Updates from: 02/03/2024 05:36:29
Category Microsoft Docs article Related commit history on GitHub Change details
microsoft-365-copilot-overview Microsoft 365 Copilot Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/copilot/microsoft-365-copilot-overview.md
Microsoft Copilot for Microsoft 365 iteratively processes and orchestrates these
## Semantic Index
-The semantic index brings a whole new world of understanding to your data in Microsoft 365. Through enhanced interactions with your individual and company data via the Microsoft Graph, and the creation of a new index, the semantic index is an improvement to Microsoft 365 search that lays the foundation for the next generation of Search and Copilot experiences. The semantic index respects security and policies in the Microsoft Graph so that when a user issues a query either directly via search or in Microsoft Copilot, it's always in the security context of the user, and only content that a user has access to is returned.
+Through enhanced interactions with your individual and company data via the Microsoft Graph, and the creation of a new index, the semantic index is an improvement to Microsoft 365 search that lays the foundation for the next generation of Search and Copilot experiences. The semantic index respects security and policies in the Microsoft Graph so that when a user issues a query either directly via search or in Microsoft Copilot, it's always in the security context of the user, and only content that a user has access to is returned.
To learn more, see [Semantic Index for Copilot](/MicrosoftSearch/semantic-index-for-copilot).
microsoft-365-copilot-requirements Microsoft 365 Copilot Requirements https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/copilot/microsoft-365-copilot-requirements.md
Copilot services connect to endpoints contained within the [Microsoft 365 endpo
There are many Copilot experiences, including some core experiences like Excel, Word, PowerPoint, Teams, and Loop, that use WebSocket connections (wss://) from the device running the Microsoft 365 app to a Microsoft service. So, to use these Copilot experiences, WebSocket connections must be allowed from user endpoints to the endpoints listed in our endpoint taxonomy, specifically in ID number 147 in the section for [Microsoft 365 Common and Office Online](/microsoft-365/enterprise/urls-and-ip-address-ranges).
-## Conditional Access
+## More resources
-While Copilot supports Conditional Access Policies in SharePoint Online configured to target "all cloud apps" or "Office 365 group," Microsoft Copilot does not currently support Conditional Access policies configured to the SharePoint Online app directly. We anticipate deploying a change in coming weeks.
-
-## Restricted Access Control
-
-Microsoft Copilot does not currently support Restricted Access Control and Microsoft Purview Information Barriers (Implicit and Owner moderated mode) on sites. Support for both policies is intended.  We anticipate deploying a change in coming weeks.
+- [Microsoft Copilot for Microsoft 365 setup guide](https://admin.microsoft.com/Adminportal/Home?Q=learndocs#/modernonboarding/microsoft365copilotsetupguide)
+- [Microsoft 365 AI help and learning](https://support.microsoft.com/copilot)
+- [Microsoft Copilot for Microsoft 365 - Microsoft Community Hub](https://techcommunity.microsoft.com/t5/microsoft-365-copilot/ct-p/Microsoft365Copilot)
enterprise Sync Users Multi Tenant Orgs https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/sync-users-multi-tenant-orgs.md
Title: Synchronize users in multitenant organizations in Microsoft 365 (Preview) - Previously updated : 08/17/2023+ Last updated : 02/02/2024 audience: ITPro
There are two ways to set up user synchronization:
Both methods use cross-tenant synchronization in Microsoft Entra ID.
-If you want to synchronize the same users with all the other tenants in a multitenant organization, we recommend sharing users in the Microsoft 365 admin center. This will create the necessary configurations in Microsoft Entra ID for you.
+If you want to synchronize the same users with all the other tenants in a multitenant organization, we recommend sharing users in the Microsoft 365 admin center. This creates the necessary configurations in Microsoft Entra ID for you.
If you want to synchronize different users to different tenants, then you must configure cross-tenant synchronization directly in Microsoft Entra ID.
