Updates from: 02/03/2021 04:11:12
Category Microsoft Docs article Related commit history on GitHub Change details
admin https://docs.microsoft.com/en-us/microsoft-365/admin/create-groups/office-365-groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/office-365-groups.md
@@ -59,7 +59,7 @@ As an administrator, you can:
If you prefer a more automated way to manage the lifecycle of your Microsoft 365 groups, you can use expiration policies to expire groups at a specific time interval. The group's owners will get an email 30, 15, and 1 day before the group expiration that allows them to renew the group if it's still needed. See: [Microsoft 365 group Expiration Policy](office-365-groups-expiration-policy.md).
-You can administer your groups from the Microsoft 365 admin center or [by using PowerShell](https://docs.microsoft.com/microsoft-365/enterprise/manage-microsoft-365-groups-with-powershel).
+You can administer your groups from the Microsoft 365 admin center or [by using PowerShell](https://docs.microsoft.com/microsoft-365/enterprise/manage-microsoft-365-groups-with-powershell).
If you have many users, such as in a large corporation or enterprise, you may have many users who create groups for various purposes. We highly recommend that you review [Plan for governance in Microsoft 365 groups](plan-for-groups-governance.md) for best practices.
admin https://docs.microsoft.com/en-us/microsoft-365/admin/email/about-shared-mailboxes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/about-shared-mailboxes.md
@@ -56,7 +56,7 @@ Before you [create a shared mailbox](create-a-shared-mailbox.md), here are some
> [!NOTE]
-> To access a shared mailbox, a user must have an Exchange Online license, but the shared mailbox doesn't require a separate license. Without a license, shared mailboxes are limited to 50 GB. To increase the size limit to 100 GB, the shared mailbox must be assigned an Exchange Online Plan 2 license or an Exchange Online Plan 1 license with an Exchange Online Archiving add-on license. This will also let you enable auto-expanding archiving for an unlimited amount of archive storage capacity. Similarly, if you want to place a shared mailbox on litigation hold, the shared mailbox must have an Exchange Online Plan 2 license or an Exchange Online Plan 1 license with an Exchange Online Archiving add-on license. If you want to apply advanced features such as Microsoft Defender for Office 365, Advanced eDiscovery, or automatic retention policies, the shared mailbox must be licensed for those features.
+> To access a shared mailbox, a user must have an Exchange Online license, but the shared mailbox doesn't require a separate license. Every shared mailbox has a corresponding user account. Notice how you weren't asked to provide a password when you created the shared mailbox? The account has a password, but it's system-generated (unknown). You shouldn't use the account to log in to the shared mailbox. Without a license, shared mailboxes are limited to 50 GB. To increase the size limit to 100 GB, the shared mailbox must be assigned an Exchange Online Plan 2 license or an Exchange Online Plan 1 license with an Exchange Online Archiving add-on license. This will also let you enable auto-expanding archiving for an unlimited amount of archive storage capacity. Similarly, if you want to place a shared mailbox on litigation hold, the shared mailbox must have an Exchange Online Plan 2 license or an Exchange Online Plan 1 license with an Exchange Online Archiving add-on license. If you want to apply advanced features such as Microsoft Defender for Office 365, Advanced eDiscovery, or automatic retention policies, the shared mailbox must be licensed for those features.
## Related articles
admin https://docs.microsoft.com/en-us/microsoft-365/admin/manage/upgrade-distribution-lists https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/upgrade-distribution-lists.md
@@ -30,7 +30,7 @@ You can upgrade DLs one at a time, or several at the same time.
## Upgrade one or many distribution lists to Microsoft 365 Groups in Outlook
-You must be a global admin or Exchange admin to upgrade a distribution list. To upgrade to Microsoft 365 Groups, a distribution group must have an owner with a mailbox.
+You must be a global admin or Exchange admin to upgrade a distribution list. To upgrade to Microsoft 365 Groups, a distribution group must have an owner with a mailbox.
1. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2059104" target="_blank">Exchange admin center</a>.
@@ -40,7 +40,7 @@ You must be a global admin or Exchange admin to upgrade a distribution list. To
4. Select the upgrade icon.<br/>![Upgrade to Microsoft 365 Groups icon](../../media/1e28cb3d-bff3-4be3-8329-1902d2d54720.png)
-5. On the information dialog, select **Yes** to confirm the upgrade. The process begins immediately. Depending on the size and number of DLs you're upgrading, the process can take minutes or hours.<br/>If the distribution list can't be upgraded, a dialog appears saying so. See [Which distribution lists cannot be upgraded?](#which-distribution-lists-cannot-be-upgraded).
+5. On the information dialog, select **Yes** to confirm the upgrade. The process begins immediately. Depending on the size and number of DLs you're upgrading, the process can take minutes or hours.<br/>If the distribution list can't be upgraded, a dialog appears saying so. See [Which distribution lists cannot be upgraded?](#which-distribution-lists-cant-be-upgraded).
6. If you're upgrading multiple distribution lists, use the drop-down list to filter which distribution lists have been upgraded. If the list isn't complete, wait a while longer and then select **Refresh** to see what's been successfully upgraded.<br/>There's no notice that tells you when the upgrade process has completed for all DLs you selected. You can figure this out by looking to see what's listed under **Available for upgrade** or **Upgraded DLs**.
@@ -49,7 +49,6 @@ You must be a global admin or Exchange admin to upgrade a distribution list. To
> [!NOTE] > If you're getting the groups digest emails you may notice at the bottom that it will sometimes offer to let you upgrade any eligible distribution lists that you're the owner of. See [Have a group conversation in Outlook](https://support.microsoft.com/office/a0482e24-a769-4e39-a5ba-a7c56e828b22) for more information about digest emails. - ## What to do if the upgrade doesn't work Distribution lists that fail to upgrade remain unchanged.
@@ -117,7 +116,7 @@ Get-DistributionGroup| Foreach-Object{
## FAQ about upgrading distribution lists to Microsoft 365 Groups in Outlook
-### Which distribution lists cannot be upgraded?
+### Which distribution lists can't be upgraded?
You can only upgrade cloud-managed, simple, non-nested distribution lists. The table below lists distribution lists that **CANNOT** be upgraded.
@@ -136,7 +135,7 @@ You can only upgrade cloud-managed, simple, non-nested distribution lists. The t
|Distribution lists which were converted to **RoomLists** <br/> |No <br/> | |Distribution lists where **MemberJoinRestriction** and/or **MemberDepartRestriction** is **Closed** <br/> |No <br/> |
-### How do I check which DLs are eligible for upgrade?
+### Check which DLs are eligible for upgrade
If you want to check whether a DL is eligible or not, you can run the below command:
@@ -171,5 +170,3 @@ There are some cases in which though DL is eligible but could not be upgraded. T
### What happens to the DL if the upgrade from EAC fails? The upgrade will happen only when the call is submitted to the server. If the upgrade fails, your DLs will be intact. They will work like they used to.--
admin https://docs.microsoft.com/en-us/microsoft-365/admin/setup/create-distribution-lists https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/create-distribution-lists.md
@@ -31,8 +31,6 @@ Used when you want to send email to group of people without having to type each
Distribution groups are sometimes called distribution lists.
-> [!VIDEO https://www.microsoft.com/videoplayer/embed/e8747233-4f1c-4bf4-81cf-2a4ea9ccd80d?autoplay=false]
-
## Create a distribution group (list) ::: moniker range="o365-worldwide"
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/apply-sensitivity-label-automatically.md
@@ -222,9 +222,9 @@ Workflow for an auto-labeling policy:
1. Create and configure an auto-labeling policy.
-2. Run the policy in simulation mode and wait 24 hours, or until the simulation is complete.
+2. Run the policy in simulation mode, which can take 48 hours to complete.
-3. Review the results, and if necessary, refine your policy. Rerun simulation mode and wait another 24 hours, or until the simulation is complete.
+3. Review the results, and if necessary, refine your policy. Rerun simulation mode and wait for it to complete again.
4. Repeat step 3 as needed.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/audit-log-search-script https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/audit-log-search-script.md
@@ -0,0 +1,167 @@
+
+ Title: "Use a PowerShell script to search the audit log"
+f1.keywords:
+- NOCSH
+++
+audience: Admin
++
+localization_priority: Priority
+
+- Strat_O365_IP
+- M365-security-compliance
+search.appverid:
+- MOE150
+- MET150
+
+description: "Use a PowerShell script, the runs the Search-UnifiedAuditLog cmdlet, to search the audit log. This script is optimized to return a large set (up to 50,000) audit records. The script exports these records to a CSV file that you can view or transform using Power Query in Excel."
++
+# Use a PowerShell script to search the audit log
+
+Security, compliance, and auditing have become a top priority for IT administrators in todayΓÇÖs world. Microsoft 365 has several built-in capabilities to help organizations manage security, compliance, and auditing. In particular, unified audit logging can help you investigate security incidents and compliance issues. You can retrieve audit logs by using the following methods:
+
+- [The Office 365 Management Activity API](https://docs.microsoft.com/office/office-365-management-api/office-365-management-activity-api-reference)
+
+- The [audit log search tool](search-the-audit-log-in-security-and-compliance.md) in the Microsoft 365 compliance center
+
+- The [Search-UnifiedAuditLog](https://docs.microsoft.com/powershell/module/exchange/search-unifiedauditlog) cmdlet in Exchange Online PowerShell
+
+If you need to retrieve audit logs on a regular basis, you should consider a solution that uses the Office 365 Management Activity API because it that can provide large organizations with the scalability and performance to retrieve millions of audit records on an ongoing basis. Using the audit log search tool in Microsoft 365 compliance center is a good way to quickly find audit records for specific operations that occur in shorter time range. Using longer time ranges in the audit log search tool, especially for large organizations, might return too many records to easily manage or export.
+
+When there are situations where you need to manually retrieve auditing data for a specific investigation or incident, particularly for longer date ranges in larger organizations, using the **Search-UnifiedAuditLog** cmdlet may be the best option. This article includes a PowerShell script that uses the cmdlet to retrieve up to 50,000 audit records and then export them to a CSV file that you can format using Power Query in Excel to help with your review. Using the script in this article also minimizes the chance that large audit log searches will time out in the service.
+
+## Before you run the script
+
+- Audit logging has to be enabled for your organization to successfully use the script to return audit records. Audit logging is turned on by default for Microsoft 365 and Office 365 enterprise organizations. To verify that audit log search is turned on for your organization, you can run the following command in Exchange Online PowerShell:
+
+ ```powershell
+ Get-AdminAuditLogConfig | FL UnifiedAuditLogIngestionEnabled
+ ```
+
+ The value of `True` for the **UnifiedAuditLogIngestionEnabled** property indicates that audit log search is turned on.
+
+- You have to be assigned the View-Only Audit Logs or Audit Logs role in Exchange Online to run successfully the script. By default, these roles are assigned to the Compliance Management and Organization Management role groups on the Permissions page in the Exchange admin center. For more information, see the "Requirements to search the audit log" section in [Search the audit log in the compliance center](search-the-audit-log-in-security-and-compliance.md#requirements-to-search-the-audit-log).
+
+- It may take a long time for the script to complete. How long it takes to run depends on the date range and the size of the interval that you configure the script to retrieve audit records for. Larger date ranges and smaller intervals will result in a long running time. See the table in Step 2 for more information about the date range and intervals.
+
+- The sample script provided in this article isn't supported under any Microsoft standard support program or service. The sample script is provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample script and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the script be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample script or documentation, even if Microsoft has been advised of the possibility of such damages.
+
+## Step 1: Connect to Exchange Online PowerShell
+
+The first step is to connect to Exchange Online PowerShell. You can connect using modern authentication or with multi-factor authentication (MFA). For step-by-step instructions, see [Connect to Exchange Online PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-exchange-online-powershell).
+
+## Step 2: Modify and run the script to retrieve audit records
+
+After you've connected to Exchange Online PowerShell, the next step is to create, modify, and run the script to retrieve the auditing data. The first seven lines in the audit log search script contain the following variables that you can modify to configure your search. See the table in step 2 for a description of these variables.
+
+1. Save the following text to a Windows PowerShell script by using a filename suffix of .ps1. For example, SearchAuditLog.ps1.
+
+```powershell
+#Modify the values for the following variables to configure the audit log search.
+$logFile = "d:\AuditLogSearch\AuditLogSearchLog.txt"
+$outputFile = "d:\AuditLogSearch\AuditLogRecords.csv"
+[DateTime]$start = [DateTime]::UtcNow.AddDays(-1)
+[DateTime]$end = [DateTime]::UtcNow
+$record = "AzureActiveDirectory"
+$resultSize = 5000
+$intervalMinutes = 60
+
+#Start script
+[DateTime]$currentStart = $start
+[DateTime]$currentEnd = $start
+
+Function Write-LogFile ([String]$Message)
+{
+ $final = [DateTime]::Now.ToString("s") + ":" + $Message
+ $final | Out-File $logFile -Append
+}
+
+Write-LogFile "BEGIN: Retrieving audit records between $($start) and $($end), RecordType=$record, PageSize=$resultSize."
+Write-Host "Retrieving audit records for the date range between $($start) and $($end), RecordType=$record, ResultsSize=$resultSize"
+
+$totalCount = 0
+while ($true)
+{
+ $currentEnd = $currentStart.AddMinutes($intervalMinutes)
+ if ($currentEnd -gt $end)
+ {
+ $currentEnd = $end
+ }
+
+ if ($currentStart -eq $currentEnd)
+ {
+ break
+ }
+
+ $sessionID = [DateTime]::Now.ToString("s")
+ Write-LogFile "INFO: Retrieving audit records for activities performed between $($currentStart) and $($currentEnd)"
+ Write-Host "Retrieving audit records for activities performed between $($currentStart) and $($currentEnd)"
+ $currentCount = 0
+
+ $sw = [Diagnostics.StopWatch]::StartNew()
+ do
+ {
+ $results = Search-UnifiedAuditLog -StartDate $currentStart -EndDate $currentEnd -RecordType $record -SessionId $sessionID -SessionCommand ReturnLargeSet -ResultSize $resultSize
+
+ if (($results | Measure-Object).Count -ne 0)
+ {
+ $results | export-csv -Path $outputFile -Append -NoTypeInformation
+
+ $currentTotal = $results[0].ResultCount
+ $totalCount += $results.Count
+ $currentCount += $results.Count
+ Write-LogFile "INFO: Retrieved $($currentCount) audit records out of the total $($currentTotal)"
+
+ if ($currentTotal -eq $results[$results.Count - 1].ResultIndex)
+ {
+ $message = "INFO: Successfully retrieved $($currentTotal) audit records for the current time range. Moving on!"
