| +\| 2/17/2023 \| [Configure the delivery of third-party phishing simulations to users and unfiltered messages to SecOps mailboxes](/microsoft-365/security/office-365-security/skip-filtering-phishing-simulations-sec-ops-mailboxes?view=o365-worldwide) \| modified \| +\| 2/17/2023 \| [Use network protection to help prevent Linux connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection-linux?view=o365-worldwide) \| modified \| ++ +## Week of February 06, 2023 ++ +\| Published On \|Topic title \| Change \| +\|\|\|--\| +\| 2/6/2023 \| [Help dynamically mitigate risks with Adaptive Protection (preview)](/microsoft-365/compliance/insider-risk-management-adaptive-protection?view=o365-worldwide) \| added \| +\| 2/6/2023 \| [Automatically apply a sensitivity label in Microsoft 365](/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide) \| modified \| +\| 2/6/2023 \| [Create and publish sensitivity labels](/microsoft-365/compliance/create-sensitivity-labels?view=o365-worldwide) \| modified \| +\| 2/6/2023 \| [Create and deploy a data loss prevention policy](/microsoft-365/compliance/dlp-create-deploy-policy?view=o365-worldwide) \| modified \| +\| 2/6/2023 \| [Learn about data loss prevention](/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide) \| modified \| +\| 2/6/2023 \| [Data Loss Prevention policy reference](/microsoft-365/compliance/dlp-policy-reference?view=o365-worldwide) \| modified \| +\| 2/6/2023 \| [Using Endpoint DLP](/microsoft-365/compliance/endpoint-dlp-using?view=o365-worldwide) \| modified \| +\| 2/6/2023 \| [Get started with sensitivity labels](/microsoft-365/compliance/get-started-with-sensitivity-labels?view=o365-worldwide) \| modified \| +\| 2/6/2023 \| [Get started with insider risk management](/microsoft-365/compliance/insider-risk-management-configure?view=o365-worldwide) \| modified \| +\| 2/6/2023 \| [Permissions in the Microsoft Purview compliance portal](/microsoft-365/compliance/microsoft-365-compliance-center-permissions?view=o365-worldwide) \| modified \| +\| 2/6/2023 \| [Learn about Adaptive Protection in data loss prevention](/microsoft-365/compliance/dlp-adaptive-protection-learn?view=o365-worldwide) \| added \| +\| 2/6/2023 \| [Limit guest sharing to specific organizations](/microsoft-365/solutions/limit-guest-sharing-to-specific-organization?view=o365-worldwide) \| modified \| +\| 2/6/2023 \| [Limit sharing in Microsoft 365](/microsoft-365/solutions/microsoft-365-limit-sharing?view=o365-worldwide) \| modified \| +\| 2/6/2023 \| [Automatically apply a retention label to Microsoft 365 items](/microsoft-365/compliance/apply-retention-labels-automatically?view=o365-worldwide) \| modified \| +\| 2/6/2023 \| [What's new in Microsoft Purview risk and compliance solutions](/microsoft-365/compliance/whats-new?view=o365-worldwide) \| modified \| +\| 2/7/2023 \| [Automatic ServiceNow Incident Creation](/microsoft-365/admin/manage/servicenow-incidents?view=o365-worldwide) \| added \| +\| 2/7/2023 \| [Email authentication in Microsoft 365](/microsoft-365/security/office-365-security/email-authentication-about?view=o365-worldwide) \| modified \| +\| 2/7/2023 \| [Use a prebuilt model to extract information from invoices in Microsoft Syntex](/microsoft-365/syntex/prebuilt-model-invoice?view=o365-worldwide) \| modified \| +\| 2/7/2023 \| [Get started with communication compliance](/microsoft-365/compliance/communication-compliance-configure?view=o365-worldwide) \| modified \| +\| 2/7/2023 \| [Plan for communication compliance](/microsoft-365/compliance/communication-compliance-plan?view=o365-worldwide) \| modified \| +\| 2/7/2023 \| [Create and manage communication compliance policies](/microsoft-365/compliance/communication-compliance-policies?view=o365-worldwide) \| modified \| +\| 2/7/2023 \| [Learn about communication compliance](/microsoft-365/compliance/communication-compliance?view=o365-worldwide) \| modified \| +\| 2/7/2023 \| [Review data with the insider risk management content explorer](/microsoft-365/compliance/insider-risk-management-content-explorer?view=o365-worldwide) \| modified \| +\| 2/7/2023 \| [Attack surface reduction in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-asr?view=o365-worldwide) \| modified \| +\| 2/7/2023 \| [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) \| modified \| +\| 2/7/2023 \| [Configure authentication for Microsoft 365 support integration with ServiceNow](/microsoft-365/admin/manage/servicenow-authentication?view=o365-worldwide) \| modified \| +\| 2/7/2023 \| [Azure Active Directory setup guides](/microsoft-365/admin/misc/azure-ad-setup-guides?view=o365-worldwide) \| modified \| +\| 2/7/2023 \| [Compare Microsoft endpoint security plans](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2?view=o365-worldwide) \| modified \| +\| 2/8/2023 \| [Audit log activities](/microsoft-365/compliance/audit-log-activities?view=o365-worldwide) \| modified \| +\| 2/8/2023 \| [Introduction to information management policies](/microsoft-365/compliance/intro-to-info-mgmt-policies?view=o365-worldwide) \| modified \| +\| 2/8/2023 \| [Microsoft Teams Virtual Appointments Call Quality Dashboard](/microsoft-365/frontline/virtual-appointments-call-quality?view=o365-worldwide) \| modified \| +\| 2/8/2023 \| [Run the client analyzer on macOS or Linux](/microsoft-365/security/defender-endpoint/run-analyzer-macos-linux?view=o365-worldwide) \| modified \| +\| 2/8/2023 \| [Report spam, non-spam, phishing, suspicious emails and files to Microsoft](/microsoft-365/security/office-365-security/submissions-report-messages-files-to-microsoft?view=o365-worldwide) \| modified \| +\| 2/8/2023 \| [User reported message settings](/microsoft-365/security/office-365-security/submissions-user-reported-messages-files-custom-mailbox?view=o365-worldwide) \| modified \| +\| 2/8/2023 \| [Deploy a task automatically in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-deploy-task-automatically?view=o365-worldwide) \| modified \| +\| 2/8/2023 \| [Set up GDAP for your customers](/microsoft-365/lighthouse/m365-lighthouse-setup-gdap?view=o365-worldwide) \| modified \| +\| 2/8/2023 \| [Turn on cloud protection in Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus?view=o365-worldwide) \| modified \| +\| 2/9/2023 \| [Learn about sensitivity labels](/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide) \| modified \| +\| 2/9/2023 \| [Limit guest sharing to specific organizations](/microsoft-365/solutions/limit-guest-sharing-to-specific-organization?view=o365-worldwide) \| modified \| +\| 2/10/2023 \| [Set preferences for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-preferences?view=o365-worldwide) \| modified \| +\| 2/10/2023 \| [Anti-spam protection](/microsoft-365/security/office-365-security/anti-spam-protection-about?view=o365-worldwide) \| modified \| +\| 2/9/2023 \| [Turn pronouns on or off for your organization in the Microsoft 365 admin center](/microsoft-365/admin/add-users/turn-pronouns-on-or-off?view=o365-worldwide) \| added \| +\| 2/9/2023 \| [Search for and delete chat messages in Teams](/microsoft-365/compliance/ediscovery-search-and-delete-teams-chat-messages?view=o365-worldwide) \| modified \| +\| 2/10/2023 \| [Configure Microsoft Defender for Endpoint on Android risk signals using App Protection Policies (MAM)](/microsoft-365/security/defender-endpoint/android-configure-mam?view=o365-worldwide) \| modified \| +\| 2/10/2023 \| [Network device discovery and vulnerability management](/microsoft-365/security/defender-endpoint/network-devices?view=o365-worldwide) \| modified \| +\| 2/10/2023 \| [How to schedule an antivirus scan using Anacron in Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/schedule-antivirus-scan-in-mde?view=o365-worldwide) \| modified \| +\| 2/10/2023 \| [Performance analyzer for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/tune-performance-defender-antivirus?view=o365-worldwide) \| modified \| +\| 2/10/2023 \| [Authenticated scan for Windows in Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/windows-authenticated-scan?view=o365-worldwide) \| modified \| +\| 2/10/2023 \| [Application Guard for Office for admins](/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide) \| modified \| +\| 2/10/2023 \| [Microsoft recommendations for EOP and Defender for Office 365 security settings](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-worldwide) \| modified \| +\| 2/10/2023 \| [Set up Safe Links policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/safe-links-policies-configure?view=o365-worldwide) \| modified \| +\| 2/10/2023 \| [Test and deploy Microsoft 365 Apps by partners in the Integrated apps portal](/microsoft-365/admin/manage/test-and-deploy-microsoft-365-apps?view=o365-worldwide) \| modified \| +\| 2/10/2023 \| [Create EDM SIT sample file for the new experience](/microsoft-365/compliance/sit-create-edm-sit-unified-ux-sample-file?view=o365-worldwide) \| modified \| +\| 2/10/2023 \| [Get started with exact data match based sensitive information types](/microsoft-365/compliance/sit-get-started-exact-data-match-based-sits-overview?view=o365-worldwide) \| modified \| +\| 2/10/2023 \| [Export source data for exact data match based sensitive information type](/microsoft-365/compliance/sit-get-started-exact-data-match-export-data?view=o365-worldwide) \| modified \| +\| 2/10/2023 \| [Configure anti-malware policies](/microsoft-365/security/office-365-security/anti-malware-policies-configure?view=o365-worldwide) \| modified \| ++ +## Week of January 30, 2023 ++ +\| Published On \|Topic title \| Change \| +\|\|\|--\| +\| 2/1/2023 \| [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide) \| modified \| +\| 1/30/2023 \| [Create and deploy a data loss prevention policy](/microsoft-365/compliance/dlp-create-deploy-policy?view=o365-worldwide) \| added \| +\| 1/30/2023 \| [Learn about data loss prevention](/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide) \| modified \| +\| 1/30/2023 \| [Plan for data loss prevention](/microsoft-365/compliance/dlp-overview-plan-for-dlp?view=o365-worldwide) \| modified \| +\| 1/30/2023 \| [Design a Data loss prevention policy](/microsoft-365/compliance/dlp-policy-design?view=o365-worldwide) \| modified \| +\| 1/30/2023 \| [Data Loss Prevention policy reference](/microsoft-365/compliance/dlp-policy-reference?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Map Microsoft 365 Defender role-based access control (RBAC) permissions](/microsoft-365/security/defender/compare-rbac-roles?view=o365-worldwide) \| modified \| +\| 1/31/2023 \| [Configure endpoint DLP settings](/microsoft-365/compliance/dlp-configure-endpoint-settings?view=o365-worldwide) \| modified \| +\| 1/31/2023 \| [Canada drivers license number entity definition](/microsoft-365/compliance/sit-defn-canada-drivers-license-number?view=o365-worldwide) \| modified \| +\| 1/31/2023 \| [Use network protection to help prevent macOS connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection-macos?view=o365-worldwide) \| modified \| +\| 1/31/2023 \| Create a DLP policy from a template \| removed \| +\| 1/31/2023 \| Create, test, and tune a DLP policy \| removed \| +\| 1/31/2023 \| [Get started with Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-getting-started?view=o365-worldwide) \| modified \| +\| 1/31/2023 \| [Using Endpoint DLP](/microsoft-365/compliance/endpoint-dlp-using?view=o365-worldwide) \| modified \| +\| 1/31/2023 \| [Training campaigns in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-training-campaigns?view=o365-worldwide) \| added \| +\| 1/31/2023 \| [Training modules for Training campaigns in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-training-modules?view=o365-worldwide) \| added \| +\| 1/31/2023 \| [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) \| modified \| +\| 1/31/2023 \| [Deploy Microsoft Defender for Endpoint on Android with Microsoft Endpoint Manager](/microsoft-365/security/defender-endpoint/android-intune?view=o365-worldwide) \| modified \| +\| 1/31/2023 \| [Microsoft Defender for Endpoint Device Control Removable Storage frequently asked questions](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control-faq?view=o365-worldwide) \| modified \| +\| 1/31/2023 \| [Protect your organization's data with device control](/microsoft-365/security/defender-endpoint/device-control-report?view=o365-worldwide) \| modified \| +\| 1/31/2023 \| [Deploy Microsoft Defender for Endpoint on iOS with Microsoft Endpoint Manager](/microsoft-365/security/defender-endpoint/ios-install?view=o365-worldwide) \| modified \| +\| 1/31/2023 \| [Troubleshoot performance issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-perf?view=o365-worldwide) \| modified \| +\| 1/31/2023 \| [Deploy Microsoft Defender for Endpoint on macOS with Microsoft Endpoint Manager](/microsoft-365/security/defender-endpoint/mac-install-with-intune?view=o365-worldwide) \| modified \| +\| 1/31/2023 \| [Set up and configure Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/mde-p1-setup-configuration?view=o365-worldwide) \| modified \| +\| 1/31/2023 \| [Onboard devices and configure Microsoft Defender for Endpoint capabilities](/microsoft-365/security/defender-endpoint/onboard-configure?view=o365-worldwide) \| modified \| +\| 1/31/2023 \| [Onboard to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/onboarding?view=o365-worldwide) \| modified \| +\| 1/31/2023 \| [Migrate to Microsoft Defender for Endpoint - Onboard](/microsoft-365/security/defender-endpoint/switch-to-mde-phase-3?view=o365-worldwide) \| modified \| +\| 1/31/2023 \| Troubleshoot AuditD performance issues with Microsoft Defender for Endpoint on Linux \| removed \| +\| 2/1/2023 \| [Use the Virtual Appointments app in Microsoft Teams](/microsoft-365/frontline/virtual-appointments-app?view=o365-worldwide) \| added \| +\| 2/1/2023 \| [Configure endpoint DLP settings](/microsoft-365/compliance/dlp-configure-endpoint-settings?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Use sensitivity labels to protect calendar items, Teams meetings, and chat](/microsoft-365/compliance/sensitivity-labels-meetings?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Launch your portal using the Portal launch scheduler](/microsoft-365/enterprise/portallaunchscheduler?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Microsoft Teams Advanced Virtual Appointments activity report](/microsoft-365/frontline/advanced-virtual-appointments-activity-report?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| Virtual Appointments with Microsoft Teams and the Bookings app \| removed \| +\| 2/1/2023 \| [Manage the join experience for Teams Virtual Appointments on browsers](/microsoft-365/frontline/browser-join?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Microsoft 365 for retail organizations](/microsoft-365/frontline/teams-for-retail-landing-page?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Microsoft Teams Virtual Appointments usage report](/microsoft-365/frontline/virtual-appointments-usage-report?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Virtual Appointments with Microsoft Teams](/microsoft-365/frontline/virtual-appointments?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Use network protection to help prevent macOS connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection-macos?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Training campaigns in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-training-campaigns?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Create and manage communication compliance policies](/microsoft-365/compliance/communication-compliance-policies?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Deploy updates for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-updates?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Investigate users in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-users?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Application Guard for Office for admins](/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Create a more secure guest sharing environment](/microsoft-365/solutions/create-secure-guest-sharing-environment?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Get all scan agents](/microsoft-365/security/defender-endpoint/get-all-scan-agents?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Get scan definitions](/microsoft-365/security/defender-endpoint/get-all-scan-definitions?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Authenticated scan for Windows in Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/windows-authenticated-scan?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Deploy and manage using group policy](/microsoft-365/security/defender-endpoint/deploy-and-manage-using-group-policy?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Run the client analyzer on macOS or Linux](/microsoft-365/security/defender-endpoint/run-analyzer-macos-linux?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Create and manage inactive mailboxes](/microsoft-365/compliance/create-and-manage-inactive-mailboxes?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Use a script to create an eDiscovery holds report](/microsoft-365/compliance/ediscovery-create-a-report-on-holds-in-cases?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Add more SharePoint storage to your subscription](/microsoft-365/commerce/add-storage-space?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Minimum versions for sensitivity labels in Microsoft 365 Apps](/microsoft-365/compliance/sensitivity-labels-versions?view=o365-worldwide) \| added \| +\| 2/1/2023 \| [Understand the Defender Experts for Hunting report in Microsoft 365 Defender](/microsoft-365/security/defender/defender-experts-report?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Use the eDiscovery Export Tool in Microsoft Edge](/microsoft-365/compliance/ediscovery-configure-edge-to-export-search-results?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Deploy and manage using group policy](/microsoft-365/security/defender-endpoint/deploy-and-manage-using-group-policy?view=o365-worldwide) \| added \| +\| 2/1/2023 \| [Deploy and manage using Intune](/microsoft-365/security/defender-endpoint/deploy-and-manage-using-intune?view=o365-worldwide) \| added \| +\| 2/1/2023 \| [Printer Protection frequently asked questions](/microsoft-365/security/defender-endpoint/printer-protection-frequently-asked-questions?view=o365-worldwide) \| added \| +\| 2/1/2023 \| [Printer Protection Overview](/microsoft-365/security/defender-endpoint/printer-protection-overview?view=o365-worldwide) \| added \| +\| 2/1/2023 \| [Switch to Microsoft Defender for Endpoint - Setup](/microsoft-365/security/defender-endpoint/switch-to-mde-phase-2?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [What's new in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Bookings with me](/microsoft-365/bookings/bookings-in-outlook?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Learn about Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Reduce the attack surface for Microsoft Teams](/microsoft-365/security/office-365-security/step-by-step-guides/reducing-attack-surface-in-microsoft-teams?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [What happens to my data and access when my subscription ends?](/microsoft-365/commerce/subscriptions/what-if-my-subscription-expires?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Enable attack surface reduction rules](/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [What's new in Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-whatsnew?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Performance analyzer for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/tune-performance-defender-antivirus?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [What's new in Microsoft Defender for Endpoint on Windows](/microsoft-365/security/defender-endpoint/windows-whatsnew?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Exposure score in Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/tvm-exposure-score?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Security recommendations](/microsoft-365/security/defender-vulnerability-management/tvm-security-recommendation?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Upgrade distribution lists to Microsoft 365 Groups in Exchange Online](/microsoft-365/admin/manage/upgrade-distribution-lists?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Create and manage insider risk management policies](/microsoft-365/compliance/insider-risk-management-policies?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Deploy Microsoft Defender for Endpoint on Linux manually](/microsoft-365/security/defender-endpoint/linux-install-manually?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Canada social insurance number entity definition](/microsoft-365/compliance/sit-defn-canada-social-insurance-number?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Attack surface reduction in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-asr?view=o365-worldwide) \| added \| +\| 2/1/2023 \| [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Microsoft Defender for Business troubleshooting](/microsoft-365/security/defender-business/mdb-troubleshooting?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Microsoft Defender for Endpoint (MDE) attack surface reduction (ASR) rules deployment overview](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Frequently asked questions on tamper protection](/microsoft-365/security/defender-endpoint/faqs-tamper-protection?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Understand next-generation protection configuration settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-next-gen-configuration-settings?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Get scan history by definition](/microsoft-365/security/defender-endpoint/get-scan-history-by-definition?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Get scan history by session](/microsoft-365/security/defender-endpoint/get-scan-history-by-session?view=o365-worldwide) \| modified \| +\| 2/1/2023 \| [Troubleshoot Microsoft Teams EHR connector setup and configuration](/microsoft-365/frontline/ehr-connector-troubleshoot-setup-configuration?view=o365-worldwide) \| added \| +\| 2/1/2023 \| [Migrate to Microsoft Defender for Office 365 Phase 1: Prepare](/microsoft-365/security/office-365-security/migrate-to-defender-for-office-365-prepare?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Manage submissions](/microsoft-365/security/office-365-security/submissions-admin?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Performance analyzer for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/tune-performance-defender-antivirus?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Microsoft Adoption Score Organizational Messages](/microsoft-365/admin/adoption/organizational-messages?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Message center in the Microsoft 365 admin center](/microsoft-365/admin/manage/message-center?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Configure authentication for Microsoft 365 support integration with ServiceNow](/microsoft-365/admin/manage/servicenow-authentication?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Test and deploy Microsoft 365 Apps by partners in the Integrated apps portal](/microsoft-365/admin/manage/test-and-deploy-microsoft-365-apps?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [What's new in the Microsoft 365 admin center?](/microsoft-365/admin/whats-new-in-preview?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Non-Azure Microsoft volume licensing invoices](/microsoft-365/commerce/licenses/volume-licensing-invoices?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Communication compliance](/microsoft-365/compliance/communication-compliance-solution-overview?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Collect eDiscovery diagnostic information](/microsoft-365/compliance/ediscovery-diagnostic-info?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Migrate the Azure Information Protection (AIP) add-in to Microsoft Purview Information Protection built-in labeling for Office apps](/microsoft-365/compliance/sensitivity-labels-aip?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [OneDrive Cross-tenant OneDrive migration Step 2](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step2?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [OneDrive Cross-tenant OneDrive migration Step 6](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step6?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [OneDrive Cross-Tenant User Data Migration Step 7](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step7?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Cross-tenant OneDrive migration overview](/microsoft-365/enterprise/cross-tenant-onedrive-migration?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Microsoft 365 Multi-Tenant Organization People Search](/microsoft-365/enterprise/multi-tenant-people-search?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Block sign-in for shared mailbox accounts in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-block-signin-shared-mailboxes?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Overview of using Microsoft 365 Lighthouse baselines to deploy standard tenant configurations](/microsoft-365/lighthouse/m365-lighthouse-deploy-standard-tenant-configurations-overview?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Deploy a task automatically in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-deploy-task-automatically?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Overview of deployment tasks in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-overview-deployment-task?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Review a deployment plan in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-review-deployment-plan?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Understand deployment statuses in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-understand-deployment-statuses?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [View task details in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-view-task-details?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [What's new in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-whats-new?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Details of custom permissions in Microsoft 365 Defender role-based access control (RBAC)](/microsoft-365/security/defender/custom-permissions-details?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [External Domain Name System records for Office 365](/microsoft-365/enterprise/external-domain-name-system-records?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Troubleshoot issues and find answers on FAQs related to Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-troubleshoot?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Microsoft 365 Multi-Tenant Organization People Search](/microsoft-365/enterprise/multi-tenant-people-search?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Test attack surface reduction (ASR) rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-test?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Attack surface reduction (ASR) rules reporting](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-report?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Advanced deployment guidance for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/comprehensive-guidance-on-linux-deployment?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Map Microsoft 365 Defender role-based access control (RBAC) permissions](/microsoft-365/security/defender/compare-rbac-roles?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [What is Microsoft Defender Experts for XDR offering](/microsoft-365/security/defender/dex-xdr-overview?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Import roles to Microsoft 365 Defender RBAC](/microsoft-365/security/defender/import-rbac-roles?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [How to use the Microsoft Defender Experts for XDR preview service](/microsoft-365/security/defender/start-using-mdex-xdr?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Bookings with me](/microsoft-365/bookings/bookings-in-outlook?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Pay for your Microsoft business subscription with a billing profile](/microsoft-365/commerce/billing-and-payments/pay-for-subscription-billing-profile?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Payment options for your Microsoft business subscription](/microsoft-365/commerce/billing-and-payments/pay-for-your-subscription?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Attack surface reduction rules reference](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/defender-for-office-365?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Security Operations Guide for Defender for Office 365](/microsoft-365/security/office-365-security/mdo-sec-ops-guide?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Protect security settings with tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Set up the Microsoft Defender for Endpoint on macOS policies in Jamf Pro](/microsoft-365/security/defender-endpoint/mac-jamfpro-policies?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Microsoft Adoption Score - Meetings (New)](/microsoft-365/admin/adoption/meetings-new?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Shifts connectors](/microsoft-365/frontline/shifts-connectors?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Virtual Appointments with Microsoft Teams](/microsoft-365/frontline/virtual-appointments?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Turn on cloud protection in Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [View email security reports](/microsoft-365/security/office-365-security/reports-email-security?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Search the audit log in the Microsoft Purview compliance portal](/microsoft-365/compliance/audit-log-search?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Microsoft Purview auditing solutions](/microsoft-365/compliance/audit-solutions-overview?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Track your Microsoft Secure Score history and meet goals](/microsoft-365/security/defender/microsoft-secure-score-history-metrics-trends?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Assess your security posture through Microsoft Secure Score](/microsoft-365/security/defender/microsoft-secure-score-improvement-actions?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Microsoft Secure Score](/microsoft-365/security/defender/microsoft-secure-score?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Microsoft Secure score data storage and privacy](/microsoft-365/security/defender/secure-score-data-storage-privacy?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Advanced deployment guidance for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/comprehensive-guidance-on-linux-deployment?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Microsoft Defender for Endpoint device timeline](/microsoft-365/security/defender-endpoint/device-timeline-event-flag?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Export information gathering assessment](/microsoft-365/security/defender-endpoint/get-assessment-information-gathering?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Deploy Microsoft Defender for Endpoint on Linux manually](/microsoft-365/security/defender-endpoint/linux-install-manually?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Scheduling Dynamic Recurring Meetings](/microsoft-365/scheduler/scheduler-recurring-meetings?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Manage devices for frontline workers](/microsoft-365/frontline/flw-devices?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Deploy a task automatically in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-deploy-task-automatically?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Deploy a task manually in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-deploy-task-manually?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Dismiss a task in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-dismiss-task?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Overview of deployment tasks in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-overview-deployment-task?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Review a deployment plan in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-review-deployment-plan?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Understand deployment statuses in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-understand-deployment-statuses?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [View task details in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-view-task-details?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [App-based deployment for Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-install?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Trainable classifiers definitions](/microsoft-365/compliance/classifier-tc-definitions?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Configure automated investigation and response capabilities in Microsoft 365 Defender](/microsoft-365/security/defender/m365d-configure-auto-investigation-response?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Manage Microsoft LMS Gateway for any LMS](/microsoft-365/lti/manage-microsoft-one-lti?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Common Microsoft Defender for Endpoint API errors](/microsoft-365/security/defender-endpoint/common-errors?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Quarantine policies](/microsoft-365/security/office-365-security/quarantine-policies?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Choose your scenarios for Microsoft 365 for frontline workers](/microsoft-365/frontline/flw-choose-scenarios?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Corporate communications with frontline workers](/microsoft-365/frontline/flw-corp-comms?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Microsoft 365 for retail organizations](/microsoft-365/frontline/teams-for-retail-landing-page?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Migrate from the MDE SIEM API to the Microsoft 365 Defender alerts API](/microsoft-365/security/defender-endpoint/configure-siem?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [FAQs related to Microsoft Defender Experts for XDR preview](/microsoft-365/security/defender/frequently-asked-questions?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Microsoft 365 Defender streaming event types supported in Event Streaming API](/microsoft-365/security/defender/supported-event-types?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Email analysis in investigations for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/email-analysis-investigations?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Set up Microsoft 365 for frontline workers](/microsoft-365/frontline/flw-setup-microsoft-365?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Build and manage assessments in Microsoft Purview Compliance Manager](/microsoft-365/compliance/compliance-manager-assessments?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Get started with Microsoft Purview Compliance Manager](/microsoft-365/compliance/compliance-manager-setup?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Enable co-authoring for encrypted documents](/microsoft-365/compliance/sensitivity-labels-coauthoring?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Microsoft 365 network connectivity test tool](/microsoft-365/enterprise/office-365-network-mac-perf-onboarding-tool?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Schedule regular quick and full scans with Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/schedule-antivirus-scans?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [OneDrive Cross-Tenant User Data Migration Step 1](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step1?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [OneDrive Cross-Tenant User Data Migration Step 2](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step2?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [OneDrive Cross-Tenant User Data Migration Step 3](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step3?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [OneDrive Cross-Tenant User Data Migration Step 4](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step4?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [OneDrive Cross-Tenant User Data Migration Step 5](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step5?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [OneDrive Cross-Tenant User Data Migration Step 6](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step6?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Cross-tenant OneDrive migration](/microsoft-365/enterprise/cross-tenant-onedrive-migration?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Configure Microsoft 365 support integration with Azure AD Auth Token](/microsoft-365/admin/manage/servicenow-aad-oauth-token-v1?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Configure support integration with ServiceNow - Basic Authentication](/microsoft-365/admin/manage/servicenow-basic-authentication-v1?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Microsoft 365 support integration with ServiceNow configuration overview](/microsoft-365/admin/manage/servicenow-overview-v1?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Testing the ServiceNow configuration](/microsoft-365/admin/manage/servicenow-testing-the-configuration-v1?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Troubleshooting Microsoft 365 support integration with ServiceNow](/microsoft-365/admin/manage/servicenow-troubleshooting-v1?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Integrate Microsoft 365 with ServiceNow Virtual Agent](/microsoft-365/admin/manage/servicenow-virtual-agent-integration-v1?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Non-Azure Microsoft volume licensing invoices](/microsoft-365/commerce/licenses/volume-licensing-invoices?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/defender-endpoint-antivirus-exclusions?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Microsoft Defender for Endpoint Device Control Removable Storage frequently asked questions](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control-faq?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Microsoft Defender for Endpoint Device Control Removable Storage Access Control, removable storage media](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Investigate Microsoft Defender for Endpoint files](/microsoft-365/security/defender-endpoint/investigate-files?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Get started with sensitivity labels](/microsoft-365/compliance/get-started-with-sensitivity-labels?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Enable attack surface reduction (ASR) rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-implement?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Investigate an IP address associated with an alert](/microsoft-365/security/defender-endpoint/investigate-ip?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Microsoft 365 Defender portal](/microsoft-365/security/defender/microsoft-365-defender-portal?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Decryption in Microsoft Purview eDiscovery tools](/microsoft-365/compliance/ediscovery-decryption?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Integrate your SIEM tools with Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/configure-siem?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [What's new in Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-whatsnew?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Investigate alerts in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-alerts?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Insider risk management settings](/microsoft-365/compliance/insider-risk-management-settings?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Service advisories for OAB size limits in Exchange Online monitoring](/microsoft-365/enterprise/microsoft-365-oab-size-limit-service-advisory?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Review events and errors using Event Viewer](/microsoft-365/security/defender-endpoint/event-error-codes?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [How to schedule scans with Microsoft Defender for Endpoint on macOS](/microsoft-365/security/defender-endpoint/mac-schedule-scan?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [What's new in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [What's new in Microsoft Defender Vulnerability Management Public Preview](/microsoft-365/security/defender-vulnerability-management/whats-new-in-microsoft-defender-vulnerability-management?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [How SMTP DNS-based Authentication of Named Entities (DANE) secures email communications](/microsoft-365/compliance/how-smtp-dane-works?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Configure endpoint DLP settings](/microsoft-365/compliance/dlp-configure-endpoint-settings?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Using Endpoint DLP](/microsoft-365/compliance/endpoint-dlp-using?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Create and manage custom detection rules in Microsoft 365 Defender](/microsoft-365/security/defender/custom-detection-rules?view=o365-worldwide) \| modified \| +\| 11/2/2022 \| [Help your clients and customers use virtual appointments](/microsoft-365/frontline/virtual-appointments-toolkit?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Service assurance in the Microsoft Purview compliance portal](/microsoft-365/compliance/service-assurance?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Cross-tenant mailbox migration](/microsoft-365/enterprise/cross-tenant-mailbox-migration?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Advanced Data Residency Commitments](/microsoft-365/enterprise/m365-dr-commitments?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Use Microsoft Teams Meetings LTI with any LTI 1.3 compliant LMS](/microsoft-365/lti/integrate-with-other-lms?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Get Microsoft Defender for Business servers](/microsoft-365/security/defender-business/get-defender-business-servers?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Microsoft Defender for Business](/microsoft-365/security/defender-business/index?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Microsoft Defender for Business frequently asked questions](/microsoft-365/security/defender-business/mdb-faq?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Offboard a device from Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-offboard-devices?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Onboard devices to Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-onboard-devices?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Device health Microsoft Defender Antivirus health report](/microsoft-365/security/defender-endpoint/device-health-microsoft-defender-antivirus-health?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Get started with insider risk management](/microsoft-365/compliance/insider-risk-management-configure?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Insider risk management policies](/microsoft-365/compliance/insider-risk-management-policies?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Learn about insider risk management](/microsoft-365/compliance/insider-risk-management?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Windows and Office 365 deployment lab kit](/microsoft-365/enterprise/modern-desktop-deployment-and-management-lab?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Address false positives/negatives in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/defender-endpoint-false-positives-negatives?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Microsoft Defender for Cloud Apps in Microsoft 365 Defender (Preview)](/microsoft-365/security/defender/microsoft-365-security-center-defender-cloud-apps?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Manage Folders and Rules feature in Microsoft 365 Groups](/microsoft-365/enterprise/manage-folders-and-rules-feature?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [What is Microsoft 365 Defender?](/microsoft-365/security/defender/microsoft-365-defender?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Feature update validation](/microsoft-365/test-base/feature?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Creating and Testing Binary Files on Test Base](/microsoft-365/test-base/testapplication?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Test your Intune application on Test Base](/microsoft-365/test-base/testintuneapplication?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Uploading a pre-built zip package](/microsoft-365/test-base/uploadapplication?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Onboard Windows servers to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Microsoft 365 alert policies](/microsoft-365/compliance/alert-policies?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Data Loss Prevention policy reference](/microsoft-365/compliance/dlp-policy-reference?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Microsoft Defender for Endpoint APIs connection to Power BI](/microsoft-365/security/defender-endpoint/api-power-bi?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Create indicators for IPs and URLs/domains](/microsoft-365/security/defender-endpoint/indicator-ip-domain?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Professional services supported by Microsoft 365 Defender](/microsoft-365/security/defender-endpoint/professional-services?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Technological partners of Microsoft 365 Defender](/microsoft-365/security/defender-endpoint/technological-partners?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Learn about auto-expanding archiving](/microsoft-365/compliance/autoexpanding-archiving?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Azure service bus shared access signature entity definition (preview)](/microsoft-365/compliance/sit-defn-azure-service-bus-shared-access-signature?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Azure Shared Access key / Web Hook token signature entity definition (preview)](/microsoft-365/compliance/sit-defn-azure-shared-access-key-web-hook-token?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Microsoft 365 admin center Teams app usage reports](/microsoft-365/admin/activity-reports/microsoft-teams-apps-usage?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Microsoft 365 admin center mailbox usage reports](/microsoft-365/admin/activity-reports/mailbox-usage?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Customize what happens at the end of the retention period](/microsoft-365/compliance/retention-label-flow?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Azure Active Directory setup guides](/microsoft-365/admin/misc/azure-ad-setup-guides?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [About the Microsoft Purview Compliance Manager premium assessment trial](/microsoft-365/compliance/compliance-easy-trials-compliance-manager-assessments?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Automatically retain or delete content by using retention policies](/microsoft-365/compliance/create-retention-policies?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Message encryption FAQ](/microsoft-365/compliance/ome-faq?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Onboard Windows devices to Microsoft Defender for Endpoint via Group Policy](/microsoft-365/security/defender-endpoint/configure-endpoints-gp?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Onboard Windows devices using Configuration Manager](/microsoft-365/security/defender-endpoint/configure-endpoints-sccm?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Microsoft 365 admin center activity reports](/microsoft-365/admin/activity-reports/activity-reports?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Top 20 most-viewed admin help articles this month # < 60 chars](/microsoft-365/admin/top-m365-admin-articles?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Microsoft 365 admin center help # < 60 chars](/microsoft-365/admin/index?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Microsoft 365 Business Premium resources # < 60 chars](/microsoft-365/business/index?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Customize an archive and deletion policy (MRM) for mailboxes](/microsoft-365/compliance/set-up-an-archive-and-deletion-policy-for-mailboxes?