When you set up user synchronization with another tenant in a multitenant organi
You can change the properties that are synchronized after the synchronization has been configured. For more information, see [Configure cross-tenant synchronization](/azure/active-directory/multi-tenant-organizations/cross-tenant-synchronization-configure#step-9-review-attribute-mappings).
+#### Profile card experience
+
+The [profile card](https://support.microsoft.com/office/e80f931f-5fc4-4a59-ba6e-c1e35a85b501) is a feature that allows users to view information about another user, such as email, phone number, and office location. It's available in most Microsoft 365 apps like Teams, Outlook, SharePoint and Viva Engage. Users in multitenant organizations can see information about users in other tenants that are part of the multitenant organization. What users can see depends on what data is being synchronized between the tenants. (Note that some properties [require additional configuration](/entra/identity/multi-tenant-organizations/cross-tenant-synchronization-overview#attributes) to be displayed.)
+
+The [new Teams desktop client](/microsoftteams/new-teams-desktop-admin) fetches some data directly from the other tenants in the multitenant organization to create a richer experience. In a multitenant organization, when a user looks at the profile card for a user in another tenant in Teams, the name, contact information, and job information is available in 1:1 chats and shared channels without the need for property synchronization to be configured. (These properties are retrieved by Microsoft Entra cross-tenant access and Teams external access.) To see these properties elsewhere in Teams, such as channels, group chats, and chats with guest accounts, you need to include them as part of user synchronization.
+
+In a multitenant organization, the profile picture is always available and is retrieved from the user's home tenant.
+
+For the most consistent profile card experience, keep in mind the following:
+
+- Don't change property values as they're synced, or users will see different values in different tenants.
+- [LinkedIn account connections](/entra/identity/users/linkedin-integration) configurations may vary across tenants.
+ ## Users synchronized to your tenant from other tenants Users synchronized to your tenant from other tenants in your multitenant organization are synchronized as [Microsoft Entra members rather than guests](/azure/active-directory/external-identities/user-properties).
enterprise View Licensed And Unlicensed Users With Microsoft 365 Powershell https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/view-licensed-and-unlicensed-users-with-microsoft-365-powershell.md
Title: "View licensed and unlicensed Microsoft 365 users with PowerShell"
Previously updated : 12/18/2023 Last updated : 02/01/2024 audience: Admin
- PowerShell - seo-marvel-apr2020 - has-azure-ad-ps-ref
+ - azure-ad-ref-level-one-done
ms.assetid: e4ee53ed-ed36-4993-89f4-5bec11031435 description: This article explains how to use PowerShell to view licensed and unlicensed Microsoft 365 user accounts.
description: This article explains how to use PowerShell to view licensed and un
User accounts in your Microsoft 365 organization may have some, all, or none of the available licenses assigned to them from the licensing plans that are available in your organization. You can use PowerShell for Microsoft 365 to quickly find the licensed and unlicensed users in your organization.
+>[!NOTE]
+> The Azure Active Directory module is being replaced by the Microsoft Graph PowerShell SDK. You can use the Microsoft Graph PowerShell SDK to access all Microsoft Graph APIs. For more information, see [Get started with the Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/get-started).
+ ## Use the Microsoft Graph PowerShell SDK
-First, [connect to your Microsoft 365 tenant](/graph/powershell/get-started#authentication).
+First, [connect to Microsoft 365 with PowerShell](connect-to-microsoft-365-powershell.md).
Reading user properties including license details requires the User.Read.All permission scope or one of the other permissions listed in the ['Get a user' Graph API reference page](/graph/api/user-get).
Get-MgUser -Filter "assignedLicenses/any(x:x/skuId eq $($e5sku.SkuId) )" -Consis
Write-Host "Found $e5licensedUserCount E5 licensed users." ```
-## Use the Azure Active Directory PowerShell for Graph module
-
-First, [connect to your Microsoft 365 tenant](connect-to-microsoft-365-powershell.md#connect-with-the-azure-active-directory-powershell-for-graph-module).