+ Write-LogFile $message
+ Write-Host "Successfully retrieved $($currentTotal) audit records for the current time range. Moving on to the next interval." -foregroundColor Yellow
+ ""
+ break
+ }
+ }
+ }
+ while (($results | Measure-Object).Count -ne 0)
+
+ $currentStart = $currentEnd
+}
+
+Write-LogFile "END: Retrieving audit records between $($start) and $($end), RecordType=$record, PageSize=$resultSize, total count: $totalCount."
+Write-Host "Script complete! Finished retrieving audit records for the date range between $($start) and $($end). Total count: $totalCount" -foregroundColor Green
+
+```
+
+2. Modify the variables listed in the following table to configure the search criteria. The script includes sample values for these variables, but you should change them (unless stated otherwise) to meet your specific requirements.
+
+ |Variable|Sample value|Description|
+ ||||
+ |`$logFile`|"d:\temp\AuditSearchLog.txt"|Specifies the name and location for the log file that contains information about the progress of the audit log search performed by the script.|
+ |`$outputFile`|"d:\temp\AuditRecords.csv"|Specifies the name and location of the CSV file that contains the audit records returned by the script.|
+ |`[DateTime]$start` and `[DateTime]$end`|[DateTime]::UtcNow.AddDays(-1) <br/>[DateTime]::UtcNow|Specifies the date range for the audit log search. The script will return records for audit activities that occurred within the specified date range. For example, to return activities performed in January 2021, you can use a start date of `"2021-01-01"` and an end date of `"2021-01-31"` (be sure to surround the values in double-quotation marks) The sample value in the script returns records for activities performed in the previous 24 hours. If you don't include a timestamp in the value, the default timestamp is 12:00 AM (midnight) on the specified date.|
+ |`$record`|"AzureActiveDirectory"|Specifies the record type of the audit activities (also called *operations*) to search for. This property indicates the service or feature that an activity was triggered in. For a list of record types that you can use for this variable, see [Audit log record type](https://docs.microsoft.com/office/office-365-management-api/office-365-management-activity-api-schema#auditlogrecordtype). You can use the record type name or ENUM value. <br/><br/>**Tip:** To return audit records for all record types, use the value `$null` (without double-quotations marks).|
+ |`$resultSize`|5000|Specifies the number of results returned each time the **Search-UnifiedAuditLog** cmdlet is called by the script (called a *result set*). The value of 5,000 is the maximum value supported by the cmdlet. Leave this value as-is.|
+ |`$intervalMinutes`|60|To help overcome the limit of 5000 records returned, this variable takes the data range you specified and slices it up into smaller time intervals. Now each interval, not the entire date range, is subject to the 5000 record output limit of the command. The default value of 5000 records per 60 minute interval within the date range should be sufficient for most organizations. But, if the script returns an error that says, `maximum results limitation reached`, decrease the time interval (for example, to 30 minutes or even 15 minutes) and rerun the script.|
+ ||||
+
+ Most of the variables listed in the previous table correspond to parameters for the **Search-UnifiedAuditLog** cmdlet. For more information about these parameters, see [Search-UnifiedAuditLog](https://docs.microsoft.com/powershell/module/exchange/search-unifiedauditlog).
+
+3. On your local computer, open Windows PowerShell and go to the folder where you saved the modified script.
+
+4. Run the script in Exchange Online PowerShell; for example:
+
+ ```powershell
+ .\SearchAuditLog.ps1
+ ```
+
+The script displays progress messages while it's running. After the script is finished running, it creates the log file and the CSV file that contains the audit records and saves them to the folders defined by the `$logFile` and `$outputFile` variables.
+
+> [!IMPORTANT]
+> There is a 50,000 limit for the maximum number of audit records returned each time you run this script. If you run this script and it returns 50,000 results, then it's likely that audit records for activities that occurred within the date range weren't included. If this happens, we recommend that you divide the date range into smaller durations and then rerun the script for each date range. For example, if a date range of 90 days returns 50,000 results then you can rerun the script twice, once for the first 45 days in the date range and then again for the next 45 days.
+
+## Step 3: Format and view the audit records
+
+After you've run the script and exported the audit records to a CSV file, you may want to format the CSV to make easier to review and analyze the audit records. One way to do this is to the Power Query JSON transform feature in Excel to split each property in the JSON object in the **AuditData** column into its own column. For step-by-step instructions, see "Step 2: Format the exported audit log using the Power Query Editor" in [Export, configure, and view audit log records](export-view-audit-log-records.md#step-2-format-the-exported-audit-log-using-the-power-query-editor).
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/create-a-custom-sensitive-information-type-in-scc-powershell https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-custom-sensitive-information-type-in-scc-powershell.md
@@ -156,7 +156,7 @@ An entity is a sensitive information type, such as a credit card number, that ha
### Name the entity and generate its GUID 1. In your XML editor of choice, add the Rules and Entity elements.
-2. Add a comment that contains the name of your custom entity - in this example, Employee ID. Later, you'll add the entity name to the localized strings section, and that name is what appears in the UI when you create a policy.
+2. Add a comment that contains the name of your custom entity ΓÇö in this example, Employee ID. Later, you'll add the entity name to the localized strings section, and that name is what appears in the UI when you create a policy.
3. Generate a GUID for your entity. There are several ways to generate GUIDs, but you can do it easily in PowerShell by typing **[guid]::NewGuid()**. Later, you'll also add the entity GUID to the localized strings section. ![XML markup showing Rules and Entity elements](../media/c46c0209-0947-44e0-ac3a-8fd5209a81aa.png)
@@ -187,7 +187,7 @@ You can use the optional minCount attribute to specify how many instances of a m
### Keywords [Keyword, Group, and Term elements, matchStyle and caseSensitive attributes]
-When you identify sensitive information, like an employee ID, you often want to require keywords as corroborative evidence. For example, in addition to matching a nine-digit number, you may want to look for words like "card", "badge", or "ID". To do this, you use the Keyword element. The Keyword element has an id attribute that can be referenced by multiple Match elements in multiple patterns or entities.
+When you identify sensitive information, like an employee ID, you often want to require keywords as corroborative evidence. For example, in addition to matching a nine-digit number, you may want to look for words like "card", "badge", or "ID". To do this, you use the Keyword element. The Keyword element has an ID attribute that can be referenced by multiple Match elements in multiple patterns or entities.
Keywords are included as a list of Term elements in a Group element. The Group element has a matchStyle attribute with two possible values:
@@ -201,7 +201,7 @@ Finally, you can use the caseSensitive attribute of the Term element to specify
### Regular expressions [Regex element]
-In this example, the employee ID entity already uses the IdMatch element to reference a regex for the pattern - a nine-digit number surrounded by whitespace. In addition, a pattern can use a Match element to reference an additional Regex element to identify corroborative evidence, such as a five- or nine-digit number in the format of a US zip code.
+In this example, the employee ID entity already uses the IdMatch element to reference a regex for the pattern ΓÇö a nine-digit number surrounded by whitespace. In addition, a pattern can use a Match element to reference an additional Regex element to identify corroborative evidence, such as a five- or nine-digit number in the format of a US zip code.
### Additional patterns such as dates or addresses [built-in functions]
@@ -215,7 +215,7 @@ For more information, see [What the DLP functions look for](what-the-dlp-functio
## Different combinations of evidence [Any element, minMatches and maxMatches attributes]
-In a Pattern element, all IdMatch and Match elements are joined by an implicit AND operator - all of the matches must be satisfied before the pattern can be satisfied. However, you can create more flexible matching logic by using the Any element to group Match elements. For example, you can use the Any element to match all, none, or an exact subset of its children Match elements.
+In a Pattern element, all IdMatch and Match elements are joined by an implicit AND operator ΓÇö all of the matches must be satisfied before the pattern can be satisfied. However, you can create more flexible matching logic by using the Any element to group Match elements. For example, you can use the Any element to match all, none, or an exact subset of its children Match elements.
The Any element has optional minMatches and maxMatches attributes that you can use to define how many of the children Match elements must be satisfied before the pattern is matched. Note that these attributes define the number of Match elements that must be satisfied, not the number of instances of evidence found for the matches. To define a minimum number of instances for a specific match, such as two keywords from a list, use the minCount attribute for a Match element (see above).
@@ -233,7 +233,7 @@ If you want to require that only a minimum number of Match elements must be met,
### Match an exact subset of any children Match elements
-If you want to require that an exact number of Match elements must be met, you can set minMatches and maxMatches to the same value. This Any element is satisfied only if exactly one date or keyword is found - any more than that, and the pattern won't be matched.
+If you want to require that an exact number of Match elements must be met, you can set minMatches and maxMatches to the same value. This Any element is satisfied only if exactly one date or keyword is found ΓÇö any more than that, and the pattern won't be matched.
```xml <Any minMatches="1" maxMatches="1" >
@@ -289,7 +289,7 @@ Note that for email, the message body and each attachment are treated as separat
The more evidence that a pattern requires, the more confidence you have that an actual entity (such as employee ID) has been identified when the pattern is matched. For example, you have more confidence in a pattern that requires a nine-digit ID number, hire date, and keyword in close proximity, than you do in a pattern that requires only a nine-digit ID number.
-The Pattern element has a required confidenceLevel attribute. You can think of the value of confidenceLevel (an integer between 1 and 100) as a unique ID for each pattern in an entity - the patterns in an entity must have different confidence levels that you assign. The precise value of the integer doesn't matter - simply pick numbers that make sense to your compliance team. After you upload your custom sensitive information type and then create a policy, you can reference these confidence levels in the conditions of the rules that you create.
+The Pattern element has a required confidenceLevel attribute. You can think of the value of confidenceLevel (an integer between 1 and 100) as a unique ID for each pattern in an entity ΓÇö the patterns in an entity must have different confidence levels that you assign. The precise value of the integer doesn't matter ΓÇö simply pick numbers that make sense to your compliance team. After you upload your custom sensitive information type and then create a policy, you can reference these confidence levels in the conditions of the rules that you create.
![XML markup showing Pattern elements with different values for confidenceLevel attribute](../media/301e0ba1-2deb-4add-977b-f6e9e18fba8b.png)
@@ -343,7 +343,7 @@ When complete, your RulePack element should look like this.
## Changes for Exchange Online
-Previously, you might have used Exchange Online PowerShell to import your custom sensitive information types for DLP. Now your custom sensitive information types can be used in both the Exchange admin center and the Compliance center. As part of this improvement, you should use Compliance center PowerShell to import your custom sensitive information types - you can't import them from the Exchange PowerShell anymore. Your custom sensitive information types will continue to work just like before; however, it may take up to one hour for changes made to custom sensitive information types in the Compliance center to appear in the Exchange admin center.
+Previously, you might have used Exchange Online PowerShell to import your custom sensitive information types for DLP. Now your custom sensitive information types can be used in both the Exchange admin center and the Compliance center. As part of this improvement, you should use Compliance center PowerShell to import your custom sensitive information types ΓÇö you can't import them from the Exchange PowerShell anymore. Your custom sensitive information types will continue to work just like before; however, it may take up to one hour for changes made to custom sensitive information types in the Compliance center to appear in the Exchange admin center.
Note that in the Compliance center, you use the **[New-DlpSensitiveInformationTypeRulePackage](https://docs.microsoft.com/powershell/module/exchange/new-dlpsensitiveinformationtyperulepackage)** cmdlet to upload a rule package. (Previously, in the Exchange admin center, you used the **ClassificationRuleCollection**` cmdlet.)
@@ -424,9 +424,9 @@ When you upload your rule package XML file, the system validates the XML and che
For example, "(xx)\*" and "(xx)+" will not pass validation. -- Keywords have a maximum of 50 characters in Length. If you have a keyword within a Group exceeding this, a suggested solution is to create the Group of terms as a [Keyword Dictionary](https://docs.microsoft.com/en-us/microsoft-365/compliance/create-a-keyword-dictionary) and reference the GUID of the Keyword Dictionary within the XML structure as part of the Entity for Match or idMatch in the file.
+- Keywords have a maximum of 50 characters in Length. If you have a keyword within a Group exceeding this, a suggested solution is to create the Group of terms as a [Keyword Dictionary](https://docs.microsoft.com/microsoft-365/compliance/create-a-keyword-dictionary) and reference the GUID of the Keyword Dictionary within the XML structure as part of the Entity for Match or idMatch in the file.
-- Each Custom Sensitive Information Type can have a maxium of 2048 keywords total.
+- Each Custom Sensitive Information Type can have a maximum of 2048 keywords total.
- When using the PowerShell Cmdlet there is a maximum return size of the Deserialized Data of approximately 1 megabyte. This will affect the size of your XML file. Keep the uploaded file limited to a 512 megabyte maximum as a suggested limit for consistent results without error when processing.
@@ -444,7 +444,7 @@ If a custom sensitive information type contains an issue that may affect perform
Microsoft 365 uses the search crawler to identify and classify sensitive information in site content. Content in SharePoint Online and OneDrive for Business sites is recrawled automatically whenever it's updated. But to identify your new custom type of sensitive information in all existing content, that content must be recrawled.
-In Microsoft 365, you can't manually request a recrawl of an entire tenant, but you can do this for a site collection, list, or library - see [Manually request crawling and re-indexing of a site, a library or a list](https://docs.microsoft.com/sharepoint/crawl-site-content).
