Updates from: 02/04/2021 04:11:58
Category Microsoft Docs article Related commit history on GitHub Change details
admin https://docs.microsoft.com/en-us/microsoft-365/admin/productivity/communication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/productivity/communication.md
@@ -154,7 +154,7 @@ We also provide you with information that helps you gain visibility into how you
- **People sending Channel messages:** The colored portion and the fraction represent the use of channel messages within people sending messages on Microsoft Teams. The fraction is constructed from:
- - **Numerator:** People who sent chat messages on Microsoft Teams in the last 28 days.
+ - **Numerator:** People who sent channel messages on Microsoft Teams in the last 28 days.
- **Denominator:** People who sent messages on Microsoft Teams in the last 28 days. 4. **View related content:** Select this link to view collated videos, and other related help content.
admin https://docs.microsoft.com/en-us/microsoft-365/admin/services-in-china/parity-between-azure-information-protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/services-in-china/parity-between-azure-information-protection.md
@@ -46,6 +46,8 @@ The following list includes the existing gaps between AIP for Office 365 operate
- The [Mobile Viewer](/azure/information-protection/rms-client/mobile-app-faq) is not supported by Azure China 21Vianet.
+- The AIP area of the Azure portal is unavailable to customers in China. Use [PowerShell commands](#step-5-install-the-aip-on-premises-scanner-and-manage-content-scan-jobs) instead of performing actions in the portal, such as installing the on-premises scanner and managing your content scan jobs.
+ ## Configure AIP for customers in China To configure AIP for customers in China:
@@ -153,4 +155,4 @@ When installing the scanner and managing your content scan jobs, use the followi
| [Set-AIPScannerContentScanJob](/powershell/module/azureinformationprotection/set-aipscannercontentscanjob) | Defines settings for your content scan job. | | [Set-AIPScannerRepository](/powershell/module/azureinformationprotection/set-aipscannerrepository) | Defines settings for an existing repository in your content scan job. |
-For more information, see [What is the Azure Information Protection unified labeling scanner?](/azure/information-protection/deploy-aip-scanner) and [Manage your content scan jobs using PowerShell only](/azure/information-protection/deploy-aip-scanner-prereqs#use-powershell-with-a-disconnected-computer).
+For more information, see [What is the Azure Information Protection unified labeling scanner?](/azure/information-protection/deploy-aip-scanner) and [Manage your content scan jobs using PowerShell only](/azure/information-protection/deploy-aip-scanner-prereqs#use-powershell-with-a-disconnected-computer).
business https://docs.microsoft.com/en-us/microsoft-365/business/add-autopilot-devices-and-profile https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business/add-autopilot-devices-and-profile.md
@@ -67,6 +67,9 @@ If you haven't created device groups or profiles yet, the best way to get starte
For more information, see [Device list CSV-file](https://docs.microsoft.com/microsoft-365/admin/misc/device-list). You can also download a sample file on the **Upload .csv file with list of devices** page.
+> [!NOTE]
+> This script uses WMI to retrieve properties needed for a customer to register a device with Windows Autopilot. Note that it is normal for the resulting CSV file to not collect a Windows Product ID (PKID) value since this is not required to register a device and PKID being NULL in the output CSV is totally fine. Only the serial number and hardware hash will be populated.
+
4. On the **Assign a profile** page, you can either pick an existing profile or create a new one. If you don't have one yet, you'll be prompted to create one. A profile is a collection of settings that can be applied to a single device or to a group of devices.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/advanced-audit https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/advanced-audit.md
@@ -111,7 +111,9 @@ To search for SearchQueryInitiatedExchange audit records, you can search for the
You can also run the [Search-UnifiedAuditLog -Operations SearchQueryInitiatedExchange](https://docs.microsoft.com/powershell/module/exchange/search-unifiedauditlog) in Exchange Online PowerShell. > [!NOTE]
-> You must run the following command in Exchange Online PowerShell so that SearchQueryInitiatedExchange events (performed by the specified E5 user) are included in audit log search results: `Set-Mailbox <user identity> -AuditOwner @{Add="SearchQueryInitiated"}`.
+> You must run the following command in Exchange Online PowerShell so that SearchQueryInitiatedExchange events (performed by the specified E5 user) are included in audit log search results: `Set-Mailbox <user identity> -AuditOwner @{Add="SearchQueryInitiated"}`. <br/><br/>
+In a multi-geo environment, you must run the **Set-Mailbox** command in the forest where the user's mailbox is located. To identify the user's mailbox location, run the following command: `Get-Mailbox <user identity> | FL MailboxLocations`.
+If the `Set-Mailbox -AuditOwner @{Add="SearchQueryInitiated"}` command was previously run in the forest that's different than the one the user's mailbox is located in, then you must remove the SearchQueryInitiated value from the user's mailbox (by running `Set-Mailbox -AuditOwner @{Remove="SearchQueryInitiated"}`) and then add it to the user's mailbox in the forest where the user's mailbox is located.
### SearchQueryInitiatedSharePoint
@@ -124,7 +126,9 @@ To search for SearchQueryInitiatedSharePoint audit records, you can search for t
You can also run the [Search-UnifiedAuditLog -Operations SearchQueryInitiatedSharePoint](https://docs.microsoft.com/powershell/module/exchange/search-unifiedauditlog) in Exchange Online PowerShell. > [!NOTE]
-> You must run the following command in Exchange Online PowerShell so that SearchQueryInitiatedSharePoint events (performed by the specified E5 user) are included in audit log search results: `Set-Mailbox <user identity> -AuditOwner @{Add="SearchQueryInitiated"}`.
+> You must run the following command in Exchange Online PowerShell so that SearchQueryInitiatedExchange events (performed by the specified E5 user) are included in audit log search results: `Set-Mailbox <user identity> -AuditOwner @{Add="SearchQueryInitiated"}`. <br/><br/>
+In a multi-geo environment, you must run the **Set-Mailbox** command in the forest where the user's mailbox is located. To identify the user's mailbox location, run the following command: `Get-Mailbox <user identity> | FL MailboxLocations`.
+If the `Set-Mailbox -AuditOwner @{Add="SearchQueryInitiated"}` command was previously run in the forest that's different than the one the user's mailbox is located in, then you must remove the SearchQueryInitiated value from the user's mailbox (by running `Set-Mailbox -AuditOwner @{Remove="SearchQueryInitiated"}`) and then add it to the user's mailbox in the forest where the user's mailbox is located.
## High-bandwidth access to the Office 365 Management Activity API
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/audit-log-search-script https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/audit-log-search-script.md
@@ -144,7 +144,7 @@ Write-Host "Script complete! Finished retrieving audit records for the date rang
|`[DateTime]$start` and `[DateTime]$end`|[DateTime]::UtcNow.AddDays(-1) <br/>[DateTime]::UtcNow|Specifies the date range for the audit log search. The script will return records for audit activities that occurred within the specified date range. For example, to return activities performed in January 2021, you can use a start date of `"2021-01-01"` and an end date of `"2021-01-31"` (be sure to surround the values in double-quotation marks) The sample value in the script returns records for activities performed in the previous 24 hours. If you don't include a timestamp in the value, the default timestamp is 12:00 AM (midnight) on the specified date.| |`$record`|"AzureActiveDirectory"|Specifies the record type of the audit activities (also called *operations*) to search for. This property indicates the service or feature that an activity was triggered in. For a list of record types that you can use for this variable, see [Audit log record type](https://docs.microsoft.com/office/office-365-management-api/office-365-management-activity-api-schema#auditlogrecordtype). You can use the record type name or ENUM value. <br/><br/>**Tip:** To return audit records for all record types, use the value `$null` (without double-quotations marks).| |`$resultSize`|5000|Specifies the number of results returned each time the **Search-UnifiedAuditLog** cmdlet is called by the script (called a *result set*). The value of 5,000 is the maximum value supported by the cmdlet. Leave this value as-is.|
- |`$intervalMinutes`|60|To help overcome the limit of 5000 records returned, this variable takes the data range you specified and slices it up into smaller time intervals. Now each interval, not the entire date range, is subject to the 5000 record output limit of the command. The default value of 5000 records per 60 minute interval within the date range should be sufficient for most organizations. But, if the script returns an error that says, `maximum results limitation reached`, decrease the time interval (for example, to 30 minutes or even 15 minutes) and rerun the script.|
+ |`$intervalMinutes`|60|To help overcome the limit of 5000 records returned, this variable takes the data range you specified and slices it up into smaller time intervals. Now each interval, not the entire date range, is subject to the 5000 record output limit of the command. The default value of 5000 records per 60-minute interval within the date range should be sufficient for most organizations. But, if the script returns an error that says, `maximum results limitation reached`, decrease the time interval (for example, to 30 minutes or even 15 minutes) and rerun the script.|
|||| Most of the variables listed in the previous table correspond to parameters for the **Search-UnifiedAuditLog** cmdlet. For more information about these parameters, see [Search-UnifiedAuditLog](https://docs.microsoft.com/powershell/module/exchange/search-unifiedauditlog).
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/hold-distribution-errors https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/hold-distribution-errors.md
@@ -0,0 +1,24 @@
+
+ Title: "Troubleshoot eDiscovery hold distribution errors"
+f1.keywords:
+- NOCSH
+++
+audience: Admin
++
+localization_priority: Normal
+
+search.appverid:
+- MOE150
+- MET150
+
+- seo-marvel-apr2020
+
+description: "Troubleshoot errors related to holds applied to custodians and non-custodial data sources in Advanced eDiscovery."
++
+# Troubleshoot eDiscovery hold errors
+
+start adding content here
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/information-protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/information-protection.md
@@ -36,7 +36,7 @@ For information about governing your data, see [Microsoft Information Governance
> [!NOTE] > For information about classifying and labeling data in Azure Purview, currently in preview, see [Automatically label your content in Azure Purview](https://docs.microsoft.com/azure/purview/create-sensitivity-label). >
-> For information about this new release, see the blog post [Microsoft Information Protection and Microsoft Azure Purview: Better Together](https://techcommunity.microsoft.com/t5/microsoft-security-and/microsoft-information-protection-and-microsoft-azure-purview/ba-p/1957481).
+> For information about this recent release, see the blog post [Microsoft Information Protection and Microsoft Azure Purview: Better Together](https://techcommunity.microsoft.com/t5/microsoft-security-and/microsoft-information-protection-and-microsoft-azure-purview/ba-p/1957481).
@@ -44,9 +44,9 @@ To understand your data landscape and identify important data across your hybrid
|Capability|What problems does it solve?|Get started| |:|:|:--|:--|
-|[Sensitive information types](sensitive-information-type-entity-definitions.md)| Identifies sensitive data by using built-in or custom regular expressions or a function, together with corroborative evidence that includes keywords, confidence levels, and proximity.| [Customize a built-in sensitive information type](customize-a-built-in-sensitive-information-type.md)|
-|[Trainable classifiers (preview)](classifier-learn-about.md)| Classifies data for you, using one of the built-in classifiers or train a classifier with your own content | [Get started with trainable classifiers (preview)](classifier-get-started-with.md) |
-|[Data classification](data-classification-overview.md) | Identifies items that have a sensitivity label, a retention label, or have been classified as a sensitive information type in your organization and the actions that your users are taking on them | [Get started with content explorer](data-classification-content-explorer.md)<br /><br /> [Get started with activity explorer](data-classification-activity-explorer.md) |
+|[Sensitive information types](sensitive-information-type-entity-definitions.md)| Identifies sensitive data by using built-in or custom regular expressions or a function. Corroborative evidence includes keywords, confidence levels, and proximity.| [Customize a built-in sensitive information type](customize-a-built-in-sensitive-information-type.md)|
+|[Trainable classifiers](classifier-learn-about.md)| Identifies sensitive data by using examples of the data you're interested in rather than identifying elements in the item (pattern matching). You can use built-in classifiers or train a classifier with your own content.| [Get started with trainable classifiers](classifier-get-started-with.md) |
+|[Data classification](data-classification-overview.md) | A graphical identification of items in your organization that have a sensitivity label, a retention label, or have been classified. You can also use this information to gain insights into the actions that your users are taking on these items. | [Get started with content explorer](data-classification-content-explorer.md)<br /><br /> [Get started with activity explorer](data-classification-activity-explorer.md) |
## Protect your data
@@ -54,16 +54,16 @@ To apply flexible protection actions that include encryption, access restriction
|Capability|What problems does it solve?|Get started| |:|:||:-|
-|[Sensitivity labels](sensitivity-labels.md)| A single solution across apps, services, and devices to label and protect your data as it travels inside and outside your organization <br /><br />Example scenario: [Apply and view labels in Power BI, and protect data when it's saved outside the service](https://docs.microsoft.com/power-bi/admin/service-security-apply-data-sensitivity-labels)|[ Get started with sensitivity labels](get-started-with-sensitivity-labels.md) |
+|[Sensitivity labels](sensitivity-labels.md)| A single solution across apps, services, and devices to label and protect your data as it travels inside and outside your organization. <br /><br />Example scenarios: <br /> [Manage sensitivity labels for Office apps](sensitivity-labels-office-apps.md)<br /> [Encrypt documents and emails](encryption-sensitivity-labels.md )<br /> [Apply and view labels in Power BI](https://docs.microsoft.com/power-bi/admin/service-security-apply-data-sensitivity-labels) <br /><br /> For a comprehensive list of scenarios for sensitivity labels, see the Get started documentation.|[ Get started with sensitivity labels](get-started-with-sensitivity-labels.md) |
|[Azure Information Protection unified labeling client](https://docs.microsoft.com/azure/information-protection/rms-client/aip-clientv2)| For Windows computers, extends sensitivity labels for additional features and functionality that includes labeling and protecting all file types from File Explorer and PowerShell<br /><br /> Example additional features: [Custom configurations for the Azure Information Protection unified labeling client](https://docs.microsoft.com/azure/information-protection/rms-client/clientv2-admin-guide-customizations)| [Azure Information Protection unified labeling client administrator guide](https://docs.microsoft.com/azure/information-protection/rms-client/clientv2-admin-guide)|
-|[Double Key Encryption](double-key-encryption.md)| Under all circumstances, only you can ever decrypt protected content, or for regulatory requirements you must hold encryption keys within a geographical boundary | [Deploy Double Key Encryption](double-key-encryption.md#deploy-dke)|
-|[Office 365 Message Encryption (OME)](ome.md)| Encrypts email messages and attached documents that are sent to any user on any device, so only authorized recipients can read emailed information <br /><br />Example scenario: [Revoke email encrypted by Advanced Message Encryption](revoke-ome-encrypted-mail.md) | [Set up new Message Encryption capabilities](set-up-new-message-encryption-capabilities.md)|
-|[Service encryption with Customer Key](customer-key-overview.md) | Protects against viewing of data by unauthorized systems or personnel, and complements BitLocker disk encryption in Microsoft datacenters | [Set up Customer Key for Office 365](customer-key-set-up.md)|
-|[SharePoint Information Rights Management (IRM)](set-up-irm-in-sp-admin-center.md#irm-enable-sharepoint-document-libraries-and-lists)|Protects SharePoint lists and libraries so that when a user checks out a document, the downloaded file is protected so that only authorized people can view and use the file according to policies that you specify | [Set up Information Rights Management (IRM) in SharePoint admin center](set-up-irm-in-sp-admin-center.md)|
-[Rights Management connector](https://docs.microsoft.com/azure/information-protection/deploy-rms-connector) |Protection-only for existing on-premises deployments that use Exchange or SharePoint Server, or file servers that run Windows Server and File Classification Infrastructure (FCI) | [Steps to deploy the RMS connector](https://docs.microsoft.com/azure/information-protection/deploy-rms-connector#steps-to-deploy-the-rms-connector)
-|[Azure Information Protection unified labeling scanner](https://docs.microsoft.com/azure/information-protection/deploy-aip-scanner)| Discovers, labels, and protects sensitive information that resides in data stores that are on premises | [Configuring and installing the Azure Information Protection unified labeling scanner](https://docs.microsoft.com/azure/information-protection/deploy-aip-scanner-configure-install)|
-|[Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/what-is-cloud-app-security)| Discovers, labels, and protects sensitive information that resides in data stores that are in the cloud | [Discover, classify, label, and protect regulated and sensitive data stored in the cloud](https://docs.microsoft.com/cloud-app-security/best-practices#discover-classify-label-and-protect-regulated-and-sensitive-data-stored-in-the-cloud)|
-|[Microsoft Information Protection SDK](https://docs.microsoft.com/information-protection/develop/overview#microsoft-information-protection-sdk)|Extends sensitivity labels to third-party apps and services <br /><br /> Example scenario: [Set and get a sensitivity label (C++)](https://docs.microsoft.com/information-protection/develop/quick-file-set-get-label-cpp) |[Microsoft Information Protection (MIP) SDK setup and configuration](https://docs.microsoft.com/information-protection/develop/setup-configure-mip)|