-
-To view the list of all user accounts in your organization that have NOT been assigned any of your licensing plans (unlicensed users), run the following command:
-
-```powershell
-Get-AzureAdUser | ForEach{ $licensed=$False ; For ($i=0; $i -le ($_.AssignedLicenses | Measure).Count ; $i++) { If( [string]::IsNullOrEmpty( $_.AssignedLicenses[$i].SkuId ) -ne $True) { $licensed=$true } } ; If( $licensed -eq $false) { Write-Host $_.UserPrincipalName} }
-```
-
-To view the list of all user accounts in your organization that have been assigned any of your licensing plans (licensed users), run the following command:
-
-```powershell
-Get-AzureAdUser | ForEach { $licensed=$False ; For ($i=0; $i -le ($_.AssignedLicenses | Measure).Count ; $i++) { If( [string]::IsNullOrEmpty( $_.AssignedLicenses[$i].SkuId ) -ne $True) { $licensed=$true } } ; If( $licensed -eq $true) { Write-Host $_.UserPrincipalName} }
-```
-
->[!Note]
->To list all of the users in your subscription, use the `Get-AzureAdUser -All $true` command.
-
-## Use the Microsoft Azure Active Directory module for Windows PowerShell
-
-First, [connect to your Microsoft 365 tenant](connect-to-microsoft-365-powershell.md#connect-with-the-microsoft-azure-active-directory-module-for-windows-powershell).
-
-To view the list of all user accounts and their licensing status in your organization, run the following command in PowerShell:
-
-```powershell
-Get-MsolUser -All
-```
-
->[!Note]
->PowerShell Core does not support the Microsoft Azure Active Directory module for Windows PowerShell module and cmdlets with **Msol** in their name. To continue using these cmdlets, you must run them from Windows PowerShell.
-
-To view the list of all unlicensed user accounts in your organization, run the following command:
-
-```powershell
-Get-MsolUser -All -UnlicensedUsersOnly
-```
-
-To view the list of all licensed user accounts in your organization, run the following command:
-
-```powershell
-Get-MsolUser -All | where {$_.isLicensed -eq $true}
-```
- ## See also [Manage Microsoft 365 user accounts, licenses, and groups with PowerShell](manage-user-accounts-and-licenses-with-microsoft-365-powershell.md)
enterprise View Licenses And Services With Microsoft 365 Powershell https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/view-licenses-and-services-with-microsoft-365-powershell.md
Title: "View Microsoft 365 licenses and services with PowerShell"
Previously updated : 12/18/2023 Last updated : 02/01/2024 audience: Admin
- LIL_Placement - PowerShell - has-azure-ad-ps-ref
+ - azure-ad-ref-level-one-done
ms.assetid: bb5260a9-a6a3-4f34-b19a-06c6699f6723 description: "Explains how to use PowerShell to view information about the licensing plans, services, and licenses that are available in your Microsoft 365 organization."
For more information about the products, features, and services that are availab
## Use the Microsoft Graph PowerShell SDK
-First, [connect to your Microsoft 365 tenant](/graph/powershell/get-started#authentication).
+>[!NOTE]
+> The Azure Active Directory module is being replaced by the Microsoft Graph PowerShell SDK. You can use the Microsoft Graph PowerShell SDK to access all Microsoft Graph APIs. For more information, see [Get started with the Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/get-started).
+
+First, [connect to your Microsoft 365 tenant](connect-to-microsoft-365-powershell.md).
Reading subscription license plans requires the **Organization.Read.All** permission scope or one of the other permissions listed in the ['List subscribedSkus' Graph API reference page](/graph/api/subscribedsku-list).
ENTERPRISEPREMIUM is the third row. Therefore, the index value is (3 - 1), or 2.
For a complete list of license plans (also known as product names), their included service plans, and their corresponding friendly names, see [Product names and service plan identifiers for licensing](/azure/active-directory/users-groups-roles/licensing-service-plan-reference).
-## Use the Azure Active Directory PowerShell for Graph module
-
-First, [connect to your Microsoft 365 tenant](connect-to-microsoft-365-powershell.md#connect-with-the-azure-active-directory-powershell-for-graph-module).