+In Microsoft 365, you can't manually request a recrawl of an entire tenant, but you can do this for a site collection, list, or library ΓÇö see [Manually request crawling and re-indexing of a site, a library or a list](https://docs.microsoft.com/sharepoint/crawl-site-content).
## Remove a custom sensitive information type
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/create-custom-sensitive-information-types-with-exact-data-match-based-classification https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-custom-sensitive-information-types-with-exact-data-match-based-classification.md
@@ -48,8 +48,8 @@ EDM-based classification enables you to create custom sensitive information type
> - Chinese (traditional) > - Korean > - Japanese-
->This support is available for sensitive information types. See, [Information protection support for double byte character sets release notes (preview)](mip-dbcs-relnotes.md) for more information.
+>
+> This support is available for sensitive information types. See, [Information protection support for double byte character sets release notes (preview)](mip-dbcs-relnotes.md) for more information.
## Required licenses and permissions
@@ -98,7 +98,7 @@ Setting up and configuring EDM-based classification involves:
2. Structure the sensitive data in the .csv file such that the first row includes the names of the fields used for EDM-based classification. In your .csv file, you might have field names, such as "ssn", "birthdate", "firstname", "lastname". The column header names can't include spaces or underscores. For example, the sample .csv file that we use in this article is named *PatientRecords.csv*, and its columns include *PatientID*, *MRN*, *LastName*, *FirstName*, *SSN*, and more.
-3. Pay attention to the format of the sensitive data fields. In particular, fields that may contain commas in their content (e.g. a street address that contains the value "Seattle,WA") would be parsed as two separate fields when parsed by the EDM tool. In order to avoid this, you need to ensure such fields are surrounded by single or double quotes in the sensitive data table. If fields with commas in them may also contain spaces, you would need to create a custom Sensitive Information Type that matches the corresponding format (e.g. a multi-word string with commas and spaces in it) to ensure the string is correctly matched wjen the document is scanned.
+3. Pay attention to the format of the sensitive data fields. In particular, fields that may contain commas in their content (e.g. a street address that contains the value "Seattle,WA") would be parsed as two separate fields when parsed by the EDM tool. In order to avoid this, you need to ensure such fields are surrounded by single or double quotes in the sensitive data table. If fields with commas in them may also contain spaces, you would need to create a custom Sensitive Information Type that matches the corresponding format (e.g. a multi-word string with commas and spaces in it) to ensure the string is correctly matched when the document is scanned.
#### Define the schema for your database of sensitive information
@@ -409,13 +409,13 @@ This computer must have direct access to your Microsoft 365 tenant.
2. Download and install the appropriate [EDM Upload Agent](#links-to-edm-upload-agent-by-subscription-type) for your subscription into the directory you created in step 1.
-> [!NOTE]
-> The EDMUploadAgent at the above links has been updated to automatically add a salt value to the hashed data. Alternately, you can provide your own salt value. Once you have used this version, you will not be able to use the previous version of the EDMUploadAgent.
->
-> You can upload data with the EDMUploadAgent to any given data store only twice per day.
+ > [!NOTE]
+ > The EDMUploadAgent at the above links has been updated to automatically add a salt value to the hashed data. Alternately, you can provide your own salt value. Once you have used this version, you will not be able to use the previous version of the EDMUploadAgent.
+ >
+ > You can upload data with the EDMUploadAgent to any given data store only twice per day.
-> [!TIP]
-> To a get a list out of the supported command parameters, run the agent no arguments. For example 'EdmUploadAgent.exe'.
+ > [!TIP]
+ > To a get a list out of the supported command parameters, run the agent no arguments. For example 'EdmUploadAgent.exe'.
2. Authorize the EDM Upload Agent, open Command Prompt window (as an administrator), switch to the **C:\EDM\Data** directory and then run the following command:
@@ -423,25 +423,25 @@ This computer must have direct access to your Microsoft 365 tenant.
3. Sign in with your work or school account for Microsoft 365 that was added to the EDM_DataUploaders security group. Your tenant information is extracted from the user account to make the connection.
-OPTIONAL: If you used the Exact Data Match schema and sensitive information type wizard to create your schema and pattern files, run the following command in a Command Prompt window:
+ OPTIONAL: If you used the Exact Data Match schema and sensitive information type wizard to create your schema and pattern files, run the following command in a Command Prompt window:
-`EdmUploadAgent.exe /SaveSchema /DataStoreName <schema name> /OutputDir <path to output folder>`
+ `EdmUploadAgent.exe /SaveSchema /DataStoreName <schema name> /OutputDir <path to output folder>`
4. To hash and upload the sensitive data, run the following command in Command Prompt window:
-`EdmUploadAgent.exe /UploadData /DataStoreName [DS Name] /DataFile [data file] /HashLocation [hash file location] /Schema [Schema file]`
+ `EdmUploadAgent.exe /UploadData /DataStoreName [DS Name] /DataFile [data file] /HashLocation [hash file location] /Schema [Schema file]`
-Example: **EdmUploadAgent.exe /UploadData /DataStoreName PatientRecords /DataFile C:\Edm\Hash\PatientRecords.csv /HashLocation C:\Edm\Hash /Schema edm.xml**
+ Example: **EdmUploadAgent.exe /UploadData /DataStoreName PatientRecords /DataFile C:\Edm\Hash\PatientRecords.csv /HashLocation C:\Edm\Hash /Schema edm.xml**
-This will automatically add a randomly generated salt value to the hash for greater security. Optionally, if you want to use your own salt value, add the **/Salt <saltvalue>** to the command. This value must be 64 characters in length and can only contain the a-z characters and 0-9 characters.
+ This will automatically add a randomly generated salt value to the hash for greater security. Optionally, if you want to use your own salt value, add the **/Salt <saltvalue>** to the command. This value must be 64 characters in length and can only contain the a-z characters and 0-9 characters.
5. Check the upload status by running this command:
-`EdmUploadAgent.exe /GetSession /DataStoreName \<DataStoreName\>`
+ `EdmUploadAgent.exe /GetSession /DataStoreName \<DataStoreName\>`
-Example: **EdmUploadAgent.exe /GetSession /DataStoreName PatientRecords**
+ Example: **EdmUploadAgent.exe /GetSession /DataStoreName PatientRecords**
-Look for the status to be in **ProcessingInProgress**. Check again every few minutes until the status changes to **Completed**. Once the status is completed, your EDM data is ready for use.
+ Look for the status to be in **ProcessingInProgress**. Check again every few minutes until the status changes to **Completed**. Once the status is completed, your EDM data is ready for use.
#### Separate Hash and upload
@@ -453,39 +453,38 @@ OPTIONAL: If you used the Exact Data Match schema and sensitive information type
1. Run the following command in Command Prompt windows:
-`EdmUploadAgent.exe /CreateHash /DataFile [data file] /HashLocation [hash file location] /Schema [Schema file] >`
+ `EdmUploadAgent.exe /CreateHash /DataFile [data file] /HashLocation [hash file location] /Schema [Schema file] >`
-For example:
+ For example:
-> **EdmUploadAgent.exe /CreateHash /DataFile C:\Edm\Data\PatientRecords.csv /HashLocation C:\Edm\Hash /Schema edm.xml**
+ > **EdmUploadAgent.exe /CreateHash /DataFile C:\Edm\Data\PatientRecords.csv /HashLocation C:\Edm\Hash /Schema edm.xml**
-This will output a hashed file and a salt file with these extensions if you didn't specify the **/Salt <saltvalue>** option:
-- .EdmHash-- .EdmSalt
+ This will output a hashed file and a salt file with these extensions if you didn't specify the **/Salt <saltvalue>** option:
+ - .EdmHash
+ - .EdmSalt
2. Copy these files in a secure fashion to the computer you will use to upload your sensitive items csv file (PatientRecords) to your tenant.
-To upload the hashed data, run the following command in Windows Command Prompt:
-
-`EdmUploadAgent.exe /UploadHash /DataStoreName \<DataStoreName\> /HashFile \<HashedSourceFilePath\>`
+ To upload the hashed data, run the following command in Windows Command Prompt:
-For example:
+ `EdmUploadAgent.exe /UploadHash /DataStoreName \<DataStoreName\> /HashFile \<HashedSourceFilePath\>`
-> **EdmUploadAgent.exe /UploadHash /DataStoreName PatientRecords /HashFile C:\\Edm\\Hash\\PatientRecords.EdmHash**
+ For example:
+ > **EdmUploadAgent.exe /UploadHash /DataStoreName PatientRecords /HashFile C:\\Edm\\Hash\\PatientRecords.EdmHash**
-To verify that your sensitive data has been uploaded, run the following command in Command Prompt window:
+ To verify that your sensitive data has been uploaded, run the following command in Command Prompt window:
-`EdmUploadAgent.exe /GetDataStore`
+ `EdmUploadAgent.exe /GetDataStore`
-You'll see a list of data stores and when they were last updated.
+ You'll see a list of data stores and when they were last updated.
-If you want to see all the data uploads to a particular store, run the following command in a Windows command prompt:
+ If you want to see all the data uploads to a particular store, run the following command in a Windows command prompt:
-`EdmUploadAgent.exe /GetSession /DataStoreName <DataStoreName>`
+ `EdmUploadAgent.exe /GetSession /DataStoreName <DataStoreName>`
-Proceed to set up your process and schedule for [Refreshing your sensitive information database](#refreshing-your-sensitive-information-database).
+ Proceed to set up your process and schedule for [Refreshing your sensitive information database](#refreshing-your-sensitive-information-database).
At this point, you are ready to use EDM-based classification with your Microsoft cloud services. For example, you can [set up a DLP policy using EDM-based classification](#to-create-a-dlp-policy-with-edm).
@@ -614,7 +613,7 @@ EDM sensitive information types for following scenarios are currently in develop
5. On the **Choose locations** tab, select **Let me choose specific locations**, and then choose **Next**.
-6. In the **Status** column, select **Exchange email, OneDrive accounts, Teams chat and channel message** , and then choose **Next**.
+6. In the **Status** column, select **Exchange email, OneDrive accounts, Teams chat and channel message**, and then choose **Next**.
7. On the **Policy settings** tab, choose **Use advanced settings**, and then choose **Next**.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/create-sensitivity-labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-sensitivity-labels.md
@@ -181,7 +181,7 @@ To edit an existing label policy, select it, and then select the **Edit Policy**
This button starts the **Create policy** wizard, which lets you edit which labels are included and the label settings. When you complete the wizard, any changes are automatically replicated to the selected users and services.
-When you use built-in labeling for Windows, macOS, iOS and Android, users see new labels in their Office apps within four hours, and within one hour for Office on the web. However, allow up to 24 hours for changes to replicate to all apps and services.
+When you use built-in labeling for Office apps on Windows, macOS, iOS, and Android, users see new labels within four hours, and within one hour for Office on the web. However, allow up to 24 hours for changes to replicate to all apps and services.
### Additional label policy settings with Security & Compliance Center PowerShell
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/endpoint-dlp-getting-started https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/endpoint-dlp-getting-started.md
@@ -18,7 +18,7 @@
- m365initiative-compliance search.appverid: - MET150
-description: "Set up Microsoft 365 Endpoint data loss prevention to monitor file activities and implement protective actions for those file to endpoints."
+description: "Set up Microsoft 365 Endpoint data loss prevention to monitor file activities and implement protective actions for those files to endpoints."
# Get started with Endpoint data loss prevention
@@ -84,11 +84,13 @@ Make sure that the Windows 10 devices that you plan on deploying Endpoint DLP to
2. Antimalware Client Version is 4.18.2009.7 or newer. Check your current version by opening Windows Security app, select the Settings icon, and then select About. The version number is listed under Antimalware Client Version. Update to the latest Antimalware Client Version by installing Windows Update KB4052623.
-> [!NOTE]
-> None of Windows Security components need to be active, you can run Endpoint DLP independent of Windows Security status, but the [Real-time protection and Behavior monitor](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus)) must be enabled.
+ > [!NOTE]
+ > None of Windows Security components need to be active, you can run Endpoint DLP independent of Windows Security status, but the [Real-time protection and Behavior monitor](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus)) must be enabled.
-
-3. The following Windows Updates are installed. Note: These updates are not a pre-requisite to onboard a device to Endpoint DLP, but contain fixes for important issues thus must be installed before using the product.
+3. The following Windows Updates are installed.
+
+ > [!NOTE]
+ > These updates are not a pre-requisite to onboard a device to Endpoint DLP, but contain fixes for important issues thus must be installed before using the product.
- For Windows 10 1809 - KB4559003, KB4577069, KB4580390 - For Windows 10 1903 or 1909 - KB4559004, KB4577062, KB4580386
@@ -134,7 +136,7 @@ In this deployment scenario, you'll onboard devices that have not been onboarded
> [!div class="mx-imgBorder"] > ![deployment method](../media/endpoint-dlp-getting-started-3-deployment-method.png)
-6. Follow the appropriate procedures in [Onboarding tools and methods for Windows 10 machines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints). This link take you to a landing page where you can access Microsoft Defender for Endpoint procedures that match the deployment package you selected in step 5:
+6. Follow the appropriate procedures in [Onboarding tools and methods for Windows 10 machines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints). This link takes you to a landing page where you can access Microsoft Defender for Endpoint procedures that match the deployment package you selected in step 5:
- Onboard Windows 10 machines using Group Policy - Onboard Windows machines using Microsoft Endpoint Configuration Manager
@@ -164,7 +166,7 @@ In this scenario, Microsoft Defender for Endpoint is already deployed and there
5. Choose the way you want to deploy to these additional devices from the **Deployment method** list and then **Download package**.