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Microsoft 365 for frontline workers # < 60 chars](/microsoft-365/frontline/index?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Microsoft 365 documentation # < 60 chars](/microsoft-365/index?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Investigate domains and URLs associated with a Microsoft Defender for Endpoint alert](/microsoft-365/security/defender-endpoint/investigate-domain?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [What's new in Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-whatsnew?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Cross-Tenant Identity Mapping (preview)](/microsoft-365/enterprise/cross-tenant-identity-mapping?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Deploy Teams at scale for frontline workers](/microsoft-365/frontline/deploy-teams-at-scale?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Onboard Microsoft Defender for IoT with Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/enable-microsoft-defender-for-iot-integration?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Use network protection to help prevent connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Web protection](/microsoft-365/security/defender-endpoint/web-protection-overview?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Manage clients for Microsoft Whiteboard in GCC environments](/microsoft-365/whiteboard/manage-clients-gcc?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Manage data for Microsoft Whiteboard in GCC environments](/microsoft-365/whiteboard/manage-data-gcc?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Manage sharing for Microsoft Whiteboard in GCC environments](/microsoft-365/whiteboard/manage-sharing-gcc?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Manage access to Microsoft Whiteboard for GCC environments](/microsoft-365/whiteboard/manage-whiteboard-access-gcc?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Microsoft Adoption Score](/microsoft-365/admin/adoption/adoption-score?view=o365-worldwide) \| renamed \| +\| 2/2/2023 \| [Microsoft Adoption Score - Microsoft 365 apps health](/microsoft-365/admin/adoption/apps-health?view=o365-worldwide) \| renamed \| +\| 2/2/2023 \| [Microsoft Adoption Score - Communication](/microsoft-365/admin/adoption/communication?view=o365-worldwide) \| renamed \| +\| 2/2/2023 \| [Microsoft Adoption Score - Content collaboration](/microsoft-365/admin/adoption/content-collaboration?view=o365-worldwide) \| renamed \| +\| 2/2/2023 \| [Microsoft Adoption Score - Meetings](/microsoft-365/admin/adoption/meetings?view=o365-worldwide) \| renamed \| +\| 2/2/2023 \| [Microsoft Adoption Score - Mobility](/microsoft-365/admin/adoption/mobility?view=o365-worldwide) \| renamed \| +\| 2/2/2023 \| [Microsoft Adoption Score - Privacy](/microsoft-365/admin/adoption/privacy?view=o365-worldwide) \| renamed \| +\| 2/2/2023 \| [Microsoft Adoption Score - Teamwork](/microsoft-365/admin/adoption/teamwork?view=o365-worldwide) \| renamed \| +\| 2/2/2023 \| [Troubleshoot issues on Microsoft Defender for Endpoint on Android](/microsoft-365/security/defender-endpoint/android-support-signin?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [What's new in Microsoft Defender for Endpoint on Android](/microsoft-365/security/defender-endpoint/android-whatsnew?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| About the Microsoft Defender Vulnerability Management public preview trial \| removed \| +\| 2/2/2023 \| [Top 10 ways to secure your business data - Best practices for small and medium-sized businesses](/microsoft-365/admin/security-and-compliance/secure-your-business-data?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Onboard and offboard macOS devices into Microsoft Purview solutions using Microsoft Intune](/microsoft-365/compliance/device-onboarding-offboarding-macos-intune?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Integrate Microsoft Teams classes and meetings with Moodle](/microsoft-365/lti/teams-classes-meetings-with-moodle?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Choose between guided and advanced modes for hunting in Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-modes?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Overview - Advanced hunting](/microsoft-365/security/defender/advanced-hunting-overview?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Supported data types and filters in guided mode for hunting in Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-query-builder-details?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Work with query results in guided mode for hunting in Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-query-builder-results?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Build queries using guided mode in Microsoft 365 Defender advanced hunting](/microsoft-365/security/defender/advanced-hunting-query-builder?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Move users to a different subscription](/microsoft-365/commerce/subscriptions/move-users-different-subscription?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [EU debit card number entity definition](/microsoft-365/compliance/sit-defn-eu-debit-card-number?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [International banking account number (IBAN) entity definition](/microsoft-365/compliance/sit-defn-international-banking-account-number?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Integrate Microsoft Teams meetings with Schoology LMS](/microsoft-365/lti/teams-classes-and-meetings-with-schoology?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Export assessment methods and properties per device](/microsoft-365/security/defender-endpoint/get-assessment-methods-properties?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Learn how to mitigate the Log4Shell vulnerability in Microsoft Defender for Endpoint - Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/tvm-manage-log4shell-guidance?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Configure your Event Hubs](/microsoft-365/security/defender/configure-event-hub?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Microsoft 365 Group mailbox size management](/microsoft-365/admin/create-groups/group-mailbox-size-management?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Migrating servers from Microsoft Defender for Endpoint to Microsoft Defender for Cloud](/microsoft-365/security/defender-endpoint/migrating-mde-server-to-cloud?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Guest users in the Microsoft 365 admin center](/microsoft-365/admin/add-users/about-guest-users?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Manage guest access in Microsoft 365 groups](/microsoft-365/admin/create-groups/manage-guest-access-in-groups?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Use Microsoft Teams meetings with Blackboard Learn](/microsoft-365/lti/teams-meetings-with-blackboard-learn?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Manage data for Microsoft Whiteboard](/microsoft-365/whiteboard/manage-data-organizations?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Manage sharing for Microsoft Whiteboard in GCC High environments](/microsoft-365/whiteboard/manage-sharing-gcc-high?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Manage sharing for Microsoft Whiteboard](/microsoft-365/whiteboard/manage-sharing-organizations?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Microsoft 365 Business Premium overview](/microsoft-365/business-premium/index?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Glossary of security terms for Microsoft 365 security capabilities](/microsoft-365/business-premium/m365bp-glossary?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Use AllowSelfServicePurchase for the MSCommerce PowerShell module](/microsoft-365/commerce/subscriptions/allowselfservicepurchase-powershell?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Configure and manage Microsoft Threat Experts capabilities](/microsoft-365/security/defender-endpoint/configure-microsoft-threat-experts?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Microsoft Defender for Endpoint Device Control Device Installation](/microsoft-365/security/defender-endpoint/mde-device-control-device-installation?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Review audit logs in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-review-audit-logs?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [What's new in Microsoft Defender Vulnerability Management Public Preview](/microsoft-365/security/defender-vulnerability-management/whats-new-in-microsoft-defender-vulnerability-management?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Upload Application Binaries](/microsoft-365/test-base/binaries?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Functional testing on Test Base](/microsoft-365/test-base/functional?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Memory regression analysis](/microsoft-365/test-base/memory?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Run your test on-demand](/microsoft-365/test-base/ondemandrun?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Test Base SDK for Python](/microsoft-365/test-base/pythonsdkoverview?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Set your test tasks](/microsoft-365/test-base/testtask?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Preset security policies](/microsoft-365/security/office-365-security/preset-security-policies?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Use Power Automate connectors to build Bookings workflows](/microsoft-365/bookings/power-automate-integration?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Learn about archive mailboxes for Microsoft Purview](/microsoft-365/compliance/archive-mailboxes?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Share DLP alerts](/microsoft-365/compliance/dlp-share-alerts?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Enable auto-expanding archiving](/microsoft-365/compliance/enable-autoexpanding-archiving?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Azure AD configuration for content encrypted by Microsoft Purview Information Protection](/microsoft-365/compliance/encryption-azure-ad-configuration?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Create exact data match sensitive information type workflow classic experience](/microsoft-365/compliance/sit-create-edm-sit-classic-ux-workflow?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Create EDM SIT sample file for the new experience](/microsoft-365/compliance/sit-create-edm-sit-unified-ux-sample-file?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Create EDM SIT using the new experience](/microsoft-365/compliance/sit-create-edm-sit-unified-ux-schema-rule-package?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Create exact data match sensitive information type workflow new experience](/microsoft-365/compliance/sit-create-edm-sit-unified-ux-workflow?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Get started with exact data match based sensitive information types](/microsoft-365/compliance/sit-get-started-exact-data-match-based-sits-overview?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Create the schema for exact data match based sensitive information types](/microsoft-365/compliance/sit-get-started-exact-data-match-create-schema?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Export source data for exact data match based sensitive information type](/microsoft-365/compliance/sit-get-started-exact-data-match-export-data?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Hash and upload the sensitive information source table for exact data match sensitive information types](/microsoft-365/compliance/sit-get-started-exact-data-match-hash-upload?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Learn about exact data match based sensitive information types](/microsoft-365/compliance/sit-learn-about-exact-data-match-based-sits?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Suspicious password-spray-related IP address activity alert](/microsoft-365/security/defender/alert-grading-password-spray?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Get help and support for Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-get-help?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Visit the Microsoft 365 Defender portal](/microsoft-365/security/defender-business/mdb-get-started?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Understand next-generation protection configuration settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-next-gen-configuration-settings?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Use setup wizard in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-use-wizard?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Set preferences for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-preferences?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Introduction to Microsoft Whiteboard](/microsoft-365/whiteboard/index?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Detect and Remediate Illicit Consent Grants](/microsoft-365/security/office-365-security/detect-and-remediate-illicit-consent-grants?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Set up and configure the Moodle LMS plugins](/microsoft-365/lti/moodle-plugin-configuration?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Set up and configure the Moodle LMS plugins for Open LMS](/microsoft-365/lti/open-lms-plugin-configuration?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Top 10 ways to secure your data - Best practices for small and medium-sized businesses](/microsoft-365/admin/security-and-compliance/secure-your-business-data?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Migrating servers from Microsoft Monitoring Agent to the unified solution](/microsoft-365/security/defender-endpoint/application-deployment-via-mecm?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Onboard devices and configure Microsoft Defender for Endpoint capabilities](/microsoft-365/security/defender-endpoint/onboard-configure?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Supported Microsoft Defender for Endpoint capabilities by platform](/microsoft-365/security/defender-endpoint/supported-capabilities-by-platform?view=o365-worldwide) \| added \| +\| 2/2/2023 \| [Configure Microsoft Defender for Endpoint on iOS features](/microsoft-365/security/defender-endpoint/ios-configure-features?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [What's new in Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-whatsnew?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Microsoft Defender Offline in Windows](/microsoft-365/security/defender-endpoint/microsoft-defender-offline?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Go to the Action center to view and approve your automated investigation and remediation tasks](/microsoft-365/security/defender/m365d-action-center?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Automated investigation and response in Microsoft 365 Defender](/microsoft-365/security/defender/m365d-autoir?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Apply encryption using sensitivity labels](/microsoft-365/compliance/encryption-sensitivity-labels?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Onboard devices without Internet access to Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/onboard-offline-machines?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Configure Microsoft 365 user account properties with PowerShell](/microsoft-365/enterprise/configure-user-account-properties-with-microsoft-365-powershell?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Configure and validate exclusions based on extension, name, or location](/microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Data Residency for Other Microsoft 365 Services](/microsoft-365/enterprise/m365-dr-workload-other?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Manage Office Scripts settings](/microsoft-365/admin/manage/manage-office-scripts-settings?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Create and publish sensitivity labels](/microsoft-365/compliance/create-sensitivity-labels?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Delete items in the Recoverable Items folder of cloud-based mailboxes on hold - Admin Help](/microsoft-365/compliance/delete-items-in-the-recoverable-items-folder-of-mailboxes-on-hold?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Overview of sensitivity labels](/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Enable sensitivity labels for Office files in SharePoint and OneDrive](/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Test and deploy Microsoft 365 Apps](/microsoft-365/admin/manage/test-and-deploy-microsoft-365-apps?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Data loss prevention and Microsoft Teams](/microsoft-365/compliance/dlp-microsoft-teams?view=o365-worldwide) \| modified \| +\| 2/2/2023 \| [Alert policies in the security and compliance centers](/microsoft-365/compliance/alert-policies?view=o365-worldwide) \| modified \| +\| 2/3/2023 \| [Microsoft Teams Virtual Appointments Call Quality Dashboard](/microsoft-365/frontline/virtual-appointments-call-quality?view=o365-worldwide) \| added \| +\| 2/3/2023 \| [Configure alert notifications in Microsoft 365 Defender](/microsoft-365/security/defender/configure-email-notifications?view=o365-worldwide) \| renamed \| +\| 2/3/2023 \| [Microsoft Teams Virtual Appointments usage report](/microsoft-365/frontline/virtual-appointments-usage-report?view=o365-worldwide) \| modified \| +\| 2/3/2023 \| [Microsoft 365 Lighthouse frequently asked questions (FAQs)](/microsoft-365/lighthouse/m365-lighthouse-faq?view=o365-worldwide) \| modified \| +\| 2/3/2023 \| [Advanced deployment guides for Microsoft 365 and Office 365 services](/microsoft-365/enterprise/setup-guides-for-microsoft-365?view=o365-worldwide) \| modified \| +\| 2/3/2023 \| Data Loss Prevention Reference \| removed \| +\| 2/3/2023 \| [Data loss prevention and Microsoft Teams](/microsoft-365/compliance/dlp-microsoft-teams?view=o365-worldwide) \| modified \| +\| 2/3/2023 \| [Get started with the Microsoft Service Trust Portal](/microsoft-365/compliance/get-started-with-service-trust-portal?view=o365-worldwide) \| modified \| +\| 2/3/2023 \| [Set up the Microsoft Defender for Endpoint on macOS policies in Jamf Pro](/microsoft-365/security/defender-endpoint/mac-jamfpro-policies?view=o365-worldwide) \| modified \| ++ +## Week of January 23, 2023 ++ +\| Published On \|Topic title \| Change \| +\|\|\|--\| +\| 1/23/2023 \| [Create and manage inactive mailboxes](/microsoft-365/compliance/create-and-manage-inactive-mailboxes?view=o365-worldwide) \| modified \| +\| 1/23/2023 \| [Use a script to create an eDiscovery holds report](/microsoft-365/compliance/ediscovery-create-a-report-on-holds-in-cases?view=o365-worldwide) \| modified \| +\| 1/23/2023 \| [How to secure your business data with Microsoft 365 for business](/microsoft-365/admin/security-and-compliance/secure-your-business-data?view=o365-worldwide) \| modified \| +\| 1/23/2023 \| [Boost your security protection with Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-security-overview?view=o365-worldwide) \| modified \| +\| 1/23/2023 \| [What DLP policy templates include](/microsoft-365/compliance/what-the-dlp-policy-templates-include?view=o365-worldwide) \| modified \| +\| 1/23/2023 \| [Microsoft Defender for Business frequently asked questions](/microsoft-365/security/defender-business/mdb-faq?view=o365-worldwide) \| modified \| +\| 1/23/2023 \| [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-worldwide) \| modified \| +\| 1/24/2023 \| [Deploy and manage using group policy](/microsoft-365/security/defender-endpoint/deploy-and-manage-using-group-policy?view=o365-worldwide) \| modified \| +\| 1/24/2023 \| [Run the client analyzer on macOS or Linux](/microsoft-365/security/defender-endpoint/run-analyzer-macos-linux?view=o365-worldwide) \| modified \| +\| 1/24/2023 \| [Audit log activities](/microsoft-365/compliance/audit-log-activities?view=o365-worldwide) \| modified \| +\| 1/25/2023 \| [Create and manage communication compliance policies](/microsoft-365/compliance/communication-compliance-policies?view=o365-worldwide) \| modified \| +\| 1/25/2023 \| [Deploy updates for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-updates?view=o365-worldwide) \| modified \| +\| 1/25/2023 \| [Investigate users in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-users?view=o365-worldwide) \| modified \| +\| 1/25/2023 \| [Application Guard for Office for admins](/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide) \| modified \| +\| 1/25/2023 \| [Create a more secure guest sharing environment](/microsoft-365/solutions/create-secure-guest-sharing-environment?view=o365-worldwide) \| modified \| +\| 1/25/2023 \| [Compare security features in Microsoft 365 plans for small and medium-sized businesses](/microsoft-365/security/defender-business/compare-mdb-m365-plans?view=o365-worldwide) \| modified \| +\| 1/25/2023 \| [Overview of Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1?view=o365-worldwide) \| modified \| +\| 1/26/2023 \| [Get all scan agents](/microsoft-365/security/defender-endpoint/get-all-scan-agents?view=o365-worldwide) \| modified \| +\| 1/26/2023 \| [Get scan definitions](/microsoft-365/security/defender-endpoint/get-all-scan-definitions?view=o365-worldwide) \| modified \| +\| 1/26/2023 \| [Use network protection to help prevent macOS connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection-macos?view=o365-worldwide) \| modified \| +\| 1/26/2023 \| [Authenticated scan for Windows in Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/windows-authenticated-scan?view=o365-worldwide) \| modified \| +\| 1/26/2023 \| Employee quick-setup guide \| removed \| +\| 1/27/2023 \| [Attack surface reduction in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-asr?view=o365-worldwide) \| added \| +\| 1/27/2023 \| [Canada social insurance number entity definition](/microsoft-365/compliance/sit-defn-canada-social-insurance-number?view=o365-worldwide) \| modified \| +\| 1/27/2023 \| [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) \| modified \| +\| 1/27/2023 \| [Microsoft Defender for Business troubleshooting](/microsoft-365/security/defender-business/mdb-troubleshooting?view=o365-worldwide) \| modified \| +\| 1/27/2023 \| [Microsoft Defender for Endpoint (MDE) attack surface reduction (ASR) rules deployment overview](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment?view=o365-worldwide) \| modified \| +\| 1/27/2023 \| [Frequently asked questions on tamper protection](/microsoft-365/security/defender-endpoint/faqs-tamper-protection?view=o365-worldwide) \| modified \| +\| 1/27/2023 \| [What's new in Microsoft Defender for Endpoint on Windows](/microsoft-365/security/defender-endpoint/windows-whatsnew?view=o365-worldwide) \| modified \| +\| 1/27/2023 \| [Address false positives/negatives in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/defender-endpoint-false-positives-negatives?view=o365-worldwide) \| modified \| +\| 1/27/2023 \| [Manage Microsoft Defender for Endpoint using PowerShell, WMI, and MPCmdRun.exe](/microsoft-365/security/defender-endpoint/manage-mde-post-migration-other-tools?view=o365-worldwide) \| modified \| +\| 1/27/2023 \| [Manage Microsoft Defender for Endpoint after initial setup or migration](/microsoft-365/security/defender-endpoint/manage-mde-post-migration?view=o365-worldwide) \| modified \| +\| 1/27/2023 \| [Set up and configure Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/mde-p1-setup-configuration?view=o365-worldwide) \| modified \|
security	Defender Endpoint Plan 1 2	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2.md	audience: ITPro Previously updated : 02/07/2023 Last updated : 02/27/2023 ms.localizationpriority: medium Defender for Endpoint Plan 1 and 2 (standalone), Defender for Business (standalo - Microsoft Defender for Business servers (recommended for small and medium-sized businesses who have [Microsoft Defender for Business](../defender-business/mdb-overview.md)). To learn more, see [How to get Microsoft Defender for Business servers](../defender-business/get-defender-business-servers.md). - Microsoft Defender for Endpoint for Servers (if you already have these licenses). See [Defender for Endpoint onboarding Windows Server](onboard-windows-server.md). -## Mixed licensing scenarios +## Start a trial -Suppose that your organization is using a mix of Microsoft endpoint security subscriptions, such as Defender for Endpoint Plan 1 and Defender for Endpoint Plan 2. Currently, the highest functional Microsoft endpoint security subscription sets the experience for your tenant. In this example, your tenant experience would be Defender for Endpoint Plan 2 for all users. +- To try Defender for Endpoint, go to the [Defender for Endpoint trial sign-up page](https://go.microsoft.com/fwlink/p/?LinkID=2168109). +- To try the Microsoft Defender Vulnerability Management add-on for Defender for Endpoint Plan 2, visit [https://aka.ms/AddonPreviewTrial](https://aka.ms/AddonPreviewTrial). -However, you can contact support and request an override for your tenant experience. That is, you could request an override to keep the Defender for Endpoint Plan 1 experience for all users. +## Mixed-licensing scenarios -- For more information about licenses and product terms, see [Licensing and product terms for Microsoft 365 subscriptions](https://www.microsoft.com/licensing/terms/productoffering/Microsoft365/MCA).-- For information about how to contact support, see [Contact Microsoft Defender for Endpoint support](contact-support.md). +A mixed-licensing scenario is a situation in which an organization is using a mix of subscriptions, such as Defender for Endpoint Plan 1 and Plan 2. The following table describes examples of mixed-licensing scenarios: -> [!TIP] -> If your organization is a small or medium-sized business, see [What happens if I have a mix of Microsoft endpoint security subscriptions](/microsoft-365/security/defender-business/mdb-faq#what-happens-if-i-have-a-mix-of-microsoft-endpoint-security-subscriptions)? +\| Scenario \| Description \| +\|:\|:\| +\| Mixed tenant \| Use different sets of capabilities for groups of users and their devices. Examples include:<br/>- Defender for Endpoint Plan 1 and Defender for Endpoint Plan 2<br/>- Microsoft 365 E3 and Microsoft 365 E5 \| +\| Mixed trial \| Try a premium level subscription for some users. Examples include: <br/>- Defender for Endpoint Plan 1 (purchased for all users), and Defender for Endpoint Plan 2 (a trial subscription has been started for some users)<br/>- Microsoft 365 E3 (purchased for all users), and Microsoft 365 E5 (a trial subscription has been started for some users) \| +\| Phased upgrades \| Upgrade user licenses in phases. Examples include:<br/>- Moving groups of users from Defender for Endpoint Plan 1 to Plan 2<br/>- Moving groups of users from Microsoft 365 E3 to E5 \| -## Start a trial +If you have Defender for Endpoint Plan 1 and Plan 2 in your tenant, the ability to manage your subscription settings across client devices is now in preview! This new capability enables you to: -- To try Defender for Endpoint, go to the [Defender for Endpoint trial sign-up page](https://go.microsoft.com/fwlink/p/?LinkID=2168109).-- To try the Microsoft Defender Vulnerability Management add-on for Defender for Endpoint Plan 2, visit [https://aka.ms/AddonPreviewTrial](https://aka.ms/AddonPreviewTrial). +- Apply either Defender for Endpoint Plan 1 or Plan 2 settings to all your client devices; or +- Use mixed mode, and apply Defender for Endpoint Plan 1 settings to some client devices, and Defender for Endpoint Plan 2 to other client devices. + +You can also use a newly added license usage report to track status. + +For more information, including how to use mixed-licensing scenarios in your tenant, see [Manage your Defender for Endpoint subscription settings across devices](defender-endpoint-subscription-settings.md). + +> [!TIP] +> If your organization is a small or medium-sized business, see [What happens if I have a mix of Microsoft endpoint security subscriptions](/microsoft-365/security/defender-business/mdb-faq#what-happens-if-i-have-a-mix-of-microsoft-endpoint-security-subscriptions)? -## See also +## More resources +- [Licensing and product terms for Microsoft 365 subscriptions](https://www.microsoft.com/licensing/terms/productoffering/Microsoft365/MCA). +- [How to contact support for Defender for Endpoint](contact-support.md). - [Get started with Microsoft Security (trial offers)](https://www.microsoft.com/security/business/get-started/start-free-trial) - [Microsoft Defender for Endpoint](microsoft-defender-endpoint.md) - [Microsoft Defender for Business](../defender-business/mdb-overview.md) (endpoint protection for small and medium-sized businesses)
security	Defender Endpoint Subscription Settings	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/defender-endpoint-subscription-settings.md	+ + Title: Manage your Microsoft Defender for Endpoint subscription settings across client devices +description: Learn about your options for managing your Defender for Endpoint subscription settings. Choose Plan 1, Plan 2, or mixed mode. +keywords: Defender for Endpoint, choose plan 1, choose plan 2, mixed mode, device tag, endpoint protection, endpoint security, device security, cybersecurity +search.appverid: MET150 +++ +audience: ITPro + Last updated : 02/27/2023++ +ms.localizationpriority: medium + +f1.keywords: NOCSH + +- M365-security-compliance +- m365initiative-defender-endpoint ++ +# Manage Microsoft Defender for Endpoint subscription settings across client devices + +A [mixed-licensing scenario](defender-endpoint-plan-1-2.md#mixed-licensing-scenarios) is a situation in which an organization is using a mix of Defender for Endpoint Plan 1 and Plan 2 licenses. Until recently, mixed-licensing scenarios weren't supported; in cases of multiple subscriptions, the highest functional subscription would take precedence for your tenant. Now, the ability to manage your subscription settings to accommodate mixed licensing scenarios across client devices is currently in preview! These capabilities enable you to: + +- Set your tenant to mixed mode and tag devices to determine which client devices will receive features and capabilities from each plan (we call this option mixed mode); OR, +- Use the features and capabilities from one plan across all your client devices. + +## [Use mixed mode](#tab/mixed) + +## Set your tenant to mixed mode and tag devices + +> [!IMPORTANT] +> - Mixed-mode settings apply to client endpoints only. Tagging server devices wonΓÇÖt change their subscription state. All server devices running Windows Server or Linux should have appropriate licenses, such as [Defender for Servers](/azure/defender-for-cloud/plan-defender-for-servers-select-plan). See [Options for onboarding servers](defender-endpoint-plan-1-2.md#options-for-onboarding-servers). +> - Make sure to follow the procedures in this article to try mixed-license scenarios in your environment. Assigning user licenses in the Microsoft 365 admin center ([https://admin.microsoft.com](https://admin.microsoft.com)) doesn't set your tenant to mixed mode. +> - Make sure that you have opted in to receive [preview features](preview.md). +> - You should have active trial or paid licenses for both Defender for Endpoint Plan 1 and Plan 2. +> - To access license information, you must have one of the following roles assigned in Azure Active Directory (Azure AD): +> - Global Admin +> - Security Admin +> - License Admin + MDE Admin + +1. As an admin, go to the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) and sign in. + +2. Go to Settings > Endpoints > Licenses. Your usage report report opens and displays information about your organizationΓÇÖs Defender for Endpoint licenses. + +3. Under Subscription state, select Manage subscription settings. + + > [!NOTE] + > If you don't see Manage subscription settings, at least one of the following conditions is true: + > - You have Defender for Endpoint Plan 1 or Plan 2 (but not both); or + > - Mixed-license capabilities haven't rolled out to your tenant yet. + +4. A Subscription settings flyout opens. Choose the option to use Defender for Endpoint Plan 1 and Plan 2. (No changes will occur until devices are tagged as per the next step.) + +5. Tag the devices that should receive either Defender for Endpoint Plan 1 or Plan 2 capabilities. You can choose to tag your devices manually or by using a dynamic rule. [Learn more about device tagging](#more-details-about-device-tagging). + + \| Method \| Details \| + \|:\|:\| + \| Tag devices manually \| To tag devices manually, create a tag called `License MDE P1` and apply it to devices. To get help with this step, see [Create and manage device tags](machine-tags.md).<br/><br/>Note that devices that are tagged with the `License MDE P1` tag using the [registry key method](machine-tags.md#add-device-tags-by-setting-a-registry-key-value) will not receive downgraded functionality. If you want to tag devices by using the registry key method, use a dynamic rule instead of manual tagging. \| + \| Tag devices automatically by using a dynamic rule \| Dynamic rule functionality is new! It allows you to apply a dynamic and granular level of control over how you manage devices. <br/><br/>To use a dynamic rule, you specify a set of criteria based on device name, domain, operating system platform, and/or device tags. Devices that meet the specified criteria will receive the Defender for Endpoint Plan 1 or Plan 2 capabilities according to your rule. <br/><br/>As you define your criteria, you can use the following condition operators: <br/>- `Equals` / `Not equals`<br/>- `Starts with`<br/>- `Contains` / `Does not contain` <br/><br/>For Device name, you can use freeform text.<br/><br/>For Domain, select from a list of domains.<br/><br/>For OS platform, select from a list of operating systems.<br/><br/>For Tag, use the freeform text option. Type the tag value that corresponds to the devices that should receive either Defender for Endpoint Plan 1 or Plan 2 capabilities. See the example in [More details about device tagging](#more-details-about-device-tagging). \| + + Device tags are visible in the Device inventory view and in the [Defender for Endpoint APIs](apis-intro.md). + +6. Save your rule and wait for up to three (3) hours for tags to be applied. Then, proceed to [Validate that a device is receiving only Defender for Endpoint Plan 1 capabilities](#validate-that-a-device-is-receiving-only-defender-for-endpoint-plan-1-capabilities). + +### More details about device tagging + +As described in [Tech Community blog: How to use tagging effectively](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/how-to-use-tagging-effectively-part-1/ba-p/1964058), device tagging provides you with granular control over devices. With device tags, you can: + +- Display certain devices to individual users in the Microsoft 365 Defender portal so that they see only the devices they're responsible for. +- Include or exclude devices from specific security policies. +- Determine which devices should receive Defender for Endpoint Plan 1 or Plan 2 capabilities. (This capability is now in preview!) + +For example, suppose that you want to use a tag called `VIP` for all the devices that should receive Defender for Endpoint Plan 2 capabilities. Here's what you would do: + +1. Create a device tag called `VIP`, and apply it to all the devices that should receive Defender for Endpoint Plan 2 capabilities. Use one of the following methods to create your device tag: + + - [Add and manage device tags using the Microsoft 365 Defender portal](machine-tags.md#add-and-manage-device-tags-using-the-portal). + - [Add device tags by setting a registry key value](machine-tags.md#add-device-tags-by-setting-a-registry-key-value). + - [Add or remove machine tags by using the Defender for Endpoint API](add-or-remove-machine-tags.md). + - [Add device tags by creating a custom profile in Microsoft Intune](machine-tags.md#add-device-tags-by-creating-a-custom-profile-in-microsoft-intune). + +2. Set up a dynamic rule using the condition operator `Tag Does not contain VIP`. In this case, all devices that do not have the `VIP` tag will receive the `License MDE P1` tag and Defender for Endpoint Plan 1 capabilities. ++ +## [Use one plan](#tab/oneplan) + +## Use the features and capabilities from one plan across all your devices + +> [!IMPORTANT] +> - Make sure that you have opted in to receive [preview features](preview.md). +> - To access license information, you must have one of the following roles assigned in Azure Active Directory (Azure AD): +> - Global Admin +> - Security Admin +> - License Admin + MDE Admin + +1. As a Security Admin or Global Admin, go to the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) and sign in. + +2. Go to Settings > Endpoints > Licenses. + +3. Under Subscription state, select Manage subscription settings. + + > [!NOTE] + > If you don't see Manage subscription settings, at least one of the following conditions is true: + > - You have Defender for Endpoint Plan 1 or Plan 2 (but not both); or + > - Mixed-license capabilities haven't rolled out to your tenant yet. + +4. A Subscription settings flyout opens. Choose one plan for all users and devices, and then select Done. It can take up to three hours for your changes to be applied. + + If you chose to apply Defender for Endpoint Plan 1 to all devices, proceed to [Validate that devices are receiving only Defender for Endpoint Plan 1 capabilities](#validate-that-a-device-is-receiving-only-defender-for-endpoint-plan-1-capabilities). +++ +## Validate that a device is receiving only Defender for Endpoint Plan 1 capabilities + +After you have assigned Defender for Endpoint Plan 1 capabilities to some or all devices, you can verify that an individual device is receiving those capabilities. + +1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), go to Assets > Devices. + +2. Select a device that is tagged with `License MDE P1`. You should see that Defender for Endpoint Plan 1 is assigned to the device. + +> [!NOTE] +> Devices that are assigned Defender for Endpoint Plan 1 capabilities will not have vulnerabilities or security recommendations listed. + +## Review license usage + +The license usage report is estimated based on sign-in activities on the device. To reduce management overhead, there will not be a requirement for device-to-user mapping and assignment. Instead, the license report will provide a utilization estimation that is calculated based on the utilization seen across your organization. It might take up to one day for your usage report to reflect the active usage of your devices. + +> [!IMPORTANT] +> To access license information, you must have one of the following roles assigned in Azure Active Directory (Azure AD): +> - Security Admin +> - Global Admin +> - License Admin + MDE Admin + +1. Go to the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) and sign in. + +2. Choose Settings > Endpoints > Licenses. + +3. Review your available and assigned licenses. The calculation is based on detected users who have accessed devices that are onboarded to Defender for Endpoint. + +## More resources + +- [Compare Microsoft endpoint security plans](defender-endpoint-plan-1-2.md) +- [Licensing and product terms for Microsoft 365 subscriptions](https://www.microsoft.com/licensing/terms/productoffering/Microsoft365/MCA). +- [How to contact support for Defender for Endpoint](contact-support.md). +- [Get started with Microsoft Security (trial offers)](https://www.microsoft.com/security/business/get-started/start-free-trial) +- [Microsoft Defender for Endpoint](microsoft-defender-endpoint.md) +- [Microsoft Defender for Business](../defender-business/mdb-overview.md) (endpoint protection for small and medium-sized businesses)
security	Mac Schedule Scan	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-schedule-scan.md	search.appverid: met150 Previously updated : 03/26/2021 # Schedule scans with Microsoft Defender for Endpoint on macOS The following code shows the schema you need to use to schedule a quick scan. ## Schedule a scan with Intune -You can also schedule scans with Microsoft Intune. The [runMDATPQuickScan.sh](https://github.com/microsoft/shell-intune-samples/tree/master/macOS/Config/MDATP) shell script available at [Scripts for Microsoft Defender for Endpoint](https://github.com/microsoft/shell-intune-samples/tree/master/Misc/MDATP) will persist when the device resumes from sleep mode. +You can also schedule scans with Microsoft Intune. The runMDATPQuickScan.sh shell script available at [Scripts for Microsoft Defender for Endpoint](https://github.com/microsoft/shell-intune-samples/tree/master/macOS/Config/MDATP) will persist when the device resumes from sleep mode. See [Use shell scripts on macOS devices in Intune](/mem/intune/apps/macos-shell-scripts) for more detailed instructions on how to use this script in your enterprise.
security	Machine Tags	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/machine-tags.md	search.appverid: met150 Previously updated : 12/18/2020 Last updated : 02/27/2023 # Create and manage device tags Use the following registry key entry to add a tag on a device: > The device tag is part of the device information report that's generated once a day. As an alternative, you may choose to restart the endpoint that would transfer a new device information report. > > If you need to remove a tag that was added using the above Registry key, clear the contents of the Registry key data instead of removing the 'Group' key.+ +## Add device tags by creating a custom profile in Microsoft Intune + +You can use Microsoft Intune to define and apply device tags. You can perform this task by creating a device configuration profile using custom settings in Intune. For more information, see [Create a profile with custom settings in Intune](/mem/intune/configuration/custom-settings-configure). + +- In the [Create the profile](/mem/intune/configuration/custom-settings-configure) procedure, for step 3, choose either [macOS](/mem/intune/configuration/custom-settings-macos) or [Windows 10 and later](/mem/intune/configuration/custom-settings-windows-10), depending on the devices you want to tag. + +- For Windows 10 or later, in the [OMA-IRU settings](/mem/intune/configuration/custom-settings-windows-10) section, for Data type, choose String. For Value, type (or paste) `./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/DeviceTagging/Group`. + +- For macOS, follow the guidance in [Use custom settings for macOS devices in Microsoft Intune](/mem/intune/configuration/custom-settings-macos).
security	Prevent Changes To Security Settings With Tamper Protection	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection.md	ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: medium Previously updated : 02/07/2023 Last updated : 02/27/2023 audience: ITPro If your organization has [exclusions defined for Microsoft Defender Antivirus](c - `DisableLocalAdminMerge` is enabled. (See [DisableLocalAdminMerge](/windows/client-management/mdm/defender-csp).) - Microsoft Defender Antivirus exclusions are managed in Microsoft Intune. (See [Settings for Microsoft Defender Antivirus policy in Microsoft Intune for Windows devices](/mem/intune/protect/antivirus-microsoft-defender-settings-windows).)-- Tamper protection is deployed and managed by using Intune. Devices are also managed by Intune. (See [Manage tamper protection for your organization using Microsoft Intune](manage-tamper-protection-microsoft-endpoint-manager.md).)-- Devices are running Windows Defender platform `4.18.2111.*` or later. (See [Monthly platform and engine versions](manage-updates-baselines-microsoft-defender-antivirus.md#monthly-platform-and-engine-versions).) +- Tamper protection is deployed and managed by using Intune, and devices are managed by Intune. (See [Manage tamper protection for your organization using Microsoft Intune](manage-tamper-protection-microsoft-endpoint-manager.md).) +- Devices are running Windows Defender platform `4.18.2211.5` or later. (See [Monthly platform and engine versions](manage-updates-baselines-microsoft-defender-antivirus.md#monthly-platform-and-engine-versions).) - Functionality to protect exclusions is enabled on devices. (See [How to determine whether the functionality is enabled on a Windows device](#how-to-determine-whether-the-functionality-to-protect-exclusions-is-enabled-on-a-windows-device).) > [!TIP]
security	Whats New In Microsoft Defender Endpoint	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint.md	ms.pagetype: security ms.localizationpriority: medium Previously updated : 01/10/2023 Last updated : 02/27/2023 audience: ITPro For more information on Microsoft Defender for Endpoint on specific operating sy - [What's new in Defender for Endpoint on iOS](ios-whatsnew.md) - [What's new in Defender for Endpoint on Linux](linux-whatsnew.md) +## February 2023 +- [Mixed-licensing scenarios](defender-endpoint-plan-1-2.md#mixed-licensing-scenarios) are now in preview, enabling you to [Manage Microsoft Defender for Endpoint subscription settings across devices](defender-endpoint-subscription-settings.md). + +- The Microsoft Defender for Identity integration toggle is now removed from the MDE Settings > Advanced features page. Because Defender for Identity is now integrated with Microsoft 365 Defender, this toggle is no longer required. You don't need to manually configure integration between services. See [What's new - Microsoft Defender for Identity](/defender-for-identity/whats-new#defender-for-identity-release-2194). ++ ## January 2023 - [Tamper protection](prevent-changes-to-security-settings-with-tamper-protection.md) can now protect exclusions when deployed with Microsoft Intune. See [What about exclusions](prevent-changes-to-security-settings-with-tamper-protection.md#what-about-exclusions)? For more information on Microsoft Defender for Endpoint on specific operating sy - Microsoft Defender for Endpoint Device control removable storage access control updates: 1. Microsoft Intune support for removable storage access control is now available. See [Deploy Removable Storage Access Control by using Intune user interface](deploy-manage-removable-storage-intune.md#deploy-removable-storage-access-control-by-using-intune-user-interface) 2. The new default enforcement policy of removable storage access control is designed for all device control features. Printer Protection is now available for this policy. If you create a Default Deny policy, printers will be blocked in your organization. - - Intune:./Vendor/MSFT/Defender/Configuration/DefaultEnforcement <br> See [Deploy and manage Removable Storage Access Control using Intune](deploy-manage-removable-storage-intune.md) + - Intune: ./Vendor/MSFT/Defender/Configuration/DefaultEnforcement <br> See [Deploy and manage Removable Storage Access Control using Intune](deploy-manage-removable-storage-intune.md) - Group policy: Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Features > Device Control > Select Device Control Default Enforcement<br> See [Deploy and manage Removable Storage Access Control using group policy](deploy-manage-removable-storage-group-policy.md) - Microsoft Defender for Endpoint Device control New Printer Protection solution to manage printer is now available. For more information, see
security	Tvm Block Vuln Apps	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/tvm-block-vuln-apps.md	The block action is intended to block all installed vulnerable versions of t The warn action is intended to send a warning to your users when they open vulnerable versions of the application. Users can choose to bypass the warning and access the application for subsequent launches. -For both actions, you can customize the message the users will see. For example, you can encourage them to install the latest version. Additionally, you can provide a custom URL the users will navigate to when they select the notification. This can be used to provide additional details specific to the application management in your organization. +For both actions, you can customize the message the users will see. For example, you can encourage them to install the latest version. Additionally, you can provide a custom URL the users will navigate to when they select the notification. Note that the user must click the body of the toast notification in order to navigate to the custom URL. This can be used to provide additional details specific to the application management in your organization. > [!NOTE] > The block and warn actions are typically enforced within a couple of minutes but can take up to 3 hours.