-
-To view summary information about your current licensing plans and the available licenses for each plan, run this command:
-
-```powershell
-Get-AzureADSubscribedSku | Select -Property Sku*,ConsumedUnits -ExpandProperty PrepaidUnits
-```
-
-The results contain:
-
-- **SkuPartNumber:** Shows the available licensing plans for your organization. For example, `ENTERPRISEPACK` is the license plan name for Office 365 Enterprise E3.--- **Enabled:** Number of licenses that you've purchased for a specific licensing plan.--- **ConsumedUnits:** Number of licenses that you've assigned to users from a specific licensing plan.-
-To view details about the Microsoft 365 services that are available in all of your license plans, first display a list of your license plans.
-
-```powershell
-Get-AzureADSubscribedSku | Select SkuPartNumber
-```
-
-Next, store the license plans information in a variable.
-
-```powershell
-$licenses = Get-AzureADSubscribedSku
-```
-
-Next, display the services in a specific license plan.
-
-```powershell
-$licenses[<index>].ServicePlans
-```
-
-\<index> is an integer that specifies the row number of the license plan from the display of the `Get-AzureADSubscribedSku | Select SkuPartNumber` command, minus 1.
-
-For example, if the display of the `Get-AzureADSubscribedSku | Select SkuPartNumber` command is this:
-
-```powershell
-SkuPartNumber
--
-WIN10_VDA_E5
-EMSPREMIUM
-ENTERPRISEPREMIUM
-FLOW_FREE
-```
-
-Then the command to display the services for the ENTERPRISEPREMIUM license plan is this:
-
-```powershell
-$licenses[2].ServicePlans
-```
-
-ENTERPRISEPREMIUM is the third row. Therefore, the index value is (3 - 1), or 2.
-
-For a complete list of license plans (also known as product names), their included service plans, and their corresponding friendly names, see [Product names and service plan identifiers for licensing](/azure/active-directory/users-groups-roles/licensing-service-plan-reference).
-
-## Use the Microsoft Azure Active Directory module for Windows PowerShell
-
-First, [connect to your Microsoft 365 tenant](connect-to-microsoft-365-powershell.md#connect-with-the-microsoft-azure-active-directory-module-for-windows-powershell).
-
->[!Note]
->A PowerShell script is available that automates the procedures described in this topic. Specifically, the script lets you view and disable services in your Microsoft 365 organization, including Sway. For more information, see [Disable access to Sway with PowerShell](disable-access-to-sway-with-microsoft-365-powershell.md).
->
-
-To view summary information about your current licensing plans and the available licenses for each plan, run the following command:
-
-```powershell
-Get-MsolAccountSku
-```
-
->[!Note]
->PowerShell Core does not support the Microsoft Azure Active Directory module for Windows PowerShell module and cmdlets with **Msol** in their name. To continue using these cmdlets, you must run them from Windows PowerShell.
->
-
-The results contain the following information:
-
-- **AccountSkuId:** Show the available licensing plans for your organization by using the syntax `<CompanyName>:<LicensingPlan>`. *\<CompanyName>* is the value that you provided when you enrolled in Microsoft 365, and is unique for your organization. The *\<LicensingPlan>* value is the same for everyone. For example, in the value `litwareinc:ENTERPRISEPACK`, the company name is `litwareinc`, and the licensing plan name `ENTERPRISEPACK`, which is the system name for Office 365 Enterprise E3.--- **ActiveUnits:** Number of licenses that you've purchased for a specific licensing plan.--- **WarningUnits:** Number of licenses in a licensing plan that you haven't renewed, and that will expire after the 30-day grace period.--- **ConsumedUnits:** Number of licenses that you've assigned to users from a specific licensing plan.-
-To view details about the Microsoft 365 services that are available in all of your license plans, run the following command:
-
-```powershell
-Get-MsolAccountSku | Select -ExpandProperty ServiceStatus
-```
-
-The following table shows the Microsoft 365 service plans and their friendly names for the most common services. Your list of service plans might be different.