+|[Double Key Encryption](double-key-encryption.md)| Under all circumstances, only your organization can ever decrypt protected content or for regulatory requirements, you must hold encryption keys within a geographical boundary. | [Deploy Double Key Encryption](double-key-encryption.md#deploy-dke)|
+|[Office 365 Message Encryption (OME)](ome.md)| Encrypts email messages and attached documents that are sent to any user on any device, so only authorized recipients can read emailed information. <br /><br />Example scenario: [Revoke email encrypted by Advanced Message Encryption](revoke-ome-encrypted-mail.md) | [Set up new Message Encryption capabilities](set-up-new-message-encryption-capabilities.md)|
+|[Service encryption with Customer Key](customer-key-overview.md) | Protects against viewing of data by unauthorized systems or personnel, and complements BitLocker disk encryption in Microsoft datacenters. | [Set up Customer Key for Office 365](customer-key-set-up.md)|
+|[SharePoint Information Rights Management (IRM)](set-up-irm-in-sp-admin-center.md#irm-enable-sharepoint-document-libraries-and-lists)|Protects SharePoint lists and libraries so that when a user checks out a document, the downloaded file is protected so that only authorized people can view and use the file according to policies that you specify. | [Set up Information Rights Management (IRM) in SharePoint admin center](set-up-irm-in-sp-admin-center.md)|
+[Rights Management connector](https://docs.microsoft.com/azure/information-protection/deploy-rms-connector) |Protection-only for existing on-premises deployments that use Exchange or SharePoint Server, or file servers that run Windows Server and File Classification Infrastructure (FCI). | [Steps to deploy the RMS connector](https://docs.microsoft.com/azure/information-protection/deploy-rms-connector#steps-to-deploy-the-rms-connector)
+|[Azure Information Protection unified labeling scanner](https://docs.microsoft.com/azure/information-protection/deploy-aip-scanner)| Discovers, labels, and protects sensitive information that resides in data stores that are on premises. | [Configuring and installing the Azure Information Protection unified labeling scanner](https://docs.microsoft.com/azure/information-protection/deploy-aip-scanner-configure-install)|
+|[Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/what-is-cloud-app-security)| Discovers, labels, and protects sensitive information that resides in data stores that are in the cloud. | [Discover, classify, label, and protect regulated and sensitive data stored in the cloud](https://docs.microsoft.com/cloud-app-security/best-practices#discover-classify-label-and-protect-regulated-and-sensitive-data-stored-in-the-cloud)|
+|[Microsoft Information Protection SDK](https://docs.microsoft.com/information-protection/develop/overview#microsoft-information-protection-sdk)|Extends sensitivity labels to third-party apps and services. <br /><br /> Example scenario: [Set and get a sensitivity label (C++)](https://docs.microsoft.com/information-protection/develop/quick-file-set-get-label-cpp) |[Microsoft Information Protection (MIP) SDK setup and configuration](https://docs.microsoft.com/information-protection/develop/setup-configure-mip)|
## Prevent data loss
@@ -73,5 +73,5 @@ To help prevent accidental oversharing of sensitive information, use the followi
|Capability|What problems does it solve?|Get started| |:|:|:|:--|
-|[Data loss prevention (DLP)](data-loss-prevention-policies.md)| Helps prevent unintentional sharing of sensitive items <br /><br />Example scenario: [Protect sensitive information in Microsoft Teams chat and channel messages](dlp-microsoft-teams.md) | [Get started with the default DLP policy](get-started-with-the-default-dlp-policy.md)|
-|[Learn about Endpoint data loss prevention](endpoint-dlp-learn-about.md)| Extends DLP capabilities to items that are used and shared on Windows 10 computers | [Get started with Endpoint data loss prevention](endpoint-dlp-getting-started.md)|
+|[Data loss prevention (DLP)](data-loss-prevention-policies.md)| Helps prevent unintentional sharing of sensitive items. <br /><br />Example scenario: [Protect sensitive information in Microsoft Teams chat and channel messages](dlp-microsoft-teams.md) | [Get started with the default DLP policy](get-started-with-the-default-dlp-policy.md)|
+|[Learn about Endpoint data loss prevention](endpoint-dlp-learn-about.md)| Extends DLP capabilities to items that are used and shared on Windows 10 computers. | [Get started with Endpoint data loss prevention](endpoint-dlp-getting-started.md)|
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/insider-risk-management-configure https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/insider-risk-management-configure.md
@@ -156,7 +156,6 @@ Before configuring a policy, define the following insider risk settings:
4. On the **Policy timeframes** page, select the [policy timeframes](insider-risk-management-settings.md#policy-timeframes) to go into effect for a user when they trigger a match for an insider risk policy. 5. On the **Intelligent detections** page, configure the following settings for insider risk policies: - [Anomaly detections](insider-risk-management-settings.md#anomaly-detections)
- - [Offensive language detections](insider-risk-management-settings.md#offensive-language-detections)
- [Alert volume level](insider-risk-management-settings.md#alert-volume) - [Microsoft Defender for Endpoint alert status](insider-risk-management-settings.md#microsoft-defender-for-endpoint-preview) - [Domain settings](insider-risk-management-settings.md#domains-preview)
@@ -181,9 +180,6 @@ Insider risk management policies include assigned users and define which types o
>[!IMPORTANT] >Most policy templates have prerequisites that must be configured for the policy to generate relevant alerts. If you haven't configured the applicable policy prerequisites, see **Step 3** above.
- >[!CAUTION]
- >Starting October 16, 2020, you will no longer be able to create policies using the Offensive language in email template. Any active policies that use this template will work until they are permanently removed in January 2021.
- 4. Select **Next** to continue. 5. On the **Users** page, select **Add user or group** or **Choose Priority user groups** to define which users or priority user groups are included in the policy, depending on the policy template you've selected. Select **All users and mail-enabled groups** checkbox if applicable (if you haven't selected a priority user-based template). Select **Next** to continue. 6. On the **Specify what content to prioritize (optional)** page, you can assign the sources to prioritize for increased risk scores. However, some activities won't generate an alert at all unless the related content contains built-in or custom sensitive info types or was specified as a priority on this page:
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/insider-risk-management-policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/insider-risk-management-policies.md
@@ -108,13 +108,6 @@ When using this template, you must also configure a Microsoft 365 HR connector t
You'll also need to have Microsoft Defender for Endpoint configured in your organization and enable Defender for Endpoint for insider risk management integration in the Defender Security Center to import security violation alerts. For more information on configuring Defender for Endpoint for insider risk management integration, see [Configure advanced features in Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features#share-endpoint-alerts-with-microsoft-compliance-center).
-### Offensive language in email
-
->[!IMPORTANT]
->Starting October 16, 2020, you will no longer be able to create policies using this template. Any active policies that use this template will work until they're permanently removed in January 2021. We are deprecating the Offensive Language built-in classifier that supports this template because it has been producing a high number of false positives. To address risk issues for offensive language, we recommend using Microsoft 365 [communication compliance](communication-compliance.md) policies. For more information about built-in classifiers, see [Getting started with trainable classifiers](classifier-get-started-with.md).
-
-Detecting and taking action to prevent offensive and abusive behavior is a critical component of preventing risk. Built-in classifiers in Microsoft 365 scan sent email messages from Exchange Online mailboxes in your organization for different types of compliance issues. These classifiers use a combination of artificial intelligence and keywords to identify language in email likely to violate anti-harassment policies. Use this template to quickly create a policy that uses these classifiers to automatically detect email message content that may be considered abusive or offensive. Insider risk management uses classifiers that scan sent email messages for English language terms and sentiment for offensive language.
- ### Policy template prerequisites and triggering events Depending on the template you choose for an insider risk management policy, the triggering events and policy prerequisites vary. Triggering events are prerequisites that determine if a user is active for an insider risk management policy. If a user is added to an insider risk management policy but does not have a triggering event, the user activity is not evaluated by the policy unless they are manually added in the Users dashboard. Policy prerequisites are required items so that the policy receives the signals or activities necessary to evaluate risk.
@@ -131,7 +124,6 @@ The following table lists the triggering events and prerequisites for policies c
| Security policy violations by departing users | Resignation or termination date indicators from HR connector | Microsoft 365 HR connector configured for termination and resignation date indicators <br><br> Active Microsoft Defender for Endpoint subscription <br><br> Microsoft Defender for Endpoint integration with Microsoft 365 compliance center configured | | Security policy violations by priority users | Defensive evasion of security controls or unwanted software detected by Microsoft Defender for Endpoint | Active Microsoft Defender for Endpoint subscription <br><br> Microsoft Defender for Endpoint integration with Microsoft 365 compliance center configured <br><br> Priority user groups configured in insider risk settings | | Security policy violations by disgruntled user | Performance improvement, poor performance, or job level change indicators from HR connector | Microsoft 365 HR connector configured for disgruntlement indicators <br><br> Active Microsoft Defender for Endpoint subscription <br><br> Microsoft Defender for Endpoint integration with Microsoft 365 compliance center configured |
-| Offensive language in email | Profanity, threats, or harassing language in email messages | Active Exchange Online subscription |
## Prioritize content in policies
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/insider-risk-management-settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/insider-risk-management-settings.md
@@ -160,9 +160,7 @@ Policy timeframes allow you to define past and future review periods that are tr
## Intelligent detections
-Intelligent detection settings help refine how the detections of risky activities are processed for alerts. In certain circumstances, you may need to define files types to ignore or you want to enforce a detection level for files to help define a minimum bar for alerts. When using offensive language policies, you may need to increase or decrease the detection sensitivity to control the amount of reported policy matches. Use these settings to control overall alert volume, file type exclusions, file volume limits, and the offensive language detection sensitivity.
-
-![Insider risk management intelligent detections settings](../media/insider-risk-settings-detections.png)
+Intelligent detection settings help refine how the detections of risky activities are processed for alerts. In certain circumstances, you may need to define files types to ignore or you want to enforce a detection level for files to help define a minimum bar for alerts. Use these settings to control overall alert volume, file type exclusions, and file volume limits.
### Anomaly detections
@@ -171,17 +169,6 @@ Anomalous detections include settings for file type exclusions and file volume l
- **File type exclusions**: To exclude specific file types from all insider risk management policy matching, enter file type extensions separated by commas. For example, to exclude certain types of music files from policy matches you may enter *aac,mp3,wav,wma* in the **File type exclusions** field. Files with these extensions would be ignored by all insider risk management policies. - **File volume cut-off limit**: To define a minimum file level before activity alerts are reported in insider risk policies, enter the number of files. For example, you would enter '10' if you do not want to generate insider risk alerts when a user downloads 10 files or less, even if the policies consider this activity an anomaly.
-### Offensive language detections
-
->[!IMPORTANT]
->Starting October 16, 2020, you will no longer be able to create policies using this template. Any active policies that use this template will work until they're permanently removed in January 2021. We are deprecating the Offensive Language built-in classifier that supports this template because it has been producing a high number of false positives. To address risk issues for offensive language, we recommend using Microsoft 365 [communication compliance](communication-compliance.md) policies. For more information about built-in classifiers, see [Getting started with trainable classifiers](classifier-get-started-with.md).
-
-To adjust the sensitivity of the offensive language classifier for policies using the *Offensive language in email* template, choose one of the following settings:
--- **Low**: The lowest sensitivity level with the broadest range for detection offensive language and sentiment. The probability of false positives for offensive language matching is elevated.-- **Medium**: The mid-level sensitivity level with a balanced range for detection offensive language and sentiment. The probability of false positives for offensive language matching is average.-- **High**: The highest sensitivity level with a narrow range for detection offensive language and sentiment. The probability of false positives for offensive language matching is low.- ### Alert volume User activities detected by insider risk policies are assigned a specific risk score, which in turn determines the alert severity (low, medium, high). By default, we'll generate a certain amount of low, medium, and high severity alerts, but you can increase or decrease the volume to suit your needs. To adjust the volume of alerts for all insider risk management policies, choose one of the following settings:
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/insider-risk-management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/insider-risk-management.md
@@ -70,7 +70,6 @@ You can select from the following[policy templates to quickly get started with i
- [Security policy violations by departing users (preview)](insider-risk-management-policies.md#security-policy-violations-by-departing-users-preview) - [Security policy violations by priority users (preview)](insider-risk-management-policies.md#security-policy-violations-by-priority-users-preview) - [Security policy violations by disgruntled users (preview)](insider-risk-management-policies.md#security-policy-violations-by-disgruntled-users-preview)-- [Offensive language in email](insider-risk-management-policies.md#offensive-language-in-email) ![Insider risk management policy dashboard](../media/insider-risk-policy-dashboard.png)
@@ -135,10 +134,6 @@ In most cases, users try their best to properly handle sensitive or confidential
- [Data leaks by priority users (preview)](insider-risk-management-policies.md#data-leaks-by-priority-users-preview) - [Data leaks by disgruntled users (preview)](insider-risk-management-policies.md#data-leaks-by-disgruntled-users-preview)
-### Offensive behavior that violates corporate policies
-
-User-to-user communications are often a source of inadvertent or malicious violations of corporate policies. These violations can include offensive language, threats, and harassment between users. This type of activity contributes to a hostile work environment and can result in legal actions against both users and the larger organization. Insider risk management uses new built-in Microsoft 365 classifiers and the [Offensive language in email](insider-risk-management-policies.md#offensive-language-in-email) policy template to help minimize these risks. This policy template helps you quickly configure and enable a policy to automatically detect and alert you of this kind of behavior in your organization.
- ## Intentional or unintentional security policy violations (preview) Users typically have a large degree of control when managing their devices in the modern workplace. This may include permissions to install or uninstall applications needed in the performance of their duties or the ability to temporarily disable device security features. Whether this activity is inadvertent, accidental, or malicious, this conduct can pose risk to your organization and is important to identify and act to minimize. To help identity these risky security activities, the following insider risk management security policy violation templates scores security risk indicators and uses Microsoft Defender for Endpoint alerts to provide insights for security-related activities:
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/retention-policies-teams https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-policies-teams.md
@@ -38,7 +38,7 @@ The following Teams items can be retained and deleted by using retention policie
> [!NOTE] > Including card content is a recent addition and currently rolling out to tenants. For more information, see [Microsoft 365 compliance capabilities for Adaptive Card content through apps in Teams now available](https://techcommunity.microsoft.com/t5/microsoft-teams-blog/microsoft-365-compliance-capabilities-for-adaptive-card-content/ba-p/2095869).
-Teams messages in private channels are not included, and reactions from others in the form of emoticons are not included.
+Teams messages in private channels are not included, code snippets and reactions from others in the form of emoticons are not included.
Emails and files that you use with Teams aren't included in retention policies for Teams. These items have their own retention policies.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/revoke-ome-encrypted-mail https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/revoke-ome-encrypted-mail.md
@@ -44,6 +44,10 @@ Once an email has been revoked, the recipient receives an error when they access
## How to revoke an encrypted message that you sent
+You can revoke a mail that you sent to a single recipient that uses a social account such as gmail.com or yahoo.com. In other words, you can revoke an email sent to a single recipient that received the link-based experience.
+
+You cannot revoke a mail that you sent to a recipient that uses a work or school account from Office 365 or Microsoft 365 or a user that uses a Microsoft account, for example, an outlook.com account.