-6. Follow the appropriate procedures in [Onboarding tools and methods for Windows 10 machines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints). This link take you to a landing page where you can access Microsoft Defender for Endpoint procedures that match the deployment package you selected in step 5:
+6. Follow the appropriate procedures in [Onboarding tools and methods for Windows 10 machines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints). This link takes you to a landing page where you can access Microsoft Defender for Endpoint procedures that match the deployment package you selected in step 5:
- Onboard Windows 10 machines using Group Policy - Onboard Windows machines using Microsoft Endpoint Configuration Manager
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/endpoint-dlp-using https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/endpoint-dlp-using.md
@@ -81,6 +81,14 @@ If the list mode is set to **Allow**, then users will be able to upload sensitiv
You add browsers, identified by their executable names, that will be blocked from accessing files that match the conditions of an enforced a DLP policy where the upload to cloud services restriction is set to block or block override. When these browsers are blocked from accessing a file, the end users will see a toast notification asking them to open the file through Edge Chromium.
+### Business justification in policy tips
+
+You can control how users interact with the business justification option in DLP policy tip notifications. This option appears when users perform an activity that's protected by the **Block with override** setting in a DLP policy. You can choose from one the following options:
+
+- By default, users can select either a built-in justification, or enter their own text.
+- Users can only select a built-in justification.
+- Users can only enter their own justification.
+ ## Tying DLP settings together
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/keyword-queries-and-search-conditions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/keyword-queries-and-search-conditions.md
@@ -46,7 +46,7 @@ The following table lists email message properties that can be searched by using
> [!NOTE] > When searching email properties, it's not possible to search for items in which the specified property is empty or blank. For example, using the *property:value* pair of **subject:""** to search for email messages with an empty subject line will return zero results. This also applies when searching site and contact properties.
-|**Property**|**Property description**|**Examples**|**Search results returned by the examples**|
+| Property | Property description | Examples | Search results returned by the examples |
|:--|:--|:--|:--| |AttachmentNames|The names of files attached to an email message.|`attachmentnames:annualreport.ppt` <br/> `attachmentnames:annual*` <br/> `attachmentnames:.pptx` |Messages that have an attached file named annualreport.ppt. In the second example, using the wildcard returns messages with the word "annual" in the file name of an attachment. The third example returns all attachments with the pptx file extension.| |Bcc|The Bcc field of an email message.<sup>1</sup>|`bcc:pilarp@contoso.com` <br/> `bcc:pilarp` <br/> `bcc:"Pilar Pinilla"`|All examples return messages with Pilar Pinilla included in the Bcc field.|
@@ -88,7 +88,7 @@ The following table lists some of the SharePoint and OneDrive for Business prope
For a complete list of SharePoint properties that can be searched, see [Overview of crawled and managed properties in SharePoint](https://go.microsoft.com/fwlink/p/?LinkId=331599). Properties marked with a **Yes** in the **Queryable** column can be searched.
-|**Property**|**Property description**|**Example**|**Search results returned by the examples**|
+| Property | Property description | Example | Search results returned by the examples |
|:--|:--|:--|:--| |Author|The author field from Office documents, which persists if a document is copied. For example, if a user creates a document and the emails it to someone else who then uploads it to SharePoint, the document will still retain the original author. Be sure to use the user's display name for this property.|` |ContentType|The SharePoint content type of an item, such as Item, Document, or Video.|`contenttype:document`|All documents would be returned.|
@@ -114,7 +114,7 @@ The following table lists the contact properties that are indexed and that you c
> [!TIP] > To search for values that contain spaces or special characters, use double quotation marks (" ") to contain the phrase; for example, `businessaddress:"123 Main Street"`.
-|**Property**|**Property description**|
+| Property | Property description |
|:--|:--| |BusinessAddress|The address in the **Business Address** property. The property is also called the **Work** address on the contact properties page.| |BusinessPhone|The phone number in any of the **Business Phone** number properties.|
@@ -138,21 +138,31 @@ The following table lists the contact properties that are indexed and that you c
## Searchable sensitive data types
-You can use the Content Search feature in the compliance center to search for sensitive data, such as credit card numbers or social security numbers, that is stored in documents on SharePoint and OneDrive for Business sites. You can do this by using the `SensitiveType` property and the name of a sensitive information type in a keyword query. For example, the query `SensitiveType:"Credit Card Number"` returns documents that contain a credit card number. The query `SensitiveType:"U.S. Social Security Number (SSN)"` returns documents that contain a U.S. social security number. To see a list of the sensitive data types that you can search for, go to **Data classifications** \> **Sensitive info types** in the Microsoft 365 compliance center. Or you can use the **Get-DlpSensitiveInformationType** cmdlet in Security & Compliance Center PowerShell to display a list of sensitive information types.
+You can use eDiscovery search tools in the Microsoft 365 compliance center to search for sensitive data, such as credit card numbers or social security numbers, that is stored in documents on SharePoint and OneDrive for Business sites. You can do this by using the `SensitiveType` property and the name (or ID) of a sensitive information type in a keyword query. For example, the query `SensitiveType:"Credit Card Number"` returns documents that contain a credit card number. The query `SensitiveType:"U.S. Social Security Number (SSN)"` returns documents that contain a U.S. social security number.
+
+To see a list of the sensitive information types that you can search for, go to **Data classifications** \> **Sensitive info types** in the Microsoft 365 compliance center. Or you can use the **Get-DlpSensitiveInformationType** cmdlet in Security & Compliance Center PowerShell to display a list of sensitive information types.
-For more information about creating queries using the `SensitiveType` property, see [Form a query to find sensitive data stored on sites](form-a-query-to-find-sensitive-data-stored-on-sites.md).
+For more information about creating queries using the `SensitiveType` property, see [Form a query to find sensitive data stored on sites](form-a-query-to-find-sensitive-data-stored-on-sites.md).
### Limitations for searching sensitive data types -- You can only use the `SensitiveType` property to search for built-in sensitive info data types. You can't search for custom sensitive data types that you (or another administrator) created for your organization. Use the **Publisher** column on the **Sensitive info types** tab in the compliance center (or the **Publisher** property in PowerShell) to differentiate between built-in and custom sensitive information types. Built-in sensitive data types are identified by the **Microsoft Corporation** value in the **Publisher** column.
+- To search for custom sensitive information types, you have to specify the ID of the sensitive information type in the `SensitiveType` property. Using the name of a custom sensitive information type (as shown in the example for built-in sensitive information types in the previous section) will return no results. Use the **Publisher** column on the **Sensitive info types** page in the compliance center (or the **Publisher** property in PowerShell) to differentiate between built-in and custom sensitive information types. Built-in sensitive data types have a value of `Microsoft Corporation` for the **Publisher** property.
+
+ To display the name and ID for the custom sensitive data types in your organization, run the following command in Security & Compliance Center PowerShell:
+
+ ```powershell
+ Get-DlpSensitiveInformationType | Where-Object {$_.Publisher -ne "Microsoft Corporation"} | FT Name,Id
+ ```
+
+ Then you can use the ID in the `SensitiveType` search property to return documents that contain the custom sensitive data type; for example, `SensitiveType:7e13277e-6b04-3b68-94ed-1aeb9d47de37`
-- You can't use sensitive info data types and the `SensitiveType` search property to search for sensitive data at-rest in Exchange Online mailboxes. However, you can use data loss prevention (DLP) policies to protect sensitive email data in transit. For more information, see [Overview of data loss prevention policies](data-loss-prevention-policies.md) and [Search for and find personal data](search-for-and-find-personal-data.md).
+- You can't use sensitive information types and the `SensitiveType` search property to search for sensitive data at-rest in Exchange Online mailboxes. However, you can use data loss prevention (DLP) policies to protect sensitive email data in transit. For more information, see [Overview of data loss prevention policies](data-loss-prevention-policies.md) and [Search for and find personal data](search-for-and-find-personal-data.md).
## Search operators Boolean search operators, such as **AND**, **OR**, and **NOT**, help you define more-precise searches by including or excluding specific words in the search query. Other techniques, such as using property operators (such as `>=` or `..`), quotation marks, parentheses, and wildcards, help you refine a search query. The following table lists the operators that you can use to narrow or broaden search results.
-|**Operator**|**Usage**|**Description**|
+| Operator | Usage | Description |
|:--|:--|:--| |AND|keyword1 AND keyword2|Returns items that include all of the specified keywords or `property:value` expressions. For example, `from:"Ann Beebe" AND subject:northwind` would return all messages sent by Ann Beebe that contained the word northwind in the subject line. <sup>2</sup>| |+|keyword1 + keyword2 + keyword3|Returns items that contain *either* `keyword2` or `keyword3` *and* that also contain `keyword1`. Therefore, this example is equivalent to the query `(keyword2 OR keyword3) AND keyword1`. <br/> The query `keyword1 + keyword2` (with a space after the **+** symbol) isn't the same as using the **AND** operator. This query would be equivalent to `"keyword1 + keyword2"` and return items with the exact phase `"keyword1 + keyword2"`.|
@@ -195,7 +205,7 @@ You can add conditions to a search query to narrow a search and return a more re
Create a condition using common properties when searching mailboxes and sites in the same search. The following table lists the available properties to use when adding a condition.
-|**Condition**|**Description**|
+| Condition | Description |
|:--|:--| |Date|For email, the date a message was received by a recipient or sent by the sender. For documents, the date a document was last modified.| |Sender/Author|For email, the person who sent a message. For documents, the person cited in the author field from Office documents. You can type more than one name, separated by commas. Two or more values are logically connected by the **OR** operator.|
@@ -208,7 +218,7 @@ Create a condition using common properties when searching mailboxes and sites in
Create a condition using mail properties when searching mailboxes or public folders. The following table lists the email properties that you can use for a condition. These properties are a subset of the email properties that were previously described. These descriptions are repeated for your convenience.
-|**Condition**|**Description**|
+| Condition | Description |
|:--|:--| |Message kind| The message type to search. This is the same property as the Kind email property. Possible values: <br/><br/> contacts <br/> docs <br/> email <br/> externaldata <br/> faxes <br/> im <br/> journals <br/> meetings <br/> microsoftteams <br/> notes <br/> posts <br/> rssfeeds <br/> tasks <br/> voicemail| |Participants|All the people fields in an email message. These fields are From, To, Cc, and Bcc.|
@@ -225,7 +235,7 @@ Create a condition using mail properties when searching mailboxes or public fold
Create a condition using document properties when searching for documents on SharePoint and OneDrive for Business sites. The following table lists the document properties that you can use for a condition. These properties are a subset of the site properties that were previously described. These descriptions are repeated for your convenience.
-|**Condition**|**Description**|
+| Condition | Description |
|:--|:--| |Author|The author field from Office documents, which persists if a document is copied. For example, if a user creates a document and the emails it to someone else who then uploads it to SharePoint, the document will still retain the original author.| |Title|The title of the document. The Title property is metadata that's specified in Office documents. It's different than the file name of the document.|
@@ -238,7 +248,7 @@ Create a condition using document properties when searching for documents on Sha
When you add a condition, you can select an operator that is relevant to type of property for the condition. The following table describes the operators that are used with conditions and lists the equivalent that is used in the search query.
-|**Operator**|**Query equivalent**|**Description**|
+| Operator | Query equivalent | Description |
|:--|:--|:--| |After|`property>date`|Used with date conditions. Returns items that were sent, received, or modified after the specified date.| |Before|`property<date`|Used with date conditions. Returns items that were sent, received, or modified before the specified date.|
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/retention https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention.md
@@ -72,7 +72,7 @@ For more detailed information about how retention settings work for different wo
## Retention policies and retention labels
-You can use both retention policies and retention labels with label policies to assign your retention settings to content.
+To assign your retention settings to content, use **retention policies** and **retention labels with label policies**. You can use just one of these methods, or combine them.
Use a retention policy to assign the same retention settings for content at a site or mailbox level, and use a retention label to assign retention settings at an item level (folder, document, email).
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitive-information-type-entity-definitions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitive-information-type-entity-definitions.md
@@ -2227,21 +2227,15 @@ A DLP policy has high confidence that it's detected this type of sensitive infor
- A keyword from Keyword_brazil_rg is found. - The checksum passes.