-
-|**Service plan**|**Description**|
-|:--|:--|
-| `SWAY` <br/> |Sway <br/> |
-| `TEAMS1` <br/> |Microsoft Teams <br/> |
-| `YAMMER_ENTERPRISE` <br/> |Viva Engage <br/> |
-| `RMS_S_ENTERPRISE` <br/> |Azure Rights Management (RMS) <br/> |
-| `OFFICESUBSCRIPTION` <br/> |Microsoft 365 Apps for enterprise *(previously named Office 365 ProPlus)* <br/> |
-| `MCOSTANDARD` <br/> |Skype for Business Online <br/> |
-| `SHAREPOINTWAC` <br/> |Office <br/> |
-| `SHAREPOINTENTERPRISE` <br/> |SharePoint Online <br/> |
-| `EXCHANGE_S_ENTERPRISE` <br/> |Exchange Online Plan 2 <br/> |
-
-For a complete list of license plans (also known as product names), their included service plans, and their corresponding friendly names, see [Product names and service plan identifiers for licensing](/azure/active-directory/users-groups-roles/licensing-service-plan-reference).
-
-To view details about the Microsoft 365 services that are available in a specific licensing plan, use the following syntax.
-
-```powershell
-(Get-MsolAccountSku | where {$_.AccountSkuId -eq "<AccountSkuId>"}).ServiceStatus
-```
-
-This example shows the services that are available in the litwareinc:ENTERPRISEPACK (Office 365 Enterprise E3) licensing plan.
-
-```powershell
-(Get-MsolAccountSku | where {$_.AccountSkuId -eq "litwareinc:ENTERPRISEPACK"}).ServiceStatus
-```
- ## See also [Manage Microsoft 365 user accounts, licenses, and groups with PowerShell](manage-user-accounts-and-licenses-with-microsoft-365-powershell.md)
frontline Set Up Targeted Communications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/set-up-targeted-communications.md
appliesto: - Microsoft Teams - Microsoft 365 for frontline workers Previously updated : 01/10/2024 Last updated : 02/02/2024
Map your attributes on the Map frontline attributes page of the [deploy frontlin
After you mapped your attributes, you can view your list of mapped values. These values are used for targeted communications and represent the unique departments and job titles in your organization.
-1. In the left navigation of the [Teams admin center](https://admin.teams.microsoft.com), choose **Teams** > **Manage frontline apps**.
+1. In the left navigation of the [Teams admin center](https://admin.teams.microsoft.com), choose **Frontline deployment** > **Manage frontline apps**.
1. In the table, next to **Targeted communications**, choose **Review**. 1. Your mapped values are listed under **Values status**.
security Attack Surface Reduction Rules Reference https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference.md
ms.localizationpriority: medium
audience: ITPro -+
- m365-security - tier2 - mde-asr Previously updated : 11/30/2023 Last updated : 02/02/2024 search.appverid: met150
search.appverid: met150
- Windows
-This article provides information about Microsoft Defender for Endpoint attack surface reduction rules:
+This article provides information about Microsoft Defender for Endpoint attack surface reduction rules (ASR rules):
- [ASR rules supported operating system versions](#asr-rules-supported-operating-systems) - [ASR rules supported configuration management systems](#asr-rules-supported-configuration-management-systems)
This article provides information about Microsoft Defender for Endpoint attack s
## Attack surface reduction rules by type
-ASR rules are categorized as one of two types:
+Attack surface reduction rules are categorized as one of two types:
- **Standard protection rules**: Are the minimum set of rules which Microsoft recommends you always enable, while you are evaluating the impact and configuration needs of the other ASR rules. These rules typically have minimal-to-no noticeable impact on the end user.
Dependencies: Microsoft Defender Antivirus, RPC
This rule blocks code injection attempts from Office apps into other processes.
+> [!IMPORTANT]
+> This rule requires restarting Microsoft 365 Apps (Office applications) for the configuration changes to take effect.