+ To revoke an encrypted message that you sent, complete these steps 1. In Outlook on the web, in your **Sent** folder, browse to the message you want to revoke.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitive-information-type-entity-definitions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitive-information-type-entity-definitions.md
@@ -17,12 +17,12 @@
- M365-security-compliance hideEdit: true feedback_system: None
-description: "Data loss prevention (DLP) in the Security &amp; Compliance Center includes 80 sensitive information types that are ready for you to use in your DLP policies. This topic lists all of these sensitive information types and shows what a DLP policy looks for when it detects each type."
+description: "Data loss prevention (DLP) in the Security &amp; Compliance Center includes 80 sensitive information types that are ready for you to use in your DLP policies. This article lists all of these sensitive information types and shows what a DLP policy looks for when it detects each type."
# Sensitive information type entity definitions
-A sensitive information type is defined by a pattern that can be identified by a regular expression or a function. In addition, corroborative evidence such as keywords and checksums can be used to identify a sensitive information type. Confidence level and proximity are also used in the evaluation process.
+Data loss prevention (DLP) in the Compliance Center includes many sensitive information types that are ready to use in your DLP policies. This article lists all of these sensitive information types and shows what a DLP policy looks for when it detects each type. A sensitive information type is defined by a pattern that can be identified by a regular expression or a function. Corroborative evidence, like keywords and checksums, can be used to identify a sensitive information type. Confidence level and proximity are also used in the evaluation process.
Sensitive information types require one of these subscriptions: - Microsoft 365 E3
@@ -40,7 +40,7 @@ Sensitive information types are used in:
### Format
-nine digits which may be in a formatted or unformatted pattern
+nine digits that may be in a formatted or unformatted pattern
### Pattern
@@ -159,7 +159,7 @@ six to ten digits with or without a bank state branch number
### Pattern
-Account number is six to ten digits.
+Account number is 6 to 10 digits.
Australia bank state branch number: - three digits
@@ -172,13 +172,14 @@ No
### Definition
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
-- The regular expression Regex_australia_bank_account_number finds content that matches the pattern..
+A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression Regex_australia_bank_account_number finds content that matches the pattern.
- A keyword from Keyword_australia_bank_account_number is found. - The regular expression Regex_australia_bank_account_number_bsb finds content that matches the pattern.
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
-- The regular expression Regex_australia_bank_account_number finds content that matches the pattern..
+A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression Regex_australia_bank_account_number finds content that matches the pattern.
+ - A keyword from Keyword_australia_bank_account_number is found. ```xml
@@ -346,18 +347,18 @@ nine letters and digits
nine letters and digits: -- two digits or letters (not case sensitive)
+- two digits or letters (not case-sensitive)
- two digits -- five digits or letters (not case sensitive)
+- five digits or letters (not case-sensitive)
OR -- one to two optional letters (not case sensitive)
+- one to two optional letters (not case-sensitive)
- four to nine digits OR -- nine digits or letters (not case sensitive)
+- nine digits or letters (not case-sensitive)
### Checksum
@@ -496,10 +497,10 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
### Pattern 10-11 digits:-- first digit is in the range 2-6-- ninth digit is a check digit-- tenth digit is the issue digit-- eleventh digit (optional) is the individual number
+- 1st digit is in the range 2-6
+- 9th digit is a check digit
+- 10th digit is the issue digit
+- 11th digit (optional) is the individual number
### Checksum
@@ -546,7 +547,7 @@ A letter followed by seven digits
### Pattern
-A letter (not case sensitive) followed by seven digits
+A letter (not case-sensitive) followed by seven digits
### Checksum
@@ -884,7 +885,7 @@ One letter followed by an optional space and seven digits
A combination of one letter, seven digits, and one space: -- one letter (not case sensitive)
+- one letter (not case-sensitive)
- one space (optional) - seven digits
@@ -973,7 +974,7 @@ Yes
### Definition
-A DLP policy is has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
- The function `Func_austria_eu_ssn_or_equivalent` finds content that matches the pattern. - a keyword from `Keywords_austria_eu_ssn_or_equivalent` is found.
@@ -1187,7 +1188,7 @@ No
A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters: - The regular expression CEP_Regex_AzureDocumentDBAuthKey finds content that matches the pattern.-- The regular expression CEP_CommonExampleKeywords does **not** find content that matches the pattern.
+- The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern.
```xml <!-- Azure Document DB Auth Key -->
@@ -1205,7 +1206,7 @@ A DLP policy has high confidence that it's detected this type of sensitive infor
#### CEP_CommonExampleKeywords
-(Note that technically, this sensitive information type identifies these keywords by using a regular expression, not a keyword list.)
+(Technically, this sensitive information type identifies these keywords by using a regular expression, not a keyword list.)
- contoso - fabrikam
@@ -1236,7 +1237,7 @@ The string "Server", "server", or "data source" followed by the characters and s
- zero to two whitespace characters - an equal sign (=) - zero to two whitespace characters-- one or more characters that is not a semicolon (;), quotation mark ("), or apostrophe (')
+- one or more characters that aren't a semicolon (;), quotation mark ("), or apostrophe (')
- a semicolon (;), quotation mark ("), or apostrophe (') ### Checksum
@@ -1247,7 +1248,7 @@ No
A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters: - The regular expression CEP_Regex_AzureConnectionString finds content that matches the pattern.-- The regular expression CEP_CommonExampleKeywords does **not** find content that matches the pattern.
+- The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern.
```xml <!--Azure IAAS Database Connection String and Azure SQL Connection String-->
@@ -1265,7 +1266,7 @@ A DLP policy has high confidence that it's detected this type of sensitive infor
#### CEP_common_example_keywords
-(Note that technically, this sensitive information type identifies these keywords by using a regular expression, not a keyword list.)
+(Technically, this sensitive information type identifies these keywords by using a regular expression, not a keyword list.)
- contoso - fabrikam
@@ -1307,7 +1308,7 @@ No
A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters: - The regular expression CEP_Regex_AzureIoTConnectionString finds content that matches the pattern.-- The regular expression CEP_CommonExampleKeywords does **not** find content that matches the pattern.
+- The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern.
```xml <!--Azure IoT Connection String-->
@@ -1325,7 +1326,7 @@ A DLP policy has high confidence that it's detected this type of sensitive infor
#### CEP_common_example_keywords
-(Note that technically, this sensitive information type identifies these keywords by using a regular expression, not a keyword list.)
+(Technically, this sensitive information type identifies these keywords by using a regular expression, not a keyword list.)
- contoso - fabrikam
@@ -1357,7 +1358,7 @@ No
A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters: - The regular expression CEP_Regex_AzurePublishSettingPasswords finds content that matches the pattern.-- The regular expression CEP_CommonExampleKeywords does **not** find content that matches the pattern.
+- The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern.
```xml
@@ -1376,7 +1377,7 @@ A DLP policy has high confidence that it's detected this type of sensitive infor
#### CEP_common_example_keywords
-(Note that technically, this sensitive information type identifies these keywords by using a regular expression, not a keyword list.)
+(Technically, this sensitive information type identifies these keywords by using a regular expression, not a keyword list.)
- contoso - fabrikam
@@ -1411,9 +1412,9 @@ No
### Definition
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
-- The regular expression CEP_Regex_AzureRedisCacheConnectionString finds content that matches the pattern..-- The regular expression CEP_CommonExampleKeywords does **not** find content that matches the pattern.
+A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression CEP_Regex_AzureRedisCacheConnectionString finds content that matches the pattern.
+- The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern.
```xml <!--Azure Redis Cache Connection String-->
@@ -1431,7 +1432,7 @@ A DLP policy has high confidence that it's detected this type of sensitive infor
#### CEP_common_example_keywords
-(Note that technically, this sensitive information type identifies these keywords by using a regular expression, not a keyword list.)
+(Technically, this sensitive information type identifies these keywords by using a regular expression, not a keyword list.)
- contoso - fabrikam
@@ -1457,7 +1458,7 @@ The string "sig" followed by the characters and strings outlined in the pattern
- zero to two whitespace characters - any combination of between 43-53 characters that are lower- or uppercase letters, digits, or the percent sign (%) - the string "%3d"-- any character that is not a lower- or uppercase letter, digit, or percent sign (%)
+- any character that isn't a lower- or uppercase letter, digit, or percent sign (%)
### Checksum
@@ -1505,9 +1506,9 @@ No
### Definition
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
-- The regular expression CEP_Regex_AzureServiceBusConnectionString finds content that matches the pattern..-- The regular expression CEP_CommonExampleKeywords does **not** find content that matches the pattern.
+A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression CEP_Regex_AzureServiceBusConnectionString finds content that matches the pattern.
+- The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern.
```xml <!--Azure Service Bus Connection String-->
@@ -1525,7 +1526,7 @@ A DLP policy has high confidence that it's detected this type of sensitive infor
#### CEP_common_example_keywords
-(Note that technically, this sensitive information type identifies these keywords by using a regular expression, not a keyword list.)
+(Technically, this sensitive information type identifies these keywords by using a regular expression, not a keyword list.)
- contoso - fabrikam
@@ -1565,8 +1566,8 @@ No
A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters: - The regular expression CEP_Regex_AzureStorageAccountKey finds content that matches the pattern.-- The regular expression CEP_AzureEmulatorStorageAccountFilter does **not** find content that matches the pattern.-- The regular expression CEP_CommonExampleKeywords does **not** find content that matches the pattern.
+- The regular expression CEP_AzureEmulatorStorageAccountFilter doesn't find content that matches the pattern.
+- The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern.
```xml <!--Azure Storage Account Key-->
@@ -1585,13 +1586,13 @@ A DLP policy has high confidence that it's detected this type of sensitive infor
#### CEP_azure_emulator_storage_account_filter
-(Note that technically, this sensitive information type identifies these keywords by using a regular expression, not a keyword list.)
+(Technically, this sensitive information type identifies these keywords by using a regular expression, not a keyword list.)
- Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw== #### CEP_common_example_keywords
-(Note that technically, this sensitive information type identifies these keywords by using a regular expression, not a keyword list.)
+(Technically, this sensitive information type identifies these keywords by using a regular expression, not a keyword list.)
- contoso - fabrikam
@@ -1636,11 +1637,11 @@ A DLP policy has high confidence that it's detected this type of sensitive infor
### Format
-ten digits without spaces and delimiters
+10 digits without spaces and delimiters
### Pattern
-ten digits
+10 digits
### Checksum
@@ -2071,7 +2072,7 @@ Formatted:
- a period - three digits - a hyphen-- two digits which are check digits
+- two digits that are check digits
Unformatted: - 11 digits where the last two digits are check digits
@@ -2137,7 +2138,7 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
- a forward slash - four-digit branch number - a hyphen -- two digits which are check digits
+- two digits that are check digits
### Checksum
@@ -2209,12 +2210,12 @@ Registro Geral (old format):
- a period - three digits - a hyphen -- one digit which is a check digit
+- one digit that is a check digit
Registro de Identidade (RIC) (new format):-- ten digits
+- 10 digits
- a hyphen -- one digit which is a check digit
+- one digit that is a check digit
### Checksum
@@ -2248,8 +2249,8 @@ A DLP policy has high confidence that it's detected this type of sensitive infor
- n├║mero de rregistro - registro de Iidentidade - registro geral-- RG (this keyword is case sensitive) -- RIC (this keyword is case sensitive)
+- RG (this keyword is case-sensitive)
+- RIC (this keyword is case-sensitive)
## Bulgaria driver's license number
@@ -2427,11 +2428,11 @@ This sensitive information type is only available for use in:
### Format
-ten digits without spaces and delimiters
+10 digits without spaces and delimiters
### Pattern
-ten digits without spaces and delimiters
+10 digits without spaces and delimiters
- six digits that correspond to the birth date (YYMMDD) - two digits that correspond to the birth order
@@ -2594,11 +2595,11 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
### Format
-seven or twelve digits
+7 or 12 digits
### Pattern
-A Canada Bank Account Number is seven or twelve digits.
+A Canada Bank Account Number is 7 or 12 digits.
A Canada bank account transit number is: - five digits
@@ -2887,11 +2888,11 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
### Format
-ten digits
+ 10 digits
### Pattern
-ten digits
+10 digits
### Checksum
@@ -3168,7 +3169,7 @@ seven to eight digits plus delimiters:
- an optional period - three digits - a dash -- one digit or letter (not case sensitive) which is a check digit
+- one digit or letter (not case-sensitive) which is a check digit
### Checksum
@@ -3247,10 +3248,10 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
### Pattern 18 digits:-- six digits which are an address code -- eight digits in the form YYYYMMDD which are the date of birth -- three digits which are an order code -- one digit which is a check digit
+- six digits that are an address code
+- eight digits in the form YYYYMMDD, which are the date of birth
+- three digits that are an order code
+- one digit that is a check digit
### Checksum
@@ -3300,11 +3301,11 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
### Format
-14 to 16 digits which can be formatted or unformatted (dddddddddddddddd) and which must pass the Luhn test.
+14 to 16 digits that can be formatted or unformatted (dddddddddddddddd) and that must pass the Luhn test.
### Pattern
-Very complex and robust pattern that detects cards from all major brands worldwide, including Visa, MasterCard, Discover Card, JCB, American Express, gift cards, and diner cards.
+Complex and robust pattern that detects cards from all major brands worldwide, including Visa, MasterCard, Discover Card, JCB, American Express, gift cards, and diner cards.
### Checksum
@@ -3759,7 +3760,7 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
## Croatia identity card number
-This sensitive information type entity is included in the EU National Identification Number sensitive information type and is available as a stand alone sensitive information type entity.
+This sensitive information type entity is included in the EU National Identification Number sensitive information type. It's available as a stand-alone sensitive information type entity.
### Format
@@ -3901,7 +3902,7 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
### Pattern 11 digits:-- ten digits
+- 10 digits
- final digit is a check digit ### Checksum
@@ -3965,6 +3966,66 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
- tin no - tin#
+## Croatia social security number or equivalent identification
+This sensitive information type entity is only available in the EU Social Security Number or Equivalent ID sensitive information type.
+
+### Format
+
+11 digits without spaces and delimiters
+
+### Pattern
+
+11 digits:
+
+- 10 digits
+- one check digit
+
+### Checksum
+
+Yes
+
+### Definition
+
+A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_croatia_eu_ssn_or_equivalent` finds content that matches the pattern.
+- A keyword from `Keywords_croatia_eu_ssn_or_equivalent` is found.
+
+A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_croatia_eu_ssn_or_equivalent` finds content that matches the pattern.
+
+```xml
+ <!-- EU SSN or Equivalent Number -->
+<Entity id="d24e32a4-c0bb-4ba8-899d-6303b95742d9" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_croatia_eu_ssn_or_equivalent" />
+ <Match idRef="Keywords_croatia_eu_ssn_or_equivalent" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_croatia_eu_ssn_or_equivalent" />
+ </Pattern>
+</Entity>
+```
+
+### Keywords
+
+#### Keywords_croatia_eu_ssn_or_equivalent
+
+- personal identification number
+- master citizen number
+- national identification number
+- social security number
+- nationalnumber#
+- ssn#
+- ssn
+- nationalnumber
+- bnn#
+- bnn
+- personal id number
+- personalidnumber#
+- oib
+- osobni identifikacijski broj
## Cyprus drivers license number
@@ -4139,11 +4200,11 @@ This sensitive information type is only available for use in:
### Format
-ten digits without spaces and delimiters
+10 digits without spaces and delimiters
### Pattern
-ten digits
+10 digits
### Checksum
@@ -4590,7 +4651,7 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
### Format nine digits with optional forward slash (old format)
-ten digits with optional forward slash (new format)
+10 digits with optional forward slash (new format)
### Pattern
@@ -4599,7 +4660,7 @@ nine digits (old format):
- an optional forward slash - three digits
-ten digits (new format):
+10 digits (new format):
- six digits that represent date of birth - an optional forward slash - four digits where last digit is a check digit
@@ -4685,6 +4746,66 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
- tin# - unique identification number
+## Czech social security number or equivalent identification
+
+This sensitive information type entity is only available in the EU Social Security Number or Equivalent ID sensitive information type.