security	Alert Grading Playbook Inbox Manipulation Rules	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/alert-grading-playbook-inbox-manipulation-rules.md	CloudAppEvents \| where Timestamp between (start_date .. end_date) \| where AccountObjectId == user_id \| where Application == @"Microsoft Exchange Online" -\| where ActionType in ("Set-Mailbox", "New-InboxRule", "Set-InboxRule") //set new inbox rule related operations +\| where ActionType in ("Set-Mailbox", "New-InboxRule", "Set-InboxRule", "UpdateInboxRules") //set new inbox rule related operations \| project Timestamp, ActionType, CountryCode, City, ISP, IPAddress, RuleConfig = RawEventData.Parameters, RawEventData ```
security	Microsoft 365 Defender Integration With Azure Sentinel	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-365-defender-integration-with-azure-sentinel.md	search.appverid: - MOE150 - MET150 Previously updated : 05/26/2021 Last updated : 02/22/2023 # Microsoft 365 Defender integration with Microsoft Sentinel Last updated 05/26/2021 Applies to: - Microsoft 365 Defender -The Microsoft 365 Defender connector for Microsoft Sentinel (preview) sends all Microsoft 365 Defender incidents and alerts information to Microsoft Sentinel and keeps the incidents synchronized. +The Microsoft 365 Defender connector for Microsoft Sentinel sends all Microsoft 365 Defender incidents and alerts information to Microsoft Sentinel and keeps the incidents synchronized. Once you add the connector, Microsoft 365 Defender incidents—which include all associated alerts, entities, and relevant information received from Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Office 365, and Microsoft Defender for Cloud Apps—are streamed to Microsoft Sentinel as security information and event management (SIEM) data, providing you with context to perform triage and incident response with Microsoft Sentinel.
security	Zero Trust With Microsoft 365 Defender	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/zero-trust-with-microsoft-365-defender.md	+ + Title: Zero Trust with Microsoft 365 Defender +description: Microsoft 365 Defender contributes to a strong Zero Trust strategy and architecture +keywords: Zero Trust, Microsoft 365 Defender, security architecture, security strategy, cyber security, enterprise security, devices, device, identity, users, data, applications, incidents, automated investigation and remediation, advanced hunting +search.product: eADQiWindows 10XVcnh +search.appverid: met150 ++ +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +f1.keywords: + - NOCSH ++ +ms.localizationpriority: medium + +audience: ITPro + + - m365-security + - tier1 +++ +adobe-target: true ++ +# Zero Trust with Microsoft 365 Defender ++ +Applies to: + +- Microsoft 365 Defender + +Microsoft 365 Defender contributes to a strong Zero Trust strategy and architecture by providing extended detection and response. Microsoft 365 Defender works together with other Microsoft extended detection and response (XDR) tools and can also be integrated with Microsoft Sentinel. ++ +In the illustration: Microsoft 365 Defender provides XDR capabilities for protecting: +- Endpoints, including laptops and mobile devices +- Data in Office 365, including email +- Cloud apps, including other SaaS apps that your organization uses +- On-premises Active Directory Domain Services (AD DS) and Active Directory Federated Services (AD FS) servers + +Microsoft 365 Defender helps you apply the principles of Zero Trust in the following ways: + +\| Zero Trust principle \| Met by \| +\| \| \| +\| Verify explicitly \| Microsoft 365 Defender provides extended detection and response across users, identities, devices, apps, and emails. \| +\| Use least privileged access \|If used with Azure Active Directory Identity Protection, Microsoft 365 Defender blocks users based on the level of risk posed by an identity. Azure AD Identity Protection is licensed separately from Microsoft 365 Defender. It is included with Azure Active Directory Premium P2. \| +\| Assume breach \| Microsoft 365 Defender continuously scans the environment for threats and vulnerabilities. It can implement automated remediation tasks, including automated investigations and isolating endpoints. \| ++ +To add Microsoft 365 Defender to your Zero Trust strategy and architecture, go to *[Evaluate and pilot Microsoft 365 Defender](eval-overview.md)* for a methodical guide to piloting and deploying Microsoft 365 Defender components. The following table summarizes what these topics include. + +\|Includes\|Prerequisites\|Doesn't include\| +\|\|\|\| +\|Set up the evaluation and pilot environment for all components: <ul><li>Defender for Identity</li><li>Defender for Office 365</li><li>Defender for Endpoint</li><li>Microsoft Defender for Cloud Apps</li></ul> <br> Protect against threats <br><br> Investigate and respond to threats\|See the guidance to read about the architecture requirements for each component of Microsoft 365 Defender.\| Azure AD Identity Protection is not included in this solution guide. It is included in [Step 1. Configure Zero Trust identity and device access protection](../microsoft-365-zero-trust.md#step-1-configure-zero-trust-identity-and-device-access-protection--starting-point-policies).\| ++ +To learn more about other Microsoft 365 capabilities that contribute to a strong Zero Trust strategy and architecture, see [Zero Trust deployment plan with Microsoft 365](../Microsoft-365-zero-trust.md). + +To learn more about Zero Trust and how to build an enterprise-scale strategy and architecture, see the [Zero Trust Guidance Center](/security/zero-trust).
security	Microsoft 365 Zero Trust	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/microsoft-365-zero-trust.md	+ + Title: "Zero Trust deployment plan with Microsoft 365" +f1.keywords: +- deploy zero trust +- zero trust strategy +++ +audience: Admin +description: Learn how to apply Zero Trust security principles with Microsoft 365 to defend against threats and protect sensitive data. ++ +ms.localizationpriority: medium +search.appverid: +- MET150 + +- m365solution-zerotrust +- m365solution-overview +- m365-security +- zerotrust-solution +- highpri +- tier1 Last updated : 1/31/2023++ +# Zero Trust deployment plan with Microsoft 365 + +This article provides a deployment plan for building Zero Trust security with Microsoft 365. Zero Trust is a new security model that assumes breach and verifies each request as though it originated from an uncontrolled network. Regardless of where the request originates or what resource it accesses, the Zero Trust model teaches us to "never trust, always verify." + +Use this article together with this poster. + +\| Item \| Description \| +\|:--\|:--\| +\|[![Illustration of the Microsoft 365 Zero Trust deployment plan.](../medi)</li></ul> + +## Zero Trust security architecture + +A Zero Trust approach extends throughout the entire digital estate and serves as an integrated security philosophy and end-to-end strategy. + +This illustration provides a representation of the primary elements that contribute to Zero Trust. ++ +In the illustration: + +- Security policy enforcement is at the center of a Zero Trust architecture. This includes Multi Factor authentication with conditional access that takes into account user account risk, device status, and other criteria and policies that you set. +- Identities, devices, data, apps, network, and other infrastructure components are all configured with appropriate security. Policies that are configured for each of these components are coordinated with your overall Zero Trust strategy. For example, device policies determine the criteria for healthy devices and conditional access policies require healthy devices for access to specific apps and data. +- Threat protection and intelligence monitors the environment, surfaces current risks, and takes automated action to remediate attacks. + +For more information about Zero Trust, see Microsoft's [_Zero Trust Guidance Center_](/security/zero-trust). + +<! +For more information about this architecture, including deployment objectives for your entire digital estate, see [Zero Trust Rapid Modernization Plan (RaMP)](/security/zero-trust/zero-trust-ramp-overview). +--> + +## Deploying Zero Trust for Microsoft 365 + +Microsoft 365 is built intentionally with many security and information protection capabilities to help you build Zero Trust into your environment. Many of the capabilities can be extended to protect access to other SaaS apps your organization uses and the data within these apps. + +This illustration represents the work of deploying Zero Trust capabilities. This work is broken into units of work that can be configured together, starting from the bottom and working to the top to ensure that prerequisite work is complete. ++ +In this illustration: + +- Zero Trust begins with a foundation of identity and device protection. +- Threat protection capabilities are built on top of this foundation to provide real-time monitoring and remediation of security threats. +- Information protection and governance provide sophisticated controls targeted at specific types of data to protect your most valuable information and to help you comply with compliance standards, including protecting personal information. ++ +This article assumes you have already configured cloud identity. If you need guidance for this objective, see [Deploy your identity infrastructure for Microsoft 365](/microsoft-365/enterprise/deploy-identity-solution-overview). + +## Step 1. Configure Zero Trust identity and device access protection ΓÇö starting-point policies + +The first step is to build your Zero Trust foundation by configuring identity and device access protection. ++ +Go to [_Zero Trust identity and device access protection_](office-365-security/microsoft-365-policies-configurations.md) for prescriptive guidance to accomplish this. This series of articles describes a set of identity and device access prerequisite configurations and a set of Azure Active Directory (Azure AD) Conditional Access, Microsoft Intune, and other policies to secure access to Microsoft 365 for enterprise cloud apps and services, other SaaS services, and on-premises applications published with Azure AD Application Proxy. + +\|Includes\|Prerequisites\|Doesn't include\| +\|\|\|\| +\|Recommended identity and device access policies for three levels of protection: <ul><li>Starting point</li><li>Enterprise (recommended)</li><li>Specialized</li></ul> <br> Additional recommendations for: <ul><li>External users (guests)</li><li>Microsoft Teams</li><li>SharePoint Online</li><li>Microsoft Defender for Cloud Apps</lu></ul>\|Microsoft E3 or E5 <br><br> Azure Active Directory in either of these modes: <ul><li>Cloud-only</li><li>Hybrid with password hash sync (PHS) authentication</li><li>Hybrid with pass-through authentication (PTA)</li><li>Federated</li></ul>\|Device enrollment for policies that require managed devices. See [Step 2. Manage endpoints with Intune](#step-2-manage-endpoints-with-intune) to enroll devices\| + +Start by implementing the starting-point tier. These policies do not require enrolling devices into management. ++ +## Step 2. Manage endpoints with Intune + +Next, enroll your devices into management and begin protecting these with more sophisticated controls. ++ +Go to [_Manage devices with Intune_](../solutions/manage-devices-with-intune-overview.md) for prescriptive guidance to accomplish this. + +\|Includes\|Prerequisites\|Doesn't include\| +\|\|\|\| +\|Enroll devices with Intune: <ul><li>Corporate-owned devices</li><li>Autopilot/automated</li><li>enrollment</li></ul> <br> Configure policies: <ul><li>App Protection policies</li><li>Compliance policies</li><li>Device profile policies</li></ul>\|Register endpoints with Azure AD\|Configuring information protection capabilities, including: <ul><li>Sensitive information types</li><li>Labels</li><li>DLP policies</li></ul> <br> For these capabilities, see [Step 5. Protect and govern sensitive data](#step-5-protect-and-govern-sensitive-data) (later in this article).\| + +## Step 3. Add Zero Trust identity and device access protection ΓÇö Enterprise policies + +With devices enrolled into management, you can now implement the full set of recommended Zero Trust identity and device access policies, requiring compliant devices. ++ +Return to [_Common identity and device access policies_](office-365-security/identity-access-policies.md) and add the policies in the Enterprise tier. ++ +## Step 4. Evaluate, pilot, and deploy Microsoft 365 Defender + +Microsoft 365 Defender is an extended detection and response (XDR) solution that automatically collects, correlates, and analyzes signal, threat, and alert data from across your Microsoft 365 environment, including endpoint, email, applications, and identities. ++ +Go to [_Evaluate and pilot Microsoft 365 Defender_](defender/eval-overview.md) for a methodical guide to piloting and deploying Microsoft 365 Defender components. + +\|Includes\|Prerequisites\|Doesn't include\| +\|\|\|\| +\|Set up the evaluation and pilot environment for all components: <ul><li>Defender for Identity</li><li>Defender for Office 365</li><li>Defender for Endpoint</li><li>Microsoft Defender for Cloud Apps</li></ul> <br> Protect against threats <br><br> Investigate and respond to threats\|See the guidance to read about the architecture requirements for each component of Microsoft 365 Defender.\| Azure AD Identity Protection is not included in this solution guide. It is included in [Step 1. Configure Zero Trust identity and device access protection](#step-1-configure-zero-trust-identity-and-device-access-protection--starting-point-policies).\| + +## Step 5. Protect and govern sensitive data + +Implement Microsoft Purview Information Protection to help you discover, classify, and protect sensitive information wherever it lives or travels. + +Microsoft Purview Information Protection capabilities are included with Microsoft Purview and give you the tools to know your data, protect your data, and prevent data loss. ++ +While this work is represented at the top of the deployment stack illustrated earlier in this article, you can begin this work anytime. + +Microsoft Purview Information Protection provides a framework, process, and capabilities you can use to accomplish your specific business objectives. + +![Microsoft Purview Information Protection](../media/zero-trust/mip-solution-overview.png) + +For more information on how to plan and deploy information protection, see [_Deploy a Microsoft Purview Information Protection solution_](../compliance/information-protection-solution.md). + +If you're deploying information protection for data privacy regulations, this solution guide provides a recommended framework for the entire process: [_Deploy information protection for data privacy regulations with Microsoft 365_](../solutions/information-protection-deploy.md).
security	Air About Office	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/air-about-office.md	During the root investigation phase, various aspects of the email are assessed. - Whether the email is associated with any known campaigns; - and more. -After the root investigation is complete, the playbook provides a list of recommended actions to take on the original email and entities associated with it. +After the root investigation is complete, the playbook provides a list of recommended actions to take on the original email and the _entities_ associated with it (for example, files, URLs, and recipients). Next, several threat investigation and hunting steps are executed:
security	Air About	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/air-about.md	An alert is triggered, and a security playbook starts an automated investigation 1. An automated investigation is initiated in one of the following ways: - Either [an alert is triggered](#which-alert-policies-trigger-automated-investigations) by something suspicious in email (such as a message, attachment, URL, or compromised user account). An incident is created, and an automated investigation begins; or - A security analyst [starts an automated investigation](air-about-office.md#example-a-security-administrator-triggers-an-investigation-from-threat-explorer) while using [Explorer](threat-explorer-about.md). -2. While an automated investigation runs, it gathers data about the email in question and entities related to that email. Such entities can include files, URLs, and recipients. The investigation's scope can increase as new and related alerts are triggered. +2. While an automated investigation runs, it gathers data about the email in question and _entities_ related to that email (for example, files, URLs, and recipients). The investigation's scope can increase as new and related alerts are triggered. 3. During and after an automated investigation, [details and results](air-view-investigation-results.md) are available to view. Results might include [recommended actions](air-remediation-actions.md) that can be taken to respond to and remediate any existing threats that were found.
security	Anti Spam Spam Vs Bulk About	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-spam-spam-vs-bulk-about.md	EmailEvents \| summarize count() by SenderMailFromAddress, BulkComplaintLevel ``` -This query allows admins to identify wanted and unwanted senders. If a bulk sender has a BCL score that doesn't meet the bulk threshold, admins can [submit the sender's messages to Microsoft for analysis](tenant-allow-block-list-email-spoof-configure.md#use-the-microsoft-365-defender-portal-to-create-allow-entries-for-domains-and-email-addresses-in-the-submissions-portal), which adds the sender as an allow entry to the Tenant Allow/Block List. +This query allows admins to identify wanted and unwanted senders. If a bulk sender has a BCL score that doesn't meet the bulk threshold, admins can [submit the sender's messages to Microsoft for analysis](tenant-allow-block-list-email-spoof-configure.md#use-the-microsoft-365-defender-portal-to-create-allow-entries-for-domains-and-email-addresses-on-the-submissions-page), which adds the sender as an allow entry in the Tenant Allow/Block List. Organizations without Defender for Office 365 Plan 2 can try the features in Microsoft 365 Defender for Office 365 Plan 2 for free. Use the 90-day Defender for Office 365 evaluation at <https://security.microsoft.com/atpEvaluation>. Learn about who can sign up and trial terms [here](try-microsoft-defender-for-office-365.md) or you can use the [Threat protection status report](reports-email-security.md#threat-protection-status-report) to identify wanted and unwanted bulk senders: Organizations without Defender for Office 365 Plan 2 can try the features in Mic 2. Filter for Bulk email, select an email to investigate and click on email entity to learn more about the sender. Email entity is available only for Defender for Office 365 Plan 2 customers. -3. Once you have identified wanted and unwanted senders, adjust the bulk threshold to your desired level. If there are bulk senders with BCL score that doesn't fit within your bulk threshold, [submit the messages to Microsoft for analysis](tenant-allow-block-list-email-spoof-configure.md#use-the-microsoft-365-defender-portal-to-create-allow-entries-for-domains-and-email-addresses-in-the-submissions-portal), which adds the sender as an allow entry to the Tenant Allow/Block List. +3. Once you have identified wanted and unwanted senders, adjust the bulk threshold to your desired level. If there are bulk senders with BCL score that doesn't fit within your bulk threshold, [submit the messages to Microsoft for analysis](tenant-allow-block-list-email-spoof-configure.md#use-the-microsoft-365-defender-portal-to-create-allow-entries-for-domains-and-email-addresses-on-the-submissions-page), which adds the sender as an allow entry in the Tenant Allow/Block List. Admins can follow the [recommended bulk threshold values](recommended-settings-for-eop-and-office365.md#anti-spam-anti-malware-and-anti-phishing-protection-in-eop) or choose a bulk threshold value that suits the needs of their organization.
security	Attack Simulation Training Faq	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulation-training-faq.md	If messages that users reported as phishing aren't captured in Attack simulation ### Users are assigned training after they report a simulated message -If users are assigned training after they report a phishing simulation message, check to see if your organization uses a reporting mailbox to receive user reported messages at <https://security.microsoft.com/securitysettings/userSubmission>. The reporting mailbox needs to be configured to skip many security checks as described in the [reporting mailbox prerequisites](submissions-user-reported-messages-files-custom-mailbox.md#configuration-requirements-for-the-reporting-mailbox). +If users are assigned training after they report a phishing simulation message, check to see if your organization uses a reporting mailbox to receive user reported messages at <https://security.microsoft.com/securitysettings/userSubmission>. The reporting mailbox needs to be configured to skip many security checks as described in the [reporting mailbox prerequisites](submissions-user-reported-messages-custom-mailbox.md#configuration-requirements-for-the-reporting-mailbox). If you don't configure the required exclusions for the custom reporting mailbox, these messages might be detonated by Safe Links or Safe Attachments protection, which will cause training assignments.
security	Attack Simulation Training Simulation Automations	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulation-training-simulation-automations.md	audience: ITPro ms.localizationpriority: medium-+ - m365-security - tier2 description: Admins can learn how to create automated simulations that contain specific techniques and payloads that launch when the specified conditions are met in Microsoft Defender for Office 365 Plan 2. This section contains some of the most common questions about Simulation automat ### Why is the Status value under Automation showing Completed, but the Status value under Simulation showing In progress? -Completed on the Simulation automation page means the job of simulation automation is complete, and no more simulations will be created by it. Simulation is a separate entity that will complete after 30 days of simulation launch time. +Completed on the Simulation automation page means the job of simulation automation is complete, and no more simulations will be created by it. Simulation is a separate entity that will complete after 30 days of simulation launch time. ### Why is the simulation end date 30 days after creation, even though I selected an automation end date of one week? A one week end date for the simulation automation means no new simulations will ### If we have multiple payload techniques (for example, Credential harvest, Link to Malware, and Drive by URL) targeting 300 users, how are the techniques sent to users? Do all payload techniques go to all users, or is the selection random? If you don't select the Target All Selected Users In Every Run option, all targeted users will be distributed over the maximum number of simulations that are created by the simulation automation. - + If you select Target All Selected Users In Every Run, all targeted users will be part of every simulation that's created by the simulation automation. ### How does the Randomize option on the Simulation schedule page work?
security	Connectors Remove Blocked	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/connectors-remove-blocked.md	Admins can remove connectors from the Restricted entities page in Microsoft 365 ## Learn more on restricted entities -A restricted entity is an entity that has been blocked from sending email because either it has been potentially compromised, or it has exceeded sending limit. +A restricted entity is an entity that has been blocked from sending email because either it has been potentially compromised, or it has exceeded a sending limit. -There are 2 types of restricted entities: +There are two types of restricted entities: -- Restricted user: For more information about why a user can be restricted and how to handle restricted users, see [Remove blocked users from the Restricted entities portal](removing-user-from-restricted-users-portal-after-spam.md). +- Restricted users: For more information about why a user can be restricted and how to handle restricted users, see [Remove blocked users from the Restricted entities portal](removing-user-from-restricted-users-portal-after-spam.md). -- Restricted connector: Learn about why a connector can be restricted and how to handle restricted connectors (this article). +- Restricted connectors: Learn about why a connector can be restricted and how to handle restricted connectors (this article). ## What do you need to know before you begin? There are 2 types of restricted entities: ## Use the Microsoft 365 Defender portal to remove a connector from the Restricted entities list -1. In the [Microsoft 365 Defender portal](https://security.microsoft.com), go to Email & collaboration \> Review \> Restricted entities. To go directly to the Restricted entities page, use <https://security.microsoft.com/restrictedentities>. +1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to Email & collaboration \> Review \> Restricted entities. To go directly to the Restricted entities page, use <https://security.microsoft.com/restrictedentities>. 2. On the Restricted entities page, find and select the connector that you want to unblock by clicking on the connector. The default alert policy named Suspicious connector activity will automatica > [!IMPORTANT] > For alerts to work, audit log search must to be turned on. For more information, see [Turn the audit log search on or off](../../compliance/turn-audit-log-search-on-or-off.md). -1. In the Microsoft 365 Defender portal, go to Email & collaboration \> Policies & rules \> Alert policy. +1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to Email & collaboration \> Policies & rules \> Alert policy. 2. On the Alert policy page, find and select the alert named Suspicious connector activity. You can sort the policies by name, or use the Search box to find the policy. The default alert policy named Suspicious connector activity will automatica ## Use Exchange Online PowerShell to view and remove connectors from the Restricted entities list -To view the list of connectors that are restricted from sending email, run the following command: +To view the list of connectors that are restricted from sending email, run the following command in [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell): ```powershell Get-BlockedConnector ``` -To view details about a specific connector, replace \<connectorId\> and run the following command: +To view details about a specific blocked connector, replace \<ConnectorID\> with the GUID value of the connector, and then run the following command: ```powershell -Get-BlockedConnector -ConnectorId <connectorId> +Get-BlockedConnector -ConnectorId <ConnectorID> \| Format-List ``` -To remove a connector from the Restricted entities list, replace \<connectorId\> and run the following command: +To remove a connector from the Restricted entities list, replace \<ConnectorID\> with the GUID value, and then run the following command: ```powershell -Remove-BlockedConnector -ConnectorId <connectorId> +Remove-BlockedConnector -ConnectorId <ConnectorID> ``` ## More information
security	Defender For Office 365 Whats New	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/defender-for-office-365-whats-new.md	For more information on what's new with other Microsoft Defender security produc ## October 2022 -- [Manage your allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md): +- [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md): - With allow expiry management (currently in private preview), if Microsoft hasn't learned from the allow, Microsoft will automatically extend the expiry time of allows, which are going to expire soon, by 30 days to prevent legitimate email from going to junk or quarantine again. - Customers in the government cloud environments will now be able to create allow and block entries for URLs and attachments in the Tenant Allow/Block List using the admin URL and email attachment submissions. The data submitted through the submissions experience won't leave the customer tenant, thus satisfying the data residency commitments for government cloud clients. - Enhancement in URL click alerts: For more information on what's new with other Microsoft Defender security produc ## June 2022 -- [Use the Microsoft 365 Defender portal to create allow entries for spoofed senders in the Submissions portal](tenant-allow-block-list-email-spoof-configure.md#use-the-microsoft-365-defender-portal-to-create-allow-entries-for-spoofed-senders-in-the-submissions-portal): Create allowed spoofed sender entries using the Tenant Allow/Block List. +- [Use the Microsoft 365 Defender portal to create allow entries for spoofed senders on the Submissions page](tenant-allow-block-list-email-spoof-configure.md#use-the-microsoft-365-defender-portal-to-create-allow-entries-for-spoofed-senders-on-the-submissions-page): Create allowed spoofed sender entries using the Tenant Allow/Block List. - [Impersonation allows using admin submission](tenant-allow-block-list-email-spoof-configure.md#about-impersonated-domains-or-senders): Add allows for impersonated senders using the Submissions page in Microsoft 365 Defender. For more information on what's new with other Microsoft Defender security produc ## August 2021 -- [Admin review for reported messages](admin-review-reported-message.md): Admins can now send templated messages back to end users after they review reported messages. The templates can be customized for your organization and based on your admin's verdict as well. +- [Admin review for reported messages](submissions-admin-review-user-reported-messages.md): Admins can now send templated messages back to end users after they review reported messages. The templates can be customized for your organization and based on your admin's verdict as well. - ou can now add allow entries to the Tenant Allow/Block List if the blocked message was submitted as part of the admin submission process. Depending on the nature of the block, the submitted URL, file, and/or sender allow will be added to the Tenant Allow/Block List. In most cases, the allows are added to give the system some time and allow it naturally if warranted. In some cases, Microsoft manages the allow for you. For more information, see: - - [Use the Microsoft 365 Defender portal to create allow entries for URLs in the Submissions portal](tenant-allow-block-list-urls-configure.md#use-the-microsoft-365-defender-portal-to-create-allow-entries-for-urls-in-the-submissions-portal) - - [Use the Microsoft 365 Defender portal to create allow entries for files in the Submissions portal](tenant-allow-block-list-files-configure.md#use-the-microsoft-365-defender-portal-to-create-allow-entries-for-files-in-the-submissions-portal) - - [Use the Microsoft 365 Defender portal to create allow entries for domains and email addresses in the Submissions portal](tenant-allow-block-list-email-spoof-configure.md#use-the-microsoft-365-defender-portal-to-create-allow-entries-for-domains-and-email-addresses-in-the-submissions-portal) + - [Use the Microsoft 365 Defender portal to create allow entries for URLs on the Submissions page](tenant-allow-block-list-urls-configure.md#use-the-microsoft-365-defender-portal-to-create-allow-entries-for-urls-on-the-submissions-page) + - [Use the Microsoft 365 Defender portal to create allow entries for files on the Submissions page](tenant-allow-block-list-files-configure.md#use-the-microsoft-365-defender-portal-to-create-allow-entries-for-files-on-the-submissions-page) + - [Use the Microsoft 365 Defender portal to create allow entries for domains and email addresses on the Submissions page](tenant-allow-block-list-email-spoof-configure.md#use-the-microsoft-365-defender-portal-to-create-allow-entries-for-domains-and-email-addresses-on-the-submissions-page) ## July 2021
security	Eop About	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/eop-about.md	For information about requirements, important limits, and feature availability a \|Directory Based Edge Blocking (DBEB)\|[Use Directory Based Edge Blocking to reject messages sent to invalid recipients](/exchange/mail-flow-best-practices/use-directory-based-edge-blocking)\| \|Quarantine and submissions\|\| \|Admin submission\|[Use Admin submission to submit suspected spam, phish, URLs, and files to Microsoft](submissions-admin.md)\| -\|User reported message settings\|[User reported message settings](submissions-user-reported-messages-files-custom-mailbox.md)\| +\|User reported message settings\|[User reported settings](submissions-user-reported-messages-custom-mailbox.md)\| \|Quarantine - admins\|[Manage quarantined messages and files as an admin in EOP](quarantine-admin-manage-messages-files.md) <p> [Quarantined messages FAQ](quarantine-faq.yml) <p> [Report messages and files to Microsoft](submissions-report-messages-files-to-microsoft.md) <p> [Anti-spam message headers in Microsoft 365](message-headers-eop-mdo.md) <p> You can analyze the message headers of quarantined messages using the [Message Header Analyzer at](https://mha.azurewebsites.net/).\| \|Quarantine - end-users\|[Find and release quarantined messages as a user in EOP](quarantine-end-user.md) <p> [Use quarantine notifications to release and report quarantined messages](quarantine-quarantine-notifications.md) <p> [Quarantine policies](quarantine-policies.md)\| \|Mail flow\|\|
security	Mdo Sec Ops Guide	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mdo-sec-ops-guide.md	Incident queue management and the responsible personas are described in the foll In Defender for Office 365, you manage false positives (good mail marked as bad) and false negatives (bad mail allowed) in the following locations: -- The [Submissions portal (admin submissions)](submissions-admin.md). +- The [Submissions page (admin submissions)](submissions-admin.md). - The [Tenant Allow/Block List](tenant-allow-block-list-about.md) - [Threat Explorer](threat-explorer-about.md) User reported messages and admin submissions of email messages are critical posi Organizations have multiple options for configuring user reported messages. Depending on the configuration, security teams might have more active involvement when users submit false positives or false negatives to Microsoft: -- User user reported messages are sent to Microsoft for analysis when the [user reported message settings](submissions-user-reported-messages-files-custom-mailbox.md) are configured with either of the following settings: +- User reported messages are sent to Microsoft for analysis when the [User reported settings](submissions-user-reported-messages-custom-mailbox.md) are configured with either of the following settings: - Send the reported messages to: Microsoft only. - Send the reported messages to: Microsoft and my reporting mailbox. For more information, see [Reporting an email in Defender for Office 365 - Micro Security team members can do submissions from multiple locations in the Microsoft 365 Defender portal at <https://security.microsoft.com>: -- [Admin submission](submissions-admin.md): Use the Submissions portal to submit suspected spam, phishing, URLs, and files to Microsoft. +- [Admin submission](submissions-admin.md): Use the Submissions page to submit suspected spam, phishing, URLs, and files to Microsoft. - Directly from Threat Explorer using one of the following message actions: - Report clean - Report phishing Security team members can do submissions from multiple locations in the Microsof For the short-term mitigation of false negatives, security teams can directly manage block entries for files, URLs, and domains or email addresses in the [Tenant Allow/Block List](tenant-allow-block-list-about.md). -For the short-term mitigation of false positives, security teams can't directly manage allow entries for domains and email addresses in the Tenant Allow/Block List. Instead, they need to use [admin submissions](submissions-admin.md) to report the email message as a false positive. For instructions, see [Use the Microsoft 365 Defender portal to create allow entries for domains and email addresses in the Submissions portal](tenant-allow-block-list-email-spoof-configure.md#use-the-microsoft-365-defender-portal-to-create-allow-entries-for-domains-and-email-addresses-in-the-submissions-portal). +For the short-term mitigation of false positives, security teams can't directly manage allow entries for domains and email addresses in the Tenant Allow/Block List. Instead, they need to use [admin submissions](submissions-admin.md) to report the email message as a false positive. For instructions, see [Use the Microsoft 365 Defender portal to create allow entries for domains and email addresses on the Submissions page](tenant-allow-block-list-email-spoof-configure.md#use-the-microsoft-365-defender-portal-to-create-allow-entries-for-domains-and-email-addresses-on-the-submissions-page). [Quarantine](quarantine-admin-manage-messages-files.md) in Defender for Office 365 holds potentially dangerous or unwanted messages and files. Security teams can view, release, and delete all types of quarantined messages for all users. This capability enables security teams to respond effectively when a false positive message or file is quarantined. If your organization uses a third-party reporting tool that allows users to inte - Simplified triage. - Reduced investigation and response time. -Designate the reporting mailbox where user reported messages are sent on the User reported page in the Microsoft 365 Defender portal at <https://security.microsoft.com/securitysettings/userSubmission>. For more information, see [user reported message settings](submissions-user-reported-messages-files-custom-mailbox.md). +Designate the reporting mailbox where user reported messages are sent on the User reported page in the Microsoft 365 Defender portal at <https://security.microsoft.com/securitysettings/userSubmission>. For more information, see [User reported settings](submissions-user-reported-messages-custom-mailbox.md). > [!NOTE] > > - The reporting mailbox must be an Exchange Online mailbox. > - The third-party reporting tool must include the original reported message as an uncompressed .EML or .MSG attachment in the message that's sent to the reporting mailbox (don't just forward the original message to the reporting mailbox). -> - The reporting mailbox requires specific prerequisites to allow potentially bad messages to be delivered without being filtered or altered. For more information, see [Configuration requirements for the reporting mailbox](submissions-user-reported-messages-files-custom-mailbox.md#configuration-requirements-for-the-reporting-mailbox). +> - The reporting mailbox requires specific prerequisites to allow potentially bad messages to be delivered without being filtered or altered. For more information, see [Configuration requirements for the reporting mailbox](submissions-user-reported-messages-custom-mailbox.md#configuration-requirements-for-the-reporting-mailbox). When a user reported message arrives in the reporting mailbox, Defender for Office 365 automatically generates the alert named Email reported by user as malware or phish. This alert launches an [AIR playbook](air-about-office.md#example-a-user-reported-phish-message-launches-an-investigation-playbook). The playbook performs a series of automated investigations steps: - Gather data about the specified email.-- Gather data about the threats and entities related to that email. Entities can include files, URLs, and recipients. +- Gather data about the threats and _entities_ related to that email (for example, files, URLs, and recipients). - Provide recommended actions for the SecOps team to take based on the investigation findings. Email reported by user as malware or phish alerts, automated investigations and their recommended actions are automatically correlated to incidents in Microsoft 365 Defender. This correlation further simplifies the triage and response process for security teams. If multiple users report the same or similar messages, all of the users and messages are correlated into the same incident.
security	Mdo Sec Ops Manage Incidents And Alerts	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mdo-sec-ops-manage-incidents-and-alerts.md	An [incident](/microsoft-365/security/defender/incidents-overview) in Microsoft Alerts are created when malicious or suspicious activity affects an entity (for example, email, users, or mailboxes). Alerts provide valuable insights about in-progress or completed attacks. However, an ongoing attack can affect multiple entities, which results in multiple alerts from different sources. Some built-in alerts will automatically trigger AIR playbooks. These playbooks do a series of investigation steps to look for other impacted entities or suspicious activity. -Watch this short video on how to manage Microsoft Defender for Office 365 alerts in Microsoft 365 Defender. +Watch this short video on how to manage Microsoft Defender for Office 365 alerts in Microsoft 365 Defender. > [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RWGrL2] Defender for Office 365 alerts, investigations, and their data are automatically correlated. When a relationship is determined, an incident is created by the system to give security teams visibility for the entire attack.