+ Attackers might attempt to use Office apps to migrate malicious code into other processes through code injection, so the code can masquerade as a clean process. There are no known legitimate business purposes for using code injection.
security Collect Diagnostic Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/collect-diagnostic-data.md
ms.localizationpriority: medium
Previously updated : 08/22/2023 Last updated : 02/02/2024
On at least two devices that are experiencing the same issue, obtain the `.cab`
mpcmdrun.exe -GetFiles ```
-4. A `.cab` file is generated that contains various diagnostic logs. The location of the file is specified in the output in the command prompt. By default, the location is `C:\ProgramData\Microsoft\Microsoft Defender\Support\MpSupportFiles.cab`.
+4. A `.cab` file is generated that contains various diagnostic logs. The location of the file is specified in the output in the command prompt. By default, the location is `C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab`.
> [!NOTE] > To redirect the cab file to a different path or UNC share, use the following command:
security Network Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/network-protection.md
Title: Use network protection to help prevent connections to bad sites
description: Protect your network by preventing users from accessing known malicious and suspicious network addresses ms.localizationpriority: medium Previously updated : 09/13/2023 Last updated : 02/02/2024 audience: ITPro -+
The following table summarizes network protection areas of coverage.
| Feature | Microsoft Edge | 3rd-party browsers | Non-browser processes <br> (e.g. PowerShell) | |:|:|:|:|
-| Web Threat Protection | SmartScreen must be enabled | NP has to be in block mode | NP has to be in block mode |
-| Custom Indicators | SmartScreen must be enabled | NP has to be in block mode | NP has to be in block mode |
-| Web Content Filtering | SmartScreen must be enabled | NP has to be in block mode | Not supported |
+| Web Threat Protection | SmartScreen must be enabled | Network protection must be in block mode | Network protection must be in block mode |
+| Custom Indicators | SmartScreen must be enabled | Network protection must be in block mode | Network protection must be in block mode |
+| Web Content Filtering | SmartScreen must be enabled | Network protection must be in block mode | Not supported |
> [!NOTE] > On Mac and Linux, you must have network protection in block mode to get support for these features in Edge.
The following table summarizes network protection areas of coverage.
> - Encrypted URLs (FQDN only) can be blocked in third party browsers (i.e. other than Internet Explorer, Edge). > - Full URL path blocks can be applied for unencrypted URLs. >
-> There may be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked.
+> There might be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked.
Watch this video to learn how Network protection helps reduce the attack surface of your devices from phishing scams, exploits, and other malicious content. > [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4r4yZ]
Verify whether network protection is enabled on a local device by using Registry
For additional information, see: [Turn on network protection](enable-network-protection.md)
-##### Network protection suggestion
+#### Network protection suggestion
For Windows Server 2012R2/2016 unified MDE client, Windows Server version 1803 or newer, Windows Server 2019 or newer, and Windows 10 Enterprise Multi-Session 1909 and up (used in Windows Virtual Desktop on Azure), there are additional registry keys that must be enabled:
-**HKEY_LOCAL_MACHINE**\**SOFTWARE**\**Policies**\**Microsoft**\**Windows Defender**\**Windows Defender Exploit Guard**\**Network Protection**
+**HKEY_LOCAL_MACHINE**\\**SOFTWARE**\\**Microsoft**\\**Windows Defender**\\**Windows Defender Exploit Guard**\\**Network Protection**
-**AllowNetworkProtectionDownLevel** (dword) 1 (hex)
-**AllowNetworkProtectionOnWinServer** (dword) 1 (hex)
-**EnableNetworkProtection** (dword) 1 (hex)
+- **AllowNetworkProtectionOnWinServer** (dword) 1 (hex)
+- **EnableNetworkProtection** (dword) 1 (hex)
+- **AllowNetworkProtectionDownLevel** (dword) 1 (hex) - Windows Server 2012R2 and Windows Server 2016 only
> [!NOTE] > Depending on your infrastructure, volume of traffic, and other conditions, **HKEY_LOCAL_MACHINE**\\**SOFTWARE**\\**Policies**\\**Microsoft**\\**Windows Defender** \\**NIS**\\**Consumers**\\**IPS** - **AllowDatagramProcessingOnWinServer (dword) 1 (hex)** can have an effect on network performance.