+
+### Format
+
+10 digits and a backslash in the specified pattern
+
+### Pattern
+
+10 digits and a backslash:
+
+- six digits that correspond to the birth date (YYMMDD):
+- a backslash
+- three digits that correspond to a serial number that separates persons born on the same date
+- one check digit
+
+### Checksum
+
+Yes
+
+### Definition
+
+A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The function `Func_czech_republic_eu_ssn_or_equivalent` finds content that matches the pattern.
+- A keyword from `Keywords_czech_republic_eu_ssn_or_equivalent` is found.
+
+A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The function `Func_czech_republic_eu_ssn_or_equivalent` finds content that matches the pattern.
+
+```xml
+ <!-- EU SSN or Equivalent Number -->
+<Entity id="d24e32a4-c0bb-4ba8-899d-6303b95742d9" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_czech_republic_eu_ssn_or_equivalent" />
+ <Match idRef="Keywords_czech_republic_eu_ssn_or_equivalent" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_czech_republic_eu_ssn_or_equivalent" />
+ </Pattern>
+</Entity>
+```
+
+### Keywords
+
+#### Keywords_czech_republic_eu_ssn_or_equivalent
+
+- birth number
+- national identification number
+- personal identification number
+- social security number
+- nationalnumber#
+- ssn#
+- ssn
+- national number
+- personal id number
+- personalidnumber#
+- r─ì
+- rodné číslo
+- rodne cislo
## Denmark driver's license number
@@ -4929,12 +5050,12 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
### Format
-ten digits containing a hyphen
+10 digits containing a hyphen
### Pattern
-ten digits:
-- six digits in the format DDMMYY which are the date of birth
+10 digits:
+- six digits in the format DDMMYY, which are the date of birth
- a hyphen - four digits where the final digit is a check digit
@@ -5041,6 +5162,62 @@ A DLP policy has low confidence that it's detected this type of sensitive inform
- sygesikringsnr - sygesikringsnummer
+## Denmark social security number or equivalent identification
+This sensitive information type entity is only available the EU Social Security Number or Equivalent ID sensitive information type.
+
+### Format
+
+10 digits and a hyphen in the specified pattern
+
+### Pattern
+
+10 digits and a hyphen:
+
+- six digits that correspond to the birth date (DDMMYY)
+- a hyphen
+- four digits that correspond to a sequence number
+
+### Checksum
+
+Yes
+
+### Definition
+
+A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The function `Func_denmark_eu_ssn_or_equivalent` finds content that matches the pattern.
+- A keyword from `Keywords_denmark_eu_ssn_or_equivalent` is found.
+
+A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The function `Func_denmark_eu_ssn_or_equivalent` finds content that matches the pattern.
+
+```xml
+ <!-- EU SSN or Equivalent Number -->
+<Entity id="d24e32a4-c0bb-4ba8-899d-6303b95742d9" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_denmark_eu_ssn_or_equivalent" />
+ <Match idRef="Keywords_denmark_eu_ssn_or_equivalent" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_denmark_eu_ssn_or_equivalent" />
+ </Pattern>
+</Entity>
+```
+
+### Keywords
+
+#### Keywords_denmark_eu_ssn_or_equivalent
+
+- personal identification number
+- national identification number
+- social security number
+- nationalnumber#
+- ssn#
+- ssn
+- national number
+- personal id number
+- personalidnumber#
+- cpr-nummer
+- personnummer
## Drug Enforcement Agency (DEA) number
@@ -5051,8 +5228,8 @@ two letters followed by seven digits
### Pattern Pattern must include all of the following:-- one letter (not case sensitive) from this set of possible letters: abcdefghjklmnprstux, which is a registrant code -- one letter (not case sensitive), which is the first letter of the registrant's last name or digit '9'
+- one letter (not case-sensitive) from this set of possible letters: abcdefghjklmnprstux, which is a registrant code
+- one letter (not case-sensitive), which is the first letter of the registrant's last name or digit '9'
- seven digits, the last of which is the check digit ### Checksum
@@ -5441,7 +5618,7 @@ dokumendi nr
### Pattern
-Very complex and robust pattern
+Complex and robust pattern
### Checksum
@@ -5785,7 +5962,7 @@ A DLP policy has high confidence that it's detected this type of sensitive infor
## EU driver's license number
-These are the entities in the EU Driver's License Number sensitive information type.
+These entities are in the EU Driver's License Number and are sensitive information types.
- [Austria](#austria-drivers-license-number) - [Belgium](#belgium-drivers-license-number)
@@ -5819,7 +5996,7 @@ These are the entities in the EU Driver's License Number sensitive information t
## EU national identification number
-These are the entities in the EU National Identification Number sensitive information type.
+These entities are in the EU National Identification Number and are sensitive information types.
- [Austria](#austria-identity-card) - [Belgium](#belgium-national-number)
@@ -5852,7 +6029,7 @@ These are the entities in the EU National Identification Number sensitive inform
## EU passport number
-These are the entities in the EU passport number sensitive information typeThese are the entities in the EU passport number bundle.
+These entities are in the EU passport number and are sensitive information types. These entities are in the EU passport number bundle.
- [Austria](#austria-passport-number) - [Belgium](#belgium-passport-number)
@@ -5886,7 +6063,7 @@ These are the entities in the EU passport number sensitive information typeThese
## EU social security number or equivalent identification
-These are the entities that are in the EU Social Security Number or equivalent identification sensitive information type.
+These entities that are in the EU Social Security Number or equivalent identification and are sensitive information types.
- [Austria](#austria-social-security-number) - [Belgium](#belgium-national-number)
@@ -5941,11 +6118,11 @@ These entities are in the EU Tax identification number sensitive information typ
### Format
-ten digits and letters containing a hyphen
+10 digits containing a hyphen
### Pattern
-ten digits and letters containing a hyphen:
+10 digits containing a hyphen:
- six digits - a hyphen
@@ -6122,15 +6299,15 @@ This sensitive information type is only available for use in:
### Format
-20 digit number
+20-digit number
### Pattern 20-digit number: -- ten digits - 8024680246
+- 10 digits - 8024680246
- an optional space or hyphen-- ten digits
+- 10 digits
### Checksum
@@ -6181,7 +6358,7 @@ six digits plus a character indicating a century plus three digits plus a check
### Pattern Pattern must include all of the following:-- six digits in the format format DDMMYY which are a date of birth
+- six digits in the format DDMMYY, which are a date of birth
- century marker (either '-', '+' or 'a') - three-digit personal identification number - a digit or letter (case insensitive) which is a check digit
@@ -6267,12 +6444,14 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
## Finland passport number
+This sensitive information type entity is available in the EU Passport Number sensitive information type and is available as a stand-alone sensitive information type entity.
+ ### Format combination of nine letters and digits ### Pattern combination of nine letters and digits:-- two letters (not case sensitive)
+- two letters (not case-sensitive)
- seven digits ### Checksum
@@ -6325,6 +6504,8 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
## France driver's license number
+This sensitive information type entity is available in the EU Driver's License Number sensitive information type and is available as a stand-alone sensitive information type entity.
+ ### Format 12 digits
@@ -6493,15 +6674,15 @@ This sensitive information type is only available for use in:
### Format
-21 digit number
+21-digit number
### Pattern
-21 digit number:
+21-digit number:
-- ten digits
+- 10 digits
- an optional space-- ten digits
+- 10 digits
- an optional space - a digit
@@ -6582,7 +6763,7 @@ A DLP policy has low confidence that it's detected this type of sensitive inform
## France passport number
-This sensitive information type entity is available in the EU Passport Number sensitive information type and is available as a stand alone sensitive information type entity.
+This sensitive information type entity is available in the EU Passport Number sensitive information type. It's available as a stand-alone sensitive information type entity.
### Format
@@ -6592,7 +6773,7 @@ nine digits and letters
nine digits and letters: - two digits -- two letters (not case sensitive)
+- two letters (not case-sensitive)
- five digits ### Checksum
@@ -6640,7 +6821,7 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
## France social security number (INSEE) or equivalent identification
-This sensitive information type entity is included in the EU Social Security Number and Equivalent ID sensitive information type and is available as a stand alone sensitive information type entity.
+This sensitive information type entity is included in the EU Social Security Number and Equivalent ID sensitive information type. It's available as a stand-alone sensitive information type entity.
### Format
@@ -6726,15 +6907,15 @@ A DLP policy has high confidence that it's detected this type of sensitive infor
13 digits - One digit that must be 0, 1, 2, or 3-- 1 digit
+- One digit
- A space (optional)-- 2 digits
+- Two digits
- A space (optional)-- 3 digits
+- Three digits
- A space (optional)-- 3 digits
+- Three digits
- A space (optional)-- 3 check digits
+- Three check digits
### Checksum
@@ -6810,11 +6991,11 @@ This sensitive information type is only available for use in:
- two letters - FR (case insensitive) - an optional space or hyphen - two letters or digits-- an optional space, dot, hyphen or comma
+- an optional space, dot, hyphen, or comma
- three digits-- an optional space, dot, hyphen or comma
+- an optional space, dot, hyphen, or comma
- three digits-- an optional space, dot, hyphen or comma
+- an optional space, dot, hyphen, or comma
- three digits ### Checksum
@@ -6860,13 +7041,15 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
## Germany driver's license number
+This sensitive information type entity is included in the EU Driver's License Number sensitive information type. It's available as a stand-alone sensitive information type entity.
+ ### Format combination of 11 digits and letters ### Pattern
-11 digits and letters (not case sensitive):
+11 digits and letters (not case-sensitive):
- a digit or letter - two digits - six digits or letters
@@ -7057,11 +7240,11 @@ from 1 April 1987 until 31 October 2010: 10 digits
### Pattern since 1 November 2010:-- one letter (not case sensitive)
+- one letter (not case-sensitive)
- eight digits from 1 April 1987 until 31 October 2010:-- ten digits
+- 10 digits
### Checksum
@@ -7104,9 +7287,11 @@ A DLP policy has low confidence that it's detected this type of sensitive inform
## Germany passport number
+This sensitive information type entity is included in the EU Passport Number sensitive information type and is available as a stand-alone sensitive information type entity.
+ ### Format
-ten digits or letters
+10 digits or letters
### Pattern
@@ -7188,7 +7373,7 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
### Pattern
-11 digits :
+11 digits
- Two digits - An optional space
@@ -7319,6 +7504,8 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
## Greece driver's license number
+This sensitive information type entity is included in the EU Driver's License Number sensitive information type and is available as a stand-alone sensitive information type entity.
+ ### Format nine digits without spaces and delimiters
@@ -7747,7 +7934,7 @@ Combination of 8-9 letters and numbers plus optional parentheses around the fina
### Pattern Combination of 8-9 letters:-- 1-2 letters (not case sensitive)
+- 1-2 letters (not case-sensitive)
- Six digits - The final character (any digit or the letter A), which is the check digit and is optionally enclosed in parentheses.
@@ -8196,11 +8383,11 @@ This sensitive information type is only available for use in:
### Format
-Ten digits with no spaces or delimiters
+10 digits with no spaces or delimiters
### Pattern
-Ten digits:
+10 digits:
- One digit that must be "8" - Eight digits
@@ -8283,9 +8470,9 @@ This sensitive information type is only available for use in:
10 character alphanumeric pattern: -- 2 letters - HU or hu
+- two letters - HU or hu
- optional space-- 8 digits
+- eight digits
### Checksum
@@ -8341,11 +8528,11 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
### Pattern 10 letters or digits:-- Three letters (not case sensitive) -- A letter in C, P, H, F, A, T, B, L, J, G (not case sensitive)
+- Three letters (not case-sensitive)
+- A letter in C, P, H, F, A, T, B, L, J, G (not case-sensitive)
- A letter - Four digits -- A letter (not case sensitive)
+- A letter that is an alphabetic check digit
### Checksum
@@ -8397,8 +8584,7 @@ A DLP policy has low confidence that it's detected this type of sensitive inform
- An optional space or dash - Four digits - An optional space or dash -- Three digits-- The final digit which is the check digit
+- The final digit, which is the check digit
### Checksum
@@ -8452,7 +8638,7 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
- Two-digit regency or city code - Two-digit subdistrict code - A period (optional) -- Six digits in the format DDMMYY which are the date of birth
+- Six digits in the format DDMMYY, which are the date of birth
- A period (optional) - Four digits
@@ -8615,10 +8801,10 @@ Any term from the Dictionary_icd_9_codes keyword dictionary, which is based on t
### Format #### IPv4:
-Complex pattern which accounts for formatted (periods) and unformatted (no periods) versions of the IPv4 addresses
+Complex pattern that accounts for formatted (periods) and unformatted (no periods) versions of the IPv4 addresses
#### IPv6:
-Complex pattern which accounts for formatted IPv6 numbers (which include colons)
+Complex pattern that accounts for formatted IPv6 numbers (which include colons)
### Pattern
@@ -8668,7 +8854,7 @@ For IPv6, a DLP policy is 95% confident that it's detected this type of sensitiv
#### Keyword_ipaddress -- IP (this keyword is case sensitive)
+- IP (this keyword is case-sensitive)
- ip address - ip addresses - internet protocol
@@ -8850,7 +9036,7 @@ Two letters or digits followed by seven digits with no spaces or delimiters
Two letters or digits followed by seven digits: -- Two digits or letters (not case sensitive)
+- Two digits or letters (not case-sensitive)
- Seven digits ### Checksum
@@ -8927,21 +9113,21 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
### Format
-Old format (until 31 Dec 2012):
+Old format (until 31 December 2012):
- seven digits followed by 1-2 letters
-New format (1 Jan 2013 and after):
+New format (1 January 2013 and after):
- seven digits followed by two letters ### Pattern
-Old format (until 31 Dec 2012):
+Old format (until 31 December 2012):
- seven digits -- one to two letters (not case sensitive)
+- one to two letters (not case-sensitive)
-New format (1 Jan 2013 and after):
+New format (1 January 2013 and after):
- seven digits -- a letter (not case sensitive) which is an alphabetic check digit
+- a letter (not case-sensitive) which is an alphabetic check digit
- An optional letter in the range A-I, or ΓÇ£WΓÇ¥ ### Checksum
@@ -9126,6 +9312,8 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
## Italy driver's license number
+This sensitive information type entity is included in the EU Driver's License Number sensitive information type and is available as a stand-alone sensitive information type entity.