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
-- The function Func_brazil_rg finds content that matches the pattern.-- The checksum passes. ```xml
-<!-- Brazil National ID Card (RG) -->
-<Entity id="486de900-db70-41b3-a886-abdf25af119c" recommendedConfidence="85" patternsProximity="300">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_brazil_rg"/>
- <Match idRef="Keyword_brazil_rg"/>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_brazil_rg"/>
- </Pattern>
-</Entity>
+ <!-- Brazil National ID Card (RG) -->
+ <Entity id="486de900-db70-41b3-a886-abdf25af119c" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_brazil_rg" />
+ <Match idRef="Keyword_brazil_rg" />
+ </Pattern>
+ </Entity>
``` ### Keywords
@@ -8403,6 +8397,7 @@ A DLP policy has low confidence that it's detected this type of sensitive inform
- An optional space or dash - Four digits - An optional space or dash
+- Three digits
- The final digit which is the check digit ### Checksum
@@ -16815,4 +16810,4 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
- passport number - passport no - паспорт України-- номер паспорта
+- номер паспорта
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-office-apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-office-apps.md
@@ -59,8 +59,8 @@ The numbers listed are the minimum Office application version required for each
|[Dynamic markings with variables](#dynamic-markings-with-variables) | 2010+ | 16.42+ | 2.42+ | 16.0.13328+ | Under review | |[Assign permissions now](encryption-sensitivity-labels.md#assign-permissions-now) | 1910+ | 16.21+ | 2.21+ | 16.0.11231+ | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) | |[Let users assign permissions](encryption-sensitivity-labels.md#let-users-assign-permissions) |2004+ | 16.35+ | Under review | Under review | Under review |
-|[Get started with data classification](data-classification-overview.md) and send data for administrators | Preview: [Current Channel (Preview)](https://office.com/insider) | Preview: [Current Channel (Preview)](https://office.com/insider) | Under review | Under review | Yes <sup>\*</sup> |
-|[Require users to apply a label to their email and documents](#require-users-to-apply-a-label-to-their-email-and-documents) | Preview: Rolling out to [Current Channel (Preview)](https://office.com/insider) | Preview: Rolling out to [Current Channel (Preview)](https://office.com/insider) | Under review | Preview: [Beta Channel](https://office.com/insider) | Under review
+|[Get started with data classification](data-classification-overview.md) and send data for administrators | 2011+ | 16.43+ | Preview: [Current Channel (Preview)](https://office.com/insider) | Preview: [Current Channel (Preview)](https://office.com/insider) | Yes <sup>\*</sup> |
+|[Require users to apply a label to their email and documents](#require-users-to-apply-a-label-to-their-email-and-documents) | Preview: [Current Channel (Preview)](https://office.com/insider) | Preview: [Current Channel (Preview)](https://office.com/insider) | Under review | Rolling out: 16.0.13628+ | Under review
|[Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md) | 2009+ | Rolling out: 16.44+ | Under review | Under review | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) | |Support [AutoSave](https://support.office.com/article/6d6bd723-ebfd-4e40-b5f6-ae6e8088f7a5) and [coauthoring](https://support.office.com/article/ee1509b4-1f6e-401e-b04a-782d26f564a4) on labeled and encrypted documents | Under review | Under review | Under review | Under review | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) | |
@@ -85,7 +85,7 @@ The numbers listed are the minimum Office application version required for each
|[Assign permissions now](encryption-sensitivity-labels.md#assign-permissions-now) | 1910+ | 16.21+ | 4.7.1+ | 4.0.39+ | Yes | |[Let users assign permissions](encryption-sensitivity-labels.md#let-users-assign-permissions) | 1910+ | 16.21+ | 4.7.1+ | 4.0.39+ | Yes | |[Require users to apply a label to their email and documents](#require-users-to-apply-a-label-to-their-email-and-documents) | Preview: [Current Channel (Preview)](https://office.com/insider)) | 16.43+ | Under review | Under review | Yes |
-|[Get started with data classification](data-classification-overview.md) and send data for administrators | Preview: [Current Channel (Preview)](https://office.com/insider) | Preview: [Current Channel (Preview)](https://office.com/insider) | Under review | Under review | Yes |
+|[Get started with data classification](data-classification-overview.md) and send data for administrators | 2011+ | Under review | Under review | Under review | Under review |
|[Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md) | 2009+ | 16.44+ | Under review | Under review | Yes | |
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels.md
@@ -211,7 +211,7 @@ A label policy consists of:
You can include a user in multiple label policies, and the user will see all the sensitivity labels from those policies. However, a user gets the policy settings from only the label policy with the highest priority.
-If you're not seeing the label or label policy setting that you expect for a user or group, and you have waited 30 minutes, check the order of the sensitivity label policies. To reorder the label policies, select a sensitivity label policy > choose the ellipsis on the right > **Move down** or **Move up**.
+If you're not seeing the label or label policy setting that you expect for a user or group, check the order of the sensitivity label policies. To reorder the label policies, select a sensitivity label policy > choose the ellipsis on the right > **Move down** or **Move up**.
![Move option on the page for sensitivity label policies](../media/sensitivity-label-policy-priority.png)
contentunderstanding https://docs.microsoft.com/en-us/microsoft-365/contentunderstanding/accessibility-mode https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/accessibility-mode.md
@@ -0,0 +1,81 @@
+
+ Title: "SharePoint Syntex accessibility mode "
+++
+audience: admin
+
+search.appverid:
+localization_priority: Normal
+description: "Learn how to use accessibility mode when training a model in SharePoint Syntex."
++
+# SharePoint Syntex accessibility mode
+
+In [SharePoint Syntex](index.md), users can turn on accessibility mode in all stages of model training (label, train, test) when working with example documents. Using accessibility mode can help low-sight users to have easier keyboard accessibility as they navigate and label items in the document viewer.
+
+This helps users to use their keyboards to navigate through text in the document viewer and to hear a narration of not only the selected values, but also of actions (such as labeling or removing labeling from selected text), or predicted label values as you train the model with additional example documents.
++
+![Accessibility mode](../media/content-understanding/accessibility-mode.png)
+
+## Requirements
+
+To hear the audio of the narration, make sure to turn on the [Narrator App](https://support.microsoft.com/windows/complete-guide-to-narrator-e4397a0d-ef4f-b386-d8ae-c172f109bdb1) in your Narrator settings on your Windows 10 system.
+
+![Turn on Narrator](../media/content-understanding/narrator-settings.png)
+
+## Labeling for keyboard users
+
+For keyboard users using accessibility mode, if you are labeling text in an example document in the viewer, you can use the following keys:
+
+- Tab: Moves you forward and selects the next word.
+- Tab + Shift: Moves you backwards and selects the previous word.
+- Enter: Label or removes a label from the selected word.
+- Forward arrow: Moves you forward through individual characters in a selected word.
+- Backward arrow: Moves you backward through individual characters in a selected word.
+
+> [!NOTE]
+> If you are labeling multiple words for a single label, you need to label each word.
++
+## Narration
+
+For Narrator users using accessibility mode, use the same keyboard navigation described for keyboard users to go through the example document in the viewer.
+
+As you navigate through the sample documents and label string values, Narrator will give user the following audio prompts:
+
+- When you use the keyboard to navigate through the document viewer, Narrator audio will state the selected string.
+- Within a selected string, Narrator audio will state each character in the string as you select them by using the forward or backward arrow.
+- If you select a string that has been labeled, Narrator will state the value and then "labeled". For example, if the label value is "Contoso", it will state "Costoso labeled".
+- In the training tab, if you select a string in the document viewer that has only been predicted, Narrator audio will state the value, and then "predicted". This occurs when training predicts a value in the file that does not match what has been labeled by the user.
+- In the training tab, if you select a string in the document viewer that has been labeled and predicted, Narrator audio will state the value, and then "labeled and predicted". This occurs when training is successful and there is a match between a predicted value and the user label.
+++
+After a string is labeled or a label has been removed in the viewer, Narrator audio will warn you to save your changes before you exit.
+
+## See Also
+
+[Create an extractor](create-an-extractor.md)</br>
+
+[Create a classifier](create-a-classifier.md)</br>
++++++++++
+
++
+
+
+++
contentunderstanding https://docs.microsoft.com/en-us/microsoft-365/contentunderstanding/apply-a-model https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/apply-a-model.md
@@ -56,10 +56,15 @@ To apply your model to to a SharePoint document library:
![Selected library](../media/content-understanding/selected-library.png)</br>
-7. Go to your document library and make sure you are in the model's document library view. Notice that if you select the information button next to the document library name, a message notes that your model has been applied to the document library.
+7. Go to your document library and make sure you are in the model's document library view. Notice that if you select the information button next to the document library name, a message notes that the document library has a model applied to it.
![Information view](../media/content-understanding/info-du.png)</br>
+ You can the select **View active models** to see details about any models that are applied to the document library.
+
+8. In the **Active models** pane, you can see the models that are applied to the document library. Select a model to see more details about it, such as a description of the model, who published the model, and if the model applies a retention label to the files it classifies.
+
+ ![Active models pane](../media/content-understanding/active-models.png)</br>
After applying the model to the document library, you can begin uploading documents to the site and see the results.
@@ -78,6 +83,20 @@ While an applied model processes all files uploaded to the document library afte
> [!NOTE] > You can copy individual files to a library and apply them to a model, but not folders.
+### The Classification Date field
+
+When a SharePoint Syntex document understanding or form processing model is applied to a document library, a <b> Classification date </b> field is included in the library schema. By default this field is empty, but when documents are processed and classified by a model, this field is updated with a date-time stamp of completion.
+
+ ![Classification date column](../media/content-understanding/class-date-column.png)</br>
+
+The Classification date field is used by the [<b>When a file is classified by a content understanding model</b> trigger](https://docs.microsoft.com/connectors/sharepointonline/#when-a-file-is-classified-by-a-content-understanding-model) to run a Power Automate flow after a Syntex content understanding model has finished processing a file and updated the "Classification date" field.
+
+ ![Flow trigger](../media/content-understanding/trigger.png)</br>
+
+The <b>When a file is classified by a content understanding model</b> trigger can then be used to start another workflow using any extracted information from the file.
+++ ## See Also [Create a classifier](create-a-classifier.md)
contentunderstanding https://docs.microsoft.com/en-us/microsoft-365/contentunderstanding/create-an-extractor https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/create-an-extractor.md
@@ -53,6 +53,14 @@ Creating the extractor opens the extractor page. Here you see a list of your sam
Once you labeled five files, a notification banner displays informing you to move to training. You can choose to more label more documents or advance to training.
+### Use Find to search your file
+You can use the <b>Find</b> feature to search for an entity in your document that you want to label.
+
+ ![Find in file](../media/content-understanding/find-feature.png)
+
+The Find feature is useful if you are searching a large document or if there are multiple instances of the entity in the document. If you find multiple instances, you can select the one you need in the search results to go to that location in the viewer to label it.
++ ## Add an explanation For our example, we are going to create an explanation that provides a hint about the entity format itself and variations it may have in the sample documents. For example, a date value can be in a number of different formats, such as:
contentunderstanding https://docs.microsoft.com/en-us/microsoft-365/contentunderstanding/explanation-types-overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/explanation-types-overview.md
@@ -119,6 +119,31 @@ Configure the proximity setting to have a range of 0 through 3.
![Proximity example](../media/content-understanding/proximity-example.png)</br> +
+## Configure where phrases occur in the document
+
+When you create an explanation, by default the entire document is searched for the phrase you are trying to extract. However, you can use the <b>Where these phrases occur</b> advanced setting to help in isolating a specific location in the document that a phrase occurs. This is useful in situations where similar instances of a phrase might appear somewhere else in the document, and you want to make sure that the correct one is selected. Referring to our Medical Referral document example, the **Referring Doctor** is always mentioned in the first paragraph of the document. With the <b>Where these phrases occur</b> setting, in this example you can configure your explanation to search for this label only in the beginning section of the document, or any other location in which it might occur.
+
+ ![Where these phrases occur setting](../media/content-understanding/phrase-location.png)</br>
+
+You can choose the following options for this setting:
+
+- Anywhere in the file: The entire document is searched for the phrase.
+- Beginning of the file: The document is searched from the beginning to the phrase location.</br>
+ ![Beginning of file](../media/content-understanding/beginning-of-file.png)</br>
+In the viewer, you can manually adjust the select box to include the location where the phase occurs. The <b>End position</b> value will update to show the number of tokens your selected area includes. Note that you can update the End position value as well to adjust the selected area.</br>
+ ![Beginning of file position box](../media/content-understanding/beginning-box.png)</br>
+
+- End of the file: The document is searched from the end to the phrase location.</br>
+ ![End of file](../media/content-understanding/end-of-file.png)</br>
+In the viewer, you can manually adjust the select box to include the location where the phase occurs. The <b>Starting position</b> value will update to show the number of tokens your selected area includes. Note that you can update the Starting position value as well to adjust the selected area.</br>
+ ![End of file end box](../media/content-understanding/end-box.png)</br>
+- Custom range: The document is searched in a specified range within the it for the phrase location.</br>
+ ![Custom range](../media/content-understanding/custom-file.png)</br>
+In the viewer, you can manually adjust the select box to include the location where the phase occurs. For this setting, you need to select a <b>Start</b> and an <b>End</b> position. These values represent the number of tokens from the begging of the document. While you can manually enter in these values, it is easier to manually adjust the select box in the viewer.</br>
+
++ ## Use explanation templates While you can manually add various pattern list values for your explanation, it can be easier to use the templates provided to you in the explanation library.
contentunderstanding https://docs.microsoft.com/en-us/microsoft-365/contentunderstanding/model-usage-analytics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/model-usage-analytics.md
@@ -23,28 +23,53 @@ description: "Learn how to apply a retention label to a document understanding m
</br>
-Your Microsoft SharePoint Syntex content center provides you model usage analytics to provide more information about how your models that have been published from the content center are being used. This includes a roll-up of the following information:
+Your Microsoft SharePoint Syntex content center provides you model usage analytics to provide more information about how your models that have been published from the content center are being used. The <b>How your models are performing in the last 30 days</b> section of the content center includes a 30 day roll-up of usage analytics data provided in the following charts and lists:
-- Where your models are being applied-- How many files are being processed over time
+- Classification by model
+- Classification by library
+- Model usage
![Model analytics](../media/content-understanding/model-analytics.png) </br>
-## Total model percentage
+### Roll up of model usage data in the default content center
+
+In SharePoint Syntex, the default content center is created during setup. Additional content centers can also be created as needed. For example, departments might create their own content centers to create and manage their models.
+
+In regards to model usage analytics, note that:
+
+- Your default content center will show model usage analytics for all content centers and models in your org, including ones created in additional content centers. This gives content managers and other stakeholders a centralized portal to manage and oversee the content centers and models across the company.
+- Other content centers will only show model usage analytics for the models that were created in them. This gives content managers insights into usage data for only the models they are concerned with.
++
+## Classification by model
![Total model percentage](../media/content-understanding/total-model-percentage.png) </br>
-The **Total model percentage** pie chart displays each published model as a percentage of the total files processed by all published models on the content center.
+The **Classification by model** pie chart displays which models have classified the most files. It shows each published model as a percentage of the total files processed by all published models on the content center.
Each model also shows the **Completeness Rate**, the percentage of uploaded files that were successfully analyzed by the model. A low completeness rate may mean that there are issues with either the model or the files that are being analyzed.
-## Files processed over time
+## Classification by library
![Files processed](../media/content-understanding/files-processed-over-time.png) </br>
-The **Files processed over time** bar chart shows you not only the number of files processed over time for each model, but also shows you the document libraries to which the model was applied.
+The **Classification by library** bar chart helps you determine the effectiveness of content understanding in your organization. It shows you not only the number of files processed over time for each model, but by selecting a column in chart, it will also show you the document libraries to which the model was applied.
++
+## Model usage
+
+The Model Usage list will show usage analytics for the models created through the content center.