security Web Content Filtering https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/web-content-filtering.md
description: Use web content filtering in Microsoft Defender for Endpoint to tra
+ ms.localizationpriority: medium Previously updated : 12/07/2023 Last updated : 02/02/2024 audience: ITPro
Configure policies across your device groups to block certain categories. Blocki
Web content filtering is available on the major web browsers, with blocks performed by Windows Defender SmartScreen (Microsoft Edge) and network protection (Chrome, Firefox, Brave, and Opera). For more information about browser support, see the [prerequisites](#prerequisites) section. > [!NOTE]
-> Web content filtering is restricted to browsers via process name. This means that web content filtering doesn't work when there is a local proxy application in place (such as Fiddler, ZScaler), due to the process name being masked.
+> Web content filtering does not apply policies to isolated browser sessions (i.e. Microsoft Defender Application Guard). The feature is also restricted to specific browsers via process name. This means that web content filtering doesn't work when there is a local proxy application in place (such as Fiddler, ZScaler), due to the process name being masked.
## Benefits of web content filtering
security Defender Vulnerability Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management.md
ms.localizationpriority: medium -- Tier1
+- tier1
- m365-security
+- essentials-overview
search.appverid: met150 audience: ITPro Last updated 01/08/2023
security Get Defender Vulnerability Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/get-defender-vulnerability-management.md
ms.localizationpriority: medium
f1.keywords: NOCSH - m365-security-- Tier1
+- tier1
+- essentials-get-started
Last updated 08/01/2023
security Mdvm Onboard Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/mdvm-onboard-devices.md
audience: ITPro
- m365-security - tier1
+ - essentials-manage
search.appverid: met150
security Tvm Prerequisites https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/tvm-prerequisites.md
ms.localizationpriority: medium
audience: ITPro -- M365-security-- Tier2
+- m365-security
+- tier2
+- essentials-get-started
search.appverid: met150 Last updated 03/04/2022
security Defender For Office 365 Whats New https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/defender-for-office-365-whats-new.md
f1.keywords: NOCSH
ms.localizationpriority: medium Previously updated : 01/22/2024 Last updated : 2/2/2024 audience: ITPro
For more information on what's new with other Microsoft Defender security produc
## January 2024
+- **New training modules available in Attack Simulation Training**: Teach your users to recognize and protect themselves against QR code phishing attacks. For more information, see [this blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/train-your-users-to-be-more-resilient-against-qr-code-phishing/ba-p/4022667).
- **Providing intent while submitting is now generally available**: Admins can identify if they're submitting an item to Microsoft for a second opinion or they're submitting the message because it's malicious and was missed by Microsoft. With this change, Microsoft analysis of admin submitted messages (email and Microsoft Teams), URLs, and email attachments is further streamlined and results in a more accurate analysis. [Learn more](submissions-admin.md). ## December 2023
+- **QR code related phishing protection within Exchange Online Protection and Microsoft Defender for Office 365**: New detection capabilities using image detection, threat signals, URL analysis now extracts QR codes from URLs and blocks QR code based phishing attacks from the body of an email. To learn more, see our [blog](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/protect-your-organizations-against-qr-code-phishing-with/ba-p/4007041).
- **Microsoft Defender XDR Unified RBAC is now generally available**: Defender XDR Unified RBAC supports all Defender for Office 365 scenarios that were previously controlled by [Email & collaboration permissions](mdo-portal-permissions.md) and [Exchange Online permissions](/exchange/permissions-exo/permissions-exo). To learn more about the supported workloads and data resources, see [Microsoft Defender XDR Unified role-based access control (RBAC)](/microsoft-365/security/defender/manage-rbac). > [!TIP]