+ ### Format a combination of 10 letters and digits
@@ -9133,10 +9321,10 @@ a combination of 10 letters and digits
### Pattern a combination of 10 letters and digits:-- one letter (not case sensitive) -- the letter "A" or "V" (not case sensitive)
+- one letter (not case-sensitive)
+- the letter "A" or "V" (not case-sensitive)
- seven digits-- one letter (not case sensitive)
+- one letter (not case-sensitive)
### Checksum
@@ -9188,9 +9376,9 @@ A 16-character combination of letters and digits:
- three letters that correspond to the first three consonants in the family name - three letters that correspond to the first, third, and fourth consonants in the first name - two digits that correspond to the last digits of the birth year-- one letter that corresponds to the letter for the month of birthΓÇöletters are used in alphabetical order, but only the letters A to E, H, L, M, P, R to T are used (thus, January is A and October is R)
+- one letter that corresponds to the letter for the month of birthΓÇöletters are used in alphabetical order, but only the letters A to E, H, L, M, P, R to T are used (so, January is A and October is R)
- two digits that correspond to the day of the month of birthΓÇöin order to differentiate between genders, 40 is added to the day of birth for women-- four digits that corresponds to the area code specific to the municipality where the person was born (country-wide codes are used for foreign countries)
+- four digits that correspond to the area code specific to the municipality where the person was born (country-wide codes are used for foreign countries)
- one parity digit ### Checksum
@@ -9267,7 +9455,7 @@ two letters or digits followed by seven digits with no spaces or delimiters
two letters or digits followed by seven digits: -- two digits or letters (not case sensitive)
+- two digits or letters (not case-sensitive)
- seven digits ### Checksum
@@ -9358,7 +9546,7 @@ This sensitive information type is only available for use in:
- I or i - T or t-- optional space, dot, hyphen or comma
+- optional space, dot, hyphen, or comma
- 11 digits ### Checksum
@@ -9582,11 +9770,11 @@ This sensitive information type is only available for use in:
### Format
-13 digit number
+13-digit number
### Pattern
-13 digit number:
+13-digit number:
- one digit from one to nine - 12 digits
@@ -9643,16 +9831,16 @@ This sensitive information type is only available for use in:
### Format
-12 digit number
+12-digit number
### Pattern
-12 digit number:
+12-digit number:
- four digits-- an optional space, dot or hyphen
+- an optional space, dot, or hyphen
- four digits-- an optional space, dot or hyphen
+- an optional space, dot, or hyphen
- four digits ### Checksum
@@ -9705,7 +9893,7 @@ two letters followed by seven digits
### Pattern
-two letters (not case sensitive) followed by seven digits
+two letters (not case-sensitive) followed by seven digits
### Checksum
@@ -9756,9 +9944,9 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
### Pattern 12 letters and digits:-- two letters (not case sensitive)
+- two letters (not case-sensitive)
- eight digits -- two letters (not case sensitive)
+- two letters (not case-sensitive)
### Checksum
@@ -10211,7 +10399,7 @@ two letters or digits followed by seven digits with no spaces or delimiters
two letters or digits followed by seven digits: -- two digits or letters (not case sensitive)
+- two digits or letters (not case-sensitive)
- seven digits ### Checksum
@@ -10542,7 +10730,7 @@ eight digits or letters with no spaces or delimiters
### Pattern
-eight digits or letters (not case sensitive)
+eight digits or letters (not case-sensitive)
### Checksum
@@ -10855,7 +11043,7 @@ eight digits or letters with no spaces or delimiters
### Pattern
-eight digits or letters (not case sensitive)
+eight digits or letters (not case-sensitive)
### Checksum
@@ -10934,7 +11122,7 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
- date of expiry
-## Luxemburg national identification number (non natural persons)
+## Luxemburg national identification number (non-natural persons)
### Format
@@ -11035,7 +11223,7 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
### Pattern 12 digits:-- six digits in the format YYMMDD which are the date of birth
+- six digits in the format YYMMDD, which are the date of birth
- a dash (optional) - two-letter place-of-birth code - a dash (optional)
@@ -11492,7 +11680,7 @@ A DLP policy has low confidence that it's detected this type of sensitive inform
### Format
-eight-nine digits containing optional spaces
+eight or nine digits containing optional spaces
### Pattern
@@ -11886,9 +12074,9 @@ This sensitive information type is only available for use in:
- N or n - L or l-- optional space, dot or hyphen
+- optional space, dot, or hyphen
- nine digits-- optional space, dot or hyphen
+- optional space, dot, or hyphen
- B or b - two digits
@@ -11940,11 +12128,11 @@ This sensitive information type is only available for use in:
### Format
-14 to 16 digit pattern with optional delimiter
+14-digit to 16-digit pattern with optional delimiter
### Pattern
-14 to 16 digit pattern with optional delimiter:
+14-digit to 16-digit pattern with optional delimiter:
- two digits - an optional hyphen or space
@@ -12175,7 +12363,7 @@ three letters, a space (optional), and four digits
### Pattern -- three letters (not case sensitive) except 'I' and 'O'
+- three letters (not case-sensitive) except 'I' and 'O'
- a space (optional) - four digits
@@ -12557,7 +12745,7 @@ three letters and six digits
### Pattern
-three letters (not case sensitive) followed by six digits
+three letters (not case-sensitive) followed by six digits
### Checksum
@@ -12601,9 +12789,9 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
### Pattern -- 6 digits representing date of birth in the format YYMMDD-- 4 digits-- 1 check digit
+- six digits representing date of birth in the format YYMMDD
+- four digits
+- one check digit
### Checksum
@@ -12649,7 +12837,7 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
## Poland passport number
-This sensitive information type entity is included in the EU Passport Number sensitive information type and is available as a stand alone sensitive information type entity.
+This sensitive information type entity is included in the EU Passport Number sensitive information type. It's available as a stand-alone sensitive information type entity.
### Format
@@ -12657,7 +12845,7 @@ two letters and seven digits
### Pattern
-Two letters (not case sensitive) followed by seven digits
+Two letters (not case-sensitive) followed by seven digits
### Checksum
@@ -12699,7 +12887,7 @@ This sensitive information type is only available for use in:
### Format
-nine digit or 14 digit number
+9-digit or 14-digit number
### Pattern
@@ -13074,7 +13262,7 @@ one letter followed by six digits with no spaces or delimiters
one letter followed by six digits: -- one letter (not case sensitive)
+- one letter (not case-sensitive)
- six digits ### Checksum
@@ -13158,11 +13346,11 @@ nine digits with optional spaces
### Pattern -- 3 digits
+- three digits
- an optional space-- 3 digits
+- three digits
- an optional space-- 3 digits
+- three digits
### Checksum
@@ -13400,10 +13588,10 @@ This sensitive information type is only available for use in:
### Pattern -- 1 digit from 1-9-- 6 digits representing date of birth (YYMMDD)-- 2 digits which can be 01-52 or 99-- 4 digits
+- one digit from 1-9
+- six digits representing date of birth (YYMMDD)
+- two digits, which can be 01-52 or 99
+- four digits
### Checksum
@@ -13571,11 +13759,11 @@ This sensitive information type is only available for use in:
### Format
-ten digit number
+10-digit number
### Pattern
-ten digit number:
+10-digit number:
- two digits - an optional space or hyphen
@@ -13633,11 +13821,11 @@ This sensitive information type is only available for use in:
### Format
-nine digit number
+nine-digit number
### Pattern
-nine digit number:
+nine-digit number:
- two digits - an optional space or hyphen
@@ -13687,11 +13875,11 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
### Format
-ten digits
+10 digits
### Pattern
-ten consecutive digits
+10 consecutive digits
### Checksum
@@ -13734,7 +13922,7 @@ nine letters and digits
### Pattern - nine letters and digits:-- the letter "F", "G", "S", or "T" (not case sensitive)
+- the letter "F", "G", "S", or "T" (not case-sensitive)
- seven digits - an alphabetic check digit
@@ -13960,10 +14148,10 @@ nine or ten digits containing optional backslash
### Pattern -- 6 digits representing date of birth
+- six digits representing date of birth
- optional slash (/)-- 3 digits-- 1 optional check digit
+- three digits
+- one optional check digit
### Checksum
@@ -14049,7 +14237,7 @@ one digit or letter followed by seven digits with no spaces or delimiters
### Pattern
-one digit or letter (not case sensitive) followed by seven digits
+one digit or letter (not case-sensitive) followed by seven digits
### Checksum
@@ -14524,11 +14712,11 @@ A DLP policy has low confidence that it's detected this type of sensitive inform
### Pattern 13 digits:-- six digits in the format YYMMDD which are the date of birth
+- six digits in the format YYMMDD, which are the date of birth
- four digits - a single-digit citizenship indicator - the digit "8" or "9" -- one digit which is a checksum digit
+- one digit, which is a checksum digit
### Checksum
@@ -14568,7 +14756,7 @@ A DLP policy has high confidence that it's detected this type of sensitive infor
### Pattern 13 digits:-- six digits in the format YYMMDD which are the date of birth
+- six digits in the format YYMMDD, which are the date of birth
- a hyphen - one digit determined by the century and gender - four-digit region-of-birth code
@@ -14975,6 +15163,8 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
## Spain social security number (SSN)
+This sensitive information type entity is included in the EU Social Security Number or Equivalent ID sensitive information type. It's available as a stand-alone sensitive information type entity.
+ ### Format 11-12 digits
@@ -15036,9 +15226,9 @@ Non-resident Spaniards without a Spain National Identity Card
- seven digits - one uppercase letter (case-sensitive)
-Resident Spaniards under the age of 14 years without a Spain National Identity Card :
+Resident Spaniards under the age of 14 years without a Spain National Identity Card:
-- one uppercase letter"K" (case-sensitive)
+- one uppercase letter "K" (case-sensitive)
- seven digits - one uppercase letter (case-sensitive)
@@ -15131,9 +15321,9 @@ The string "User Id", "User ID", "uid", or "UserId" followed by the characters a
- the string "User Id", "User ID", "uid", or "UserId" - any combination of between 1-200 lower- or uppercase letters, digits, symbols, special characters, or spaces-- the string "Password" or "pwd" where "pwd" is not preceded by a lowercase letter
+- the string "Password" or "pwd" where "pwd" isn't preceded by a lowercase letter
- an equal sign (=)-- any character that is not a dollar sign ($), percent symbol (%), greater than symbol (>), at symbol (@), quotation mark ("), semicolon (;), left brace([), or left bracket ({)
+- any character that isn't a dollar sign ($), percent symbol (%), greater than symbol (>), at symbol (@), quotation mark ("), semicolon (;), left brace([), or left bracket ({)
- any combination of 7-128 characters that are not a semicolon (;), forward slash (/), or quotation mark (") - a semicolon (;) or quotation mark (")
@@ -15145,9 +15335,9 @@ No
A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters: - The regular expression CEP_Regex_SQLServerConnectionString finds content that matches the pattern.-- A keyword from CEP_GlobalFilter is **not** found.-- The regular expression CEP_PasswordPlaceHolder does **not** find content that matches the pattern.-- The regular expression CEP_CommonExampleKeywords does **not** find content that matches the pattern.
+- A keyword from CEP_GlobalFilter isn't found.
+- The regular expression CEP_PasswordPlaceHolder doesn't find content that matches the pattern.
+- The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern.
```sql <!SQL Server Connection String>
@@ -15177,7 +15367,7 @@ A DLP policy has high confidence that it's detected this type of sensitive infor
(Note that technically, this sensitive information type identifies these keywords by using a regular expression, not a keyword list.) - Password or pwd followed by 0-2 spaces, an equal sign (=), 0-2 spaces, and an asterisk (*)OR--
+-OR-
- Password or pwd followed by: - Equal sign (=) - Less than symbol (<)
@@ -15377,11 +15567,11 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
### Format
-ten or 12 digits and an optional delimiter
+10 or 12 digits and an optional delimiter
### Pattern
-ten or 12 digits and an optional delimiter:
+10 or 12 digits and an optional delimiter:
- two digits (optional) - Six digits in date format YYMMDD - delimiter of "-" or "+" (optional)
@@ -15508,6 +15698,66 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
- PasseportNon - Passeportn ┬░
+## Sweden social security number or equivalent identification
+This sensitive information type entity is only available in the EU Social Security Number or Equivalent ID sensitive information type.
+
+### Format
+
+12 digits without spaces and delimiters
+
+### Pattern
+
+12 digits:
+
+- eight digits that correspond to the birth date (YYYYMMDD)
+- three digits that correspond to a serial number where:
+ - the last digit in the serial number indicates gender by the assignment of an odd number for male and an even number for female
+ - Before 1990, the assignment of a serial number corresponded to the county where the bearer of the number was born. Or (if born before 1947) where they had been living, according to tax records, on January 1, 1947, with a special code (usually 9 as the seventh digit) for immigrants.
+- one check digit
+
+### Checksum
+
+Yes
+
+### Definition
+
+A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The function `Func_sweden_eu_ssn_or_equivalent` finds content that matches the pattern.
+- A keyword from `Keywords_sweden_eu_ssn_or_equivalent` is found.
+
+A DLP policy is 75% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The function `Func_sweden_eu_ssn_or_equivalent` finds content that matches the pattern.
+
+```xml
+ <!-- EU SSN or Equivalent Number -->
+<Entity id="d24e32a4-c0bb-4ba8-899d-6303b95742d9" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_sweden_eu_ssn_or_equivalent" />
+ <Match idRef="Keywords_sweden_eu_ssn_or_equivalent" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_sweden_eu_ssn_or_equivalent" />
+ </Pattern>
+</Entity>
+```
+
+### Keywords
+
+#### Keywords_sweden_eu_ssn_or_equivalent
+
+- personal id number
+- identification number
+- personal id no
+- identity no
+- identification no
+- personal identification no
+- personnummer id
+- personligt id-nummer
+- unikt id-nummer
+- personnummer
+- identifikationsnumret
+- personnummer#
+- identifikationsnumret#
## Sweden tax identification number This sensitive information type is only available for use in:
@@ -15519,11 +15769,11 @@ This sensitive information type is only available for use in:
### Format
-ten digits and a symbol in the specified pattern
+10 digits and a symbol in the specified pattern
### Pattern
-ten digits and a symbol:
+10 digits and a symbol:
- six digits that correspond to the birth date (YYMMDD) - a plus sign or minus sign
@@ -15600,7 +15850,7 @@ four letters followed by 5-31 letters or digits
### Pattern four letters followed by 5-31 letters or digits:-- four-letter bank code (not case sensitive)
+- four-letter bank code (not case-sensitive)
- an optional space - 4-28 letters or digits (the Basic Bank Account Number (BBAN)) - an optional space
@@ -15747,7 +15997,7 @@ one letter (in English) followed by nine digits
### Pattern one letter (in English) followed by nine digits:-- one letter (in English, not case sensitive)
+- one letter (in English, not case-sensitive)
- the digit "1" or "2" - eight digits
@@ -15850,12 +16100,12 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
### Format
-ten letters and digits
+10 letters and digits
### Pattern
-ten letters and digits:
-- two letters (not case sensitive)
+10 letters and digits:
+- two letters (not case-sensitive)
- eight digits ### Checksum
@@ -15903,7 +16153,7 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
### Pattern 13 digits:-- first digit is not zero or nine
+- first digit isn't zero or nine
- 12 digits ### Checksum
@@ -15989,7 +16239,7 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
- Vatandaşlık no ## U.K. driver's license number
-This sensitive information type entity is included in the EU Driver's License Number sensitive information type and is available as a stand alone sensitive information type entity.
+This sensitive information type entity is included in the EU Driver's License Number sensitive information type. It's available as a stand-alone sensitive information type entity.
### Format
@@ -15998,11 +16248,11 @@ Combination of 18 letters and digits in the specified format
### Pattern 18 letters and digits:-- five letters (not case sensitive) or the digit "9" in place of a letter -- one digit -- five digits in the date format MMDDY for date of birth (7th character is incremented by 50 if driver is female, i.e. 51 to 62 instead of 01 to 12)-- two letters (not case sensitive) or the digit "9" in place of a letter -- five digits
+- Five letters (not case-sensitive) or the digit "9" in place of a letter.
+- One digit.
+- Five digits in the date format MMDDY for date of birth. The seventh character is incremented by 50 if driver is female; for exampe, 51 to 62 instead of 01 to 12.
+- Two letters (not case-sensitive) or the digit "9" in place of a letter.
+- Five digits.
### Checksum
@@ -16053,7 +16303,7 @@ two letters followed by 1-4 digits
### Pattern
-two letters (not case sensitive) followed by 1-4 numbers
+two letters (not case-sensitive) followed by 1-4 numbers
### Checksum
@@ -16096,7 +16346,7 @@ A DLP policy has medium confidence that it's detected this type of sensitive inf
### Pattern 10-17 digits:-- either three or ten digits
+- either 3 or 10 digits
- a space - three digits - a space
@@ -16155,7 +16405,7 @@ A DLP policy has high confidence that it's detected this type of sensitive infor
- Birth Date ## U.K. national insurance number (NINO)
-This sensitive information type entity is included in the EU National Identificaiton Number sensitive information type and is available as a stand alone sensitive information type entity.
+This sensitive information type entity is included in the EU National Identification Number sensitive information type. It's available as a stand-alone sensitive information type entity.
### Format
@@ -16165,9 +16415,9 @@ seven characters or nine characters separated by spaces or dashes
two possible patterns: -- two letters (valid NINOs use only certain characters in this prefix, which this pattern validates; not case sensitive)
+- two letters (valid NINOs use only certain characters in this prefix, which this pattern validates; not case-sensitive)
- six digits-- either 'A', 'B', 'C', or 'D' (like the prefix, only certain characters are allowed in the suffix; not case sensitive)
+- either 'A', 'B', 'C', or 'D' (like the prefix, only certain characters are allowed in the suffix; not case-sensitive)
OR
@@ -16361,7 +16611,7 @@ Depends on the state
### Pattern
-depends on the state -- for example, New York:
+depends on the state - for example, New York:
- nine digits formatted like ddd ddd ddd will match. - nine digits like ddddddddd will not match.