+
+> [!NOTE]
+> If you are in the default content center and have additional content centers in your organization, the model usage list will be grouped by content center.
+
+Each model in the model usage list will show the usage data:
+
+- Classified item count: Number of files processed by the model.
+- Average confidence score: Average accuracy score of the model when run against files.
+- Target list URL: The SharePoint document library to which the model is applied.
+
- ![Bar chart](../media/content-understanding/bar-chart-models.png) </br>
## See Also [Create a classifier](create-a-classifier.md)
contentunderstanding https://docs.microsoft.com/en-us/microsoft-365/contentunderstanding/set-up-content-understanding https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/set-up-content-understanding.md
@@ -29,12 +29,12 @@ You can change your settings after initial setup in the Microsoft 365 admin cent
Prior to setup, make sure to plan for the best way to set up and configure content understanding in your environment. For example, you need to make the following decisions: - The SharePoint sites in which you want to enable form processing - all of them, some, or selected sites-- The name and admins or your content center
+- The name and admins for your content center
## Requirements > [!NOTE]
-> You must have Global admin or SharePoint admin permissions to be able to access the Microsoft 365 admin center and set up content understanding.
+> You must have Global admin or SharePoint admin permissions to be able to access the Microsoft 365 admin center and set up SharePoint Syntex.
As an admin, you can also make changes to your selected settings anytime after setup, and throughout the content understanding management settings in the Microsoft 365 Admin Center.
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/connect-to-all-microsoft-365-services-in-a-single-windows-powershell-window https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/connect-to-all-microsoft-365-services-in-a-single-windows-powershell-window.md
@@ -3,7 +3,7 @@ Title: "Connect to all Microsoft 365 services in a single PowerShell window"
Previously updated : 09/10/2020 Last updated : 02/02/2021 audience: ITPro
@@ -51,7 +51,7 @@ Before you can manage all of Microsoft 365 from a single instance of PowerShell,
- Windows Server 2008 R2 SP1*
- \* You need to install Microsoft .NET Framework 4.5.*x* and then Windows Management Framework 3.0 or 4.0. For more information, see [Windows Management Framework](https://docs.microsoft.com/powershell/scripting/windows-powershell/wmf/overview?view=powershell-7).
+ \* You need to install Microsoft .NET Framework 4.5.*x* and then Windows Management Framework 3.0 or 4.0. For more information, see [Windows Management Framework](https://docs.microsoft.com/powershell/scripting/windows-powershell/wmf/overview).
You need to use a 64-bit version of Windows because of the requirements for the Skype for Business Online module and one of the Microsoft 365 modules.
@@ -69,10 +69,6 @@ Before you can manage all of Microsoft 365 from a single instance of PowerShell,
Set-ExecutionPolicy RemoteSigned ```
-## Exchange Online and Security &amp; Compliance Center with the Exchange Online PowerShell V2 module
-
-The procedures in this article use the Exchange Online PowerShell V2 module to connect to both Exchange Online and the Security &amp; Compliance Center. But currently you can't connect to both *in the same PowerShell window*. So you have to choose to connect to one or the other when you configure a PowerShell window for multiple Microsoft 365 services.
- ## Connection steps when using just a password Follow these steps to connect to all the services in a single PowerShell window when you're using just a password for sign-in.
@@ -104,6 +100,7 @@ Follow these steps to connect to all the services in a single PowerShell window
```powershell $orgName="<for example, litwareinc for litwareinc.onmicrosoft.com>"
+ Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
Connect-SPOService -Url https://$orgName-admin.sharepoint.com -Credential $Credential ```
@@ -113,37 +110,35 @@ Follow these steps to connect to all the services in a single PowerShell window
> Skype for Business Online Connector is currently part of the latest Teams PowerShell module. If you're using the latest Teams PowerShell public release, you don't need to install the Skype for Business Online Connector. ```powershell
- Import-Module MicrosoftTeams
$sfboSession = New-CsOnlineSession -Credential $credential Import-PSSession $sfboSession ```
-6. Run this command to connect to Exchange Online.
+6. Run these commands to connect to Exchange Online.
```powershell Import-Module ExchangeOnlineManagement
- Connect-ExchangeOnline -Credential $credential -ShowProgress $true
+ Connect-ExchangeOnline -ShowProgress $true
``` > [!Note] > To connect to Exchange Online for Microsoft 365 clouds other than Worldwide, see [Connect to Exchange Online PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-exchange-online-powershell).
- Alternatively, run these commands to connect to the Security &amp; Compliance Center.
+7. Run these commands to connect to the Security &amp; Compliance Center.
```powershell $acctName="<UPN of the account, such as belindan@litwareinc.onmicrosoft.com>"
- Import-Module ExchangeOnlineManagement
Connect-IPPSSession -UserPrincipalName $acctName ``` > [!Note] > To connect to the Security &amp; Compliance Center for Microsoft 365 clouds other than Worldwide, see [Connect to Security & Compliance Center PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-scc-powershell).
- Run these commands to connect to Teams PowerShell.
+8. Run these commands to connect to Teams PowerShell.
```powershell Import-Module MicrosoftTeams
- Connect-MicrosoftTeams -Credential $credential
+ Connect-MicrosoftTeams
``` > [!Note]
@@ -152,82 +147,61 @@ Follow these steps to connect to all the services in a single PowerShell window
### Azure Active Directory PowerShell for Graph module
-Here are the commands for all the services *except Security &amp; Compliance Center* in a single block when you use the Azure Active Directory PowerShell for Graph module. Specify the name of your domain host and run them all at the same time.
-
-```powershell
-$orgName="<for example, litwareinc for litwareinc.onmicrosoft.com>"
-$credential = Get-Credential
-Connect-AzureAD -Credential $credential
-Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
-Connect-SPOService -Url https://$orgName-admin.sharepoint.com -credential $credential
-Import-Module MicrosoftTeams
-$sfboSession = New-CsOnlineSession -Credential $credential
-Import-PSSession $sfboSession
-Import-Module ExchangeOnlineManagement
-Connect-ExchangeOnline -Credential $credential -ShowProgress $true
-Import-Module MicrosoftTeams
-Connect-MicrosoftTeams -Credential $credential
-```
-
-Here are the commands for all the services *except Exchange Online* in a single block when you use the Azure Active Directory PowerShell for Graph module. Specify the name of your domain host and the UPN for the sign-in and run them all at the same time.
+Here are the commands for all the services in a single block when you use the Azure Active Directory PowerShell for Graph module. Specify the name of your domain host and the UPN for the sign-in and run them all at the same time.
```powershell $orgName="<for example, litwareinc for litwareinc.onmicrosoft.com>" $acctName="<UPN of the account, such as belindan@litwareinc.onmicrosoft.com>"
-$credential = Get-Credential -UserName $acctName
+$credential = Get-Credential -UserName $acctName -Message "Type the account's password."
+#Azure Active Directory
Connect-AzureAD -Credential $credential
+#SharePoint Online
Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking Connect-SPOService -Url https://$orgName-admin.sharepoint.com -credential $credential
-Import-Module MicrosoftTeams
+#Skype for Business Online
$sfboSession = New-CsOnlineSession -Credential $credential Import-PSSession $sfboSession
+#Exchange Online
Import-Module ExchangeOnlineManagement
+Connect-ExchangeOnline -ShowProgress $true
+#Security & Compliance Center
Connect-IPPSSession -UserPrincipalName $acctName
+#Teams
Import-Module MicrosoftTeams
-Connect-MicrosoftTeams -Credential $credential
+Connect-MicrosoftTeams
``` ### Microsoft Azure Active Directory Module for Windows PowerShell module
-Here are the commands for all the services *except Security &amp; Compliance Center* in a single block when you use the Microsoft Azure Active Directory Module for Windows PowerShell module. Specify the name of your domain host and run them all at one time.
-
-```powershell
-$orgName="<for example, litwareinc for litwareinc.onmicrosoft.com>"
-$credential = Get-Credential
-Connect-MsolService -Credential $credential
-Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
-Connect-SPOService -Url https://$orgName-admin.sharepoint.com -credential $credential
-Import-Module MicrosoftTeams
-$sfboSession = New-CsOnlineSession -Credential $credential
-Import-PSSession $sfboSession
-Import-Module ExchangeOnlineManagement
-Connect-ExchangeOnline -Credential $credential -ShowProgress $true
-Import-Module MicrosoftTeams
-Connect-MicrosoftTeams -Credential $credential
-```
-
-Here are the commands for all the services *except Exchange Online* in a single block when you use the Microsoft Azure Active Directory Module for Windows PowerShell module. Specify the name of your domain host and the UPN for the sign-in and run them all at one time.
+Here are the commands for all the services in a single block when you use the Microsoft Azure Active Directory Module for Windows PowerShell module. Specify the name of your domain host and the UPN for the sign-in and run them all at one time.
```powershell $orgName="<for example, litwareinc for litwareinc.onmicrosoft.com>" $acctName="<UPN of the account, such as belindan@litwareinc.onmicrosoft.com>"
-$credential = Get-Credential -UserName $acctName
-Connect-AzureAD -Credential $credential
+$credential = Get-Credential -UserName $acctName -Message "Type the account's password."
+#Azure Active Directory
+Connect-MsolService -Credential $credential
+#SharePoint Online
Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking Connect-SPOService -Url https://$orgName-admin.sharepoint.com -credential $credential
-Import-Module MicrosoftTeams
+#Skype for Business Online
$sfboSession = New-CsOnlineSession -Credential $credential Import-PSSession $sfboSession
+#Exchange Online
Import-Module ExchangeOnlineManagement
+Connect-ExchangeOnline -ShowProgress $true
+#Security & Compliance Center
Connect-IPPSSession -UserPrincipalName $acctName
+#Teams
Import-Module MicrosoftTeams
-Connect-MicrosoftTeams -Credential $credential
+Connect-MicrosoftTeams
```+ ## Connection steps when using multi-factor authentication ### Azure Active Directory PowerShell for Graph module
-Here are all the commands in a single block to connect to multiple Microsoft 365 services *except Security &amp; Compliance Center* when you use multi-factor authentication with the Azure Active Directory PowerShell for Graph module.
+Here are all the commands in a single block to connect to multiple Microsoft 365 services when you use multi-factor authentication with the Azure Active Directory PowerShell for Graph module.
```powershell $acctName="<UPN of the account, such as belindan@litwareinc.onmicrosoft.com>"
@@ -237,31 +211,12 @@ Connect-AzureAD
#SharePoint Online Connect-SPOService -Url https://$orgName-admin.sharepoint.com #Skype for Business Online
-Import-Module MicrosoftTeams
$sfboSession = New-CsOnlineSession Import-PSSession $sfboSession #Exchange Online Import-Module ExchangeOnlineManagement Connect-ExchangeOnline -UserPrincipalName $acctName -ShowProgress $true
-#Teams
-Import-Module MicrosoftTeams
-Connect-MicrosoftTeams
-```
-Here are all the commands in a single block to connect to multiple Microsoft 365 services *except Exchange Online* with multi-factor authentication when you use the Azure Active Directory PowerShell for Graph module.
-
-```powershell
-$acctName="<UPN of the account, such as belindan@litwareinc.onmicrosoft.com>"
-$orgName="<for example, litwareinc for litwareinc.onmicrosoft.com>"
-#Azure Active Directory
-Connect-AzureAD
-#SharePoint Online
-Connect-SPOService -Url https://$orgName-admin.sharepoint.com
-#Skype for Business Online
-Import-Module MicrosoftTeams
-$sfboSession = New-CsOnlineSession
-Import-PSSession $sfboSession
#Security & Compliance Center
-Import-Module ExchangeOnlineManagement
Connect-IPPSSession -UserPrincipalName $acctName #Teams Import-Module MicrosoftTeams
@@ -269,7 +224,7 @@ Connect-MicrosoftTeams
``` ### Microsoft Azure Active Directory Module for Windows PowerShell module
-Here are all the commands in a single block to connect to multiple Microsoft 365 services *except Security &amp; Compliance Center* when you use multi-factor authentication with the Microsoft Azure Active Directory Module for Windows PowerShell module.
+Here are all the commands in a single block to connect to multiple Microsoft 365 services when you use multi-factor authentication with the Microsoft Azure Active Directory Module for Windows PowerShell module.
```powershell $acctName="<UPN of the account, such as belindan@litwareinc.onmicrosoft.com>"
@@ -279,31 +234,12 @@ Connect-MsolService
#SharePoint Online Connect-SPOService -Url https://$orgName-admin.sharepoint.com #Skype for Business Online
-Import-Module MicrosoftTeams
$sfboSession = New-CsOnlineSession Import-PSSession $sfboSession #Exchange Online Import-Module ExchangeOnlineManagement Connect-ExchangeOnline -UserPrincipalName $acctName -ShowProgress $true
-#Teams
-Import-Module MicrosoftTeams
-Connect-MicrosoftTeams
-```
-Here are all the commands in a single block to connect to multiple Microsoft 365 services *except Exchange Online* when you use multi-factor authentication with the Microsoft Azure Active Directory Module for Windows PowerShell module.
-
-```powershell
-$acctName="<UPN of the account, such as belindan@litwareinc.onmicrosoft.com>"
-$orgName="<for example, litwareinc for litwareinc.onmicrosoft.com>"
-#Azure Active Directory
-Connect-MsolService
-#SharePoint Online
-Connect-SPOService -Url https://$orgName-admin.sharepoint.com
-#Skype for Business Online
-Import-Module MicrosoftTeams
-$sfboSession = New-CsOnlineSession
-Import-PSSession $sfboSession
#Security & Compliance Center
-Import-Module ExchangeOnlineManagement
Connect-IPPSSession -UserPrincipalName $acctName #Teams Import-Module MicrosoftTeams
knowledge https://docs.microsoft.com/en-us/microsoft-365/knowledge/topic-experiences-discovery-curation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/knowledge/topic-experiences-discovery-curation.md
@@ -15,40 +15,59 @@
localization_priority: None
-# Topic Experiences discovery and curation (Preview)
+# Topic discovery and curation (Preview)
> [!Note] > The content in this article is for Project Cortex Private Preview. [Find out more about Project Cortex](https://aka.ms/projectcortex). Topic Experiences converts knowledge information to knowledge in your Microsoft 365 environment. We've all experienced reading through documents and site pages where we encounter terms we are unfamiliar with. Many times we stop what we are doing to spend precious time searching for more information.