security	Migrate To Defender For Office 365 Onboard	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/migrate-to-defender-for-office-365-onboard.md	Spoof intelligence can rescue email from domains without proper email authentica - Message sources that have the highest number of messages. - Message sources that have the highest impact on your organization. -Spoof intelligence will eventually tune itself after you configure user reported message settings, so there is no need for perfection. +Spoof intelligence will eventually tune itself after you configure user reported settings, so there is no need for perfection. ## Step 4: Tune impersonation protection and mailbox intelligence
security	Migrate To Defender For Office 365 Setup	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/migrate-to-defender-for-office-365-setup.md	Last updated 1/31/2023 Welcome to Phase 2: Setup of your [migration to Microsoft Defender for Office 365](migrate-to-defender-for-office-365.md#the-migration-process)! This migration phase includes the following steps: 1. [Create distribution groups for pilot users](#step-1-create-distribution-groups-for-pilot-users) -2. [Configure user user reported message settings](#step-2-configure-user-reported-message-settings) +2. [Configure user reported message settings](#step-2-configure-user-reported-message-settings) 3. [Maintain or create the SCL=-1 mail flow rule](#step-3-maintain-or-create-the-scl-1-mail-flow-rule) 4. [Configure Enhanced Filtering for Connectors](#step-4-configure-enhanced-filtering-for-connectors) 5. [Create pilot protection policies](#step-5-create-pilot-protection-policies) When you're ready to begin testing, add these groups as exceptions to [the SCL=- The ability for users to report false positives or false negatives from Defender for Office 365 is an important part of the migration. -You can specify an Exchange Online mailbox to receive messages that users report as malicious or not malicious. For instructions, see [User reported message settings](submissions-user-reported-messages-files-custom-mailbox.md). This mailbox can receive copies of messages that your users submitted to Microsoft, or the mailbox can intercept messages without reporting them to Microsoft (you're security team can manually analyze and submit the messages themselves). However, the interception approach does not allow the service to automatically tune and learn. +You can specify an Exchange Online mailbox to receive messages that users report as malicious or not malicious. For instructions, see [User reported settings](submissions-user-reported-messages-custom-mailbox.md). This mailbox can receive copies of messages that your users submitted to Microsoft, or the mailbox can intercept messages without reporting them to Microsoft (you're security team can manually analyze and submit the messages themselves). However, the interception approach does not allow the service to automatically tune and learn. You should also confirm that all users in the pilot have a supported way to report messages that received an incorrect verdict from Defender for Office 365. These options include: - [The built-in Report button in Outlook on the web](submissions-outlook-report-messages.md#use-the-built-in-report-button-in-outlook-on-the-web) - [The Report Message and Report Phishing add-ins](submissions-outlook-report-messages.md#use-the-report-message-and-report-phishing-add-ins-in-outlook)-- Supported third party reporting tools as described [here](submissions-user-reported-messages-files-custom-mailbox.md#message-submission-format). +- Supported third party reporting tools as described [here](submissions-user-reported-messages-custom-mailbox.md#message-submission-format). Don't underestimate the importance of this step. Data from user reported messages will give you the feedback loop that you need to verify a good, consistent end-user experience before and after the migration. This feedback helps you to make informed policy configuration decisions, as well as provide data-backed reports to management that the migration went smoothly. By creating production policies, even if they aren't applied to all users, you c - Extremely low chance of false positives. - Similar behavior to anti-malware protection, which is always on and not affected by the SCL=-1 mail flow rule. -Create a Safe Attachments policy for your pilot users. - For the recommended settings, see [Recommended Safe Attachments policy settings](recommended-settings-for-eop-and-office365.md#safe-attachments-policy-settings). Note that the Standard and Strict recommendations are the same. To create the policy, see [Set up Safe Attachments policies](safe-attachments-policies-configure.md). Be sure to use the group MDOPilot\_SafeAttachments as the condition of the policy (who the policy applies to). > [!NOTE] For the recommended settings, see [Recommended Safe Attachments policy settings] > [!NOTE] > We do not support wrapping or rewriting already wrapped or rewritten links. If your current protection service already wraps or rewrites links in email messages, you need to turn off this feature for your pilot users. One way to ensure this doesn't happen is to exclude the URL domain of the other service in the Safe Links policy. -Create a Safe Links policy for your pilot users. Chances for false positives in Safe Links are also pretty low, but you should consider testing the feature on a smaller number of pilot users than Safe Attachments. Because the feature impacts the user experience, you should consider a plan to educate users. +Chances for false positives in Safe Links are also pretty low, but you should consider testing the feature on a smaller number of pilot users than Safe Attachments. Because the feature impacts the user experience, you should consider a plan to educate users. For the recommended settings, see [Recommended Safe Links policy settings](recommended-settings-for-eop-and-office365.md#safe-links-settings). Note that the Standard and Strict recommendations are the same. To create the policy, see [Set up Safe Links policies](safe-links-policies-configure.md). Be sure to use the group MDOPilot\_SafeLinks as the condition of the policy (who the policy applies to).
security	Quarantine About	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/quarantine-about.md	Both users and admins can work with quarantined messages: - Admins can report false positives to Microsoft from quarantine. For more information, see [Take action on quarantined email](quarantine-admin-manage-messages-files.md#take-action-on-quarantined-email) and [Take action on quarantined files](quarantine-admin-manage-messages-files.md#take-action-on-quarantined-files). -- Depending on the [user reported message settings](submissions-user-reported-messages-files-custom-mailbox.md) in the organization (specifically, the Let your organization report messages from quarantine setting), users can report false positives to Microsoft from quarantine. +- Depending on the [User reported settings](submissions-user-reported-messages-custom-mailbox.md) in the organization (specifically, the Let your organization report messages from quarantine setting), users can report false positives to Microsoft from quarantine. - How long quarantined messages are held in quarantine before they expire varies based on why the message was quarantined. The features that quarantine messages and their corresponding retention periods are described in the following table:
security	Recommended Settings For Eop And Office365	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365.md	In PowerShell, you use the [New-SafeLinksPolicy](/powershell/module/exchange/new \|Apply real-time URL scanning for suspicious links and links that point to files <br><br> _ScanUrls_\|Not selected <br><br> `$false`\|Selected <br><br> `$true`\|Selected <br><br> `$true`\|Selected <br><br> `$true`\|\| \|Wait for URL scanning to complete before delivering the message <br><br> _DeliverMessageAfterScan_\|Not selected <br><br> `$false`\|Selected <br><br> `$true`\|Selected <br><br> `$true`\|Selected <br><br> `$true`\|\| \|Do not rewrite URLs, do checks via Safe Links API only <br><br> _DisableURLRewrite_\|Not selected <br><br> `$false`\|Selected <br><br> `$true`\|Not selected <br><br> `$false`\|Not selected <br><br> `$false`\|\| -\|Do not rewrite the following URLs in email <br><br> _DoNotRewriteUrls_\|Blank <br><br> `$null`\|Blank <br><br> `$null`\|Blank <br><br> `$null`\|Blank <br><br> `$null`\|We have no specific recommendation for this setting. <br><br> Note: Entries in the "Do not rewrite the following URLs" list are not scanned or wrapped by Safe Links during mail flow. Use [allow URL entries in the Tenant Allow/Block List](tenant-allow-block-list-urls-configure.md#use-the-microsoft-365-defender-portal-to-create-allow-entries-for-urls-in-the-submissions-portal) so URLs are not scanned or wrapped by Safe Links during mail flow _and_ at time of click.\| +\|Do not rewrite the following URLs in email <br><br> _DoNotRewriteUrls_\|Blank <br><br> `$null`\|Blank <br><br> `$null`\|Blank <br><br> `$null`\|Blank <br><br> `$null`\|We have no specific recommendation for this setting. <br><br> Note: Entries in the "Do not rewrite the following URLs" list are not scanned or wrapped by Safe Links during mail flow. Use [allow URL entries in the Tenant Allow/Block List](tenant-allow-block-list-urls-configure.md#use-the-microsoft-365-defender-portal-to-create-allow-entries-for-urls-on-the-submissions-page) so URLs are not scanned or wrapped by Safe Links during mail flow _and_ at time of click.\| \|Teams\|\|\|\|\|The setting in this section affects time of click protection in Microsoft Teams.\| \|On: Safe Links checks a list of known, malicious links when users click links in Microsoft Teams. URLs are not rewritten. <br><br> _EnableSafeLinksForTeams_\|Not selected <br><br> `$false`\|Selected <br><br> `$true`\|Selected <br><br> `$true`\|Selected <br><br> `$true`\|\| \|Office 365 apps\|\|\|\|\|The setting in this section affects time of click protection in Office apps.\|
security	Removing User From Restricted Users Portal After Spam	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/removing-user-from-restricted-users-portal-after-spam.md	Title: Remove blocked users from the Restricted users portal +f1.keywords: - NOCSH audience: ITPro +f1_keywords: - 'ms.exch.eac.ActionCenter.Restricted.Users.RestrictedUsers' ms.localizationpriority: high +search.appverid: - MET150 ms.assetid: 712cfcc1-31e8-4e51-8561-b64258a8f1e5-+ - m365-security - tier2 description: Admins can learn how to remove users from the Restricted users page in the Microsoft 365 Defender portal. Users are added to the Restricted users portal for sending outbound spam, typically as a result of account compromise.-+ - seo-marvel-apr2020 Admins can remove users from the Restricted users page in the Microsoft 365 ## Learn more on Restricted entities -A restricted entity is an entity that has been blocked from sending email because either it has been potentially compromised, or it has exceeded sending limit. +A restricted entity is an entity that has been blocked from sending email because either it has been potentially compromised, or it has exceeded a sending limit. -There are 2 types of restricted entities: +There are two types of restricted entities: -- Restricted user: Learn about why a user can be restricted and how to handle restricted users (this article). +- Restricted user: Learn about why a user can be restricted and how to handle restricted users (this article). -- Restricted connector: For more information about why a connector can be restricted and how to handle restricted connectors, see [Remove blocked connectors from the Restricted entities portal](connectors-remove-blocked.md). +- Restricted connector: For more information about why a connector can be restricted and how to handle restricted connectors, see [Remove blocked connectors from the Restricted entities portal](connectors-remove-blocked.md). ## What do you need to know before you begin?
security	Reports Email Security	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/reports-email-security.md	The Exchange Online Protection (EOP) and Microsoft Defender for Office 365 repor The Compromised users report shows the number of user accounts that were marked as Suspicious or Restricted within the last 7 days. Accounts in either of these states are problematic or even compromised. With frequent use, you can use the report to spot spikes, and even trends, in suspicious or restricted accounts. For more information about compromised users, see [Responding to a compromised email account](responding-to-a-compromised-email-account.md). The aggregate view shows data for the last 90 days and the detail view shows data for the last 30 days. When you're finished configuring the filters, click Apply, Cancel, or ![ On the Compromised users page, the ![Create schedule icon.](../../media/m365-cc-sc-create-icon.png) [Create schedule](#schedule-report), ![Request report icon.](../../media/m365-cc-sc-download-icon.png) [Request report](#request-report), and ![Export icon.](../../media/m365-cc-sc-download-icon.png) [Export](#export-report) buttons are available. ## Exchange transport rule report The Exchange transport rule report shows the effect of mail flow rules (also To view the report in the Microsoft 365 Defender portal, go to Reports \> Email & collaboration \> Email & collaboration reports. On the Email & collaboration reports page, find Exchange transport rule and then click View details. To go directly to the report, open <https://security.microsoft.com/reports/ETRRuleReport>. On the Exchange transport rule report page, the available charts and data are described in the following sections. > [!NOTE] On the Exchange transport rule report page, the available charts and data ar ### Chart breakdown by Direction If you select Chart breakdown by Direction, the follow charts are available: On the Exchange transport rule report page, the ![Create schedule icon.](../ ### Chart breakdown by Severity If you select Chart breakdown by Severity, the follow charts are available: The Mailflow status report is a smart report that shows information about in To view the report in the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to Reports \> Email & collaboration \> Email & collaboration reports. On the Email & collaboration reports page, find Mailflow status summary and then click View details. To go directly to the report, open <https://security.microsoft.com/reports/mailflowStatusReport>. ### Type view for the Mailflow status report On the Mailflow status report page, the Type tab is selected by default. The chart shows the following information for the specified date range: On the Mailflow status report page, the ![Create schedule icon.](../../media ### Direction view for the Mailflow status report If you click the Direction tab, the chart shows the following information for the specified date range: On the Mailflow status report page, the ![Create schedule icon.](../../media The Mailflow view shows you how Microsoft's email threat protection features filter incoming and outgoing email in your organization. This view uses a horizontal flow diagram (known as a _Sankey_ diagram) to provide details on the total email count, and how the configured threat protection features, including edge protection, anti-malware, anti-phishing, anti-spam, and anti-spoofing affect this count. The aggregate view and details table view allow for 90 days of filtering. If you hover over a horizontal band in the diagram, you'll see the number of rel <sup>\</sup> If you click on this element, the diagram is expanded to show further details. For a description of each element in the expanded nodes, see [Detection technologies](/office/office-365-management-api/office-365-management-activity-api-schema#detection-technologies). The details table below the diagram shows the following information: When you're finished configuring the filters, click Apply, Cancel, or ![ Back on the Mailflow status report* page, you can click Show trends to see trend graphs in the Mailflow trends flyout that appears. On the Mailflow status report page, the ![Export icon.](../../media/m365-cc-sc-download-icon.png) Export button is available. On the Mailflow status report page, the ![Export icon.](../../media/m365-cc- The Mail latency report in Defender for Office 365 contains information on the mail delivery and detonation latency experienced within your organization. For more information, see [Mail latency report](reports-defender-for-office-365.md#mail-latency-report). +## Post-delivery activities report + +> [!NOTE] +> This report is in the process of being rolled out. Worldwide availability is expected by the end of March 2023. + +The Post-delivery activities report shows information about email messages that removed from user mailboxes after delivery by zero-hour auto purge (ZAP). For more information about ZAP, see [Zero-hour auto purge (ZAP) in Exchange Online](zero-hour-auto-purge.md). + +The report shows real-time information, with updated threat information. + +To view the report in the Microsoft 365 Defender portal, go to Reports \> Email & collaboration \> Email & collaboration reports. On the Email & collaboration reports page, find ZAP report and then click View details. To go directly to the report, open <https://security.microsoft.com/reports/ZapReport>. ++ +On the Post-delivery activities page, the chart shows the following information for the specified date range: + +- No threat: The number of unique delivered messages that were found to be not spam by ZAP. +- Spam: The number of unique messages that were removed from mailboxes by ZAP for spam. +- Phishing: The number of unique messages that were removed from mailboxes by ZAP for phishing. +- Malware: The number of unique messages that were removed from mailboxes by ZAP for phishing. + +The details table below the graph shows the following information: + +- Subject +- Received time +- Sender +- Recipient +- ZAP time +- Original threat +- Original location +- Updated threat +- Updated delivery location +- Detection technology + +You can filter both the chart and the details table by clicking Filter and selecting one or more of the following values in the flyout that appears: + +- Date (UTC): Start date and End date. +- Verdict: + - No threat + - Spam + - Phishing + - Malware + +When you're finished configuring the filters, click Apply, Cancel, or ![Clear filters icon.](../../media/m365-cc-sc-clear-filters-icon.png) Clear filters. + +On the Post delivery activities page, the ![Create schedule icon.](../../media/m365-cc-sc-create-icon.png) [Create schedule](#schedule-report) and ![Export icon.](../../media/m365-cc-sc-download-icon.png) [Export](#export-report) buttons are available. ++ ## Spam detections report > [!NOTE] The aggregate and detail views of the report allows for 90 days of filtering. To view the report in the Microsoft 365 Defender portal, go to Reports \> Email & collaboration \> Email & collaboration reports. On the Email & collaboration reports page, find Spoof detections and then click View details. To go directly to the report, open <https://security.microsoft.com/reports/SpoofMailReport>. The chart shows the following information: You can filter both the chart and the details table by clicking Filter and s - Other - Spoof type: Internal and External The details table below the graph shows the following information: The Submissions report shows information about items that admins have report To view the report in the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to Reports \> Email & collaboration \> Email & collaboration reports. On the Email & collaboration reports page, find Submissions and then click View details. To go directly to the report, open <https://security.microsoft.com/adminSubmissionReport>. To go to [admin submissions in the Microsoft 365 Defender portal](submissions-admin.md), click Go to Submissions. Admins will be able to view the report for last 30 days. The chart shows the following information: The details table below the graph shows the same information and has the same On the Submissions page, the [Export](#export-report) button is available. ## Threat protection status report To view the report in the Microsoft 365 Defender portal, go to Reports \> - Defender for Office 365: <https://security.microsoft.com/reports/TPSAggregateReportATP> - EOP: <https://security.microsoft.com/reports/TPSAggregateReport> By default, the chart shows data for the past 7 days. If you click Filter on the Threat protection status report page, you can select a 90 day date range (trial subscriptions might be limited to 30 days). The details table allows filtering for 30 days. The available views are described in the following sections. ### View data by Overview In the View data by Overview view, the following detection information is shown in the chart: When you're finished configuring the filters, click Apply, Cancel, or ![ ### View data by Email \> Phish and Chart breakdown by Detection Technology > [!NOTE] > Starting in May 2021, phishing detections in email were updated to include message attachments that contain phishing URLs. This change might shift some of the detection volume out of the View data by Email \> Malware view and into the View data by Email \> Phish view. In other words, message attachments with phishing URLs that were traditionally identified as malware now might be identified as phishing instead. On the Threat protection status page, the ![Create schedule icon.](../../med ### View data by Email \> Spam and Chart breakdown by Detection Technology In the View data by Email \> Spam and Chart breakdown by Detection Technology view, the following information is shown in the chart: On the Threat protection status page, the ![Create schedule icon.](../../med ### View data by Email \> Malware and Chart breakdown by Detection Technology > [!NOTE] > Starting in May 2021, malware detections in email were updated to include harmful URLs in messages attachments. This change might shift some of the detection volume out of the View data by Email \> Phish view and into the View data by Email \> Malware view. In other words, harmful URLs in message attachments that were traditionally identified as phishing now might be identified as malware instead. On theThreat protection status page, the ![Create schedule icon.](../../medi ### Chart breakdown by Policy type In the View data by Email \> Phish, View data by Email \> Spam, or View data by Email \> Malware views, selecting Chart breakdown by Policy type shows the following information in the chart: On the Threat protection status page, the ![Create schedule icon.](../../med ### Chart breakdown by Delivery status In the View data by Email \> Phish, View data by Email \> Spam, or View data by Email \> Malware views, selecting Chart breakdown by Delivery status shows the following information in the chart: On the Threat protection status page, the ![Create schedule icon.](../../med ### View data by Content \> Malware In the View data by Content \> Malware view, the following information is shown in the chart for Microsoft Defender for Office 365 organizations: On the Threat protection status page, the ![Create schedule icon.](../../med ### View data by System override and Chart breakdown by Reason In the View data by System override and Chart breakdown by Reason view, the following override reason information is shown in the chart: On the Threat protection status page, the ![Export icon.](../../media/m365-c ### View data by System override and Chart breakdown by Delivery location In the View data by System override and Chart breakdown by Delivery location view, the following override reason information is shown in the chart: The Top malware report shows the various kinds of malware that was detected To view the report in the Microsoft 365 Defender portal, go to Reports \> Email & collaboration \> Email & collaboration reports. On the Email & collaboration reports page, find Top malware and then click View details. To go directly to the report, open <https://security.microsoft.com/reports/TopMalware>. When you hover over a wedge in the pie chart, you can see the name of a kind of malware and how many messages were detected as having that malware. If you click Filter, you can specify a date range with Start date and On the Top malware page, the ![Create schedule icon.](../../media/m365-cc-sc-create-icon.png) [Create schedule](#schedule-report) and ![Export icon.](../../media/m365-cc-sc-download-icon.png) [Export](#export-report) buttons are available. ## Top senders and recipients report To view the report in the Microsoft 365 Defender portal at <https://security.mic - Defender for Office 365: <https://security.microsoft.com/reports/TopSenderRecipientsATP> - EOP: <https://security.microsoft.com/reports/TopSenderRecipient> When you hover over a wedge in the pie chart, you can see the number of messages for the sender or recipient. When you're finished configuring the filters, click Apply, Cancel, or ![ On the Top senders and recipients page, the ![Export icon.](../../media/m365-cc-sc-download-icon.png) Export button is available. ## URL protection report The User reported messages report shows information about email messages tha To view the report in the Microsoft 365 Defender portal, go to Reports \> Email & collaboration \> Email & collaboration reports. On the Email & collaboration reports page, find User reported messages and then click View details. To go directly to the report, open <https://security.microsoft.com/reports/userSubmissionReport>. To go to [admin submissions in the Microsoft 365 Defender portal](submissions-admin.md), click Go to Submissions. You can filter both the chart and the details table by clicking Filter and selecting one or more of the following values in the flyout that appears: To group the entries, click Group and select one of the following values fro - Rescan result - Phish simulation** The details table below the graph shows the following information:
security	Safe Links About	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/safe-links-about.md	Examples of the values that you can enter and their results are described in the ## "Do not rewrite the following URLs" lists in Safe Links policies > [!NOTE] -> Entries in the "Do not rewrite the following URLs" list are not scanned or wrapped by Safe Links during mail flow but might still be blocked at time of click. Use [allow URL entries in the Tenant Allow/Block List](tenant-allow-block-list-urls-configure.md#use-the-microsoft-365-defender-portal-to-create-allow-entries-for-urls-in-the-submissions-portal) to override the Safe Links URL verdict. +> Entries in the "Do not rewrite the following URLs" list are not scanned or wrapped by Safe Links during mail flow but might still be blocked at time of click. Use [allow URL entries in the Tenant Allow/Block List](tenant-allow-block-list-urls-configure.md#use-the-microsoft-365-defender-portal-to-create-allow-entries-for-urls-on-the-submissions-page) to override the Safe Links URL verdict. Each Safe Links policy contains a Do not rewrite the following URLs list that you can use to specify URLs that are not rewritten by Safe Links scanning. In other words, the list allows users who are included in the policy to access the specified URLs that would otherwise be blocked by Safe Links. You can configure different lists in different Safe Links policies. Policy processing stops after the first (likely, the highest priority) policy is applied to the user. So, only one Do not rewrite the following URLs list is applied to a user who is included in multiple active Safe Links policies.
security	Safe Links Policies Configure	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/safe-links-policies-configure.md	Creating a custom Safe Links policy in the Microsoft 365 Defender portal creates - Do not rewrite the following URLs in email section: Click Manage (nn) URLs to allow access to specific URLs that would otherwise be blocked by Safe Links. > [!NOTE] - > Entries in the "Do not rewrite the following URLs" list are not scanned or wrapped by Safe Links during mail flow. Use [URL allow entries in the Tenant Allow/Block List](tenant-allow-block-list-urls-configure.md#use-the-microsoft-365-defender-portal-to-create-allow-entries-for-urls-in-the-submissions-portal) to override the Safe Links URL verdict. + > Entries in the "Do not rewrite the following URLs" list are not scanned or wrapped by Safe Links during mail flow. Use [URL allow entries in the Tenant Allow/Block List](tenant-allow-block-list-urls-configure.md#use-the-microsoft-365-defender-portal-to-create-allow-entries-for-urls-on-the-submissions-page) to override the Safe Links URL verdict. 1. In the Manage URLs to not rewrite flyout that appears, click ![Add URLs icon.](../../media/m365-cc-sc-create-icon.png) Add URLs. 2. In the Add URLs flyout that appears, type the URL or value that you want, select the entry that appears below the box, and then click Save. Repeat this step as many times as necessary.
security	Scc Permissions	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/scc-permissions.md	- seo-marvel-apr2020 Previously updated : 12/05/2022 Last updated : 02/27/2023 # Roles and role groups in Microsoft Defender for Office 365 and Microsoft Purview compliance The table in this section lists the default role groups that are available in th Managing permissions in Defender for Office 365 or Purview compliance gives users access to security and compliance features that are available within their respective portals. To grant permissions to other features, such as Exchange mail flow rules (also known as transport rules), you need to grant permissions in Exchange Online. For more information, see [Permissions in Exchange Online](/exchange/permissions-exo/permissions-exo). > [!NOTE] -> To view the Permissions tab as described in this article, you need to be an admin. Specifically, you need to be assigned the Role Management role, and that role is assigned only to the Organization Management role group by default. Furthermore, the Role Management role allows users to view, create, and modify role groups. +> To view the Permissions tab as described in this article, you need to be an admin. Specifically, you need to be assigned the Role Management role, and that role is assigned only to the Organization Management role group by default. The Role Management role also allows you to view, create, and modify role groups. \|Role group\|Description\|Default roles assigned\| \|\|\|\| -\|Attack Simulation Administrators\|Don't use this role group in these portals. Use the corresponding role in Azure AD.\|Attack Simulator Admin\| +\|Attack Simulator Administrators\|Don't use this role group in these portals. Use the corresponding role in Azure AD.\|Attack Simulator Admin\| \|Attack Simulator Payload Authors\|Don't use this role group in these portals. Use the corresponding role in Azure AD.\|Attack Simulator Payload Author\| -\|Communication Compliance\|Provides permission to all the communication compliance roles: administrator, analyst, investigator, and viewer.\|Case Management <br/><br/> Communication Compliance Admin <br/><br/> Communication Compliance Analysis <br/><br/> Communication Compliance Case Management <br/><br/> Communication Compliance Investigation <br/><br/> Communication Compliance Viewer <br/><br/> Data Classification Feedback Provider <br/><br/> Data Connector Admin <br/><br/> View-Only Case\| -\|Communication Compliance Administrators\|Administrators of communication compliance that can create/edit policies and define global settings.\|Communication Compliance Admin <br/><br/> Communication Compliance Case Management <br/><br/> Data Connector Admin\| +\|Communication Compliance\|Provides permission to all the communication compliance roles: administrator, analyst, investigator, and viewer.\|Case Management <br/><br/> Communication Compliance Admin <br/><br/> Communication Compliance Analysis <br/><br/> Communication Compliance Case Management <br/><br/> Communication Compliance Investigation <br/><br/> Communication Compliance Viewer <br/><br/> Data Classification Feedback Provider <br/><br/> Data Connector Admin <br/><br/> Scope Manager <br/><br/> View-Only Case\| +\|Communication Compliance Administrators\|Administrators of communication compliance that can create/edit policies and define global settings.\|Communication Compliance Admin <br/><br/> Communication Compliance Case Management <br/><br/> Data Connector Admin <br/><br/> Scope Manager\| \|Communication Compliance Analysts\|Analysts of communication compliance that can investigate policy matches, view message meta data, and take remediation actions.\|Communication Compliance Analysis <br/><br/> Communication Compliance Case Management\| \|Communication Compliance Investigators\|Analysts of communication compliance that can investigate policy matches, view message content, and take remediation actions.\|Case Management <br/><br/> Communication Compliance Analysis <br/><br/> Communication Compliance Case Management <br/><br/> Communication Compliance Investigation <br/><br/> Data Classification Feedback Provider <br/><br/> View-Only Case\| \|Communication Compliance Viewers\|Viewer of communication compliance that can access the available reports and widgets.\|Communication Compliance Case Management <br/><br/> Communication Compliance Viewer\| -\|Compliance Administrator<sup>1</sup>\|Members can manage settings for device management, data loss prevention, reports, and preservation.\|Case Management <br/><br/> Communication Compliance Admin <br/><br/> Communication Compliance Case Management <br/><br/> Compliance Administrator <br/><br/> Compliance Search <br/><br/> Data Classification Feedback Provider <br/><br/> Data Classification Feedback Reviewer <br/><br/> Data Connector Admin <br/><br/> Data Investigation Management <br/><br/> Device Management <br/><br/> Disposition Management <br/><br/> DLP Compliance Management <br/><br/> Hold <br/><br/> IB Compliance Management <br/><br/> Information Protection Admin <br/><br/> Information Protection Analyst <br/><br/> Information Protection Investigator <br/><br/> Information Protection Reader <br/><br/> Insider Risk Management Admin <br/><br/> Manage Alerts <br/><br/> Organization Configuration <br/><br/> RecordManagement <br/><br/> Retention Management <br/><br/> View-Only Audit Logs <br/><br/> View-Only Case <br/><br/> View-Only Device Management <br/><br/> View-Only DLP Compliance Management <br/><br/> View-Only IB Compliance Management <br/><br/> View-Only Manage Alerts <br/><br/> View-Only Recipients <br/><br/> View-Only Record Management <br/><br/> View-Only Retention Management\| -\|Compliance Data Administrator\|Members can manage settings for device management, data protection, data loss prevention, reports, and preservation.\|Compliance Administrator <br/><br/> Compliance Search <br/><br/> Data Connector Admin <br/><br/> Device Management <br/><br/> Disposition Management <br/><br/> DLP Compliance Management <br/><br/> IB Compliance Management <br/><br/> Information Protection Admin <br/><br/> Information Protection Analyst <br/><br/> Information Protection Investigator <br/><br/> Information Protection Reader <br/><br/> Manage Alerts <br/><br/> Organization Configuration <br/><br/> RecordManagement <br/><br/> Retention Management <br/><br/> Sensitivity Label Administrator <br/><br/> View-Only Audit Logs <br/><br/> View-Only Device Management <br/><br/> View-Only DLP Compliance Management <br/><br/> View-Only IB Compliance Management <br/><br/> View-Only Manage Alerts <br/><br/> View-Only Recipients <br/><br/> View-Only Record Management <br/><br/> View-Only Retention Management\| +\|Compliance Administrator<sup>1</sup>\|Members can manage settings for device management, data loss prevention, reports, and preservation.\|Case Management <br/><br/> Communication Compliance Admin <br/><br/> Communication Compliance Case Management <br/><br/> Compliance Administrator <br/><br/> Compliance Manager Administrator <br/><br/> Compliance Search <br/><br/> Data Classification Feedback Provider <br/><br/> Data Classification Feedback Reviewer <br/><br/> Data Connector Admin <br/><br/> Data Investigation Management <br/><br/> Device Management <br/><br/> Disposition Management <br/><br/> DLP Compliance Management <br/><br/> Hold <br/><br/> IB Compliance Management <br/><br/> Information Protection Admin <br/><br/> Information Protection Analyst <br/><br/> Information Protection Reader <br/><br/> Insider Risk Management Admin <br/><br/> Manage Alerts <br/><br/> Organization Configuration <br/><br/> RecordManagement <br/><br/> Retention Management <br/><br/> Scope Manager <br/><br/> View-Only Audit Logs <br/><br/> View-Only Case <br/><br/> View-Only Device Management <br/><br/> View-Only DLP Compliance Management <br/><br/> View-Only IB Compliance Management <br/><br/> View-Only Manage Alerts <br/><br/> View-Only Recipients <br/><br/> View-Only Record Management <br/><br/> View-Only Retention Management\| +\|Compliance Data Administrator\|Members can manage settings for device management, data protection, data loss prevention, reports, and preservation.\|Compliance Administrator <br/><br/> Compliance Manager Administrator <br/><br/> Compliance Search <br/><br/> Device Management <br/><br/> Disposition Management <br/><br/> DLP Compliance Management <br/><br/> IB Compliance Management <br/><br/> Information Protection Admin <br/><br/> Information Protection Analyst <br/><br/> Information Protection Reader <br/><br/> Manage Alerts <br/><br/> Organization Configuration <br/><br/> RecordManagement <br/><br/> Retention Management <br/><br/> Scope Manager <br/><br/> Sensitivity Label Administrator <br/><br/> View-Only Audit Logs <br/><br/> View-Only Device Management <br/><br/> View-Only DLP Compliance Management <br/><br/> View-Only IB Compliance Management <br/><br/> View-Only Manage Alerts <br/><br/> View-Only Recipients <br/><br/> View-Only Record Management <br/><br/> View-Only Retention Management\| \|Compliance Manager Administrators\|Manage template creation and modification.\|Compliance Manager Administration <br/><br/> Compliance Manager Assessment <br/><br/> Compliance Manager Contribution <br/><br/> Compliance Manager Reader <br/><br/> Data Connector Admin\| \|Compliance Manager Assessors\|Create assessments, implement improvement actions, and update test status for improvement actions.\|Compliance Manager Assessment <br/><br/> Compliance Manager Contribution <br/><br/> Compliance Manager Reader <br/><br/> Data Connector Admin\| \|Compliance Manager Contributors\|Create assessments and perform work to implement improvement actions.\|Compliance Manager Contribution <br/><br/> Compliance Manager Reader <br/><br/> Data Connector Admin\| Managing permissions in Defender for Office 365 or Purview compliance gives user \|Content Explorer Content Viewer\|View the contents files in Content explorer.\|Data Classification Content Viewer\| \|Content Explorer List Viewer\|View all items in Content explorer in list format only.\|Data Classification List Viewer\| \|Data Investigator\|Perform searches on mailboxes, SharePoint Online sites, and OneDrive for Business locations.\|Communication <br/><br/> Compliance Search <br/><br/> Custodian <br/><br/> Data Investigation Management <br/><br/> Export <br/><br/> Preview <br/><br/> Review <br/><br/> RMS Decrypt <br/><br/> Search And Purge\| -\|eDiscovery Manager\|Members can perform searches and place holds on mailboxes, SharePoint Online sites, and OneDrive for Business locations. Members can also create and manage eDiscovery cases, add and remove members to a case, create and edit Content Searches associated with a case, and access case data in eDiscovery (Premium). <br/><br/> An eDiscovery Administrator is a member of the eDiscovery Manager role group who has been assigned additional permissions. In addition to the tasks that an eDiscovery Manager can perform, an eDiscovery Administrator can:<ul><li>View all eDiscovery cases in the organization.</li><li>Manage any eDiscovery case after they add themselves as a member of the case.</li></ul> <br/><br/> The primary difference between an eDiscovery Manager and an eDiscovery Administrator is that an eDiscovery Administrator can access all cases that are listed on the eDiscovery cases page in the compliance portal. An eDiscovery manager can only access the cases they created or cases they are a member of. For more information about making a user an eDiscovery Administrator, see [Assign eDiscovery permissions in the compliance portal](../../compliance/assign-ediscovery-permissions.md).\|Case Management <br/><br/> Communication <br/><br/> Compliance Search <br/><br/> Custodian <br/><br/> Export <br/><br/> Hold <br/><br/> Preview <br/><br/> Review <br/><br/> RMS Decrypt\| -\|Global Reader\|Members have read-only access to reports, alerts, and can see all the configuration and settings. <br/><br/> The primary difference between Global Reader and Security Reader is that a Global Reader can access configuration and settings.\|Security Reader <br/><br/> Sensitivity Label Reader <br/><br/> Service Assurance View <br/><br/> View-Only Audit Logs <br/><br/> View-Only Device Management <br/><br/> View-Only DLP Compliance Management <br/><br/> View-Only IB Compliance Management <br/><br/> View-Only Manage Alerts <br/><br/> View-Only Recipients <br/><br/> View-Only Record Management <br/><br/> View-Only Retention Management\| -\|Information Protection\|Full control over all information protection features, including sensitivity labels and their policies, DLP, all classifier types, activity and content explorers, and all related reports.\|Data Classification Content Viewer <br/><br/> Information Protection Admin <br/><br/> Information Protection Analyst <br/><br/> Information Protection Investigator <br/><br/> Information Protection Reader\| -\|Information Protection Admins\|Create, edit, and delete DLP policies, sensitivity labels and their policies, and all classifier types. Manage endpoint DLP settings and simulation mode for auto-labeling policies.\|Information Protection Admin\| -\|Information Protection Analysts\|Access and manage DLP alerts and activity explorer. View-only access to DLP policies, sensitivity labels and their policies, and all classifier types.\|Data Classification List Viewer <br/><br/> Information Protection Analyst\| -\|Information Protection Investigators\|Access and manage DLP alerts, activity explorer, and content explorer. View-only access to DLP policies, sensitivity labels and their policies, and all classifier types.\|Data Classification Content Viewer <br/><br/> Information Protection Analyst <br/><br/> Information Protection Investigator\| +\|eDiscovery Manager\|Members can perform searches and place holds on mailboxes, SharePoint Online sites, and OneDrive for Business locations. Members can also create and manage eDiscovery cases, add and remove members to a case, create and edit Content Searches associated with a case, and access case data in eDiscovery (Premium). <br/><br/> An eDiscovery Administrator is a member of the eDiscovery Manager role group who has been assigned additional permissions. In addition to the tasks that an eDiscovery Manager can perform, an eDiscovery Administrator can:<ul><li>View all eDiscovery cases in the organization.</li><li>Manage any eDiscovery case after they add themselves as a member of the case.</li></ul> <br/><br/> The primary difference between an eDiscovery Manager and an eDiscovery Administrator is that an eDiscovery Administrator can access all cases that are listed on the eDiscovery cases page in the compliance portal. An eDiscovery manager can only access the cases they created or cases they are a member of. For more information about making a user an eDiscovery Administrator, see [Assign eDiscovery permissions in the compliance portal](../../compliance/assign-ediscovery-permissions.md).\|Case Management <br/><br/> Communication <br/><br/> Compliance Search <br/><br/> Custodian <br/><br/> Export <br/><br/> Hold <br/><br/> Manage Review Set Tags <br/><br/> Preview <br/><br/> Review <br/><br/> RMS Decrypt <br/><br/> Scope Manager\| +\|Global Reader\|Members have read-only access to reports, alerts, and can see all the configuration and settings. <br/><br/> The primary difference between Global Reader and Security Reader is that a Global Reader can access configuration and settings.\|Compliance Manager Reader <br/><br/> Scope Manager <br/><br/> Security Reader <br/><br/> Sensitivity Label Reader <br/><br/> Service Assurance View <br/><br/> View-Only Audit Logs <br/><br/> View-Only Device Management <br/><br/> View-Only DLP Compliance Management <br/><br/> View-Only IB Compliance Management <br/><br/> View-Only Manage Alerts <br/><br/> View-Only Recipients <br/><br/> View-Only Record Management <br/><br/> View-Only Retention Management\| +\|Information Protection\|Full control over all information protection features, including sensitivity labels and their policies, DLP, all classifier types, activity and content explorers, and all related reports.\|Data Classification Content Viewer <br/><br/> Data Classification List Viewer <br/><br/> Information Protection Admin <br/><br/> Information Protection Analyst <br/><br/> Information Protection Investigator <br/><br/> Information Protection Reader <br/><br/> Purview Evaluation Administrator\| +\|Information Protection Admins\|Create, edit, and delete DLP policies, sensitivity labels and their policies, and all classifier types. Manage endpoint DLP settings and simulation mode for auto-labeling policies.\|Information Protection Admin <br/><br/> Purview Evaluation Administrator\| +\|Information Protection Analysts\|Access and manage DLP alerts and activity explorer. View-only access to DLP policies, sensitivity labels and their policies, and all classifier types.\|Data Classification List Viewer <br/><br/> Information Protection Analyst <br/><br/> Purview Evaluation Administrator\| +\|Information Protection Investigators\|Access and manage DLP alerts, activity explorer, and content explorer. View-only access to DLP policies, sensitivity labels and their policies, and all classifier types.\|Data Classification Content Viewer <br/><br/> Data Classification List Viewer <br/><br/> Information Protection Analyst <br/><br/> Information Protection Investigator <br/><br/> Purview Evaluation Administrator\| \|Information Protection Readers\|View-only access to reports for DLP policies and sensitivity labels and their policies.\|Information Protection Reader\| -\|Insider Risk Management\|Use this role group to manage insider risk management for your organization in a single group. By adding all user accounts for designated administrators, analysts, and investigators, you can configure insider risk management permissions in a single group. This role group contains all the insider risk management permission roles. This is the easiest way to quickly get started with insider risk management and is a good fit for organizations that do not need separate permissions defined for separate groups of users.\|Case Management <br/><br/> Data Connector Admin <br/><br/> Insider Risk Management Admin <br/><br/> Insider Risk Management Analysis <br/><br/> Insider Risk Management Audit <br/><br/> Insider Risk Management Investigation <br/><br/> View-Only Case\| -\|Insider Risk Management Admins\|Use this role group to initially configure insider risk management and later to segregate insider risk administrators into a defined group. Users in this role group can create, read, update, and delete insider risk management policies, global settings, and role group assignments.\|Case Management <br/><br/> Data Connector Admin <br/><br/> Insider Risk Management Admin <br/><br/> View-Only Case\| +\|Insider Risk Management\|Use this role group to manage insider risk management for your organization in a single group. By adding all user accounts for designated administrators, analysts, and investigators, you can configure insider risk management permissions in a single group. This role group contains all the insider risk management permission roles. This is the easiest way to quickly get started with insider risk management and is a good fit for organizations that do not need separate permissions defined for separate groups of users.\|Case Management <br/><br/> Data Connector Admin <br/><br/> Insider Risk Management Admin <br/><br/> Insider Risk Management Analysis <br/><br/> Insider Risk Management Approval <br/><br/> Insider Risk Management Audit <br/><br/> Insider Risk Management Investigation <br/><br/> Insider Risk Management Sessions <br/><br/> Review <br/><br/> View-Only Case\| +\|Insider Risk Management Admins\|Use this role group to initially configure insider risk management and later to segregate insider risk administrators into a defined group. Users in this role group can create, read, update, and delete insider risk management policies, global settings, and role group assignments.\|Case Management <br/><br/> Custodian <br/><br/> Data Connector Admin <br/><br/> Insider Risk Management Admin <br/><br/> View-Only Case\| \|Insider Risk Management Analysts\|Use this group to assign permissions to users that will act as insider risk case analysts. Users in this role group can access all insider risk management alerts, cases, and notices templates. They cannot access the insider risk Content Explorer.\|Case Management <br/><br/> Insider Risk Management Analysis <br/><br/> View-Only Case\| +\|Insider Risk Management Approvers\|For internal approval use only.\|Insider Risk Management Approval\| \|Insider Risk Management Auditors\|Use this group to assign permissions to users that will audit insider risk management activities. Users in this role group can access the insider risk audit log.\|Insider Risk Management Audit\| -\|Insider Risk Management Investigators\|Use this group to assign permissions to users that will act as insider risk data investigators. Users in this role group can access all insider risk management alerts, cases, notices templates, and the Content Explorer for all cases.\|Case Management <br/><br/> Insider Risk Management Investigation <br/><br/> View-Only Case\| +\|Insider Risk Management Investigators\|Use this group to assign permissions to users that will act as insider risk data investigators. Users in this role group can access all insider risk management alerts, cases, notices templates, and the Content Explorer for all cases.\|Case Management <br/><br/> Custodian <br/><br/> Insider Risk Management Investigation <br/><br/> Review <br/><br/> View-Only Case\| +\|Insider Risk Management Session Approvers\|For internal approval use only.