@@ -16664,7 +16914,7 @@ A DLP policy is 55% confident that it's detected this type of sensitive informat
- SSID ## U.S. / U.K. passport number
-The U.K. passport number sensitive information type entity is available in the EU Passport Number sensitive information type and is available as a stand alone sensitive information type entity.
+The U.K. passport number sensitive information type entity is available in the EU Passport Number sensitive information type. It's available as a stand-alone sensitive information type entity.
### Format
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/set-up-compliance-boundaries https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/set-up-compliance-boundaries.md
@@ -103,7 +103,7 @@ After the engineering change is made and the attribute is synchronized to OneDri
The next step is to create the role groups in the Security & Compliance Center that will align with your agencies. We recommend that you create a role group by copying the built-in eDiscovery Managers group, adding the appropriate members, and removing roles that may not be applicable to your needs. For more information about eDiscovery-related roles, see [Assign eDiscovery permissions in the OfficeΓÇì 365 Security & Compliance Center](assign-ediscovery-permissions.md).
-To create the role groups, go to the **Permissions** page in the Security & Compliance Center and create a role group for each team in each agency that will use compliance boundaries and eDiscovery cases to manage investigations.
+To create the role groups, go to the **Permissions** page in the Security & Compliance Center and create a role group for each team in each agency that will use compliance boundaries and eDiscovery cases to manage investigations.
Using the Contoso compliance boundaries scenario, four role groups need to be created and the appropriate members added to each one.
@@ -162,7 +162,7 @@ New-ComplianceSecurityFilter -FilterName "Coho Winery Security Filter" -Users "C
## Step 5: Create an eDiscovery case for intra-agency investigations
-The final step is to create a eDiscovery case in the Security & Compliance Center and then add the role group that you created in Step 3 as a member of the case. This results in two important characteristics of using compliance boundaries:
+The final step is to create a Core eDiscovery case or Advanced eDiscovery case in the Microsoft 365 compliance center and then add the role group that you created in Step 3 as a member of the case. This results in two important characteristics of using compliance boundaries:
- Only members of the role group added to the case will be able to see and access the case in the Security & Compliance Center. For example, if the Fourth Coffee Investigators role group is the only member of a case, then members of the Fourth Coffee eDiscovery Managers role group (or members of any other role group) won't be able to see or access the case.
@@ -170,9 +170,9 @@ The final step is to create a eDiscovery case in the Security & Compliance Cente
To create a case and assign members:
-1. Go to the **eDiscovery** or **Advanced eDiscovery** page in the Security & Compliance Center and create a case.
+1. Go to the **Core eDiscovery** or **Advanced eDiscovery** page in the Microsoft 365 compliance center and create a case.
-2. In the list of eDiscovery cases, click the name of the case you created.
+2. In the list of cases, click the name of the case you created.
3. In the **Manage this case** flyout page, under **Manage role groups**, click ![Add icon](../media/8ee52980-254b-440b-99a2-18d068de62d3.gif) **Add**.
@@ -182,6 +182,9 @@ To create a case and assign members:
5. Click **Save** on the **Manage this case** flyout to save the change.
+> [!NOTE]
+When adding a role group to a case, you can only add the role groups that you are a member of.
+ ## Searching and exporting content in Multi-Geo environments Search permissions filters also let you control where content is routed for export and which datacenter can be searched when searching content locations in a [SharePoint Multi-Geo environment](https://go.microsoft.com/fwlink/?linkid=860840).
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/data-move-faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/data-move-faq.md
@@ -107,7 +107,7 @@ It is not possible to change the signup country associated with your tenant. Ins
## What happens if we are in process of email data migration to Microsoft 365 during the Exchange Online move?
-This is a very common scenario and is fully supported. Cloud migration between datacenter geos does not interfere with any on-premises to cloud mailbox migrations.
+This is a very common scenario and is fully supported. Cloud migration between datacenter geos does not interfere with any on-premises to cloud mailbox migrations.
## Can I pilot some users?
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/hybrid-modern-auth-overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/hybrid-modern-auth-overview.md
@@ -43,7 +43,7 @@ Managing user identities with modern authentication gives administrators many di
Be aware that because Skype for Business works closely with Exchange, the login behavior Skype for Business client users will see will be affected by the modern authentication status of Exchange. This will also apply if you have a Skype for Business _split-domain_ hybrid architecture, in which you have both Skype for Business Online and Skype for Business on-premises, with users homed in both locations.
-For more information about modern authentication in Office 365, see [Office 365 Client App Support - Modern Authentication](microsoft-365-client-support-modern-authentication.md).
+For more information about modern authentication in Office 365, see [Office 365 Client App Support - Multi-factor authentication](microsoft-365-client-support-multi-factor-authentication.md).
> [!IMPORTANT] > As of August of 2017, all new Office 365 tenants that include Skype for Business online and Exchange online will have modern authentication enabled by default. Pre-existing tenants won't have a change in their default MA state, but all new tenants automatically support the expanded set of identity features you see listed above. To check your MA status, see the [Check the modern authentication status of your on-premises environment](hybrid-modern-auth-overview.md#BKMK_CheckStatus) section.
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-client-services-app-support https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-client-services-app-support.md
@@ -0,0 +1,150 @@
+
+ Title: "Microsoft 365 client and services app support"
+++
+audience: ITPro
++
+localization_priority: Normal
+
+- Strat_O365_Enterprise
+- M365-subscription-management
+search.appverid:
+- MET150
+f1.keywords:
+- NOCSH
+description: In this article, find details about Microsoft 365 client and services app support.
++
+# Microsoft 365 client and services app support
+
+Microsoft supports a wide range of security, authentication, and compliance features to keep customer data safe and allows IT administrators to customize policies within the Microsoft 365 admin center for their users. The following features are just a subset of the many enterprise features that you can configure depending on your Microsoft 365 subscription.
+
+## Client and service support
+
+### Continuous access evaluation (preview)
+
+Continuous access evaluation is implemented by enabling services, like Exchange Online, SharePoint Online, and Teams, to subscribe to critical events in Azure Active Directory so that those events can be evaluated and enforced near real time. Critical event evaluation does not rely on Conditional Access policies so is available in any tenant.
+
+The following events are currently evaluated:
+
+- A user account is deleted or disabled
+- The password for a user is changed or reset
+- Multi-factor authentication is enabled for the user
+- Administrator explicitly revokes all refresh tokens for a user
+- Elevated user risk detected by Azure AD Identity Protection
+
+For more information about continuous access evaluation for client and services app support, see [Continuous access evaluation (preview)](/azure/active-directory/conditional-access/concept-continuous-access-evaluation).
+
+## Client support
+
+### Certificate-based authentication
+
+Certificate-based authentication (CBA) is the use of a digital certificate to identify a user, machine, or device before granting access to a resource, network, application, or service. In user authentication, it is often deployed in coordination with traditional methods such as usernames and passwords.
+
+Some traditional solutions only work for users, such as biometrics and one-time passwords (OTP). With certificate-based authentication, the same solution can be used for all endpoints; users, devices, and the growing Internet of Things (IoT).
+
+For more information about certificate-based authentication for client and services app support, see [Microsoft 365 Client App Support: Certificate-based Authentication](microsoft-365-client-support-certificate-based-authentication.md).
+
+### Conditional Access
+
+Conditional Access is the tool used by Azure Active Directory to bring signals together, to make decisions, and enforce organizational access policies. Conditional Access is at the heart of the new identity-driven control model.
+
+Conditional Access policies are if-then statements for granting access to resources. If a user wants to access a resource, then the user must complete an action. Common signals that Conditional Access can use when making a policy access decision include:
+
+- User or group membership
+- IP location information
+- Device information
+- Application information
+- Real-time and calculated risk detection
+- Microsoft Cloud App Security (MCAS)
+
+When making these access decisions, the policies can take different actions:
+
+- The policy can block access: This configuration is the most restrictive action and prevents the user from accessing the resource.
+- The policy can grant access: This configuration is a less restrictive decision and may still require one or more of the following options:
+
+ - Multi-factor authentication
+ - The device to be marked as compliant
+ - The device is hybrid Azure AD joined
+ - An approved client app
+ - App protection policy configured (preview)
+
+For more information about Conditional Access for client and services app support, see:
+
+- [Microsoft 365 Client App Support: Device-based Conditional Access](microsoft-365-client-support-conditional-access.md)
+
+### Mobile application management
+
+Users often access both organization and personal documents, email, and data from the same mobile device. Those devices are often personally owned and should be configured to protect both organization data and the user's personal privacy.
+
+When a user accesses organization data, the organization must be confident that organization policies, such as configuration policies and protection policies, are applied to help protect organization data on the device. Additionally, the user's personal content on the device should remain outside of the organization's control.
+
+For organization-managed content, you can apply application management policies to control how data is accessed, shared, and used by using Microsoft Intune. For example, the following actions are supported:
+
+- Remote wipe the managed organization content (also referred to org data)
+- Prevent pasting organization content into non-organization locations
+- Require a PIN to access organization content
+- Prevent managed apps from running on jailbroken or rooted devices
+- Prevent organization content from being saved to unapproved cloud storage providers
+- Prevent unapproved content from being transferred into managed applications
+- Allow access to organization content only after policies have been applied
+- Deliver application configuration to manage the application's behavior and settings
+- Restrict the managed application to a defined identity by disabling multi-identity capabilities or personal usage
+
+For more information about mobile application management with Microsoft Intune, see [What is Microsoft Intune app management?](/mem/intune/apps/app-management)
+
+### Multi-factor authentication
+
+[Multi-factor authentication (MFA) is a method of computer access control in which a user is granted access only after successfully presenting several separate pieces of evidence to an authentication mechanism. This method typically uses at least two of the following categories:
+
+- Knowledge (something they know)
+- Possession (something they have)
+- Inherence (something they are)
+
+For more information about multi-factor authentication for client and services app support, see [Microsoft 365 Client App Support: Multi-factor authentication](microsoft-365-client-support-multi-factor-authentication.md).
+
+### Single sign-on
+
+Single sign-on (SSO) adds security and convenience when your users sign-on to applications in Azure Active Directory. With single sign-on, users sign in once with one account to access on-premises Active Directory Domain Services (AD DS) domain-joined devices, software as a service (SaaS) applications, and web applications in your organization.
+
+For more information about single sign-on for client and services app support, see [Microsoft 365 Client App Support: Single sign-on](microsoft-365-client-support-single-sign-on.md).
+
+## Services support
+
+### Modern authentication
+
+Modern authentication enables new scenarios for customers to authenticate against Office 365 and for tenant admins to enforce specific authentication requirements across the Office 365 tenancy, such as:
+
+- Multi-factor authentication support for administrative interaction with the tenancy and services, and end-user interaction with applications and their data
+- Conditional access
+- SAML-based third-party identity provider sign-in
+- Smartcard log on personal computers
+- Certificate-based authentication on mobile devices
+- No longer require the transmission of credentials over basic authentication.
+
+For more information about modern authentication services support, see [Authentication vs. authorization](/azure/active-directory/develop/authentication-vs-authorization).
+
+### Azure Active Directory Conditional Access
+
+Azure Active Directory (Azure AD) Conditional Access rules allow customers to control access to online services, based on attributes such as device compliance or network location. The following solutions may be used:
+
+- Azure AD multi-factor authentication-based Conditional Access
+- Azure AD location-based Conditional Access
+- Azure AD device-based Conditional Access
+
+Azure AD Conditional access rules are applied per-application and are available for customers to control access based on different conditions. Using [Mobile Device Management (MDM) or Intune](/mem/intune/fundamentals/what-is-device-management), customers must be able to restrict access to Microsoft 365 to only those users who are using an organization device or who have enrolled their personal device for management. For example, customers may configure Conditional Access rules to enforce controls such as:
+
+- Only allow access from devices that are domain joined or domain compliant
+- Enforce multi-factor authentication for all access to Exchange Online services
+
+For more information about Azure Active Directory Conditional Access, see [What is Conditional Access?](/azure/active-directory/conditional-access/overview)
+
+### TLS 1.2 support
+
+To provide the best-in-class encryption to our customers, Microsoft plans to discontinue support for Transport Layer Security (TLS) versions 1.0 and 1.1 in Office 365 and Office 365 GCC.
+
+We understand that the security of your data is important, and we're committed to transparency about changes that may affect your use of the TLS service. We recommend that all client-server and browser-server combinations use TLS 1.2 (or a later version) to maintain connection to Office 365 services. You might have to update certain client-server and browser-server combinations.
+
+For more information about TLS 1.2 support and services support, see [Preparing for TLS 1.2 in Office 365 and Office 365 GCC](/microsoft-365/compliance/prepare-tls-1.2-in-office-365).
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-client-support-certificate-based-authentication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-client-support-certificate-based-authentication.md
@@ -31,11 +31,11 @@ Modern authentication is enabled through the use of an authentication library, l
Modern authentication supports different authentication mechanisms, like certificate-based authentication. Clients on Windows, Android, or iOS devices can use certificate-based authentication (CBA) to authenticate to Azure Active Directory using a client certificate on the device. Instead of a typical username/password, the certificate is used to obtain an access/refresh token pair from Azure Active Directory.
-Learn more about [certificate-based authentication](https://docs.microsoft.com/azure/active-directory/authentication/active-directory-certificate-based-authentication-get-started).
+Learn more about [certificate-based authentication](/azure/active-directory/authentication/active-directory-certificate-based-authentication-get-started).
## Supported clients & platforms
-The latest versions of the following clients and platforms support certificate-based authentication when signing into Azure Active Directory accounts within the client (for example, when adding an account to the app). For more information about platform support in Microsoft 365, see [System requirements for Microsoft 365](https://www.microsoft.com/microsoft-365/microsoft-365-and-office-resources).
+The latest versions of the following clients and platforms support certificate-based authentication when signing into Azure Active Directory accounts within the client (for example, when adding an account to the app). For more information about platform support in Microsoft 365, see [System requirements for Microsoft 365](/microsoft-365/microsoft-365-and-office-resources).
<br> <br>
@@ -86,7 +86,7 @@ The latest versions of the following clients and platforms support certificate-b
## Supported PowerShell modules -- [Azure Active Directory PowerShell](https://docs.microsoft.com/powershell/azure/active-directory/overview?view=azureadps-2.0)-- [Exchange Online PowerShell](https://docs.microsoft.com/powershell/exchange/exchange-online-powershell)-- [SharePoint Online PowerShell](https://docs.microsoft.com/powershell/sharepoint/sharepoint-online/connect-sharepoint-online)
+- [Azure Active Directory PowerShell](/powershell/azure/active-directory/overview?view=azureadps-2.0)
+- [Exchange Online PowerShell](/powershell/exchange/exchange-online-powershell)
+- [SharePoint Online PowerShell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online)
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-client-support-conditional-access https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-client-support-conditional-access.md
@@ -24,11 +24,11 @@ In the modern workplace, users can access your organization's resources using va
With Azure Active Directory device, location, and multi-factor authentication-based Conditional Access, you can meet this new requirement. Conditional Access is a capability of Azure Active Directory that enables you to enforce controls on the access to apps in your environment, all based on specific conditions and managed from a central location.
-Learn more about [Azure Active Directory Conditional Access](https://docs.microsoft.com/azure/active-directory/conditional-access/).
+Learn more about [Azure Active Directory Conditional Access](/azure/active-directory/conditional-access/).
## Supported clients & platforms
-The latest versions of the following clients and platforms support conditional access. For more information about platform support in Microsoft 365, see [System requirements for Microsoft 365](https://www.microsoft.com/microsoft-365/microsoft-365-and-office-resources).
+The latest versions of the following clients and platforms support conditional access. For more information about platform support in Microsoft 365, see [System requirements for Microsoft 365](/microsoft-365/microsoft-365-and-office-resources).