-What Topic Experiences does is use Microsoft Graph and AI to identify **topics** in your organization. A topic is a phrase or term that has a specific meaning to an organization, where users would benefit by being able to view a wiki page about it. AI searches for people and content connected to the topic, and if enough it discovered, it becomes a suggested topic.
-
-The AI suggested topic information is added to a **Topic page**, which can contain:
+Topic Experiences uses Microsoft Graph and AI to identify **topics** in your organization. A topic is a phrase or term that has a specific meaning to the organization, and has resources related to it that can help people understand what it is and find more information about it. There are lots of different types of topics that will be important to your organization. Initially, the following types of topics can be identified:
+- Project
+- Event
+- Organization
+- Location
+- Product
+- Creative work
+- Field of study
+
+AI identifies people and content connected to the topic, and if enough is discovered, it becomes a suggested topic. It looks to identify the following properties and display them on a **Topic page**:
+- Alternate names and/or acronyms.
- A short description of the topic.-- Alternate names for the topic.-- People who might know more about the topic.-- Sites, files, and pages that might be related to the topic.
+- People who might be knowledgeable about the topic.
+- Files, pages, and sites that are related to the topic.
+
+The properties are identified from the files and pages that are part of the evidence for identifying the topic. Alternate names and acronyms are sourced from these files and pages. The short description is sourced from these files and pages, or from the internet through Wikipedia. The source file, page or Wikipedia article is referenced alongside the suggested properties. People are suggested based on their active contributions (e.g. edits) to the files and pages. A reference to the amount of contributions from a particular person provides a hint as to why the person has been identified. Files, pages and sites are ranked based on whether they are central to the topic, whether they can give an overview or introduction to the topic.
-Topic experiences then, when the context is appropriate, suggests these topics to be highlighted on all SharePoint modern site pages in your tenant. When a user is curious to learn more about a topic, they can select the highlighted topic to view a **Topic summary** card that provides a short description. And if they want to learn more, they can select a **Topic details** link in the summary to open the detailed topic page.
+Not every identified topic will be useful to your organization or have identified any or the correct alternate names or a description, the appropriate people or content, so the ability to add topics that were not identified, keep suggested topics, and curate topics is critical to improving the quality of the topics that are discoverable in your organization.
+
+Topic experiences then, when the context is appropriate, suggests these topics to be highlighted on all SharePoint modern site pages in your tenant. The topic can also be directly referenced on the SharePoint modern site page by a page author. When a user is curious to learn more about a topic, they can select the highlighted topic to view a **Topic summary** card that provides a short description. And if they want to learn more, they can select a **Topic details** link in the summary to open the detailed topic page.
![Topic highlights](../media/knowledge-management/saturn.png) </br> Additionally, users will also be able to find topics through Microsoft Search.
+![Microsoft Search topic answer](../EfrenCanWeAddAnImageOfSearchHere) </br>
-## Topic curation
-Topic Experiences welcomes human contribution to improve the quality of your topics. While AI initially identifies and suggests topics, manually made edits to content from contributors, confirmation from users for AI generated content, and feedback on the usefulness of topics are all essential.
+## Topic curation and feedback
-- AI generated topics ("suggested topics") can be reviewed by **knowledge managers** in your organization. In the Manage Topics page in the Topic Center, they can choose to confirm them as valid, or reject them to prevent them from being viewed.
+Topic Experiences welcomes human contribution to improve the quality of your topics. While AI initially identifies and suggests topics, manually made edits to content from contributors, manually added topics, confirmation from users for AI discovered properties and content, and feedback on the usefulness of topics are all essential.
-- You can assign *Create and edit topics* permissions to any of your licensed users so that they can make changes to existing topics or create new topics when needed.
+- Topics can be reviewed by **knowledge managers** in your organization. The knowledge manager can review topics that they have permissions to see. In the Manage Topics page in the Topic Center, they can choose to confirm AI generated topics ("suggested topics") as valid, reject topics to prevent the content from being viewed as a topic, create topics that were not discovered by AI, or identify topics that could benefit from a few edits by subject matter experts to be more helpful or accurate. See [Manage topics in the Topic center](manage-topics.md) for more information.
-- Even users who only have read access to topic (topic viewers) will be asked to verify the usefulness of specific topics. Their feedback is also taken to confirm or reject a suggested topic.
+- You can assign *Create and edit topics* permissions to any of your licensed users so that they can make changes to existing topics or create new topics. This allows users that are knowledgeable about the topic to update the topic page directly to make corrections or add additional information. They can also add new topics that AI wasn't able to identify. If there is enough information on these manually added topics, and AI is able to identify this type of topic, additional suggestions from AI may enhance these manually added topics. Together, humans and AI can keep knowledge accurate over time and not have this rest on a single person. See [Create a new topic](https://docs.microsoft.com/en-us/microsoft-365/knowledge/create-a-topic) and [Edit a topic](https://docs.microsoft.com/en-us/microsoft-365/knowledge/edit-a-topic) for more information.
-Even with human edits, AI will continually look for more information about topics, and will look for human verification. For example, if AI thinks you are a person that should be listed as an expert on a topic, it will ask you to confirm this.
+- Even users who only have read access to topic (topic viewers) will be asked to verify the usefulness of specific topics. Feedback questions are asked on the **Topic summary** card to improve the value of the topic and its information. Questions about the quality and usefulness of the AI suggestions are presented to users one at a time. Questions include:
+1. Whether identifying the topic in the SharePoint page was helpful. There's an opportunity to remove the highlight if it's not accurate or helpful. If enough people indicate that a topic is not correctly identified on a particular page, this highlight will eventually be removed for all users.
+2. Whether the suggested topic is valuable to the organization. If enough people indicate that the suggested topic is valuable, the topic is automatically confirmed. Alternateively, if the suggestd topic is not valuable, the topic is automatically rejected. The Knowledge Manager can observe this activity in the Manage Topics view.
+
+3. Whether the people and resource suggestions are helpful.
+
+4. On the Topic Center home page, you can see the topics in your organization to which you have a connection. You can choose to remain listed on the topic or remove yourself. This feedback is reflected to everyone who discovers this topic. See [Topic center overview](https://docs.microsoft.com/en-us/microsoft-365/knowledge/topic-center-overview) for more details on the topic center home page.
+
+Even with human edits, AI will continually look for more information about topics, and will look for human verification. For example, if AI thinks you are a person that should be listed as an expert on a topic, it will ask you to confirm this.
## See also
knowledge https://docs.microsoft.com/en-us/microsoft-365/knowledge/topic-experiences-overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/knowledge/topic-experiences-overview.md
@@ -47,22 +47,32 @@ When a topic is mentioned in content on SharePoint news and pages, you'll see it
Topic experiences uses Microsoft AI technology to identify **topics** in your Microsoft 365 environment.
-A topic is a phrase or term that is organizationally significant or important. It has a specific meaning to the organization, and has resources related to it that can help people understand what it is and find more information about it.
+A topic is a phrase or term that is organizationally significant or important. It has a specific meaning to the organization, and has resources related to it that can help people understand what it is and find more information about it. There are lots of different types of topics that will be important to your organization. Initially, the Microsoft AI technology focuses on the following types:
+- Project
+- Event
+- Organization
+- Location
+- Product
+- Creative work
+- Field of study
-When a topic is identified and AI determines that it has enough information for it to be a suggested topic, a **topic page** is created for it that contains information that was gathered through topic indexing, such as:
+
+When a topic is identified and AI determines that it has enough information for it to be a suggested topic, a **topic page** displays the information that was gathered through topic indexing, such as:
- Alternate names and/or acronyms. - A short description of the topic.-- Users who might be knowledgeable about the topic.
+- People who might be knowledgeable about the topic.
- Files, pages, and sites that are related to the topic. Your knowledge admins can choose to crawl all SharePoint sites in your tenant for topics, or to just select certain ones.
+See [Topic discovery and curation](https://docs.microsoft.com/en-us/microsoft-365/knowledge/topic-experiences-discovery-curation)
+ ## Roles When you use Topic experiences in your Microsoft 365 environment, your users will have the following roles: -- Topic viewer: Users who will be able to see topic highlights on SharePoint modern sites that they have at least *Read* access to, and in Microsoft Search. They will be able to select topic highlights to see topic details in topic pages. Topic viewers will be able to provide feedback on how useful a topic is to them.
+- Topic viewers: Users who will be able to see topic highlights on SharePoint modern sites that they have at least *Read* access to, and in Microsoft Search. They will be able to select topic highlights to see topic details in topic pages. Topic viewers will be able to provide feedback on how useful a topic is to them.
- Contributors: Users who have rights to edit existing topics or create new ones. Knowledge admins assign contributor permissions to users through the Topic experiences settings in the Microsoft 365 admin center. Note that you can also choose to give all topic viewers the permission to edit and create topics so that everyone can contribute to topics that they see.
@@ -92,10 +102,10 @@ See [Manage topics in the Topic center](manage-topics.md) for more information.
Admin controls in the Microsoft 365 admin center allow you to manage your knowledge network. They allow a Microsoft 365 global or SharePoint administrator to: - Control which users in your organization are allowed to see topics in SharePoint modern pages or in SharePoint search results.-- Control which SharePoint sites will be crawled to search for topics.-- Configure topic discovery to exclude specific topics from being found.
+- Control which SharePoint sites will be crawled to identify topics.
+- Exclude specific topics from being found.
- Control which users can manage topics in the topic center.-- Control which users can create and edit topics in the topic center.
+- Control which users can create and edit topics.
- Control which user will be able to view topics. See [assign user permissions](https://docs.microsoft.com/microsoft-365/knowledge/plan-topic-experiences#user-permissions), [manage topic visibility](https://docs.microsoft.com/microsoft-365/knowledge/topic-experiences-knowledge-rules), and [manage topic discovery](https://docs.microsoft.com/microsoft-365/knowledge/topic-experiences-discovery) for more information about admin controls.
@@ -104,12 +114,14 @@ See [assign user permissions](https://docs.microsoft.com/microsoft-365/knowledge
AI will continually work to provide you suggestions to improve your topics as changes occur in your environment.
-Users who you allow access to see topics in their daily work might be asked if the topic was useful to them. The system looks at these responses and uses them to help determine what's shown on topic summaries and in topic details.
+Users with edit or create topics permissions can make updates to topic pages directly if they want to make corrections or add additional information. They can also add new topics that AI wasn't able to identify. If there is enough information on these manually added topics, and AI is able to identify this type of topic, additional suggestions from AI may enhance these manually added topics
-Users with edit or create topics permissions can make updates to topic pages directly if they want to make corrections or add additional information.
+Users who you allow access to see topics in their daily work might be asked if the topic was useful to them. The system looks at these responses and uses them to improve the topic highlight, and help determine what's shown on topic summaries and in topic details.
Additionally, users with proper permissions can tag items such as Yammer conversation that are relevant to a topic, and add them to a specific topic.
+See [Topic discovery and curation](https://docs.microsoft.com/en-us/microsoft-365/knowledge/topic-experiences-discovery-curation)
+ ## See also
managed-desktop https://docs.microsoft.com/en-us/microsoft-365/managed-desktop/intro/technologies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/intro/technologies.md
@@ -32,12 +32,35 @@ Win32 Applications | Teams isn't shipped with the device, but is packaged and pr
Web Applications | Yammer, Office in a browser, Delve, Flow, StaffHub, PowerApps, and Planner aren't shipped with the device. Users can access the web version of these applications with a browser. + ## Windows 10 Enterprise E5 or E3 with Microsoft Defender for Endpoint
+Recommended
+ |
+ |
+[Windows Hello for Business](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-identity-verification) | Customers are recommended to implement Windows Hello for Business to replace passwords with strong two-factor authentication used on Microsoft Managed Desktop devices.
+[Application Virtualization](https://docs.microsoft.com/windows/application-management/app-v/appv-technical-reference) | Customers can deploy Application Virtualization (App-V) packages using the Intune Win32 app management client.
+[Microsoft 365 data loss prevention](https://docs.microsoft.com/microsoft-365/compliance/endpoint-dlp-learn-about) | Customers are recommend to implement Microsoft 365 data loss prevention (DLP) to monitor the actions that are being taken on items you've determined to be sensitive and to help prevent the unintentional sharing of those items.
+Included and managed in the service
| |
-Application Virtualization (App-V) | Customers can deploy App-V packages using the Intune Win32 app management client.
-Microsoft Defender for Endpoint | Microsoft Managed Desktop uses this product to monitor device security.
+[BitLocker Drive Encryption](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) | BitLocker Drive Encryption is used to encrypt all system drives.
+[Windows Defender System Guard]( https://docs.microsoft.com/windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows) | Protects the integrity of the system at start up and validates that system integrity has truly been maintained.
+[Windows Defender Credential Guard]( https://docs.microsoft.com/windows/security/identity-protection/credential-guard/credential-guard) | Windows Defender Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them.
+[Microsoft Defender for Endpoint | Endpoint Detection and Response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) | Microsoft Managed Desktop Security Operations responds to alerts and takes action to remediate threats using Endpoint Detection and Response.
+[Microsoft Defender for Endpoint | Threat Experts](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts) | Microsoft Managed Desktop integrates with Threat Experts insights and data through targeted attack notifications. Customers are required to provide additional consent before this service is enabled.
+[Microsoft Defender for Endpoint | Threat and Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) | Required for future use in the Microsoft Managed Desktop service plan.
+[Microsoft Defender for Endpoint | Attack Surface Reduction](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction) | Attack surface reduction targets risky software behaviors that are often abused by attackers.