\|Insider Risk Management Sessions\| \|IRM Contributors\|This role group is visible, but is used by background services only.\|Insider Risk Management Permanent contribution <br/><br/> Insider Risk Management Temporary contribution\| \|Knowledge Administrators\|Configure knowledge, learning, assign trainings and other intelligent features.\|Knowledge Admin\| \|MailFlow Administrator\|Members can monitor and view mail flow insights and reports in the Defender portal. Global admins can add ordinary users to this group, but, if the user isn't a member of the Exchange Admin group, the user will not have access to Exchange admin-related tasks.\|View-Only Recipients\| -\|Organization Management<sup>1</sup>\|Members can control permissions for accessing features in these portals, and also manage settings for device management, data loss prevention, reports, and preservation. <p> Users who are not global administrators must be Exchange administrators to see and take action on devices that are managed by Basic Mobility and Security for Microsoft 365 (formerly known as Mobile Device Management or MDM). <p> Global admins are automatically added as members of this role group, but you won't see them in the output of the [Get-RoleGroupMember](/powershell/module/exchange/get-rolegroupmember) cmdlet in [Security & Compliance PowerShell](/powershell/module/exchange/get-rolegroupmember).\|Audit Logs <p><p> Case Management <p> Communication Compliance Admin <p> Communication Compliance Case Management <p> Compliance Administrator <p> Compliance Search <p> Data Connector Admin <p> Device Management <p> DLP Compliance Management <p> Hold <p> IB Compliance Management <p> Insider Risk Management Admin <p> Manage Alerts <p> Organization Configuration <p> Quarantine <p> RecordManagement <p> Retention Management <p> Role Management <p> Search And Purge <p> Security Administrator <p> Security Reader <p> Sensitivity Label Administrator <p> Sensitivity Label Reader <p> Service Assurance View <p> Tag Contributor <p> Tag Manager <p> Tag Reader <p> View-Only Audit Logs <p> View-Only Device Management <p> View-Only DLP Compliance Management <p> View-Only IB Compliance Management <p> View-Only Case <p> View-Only Manage Alerts <p> View-Only Recipients <p> View-Only Record Management <p> View-Only Retention Management\| -\|Privacy Management\|Manage access control for Priva in the Microsoft Purview compliance portal.\|Case Management <p><p> Data Classification Content Viewer <p> Data Classification List Viewer <p> Privacy Management Admin <p> Privacy Management Analysis <p> Privacy Management Investigation <p> Privacy Management Permanent contribution <p> Privacy Management Temporary contribution <p> Privacy Management Viewer <p> Subject Rights Request Admin <p> View-Only Case\| -\|Privacy Management Administrators\|Administrators of privacy management solution that can create/edit policies and define global settings.\|Case Management <p><p> Privacy Management Admin <p> View-Only Case\| -\|Privacy Management Analysts\|Analysts of privacy management solution that can investigate policy matches, view messages meta data, and take remediation actions.\|Case Management <p><p> Data Classification List Viewer <p> Privacy Management Analysis <p> View-Only Case\| -\|Privacy Management Contributors\|Manage contributor access for privacy management cases.\|Privacy Management Permanent contribution <p><p> Privacy Management Temporary contribution\| -\|Privacy Management Investigators\|Investigators of privacy management solution that can investigate policy matches, view message content, and take remediation actions.\|Case Management <p><p> Data Classification Content Viewer <p> Data Classification List Viewer <p> Privacy Management Investigation <p> View-Only Case\| -\|Privacy Management Viewers\|Viewer of privacy management solution that can access the available dashboards and widgets.\|Data Classification List Viewer <p><p> Privacy Management Viewer\| +\|Organization Management<sup>1</sup>\|Members can control permissions for accessing features in these portals, and also manage settings for device management, data loss prevention, reports, and preservation. <br/><br/> Users who are not global administrators must be Exchange administrators to see and take action on devices that are managed by Basic Mobility and Security for Microsoft 365 (formerly known as Mobile Device Management or MDM). <br/><br/> Global admins are automatically added as members of this role group, but you won't see them in the output of the [Get-RoleGroupMember](/powershell/module/exchange/get-rolegroupmember) cmdlet in [Security & Compliance PowerShell](/powershell/module/exchange/get-rolegroupmember).\|Audit Logs <br/><br/> Case Management <br/><br/> Communication Compliance Admin <br/><br/> Communication Compliance Case Management <br/><br/> Compliance Administrator <br/><br/> Compliance Manager Administration <br/><br/> Compliance Search <br/><br/> Data Connector Admin <br/><br/> Device Management <br/><br/> DLP Compliance Management <br/><br/> Hold <br/><br/> IB Compliance Management <br/><br/> Insider Risk Management Admin <br/><br/> Manage Alerts <br/><br/> Organization Configuration <br/><br/> Quarantine <br/><br/> RecordManagement <br/><br/> Retention Management <br/><br/> Role Management <br/><br/> Scope Manager <br/><br/> Search And Purge <br/><br/> Security Administrator <br/><br/> Security Reader <br/><br/> Sensitivity Label Administrator <br/><br/> Sensitivity Label Reader <br/><br/> Service Assurance View <br/><br/> Tag Contributor <br/><br/> Tag Manager <br/><br/> Tag Reader <br/><br/> View-Only Audit Logs <br/><br/> View-Only Case <br/><br/> View-Only Device Management <br/><br/> View-Only DLP Compliance Management <br/><br/> View-Only IB Compliance Management <br/><br/> View-Only Manage Alerts <br/><br/> View-Only Recipients <br/><br/> View-Only Record Management <br/><br/> View-Only Retention Management\| +\|Privacy Management\|Manage access control for Priva in the Microsoft Purview compliance portal.\|Case Management <br/><br/> Data Classification Content Viewer <br/><br/> Data Classification List Viewer <br/><br/> Privacy Management Admin <br/><br/> Privacy Management Analysis <br/><br/> Privacy Management Investigation <br/><br/> Privacy Management Permanent contribution <br/><br/> Privacy Management Temporary contribution <br/><br/> Privacy Management Viewer <br/><br/> Subject Rights Request Admin <br/><br/> View-Only Case\| +\|Privacy Management Administrators\|Administrators of privacy management solution that can create/edit policies and define global settings.\|Case Management <br/><br/> Privacy Management Admin <br/><br/> View-Only Case\| +\|Privacy Management Analysts\|Analysts of privacy management solution that can investigate policy matches, view messages meta data, and take remediation actions.\|Case Management <br/><br/> Data Classification List Viewer <br/><br/> Privacy Management Analysis <br/><br/> View-Only Case\| +\|Privacy Management Contributors\|Manage contributor access for privacy management cases.\|Privacy Management Permanent contribution <br/><br/> Privacy Management Temporary contribution\| +\|Privacy Management Investigators\|Investigators of privacy management solution that can investigate policy matches, view message content, and take remediation actions.\|Case Management <br/><br/> Data Classification Content Viewer <br/><br/> Data Classification List Viewer <br/><br/> Privacy Management Investigation <br/><br/> View-Only Case\| +\|Privacy Management Viewers\|Viewer of privacy management solution that can access the available dashboards and widgets.\|Data Classification List Viewer <br/><br/> Privacy Management Viewer\| \|Quarantine Administrator\|Members can access all Quarantine actions. For more information, see [Manage quarantined messages and files as an admin in EOP](quarantine-admin-manage-messages-files.md)\|Quarantine\| -\|Records Management\|Members can configure all aspects of records management, including retention labels and disposition reviews.\|Disposition Management <p><p> RecordManagement <p> Retention Management\| -\|Reviewer\|Members can access review sets in [eDiscovery (Premium)](../../compliance/overview-ediscovery-20.md) cases. Members of this role group can see and open the list of cases on the eDiscovery > Advanced page in the Microsoft Purview compliance portal that they're members of. After the user accesses an eDiscovery (Premium) case, they can select Review sets to access case data. This role doesn't allow the user to preview the results of a collection search that's associated with the case or do other search or case management tasks. Members of this role group can only access the data in a review set.\|Review\| -\|Security Administrator\|Members have access to a number of security features of Identity Protection Center, Privileged Identity Management, Monitor Microsoft 365 Service Health, and the Defender and compliance portals. <p> By default, this role group may not appear to have any members. However, the Security Administrator role from Azure Active Directory is assigned to this role group. Therefore, this role group inherits the capabilities and membership of the Security Administrator role from Azure Active Directory. <p> To manage permissions centrally, add and remove group members in the Azure Active Directory admin center. For more information, see [Azure AD built-in roles](/azure/active-directory/roles/permissions-reference). If you edit this role group in these portals (membership or roles), those changes apply only to the security and compliance areas and not to any other services. <p> This role group includes all of the read-only permissions of the Security reader role, plus a number of additional administrative permissions for the same -\|Security Operator\|Members can manage security alerts, and also view reports and settings of security features.\|Compliance Search <p><p> Manage Alerts <p> Security Reader <p> Tag Contributor <p> Tag Reader <p> Tenant AllowBlockList Manager <p> View-Only Audit Logs <p> View-Only Device Management <p> View-Only DLP Compliance Management <p> View-Only IB Compliance Management <p> View-Only Manage Alerts\| -\|Security Reader\|Members have read-only access to a number of security features of Identity Protection Center, Privileged Identity Management, Monitor Microsoft 365 Service Health, and the Defender and compliance portals. <p> By default, this role group may not appear to have any members. However, the Security Reader role from Azure Active Directory is assigned to this role group. Therefore, this role group inherits the capabilities and membership of the Security Reader role from Azure Active Directory. <p> To manage permissions centrally, add and remove group members in the Azure Active Directory admin center. For more information, see [Azure AD built-in roles](/azure/active-directory/roles/permissions-reference). If you edit this role group in the portals (membership or roles), those changes apply only to security and compliance areas and not to any other services.\|Security Reader <p><p> Sensitivity Label Reader <p> Tag Reader <p> View-Only Device Management <p> View-Only DLP Compliance Management <p> View-Only IB Compliance Management <p> View-Only Manage Alerts\| +\|Records Management\|Members can configure all aspects of records management, including retention labels and disposition reviews.\|Disposition Management <br/><br/> RecordManagement <br/><br/> Retention Management <br/><br/> Scope Manager\| +\|Reviewer\|Members can access review sets in [eDiscovery (Premium)](../../compliance/overview-ediscovery-20.md) cases. Members of this role group can see and open the list of cases on the eDiscovery \> Advanced page in the Microsoft Purview compliance portal that they're members of. After the user accesses an eDiscovery (Premium) case, they can select Review sets to access case data. This role doesn't allow the user to preview the results of a collection search that's associated with the case or do other search or case management tasks. Members of this role group can only access the data in a review set.\|Review\| +\|Security Administrator\|Members have access to a number of security features of Identity Protection Center, Privileged Identity Management, Monitor Microsoft 365 Service Health, and the Defender and compliance portals. <br/><br/> By default, this role group may not appear to have any members. However, the Security Administrator role from Azure Active Directory is assigned to this role group. Therefore, this role group inherits the capabilities and membership of the Security Administrator role from Azure Active Directory. <br/><br/> To manage permissions centrally, add and remove group members in the Azure Active Directory admin center. For more information, see [Azure AD built-in roles](/azure/active-directory/roles/permissions-reference). If you edit this role group in these portals (membership or roles), those changes apply only to the security and compliance areas and not to any other services. <br/><br/> This role group includes all of the read-only permissions of the Security reader role, plus a number of additional administrative permissions for the same +\|Security Operator\|Members can manage security alerts, and also view reports and settings of security features.\|Compliance Search <br/><br/> Manage Alerts <br/><br/> Security Reader <br/><br/> Tag Contributor <br/><br/> Tag Reader <br/><br/> Tenant AllowBlockList Manager <br/><br/> View-Only Audit Logs <br/><br/> View-Only Device Management <br/><br/> View-Only DLP Compliance Management <br/><br/> View-Only IB Compliance Management <br/><br/> View-Only Manage Alerts\| +\|Security Reader\|Members have read-only access to a number of security features of Identity Protection Center, Privileged Identity Management, Monitor Microsoft 365 Service Health, and the Defender and compliance portals. <br/><br/> By default, this role group may not appear to have any members. However, the Security Reader role from Azure Active Directory is assigned to this role group. Therefore, this role group inherits the capabilities and membership of the Security Reader role from Azure Active Directory. <br/><br/> To manage permissions centrally, add and remove group members in the Azure Active Directory admin center. For more information, see [Azure AD built-in roles](/azure/active-directory/roles/permissions-reference). If you edit this role group in the portals (membership or roles), those changes apply only to security and compliance areas and not to any other services.\|Compliance Manager Reader <br/><br/> Security Reader <br/><br/> Sensitivity Label Reader <br/><br/> Tag Reader <br/><br/> View-Only Device Management <br/><br/> View-Only DLP Compliance Management <br/><br/> View-Only IB Compliance Management <br/><br/> View-Only Manage Alerts\| \|Service Assurance User\|Members can access the Service assurance section in the compliance portal. Service assurance provides reports and documents that describe Microsoft's security practices for customer data that's stored in Microsoft 365. It also provides independent third-party audit reports on Microsoft 365. For more information, see [Service assurance in the compliance portal](../../compliance/service-assurance.md).\|Service Assurance View\| \|Subject Rights Request Administrators\|Create subject rights requests.\|Case Management <br/><br/> Subject Rights Request Admin <br/><br/> View-Only Case\| +\|Subject Rights Request Approvers\|Approvers who are able to approve subject rights requests.\|Subject Rights Request Approver\| \|Supervisory Review\|Members can create and manage the policies that define which communications are subject to review in an organization. For more information, see [Configure communication compliance policies for your organization](../../compliance/communication-compliance-configure.md).\|Supervisory Review Administrator\| > [!NOTE] -> <sup>1</sup> This role group doesn't assign members the permissions necessary to search the audit log or to use any reports that might include Exchange data, such as the DLP or Defender for Office 365 reports. To search the audit log or to view all reports, a user has to be assigned permissions in Exchange Online. This is because the underlying cmdlet used to search the audit log is an Exchange Online cmdlet. Global admins can search the audit log and view all reports because they're automatically added as members of the Organization Management role group in Exchange Online. For more information, see [Search the audit log in the compliance portal](../../compliance/search-the-audit-log-in-security-and-compliance.md). +> <sup>1</sup> This role group doesn't assign members the permissions necessary to search the audit log or to use any reports that might include Exchange data, such as the DLP or Defender for Office 365 reports. To search the audit log or to view all reports, a user has to be assigned permissions in Exchange Online. This action is required because the underlying cmdlet that's used to search the audit log is an Exchange Online cmdlet. Global admins can search the audit log and view all reports because they're automatically added as members of the Organization Management role group in Exchange Online. For more information, see [Search the audit log in the compliance portal](../../compliance/search-the-audit-log-in-security-and-compliance.md). ## Roles in Microsoft Defender for Office 365 and Microsoft Purview compliance The following roles aren't assigned to the Organization Management role group by - Communication Compliance Analysis - Communication Compliance Investigation - Communication Compliance Viewer-- Compliance Manager Administration - Compliance Manager Assessment - Compliance Manager Contribution - Compliance Manager Reader The following roles aren't assigned to the Organization Management role group by - Information Protection Investigator - Information Protection Reader - Insider Risk Management Analysis +- Insider Risk Management Approval - Insider Risk Management Audit - Insider Risk Management Investigation - Insider Risk Management Permanent contribution +- Insider Risk Management Sessions - Insider Risk Management Temporary contribution - Knowledge Admin +- Manage Review Set Tags - Preview - Privacy Management Admin - Privacy Management Analysis The following roles aren't assigned to the Organization Management role group by - Review - RMS Decrypt - Subject Rights Request Admin +- Subject Rights Request Approver - Supervisory Review Administrator - Tenant AllowBlockList Manager The following roles aren't assigned to the Organization Management role group by \|Communication Compliance Investigation\|Used to perform investigation, remediation, and review message violations in the Communication Compliance feature. Can view message meta data and message.\|Communication Compliance <br/><br/> Communication Compliance Investigators\| \|Communication Compliance Viewer\|Used to access reports and widgets in the Communication Compliance feature.\|Communication Compliance <br/><br/> Communication Compliance Viewers\| \|Compliance Administrator\|View and edit settings and reports for compliance features.\|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Organization Management\| -\|Compliance Manager Administration\|Manage template creation and modification.\|Compliance Manager Administrators\| +\|Compliance Manager Administration\|Manage template creation and modification.\|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Compliance Manager Administrators <br/><br/> Organization Management <br/><br/> Security Administrator\| \|Compliance Manager Assessment\|Create assessments, implement improvement actions, and update test status for improvement actions.\|Compliance Manager Administrators <br/><br/> Compliance Manager Assessors\| \|Compliance Manager Contribution\|Create assessments and perform work to implement improvement actions.\|Compliance Manager Administrators <br/><br/> Compliance Manager Assessors <br/><br/> Compliance Manager Contributors\| -\|Compliance Manager Reader\|View all Compliance Manager content except for administrator functions.\|Compliance Manager Administrators <br/><br/> Compliance Manager Assessors <br/><br/> Compliance Manager Contributors <br/><br/> Compliance Manager Readers\| +\|Compliance Manager Reader\|View all Compliance Manager content except for administrator functions.\|Compliance Manager Administrators <br/><br/> Compliance Manager Assessors <br/><br/> Compliance Manager Contributors <br/><br/> Compliance Manager Readers <br/><br/> Global Reader <br/><br/> Security Reader\| \|Compliance Search\|Perform searches across mailboxes and get an estimate of the results.\|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Data Investigator <br/><br/> eDiscovery Manager <br/><br/> Organization Management <br/><br/> Security Operator\| -\|Custodian\|Identify and manage custodians for eDiscovery (Premium) cases and use the information from Azure Active Directory and other sources to find data sources associated with custodians. Associate other data sources such as mailboxes, SharePoint sites, and Teams with custodians in a case. Place a legal hold on the data sources associated with custodians to preserve content in the context of a case.\|Data Investigator <br/><br/> eDiscovery Manager\| +\|Custodian\|Identify and manage custodians for eDiscovery (Premium) cases and use the information from Azure Active Directory and other sources to find data sources associated with custodians. Associate other data sources such as mailboxes, SharePoint sites, and Teams with custodians in a case. Place a legal hold on the data sources associated with custodians to preserve content in the context of a case.\|Data Investigator <br/><br/> eDiscovery Manager <br/><br/> Insider Risk Management <br/><br/> Insider Risk Management Investigators\| \|Data Classification Content Viewer\|View in-place rendering of files in Content explorer.\|Content Explorer Content Viewer <br/><br/> Information Protection <br/><br/> Information Protection Investigators <br/><br/> Privacy Management <br/><br/> Privacy Management Investigators\| \|Data Classification Feedback Provider\|Allows providing feedback to classifiers in content explorer.\|Communication Compliance <br/><br/> Communication Compliance Investigators <br/><br/> Compliance Administrator\| \|Data Classification Feedback Reviewer\|Allows reviewing feedback from classifiers in feedback explorer.\|Compliance Administrator\| -\|Data Classification List Viewer\|View the list of files in content explorer.\|Content Explorer List Viewer <br/><br/> Information Protection Analysts <br/><br/> Privacy Management <br/><br/> Privacy Management Analysts <br/><br/> Privacy Management Investigators <br/><br/> Privacy Management Viewers\| -\|Data Connector Admin\|Create and manage connectors to import and archive non-Microsoft data in Microsoft 365.\|Communication Compliance <br/><br/> Communication Compliance Administrators <br/><br/> Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Compliance Manager Administrators <br/><br/> Compliance Manager Assessors <br/><br/> Compliance Manager Contributors <br/><br/> Insider Risk Management <br/><br/> Insider Risk Management Admins <br/><br/> Organization Management\| +\|Data Classification List Viewer\|View the list of files in content explorer.\|Content Explorer List Viewer <br/><br/> Information Protection <br/><br/> Information Protection Analysts <br/><br/> Information Protection Investigators <br/><br/> Privacy Management <br/><br/> Privacy Management Analysts <br/><br/> Privacy Management Investigators <br/><br/> Privacy Management Viewers\| +\|Data Connector Admin\|Create and manage connectors to import and archive non-Microsoft data in Microsoft 365.\|Communication Compliance <br/><br/> Communication Compliance Administrators <br/><br/> Compliance Administrator <br/><br/> Compliance Manager Administrators <br/><br/> Compliance Manager Assessors <br/><br/> Compliance Manager Contributors <br/><br/> Insider Risk Management <br/><br/> Insider Risk Management Admins <br/><br/> Organization Management\| \|Data Investigation Management\|Create, edit, delete, and control access to data investigation.\|Compliance Administrator <br/><br/> Data Investigator\| \|Device Management\|View and edit settings and reports for device management features.\|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Organization Management <br/><br/> Security Administrator\| \|Disposition Management\|Control permissions for accessing Manual Disposition in the the Defender and compliance portals.\|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Records Management\| The following roles aren't assigned to the Organization Management role group by \|IB Compliance Management\|View, create, remove, modify, and test Information Barrier policies.\|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Organization Management <br/><br/> Security Administrator\| \|Information Protection Admin\|Create, edit, and delete DLP policies, sensitivity labels and their policies, and all classifier types. Manage endpoint DLP settings and simulation mode for auto-labeling policies.\|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Information Protection <br/><br/> Information Protection Admins\| \|Information Protection Analyst\|Access and manage DLP alerts and activity explorer. View-only access to DLP policies, sensitivity labels and their policies, and all classifier types.\|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Information Protection <br/><br/> Information Protection Analysts <br/><br/> Information Protection Investigators\| -\|Information Protection Investigator\|Access and manage DLP alerts, activity explorer, and content explorer. View-only access to DLP policies, sensitivity labels and their policies, and all classifier types.\|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Information Protection <br/><br/> Information Protection Investigators\| +\|Information Protection Investigator\|Access and manage DLP alerts, activity explorer, and content explorer. View-only access to DLP policies, sensitivity labels and their policies, and all classifier types.\|Information Protection <br/><br/> Information Protection Investigators\| \|Information Protection Reader\|View-only access to reports for DLP policies and sensitivity labels and their policies.\|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Information Protection <br/><br/> Information Protection Readers\| \|Insider Risk Management Admin\|Create, edit, delete, and control access to Insider Risk Management feature.\|Compliance Administrator <br/><br/> Insider Risk Management <br/><br/> Insider Risk Management Admins <br/><br/> Organization Management\| \|Insider Risk Management Analysis\|Access all insider risk management alerts, cases, and notices templates.\|Insider Risk Management <br/><br/> Insider Risk Management Analysts\| +\|Insider Risk Management Approval\|Perform investigation, remediation, and review message violations in Privacy Management solution. Can view message metadata and full messages.\|Insider Risk Management <br/><br/> Insider Risk Management Approvers\| \|Insider Risk Management Audit\|Allow viewing Insider Risk audit trails.\|Insider Risk Management <br/><br/> Insider Risk Management Auditors\| \|Insider Risk Management Investigation\|Access all insider risk management alerts, cases, notices templates, and the Content Explorer for all cases.\|Insider Risk Management <br/><br/> Insider Risk Management Investigators\| \|Insider Risk Management Permanent contribution\|This role group is visible, but is used by background services only.\|IRM Contributors\| +\|Insider Risk Management Sessions\|Perform investigation and remediation of message violations in Privacy Management solution. Can view only message metadata.\|Insider Risk Management <br/><br/> Insider Risk Management Session Approvers\| \|Insider Risk Management Temporary contribution\|This role group is visible, but is used by background services only.\|IRM Contributors\| \|Knowledge Admin\|Configure knowledge, learning, assign trainings and other intelligent features.\|Knowledge Administrators\| -\|Manage Alerts\|View and edit settings and reports for alerts.\|Compliance Administrator <p><p> Compliance Data Administrator <p> Organization Management <p> Security Administrator <p> Security Operator\| -\|Organization Configuration\|Run, view, and export audit reports and manage compliance policies for DLP, devices, and preservation.\|Compliance Administrator <p><p> Compliance Data Administrator <p> Organization Management\| -\|Preview\|View a list of items that are returned from content searches, and open each item from the list to view its contents.\|Data Investigator <p><p> eDiscovery Manager\| -\|Privacy Management Admin\|Manage policies in Privacy Management and has access to all functionality of the solution.\|Privacy Management <p><p> Privacy Management Administrators\| -\|Privacy Management Analysis\|Perform investigation and remediation of the message violations in Privacy Management. Can only view messages metadata.\|Privacy Management <p> Privacy Management Analysts\| -\|Privacy Management Investigation\|Perform investigation, remediation, and review message violations in Privacy Management. Can view message metadata and the full message.\|Privacy Management <p><p> Privacy Management Investigators\| -\|Privacy Management Permanent contribution\|Access Privacy Management cases as a permanent contributor.\|Privacy Management <p><p> Privacy Management Contributors\| -\|Privacy Management Temporary contribution\|Access Privacy Management cases as a temporary contributor.\|Privacy Management <p><p> Privacy Management Contributors\| -\|Privacy Management Viewer\|Access dashboards and widgets in Privacy Management.\|Privacy Management <p><p> Privacy Management Viewers\| -\|Quarantine\|Allows viewing and releasing quarantined email.\|Quarantine Administrator <p><p> Security Administrator <p> Organization Management\| -\|RecordManagement\|View and edit the configuration of the records management feature.\|Compliance Administrator <p><p> Compliance Data Administrator <p> Organization Management <p> Records Management\| -\|Retention Management\|Manage retention policies, retention labels, and retention label policies.\|Compliance Administrator <p><p> Compliance Data Administrator <p> Organization Management <p> Records Management\| -\|Review\|This role lets users access review sets in eDiscovery (Premium) cases. Users who are assigned this role can see and open the list of cases on the eDiscovery > Advanced page in the Microsoft Purview compliance portal that they're members of. After the user accesses an eDiscovery (Premium) case, they can select Review sets to access case data. This role doesn't allow the user to preview the results of a collection search that's associated with the case or do other search or case management tasks. Users with this role can only access the data in a review set.\|Data Investigator <p><p> eDiscovery Manager <p> Reviewer\| -\|RMS Decrypt\|Decrypt RMS-protected content when exporting search results.\|Data Investigator <p><p> eDiscovery Manager\| +\|Manage Alerts\|View and edit settings and reports for alerts.\|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Organization Management <br/><br/> Security Administrator <br/><br/> Security Operator\| +\|Manage Review Set Tags\|Decrypt RMS-protected content when exporting search results.\|eDiscovery Manager\| +\|Organization Configuration\|Run, view, and export audit reports and manage compliance policies for DLP, devices, and preservation.\|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Organization Management\| +\|Preview\|View a list of items that are returned from content searches, and open each item from the list to view its contents.\|Data Investigator <br/><br/> eDiscovery Manager\| +\|Privacy Management Admin\|Manage policies in Privacy Management and has access to all functionality of the solution.\|Privacy Management <br/><br/> Privacy Management Administrators\| +\|Privacy Management Analysis\|Perform investigation and remediation of the message violations in Privacy Management. Can only view messages metadata.\|Privacy Management <br/><br/> Privacy Management Analysts\| +\|Privacy Management Investigation\|Perform investigation, remediation, and review message violations in Privacy Management. Can view message metadata and the full message.\|Privacy Management <br/><br/> Privacy Management Investigators\| +\|Privacy Management Permanent contribution\|Access Privacy Management cases as a permanent contributor.\|Privacy Management <br/><br/> Privacy Management Contributors\| +\|Privacy Management Temporary contribution\|Access Privacy Management cases as a temporary contributor.\|Privacy Management <br/><br/> Privacy Management Contributors\| +\|Privacy Management Viewer\|Access dashboards and widgets in Privacy Management.\|Privacy Management <br/><br/> Privacy Management Viewers\| +\|Purview Evaluation Administrator\|Used to create and manage M365 Purview Evaluation lab\|Information Protection <br/><br/> Information Protection Admins <br/><br/> Information Protection Analysts <br/><br/> Information Protection Investigators\| +\|Quarantine\|Allows viewing and releasing quarantined email.\|Organization Management <br/><br/> Quarantine Administrator <br/><br/> Security Administrator\| +\|RecordManagement\|View and edit the configuration of the records management feature.\|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Organization Management <br/><br/> Records Management\| +\|Retention Management\|Manage retention policies, retention labels, and retention label policies.\|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Organization Management <br/><br/> Records Management\| +\|Review\|This role lets users access review sets in eDiscovery (Premium) cases. Users who are assigned this role can see and open the list of cases on the eDiscovery \> Advanced page in the Microsoft Purview compliance portal that they're members of. After the user accesses an eDiscovery (Premium) case, they can select Review sets to access case data. This role doesn't allow the user to preview the results of a collection search that's associated with the case or do other search or case management tasks. Users with this role can only access the data in a review set.\|Data Investigator <br/><br/> eDiscovery Manager <br/><br/> Insider Risk Management <br/><br/> Insider Risk Management Investigators <br/><br/> Reviewer\| +\|RMS Decrypt\|Decrypt RMS-protected content when exporting search results.\|Data Investigator <br/><br/> eDiscovery Manager\| \|Role Management\|Manage role group membership and create or delete custom role groups.\|Organization Management\| +\|Scope Manager\|Enables administrators to create, edit, delete, and control access to scoping features such as Adaptive Scopes in the organization.\|Communication Compliance <br/><br/> Communication Compliance Administrators <br/><br/> Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> eDiscovery Manager <br/><br/> Global Reader <br/><br/> Organization Management <br/><br/> Records Management\| \|Search And Purge\|Lets people bulk-remove data that matches the criteria of a content search.\|Data Investigator <br/><br/> Organization Management\| \|Security Administrator\|View and edit the configuration and reports for Security features.\|Organization Management <br/><br/> Security Administrator\| \|Security Reader\|View the configuration and reports for Security features.\|Global Reader <br/><br/> Organization Management <br/><br/> Security Operator <br/><br/> Security Reader\| \|Sensitivity Label Administrator\|View, create, modify, and remove sensitivity labels.\|Compliance Data Administrator <br/><br/> Organization Management <br/><br/> Security Administrator\| \|Sensitivity Label Reader\|View the configuration and usage of sensitivity labels.\|Global Reader <br/><br/> Organization Management <br/><br/> Security Reader\| \|Service Assurance View\|Download the available documents from the Service Assurance section. Content includes independent auditing, compliance documentation, and trust-related guidance for using Microsoft 365 features to manage regulatory compliance and security risks.\|Global Reader <br/><br/> Organization Management <br/><br/> Service Assurance User\| +\|Subject Rights Request Admin\|Manage supervisory review policies, including which communications to review and who should perform the review.\|Privacy Management <br/><br/> Subject Rights Request Administrators\| +\|Subject Rights Request Approver\|Create, edit, delete, and control access to custodian.\|Subject Rights Request Approvers\| \|Supervisory Review Administrator\|Manage supervisory review policies, including which communications to review and who should do the review.\|Supervisory Review\| \|Tag Contributor\|View and update membership of existing user tags.\|Organization Management <br/><br/> Security Administrator <br/><br/> Security Operator\| \|Tag Manager\|View, update, create, and delete user tags.\|Organization Management <br/><br/> Security Administrator\| -\|Tag Reader\|Read-only access to existing user tags.\|Security Reader\| +\|Tag Reader\|Read-only access to existing user tags.\|Organization Management <br/><br/> Security Administrator <br/><br/> Security Operator <br/><br/> Security Reader\| \|Tenant AllowBlockList Manager\|Manage tenant allow block list settings.\|Security Operator\| \|View-Only Audit Logs\|View and export audit reports. Because these reports might contain sensitive information, you should only assign this role to people with an explicit need to view this information.\|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Global Reader <br/><br/> Organization Management <br/><br/> Security Administrator <br/><br/> Security Operator\| -\|View-Only Case\|\|Communication Compliance <br/><br/> Communication Compliance Investigators <br/><br/> Compliance Administrator <br/><br/> Insider Risk Management <br/><br/> Insider Risk Management Admins <br/><br/> Insider Risk Management Analysts <br/><br/> Insider RiskManagement Investigators <br/><br/> Organization Management <br/><br/> Privacy Management <br/><br/> Privacy Management Administrators <br/><br/> Privacy Management Analysts <br/><br/> Privacy Management Investigators <br/><br/> Subject Rights Request Administrators\| +\|View-Only Case\|\|Communication Compliance <br/><br/> Communication Compliance Investigators <br/><br/> Compliance Administrator <br/><br/> Insider Risk Management <br/><br/> Insider Risk Management Admins <br/><br/> Insider Risk Management Analysts <br/><br/> Insider Risk Management Investigators <br/><br/> Organization Management <br/><br/> Privacy Management <br/><br/> Privacy Management Administrators <br/><br/> Privacy Management Analysts <br/><br/> Privacy Management Investigators <br/><br/> Subject Rights Request Administrators\| \|View-Only Device Management\|View the configuration and reports for the Device Management feature.\|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Global Reader <br/><br/> Organization Management <br/><br/> Security Administrator <br/><br/> Security Operator <br/><br/> Security Reader\| \|View-Only DLP Compliance Management\|View the settings and reports for data loss prevention (DLP) policies.\|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Global Reader <br/><br/> Organization Management <br/><br/> Security Administrator <br/><br/> Security Operator <br/><br/> Security Reader\| \|View-Only IB Compliance Management\|View the configuration and reports for the Information Barriers feature.\|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Global Reader <br/><br/> Organization Management <br/><br/> Security Administrator <br/><br/> Security Operator <br/><br/> Security Reader\| \|View-Only Manage Alerts\|View the configuration and reports for the Manage Alerts feature.\|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Global Reader <br/><br/> Organization Management <br/><br/> Security Administrator <br/><br/> Security Operator <br/><br/> Security Reader\| \|View-Only Recipients\|View information about users and groups.\|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Global Reader <br/><br/> MailFlow Administrator <br/><br/> Organization Management\| -\|View-Only Record Management\|View the configuration of the records management feature.\|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> <br/><br/> Global Reader <br/><br/> Organization Management\| -\|View-Only Retention Management\|View the configuration of retention policies, retention labels, and retention label policies.\|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Global Administrator <br/><br/> Organization Management\| +\|View-Only Record Management\|View the configuration of the records management feature.\|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Global Reader <br/><br/> Organization Management\| +\|View-Only Retention Management\|View the configuration of retention policies, retention labels, and retention label policies.\|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Organization Management\|
security	Defense In Depth Guide	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/defense-in-depth-guide.md	The information below will detail how to get the most out of your investment, br Read more here: [Advanced delivery](../skip-filtering-phishing-simulations-sec-ops-mailboxes.md) -- You can configure user reported message settings to allow users to report good or bad messages to Microsoft, to a designated reporting mailbox (to integrate with current security workflows) or both. Admins can use the User reported tab on the Submissions page to triage false positives and false negative user reported messages. +- You can configure user reported settings to allow users to report good or bad messages to Microsoft, to a designated reporting mailbox (to integrate with current security workflows) or both. Admins can use the User reported tab on the Submissions page to triage false positives and false negative user reported messages. Read more here: [Deploy and configure the report message add-in to users](deploy-and-configure-the-report-message-add-in.md)
security	Deploy And Configure The Report Message Add In	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/deploy-and-configure-the-report-message-add-in.md	Last updated 1/31/2023 # Deploy and configure the report message add-in to users -The Report message and report phishing add-in for Outlook makes it easy to report phishing to Microsoft and its affiliates for analysis, along with easy triage for admins in the [submissions portal](https://security.microsoft.com/reportsubmission?viewid=user). +The Report Message and Report Phishing add-ins for Outlook makes it easy to report phishing to Microsoft and its affiliates for analysis, along with easy triage for admins on the Submissions page at <https://security.microsoft.com/reportsubmission?viewid=user>. Depending on whether you are licensed for Defender for Office 365, you'll also get added functionality such as alerting & automated investigation and response (AIR), which will remove the burden from your security operations staff. This guide will walk you through configuring the add-in deployment as recommended by the Microsoft Defender for Office 365 team. Depending on whether you are licensed for Defender for Office 365, you'll also g 1. Login to the Microsoft Security portal at <https://security.microsoft.com>. 2. On the left nav, select Settings and choose Email & collaboration. -3. Select User reported message settings. -5. Ensure Microsoft Outlook Report Message button is toggled to On. -6. Under Send the reported messages to choose Microsoft (Recommended). -7. Ensure Let users choose if they want to report is unchecked and Always report the message is selected. -8. Press Save. +3. Select User reported settings. +4. Ensure Microsoft Outlook Report Message button is toggled to On. +5. Under Send the reported messages to choose Microsoft (Recommended). +6. Ensure Let users choose if they want to report is unchecked and Always report the message is selected. +7. Press Save. ## Optional steps ΓÇô configure notifications Depending on whether you are licensed for Defender for Office 365, you'll also g ### Further reading -Learn more about user reported message settings [User reported message settings - Office 365 \| Microsoft Docs](../submissions-user-reported-messages-files-custom-mailbox.md) +Learn more about user reported settings [User reported settings](../submissions-user-reported-messages-custom-mailbox.md) -Enable the report message or report phishing add-in [Enable the Microsoft Report Message or Report Phishing add-ins - Office 365 \| Microsoft Docs](../submissions-users-report-message-add-in-configure.md) +Enable the report message or report phishing add-in [Enable the Microsoft Report Message or Report Phishing add-ins](../submissions-users-report-message-add-in-configure.md)
security	Submissions Admin Review User Reported Messages	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/submissions-admin-review-user-reported-messages.md	+ + Title: Admin review for user reported messages +f1.keywords: +- NOCSH +++ +audience: Admin + +ms.localizationpriority: medium + + - m365-security + - tier2 + +description: Admins can learn how to review messages that were reported by users and give them feedback. ++ +search.appverid: met150 Last updated : 2/24/2023++ +# Admin review for user reported messages ++ +Applies to +- [Exchange Online Protection](eop-about.md) +- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md) +- [Microsoft 365 Defender](../defender/microsoft-365-defender.md) + +In Microsoft 365 organizations with Exchange Online mailboxes and Microsoft Defender for Office 365, admins can send templated messages back to end users after an admin has reviewed the reported messages. You can customize the templates for your organization and for the admin verdict. + +The feature is designed to give feedback to your users but doesn't change the verdicts of messages in the system. To help Microsoft update and improve its filters, you need to submit messages for analysis using [Admin submission](submissions-admin.md). + +You will only be able to mark and notify users of review results if the message was reported as a [false positives or false negatives](submissions-outlook-report-messages.md). + +## What do you need to know before you begin? + +- You open the Microsoft 365 Defender portal at <https://security.microsoft.com>. To go directly to the Submissions page, use <https://security.microsoft.com/reportsubmission>. To go directly to the User reported page, use <https://security.microsoft.com/reportsubmission?viewid=user>. + +- To modify the configuration for User reported messages, you need to be a member of one of the following role groups: + - Organization Management or Security Administrator in the [Microsoft 365 Defender portal](mdo-portal-permissions.md). + - Organization Management in [Exchange Online](/Exchange/permissions-exo/permissions-exo#role-groups). + +- You'll also need access to Exchange Online PowerShell. If the account that you're trying to use doesn't have access to Exchange Online PowerShell, you'll receive an error that says Specify an email address in your domain. For more information about enabling or disabling access to Exchange Online PowerShell, see the following topics: + - [Enable or disable access to Exchange Online PowerShell](/powershell/exchange/disable-access-to-exchange-online-powershell) + - [Client Access Rules in Exchange Online](/exchange/clients-and-mobile-in-exchange-online/client-access-rules/client-access-rules) + +## Notify users from within the portal + +1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to the Submissions page at Email & collaboration \> Submissions \> User reported tab. To go directly to the User reported tab, use <https://security.microsoft.com/reportsubmission?viewid=user>. + +2. On the User reported tab, find and select the message, select Mark as and notify, and then select one of the following values from the dropdown list: + - No threats found + - Phishing + - Spam + + > [!div class="mx-imgBorder"] + > :::image type="content" source="../../media/admin-review-send-message-from-portal.png" alt-text="The page displaying the user-reported messages" lightbox="../../media/admin-review-send-message-from-portal.png"::: + +The reported message will be marked as No threats found, Phishing, or Spam, and an email will be automatically sent to notify the user who reported the message. + +## Customize the messages used to notify users + +1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to the User reported page at Settings \> Email & collaboration \> User reported tab. To go directly to the User reported page, use <https://security.microsoft.com/securitysettings/userSubmission>. + +2. On the User reported page, verify that the toggle at the top of the page is ![Toggle On](../../media/scc-toggle-on.png) On. + +3. Find the Email sent to user after admin review section and configure one or more of the following settings: + + - Specify an Office 365 mailbox to send email notifications from: Select this option and enter the sender's email address in the box that appears. + - Replace the Microsoft logo with my company logo: Select this option to replace the default Microsoft logo that's used in notifications. Before you do this step, you need to follow the instructions in [Customize the Microsoft 365 theme for your organization](../../admin/setup/customize-your-organization-theme.md) to upload your custom logo. This option is not supported if your organization has a custom logo pointing to a URL instead of an uploaded image file. + - Customize email notification messages: Click this link to customize the email notification that's sent after an admin reviews and marks a reported message. In the Customize admin review email notifications flyout that appears, configure the following settings on the Phishing, Junk and No threats found tabs: + - Email box results text: Enter the custom text to use. + - Footer tab: The following options are available: + - Email footer text: Enter the custom message footer text to use. + + When you're finished on the Customize admin review email notifications flyout, click Confirm. + + > [!div class="mx-imgBorder"] + > :::image type="content" source="../../media/admin-review-customize-message.png" alt-text="The Customize confirmation message page" lightbox="../../media/admin-review-customize-message.png"::: + +4. When you're finished, click Save. To clear these values, click Restore on the User reported page.