<br> <br>
@@ -76,6 +76,6 @@ The latest versions of the following clients and platforms support conditional a
## Supported PowerShell modules -- [Azure Active Directory PowerShell](https://docs.microsoft.com/powershell/azure/active-directory/overview?view=azureadps-2.0)-- [Exchange Online PowerShell](https://docs.microsoft.com/powershell/exchange/exchange-online-powershell)-- [SharePoint Online PowerShell](https://docs.microsoft.com/powershell/sharepoint/sharepoint-online/connect-sharepoint-online)
+- [Azure Active Directory PowerShell](/powershell/azure/active-directory/overview?view=azureadps-2.0)
+- [Exchange Online PowerShell](/powershell/exchange/exchange-online-powershell)
+- [SharePoint Online PowerShell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online)
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-client-support-multi-factor-authentication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-client-support-multi-factor-authentication.md
@@ -0,0 +1,84 @@
+
+ Title: "Microsoft 365 Client App Support: Multi-factor authentication"
+++
+audience: ITPro
++
+localization_priority: Normal
+
+- Strat_O365_Enterprise
+- M365-subscription-management
+search.appverid:
+- MET150
+f1.keywords:
+- NOCSH
+description: In this article, learn which platforms, clients, and PowerShell modules support multi-factor authentication for Microsoft 365.
+++
+# Microsoft 365 Client App Support: Multi-factor authentication
+
+*This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise.*
+
+To provide an additional level of security for sign-ins, clients may be configured to use multi-factor authentication (MFA), which uses both a user password and an additional user verification method based on:
+
+- Something in their possession that is not easily duplicated, such as a smart phone.
+- Something the user has uniquely and biologically, such as their fingerprints, face, or other biometric attribute
+
+Learn more about [multi-factor authentication](/azure/active-directory/authentication/multi-factor-authentication).
+
+## Supported clients & platforms
+
+The latest versions of the following clients and platforms support multi-factor authentication. For more information about platform support in Microsoft 365, see [System requirements for Microsoft 365](/microsoft-365/microsoft-365-and-office-resources).
+<br>
+<br>
+
+| Clients | Android | iOS | Mac| Windows 10 <br> Modern Apps| Windows 10 <br> Desktop |
+|:|::|::|::|::|::|
+| Azure Active Directory Admin | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) |
+| Access | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) |
+| Azure Admin | N/A | N/A | N/A | N/A | N/A |
+| Company portal | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A |
+| Cortana | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | ![Supported](../media/check-mark.png) | N/A |
+| Delve | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
+| Edge | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | ![Supported](../media/check-mark.png) |
+| Excel | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) |
+| Exchange Online Admin | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) |
+| Forms | N/A | N/A | N/A | N/A | N/A |
+| Office 365 Admin | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) | |
+| Kaizala | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
+| Office Lens| ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | ![Supported](../media/check-mark.png) | N/A |
+| Office mobile | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
+| Office portal | N/A | N/A | N/A | ![Supported](../media/check-mark.png) | N/A |
+| OneDrive | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) |
+| OneNote | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) |
+| Outlook | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) |
+| Planner | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
+| Power Apps | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | ![Supported](../media/check-mark.png) | N/A |
+| Power Automate | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
+| Power BI | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) |
+| PowerPoint | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) |
+| Project | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) |
+| Publisher | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) |
+| Skype for Business | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | ![Supported](../media/check-mark.png) |
+| Skype for Business Admin | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) |
+| SharePoint | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
+| SharePoint Online Admin | N/A | N/A | N/A | N/A | ![Supported](../media/check-mark.png) |
+| Sticky Notes | N/A | N/A | N/A | ![Supported](../media/check-mark.png) | N/A |
+| Stream | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | N/A | N/A |
+| Sway | N/A | N/A | N/A | ![Supported](../media/check-mark.png) | N/A |
+| Teams | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | ![Supported](../media/check-mark.png) |
+| To Do | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A |
+| Visio | N/A | ![Supported](../media/check-mark.png) | N/A | N/A | ![Supported](../media/check-mark.png) |
+| Whiteboard | Planned | ![Supported](../media/check-mark.png) | N/A | ![Supported](../media/check-mark.png) | N/A |
+| Word | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) |
+| Workplace analysis | N/A | N/A | N/A | N/A | N/A |
+| Yammer | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | ![Supported](../media/check-mark.png) | N/A | ![Supported](../media/check-mark.png) |
+
+## Supported PowerShell modules
+
+- [Azure Active Directory PowerShell](/powershell/azure/active-directory/overview?view=azureadps-2.0)
+- [Exchange Online PowerShell](/powershell/exchange/exchange-online-powershell)
+- [SharePoint Online PowerShell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online)
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-client-support-single-sign-on https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-client-support-single-sign-on.md
@@ -24,11 +24,11 @@
Single sign-on (SSO) adds security and convenience when your users sign-on to applications in Azure Active Directory. With single sign-on, users sign in once with one account to access on-premises Active Directory Domain Services (AD DS) domain-joined devices, software as a service (SaaS) applications, and web applications.
-Learn more about [single sign-on](https://docs.microsoft.com/azure/active-directory/manage-apps/what-is-single-sign-on).
+Learn more about [single sign-on](/azure/active-directory/manage-apps/what-is-single-sign-on).
## Supported clients & platforms
-The latest versions of the following clients and platforms support single sign-on. For more information about platform support in Microsoft 365, see [System requirements for Microsoft 365](https://products.office.com/office-system-requirements).
+The latest versions of the following clients and platforms support single sign-on. For more information about platform support in Microsoft 365, see [System requirements for Microsoft 365](/microsoft-365/microsoft-365-and-office-resources).
<br> <br>
@@ -68,6 +68,6 @@ The latest versions of the following clients and platforms support single sign-o
## Supported PowerShell modules -- [Azure Active Directory PowerShell](https://docs.microsoft.com/powershell/azure/active-directory/overview?view=azureadps-2.0)-- [Exchange Online PowerShell](https://docs.microsoft.com/powershell/exchange/exchange-online-powershell)-- [SharePoint Online PowerShell](https://docs.microsoft.com/powershell/sharepoint/sharepoint-online/connect-sharepoint-online)
+- [Azure Active Directory PowerShell](/powershell/azure/active-directory/overview?view=azureadps-2.0)
+- [Exchange Online PowerShell](/powershell/exchange/exchange-online-powershell)
+- [SharePoint Online PowerShell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online)
knowledge https://docs.microsoft.com/en-us/microsoft-365/knowledge/topic-experiences-discovery-curation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/knowledge/topic-experiences-discovery-curation.md
@@ -37,7 +37,7 @@ AI identifies people and content connected to the topic, and if enough is discov
- People who might be knowledgeable about the topic. - Files, pages, and sites that are related to the topic.
-The properties are identified from the files and pages that are part of the evidence for identifying the topic. Alternate names and acronyms are sourced from these files and pages. The short description is sourced from these files and pages, or from the internet through Wikipedia. The source file, page or Wikipedia article is referenced alongside the suggested properties. People are suggested based on their active contributions (e.g. edits) to the files and pages. A reference to the amount of contributions from a particular person provides a hint as to why the person has been identified. Files, pages and sites are ranked based on whether they are central to the topic, whether they can give an overview or introduction to the topic.
+The properties are identified from the files and pages that are part of the evidence for identifying the topic. Alternate names and acronyms are sourced from these files and pages. The short description is sourced from these files and pages, or from the internet through Wikipedia. The source file, page, or Wikipedia article is referenced alongside the suggested properties. People are suggested based on their active contributions (like edits) to the files and pages. A reference to the amount of contributions from a particular person provides a hint as to why the person has been identified. Files, pages, and sites are ranked based on whether they are central to the topic, whether they can give an overview or introduction to the topic.
Not every identified topic will be useful to your organization or have identified any or the correct alternate names or a description, the appropriate people or content, so the ability to add topics that were not identified, keep suggested topics, and curate topics is critical to improving the quality of the topics that are discoverable in your organization.
@@ -47,25 +47,22 @@ Topic experiences then, when the context is appropriate, suggests these topics t
Additionally, users will also be able to find topics through Microsoft Search.
-![Microsoft Search topic answer](../EfrenCanWeAddAnImageOfSearchHere) </br>
-- ## Topic curation and feedback Topic Experiences welcomes human contribution to improve the quality of your topics. While AI initially identifies and suggests topics, manually made edits to content from contributors, manually added topics, confirmation from users for AI discovered properties and content, and feedback on the usefulness of topics are all essential. - Topics can be reviewed by **knowledge managers** in your organization. The knowledge manager can review topics that they have permissions to see. In the Manage Topics page in the Topic Center, they can choose to confirm AI generated topics ("suggested topics") as valid, reject topics to prevent the content from being viewed as a topic, create topics that were not discovered by AI, or identify topics that could benefit from a few edits by subject matter experts to be more helpful or accurate. See [Manage topics in the Topic center](manage-topics.md) for more information. -- You can assign *Create and edit topics* permissions to any of your licensed users so that they can make changes to existing topics or create new topics. This allows users that are knowledgeable about the topic to update the topic page directly to make corrections or add additional information. They can also add new topics that AI wasn't able to identify. If there is enough information on these manually added topics, and AI is able to identify this type of topic, additional suggestions from AI may enhance these manually added topics. Together, humans and AI can keep knowledge accurate over time and not have this rest on a single person. See [Create a new topic](https://docs.microsoft.com/en-us/microsoft-365/knowledge/create-a-topic) and [Edit a topic](https://docs.microsoft.com/en-us/microsoft-365/knowledge/edit-a-topic) for more information.
+- You can assign *Create and edit topics* permissions to any of your licensed users so that they can make changes to existing topics or create new topics. This allows users that are knowledgeable about the topic to update the topic page directly to make corrections or add additional information. They can also add new topics that AI wasn't able to identify. If there is enough information on these manually added topics, and AI is able to identify this type of topic, additional suggestions from AI may enhance these manually added topics. Together, humans and AI can keep knowledge accurate over time and not have this rest on a single person. See [Create a new topic](https://docs.microsoft.com/microsoft-365/knowledge/create-a-topic) and [Edit a topic](https://docs.microsoft.com/microsoft-365/knowledge/edit-a-topic) for more information.
- Even users who only have read access to topic (topic viewers) will be asked to verify the usefulness of specific topics. Feedback questions are asked on the **Topic summary** card to improve the value of the topic and its information. Questions about the quality and usefulness of the AI suggestions are presented to users one at a time. Questions include: 1. Whether identifying the topic in the SharePoint page was helpful. There's an opportunity to remove the highlight if it's not accurate or helpful. If enough people indicate that a topic is not correctly identified on a particular page, this highlight will eventually be removed for all users.
-2. Whether the suggested topic is valuable to the organization. If enough people indicate that the suggested topic is valuable, the topic is automatically confirmed. Alternateively, if the suggestd topic is not valuable, the topic is automatically rejected. The Knowledge Manager can observe this activity in the Manage Topics view.
+2. Whether the suggested topic is valuable to the organization. If enough people indicate that the suggested topic is valuable, the topic is automatically confirmed. Alternatively, if the suggested topic is not valuable, the topic is automatically rejected. The Knowledge Manager can observe this activity in the Manage Topics view.
3. Whether the people and resource suggestions are helpful.
-4. On the Topic Center home page, you can see the topics in your organization to which you have a connection. You can choose to remain listed on the topic or remove yourself. This feedback is reflected to everyone who discovers this topic. See [Topic center overview](https://docs.microsoft.com/en-us/microsoft-365/knowledge/topic-center-overview) for more details on the topic center home page.
+4. On the Topic Center home page, you can see the topics in your organization to which you have a connection. You can choose to remain listed on the topic or remove yourself. This feedback is reflected to everyone who discovers this topic. See [Topic center overview](https://docs.microsoft.com/microsoft-365/knowledge/topic-center-overview) for more details on the topic center home page.
Even with human edits, AI will continually look for more information about topics, and will look for human verification. For example, if AI thinks you are a person that should be listed as an expert on a topic, it will ask you to confirm this.
knowledge https://docs.microsoft.com/en-us/microsoft-365/knowledge/topic-experiences-overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/knowledge/topic-experiences-overview.md
@@ -66,7 +66,7 @@ When a topic is identified and AI determines that it has enough information for
Your knowledge admins can choose to crawl all SharePoint sites in your tenant for topics, or to just select certain ones.
-See [Topic discovery and curation](https://docs.microsoft.com/en-us/microsoft-365/knowledge/topic-experiences-discovery-curation)
+See [Topic discovery and curation](https://docs.microsoft.com/microsoft-365/knowledge/topic-experiences-discovery-curation)
## Roles
@@ -120,7 +120,7 @@ Users who you allow access to see topics in their daily work might be asked if t
Additionally, users with proper permissions can tag items such as Yammer conversation that are relevant to a topic, and add them to a specific topic.
-See [Topic discovery and curation](https://docs.microsoft.com/en-us/microsoft-365/knowledge/topic-experiences-discovery-curation)
+See [Topic discovery and curation](https://docs.microsoft.com/microsoft-365/knowledge/topic-experiences-discovery-curation)
## See also
security https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-migrate-from-mdatp https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/advanced-hunting-migrate-from-mdatp.md
@@ -109,64 +109,7 @@ AlertInfo
| where FileName == "powershell.exe" ```
-## Migrate custom detection rules
-When Microsoft Defender for Endpoint rules are edited on Microsoft 365 Defender, they continue to function as before if the resulting query looks at device tables only. For example, alerts generated by custom detection rules that query only device tables will continue to be delivered to your SIEM and generate email notifications, depending on how youΓÇÖve configured these in Microsoft Defender for Endpoint. Any existing suppression rules in Defender for Endpoint will also continue to apply.
-
-Once you edit a Defender for Endpoint rule so that it queries identity and email tables, which are only available in Microsoft 365 Defender, the rule is automatically moved to Microsoft 365 Defender.
-
-Alerts generated by the migrated rule:
--- Are no longer visible in the Defender for Endpoint portal (Microsoft Defender Security Center)-- Stop being delivered to your SIEM or generate email notifications. To work around this change, configure notifications through Microsoft 365 Defender to get the alerts. You can use the [Microsoft 365 Defender API](api-incident.md) to receive notifications for customer detection alerts or related incidents.-- Won't be suppressed by Microsoft Defender for Endpoint suppression rules. To prevent alerts from being generated for certain users, devices, or mailboxes, modify the corresponding queries to exclude those entities explicitly.-
-If you do edit a rule this way, you will be prompted for confirmation before such changes are applied.
-
-New alerts generated by custom detection rules in Microsoft 365 Defender portal are displayed in an alert page that provides the following information:
--- Alert title and description -- Impacted assets-- Actions taken in response to the alert-- Query results that triggered the alert -- Information on the custom detection rule
-
-![Image of new alert page](../../media/newalertpage.png)
-
-## Write queries without DeviceAlertEvents
-
-In the Microsoft 365 Defender schema, the `AlertInfo` and `AlertEvidence` tables are provided to accommodate the diverse set of information that accompany alerts from various sources.
-
-To get the same alert information that you used to get from the `DeviceAlertEvents` table in the Microsoft Defender for Endpoint schema, filter the `AlertInfo` table by `ServiceSource` and then join each unique ID with the `AlertEvidence` table, which provides detailed event and entity information.