+[Microsoft Defender for Endpoint | Exploit Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exploit-protection) | Protects against malware that uses exploits to infect devices and spread by automatically applying exploit mitigation techniques to both operating system processes and apps.
+[Microsoft Defender for Endpoint | Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) | Network protection expands the scope of Microsoft Defender SmartScreen to block all outbound HTTP(s) traffic that attempts to connect to low-reputation sources.
+[Microsoft Defender Tamper Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection) | Windows Tamper Protection is used to prevent security settings such as anti-virus protection from being changed.
+[Microsoft Defender Antivirus Behavior-based, heuristic, and real-time antivirus protection]( https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) | Always on scanning for file and process threats which may not be detected as malware.
+[Microsoft Defender Antivirus Cloud-delivered Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus) | Provides dynamic near-instant, automated protection against new and emerging threats.
+[Microsoft Defender Block at first sight](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus) | Provides detection and blocking of new malware when Windows detects a suspicious or unknown file.
+[Microsoft Defender AV Potentially Unwanted Applications](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus) | Potentially unwanted applications (PUA) is used to block apps that can cause your machine to run slowly, display unexpected ads, or at worst, install other software which might be unexpected or unwanted.
+[Windows Defender Firewall with Advanced Security](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security) | Host-based, two-way network traffic filtering for a device, Windows Defender Firewall blocks unauthorized network traffic flowing into or out of the local device.
+[User Account Control](https://docs.microsoft.com/windows/security/identity-protection/user-account-control/how-user-account-control-works) | User Account Control switches to the Secure Desktop when a task or action requires the administrator account type access. Microsoft Managed Desktop users are assigned Standard user access at enrollment.
+ ## Enterprise Mobility + Security E5
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-migrate-from-mdatp https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-migrate-from-mdatp.md
@@ -109,7 +109,66 @@ AlertInfo
| where FileName == "powershell.exe" ```
-## Related topics
+## Migrate custom detection rules
+
+When Microsoft Defender for Endpoint rules are edited on Microsoft 365 Defender, they continue to function as before if the resulting query looks at device tables only. For example, alerts generated by custom detection rules that query only device tables will continue to be delivered to your SIEM and generate email notifications, depending on how youΓÇÖve configured these in Microsoft Defender for Endpoint. Any existing suppression rules in Defender for Endpoint will also continue to apply.
+
+Once you edit a Defender for Endpoint rule so that it queries identity and email tables, which are only available in Microsoft 365 Defender, the rule is automatically moved to Microsoft 365 Defender.
+
+Alerts generated by the migrated rule:
+
+- Are no longer visible in the Defender for Endpoint portal (Microsoft Defender Security Center)
+- Stop being delivered to your SIEM or generate email notifications. To work around this change, configure notifications through Microsoft 365 Defender to get the alerts. You can use the [Microsoft 365 Defender API](api-incident.md) to receive notifications for customer detection alerts or related incidents.
+- Won't be suppressed by Microsoft Defender for Endpoint suppression rules. To prevent alerts from being generated for certain users, devices, or mailboxes, modify the corresponding queries to exclude those entities explicitly.
+
+If you do edit a rule this way, you will be prompted for confirmation before such changes are applied.
+
+New alerts generated by custom detection rules in Microsoft 365 Defender portal are displayed in an alert page that provides the following information:
+
+- Alert title and description
+- Impacted assets
+- Actions taken in response to the alert
+- Query results that triggered the alert
+- Information on the custom detection rule
+
+![Image of new alert page](../../media/newalertpage.png)
+
+## Write queries without DeviceAlertEvents
+
+In the Microsoft 365 Defender schema, the `AlertInfo` and `AlertEvidence` tables are provided to accommodate the diverse set of information that accompany alerts from various sources.
+
+To get the same alert information that you used to get from the `DeviceAlertEvents` table in the Microsoft Defender for Endpoint schema, filter the `AlertInfo` table by `ServiceSource` and then join each unique ID with the `AlertEvidence` table, which provides detailed event and entity information.
+
+See the sample query below:
+
+```kusto
+AlertInfo
+| where Timestamp > ago(7d)
+| where ServiceSource == "Microsoft Defender for Endpoint"
+| join AlertEvidence on AlertId
+```
+
+This query yields many more columns than `DeviceAlertEvents` in the Microsoft Defender for Endpoint schema. To keep results manageable, use `project` to get only the columns you are interested in. The example below projects columns you might be interested in when the investigation detected PowerShell activity:
+
+```kusto
+AlertInfo
+| where Timestamp > ago(7d)
+| where ServiceSource == "Microsoft Defender for Endpoint"
+ and AttackTechniques has "powershell"
+| join AlertEvidence on AlertId
+| project Timestamp, Title, AlertId, DeviceName, FileName, ProcessCommandLine
+```
+
+If you'd like to filter for specific entities involved in the alerts, you can do so by specifying the entity type in `EntityType` and the value you would like to filter for. The following example looks for a specific IP address:
+
+```kusto
+AlertInfo
+| where Title == "Insert_your_alert_title"
+| join AlertEvidence on AlertId
+| where EntityType == "Ip" and RemoteIP == "192.88.99.01"
+```
+
+## See also
- [Turn on Microsoft 365 Defender](advanced-hunting-query-language.md) - [Advanced hunting overview](advanced-hunting-overview.md) - [Understand the schema](advanced-hunting-schema-tables.md)
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/custom-detection-rules https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/custom-detection-rules.md
@@ -202,7 +202,8 @@ In the rule details screen (**Hunting** > **Custom detections** > **[Rule name]*
>[!TIP] >To quickly view information and take action on an item in a table, use the selection column [&#10003;] at the left of the table.
-## Related topic
+## See also
- [Custom detections overview](custom-detections-overview.md) - [Advanced hunting overview](advanced-hunting-overview.md) - [Learn the advanced hunting query language](advanced-hunting-query-language.md)
+- [Migrate advanced hunting queries from Microsoft Defender for Endpoint](advanced-hunting-migrate-from-mdatp.md)
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/custom-detections-overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/custom-detections-overview.md
@@ -36,6 +36,7 @@ Custom detections provide:
- Alerts for rule-based detections built from advanced hunting queries - Automatic response actions
-## Related topic
+## See also
- [Create and manage custom detection rules](custom-detection-rules.md) - [Advanced hunting overview](advanced-hunting-overview.md)
+- [Migrate advanced hunting queries from Microsoft Defender for Endpoint](advanced-hunting-migrate-from-mdatp.md)
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/top-scoring-industry-tests https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/top-scoring-industry-tests.md
@@ -50,11 +50,11 @@ Microsoft Defender Antivirus is the [next generation protection](https://www.you
The AV-TEST Product Review and Certification Report tests on three categories: protection, performance, and usability. The following scores are for the Protection category that has two scores: Real-World Testing and the AV-TEST reference set (known as "Prevalent Malware").
-**Download the latest transparency report: [Examining AV-TEST results, January-February 2020](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4CflZ)**
+- November - December 2020 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/december-2020/microsoft-defender-antivirus-4.18-205017/) <sup>**Latest**</sup>
-- September - October 2020 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/october-2020/microsoft-defender-antivirus-4.18-204116/) <sup>**Latest**</sup>
+ Microsoft Defender Antivirus achieved a perfect Protection score of 6.0/6.0, with 100% in November and December. 11,382 malware samples were used.
- Microsoft Defender Antivirus achieved a perfect Protection score of 6.0/6.0, with 100% in September and October. 12,650 malware samples were used.
+- September - October 2020 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/october-2020/microsoft-defender-antivirus-4.18-204116/)
- July - August 2020 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/august-2020/microsoft-defender-antivirus-4.18-203215/)
@@ -64,17 +64,15 @@ The AV-TEST Product Review and Certification Report tests on three categories: p
- January - February 2020 AV-TEST Business User test: [Protection score 5.5/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/february-2020/microsoft-windows-defender-antivirus-4.18-200614/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4CflZ) -- November - December 2019 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/december-2019/microsoft-windows-defender-antivirus-4.18-195015/)--- September - October 2019 AV-TEST Business User test: [Protection score 5.5/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/october-2019/microsoft-windows-defender-antivirus-4.18-194115/)-
-### AV-Comparatives: Protection rating of 99.7% in the latest test
+### AV-Comparatives: Protection rating of 99.8% in the latest test
Business Security Test consists of three main parts: the Real-World Protection Test that mimics online malware attacks, the Malware Protection Test where the malware enters the system from outside the internet (for example by USB), and the Performance Test that looks at the impact on the system's performance. -- Business Security Test 2020 (March - June): [Real-World Protection Rate 99.7%](https://www.av-comparatives.org/tests/business-security-test-2020-march-june/) <sup>**Latest**</sup>
+- Business Security Test 2020 (August - November): [Real-World Protection Rate 99.8%](https://www.av-comparatives.org/tests/business-security-test-2020-august-november/) <sup>**Latest**</sup>
+
+ Microsoft Defender Antivirus has scored consistently high in Real-World Protection Rates over the past year, with 99.8% in the latest test.
- Microsoft Defender Antivirus has scored consistently high in Real-World Protection Rates over the past year, with 99.7% in the latest test.
+- Business Security Test 2020 (March - June): [Real-World Protection Rate 99.7%](https://www.av-comparatives.org/tests/business-security-test-2020-march-june/)
- Business Security Test 2019 (August - November): [Real-World Protection Rate 99.6%](https://www.av-comparatives.org/tests/business-security-test-2019-august-november/)
@@ -84,22 +82,16 @@ Business Security Test consists of three main parts: the Real-World Protection T
SE Labs test a range of solutions used by products and services to detect and/or protect against attacks. It includes endpoint software, network appliances, and cloud services.
-**Download the latest transparency report: [Examining SE Labs test results, January-March 2020](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4C7Iq)**
+- Enterprise Endpoint Protection October - December 2020: [AAA award](https://selabs.uk/reports/enterprise-endpoint-protection-2020-q4/) <sup>**Latest**</sup>
-- Enterprise Endpoint Protection July - September 2020: [AAA award](https://selabs.uk/reports/epp-enterprise-20q3-security-testing/) <sup>**Latest**</sup>
+ Microsoft's next-gen protection product stopped all public and targeted attacks. Microsoft Defender Antivirus achieved such good results with it's ability to block malicious URLs, handle exploits, and correctly classify legitimate applications and websites.
- Microsoft's next-gen protection product stopped all targeted attacks
- but missed a handful of public threats.
+- Enterprise Endpoint Protection July - September 2020: [AAA award](https://selabs.uk/reports/epp-enterprise-20q3-security-testing/)
- Enterprise Endpoint Protection April - June 2020: [AAA award](https://selabs.uk/reports/epp-ent-20q2-security-testing/) - Enterprise Endpoint Protection January - March 2020: [AAA award](https://selabs.uk/download/enterprise/essp/2020/mar-2020-essp.pdf) <sup>**pdf**</sup> | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4C7Iq) -- Enterprise Endpoint Protection October - December 2019: [AAA award](https://selabs.uk/download/enterprise/epp/2019/oct-dec-2019-enterprise.pdf) <sup>**pdf**</sup>--- Enterprise Endpoint Protection July - September 2019: [AAA award](https://selabs.uk/download/enterprise/epp/2019/jul-sep-2019-enterprise.pdf) <sup>**pdf**</sup> | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4kagp)-- ## Endpoint detection & response Microsoft Defender for Endpoint [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats.
@@ -120,6 +112,6 @@ Independent security industry tests aim to evaluate the best antivirus and secur
The capabilities within Microsoft Defender for Endpoint provide [additional layers of protection](https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses) that aren't factored into industry antivirus tests, and address some of the latest and most sophisticated threats. Isolating AV from the rest of Defender for Endpoint creates a partial picture of how Microsoft's security stack operates in the real world. For example, attack surface reduction and endpoint detection & response capabilities can help prevent malware from getting onto devices in the first place. We've proven that [Microsoft Defender for Endpoint components catch samples](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA) that Microsoft Defender Antivirus missed in these industry tests. It's more representative of how effectively Microsoft's security suite protects customers in the real world.
-[Learn more about Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection) and evaluate it in your own network by signing up for a [90-day trial of Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp), or [enabling Preview features on existing tenants](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/preview).
+[Learn more about Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection) and evaluate it in your own network by signing up for a [90-day trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp), or [enabling Preview features on existing tenants](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/preview).
[Learn more about Microsoft 365 Defender](https://www.microsoft.com/security/business/threat-protection/integrated-threat-protection) or [start using the service](https://docs.microsoft.com/microsoft-365/security/mtp/mtp-enable).
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-atp-safe-attachments-policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/set-up-atp-safe-attachments-policies.md
@@ -57,8 +57,8 @@ In Exchange Online PowerShell or standalone EOP PowerShell, you manage the polic
- To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-exchange-online-powershell). To connect to standalone EOP PowerShell, see [Connect to Exchange Online Protection PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-exchange-online-protection-powershell). - You need to be assigned permissions before you can do the procedures in this article:
- - To create, modify, and delete Safe Links policies, you need to be a member of the **Organization Management** or **Security Administrator** role groups in the Security & Compliance Center **and** a member of the **Organization Management** role group in Exchange Online.
- - For read-only access to Safe Links policies, you need to be a member of the **Global Reader** or **Security Reader** role groups in the Security & Compliance Center.
+ - To create, modify, and delete Safe Attachments policies, you need to be a member of the **Organization Management** or **Security Administrator** role groups in the Security & Compliance Center **and** a member of the **Organization Management** role group in Exchange Online.
+ - For read-only access to Safe Attachments policies, you need to be a member of the **Global Reader** or **Security Reader** role groups in the Security & Compliance Center.
For more information, see [Permissions in the Security & Compliance Center](permissions-in-the-security-and-compliance-center.md) and [Permissions in Exchange Online](https://docs.microsoft.com/exchange/permissions-exo/permissions-exo).