security	Submissions Admin	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/submissions-admin.md	- m365-security - tier1 -description: Admins can learn how to use the Submissions portal in the Microsoft 365 Defender portal to submit legitimate email getting blocked, suspicious email, suspected phishing email, spam, other potentially harmful messages, URLs, and email attachments to Microsoft for rescanning. +description: "Admins can learn how to use the Submissions page in the Microsoft 365 Defender portal to submit messages, URLs, and email attachments to Microsoft for analysis. Reasons for submission include: legitimate messages that were blocked, suspicious messages that were allowed, suspected phishing email, spam, malware, and other potentially harmful messages." Previously updated : 12/05/2022 Last updated : 2/24/2023 -# Use the Submissions portal to submit suspected spam, phish, URLs, legitimate email getting blocked, and email attachments to Microsoft +# Use the Submissions page to submit suspected spam, phish, URLs, legitimate email getting blocked, and email attachments to Microsoft [!INCLUDE [MDO Trial banner](../includes/mdo-trial-banner.md)] Last updated 12/05/2022 - [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md) - [Microsoft 365 Defender](../defender/microsoft-365-defender.md) -In Microsoft 365 organizations with Exchange Online mailboxes, admins can use the Submissions portal in the Microsoft 365 Defender portal to submit email messages, URLs, and attachments to Microsoft for scanning. +In Microsoft 365 organizations with Exchange Online mailboxes, admins can use the Submissions page in the Microsoft 365 Defender portal to submit email messages, URLs, and attachments to Microsoft for analysis. -When you submit an email message for analysis, you will get: +When you submit an email message for analysis, Microsoft does the following checks: -- Email authentication check: Details on whether email authentication passed or failed when it was delivered.-- Policy hits: Information about any policies that may have allowed or blocked the incoming email into your tenant, overriding our service filter verdicts. +- Email authentication check: Whether email authentication passed or failed when it was delivered. +- Policy hits: Information about any policies or overrides that may have allowed or blocked the incoming email into your tenant, overriding our service filter verdicts. - Payload reputation/detonation: Up-to-date examination of any URLs and attachments in the message. - Grader analysis: Review done by human graders in order to confirm whether or not messages are malicious. When you submit an email message for analysis, you will get: > > Payload reputation/detonation and grader analysis are not done in all tenants. Information is blocked from going outside the organization when data is not supposed to leave the tenant boundary for compliance purposes. -For other ways to submit email messages, URLs, and attachments to Microsoft, see [Report messages and files to Microsoft](submissions-report-messages-files-to-microsoft.md). +For other ways to submit email messages, URLs, attachments and files to Microsoft, see [Report messages and files to Microsoft](submissions-report-messages-files-to-microsoft.md). Watch this short video to learn how to use admin submissions in Microsoft Defender for Office 365 to submit messages to Microsoft for evaluation. > [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RWBLPn] Watch this short video to learn how to use admin submissions in Microsoft Defend - You open the Microsoft 365 Defender portal at <https://security.microsoft.com/>. To go directly to the Submissions page, use <https://security.microsoft.com/reportsubmission>. -- To submit messages and files to Microsoft, you need to have one of following roles: +- To submit messages, URLs, and email attachments to Microsoft, you need to have one of following roles: - Security Administrator or Security Reader in the [Microsoft 365 Defender portal](mdo-portal-permissions.md). Note that one of these roles is required to [View user reported messages](#view-user-reported-messages-to-microsoft) as described later in this article. Watch this short video to learn how to use admin submissions in Microsoft Defend - Upload the email file (.msg or .eml): Click Browse files. In the dialog that opens, find and select the .eml or .msg file, and then click Open. - - Choose a recipient who had an issue: Specify the recipient that you would like to run a policy check against. The policy check will determine if the email bypassed scanning due to user or organization policies. + - Choose a recipient who had an issue: Specify the recipients that you would like to run a policy check against. The policy check will determine if the email bypassed scanning due to user or organization policies or override. - - Select a reason for submitting to Microsoft: Verify Should not have been blocked (False positive) is selected. + - Select a reason for submitting to Microsoft: Verify Should have been blocked (False negative) is selected. - The email should have been categorized as: Select Phish, Malware, or Spam. If you're not sure, use your best judgment. - - Block all emails from this sender or domain: Select this option to create a block entry for the sender in the Tenant Allow/Block List. For more information about the Tenant Allow/Block List, see [Manage your allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md). + - Block all emails from this sender or domain: Select this option to create a block entry for the sender domain or email address in the Tenant Allow/Block List. For more information about the Tenant Allow/Block List, see [Manage your allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md). After you select this option, the following settings are available: Watch this short video to learn how to use admin submissions in Microsoft Defend - 30 days - 90 days - Never expire - - Specific date + - Specific date: The maximum value is 90 days from today. - - Block entry note: Enter optional information about why you're allowing this email. + - Block entry note: Enter optional information about why you're blocking this email. When you're finished, click Submit, and then click Done. :::image type="content" source="../../media/admin-submission-email-block.png" alt-text="Submit a false negative (bad) email to Microsoft for analysis on the Submissions page in the Defender portal." lightbox="../../media/admin-submission-email-block.png"::: -After a few moments, the block entry will appear on the Domains & addresses tab on the Tenant Allow/Block List page. For more information about the Tenant Allow/Block List, see [Manage your allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md). - -> [!NOTE] -> For messages that were incorrectly blocked by [spoof intelligence](anti-spoofing-spoof-intelligence.md), a block entry for the domain pair is not created in the Tenant Allow/Block List. +After a few moments, the block entry will appear on the Domains & addresses tab on the Tenant Allow/Block List page. For more information about the Tenant Allow/Block List, see [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md). ## Report questionable email attachments to Microsoft After a few moments, the block entry will appear on the Domains & addresses - The email should have been categorized as: Select Phish or Malware. If you're not sure, use your best judgment. - - Block this file: Select this option to create a block entry for the sender in the Tenant Allow/Block List. For more information about the Tenant Allow/Block List, see [Manage your allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md). + - Block this file: Select this option to create a block entry for the file in the Tenant Allow/Block List. For more information about the Tenant Allow/Block List, see [Manage your allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md). After you select this option, the following settings are available: After a few moments, the block entry will appear on the Domains & addresses - 30 days - 90 days - Never expire - - Specific date + - Specific date: The maximum value is 90 days from today. - - Block entry note: Enter optional information about why you're allowing this email. + - Block entry note: Enter optional information about why you're blocking this file. When you're finished, click Submit, and then click Done. :::image type="content" source="../../media/admin-submission-file-block.png" alt-text="Submit a false negative (bad) email attachment to Microsoft for analysis on the Submissions page in the Defender portal." lightbox="../../media/admin-submission-file-block.png"::: -After a few moments, the block entry will appear on the Files tab on the Tenant Allow/Block List page. For more information about the Tenant Allow/Block List, see [Manage your allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md). +After a few moments, the block entry will appear on the Files tab on the Tenant Allow/Block List page. For more information about the Tenant Allow/Block List, see [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md). ## Report questionable URLs to Microsoft After a few moments, the block entry will appear on the Files tab on the T - Select the submission type: Verify the value URL is selected. - - URL: Enter the full URL (for example, `https://www.fabrikam.com/marketing.html`), and then select it in the box that appears. + - URL: Enter the full URL (for example, `https://www.fabrikam.com/marketing.html`), and then select it in the box that appears. You can enter upto 50 URLs at once. - Select a reason for submitting to Microsoft: Verify Should have been blocked (False negative) is selected. - The email should have been categorized as: Select Phish or Malware. If you're not sure, use your best judgment. - - Block this URL: Select this option to create a block entry for the sender in the Tenant Allow/Block List. For more information about the Tenant Allow/Block List, see [Manage your allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md). + - Block this URL: Select this option to create a block entry for the URL in the Tenant Allow/Block List. For more information about the Tenant Allow/Block List, see [Manage your allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md). After you select this option, the following settings are available: After a few moments, the block entry will appear on the Files tab on the T - 30 days - 90 days - Never expire - - Specific date + - Specific date: The maximum value is 90 days from today. - - Block entry note: Enter optional information about why you're allowing this email. + - Block entry note: Enter optional information about why you're blocking this URL. When you're finished, click Submit, and then click Done. :::image type="content" source="../../media/admin-submission-url-block.png" alt-text="Submit a false negative (bad) URL to Microsoft for analysis on the Submissions page in the Defender portal." lightbox="../../media/admin-submission-url-block.png"::: -After a few moments, the block entry will appear on the URL tab on the Tenant Allow/Block List page. For more information about the Tenant Allow/Block List, see [Manage your allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md). +After a few moments, the block entry will appear on the URL tab on the Tenant Allow/Block List page. For more information about the Tenant Allow/Block List, see [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md). ## Report good email to Microsoft After a few moments, the block entry will appear on the URL tab on the Ten - Upload the email file (.msg or .eml): Click Browse files. In the dialog that opens, find and select the .eml or .msg file, and then click Open. - - Choose a recipient who had an issue: Specify the recipient that you would like to run a policy check against. The policy check will determine if the email was blocked due to user or organization policies. + - Choose a recipient who had an issue: Specify the recipient(s) that you would like to run a policy check against. The policy check will determine if the email was blocked due to user or organization policies or overrides. - Select a reason for submitting to Microsoft: Select Should not have been blocked (False positive), and then configure the following settings: After a few moments, the block entry will appear on the URL tab on the Ten For spoofed senders, this value is meaningless, because entries for spoofed senders never expire. - - Allow entry note: Enter optional information about why you're allowing this email. + - Allow entry note: EEnter optional information about why you're allowing and submitting this email message. For spoofed senders, any value you enter here is not shown in the allow entry on the Spoofed senders tab on the Tenant Allow/Block List. After a few moments, the block entry will appear on the URL tab on the Ten :::image type="content" source="../../media/admin-submission-email-allow.png" alt-text="Submit a false positive (good) email to Microsoft for analysis on the Submissions page in the Defender portal." lightbox="../../media/admin-submission-email-allow.png"::: -After a few moments, the allow entries will appear on the Domains & addresses, Spoofed senders, URL, or Files tab on the Tenant Allow/Block List page. For more information about the Tenant Allow/Block List, see [Manage your allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md). +After a few moments, the allow entries will appear on the Domains & addresses, Spoofed senders, URL, or Files tab on the Tenant Allow/Block List page. For more information about the Tenant Allow/Block List, see [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md). -> [!NOTE] +> [!IMPORTANT] > -> - When you override the verdict in the spoof intelligence insight, the spoofed sender becomes a manual allow or block entry that only appears on the Spoofed senders tab in the Tenant Allow/Block List. -> - If the sender has not already been blocked, submitting the email message to Microsoft won't create an allow entry in the Tenant Allow/Block List. -> - Allows are added during mail flow, based on which filters determined the message to be malicious. For example, if the sender and a URL in the message were determined to be bad, an allow entry is created for the sender, and an allow entry is created for the URL. -> - When that entity (domain or email address, URL, file) is encountered again, all filters associated with that entity are skipped. For an email, all other entities are still evaluated by the filtering system before making a decision. -> - For messages that were incorrectly blocked by [domain or user impersonation protection](anti-phishing-policies-about.md#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365), the allow entry for the domain or sender is not created in the Tenant Allow/Block List. Instead, the domain or sender is added to the Trusted senders and domains section in the [anti-phishing policy](anti-phishing-policies-mdo-configure.md#use-the-microsoft-365-defender-portal-to-modify-anti-phishing-policies) that detected the message. +> - Allow entries are added during mail flow based on the filters that determined the message was malicious. For example, if the sender email address and a URL in the message were determined to be bad, an allow entry is created for the sender (email address or domain) and the URL. +> - If the sender email address is not found to be malicious by our filtering system, submitting the email message to Microsoft won't create an allow entry in the Tenant Allow/Block List. +> - When an allowed domain or email address, spoofed sender, URL, or file (_entity_) is encountered again, all filters that are associated with the entity are skipped. For email messages, all other entities are still evaluated by the filtering system before making a decision. > - During mail flow, if messages from the domain or email address pass other checks in the filtering stack, the messages will be delivered. For example, if [email authentication](email-authentication-about.md) passes, a message from a sender in the allow entry will be delivered. > - By default, allow entries for domains and email addresses, files, and URLs exist for 30 days. During those 30 days, Microsoft will learn from the allow entries and [remove them or automatically extend them](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/automatic-tenant-allow-block-list-expiration-management-is-now/ba-p/3723447). By default, allow entries for spoofed senders never expire. +> - For messages that were incorrectly blocked by [domain or user impersonation protection](anti-phishing-policies-about.md#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365), the allow entry for the domain or sender is not created in the Tenant Allow/Block List. Instead, the domain or sender is added to the Trusted senders and domains section in the [anti-phishing policy](anti-phishing-policies-mdo-configure.md#use-the-microsoft-365-defender-portal-to-modify-anti-phishing-policies) that detected the message. +> - When you override the verdict in the spoof intelligence insight, the spoofed sender becomes a manual allow or block entry that only appears on the Spoofed senders tab in the Tenant Allow/Block List. ## Report good email attachments to Microsoft After a few moments, the allow entries will appear on the Domains & addresses* - 30 days - Specific date: The maximum value is 30 days from today. - - Allow entry note: Enter optional information about why you're allowing this file. + - Allow entry note: Enter optional information about why you're allowing and submitting this file. When you're finished, click Submit, and then click Done. :::image type="content" source="../../media/admin-submission-file-allow.png" alt-text="Submit a false positive (good) email attachment to Microsoft for analysis on the Submissions page in the Defender portal." lightbox="../../media/admin-submission-file-allow.png"::: -After a few moments, the allow entry will appear on the Files tab on the Tenant Allow/Block List page. For more information about the Tenant Allow/Block List, see [Manage your allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md). +After a few moments, the allow entry will appear on the Files tab on the Tenant Allow/Block List page. For more information about the Tenant Allow/Block List, see [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md). > [!NOTE] > > - By default, allow entries for domains and email addresses, files, and URLs exist for 30 days. During those 30 days, Microsoft will learn from the allow entries and [remove them or automatically extend them](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/automatic-tenant-allow-block-list-expiration-management-is-now/ba-p/3723447). By default, allow entries for spoofed senders never expire. > - When the file is encountered again during mail flow, [Safe Attachments](safe-attachments-about.md) detonation or file reputation checks and all other file-based filters are overridden. If the filtering system determines that all other entities in the email message are clean, the message will be delivered. -> - During selection, all file-based filters, including [Safe Attachments](safe-attachments-about.md) detonation or file reputation checks are overridden, allowing user access the file. +> - During selection, all file-based filters, including [Safe Attachments](safe-attachments-about.md) detonation or file reputation checks are overridden, allowing user access to the file. ## Report good URLs to Microsoft After a few moments, the allow entry will appear on the Files tab on the T - Select the submission type: Verify the value URL is selected. - - URL*: Enter the full URL (for example, `https://www.fabrikam.com/marketing.html`), and then select it in the box that appears. You can also provide a top level domain (for example, `https://www.fabrikam.com/`), and then select it in the box that appears. + - URL: Enter the full URL (for example, `https://www.fabrikam.com/marketing.html`), and then select it in the box that appears. You can also provide a top level domain (for example, `https://www.fabrikam.com/`), and then select it in the box that appears. You can enter up to 50 URL at once. - Select a reason for submitting to Microsoft: Select Should not have been blocked (False positive), and then configure the following settings: After a few moments, the allow entry will appear on the Files* tab on the T - 30 days - Specific date: The maximum value is 30 days from today. - - Allow entry note: Enter optional information about why you're allowing this URL. + - Allow entry note: Enter optional information about why you're allowing and submitting this URL. When you're finished, click Submit, and then click Done. :::image type="content" source="../../media/admin-submission-url-allow.png" alt-text="Submit a false positive (good) URL to Microsoft for analysis on the Submissions page in the Defender portal." lightbox="../../media/admin-submission-url-allow.png"::: -After a few moments, the allow entry will appear on the URL tab on the Tenant Allow/Block List page. For more information about the Tenant Allow/Block List, see [Manage your allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md). +After a few moments, the allow entry will appear on the URL tab on the Tenant Allow/Block List page. For more information about the Tenant Allow/Block List, see [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md). > [!NOTE] > > - By default, allow entries for domains and email addresses, files, and URLs exist for 30 days. During those 30 days, Microsoft will learn from the allow entries and [remove them or automatically extend them](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/automatic-tenant-allow-block-list-expiration-management-is-now/ba-p/3723447). By default, allow entries for spoofed senders never expire. > - When the URL is encountered again during mail flow, [Safe Links](safe-links-about.md) detonation or URL reputation checks and all other URL-based filters are overridden. If the filtering system determines that all other entities in the email message are clean, the message will be delivered. -> - During selection, all URL-based filters, including [Safe Links](safe-links-about.md) detonation or URL reputation checks are overridden, allowing user access to content hosted by the URL. +> - During selection, all URL-based filters, including [Safe Links](safe-links-about.md) detonation or URL reputation checks are overridden, allowing user access to content at the URL. ## View email admin submissions to Microsoft After a few moments, the allow entry will appear on the URL tab on the Ten - Recipient - Date submitted<sup>\</sup> - Reason for submitting<sup>\</sup> + - Original verdict<sup>\</sup> - Status<sup>\</sup> - Result<sup>\</sup> - - Filter verdict* - Delivery/Block reason - Submission ID - - Network Message ID/Object ID + - Network Message ID - Direction - Sender IP - Bulk compliant level (BCL) After a few moments, the allow entry will appear on the URL tab on the Ten - Submitted by - Phish simulation - Tags*<sup>\</sup> - - Allow + - Action When you're finished, click Apply. After a few moments, the allow entry will appear on the URL tab on the Ten - Network Message ID - Sender - Recipient - - Name + - Submission name - Submitted by - - Reason for submitting: The values Not junk, Phish, Malware, and Spam. - - Status: The values Pending and Completed. + - Reason for submitting: The values are Not junk, Phish, Malware, and Spam. + - Status: The values are Pending and Completed. - Tags: The default value is All or select a [user tag](user-tags-about.md) from the drop-down list. When you're finished, click Apply. To clear existing filters, click ![Clear filters icon](../../media/m365-cc-sc-clear-filters-icon.png) Clear filters in the Filter flyout. After a few moments, the allow entry will appear on the URL tab on the Ten - Policy action - Submitted by - Tags<sup>\</sup> - - Allow* + - Action When you're finished, click Apply. After a few moments, the allow entry will appear on the URL tab on the Ten - Submission ID: A GUID value that's assigned to every submission. - Attachment filename - Submitted by - - Reason for submitting - - Status + - Reason for submitting: The values are Not junk, Phish, Malware, and Spam. + - Status: The values are Pending and Completed. - Tags: The default value is All or select a [user tag](user-tags-about.md) from the drop-down list. When you're finished, click Apply. After a few moments, the allow entry will appear on the URL tab on the Ten - Policy action - Submitted by - Tags<sup>\</sup> - - Allow* + - Action When you're finished, click Apply. After a few moments, the allow entry will appear on the URL tab on the Ten - Submission ID: A GUID value that's assigned to every submission. - URL - Submitted by - - Reason for submitting - - Status + - Reason for submitting: The values Not junk, Phish, Malware, and Spam. + - Status: The values are Pending and Completed. - Tags: The default value is All or select a [user tag](user-tags-about.md) from the drop-down list. When you're finished, click Apply. To clear existing filters, click ![Clear filters icon](../../media/m365-cc-sc-clear-filters-icon.png) Clear filters in the Filter flyout. After a few moments, the allow entry will appear on the URL tab on the Ten Messages that are submitted in admin submissions are reviewed by Microsoft and results shown in the submissions detail flyout: - If there was a failure in the sender's email authentication at the time of delivery.-- Information about any policy hits that could have affected or overridden the verdict of a message. +- Information about any policies or overrides that could have affected or overridden the message verdict from filtering system. - Current detonation results to see if the URLs or files contained in the message were malicious or not. - Feedback from graders. -If an override was found, the result should be available in several minutes. If there wasn't a problem in email authentication or delivery wasn't affected by an override, then the feedback from graders could take up to a day. +If an override or policy configuration was found, the result should be available in several minutes. If there wasn't a problem in email authentication or delivery wasn't affected by an override or policy, the detonation and feedback from graders could take up to a day. ## View user reported messages to Microsoft If you've deployed the [Microsoft Report Message or Report Phishing add-ins](sub 2. On the User reported tab, the following settings are available: - Click ![Customize columns icon.](../../media/m365-cc-sc-customize-icon.png) Customize columns to select the columns that you want to view. The default values are marked with an asterisk (\): - - Email subject<sup>\</sup> + - Submission name<sup>\</sup> - Reported by<sup>\</sup> - Date reported<sup>\</sup> - Sender<sup>\</sup> If you've deployed the [Microsoft Report Message or Report Phishing add-ins](sub - To filter the entries, click ![Filter icon.](../../media/m365-cc-sc-filter-icon.png) Filter. The following values are available in the Filter flyout that appears: - Date reported: Start date and End date. - Reported by - - Email subject + - Name - Message reported ID - Network Message ID - Sender - - Reported reason: The values Not junk, Phish, or Spam. - - Reported from: The values Microsoft add-in or Third party add-in. - - Phish simulation: The values Yes or No. - - Converted to admin submission: The values Yes or No. + - Reported reason: The values are Not junk, Phish, or Spam. + - Reported from: The values are Microsoft or Third party. + - Phish simulation: The values are Yes or No. + - Converted to admin submission: The values are Yes or No. - Tags: The default value is All or select a [user tag](user-tags-about.md) from the drop-down list. When you're finished, click Apply. To clear existing filters, click ![Clear filters icon](../../media/m365-cc-sc-clear-filters-icon.png) Clear filters in the Filter flyout. If you've deployed the [Microsoft Report Message or Report Phishing add-ins](sub - To export the entries, click ![Export icon.](../../media/m365-cc-sc-download-icon.png) Export. In the dialog that appears, save the .csv file. - - To notify users, see [Admin Review for Reported messages](admin-review-reported-message.md) + - To notify users, see [Admin Review for Reported messages](submissions-admin-review-user-reported-messages.md) > [!NOTE] -> User reported messages that are sent only to the [reporting mailbox](submissions-user-reported-messages-files-custom-mailbox.md) (not to Microsoft) appear on the User reported tab on the Submissions page, but the Result value for those entries is always blank (because the messages aren't rescanned). +> User reported messages that are sent only to the [reporting mailbox](submissions-user-reported-messages-custom-mailbox.md) (not to Microsoft) appear on the User reported tab on the Submissions page, but the Result value for those entries is Not Submitted to Microsoft (because these messages aren't analyzed by Microsoft). ## Undo user reported messages -Once a user reports a suspicious message that's delivered to the reporting mailbox, the user and admins can't undo the reported message. The user can recover the messages from their Deleted Items or Junk Email folders. +Once a user reports a suspicious message that's delivered to the reporting mailbox, to Microsoft, or both, the user or admins can't undo the reported message. The user can recover the messages from their Deleted Items or Junk Email folders. ## Convert user reported messages in the reporting mailbox into admin submissions If the message is reported to Microsoft, the Converted to admin submission v ## View associated alert for user and admin email submissions -> [!IMPORTANT] +> [!NOTE] > The information in this section applies only to Defender for Office 365 Plan 2 or higher. -> -> Currently, user reported messages generate alerts only for messages that are reported as phishing. -For each user reported phishing message and admin email submission, a corresponding alert is generated. +For each user reported message and admin email submission, a corresponding alert is generated. To view the corresponding alert for a user reported phishing message, go to the User reported tab at <https://security.microsoft.com/reportsubmission?viewid=user>, and then double-click the message to open the submission flyout. Click ![More options icon.](../../media/m365-cc-sc-more-actions-icon.png) More options and then select View alert.
security	Submissions Outlook Report Messages	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/submissions-outlook-report-messages.md	ms.localizationpriority: medium - m365-security - tier1 -description: Learn how to report false positives and false negatives in Outlook using the Report Message feature. +description: Learn how to report false positives and false negatives in Outlook using the built-in Report button or the Report Message and Report Phishing add-ins. search.appverid: met150 Last updated 12/05/2022 In Microsoft 365 organizations with mailboxes in Exchange Online or in on-premises mailboxes that use hybrid modern authentication, users can report false positives (good email that was blocked or sent to their Junk Email folder) and false negatives (unwanted email or phishing that was delivered to their Inbox) from Outlook on all platforms using free tools from Microsoft. -Admins configure user reported messages to go to a designated reporting mailbox, to Microsoft, or both. For more information, see [User reported message settings](submissions-user-reported-messages-files-custom-mailbox.md). +Admins configure user reported messages to go to a designated reporting mailbox, to Microsoft, or both. For more information, see [User reported settings](submissions-user-reported-messages-custom-mailbox.md). Microsoft provides the following tools for users to report good and bad messages: Microsoft provides the following tools for users to report good and bad messages For more information about reporting messages to Microsoft, see [Report messages and files to Microsoft](submissions-report-messages-files-to-microsoft.md). > [!NOTE] -> Admins in Microsoft 365 organizations with Exchange Online mailboxes use the Submissions page in the Microsoft 365 Defender portal to submit messages to Microsoft. For instructions, see [Use the Submissions portal to submit suspected spam, phish, URLs, and files to Microsoft](submissions-admin.md). +> Admins in Microsoft 365 organizations with Exchange Online mailboxes use the Submissions page in the Microsoft 365 Defender portal to submit messages to Microsoft. For instructions, see [Use the Submissions page to submit suspected spam, phish, URLs, and files to Microsoft](submissions-admin.md). > > Admins can view reported messages on the Submissions page at <https://security.microsoft.com/reportsubmission> only if both of the following settings are configured on the User reported page at <https://security.microsoft.com/securitysettings/userSubmission>: > For more information about reporting messages to Microsoft, see [Report messages > > If the toggle is Off ![Toggle off.](../../media/scc-toggle-off.png) or if Use a non-Microsoft add-in button is selected, then the Report button is not available in Outlook on the web. > -> - Currently, the Report button in Outlook on the web does not honor the Before a message is reported and After a message is reported settings (notification pop-ups) in the [user reported message settings](submissions-user-reported-messages-files-custom-mailbox.md). +> - Currently, the Report button in Outlook on the web does not honor the Before a message is reported and After a message is reported settings (notification pop-ups) in the [User reported settings](submissions-user-reported-messages-custom-mailbox.md). ### Use the built-in Report button in Outlook on the web to report junk and phishing messages -- You can report junk messages from the Inbox or any email folder other than Junk Email.-- You can report phishing messages from any email folder. +- You can report a message as junk from the Inbox or any email folder other than Junk Email folder. +- You can report a message as phishing from any email folder. In Outlook on the web, select one or more messages, click Report, and then select Report phishing or Report junk in the dropdown list. > [!div class="mx-imgBorder"] > :::image type="content" source="../../media/owa-report-junk-phishing.png" alt-text="The results of clicking the Report button after selecting multiple messages in Outlook on the web." lightbox="../../media/owa-report-junk-phishing.png"::: -Based on the [user reported message settings](submissions-user-reported-messages-files-custom-mailbox.md) in your organization, the messages are sent to the reporting mailbox, to Microsoft, or both. The following actions are also taken on the reported messages in the mailbox: +Based on the [User reported settings](submissions-user-reported-messages-custom-mailbox.md) in your organization, the messages are sent to the reporting mailbox, to Microsoft, or both. The following actions are also taken on the reported messages in the mailbox: - Reported as junk: The messages are moved to the Junk Email folder. - Reported as phishing: The messages are deleted. In Outlook on the web, select one or more messages in the Junk Email folder, cli > [!div class="mx-imgBorder"] > :::image type="content" source="../../media/owa-report-as-not-junk.png" alt-text="The results of clicking the Report button after selecting multiple messages in the Junk Email folder in Outlook on the web." lightbox="../../media/owa-report-as-not-junk.png"::: -Based on the [user reported message settings](submissions-user-reported-messages-files-custom-mailbox.md) in your organization, the messages are sent to the reporting mailbox, to Microsoft, or both. The messages are also moved out of Junk Email to the Inbox or another specified folder. +Based on the [User reported settings](submissions-user-reported-messages-custom-mailbox.md) in your organization, the messages are sent to the reporting mailbox, to Microsoft, or both. The messages are also moved out of Junk Email to the Inbox. ## Use the Report Message and Report Phishing add-ins in Outlook Based on the [user reported message settings](submissions-user-reported-messages ### Use the Report Message add-in to report junk and phishing messages in Outlook -- You can report junk messages from the Inbox or any email folder other than Junk Email.-- You can report phishing messages from any email folder. +- You can report a message as junk from the Inbox or any email folder other than the Junk Email folder. +- You can report a message as phishing from any email folder. 1. In Outlook, do one of the following steps: - Select an email message from the list. Based on the [user reported message settings](submissions-user-reported-messages > [!div class="mx-imgBorder"] > :::image type="content" source="../../media/OutlookReportMessage-simplified-expanded.png" alt-text="Select a message and then click the Report Message button in the Simplified Ribbon in Outlook." lightbox="../../media/OutlookReportMessage-simplified-expanded.png"::: -Based on the [user reported message settings](submissions-user-reported-messages-files-custom-mailbox.md) in your organization, the messages are sent to the reporting mailbox, to Microsoft, or both. The following actions are also taken on the reported messages in the mailbox: +Based on the [User reported settings](submissions-user-reported-messages-custom-mailbox.md) in your organization, the messages are sent to the reporting mailbox, to Microsoft, or both. The following actions are also taken on the reported messages in the mailbox: - Reported as junk: The messages are moved to the Junk Email folder. - Reported as phishing: The messages are deleted. Based on the [user reported message settings](submissions-user-reported-messages > [!div class="mx-imgBorder"] > :::image type="content" source="../../media/OutlookReportMessage-simplified-expanded.png" alt-text="Select a message in the Junk Email folder, and then click the Report Message button in the Simplified Ribbon in Outlook." lightbox="../../media/OutlookReportMessage-simplified-expanded.png"::: -Based on the [user reported message settings](submissions-user-reported-messages-files-custom-mailbox.md) in your organization, the messages are sent to the reporting mailbox, to Microsoft, or both. The messages are also moved out of Junk Email to the Inbox or another specified folder. +Based on the [User reported settings](submissions-user-reported-messages-custom-mailbox.md) in your organization, the messages are sent to the reporting mailbox, to Microsoft, or both. The messages are also moved out of Junk Email to the Inbox. ### Use the Report Phishing add-in to report phishing messages in Outlook You can report phishing messages from any email folder. > [!div class="mx-imgBorder"] > :::image type="content" source="../../media/Outlook-ReportPhishing-simplified.png" alt-text="Select a message and then click the Report Phishing button in the Simplified Ribbon in Outlook." lightbox="../../media/Outlook-ReportPhishing-simplified.png"::: +Based on the [User reported settings](submissions-user-reported-messages-custom-mailbox.md) in your organization, the messages are sent to the reporting mailbox, to Microsoft, or both. The messages are also deleted. + ## Review reported messages To review messages that users have reported to Microsoft, admins have these options:
security	Submissions Report Messages Files To Microsoft	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/submissions-report-messages-files-to-microsoft.md	- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md) - [Microsoft 365 Defender](../defender/microsoft-365-defender.md) -Wondering what to do with suspicious emails or files? In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, users and admins have different ways to report a suspicious email message, URL, or email attachment to Microsoft. +Wondering what to do with suspicious email messages, URLs, email attachments, or files? In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, users and admins have different ways to report suspicious email messages, URLs, and email attachments to Microsoft. In addition, admins in Microsoft 365 organizations with Microsoft Defender for Endpoint also have several methods for reporting files. Watch this video that shows more information about the unified submissions exper ## Report suspicious email messages to Microsoft -> [!NOTE] -> When you report an email entity to Microsoft, everything associated with the email is copied to include it in the continual algorithm reviews. This copy includes the email content, email headers, and related data about email routing. Any message attachments are also included. +> [!IMPORTANT] +> +> When you report an email entity to Microsoft, everything associated with the message is copied to include then in the continual algorithm reviews. This copy includes the email content, email headers, any attachments, and related data about email routing. > > Microsoft treats your feedback as your organization's permission to analyze all the information to fine tune the message hygiene algorithms. Your message is held in secured and audited data centers in the USA. The submission is deleted as soon as it's no longer required. Microsoft personnel might read your submitted messages and attachments, which is normally not permitted for email in Microsoft 365. However, your email is still treated as confidential between you and Microsoft, and your email or attachments isn't shared with any other party as part of the review process. Watch this video that shows more information about the unified submissions exper \|\|\|\| \|[The built-in Report button](submissions-outlook-report-messages.md#use-the-built-in-report-button-in-outlook-on-the-web)\|User\|Currently, this method is available only in Outlook on the web (formerly known as Outlook Web App or OWA).\| \|[The Microsoft Report Message and Report Phishing add-ins](submissions-outlook-report-messages.md#use-the-report-message-and-report-phishing-add-ins-in-outlook)\|User\|These free add-ins work in Outlook on all available platforms. For installation instructions, see [Enable the Report Message or the Report Phishing add-ins](submissions-users-report-message-add-in-configure.md).\| -\|[The Submissions page in the Microsoft 365 Defender portal](submissions-admin.md)\|Admin\|Admins use this method to submit good (false positive) and bad (false negative) entities including user-reported messages to Microsoft for further analysis. Tabs include Email, Email attachments, URLs, and Files. Note that Files is only available to users with Microsoft Defender for Endpoint P2 license, Microsoft Defender for Office P2 license, and Microsoft 365 Defender E5 license.. The Submissions page is available to organizations who have Exchange Online mailboxes as part of a Microsoft 365 subscription (not available in standalone EOP).\| +\|[The Submissions page in the Microsoft 365 Defender portal](submissions-admin.md)\|Admin\|Admins use this method to submit good (false positive) and bad (false negative) entities including user-reported messages to Microsoft for further analysis. Tabs include Email, Email attachments, URLs, and Files. Note that Files is only available to users with Microsoft Defender for Endpoint P2 license, and Microsoft 365 Defender E5 license.. The Submissions page is available to organizations who have Exchange Online mailboxes as part of a Microsoft 365 subscription (not available in standalone EOP).\| -[User reported message settings](submissions-user-reported-messages-files-custom-mailbox.md) allow admins to configure whether user reported messages go to a specified reporting mailbox, to Microsoft, or both. Depending on your subscription, user reported messages are available in the following locations in the Microsoft 365 Defender portal: +[User reported settings](submissions-user-reported-messages-custom-mailbox.md) allow admins to configure whether user reported messages go to a specified reporting mailbox, to Microsoft, or both. Depending on your subscription, user reported messages are available in the following locations in the Microsoft 365 Defender portal: - [The Submissions page](submissions-admin.md) - [Automated investigation and response (AIR) results](air-view-investigation-results.md) Watch this video that shows more information about the unified submissions exper Admins can use mail flow rules (also known as transport rules) to notify specified email address when users report messages to Microsoft for analysis. For more information, see [Use mail flow rules to see what users are reporting to Microsoft](/exchange/security-and-compliance/mail-flow-rules/use-rules-to-see-what-users-are-reporting-to-microsoft). -Admins can also submit email attachments and other suspected files to Microsoft for analysis using the sample submission portal at <https://www.microsoft.com/wdsi/filesubmission>. For more information, see [Submit files for analysis](../intelligence/submission-guide.md). +Admins can also submit other suspected files to Microsoft for analysis using the sample submission portal at <https://www.microsoft.com/wdsi/filesubmission>. For more information, see [Submit files for analysis](../intelligence/submission-guide.md). > [!TIP] -> Information is blocked from going outside the organization when data isn't supposed to leave the tenant boundary for compliance purposes (for example, in U.S. Government organizations: Microsoft 365 GCC, GCC High, and DoD). Reporting a message or file to Microsoft from one of these organizations will have the following message in the result details: +> Information is blocked from going outside the organization when data isn't supposed to leave the tenant boundary for compliance purposes (for example, in U.S. Government organizations: Microsoft 365 GCC, GCC High, and DoD). Reporting a message or URL or email attachment to Microsoft from one of these organizations will have the following message in the result details: > > Further investigation needed. Your tenant doesn't allow data to leave the environment, so nothing was found during the initial scan. You'll need to contact Microsoft support to have this item reviewed.
security	Submissions Submit Files To Microsoft	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/submissions-submit-files-to-microsoft.md	Last updated 12/05/2022 - [Microsoft 365 Defender](../defender/microsoft-365-defender.md) > [!NOTE] -> If you're an admin in an organization with Exchange Online mailboxes, we recommend that you use the Submissions page in the Microsoft 365 Defender portal. For more information, see [Use the Submissions portal to submit suspected spam, phish, URLs, legitimate email getting blocked, and email attachments to Microsoft](submissions-admin.md). +> If you're an admin in an organization with Exchange Online mailboxes, we recommend that you use the Submissions page in the Microsoft 365 Defender portal. For more information, see [Use the Submissions page to submit suspected spam, phish, URLs, legitimate email getting blocked, and email attachments to Microsoft](submissions-admin.md). In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, EOP includes anti-malware protection that's automatically enabled. For more information, see [Anti-malware protection in EOP](anti-malware-protection-about.md). But what can you do if you receive a message with a suspicious attachment or hav - Messages with attachments that contain scripts or other malicious executables are considered malware, and you can use the procedures in this article to report them. -- Messages with links to malicious sites are considered spam. For more information about reporting spam and non-spam, see [Report messages and files to Microsoft](submissions-report-messages-files-to-microsoft.md). +- Messages with links to malicious sites are considered spam. For more information about reporting spam and non-spam messages, see [Report messages and files to Microsoft](submissions-report-messages-files-to-microsoft.md). - Files that block you from your accessing your system and demand money to open them are considered ransomware. ## Submit malware files to Microsoft -Organizations that have a Microsoft 365 Defender subscription, Microsoft 365 Defender for Endpoint Plan 2, or Microsoft 365 Defender for Office Plan 2 can submit files using the Submissions page in the Microsoft 365 Defender portal. For more information, see [Use admin submission for submitting files in Microsoft Defender for Endpoint](../defender-endpoint/admin-submissions-mde.md). +Organizations that have a Microsoft 365 Defender subscription, or Microsoft 365 Defender for Endpoint Plan 2 can submit files using the Submissions page in the Microsoft 365 Defender portal. For more information, see [Use admin submission for submitting files in Microsoft Defender for Endpoint](../defender-endpoint/admin-submissions-mde.md). Or, you can go to the Microsoft Security Intelligence page at <https://www.microsoft.com/wdsi/filesubmission> to submit the file. To receive analysis updates, sign in or enter a valid email address. We recommend using your Microsoft work or school account. If you continue receiving infected messages or attachments, then you should copy ## Submit non-malware files to Microsoft -Organizations that have a Microsoft 365 Defender Subscription, Microsoft 365 Defender for Endpoint Plan 2, or Microsoft 365 Defender for Office Plan 2 can submit files using the Submissions page in the Microsoft 365 Defender portal. For more information, see [Use admin submission for submitting files in Microsoft Defender for Endpoint](../defender-endpoint/admin-submissions-mde.md). +Organizations that have a Microsoft 365 Defender Subscription or Microsoft 365 Defender for Endpoint Plan 2 can submit files using the Submissions page in the Microsoft 365 Defender portal. For more information, see [Use admin submission for submitting files in Microsoft Defender for Endpoint](../defender-endpoint/admin-submissions-mde.md). Or, you can go to the Microsoft Security Intelligence page at <https://www.microsoft.com/wdsi/filesubmission> to submit the file. To receive analysis updates, sign in or enter a valid email address. We recommend using your Microsoft work or school account.
security	Submissions User Reported Messages Custom Mailbox	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/submissions-user-reported-messages-custom-mailbox.md	+ + Title: User reported settings +f1.keywords: + - NOCSH +++ +audience: ITPro + +ms.localizationpriority: medium +search.appverid: + - MET150 + + - m365-security + - tier1 + +description: "Admins can configure where user reported messages go for analysis: to an internal reporting mailbox, to Microsoft, or both. Other settings complete the reporting experience for users when they report good messages, spam, or phishing messages from Outlook." ++ Last updated : 12/05/2022++ +# User reported settings ++ +Applies to +- [Exchange Online Protection](eop-about.md) +- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md) +- [Microsoft 365 Defender](../defender/microsoft-365-defender.md) + +In Microsoft 365 organizations with Exchange Online mailboxes, you can identify a _reporting mailbox_ (formerly known as a _custom mailbox_ or _submissions mailbox_) to hold messages that users report as malicious or not malicious using supported reporting tools in Outlook. For Microsoft reporting tools, you can decide whether to send user reported messages to the reporting mailbox, to Microsoft, or to the reporting mailbox and Microsoft. These selections were formerly part of the _User submissions policy_ or _User submissions_. + +User reported settings and the reporting mailbox work with the following message reporting tools: + +- [The built-in Report button in Outlook on the web](submissions-outlook-report-messages.md#use-the-built-in-report-button-in-outlook-on-the-web) +- [The Microsoft Report Message or Report Phishing add-ins](submissions-users-report-message-add-in-configure.md) +- [Third-party reporting tools](#options-for-third-party-reporting-tools) + +Delivering user reported messages to a reporting mailbox instead of directly to Microsoft allows admins to selectively and manually submit messages to Microsoft from the Emails tab on the Submissions page at <https://security.microsoft.com/reportsubmission?viewid=email>. For more information, see [Admin submission](submissions-admin.md). + +> [!NOTE] +> The _ReportJunkEmailEnabled_ parameter on the [Set-OwaMailboxPolicy](/powershell/module/exchange/set-owamailboxpolicy) cmdlet no longer controls whether user message reporting is enabled or disabled. User reporting of messages is now controlled on the User reported page at <https://security.microsoft.com/securitysettings/userSubmission> as described in this article. + +## Configuration requirements for the reporting mailbox + +Before you get started, you need to configure Exchange Online Protection and Defender for Office 365 so user reported messages are delivered to the reporting mailbox without being filtered as described in the following steps: + +- Identify the reporting mailbox as a SecOps mailbox. For instructions, see [Use the Microsoft 365 Defender portal to configure SecOps mailboxes in the advanced delivery policy](skip-filtering-phishing-simulations-sec-ops-mailboxes.md#use-the-microsoft-365-defender-portal-to-configure-secops-mailboxes-in-the-advanced-delivery-policy). + +- Create a custom anti-malware policy for the reporting mailbox with the following settings: + + - Turn off Zero-hour auto purge (ZAP) for malware (Protection settings section \> Enable zero-hour auto purge for malware is not selected or `-ZapEnabled $false` in PowerShell). + + - Turn off common attachments filtering (Protection settings section \> Enable the common attachments filter is not selected or `-EnableFileFilter $false` in PowerShell). + + For instructions, see [Create an anti-malware policy](anti-malware-policies-configure.md#use-the-microsoft-365-defender-portal-to-create-anti-malware-policies). + +- Verify that the reporting mailbox is not included in the Standard or Strict preset security policies. For instructions, see [Preset security policies](preset-security-policies.md). + +- Defender for Office 365: Configure the following additional settings: + + - Exclude the reporting mailbox from the Built-in protection preset security policy. For instructions, see [Preset security policies](preset-security-policies.md). + + - Create a Safe Attachments policy for the mailbox where Safe Attachments scanning, including Dynamic Delivery, is turned off (Settings \> Safe Attachments unknown malware response section \> Off or `-Enable $false` in PowerShell). For instructions, see [Set up Safe Attachments policies in Microsoft Defender for Office 365](safe-attachments-policies-configure.md). + + - Create a Safe Links policy for the reporting mailbox where Safe Links scanning in email is turned off (URL & click protection settings \> On: Safe Links checks a list of known, malicious links when users click links in email is not selected or `EnableSafeLinksForEmail $false` in PowerShell). For instructions, see [Set up Safe Links policies in Microsoft Defender for Office 365](safe-links-policies-configure.md). + +- If you have data loss prevention (DLP), exclude the reporting mailbox from DLP. For instructions, see [Creating exceptions in DLP](/microsoft-365/compliance/dlp-conditions-and-exceptions). + +After you've verified that the reporting mailbox meets all of these requirements, use the rest of the instructions in this article to identify the reporting mailbox and to configure related settings. + +## What do you need to know before you begin? + +- You open the Microsoft 365 Defender portal at <https://security.microsoft.com>. To go directly to the User reported page, use <https://security.microsoft.com/securitysettings/userSubmission>. + +- To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell). + +- To modify the user reported settings, you need to be a member of one of the following role groups: + + - Organization Management or Security Administrator in the [Permissions in the Microsoft 365 Defender portal](mdo-portal-permissions.md). + +- You need access to Exchange Online PowerShell. If the account that you're trying to use doesn't have access to Exchange Online PowerShell, you'll receive an error that looks like this when specifying the submissions mailbox: + + > Specify an email address in your domain + + For more information about enabling or disabling access to Exchange Online PowerShell, see the following topics: + + - [Enable or disable access to Exchange Online PowerShell](/powershell/exchange/disable-access-to-exchange-online-powershell) + - [Client Access Rules in Exchange Online](/exchange/clients-and-mobile-in-exchange-online/client-access-rules/client-access-rules) + +## Use the Microsoft 365 Defender portal to configure user reported settings + +1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to Settings \> Email & collaboration \> User reported tab. To go directly to the User reported page, use <https://security.microsoft.com/securitysettings/userSubmission>. + +2. On the User reported page, what you see and can configure is determined entirely by the toggle at the top of the page: + + - On :::image type="icon" source="../../media/scc-toggle-on.png":::: The following configurations are supported: + - Users in your organization can see and use the built-in Report button in Outlook on the web or the Microsoft Report Message or Report Phishing add-ins in virtually all Outlook platforms to report messages. + - You can configure user reported messages to go to the reporting mailbox, to Microsoft, or both. + - You decide whether users receive Before a message is reported and After a message is reported pop-ups in Outlook. + - You decide how to customize the feedback email that's sent to users from Mark and notify on the Submissions page at <https://security.microsoft.com/reportsubmission>. + - You decide whether users can report messages from quarantine. + + You choose this configuration by selecting Use the built-in "Report" button with "Phishing", "Junk", and "Not Junk options in the Outlook report button configuration section. The available configuration options from this selection are explained in the [Options for Microsoft reporting tools](#options-for-microsoft-reporting-tools) section in this article. + + - Users in your organization use a third-party, non-Microsoft add-in to report messages. + - You decide whether Microsoft can read end user report from the third-party reporting mailbox. + - You decide whether users can report messages from quarantine to third-party reporting mailbox. + + You choose this configuration by selecting Use a non-Microsoft add-in button in the Outlook report button configuration section. The available configuration options from this selection are explained in the [Options for third-party reporting tools](#options-for-third-party-reporting-tools) section in this article. + + - Off :::image type="icon" source="../../media/scc-toggle-off.png":::: The Microsoft-integrated reporting experience is turned off, and all other settings on the User reported page are unavailable, including the ability for users to report messages from quarantine. + +### Options for Microsoft reporting tools + +When the toggle is On :::image type="icon" source="../../media/scc-toggle-on.png"::: and you've selected Use the built-in "Report" button with "Phishing", "Junk", and "Not Junk options, the following options are available on the User reported page: + +- Send the reported messages to in the Reported message destinations section: Select one of the following options: + + - Microsoft only: User reported messages go directly to Microsoft for analysis. Only metadata from the user reported messages (for example, senders, recipients, reported by, and message details) is available on the User reported tab on the Submissions page at <https://security.microsoft.com/reportsubmission?viewid=user>. + + - My reporting mailbox only: User reported messages go only to the specified reporting mailbox for an admin or the security operations team to analyze. + + In the Add a mailbox to send reported messages to box that appears, enter the email address of an existing Exchange Online mailbox to use as the reporting mailbox that holds user reported messages from Microsoft reporting tools. Distribution groups and routing to an external or on-premises mailbox are not allowed. + + Messages don't go to Microsoft for analysis unless an admin manually submits the message from the Emails tab on the Submissions page at <https://security.microsoft.com/reportsubmission?viewid=email>. + + - Microsoft and my reporting mailbox: User reported messages go to Microsoft for analysis and to the reporting mailbox for an admin or security operations team to analyze. + + In the Add a mailbox to send reported messages to box that appears, enter the email address of an existing Exchange Online mailbox to use as the reporting mailbox. Distribution groups and routing to external or on-premises mailboxes is not allowed. + + > [!IMPORTANT] + > + > - If you select My reporting mailbox only, the Result value of messages entries on the User reported tab on the Submissions page at <https://security.microsoft.com/reportsubmission?viewid=user> will be Not Submitted to Microsoft, because the messages were not analyzed by Microsoft. + > - In U.S. Government organizations (Microsoft 365 GCC, GCC High, and DoD), the only available selection in the Send the reported messages to section is My reporting mailbox only. The other two options are grayed out due to compliance reasons. + > + > - If you use [Attack simulation training](attack-simulation-training-get-started.md) or a third-party product to do phishing simulations, and you're sending user reported messages to a reporting mailbox, you need to configure the reporting mailbox as a SecOps mailbox as described in the [Configuration requirements for the reporting mailbox](#configuration-requirements-for-the-reporting-mailbox) section earlier in this article. If you don't, a user reported message might trigger a training assignment by the phishing simulation product. + +The following settings are also available on the page: + +- Show a pop-up message in Outlook to confirm it the user want's to report the message in the Before a message is reported section: This setting controls whether users see a pop-up before they report a message. + + If this setting is selected, click Customize before message to enter the Title and Message text in the Customize text before message is reported flyout that opens. Use the variable `%type%` to include the submission type (junk, not junk, phishing, etc.). + + When you're finished, click Confirm to return to the User reported page. + +- Show a success pop-up message in Outlook after the user reports in the After a message is reported section: This setting controls whether users see a pop-up after they report a message. + + If this setting is selected, click Customize after message to enter the Title and Message text in the Customize text after message is reported flyout that opens. Use the variable `%type%` to include the submission type (junk, not junk, phishing, etc.). + + When you're finished, click Confirm to return to th User reported page. + + > [!IMPORTANT] + > Currently, users who report messages from Outlook on the web using the built-in Report button don't get these before or after pop-up messages. The pop-ups work for users who report messages using the Microsoft Report Message and Report Phishing add-ins. + +- Email sent to user after admin review section: The following settings are available: + + - Specify an Office 365 mailbox to send email notifications from: Select this option and enter the sender's email address in the box that appears. + - Replace the Microsoft logo with my company logo: Select this option to replace the default Microsoft logo that's used in notifications. Before you do this step, you need to follow the instructions in [Customize the Microsoft 365 theme for your organization](../../admin/setup/customize-your-organization-theme.md) to upload your custom logo. This option is not supported if your organization has a custom logo pointing to a URL instead of an uploaded image file. + - Customize email notification messages: Click this link to customize the email notification that's sent after an admin reviews and marks a reported message. In the Customize admin review email notifications flyout that appears, configure the following settings on the Phishing, Junk and No threats found tabs: + - Email body results text: Enter the custom text to use. You can use different text for Phishing, Junk and No threats found. + - Email footer text: Enter the custom message footer text to use. The same text is used for Phishing, Junk and No threats found. + + When you're finished, click Confirm to return to the User reported page. + +When you're finished on the User reported page, click Save. To restore all settings on the page to their immediately previous values, click Restore. + +### Options for third-party reporting tools + +When the toggle is On :::image type="icon" source="../../media/scc-toggle-on.png"::: and you've selected Use a non-Microsoft add-in button, the following options are available on the User reported page: + +- Add a mailbox to send reported messages to in the Reported message destinations section: Enter the email address of an existing Exchange Online mailbox to use as the reporting mailbox that holds user-reported messages from third-party reporting tools. These messages are not submitted to Microsoft. + + These user-reported messages appear on the User reported tab of the Submissions page at <https://security.microsoft.com/reportsubmission?viewid=user>. The Result value for these entries is Not Submitted to Microsoft. + + Messages sent to the reporting mailbox must include the original user reported message as an uncompressed .EML or .MSG attachment. Don't forward the original user-reported message to the reporting mailbox. + + > [!CAUTION] + > Messages that contain multiple attached messages will be discarded. We support only one attached original message in a user reported message. + + The message formatting requirements are described in the next section. This formatting is optional, but if user reported messages don't follow the prescribed format, they're always identified as phishing. + + Let your organization report messages from quarantine in the Report from quarantine section: Verify that this setting is selected to let users report messages from quarantine. Otherwise, uncheck this setting. + +When you're finished on the User reported page, click Save. To restore all settings on the page to their immediately previous values, click Restore. + +#### Message submission format + +To correctly identify the original attached messages, messages sent to the custom mailbox require specific formatting. If the messages don't use this format, the original attached messages are always identified as phishing. + +To specify the reason why the original, attached messages were reported, messages sent to the reporting mailbox must meet the following criteria: + +- The user reported message is unmodified and is included as an attachment. +- The user reported message should contain the following required headers: + - 1. X-Microsoft-Antispam-Message-Info + - 2. Message-Id + - 3. X-Ms-Exchange-Organization-Network-Message-Id + - 4. X-Ms-Exchange-Crosstenant-Id + + > [!NOTE] + > TenantId in `X-Ms-Exchange-Crosstenant-Id` should be the same as the tenant. + > + > `X-Microsoft-Antispam-Message-Info` should be a valid xmi. + +- The Subject line (Envelope Title) of messages sent to the reporting mailbox must start with one of the following prefix values: + - `1\|` or `Junk:`. + - `2\|` or `Not junk:`. + - `3\|` or `Phishing:`. + + For example: + + - `3\|This text in the Subject line is ignored by the system` + - `Not Junk:This text in the Subject line is also ignored by the system` + + Messages that don't follow this format will not display properly on the Submissions page at <https://security.microsoft.com/reportsubmission>. + +## Use Exchange Online PowerShell to configure the reported message settings + +After you [connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), you use the *\-ReportSubmissionPolicy and \-ReportSubmissionRule* cmdlets to manage and configure the user reported settings. + +In Exchange Online PowerShell, the basic elements of the user reported settings are: + +- The report submission policy: Turns the Microsoft integrated reporting experience on or off, turns sending reported messages to Microsoft on or off, turns sending reported messages to the reporting mailbox on or off, and most other settings. +- The report submission rule: Specifies the email address of the reporting mailbox or a blank value when the reporting mailbox isn't used (report messages to Microsoft only). + +The difference between these two elements isn't obvious when you manage the user reported settings in the Microsoft 365 Defender portal: + +- There's only one report submission policy named DefaultReportSubmissionPolicy and one report submission rule named DefaultReportSubmissionRule by default. + + If you've never gone to <https://security.microsoft.com/securitysettings/userSubmission>, there's no report submission policy or report submission rule (the Get-ReportSubmissionPolicy and Get-ReportSubmissionRule cmdlets return nothing). + + As soon as you visit <https://security.microsoft.com/securitysettings/userSubmission> and even before you configure any settings, the report submission policy is created with the default values and is visible in PowerShell. + + Only after you specify a reporting mailbox (used by Microsoft or third-party reporting tools) and save the changes is the report submission rule named DefaultReportSubmissionRule automatically created. It takes several seconds before the rule is visible in PowerShell. + +- You can delete the report submission rule and recreate it with a different name, but the rule is always associated with the report submission policy whose name you can't change. So, we recommend that you name the rule DefaultReportSubmissionRule whenever you create or recreate the rule. + +- When you specify the email address of the reporting mailbox in the Microsoft 365 Defender portal, that value is primarily set in the report submission rule, but the value is also copied into the related properties in the report submission policy. In PowerShell, when you set the email address in the rule, the value isn't copied into the related properties in the policy. For consistency with the Microsoft 365 Defender portal and for clarity, we recommend that you add or update the email address in the policy and the rule. + +### Use PowerShell to view the report submission policy and the report submission rule + +To view the report submission policy, run the following command in Exchange Online PowerShell: + +```powershell +Get-ReportSubmissionPolicy +``` + +To view the report submission rule, run the following command: + +```powershell +Get-ReportSubmissionRule +``` + +To view both the policy and the rule at the same time, run the following commands: + +```powershell +Write-Output -InputObject `r`n,"Report Submission Policy",("-"79); Get-ReportSubmissionPolicy; Write-Output -InputObject `r`n,"Report Submission Rule",("-"79); Get-ReportSubmissionRule +``` + +Remember, if you've never gone to <https://security.microsoft.com/securitysettings/userSubmission> or manually created the report submission policy or the report submission rule in PowerShell, there is no report submission policy or report submission rule, so the Get-ReportSubmissionPolicy and Get-ReportSubmissionRule cmdlets return nothing. + +For detailed syntax and parameter information, see [Get-ReportSubmissionPolicy](/powershell/module/exchange/get-reportsubmissionpolicy) and [Get-ReportSubmissionRule](/powershell/module/exchange/get-reportsubmissionrule). + +### Use PowerShell to create the report submission policy and the report submission rule + +If the Get-ReportSubmissionPolicy and Get-ReportSubmissionRule cmdlets return no output, you can create the report submission policy and the report submission rule. If you try to create them after they already exist, you'll get an error. + +Always create the report submission policy first, because you specify the report submission policy in the report submission rule. + +For detailed syntax and parameter information, see [New-ReportSubmissionPolicy](/powershell/module/exchange/new-reportsubmissionpolicy) and [New-ReportSubmissionRule](/powershell/module/exchange/new-reportsubmissionrule). + +#### Use PowerShell to configure the Microsoft integrated reporting experience with report messages to Microsoft only + +This example creates the report submission policy with the default settings (the same settings as when you first visit <https://security.microsoft.com/securitysettings/userSubmission>, but before you save any setting changes): + +- The Microsoft integrated reporting experience is turned on: toggle On :::image type="icon" source="../../media/scc-toggle-on.png"::: and Use the built-in "Report" button with "Phishing", "Junk", and "Not Junk options is selected (`-EnableReportToMicrosoft $true -EnableThirdPartyAddress $false` are the default values). + +- Reported message destinations section: Send messages to \> Microsoft only is selected (`-ReportJunkToCustomizedAddress $false -ReportNotJunkToCustomizedAddress $false -ReportPhishToCustomizedAddress $false` are the default values). + +Other settings: + +- Before a message is reported section: + - Show a pop-up message in Outlook to confirm if the user wants to report the message is selected (`-PreSubmitMessageEnabled $true \| $false` is available only on Set-ReportSubmissionPolicy; the unconfigurable value on New-ReportSubmissionPolicy is `$true`). + - Customize before message link: Nothing is entered in the Title or Message boxes in the flyout.(`-EnableCustomizedMsg $false` is the default value). + +- After a message is reported section: + - Show a success pop-up message in Outlook after the user reports message is selected (`-PostSubmitMessageEnabled $true \| $false` is available only on Set-ReportSubmissionPolicy; the unconfigurable value on New-ReportSubmissionPolicy is `$true`). + - Customize after message link: Nothing is entered in the Title or Message boxes in the flyout (`-EnableCustomizedMsg $false` is the default value). + + > [!NOTE] + > Currently, pop-up messages before or after a user reports a message are supported only by the Microsoft Report Message and Report Phishing add-ins. Users who report messages with the built-in Report button in Outlook on the web don't see these pop-ups. + +- Email sent to user after admin review section: + - Specify an Office 365 mailbox to send email notifications from is not selected (`-EnableCustomNotificationSender $false` is the default value). + - Replace the Microsoft logo with my company logo is not selected (`-EnableOrganizationBranding $false` is the default value). + - Customize email notification messages link: Nothing is entered in the Email body results text or Email footer text boxes on the Phishing, Junk, or No threats found tabs in the flyout (`-EnableCustomizedMsg $false` is the default value). +- Report from quarantine section: Let your organization report messages from quarantine is selected (`-DisableQuarantineReportingOption $false` is the default value). + +```powershell +New-ReportSubmissionPolicy +``` + +Because a reporting mailbox isn't use, the report submission rule is not needed or created. + +#### Use PowerShell to configure the Microsoft integrated reporting experience with report messages to Microsoft and the reporting mailbox + +This example creates the report submission policy and the report submission rule with the following settings: + +- The Microsoft integrated reporting experience is On :::image type="icon" source="../../media/scc-toggle-on.png"::: and Use the built-in "Report" button with "Phishing", "Junk", and "Not Junk options is selected (`-EnableReportToMicrosoft $true -EnableThirdPartyAddress $false` are the default values). + +- Reported message destinations section: + - Send messages to \> Microsoft and my reporting mailbox is selected. + - Add a mailbox to send reported messages to specifies the email address of the reporting mailbox. + + - New-ReportSubmissionPolicy: `-ReportJunkToCustomizedAddress $true -ReportJunkAddresses <emailaddress> -ReportNotJunkToCustomizedAddress $true -ReportNotJunkAddresses <emailaddress> -ReportPhishToCustomizedAddress $true -ReportPhishAddresses <emailaddress>`. + - New-ReportSubmissionRule: `-SentTo <emailaddress>`. + + In this example, the email address of the reporting mailbox is reportedmessages@contoso.com in Exchange Online (you can't specify an external email address). + + > [!NOTE] + > You must use the same email address value in all parameters that identify the reporting mailbox. + +The remaining settings are the default values in "Other settings" as described in [Use PowerShell to configure the Microsoft integrated reporting experience with report to Microsoft only](#use-powershell-to-configure-the-microsoft-integrated-reporting-experience-with-report-messages-to-microsoft-only). + +```powershell +$usersub = "reportedmessages@contoso.com" + +New-ReportSubmissionPolicy -ReportJunkToCustomizedAddress $true -ReportJunkAddresses $usersub -ReportNotJunkToCustomizedAddress $true -ReportNotJunkAddresses $usersub -ReportPhishToCustomizedAddress $true -ReportPhishAddresses $usersub + +New-ReportSubmissionRule -Name DefaultReportSubmissionRule -ReportSubmissionPolicy DefaultReportSubmissionPolicy -SentTo $usersub +``` + +#### Use PowerShell to configure the Microsoft integrated reporting experience with report messages to the reporting mailbox only + +This example creates the report submission policy and the report submission rule with the following settings: + +- The Microsoft integrated reporting experience is On :::image type="icon" source="../../media/scc-toggle-on.png"::: and Use the built-in "Report" button with "Phishing", "Junk", and "Not Junk options is selected (you need to set `-EnableReportToMicrosoft $false`; `-EnableThirdPartyAddress $false` is the default value). + +- Reported message destinations section: + - Send messages to \> Microsoft and my reporting mailbox is selected. + - Add a mailbox to send reported messages to specifies the email address of the reporting mailbox. + + - New-ReportSubmissionPolicy: `-ReportJunkToCustomizedAddress $true -ReportJunkAddresses <emailaddress> -ReportNotJunkToCustomizedAddress $true -ReportNotJunkAddresses <emailaddress> -ReportPhishToCustomizedAddress $true -ReportPhishAddresses <emailaddress>`. + - New-ReportSubmissionRule: `-SentTo <emailaddress>`. + + In this example, the email address of the reporting mailbox is userreportedmessages@fabrikam.com in Exchange Online (you can't specify an external email address). + + > [!NOTE] + > You must use the same email address value in all parameters that identify the reporting mailbox. + +The remaining settings are the default values in "Other settings" as described in [Use PowerShell to configure the Microsoft integrated reporting experience with report to Microsoft only](#use-powershell-to-configure-the-microsoft-integrated-reporting-experience-with-report-messages-to-microsoft-only). + +```powershell +$usersub = "userreportedmessages@fabrikam.com" + +New-ReportSubmissionPolicy -EnableReportToMicrosoft $false -ReportJunkToCustomizedAddress $true -ReportJunkAddresses $usersub -ReportNotJunkToCustomizedAddress $true -ReportNotJunkAddresses $usersub -ReportPhishToCustomizedAddress $true -ReportPhishAddresses $usersub + +New-ReportSubmissionRule -Name DefaultReportSubmissionRule -ReportSubmissionPolicy DefaultReportSubmissionPolicy -SentTo $usersub +``` + +#### Use PowerShell to configure the Microsoft integrated reporting experience to use third-party reporting tools + +This example creates the report submission policy and the report submission rule with the following settings: + +- The Microsoft integrated reporting experience is On :::image type="icon" source="../../media/scc-toggle-on.png"::: and Use a non-Microsoft add-in button is selected (`-EnableReportToMicrosoft $false -EnableThirdPartyAddress $true`). + +- Reported message destinations section: Add a mailbox to send reported messages to specifies the email address of the reporting mailbox. + + - New-ReportSubmissionPolicy:`-ThirdPartyReportAddresses <emailaddress>`. + - New-ReportSubmissionRule: `-SentTo <emailaddress>`. + + In this example, the email address of the reporting mailbox is thirdpartyreporting@wingtiptoys.com in Exchange Online (you can't specify an external email address). + + > [!NOTE] + > You must use the same email address value in all parameters that identify the reporting mailbox. + +Other settings: + +- Report from quarantine section: Let your organization report messages from quarantine is selected (`-DisableQuarantineReportingOption $false` is the default value). + +```powershell +$usersub = "thirdpartyreporting@wingtiptoys.com" + +New-ReportSubmissionPolicy -EnableReportToMicrosoft $false -EnableThirdPartyAddress $true -ThirdPartyReportAddresses $usersub + +New-ReportSubmissionRule -Name DefaultReportSubmissionRule -ReportSubmissionPolicy DefaultReportSubmissionPolicy -SentTo $usersub +``` + +#### Use PowerShell to turn off the Microsoft integrated reporting experience + +Turning off the Microsoft integrated reporting experiences has the following consequences: + +- The Report button in Outlook on the web and the Microsoft Report Message and Report Phishing add-ins are unavailable in all Outlook platforms. +- Third-party reporting tools still work, but reported messages do not appear on the Submissions page in the Microsoft 365 Defender portal. + +This example creates the report submission policy with the Microsoft integrated reporting experience turned Off :::image type="icon" source="../../media/scc-toggle-on.png"::: (`-EnableReportToMicrosoft $false`; `-EnableThirdPartyAddress $false -ReportJunkToCustomizedAddress $false -ReportNotJunkToCustomizedAddress $false -ReportPhishToCustomizedAddress $false` are the default values). + +```powershell +New-ReportSubmissionPolicy -EnableReportToMicrosoft $false +``` + +### Use PowerShell to modify the report submission policy and the report submission rule + +Virtually all of the same settings are available when you modify the report submission policy in PowerShell as when you created the policy as described in [the previous section](#use-powershell-to-create-the-report-submission-policy-and-the-report-submission-rule). The exception is: + +- You can turn off Show a pop-up message in Outlook to confirm if the user wants to report the message and Show a success pop-up message in Outlook after the user reports using the _PreSubmitMessageEnabled_ and _PostSubmitMessageEnabled_ parameters on Set-ReportSubmissionPolicy. + + > [!NOTE] + > Currently, users who report messages from Outlook on the web using the built-in Report button don't get these pop-up messages. The pop-ups work for users who report messages using the Microsoft Report Message and Report Phishing add-ins. + +When you modify the existing settings in the report submission policy, you might need to undo or nullify some important settings that you previously configured or didn't configure. And, you might need to create or delete the report submission rule to allow or prevent message reporting to a reporting mailbox. + +For detailed syntax and parameter information, see [Set-ReportSubmissionPolicy](/powershell/module/exchange/set-reportsubmissionpolicy). + +The following examples show how to change the user reporting experience without concern for the existing settings or values: + +- Change to Use built-in "Report" button with "Phishing", "Junk" and "Not Junk" options and Send messages to \> Microsoft only: + + ```powershell + Set-ReportSubmissionPolicy -Identity DefaultReportSubmissionPolicy -EnableReportToMicrosoft $true -EnableThirdPartyAddress $false -ThirdPartyReportAddresses $null -ReportJunkToCustomizedAddress $false -ReportJunkAddresses $null -ReportNotJunkToCustomizedAddress $false -ReportNotJunkAddresses $null -ReportPhishToCustomizedAddress $false -ReportPhishAddresses $null + + Get-ReportSubmissionRule \| Remove-ReportSubmissionRule + ``` + +- Change to Use built-in "Report" button with "Phishing", "Junk" and "Not Junk" options and Send messages to \> Microsoft and my reporting mailbox* (for example, reportedmessages@contoso.com): + + ```powershell + $usersub = "reportedmessages@contoso.com" + + Set-ReportSubmissionPolicy -Identity DefaultReportSubmissionPolicy -EnableReportToMicrosoft $true -EnableThirdPartyAddress $false -ThirdPartyReportAddresses $null -ReportJunkToCustomizedAddress $true -ReportJunkAddresses $usersub -ReportNotJunkToCustomizedAddress $true -ReportNotJunkAddresses $usersub -ReportPhishToCustomizedAddress $true -ReportPhishAddresses $usersub + ``` + + The following command is required only if you don't already have the report submission rule: + + ```powershell + New-ReportSubmissionRule -Name DefaultReportSubmissionRule -ReportSubmissionPolicy DefaultReportSubmissionPolicy -SentTo $usersub + ``` + +- Change to Use built-in "Report" button with "Phishing", "Junk" and "Not Junk" options and Send messages to \> Microsoft and my reporting mailbox (for example, userreportedmessages@fabrikam.com): + + ```powershell + $usersub = "userreportedmessages@fabrikam.com" + + Set-ReportSubmissionPolicy -Identity DefaultReportSubmissionPolicy -EnableReportToMicrosoft $false -EnableThirdPartyAddress $false -ThirdPartyReportAddresses $null -ReportJunkToCustomizedAddress $true -ReportJunkAddresses $usersub -ReportNotJunkToCustomizedAddress $true -ReportNotJunkAddresses $usersub -ReportPhishToCustomizedAddress $true -ReportPhishAddresses $usersub + ``` + + The following command is required only if you don't already have the report submission rule: + + ```powershell + New-ReportSubmissionRule -Name DefaultReportSubmissionRule -ReportSubmissionPolicy DefaultReportSubmissionPolicy -SentTo $usersub + ``` + +- Change to Use a non-Microsoft add-in button (for example, thirdpartyreporting@wingtiptoys.com): + + ```powershell + $usersub = "thirdpartyreporting@wingtiptoys.com" + + Set-ReportSubmissionPolicy -Identity DefaultReportSubmissionPolicy -EnableReportToMicrosoft $false -EnableThirdPartyAddress $true -ThirdPartyReportAddresses $usersub -ReportJunkToCustomizedAddress $false -ReportJunkAddresses $null -ReportNotJunkToCustomizedAddress $false -ReportNotJunkAddresses $null -ReportPhishToCustomizedAddress $false -ReportPhishAddresses $null + ``` + + The following command is required only if you don't already have the report submission rule: + + ```powershell + New-ReportSubmissionRule -Name DefaultReportSubmissionRule -ReportSubmissionPolicy DefaultReportSubmissionPolicy -SentTo $usersub + ``` + +- Turn off the Microsoft integrated reporting experience Off :::image type="icon" source="../../media/scc-toggle-off.png":::: + + ```powershell + Set-ReportSubmissionPolicy -Identity DefaultReportSubmissionPolicy -EnableReportToMicrosoft $false -EnableThirdPartyAddress $false -ThirdPartyReportAddresses $null -ReportJunkToCustomizedAddress $false -ReportJunkAddresses $null -ReportNotJunkToCustomizedAddress $false -ReportNotJunkAddresses $null -ReportPhishToCustomizedAddress $false -ReportPhishAddresses $null + ``` + + The following command is required only if you don't already have the report submission rule: + + ```powershell + Get-ReportSubmissionRule \| Remove-ReportSubmissionRule + ``` + +The only meaningful setting that you can modify in the report submission rule is the email address of the reporting mailbox (the _SentTo_ parameter value). For example: + +```powershell +Get-ReportSubmissionRule \| Set-ReportSubmissionRule -SentTo newemailaddress@contoso.com +``` + +> [!NOTE] +> If you change the email address of the reporting mailbox in the report submission rule, be sure to change the corresponding values in the report submissions policy. For example: +> +> - _ThirdPartyReportAddresses_ +> - _ReportJunkAddresses_, _ReportNotJunkAddresses_, and _ReportPhishAddresses_ + +For detailed syntax and parameter information, see [Set-ReportSubmissionRule](/powershell/module/exchange/set-reportsubmissionrule). + +To temporarily disable sending email messages to the reporting mailbox without deleting the report submission rule, use [Disable-ReportSubmissionRule](/powershell/module/exchange/disable-reportsubmissionrule). For example: + +```powershell +Get-ReportSubmissionRule \| Disable-ReportSubmissionRule -Confirm:$false +``` + +To enable the report submission rule again, use [Enable-ReportSubmissionRule](/powershell/module/exchange/enable-reportsubmissionrule). For example: + +```powershell +Get-ReportSubmissionRule \| Disable-ReportSubmissionRule -Confirm:$false +``` + +### Use PowerShell to remove the report submission policy and the report submission rule + +To start over with the default settings of the report submission policy, you can delete it and recreate it. Removing the report submission policy does not remove the report submission rule, and vice-versa. + +To remove the report submission policy, run the following command in Exchange Online PowerShell: + +```powershell +Remove-ReportSubmissionPolicy -Identity DefaultReportSubmissionPolicy +``` + +To remove the report submission rule, run the following command: + +```powershell +Get-ReportSubmissionRule \| Remove-ReportSubmissionRule +``` + +To remove both the report submission policy and report submission rule in the same command without prompts, run the following command: + +```powershell +Remove-ReportSubmissionPolicy -Identity DefaultReportSubmissionPolicy; Get-ReportSubmissionRule \| Remove-ReportSubmissionRule -Confirm:$false +``` + +For detailed syntax and parameter information, see [Remove-ReportSubmissionPolicy](/powershell/module/exchange/remove-reportsubmissionpolicy) and [Remove-ReportSubmissionRule](/powershell/module/exchange/remove-reportsubmissionrule).
security	Submissions Users Report Message Add In Configure	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/submissions-users-report-message-add-in-configure.md	After the add-in is installed and enabled, users will see the following icons: - Organizations that have a URL filtering or security solution (such as a proxy and/or firewall) in place, must have ipagave.azurewebsites.net and outlook.office.com endpoints allowed to be reached on HTTPS protocol. -- Currently, reporting messages in shared mailboxes or other mailboxes by a delegate using the add-ins is not supported. Messages are not sent to the [reporting mailbox](submissions-user-reported-messages-files-custom-mailbox.md) or to Microsoft. Built-in reporting in Outlook on the web sends messages reported by a delegate to the reporting mailbox and/or to Microsoft. +- Currently, reporting messages in shared mailboxes or other mailboxes by a delegate using the add-ins is not supported. Messages are not sent to the [reporting mailbox](submissions-user-reported-messages-custom-mailbox.md) or to Microsoft. Built-in reporting in Outlook on the web sends messages reported by a delegate to the reporting mailbox and/or to Microsoft. > [!IMPORTANT] -> To view messages reported to Microsoft on the User reported tab on the Submissions page at <https://security.microsoft.com/reportsubmission?viewid=user>, leave the toggle On (![Toggle on.](../../media/scc-toggle-on.png)) at the top of the User reported page at <https://security.microsoft.com/securitysettings/userSubmission>. +> Admins can view reported messages on the Submissions page at <https://security.microsoft.com/reportsubmission> only if both of the following settings are configured on the User reported page at <https://security.microsoft.com/securitysettings/userSubmission>: +> +> - The toggle on the User reported page is On ![Toggle on.](../../media/scc-toggle-on.png). +> - Use the built-in "Report" button with "Phishing", "Junk", and "Not Junk options" is selected. + +## Use the built-in Report button in Outlook on the web ## Admin instructions Admins in Microsoft 365 Government Community Cloud (GCC) or GCC High need to use 4. Choose which users will have access to the add-in, select a deployment method, and then select Deploy. -5. To fully configure the settings, see [User reported message settings](submissions-user-reported-messages-files-custom-mailbox.md). +5. To fully configure the settings, see [User reported settings](submissions-user-reported-messages-custom-mailbox.md). ### View and edit settings for the Report Message or Report Phishing add-ins
security	Tenant Allow Block List About	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/tenant-allow-block-list-about.md	- m365-security - tier1 -description: Learn how to manage allows and blocks in the Tenant Allow/Block List in the Security portal. +description: Learn how to manage allow entries and block entries in the Tenant Allow/Block List in the Security portal. -# Manage your allows and blocks in the Tenant Allow/Block List +# Manage allows and blocks in the Tenant Allow/Block List [!INCLUDE [MDO Trial banner](../includes/mdo-trial-banner.md)] These articles contain procedures in the Microsoft 365 Defender Portal and in Po > [!NOTE] > In the Tenant Allow/Block List, block entries take precedence over allow entries. -Use the Submissions portal (also known as admin submission) at <https://security.microsoft.com/reportsubmission> to create block entries for the following types of items as you report them as false negatives to Microsoft: +Use the Submissions page (also known as admin submission) at <https://security.microsoft.com/reportsubmission> to create block entries for the following types of items as you report them as false negatives to Microsoft: - Domains and email addresses: - Email messages from these senders are marked as high confidence spam (SCL = 9). What happens to the messages is determined by the [anti-spam policy](anti-spam-policies-configure.md) that detected the message for the recipient. In the default anti-spam policy and new custom policies, messages that are marked as high confidence spam are delivered to the Junk Email folder by default. In Standard and Strict [preset security policies](preset-security-policies.md), high confidence spam messages are quarantined. By default, block entries for domains and email addresses, files and U In most cases, you can't directly create allow entries in the Tenant Allow/Block List: -- Domains and email addresses, files, and URLs: You can't create allow entries directly in the Tenant Allow/Block List. Instead you use the Submissions portal at <https://security.microsoft.com/reportsubmission> to report the email, email attachment, or URL to Microsoft as Should not have been blocked (False positive). +- Domains and email addresses, files, and URLs: You can't create allow entries directly in the Tenant Allow/Block List. Instead you use the Submissions page at <https://security.microsoft.com/reportsubmission> to report the email, email attachment, or URL to Microsoft as Should not have been blocked (False positive). - Spoofed senders: - - If spoof intelligence has already blocked the message as spoofing, use the Submissions portal at <https://security.microsoft.com/reportsubmission> to report the email to Microsoft as Should not have been blocked (False positive). + - If spoof intelligence has already blocked the message as spoofing, use the Submissions page at <https://security.microsoft.com/reportsubmission> to report the email to Microsoft as Should not have been blocked (False positive). - You can proactively create an allow entry for a spoofed sender on the Spoofed sender tab in the Tenant Allow/Block List before [spoof intelligence](anti-spoofing-spoof-intelligence.md) identifies and blocks the message as spoofing. -The following list describes what happens in the Tenant Allow/Block List when you report something to Microsoft as a false positive in the Submissions portal: +The following list describes what happens in the Tenant Allow/Block List when you report something to Microsoft as a false positive on the Submissions page: - Email attachments and URLs: An allow entry is created and the entry appears on the Files or URLs tab in the Tenant Allow/Block List. The following list describes what happens in the Tenant Allow/Block List when yo - If the message was not blocked, and an allow entry for the sender is not created, it won't show on the Spoofed senders tab or the Domains & addresses** tab. -By default, allow entries for domains and email addresses, files, and URLs exist for 30 days. During those 30 days, Microsoft will learn from the allow entries and [remove them or automatically extend them](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/automatic-tenant-allow-block-list-expiration-management-is-now/ba-p/3723447). After Microsoft learns from these allow entries, messages that contain these entities will be delivered, unless something else is the message is detected as malicious. By default, allow entries for spoofed senders never expire. +By default, allow entries for domains and email addresses, files, and URLs exist for 30 days. During those 30 days, Microsoft will learn from the allow entries and [remove them or automatically extend them](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/automatic-tenant-allow-block-list-expiration-management-is-now/ba-p/3723447). After Microsoft learns from these allow entries, messages that contain these entities will be delivered, unless something else is the message is detected as malicious. By default, allow entries for spoofed senders never expire. > [!NOTE] -> Microsoft does not allow you to create allow entries directly as it leads to creation of allows that are not needed, thus exposing the customer's tenant to malicious emails which might otherwise have been filtered by the system. +> Microsoft does not allow you to create allow entries directly. Unnecessary allow entries expose your organization to malicious email which could have been filtered by the system. > -> Microsoft manages the creation of allow entries from the Submissions page. Allow entries are created for domains or email addresses, spoofed senders, files, or URLs (_entities_) that were determined to be malicious by filters during mail flow. For example, if the sender and a URL in the message are both determined to be bad, an allow entry for the sender email address and an allow entry for the URL are created. +> Microsoft manages the creation of allow entries from the Submissions page. Allow entries are added during mail flow based on the filters that determined the message was malicious. For example, if the sender email address and a URL in the message were determined to be bad, an allow entry is created for the sender (email address or domain) and the URL. > -> When that entity (domain or email address, URL, file) is encountered again either during mailflow or time of click, all filters associated with that entity are skipped. +> When that domain, email address, file, or URL (entity) is encountered again (during mail flow or time of click), all filters associated with that entity are skipped. > -> During mail flow, if messages containing the allow entity passes the other checks in the filtering stack, the messages will be delivered. For example, if [email authentication](email-authentication-about.md) and URL and file based filtering passes, a message from a sender email address in the allow entry will be delivered. +> During mail flow, if messages containing the entity in the allow entry pass other checks in the filtering stack, the messages will be delivered. For example, if [email authentication](email-authentication-about.md), URL filtering and file filter pass the checks, a message from a sender email address in the allow entry will be delivered. ## What to expect after you add an allow or block entry -After you add an allow entry or block entry on the Submissions page or a block entry in the Tenant Allow/Block List, the entry should start working immediately 99.999% of the time. For the rest, it could take up to 24 hours. +After you add an allow entry on the Submissions page or a block entry in the Tenant Allow/Block List, the entry should start working immediately 99.999% of the time. For the rest, it could take up to 24 hours. An allow is created by default for a period of 30 calendar days so that Microsoft could learn from it and then remove it. With [allow expiry management](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/automatic-tenant-allow-block-list-expiration-management-is-now/ba-p/3723447), if Microsoft has not learned from the allow entry, Microsoft will automatically extend the expiry time of allow entries that will soon expire by another 30 days. This extension prevents legitimate email from going to junk or quarantine or legitimate URL or file from being blocked at time of click. If Microsoft does not learn within 90 calendar days from the date of the original creation of the allow entry, Microsoft will remove the allow entry. You will be kept informed throughout the process using emails.
security	Tenant Allow Block List Email Spoof Configure	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/tenant-allow-block-list-email-spoof-configure.md	Last updated 12/05/2022 - [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md) - [Microsoft 365 Defender](../defender/microsoft-365-defender.md) -This article describes how to create and manage allow and block entries for domains and email addresses (including spoofed senders) that are available in the Tenant Allow/Block List. For more information about the Tenant Allow/Block List, see [Manage your allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md). +This article describes how to create and manage allow and block entries for domains and email addresses (including spoofed senders) that are available in the Tenant Allow/Block List. For more information about the Tenant Allow/Block List, see [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md). You manage allow and block entries for email in the Microsoft 365 Defender Portal or in Exchange Online PowerShell. You manage allow and block entries for email in the Microsoft 365 Defender Porta You have the following options to create block entries for domains and email addresses: -- [The Submissions page in the Microsoft 365 Defender portal](#use-the-microsoft-365-defender-portal-to-create-block-entries-for-domains-and-email-addresses-in-the-submissions-portal) +- [The Submissions page in the Microsoft 365 Defender portal](#use-the-microsoft-365-defender-portal-to-create-block-entries-for-domains-and-email-addresses-on-the-submissions-page) - The Tenant Allow/Block List in [the Microsoft 365 Defender portal](#use-the-microsoft-365-defender-portal-to-create-block-entries-for-domains-and-email-addresses-in-the-tenant-allowblock-list) or in [PowerShell](#use-powershell-to-create-block-entries-for-domains-and-email-addresses-in-the-tenant-allowblock-list) To create block entries for spoofed senders, see the [Use the Microsoft 365 Defender portal to view existing allow or block entries for domains and email addresses in the Tenant Allow/Block List](#use-the-microsoft-365-defender-portal-to-view-existing-allow-or-block-entries-for-domains-and-email-addresses-in-the-tenant-allowblock-list) section later in this article. -#### Use the Microsoft 365 Defender portal to create block entries for domains and email addresses in the Submissions portal +#### Use the Microsoft 365 Defender portal to create block entries for domains and email addresses on the Submissions page -When you use the Submissions portal at <https://security.microsoft.com/reportsubmission> to report email messages as Should have been blocked (False negative), you can select Block all emails from this recipient to add a block entry for the sender on the Domains & addresses tab in the Tenant Allow/Block List. +When you use the Submissions page at <https://security.microsoft.com/reportsubmission> to report email messages as Should have been blocked (False negative), you can select Block all emails from this recipient to add a block entry for the sender on the Domains & addresses tab in the Tenant Allow/Block List. For instructions, see [Report questionable email to Microsoft](submissions-admin.md#report-questionable-email-to-microsoft). New-TenantAllowBlockListItems -ListType Sender -Block -Entries "test@badattacker For detailed syntax and parameter information, see [New-TenantAllowBlockListItems](/powershell/module/exchange/new-tenantallowblocklistitems). -### Use the Microsoft 365 Defender portal to create allow entries for domains and email addresses in the Submissions portal +### Use the Microsoft 365 Defender portal to create allow entries for domains and email addresses on the Submissions page -You can't create allow entries for domains and email addresses directly in the Tenant Allow/Block List. Instead, you use the Submissions portal at <https://security.microsoft.com/reportsubmission> to report the message as a false positive, which also adds an allow entry for the sender on the Domains & addresses tab in the Tenant Allow/Block List. +You can't create allow entries for domains and email addresses directly in the Tenant Allow/Block List. Instead, you use the Submissions page at <https://security.microsoft.com/reportsubmission> to report the message as a false positive, which also adds an allow entry for the sender on the Domains & addresses tab in the Tenant Allow/Block List. By default, allow entries for domains and email addresses, files, and URLs exist for 30 days, while allow entries for spoofed senders never expire. Within those 30 days, Microsoft will learn from the allow entries or automatically extend the allow entries for you. Once Microsoft learns, email containing these entities will be delivered to the inbox provided something else in the email is not malicious. Moreover these entities by default will open at time of click. For instructions, see [Report good email to Microsoft](submissions-admin.md#repo > [!NOTE] > Microsoft does not allow you to create allow entries directly. Unnecessary allow entries expose your organization to malicious email which could have been filtered by the system. > -> Microsoft manages the allow creation process from Submission by creating allows for those entities (domains or email addresses, spoofed senders, URLs, or files) which were determined to be malicious by filters during mail flow. For example, if the sender and a URL in the message were determined to be bad, an allow entry is created for the sender email address, and an allow entry is created for the URL. +> Microsoft manages the allow creation process from the Submissions page. Allow entries are added during mail flow based on the filters that determined the message was malicious. For example, if the sender email address and a URL in the message were determined to be bad, an allow entry is created for the sender (email address or domain) and the URL. > -> When that entity (domain or email address, URL, file) is encountered again either during mailflow or time of click, all filters associated with that entity are skipped. +> When that domain, email address, file, or URL (_entity_) is encountered again (during mail flow or time of click), all filters associated with that entity are skipped. > -> During mail flow, if messages containing the allow entity passes the other checks in the filtering stack, the messages will be delivered. For example, if [email authentication](email-authentication-about.md) and URL and file based filtering passes, a message from a sender email address in the allow entry will be delivered. +> During mail flow, if messages containing the entity in the allow entry pass other checks in the filtering stack, the messages will be delivered. For example, if [email authentication](email-authentication-about.md), URL filtering and file filter pass the checks, a message from a sender email address in the allow entry will be delivered. ### Use the Microsoft 365 Defender portal to view existing allow or block entries for domains and email addresses in the Tenant Allow/Block List For detailed syntax and parameter information, see [Remove-TenantAllowBlockListI You have the following options to create block entries for spoofed senders: -- [The Submissions page in the Microsoft 365 Defender portal](#use-the-microsoft-365-defender-portal-to-create-allow-entries-for-domains-and-email-addresses-in-the-submissions-portal) +- [The Submissions page in the Microsoft 365 Defender portal](#use-the-microsoft-365-defender-portal-to-create-allow-entries-for-domains-and-email-addresses-on-the-submissions-page) - The Tenant Allow/Block List in [the Microsoft 365 Defender portal](#use-the-microsoft-365-defender-portal-to-create-allow-entries-for-spoofed-senders-in-the-tenant-allowblock-list) or in [PowerShell](#use-powershell-to-create-block-entries-for-spoofed-senders-in-the-tenant-allowblock-list) > [!NOTE] You have the following options to create block entries for spoofed senders: > > Allow entries for spoofed senders never expire. -#### Use the Microsoft 365 Defender portal to create allow entries for spoofed senders in the Submissions portal +#### Use the Microsoft 365 Defender portal to create allow entries for spoofed senders on the Submissions page Submitting messages that were blocked by [spoof intelligence](anti-spoofing-spoof-intelligence.md) to Microsoft in the Submissions portal at <https://security.microsoft.com/reportsubmission> adds the sender as an allow entry for the sender on the Spoofed senders tab in Tenant Allow/Block List. You create block entries for spoofed senders directly in the Tenant Allow/Block > > Block entries for spoofed senders never expire. -The instructions to report the message are nearly identical to the steps in [Use the Microsoft 365 Defender portal to create allow entries for domains and email addresses in the Submissions portal](#use-the-microsoft-365-defender-portal-to-create-allow-entries-for-domains-and-email-addresses-in-the-submissions-portal). +The instructions to report the message are nearly identical to the steps in [Use the Microsoft 365 Defender page to create allow entries for domains and email addresses on the Submissions page](#use-the-microsoft-365-defender-portal-to-create-allow-entries-for-domains-and-email-addresses-on-the-submissions-page). The only difference is: for the Action value in Step 4, choose Block instead of Allow. Only messages from that domain and sending infrastructure pair are allowed to In organizations with Microsoft Defender for Office 365, you can't create allow entries in the Tenant/Allow/Block List for messages that were detected as impersonation by [domain or sender impersonation protection](anti-phishing-policies-about.md#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365). -Reporting a message that was incorrectly blocked as impersonation in the Submissions portal at <https://security.microsoft.com/reportsubmission> does not add the sender or domain as an allow entry in the Tenant Allow/Block List. +Reporting a message that was incorrectly blocked as impersonation on the Submissions page at <https://security.microsoft.com/reportsubmission> does not add the sender or domain as an allow entry in the Tenant Allow/Block List. Instead, the domain or sender is added to the Trusted senders and domains section in the [anti-phishing policy](anti-phishing-policies-mdo-configure.md#use-the-microsoft-365-defender-portal-to-modify-anti-phishing-policies) that detected the message. -The instructions to report the message are identical to the steps in [Use the Microsoft 365 Defender portal to create allow entries for domains and email addresses in the Submissions portal](#use-the-microsoft-365-defender-portal-to-create-allow-entries-for-domains-and-email-addresses-in-the-submissions-portal). +The instructions to report the message are identical to the steps in [Use the Microsoft 365 Defender portal to create allow entries for domains and email addresses in the Submissions page](#use-the-microsoft-365-defender-portal-to-create-allow-entries-for-domains-and-email-addresses-on-the-submissions-page). > [!NOTE] > The instructions to report the message are identical to the steps in [Use the Mi ## Related articles -- [Use the Submissions portal to submit suspected spam, phish, URLs, legitimate email getting blocked, and email attachments to Microsoft](submissions-admin.md) +- [Use the Submissions page to submit suspected spam, phish, URLs, legitimate email getting blocked, and email attachments to Microsoft](submissions-admin.md) - [Report false positives and false negatives](submissions-outlook-report-messages.md)-- [Manage your allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md) +- [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md) - [Allow or block files in the Tenant Allow/Block List](tenant-allow-block-list-files-configure.md) - [Allow or block URLs in the Tenant Allow/Block List](tenant-allow-block-list-urls-configure.md)
security	Tenant Allow Block List Files Configure	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/tenant-allow-block-list-files-configure.md	Last updated 12/05/2022 - [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md) - [Microsoft 365 Defender](../defender/microsoft-365-defender.md) -This article describes how to manage file allow and block entries that are available in the Tenant Allow/Block List. For more information about the Tenant Allow/Block List, see [Manage your allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md). +This article describes how to manage file allow and block entries that are available in the Tenant Allow/Block List. For more information about the Tenant Allow/Block List, see [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md). You manage allow and block entries for files in the Microsoft 365 Defender Portal or in Exchange Online PowerShell. You manage allow and block entries for files in the Microsoft 365 Defender Porta You have the following options to create block entries for files: -- [The Submissions page in the Microsoft 365 Defender portal](#use-the-microsoft-365-defender-portal-to-create-block-entries-for-files-in-the-submissions-portal) +- [The Submissions page in the Microsoft 365 Defender portal](#use-the-microsoft-365-defender-portal-to-create-block-entries-for-files-on-the-submissions-page) - The Tenant Allow/Block List in [the Microsoft 365 Defender portal](#use-the-microsoft-365-defender-portal-to-create-block-entries-for-files-in-the-tenant-allowblock-list) or in [PowerShell](#use-powershell-to-create-block-entries-for-files-in-the-tenant-allowblock-list) -### Use the Microsoft 365 Defender portal to create block entries for files in the Submissions portal +### Use the Microsoft 365 Defender portal to create block entries for files on the Submissions page -When you use the Submissions portal at <https://security.microsoft.com/reportsubmission> to report files as Should have been blocked (False negative), you can select Block this file to add a block entry on the Files tab in the Tenant Allow/Block List. +When you use the Submissions page at <https://security.microsoft.com/reportsubmission> to report files as Should have been blocked (False negative), you can select Block this file to add a block entry on the Files tab in the Tenant Allow/Block List. For instructions, see [Report questionable email attachments to Microsoft](submissions-admin.md#report-questionable-email-attachments-to-microsoft). New-TenantAllowBlockListItems -ListType FileHash -Block -Entries "768a813668695e For detailed syntax and parameter information, see [New-TenantAllowBlockListItems](/powershell/module/exchange/new-tenantallowblocklistitems). -## Use the Microsoft 365 Defender portal to create allow entries for files in the Submissions portal +## Use the Microsoft 365 Defender portal to create allow entries for files on the Submissions page -You can't create allow entries for files directly in the Tenant Allow/Block List. Instead, you use the Submissions portal at <https://security.microsoft.com/reportsubmission> to report the message attachment as a false positive, which also adds an allow entry on the Files tab in the Tenant Allow/Block List. +You can't create allow entries for files directly in the Tenant Allow/Block List. Instead, you use the Submissions page at <https://security.microsoft.com/reportsubmission> to report the message attachment as a false positive, which also adds an allow entry on the Files tab in the Tenant Allow/Block List. For instructions, see [Report good email attachments to Microsoft](submissions-admin.md#report-good-email-attachments-to-microsoft). For detailed syntax and parameter information, see [Remove-TenantAllowBlockListI ## Related articles -- [Use the Submissions portal to submit suspected spam, phish, URLs, legitimate email getting blocked, and email attachments to Microsoft](submissions-admin.md) +- [Use the Submissions page to submit suspected spam, phish, URLs, legitimate email getting blocked, and email attachments to Microsoft](submissions-admin.md) - [Report false positives and false negatives](submissions-outlook-report-messages.md)-- [Manage your allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md) +- [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md) - [Allow or block emails in the Tenant Allow/Block List](tenant-allow-block-list-email-spoof-configure.md) - [Allow or block URLs in the Tenant Allow/Block List](tenant-allow-block-list-urls-configure.md)
security	Tenant Allow Block List Urls Configure	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/tenant-allow-block-list-urls-configure.md	Last updated 12/05/2022 > [!NOTE] > To allow phishing URLs that are part of third-party attack simulation training, use the [advanced delivery configuration](skip-filtering-phishing-simulations-sec-ops-mailboxes.md) to specify the URLs. Don't use the Tenant Allow/Block List. -This article describes how to create and manage URL allow and block entries that are available in the Tenant Allow/Block List. For more information about the Tenant Allow/Block List, see [Manage your allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md). +This article describes how to create and manage URL allow and block entries that are available in the Tenant Allow/Block List. For more information about the Tenant Allow/Block List, see [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md). You manage allow and block entries for URLs in the Microsoft 365 Defender Portal or in Exchange Online PowerShell. Messages containing the blocked URLs are quarantined. You manage allow and block entries for URLs in the Microsoft 365 Defender Portal You have the following options to create block entries for URLs: -- [The Submissions page in the Microsoft 365 Defender portal](#use-the-microsoft-365-defender-portal-to-create-block-entries-for-urls-in-the-submissions-portal) +- [The Submissions page in the Microsoft 365 Defender portal](#use-the-microsoft-365-defender-portal-to-create-block-entries-for-urls-on-the-submissions-page) - The Tenant Allow/Block List in [the Microsoft 365 Defender portal](#use-the-microsoft-365-defender-portal-to-create-block-entries-for-urls-in-the-tenant-allowblock-list) or in [PowerShell](#use-powershell-to-create-block-entries-for-urls-in-the-tenant-allowblock-list) -### Use the Microsoft 365 Defender portal to create block entries for URLs in the Submissions portal +### Use the Microsoft 365 Defender portal to create block entries for URLs on the Submissions page -When you use the Submissions portal at <https://security.microsoft.com/reportsubmission> to report URLs as Should have been blocked (False negative), you can select Block this URL to add a block entry on the URLs tab in the Tenant Allow/Block List. +When you use the Submissions page at <https://security.microsoft.com/reportsubmission> to report URLs as Should have been blocked (False negative), you can select Block this URL to add a block entry on the URLs tab in the Tenant Allow/Block List. For instructions, see [Report questionable URLs to Microsoft](submissions-admin.md#report-questionable-urls-to-microsoft). New-TenantAllowBlockListItems -ListType Url -Block -Entries ~contoso.com For detailed syntax and parameter information, see [New-TenantAllowBlockListItems](/powershell/module/exchange/new-tenantallowblocklistitems). -## Use the Microsoft 365 Defender portal to create allow entries for URLs in the Submissions portal +## Use the Microsoft 365 Defender portal to create allow entries for URLs on the Submissions page -You can't create URL allow entries directly in the Tenant Allow/Block List. Instead, you use the Submissions portal at <https://security.microsoft.com/reportsubmission> to report the URL as a false positive, which also adds an allow entry on the URLs tab in the Tenant Allow/Block List. +You can't create URL allow entries directly in the Tenant Allow/Block List. Instead, you use the Submissions page at <https://security.microsoft.com/reportsubmission> to report the URL as a false positive, which also adds an allow entry on the URLs tab in the Tenant Allow/Block List. For instructions, see [Report good URLs to Microsoft](submissions-admin.md#report-good-urls-to-microsoft). The following entries are invalid: ## Related articles -- [Use the Submissions portal to submit suspected spam, phish, URLs, legitimate email getting blocked, and email attachments to Microsoft](submissions-admin.md) +- [Use the Submissions page to submit suspected spam, phish, URLs, legitimate email getting blocked, and email attachments to Microsoft](submissions-admin.md) - [Report false positives and false negatives](submissions-outlook-report-messages.md)-- [Manage your allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md) +- [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md) - [Allow or block files in the Tenant Allow/Block List](tenant-allow-block-list-files-configure.md) - [Allow or block emails in the Tenant Allow/Block List](tenant-allow-block-list-email-spoof-configure.md)
security	Trial User Guide Defender For Office 365	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/trial-user-guide-defender-for-office-365.md	Defender for Office 365 enables users to report messages to their security teams - Deploy the [Report Message add-in or the Report Phishing add-in](submissions-users-report-message-add-in-configure.md). - Establish a workflow to [Report false positives and false negatives](submissions-outlook-report-messages.md).-- Use the [Submissions portal](submissions-admin.md). +- Use the [Submissions page](submissions-admin.md). -Watch this video to learn more: [Learn how to use the Submissions portal to submit messages for analysis - YouTube](https://www.youtube.com/watch?v=ta5S09Yz6Ks&ab_channel=MicrosoftSecurit). +Watch this video to learn more: [Learn how to use the Submissions page to submit messages for analysis - YouTube](https://www.youtube.com/watch?v=ta5S09Yz6Ks&ab_channel=MicrosoftSecurit). #### Review reports to understand the threat landscape in blocking mode Defender for Office 365 enables users to report messages to their security teams - Deploy the [Report Message add-in or the Report Phishing add-in](submissions-users-report-message-add-in-configure.md). - Establish a workflow to [Report false positives and false negatives](submissions-outlook-report-messages.md).-- Use the [Submissions portal](submissions-admin.md). +- Use the [Submissions page](submissions-admin.md). -Watch this video to learn more: [Learn how to use the Submissions portal to submit messages for analysis - YouTube](https://www.youtube.com/watch?v=ta5S09Yz6Ks&ab_channel=MicrosoftSecurit). +Watch this video to learn more: [Learn how to use the Submissions page to submit messages for analysis - YouTube](https://www.youtube.com/watch?v=ta5S09Yz6Ks&ab_channel=MicrosoftSecurit). #### Review reports to understand the threat landscape in auditing mode