-
-See the sample query below:
-
-```kusto
-AlertInfo
-| where Timestamp > ago(7d)
-| where ServiceSource == "Microsoft Defender for Endpoint"
-| join AlertEvidence on AlertId
-```
-
-This query yields many more columns than `DeviceAlertEvents` in the Microsoft Defender for Endpoint schema. To keep results manageable, use `project` to get only the columns you are interested in. The example below projects columns you might be interested in when the investigation detected PowerShell activity:
-
-```kusto
-AlertInfo
-| where Timestamp > ago(7d)
-| where ServiceSource == "Microsoft Defender for Endpoint"
- and AttackTechniques has "powershell"
-| join AlertEvidence on AlertId
-| project Timestamp, Title, AlertId, DeviceName, FileName, ProcessCommandLine
-```
-
-If you'd like to filter for specific entities involved in the alerts, you can do so by specifying the entity type in `EntityType` and the value you would like to filter for. The following example looks for a specific IP address:
-
-```kusto
-AlertInfo
-| where Title == "Insert_your_alert_title"
-| join AlertEvidence on AlertId
-| where EntityType == "Ip" and RemoteIP == "192.88.99.01"
-```
## See also - [Turn on Microsoft 365 Defender](advanced-hunting-query-language.md)
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/about-defender-for-office-365-trial https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/about-defender-for-office-365-trial.md
@@ -0,0 +1,119 @@
+
+ Title: "About the Microsoft Defender for Office 365 trial"
+f1.keywords:
+++
+audience: Admin
++
+localization_priority: Normal
+search.appverid:
+- MET150
+ms.assetid:
+
+- M365-security-compliance
+- m365initiative-defender-office365
+
+- seo-marvel-apr2020
+
+description: "Admins can learn about the trial mode of Microsoft Defender for Office 365"
++
+# About the Microsoft Defender for Office 365 trial
+
+Microsoft Defender for Office 365 safeguards your organization against malicious threats that are posed by email messages, links (URLs), and collaboration tools. Defender for Office 365 includes:
+
+- **Threat protection policies**: Define threat-protection policies to set the appropriate level of protection for your organization.
+- **Reports**: View real-time reports to monitor Defender for Office 365 performance in your organization.
+- **Threat investigation and response capabilities**: Use leading-edge tools to investigate, understand, simulate, and prevent threats.
+- **Automated investigation and response capabilities**: Save time and effort investigating and mitigating threats.
+
+A Microsoft Defender for Office 365 trial is the easiest way to try the capabilities of Defender for Office 365, and setting it up only takes a couple of clicks. After the trial setup is complete, all Defender for Office 365 Plan 1 and Plan 2 capabilities are available in the organization for up to 90 days.
+
+> [!NOTE]
+> The automated configuration that's described in this article is currently in Public Preview and might not be available in your location.
+
+## Terms and conditions
+
+The Defender for Office 365 trial is available for 90 days and can initiated for all of your users. For more information, see <link to TOU>.
+
+## Set up a Defender for Office 365 trial
+
+A trial allows organizations to easily set up and configure the Defender for Office 365 capabilities. During setup, policies that are exclusive to Defender for Office 365 (specifically, [Safe Attachments](atp-safe-attachments.md), [Safe Links](atp-safe-links.md), and [impersonation protection in anti-spam policies](set-up-anti-phishing-policies.md#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365)) are applied using the Standard template for [preset security policies](preset-security-policies.md).
+
+By default, these policies are scoped to all users in the organization, but admins can customize the policies during or after setup so they apply only to specific users.
+
+During setup, MDO response functionality (found in MDO P2 or equivalent) is also setup for the entire organization. No policy scoping is required.
+
+## Licensing
+
+As part of the trial setup, the Defender for Office 365 licenses are automatically applied to the organization. The licenses are free of charge for the first 90 days.
+
+## Permissions
+
+To start or end the trial, you need to be a member of the **Global Administrator** or **Security Administrator** roles in Azure Active Directory. For details, see [About admin roles](https://docs.microsoft.com/microsoft-365/admin/add-users/about-admin-roles).
+
+## Additional information
+
+After you enroll in the trial, it might take up to 2 hours for the changes and updates to be available. And, admins must log out and log back in to see the changes.
+
+Admins can disable the trial at any point by going to the <> card.
+
+## Availability
+
+The Defender for Office 365 trial is gradually rolling out to existing customers who meet specific criteria (including geography) and who don't have existing Defender for Office 365 Plan 1 or Plan 2 licenses (included in their subscription or as an add-on).
+
+## Learn more about Defender for Office 365
+
+Defender for Office 365 helps organizations secure their enterprise by offering a comprehensive slate of capabilities.
+
+You can also learn more about Defender for Office 365 at this [interactive guide](https://techcommunity.microsoft.com/t5/video-hub/protect-your-organization-with-microsoft-365-defender/m-p/1671189).
+
+![Microsoft Defender for Office 365 conceptual diagram](../../media/microsoft-defender-for-office-365.png)
+
+### Prevention
+
+A robust filtering stack prevents a wide variety of volume-based and targeted attacks including business email compromise, credential phishing, ransomware, and advanced malware.
+
+- [Anti-phishing policies: Exclusive settings in Defender for Office 365](set-up-anti-phishing-policies.md#exclusive-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365)
+- [Safe Attachments](atp-safe-attachments.md)
+- [Safe Links](atp-safe-links.md)
+
+### Detection
+
+Industry-leading AI detects malicious and suspicious content and correlates attack patterns to identify campaigns designed to evade protection.
+
+- [Campaign Views in Microsoft Defender for Office 365](campaigns.md)
+
+### Investigation and hunting
+
+Powerful experiences help identify, prioritize, and investigate threats, with advanced hunting capabilities to track attacks across Office 365.
+
+- [Threat Explorer and Real-time detections](threat-explorer.md)
+- [Real-time reports in Defender for Office 365](view-reports-for-atp.md)
+- [Threat Trackers - New and Noteworthy](threat-trackers.md)
+- Integration with [Microsoft 365 Defender](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection)
+
+### Response and remediation
+
+Extensive incident response and automation capabilities amplify your security teamΓÇÖs effectiveness and efficiency.
+
+- [Automated investigation and response (AIR) in Microsoft Defender for Office 365](office-365-air.md)
+
+### Awareness and training
+
+Rich simulation and training capabilities along with integrated experiences within client applications build user awareness.
+
+- [Get started using Attack simulation training](attack-simulation-training-get-started.md)
+
+### Secure posture
+
+Recommended templates and configuration insights help customers get and stay secure.
+
+- [Preset security policies in EOP and Microsoft Defender for Office 365](preset-security-policies.md)
+- [Configuration analyzer for protection policies in EOP and Microsoft Defender for Office 365](configuration-analyzer-for-security-policies.md).
+
+## Give feedback
+
+Your feedback helps us get better at protecting your environment from advanced attacks. Share your experience and impressions of product capabilities and trial results.
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/enable-the-report-message-add-in https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/enable-the-report-message-add-in.md
@@ -48,6 +48,7 @@ If you're a global administrator or an Exchange Online administrator, and Exchan
- Outlook 2013 SP1 or later - Outlook 2016 for Mac - Outlook included with Microsoft 365 apps for Enterprise
+ - Outlook app for iOS and Android
- The Report Message add-in is not available for mailboxes in on-premises Exchange organizations.
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/enable-the-report-phish-add-in https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/enable-the-report-phish-add-in.md
@@ -46,6 +46,7 @@ If you're a global administrator or an Exchange Online administrator, and Exchan
- Outlook 2013 SP1 or later - Outlook 2016 for Mac - Outlook included with Microsoft 365 apps for Enterprise
+ - Outlook app for iOS and Android
- The Report Phishing add-in is not available for mailboxes in on-premises Exchange organizations.
@@ -144,4 +145,4 @@ To review messages that users report to Microsoft, you have these options:
- Use the Admin Submissions portal. For more information, see [View user submissions to Microsoft](admin-submission.md#view-user-submissions-to-microsoft). -- Create a mail flow rule (also known as a transport rule) to send copies of reported messages. For instructions, see [Use mail flow rules to see what your users are reporting to Microsoft](use-mail-flow-rules-to-see-what-your-users-are-reporting-to-microsoft.md).
+- Create a mail flow rule (also known as a transport rule) to send copies of reported messages. For instructions, see [Use mail flow rules to see what your users are reporting to Microsoft](use-mail-flow-rules-to-see-what-your-users-are-reporting-to-microsoft.md).
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/identity-access-policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/identity-access-policies.md
@@ -49,7 +49,7 @@ To give you time to accomplish these tasks, we recommend implementing the baseli
|Protection level|Policies|More information| |||| |**Baseline**|[Require MFA when sign-in risk is *medium* or *high*](#require-mfa-based-on-sign-in-risk)||
-||[Block clients that don't support modern authentication](#block-clients-that-dont-support-modern-authentication)|Clients that do not use modern authentication can bypass Conditional Access policies, so it's important to block these.|
+||[Block clients that don't support modern authentication](#block-clients-that-dont-support-multi-factor)|Clients that do not use modern authentication can bypass Conditional Access policies, so it's important to block these.|
||[High risk users must change password](#high-risk-users-must-change-password)|Forces users to change their password when signing in if high-risk activity is detected for their account.| ||[Apply app data protection policies](#apply-app-data-protection-policies)|One Intune App Protection policy per platform (Windows, iOS/iPadOS, Android).| ||[Require approved apps and app protection](#require-approved-apps-and-app-protection)|Enforces mobile app protection for phones and tablets using iOS, iPadOS, or Android.|
@@ -138,11 +138,11 @@ Finally, select **On** for **Enable policy**, and then choose **Create**.
Also consider using the [What if](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access-whatif) tool to test the policy.
-## Block clients that don't support modern authentication
+## Block clients that don't support multi-factor
-Use the settings in these tables for a Conditional Access policy to block clients that don't support modern authentication.
+Use the settings in these tables for a Conditional Access policy to block clients that don't support multi-factor authentication.
-See [this article](../../enterprise/microsoft-365-client-support-modern-authentication.md) for a list of clients in Microsoft 365 that do suppport modern authentication.
+See [this article](../../enterprise/microsoft-365-client-support-multi-factor-authentication.md) for a list of clients in Microsoft 365 that do support multi-factor authentication.
In the **Assignments** section:
@@ -243,7 +243,7 @@ To create the Conditional Access policy that requires Edge for iOS and Android,
These policies leverage the grant controls [Require approved client app](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-conditional-access-grant#require-approved-client-app) and [Require app protection policy](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-conditional-access-grant#require-app-protection-policy).
-Finally, blocking legacy authentication for other client apps on iOS and Android devices ensures that these clients cannot bypass Conditional Access policies. If you're following the guidance in this article, you've already configured [Block clients that don't support modern authentication](#block-clients-that-dont-support-modern-authentication).
+Finally, blocking legacy authentication for other client apps on iOS and Android devices ensures that these clients cannot bypass Conditional Access policies. If you're following the guidance in this article, you've already configured [Block clients that don't support modern authentication](#block-clients-that-dont-support-multi-factor).
<! With Conditional Access, organizations can restrict access to approved (modern authentication capable) iOS and Android client apps with Intune app protection policies applied to them. Several Conditional Access policies are required, with each policy targeting all potential users. Details on creating these policies can be found in [Require app protection policy for cloud app access with Conditional Access](https://docs.microsoft.com/azure/active-directory/conditional-access/app-protection-based-conditional-access).
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/identity-access-prerequisites https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/identity-access-prerequisites.md
@@ -102,7 +102,7 @@ The following clients are recommended when a secure documents policy has been ap
For more information about client support in Microsoft 365, see the following articles: - [Microsoft 365 Client App Support - Conditional Access](../../enterprise/microsoft-365-client-support-conditional-access.md)-- [Microsoft 365 Client App Support - Modern Authentication](../../enterprise/microsoft-365-client-support-modern-authentication.md)
+- [Microsoft 365 Client App Support - Multi-factor authentication](../../enterprise/microsoft-365-client-support-multi-factor-authentication.md)
## Protecting administrator accounts
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/install-app-guard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/install-app-guard.md
@@ -39,7 +39,7 @@ information about system requirements and installation steps to enable Applicati
### Minimum software requirements * **Windows 10**: Windows 10 Enterprise edition, Client Build version 2004 (20H1) build 19041 or later
-* **Office**: Office Current Channel Build version 2011 16.0.13530.10000 or later
+* **Office**: Office Current Channel Build version 2011 16.0.13530.10000 or later. Both 32-bit and 64-bit versions of Office are supported.
* **Update package**: Windows 10 cumulative monthly security update [KB4571756](https://support.microsoft.com/help/4571756/windows-10-update-KB4571756) For detailed system requirements, refer to [System requirements for Microsoft Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard). To learn more about Office update channels, see [Overview of update channels for Microsoft 365](https://docs.microsoft.com/deployoffice/overview-update-channels).
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft.md
@@ -37,8 +37,10 @@ In Microsoft 365 organizations with mailboxes in Exchange Online or standalone E
|[Report junk and phishing email in Outlook on the web](report-junk-email-and-phishing-scams-in-outlook-on-the-web-eop.md)|Use the built-in capabilities in Outlook on the web for organizations with Exchange Online mailboxes (not available in standalone EOP). <p> Messages that users report are available in [the Admin Submissions portal](admin-submission.md). <p> You can configure reported messages to be copied or redirected to a mailbox that you specify. For more information, see [User submissions policies](user-submission.md).| |[Report junk and phishing email in Outlook for iOS and Android](report-junk-email-and-phishing-scams-in-outlook-for-iOS-and-Android.md)|Use the built-in capabilities in Outlook for iOS and Android for organizations with Exchange Online mailboxes (not available in standalone EOP). <p> Messages that users report are available in [the Admin Submissions portal](admin-submission.md). <p> You can configure reported messages to be copied or redirected to a mailbox that you specify. For more information, see [User submissions policies](user-submission.md).| |[Manually submit messages to Microsoft for analysis](submit-spam-non-spam-and-phishing-scam-messages-to-microsoft-for-analysis.md)|Manually send attached messages to specific Microsoft email addresses for spam, not spam, and phishing.|
-|[Use mail flow rules to see what your users are reporting to Microsoft](use-mail-flow-rules-to-see-what-your-users-are-reporting-to-microsoft.md)|Learn how to create a mail flow rule (also known as a transport rule) that notifies you when users report messages to Microsoft for analysis.
-|||
+|[Use mail flow rules to see what your users are reporting to Microsoft](use-mail-flow-rules-to-see-what-your-users-are-reporting-to-microsoft.md)|Learn how to create a mail flow rule (also known as a transport rule) that notifies you when users report messages to Microsoft for analysis.|
|[Submit malware and non-malware to Microsoft for analysis](submitting-malware-and-non-malware-to-microsoft-for-analysis.md)|Use the Microsoft Security Intelligence site to submit attachments and other files.| If the spam or phishing messages were quarantined instead of delivered, users can report the messages to Microsoft from the Quarantine portal in the Security & Compliance Center. For details, see [Find and release quarantined messages as a user in Microsoft 365](find-and-release-quarantined-messages-as-a-user.md).+
+> [!NOTE]
+> Data from submissions to Microsoft resides in the Office 365 compliance boundary in North American data centers. The data is reviewed by analysts on the engineering team to help improve the effectiveness of the filters.
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/secure-email-recommended-policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/secure-email-recommended-policies.md
@@ -44,7 +44,7 @@ If you included Exchange Online and Outlook in the scope of the policies when yo
|Protection level|Policies|More information| |||| |**Baseline**|[Require MFA when sign-in risk is *medium* or *high*](identity-access-policies.md#require-mfa-based-on-sign-in-risk)|Include Exchange Online in the assignment of cloud apps|
-||[Block clients that don't support modern authentication](identity-access-policies.md#block-clients-that-dont-support-modern-authentication)|Include Exchange Online in the assignment of cloud apps|
+||[Block clients that don't support modern authentication](identity-access-policies.md#block-clients-that-dont-support-multi-factor)|Include Exchange Online in the assignment of cloud apps|
||[Apply APP data protection policies](identity-access-policies.md#apply-app-data-protection-policies)|Be sure Outlook is included in the list of apps. Be sure to update the policy for each platform (iOS, Android, Windows)| ||[Require approved apps and APP protection](identity-access-policies.md#require-approved-apps-and-app-protection)|Include Exchange Online in the list of cloud apps| ||[Require compliant PCs](identity-access-policies.md#require-compliant-pcs-but-not-compliant-phones-and-tablets)|Include Exchange Online in list of cloud apps|
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/sharepoint-file-access-policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/sharepoint-file-access-policies.md
@@ -45,7 +45,7 @@ The following table lists the policies you either need to review and update or c
|Protection level|Policies|More information| |||| |**Baseline**|[Require MFA when sign-in risk is *medium* or *high*](identity-access-policies.md#require-mfa-based-on-sign-in-risk)|Include SharePoint in the assignment of cloud apps.|
-||[Block clients that don't support modern authentication](identity-access-policies.md#block-clients-that-dont-support-modern-authentication)|Include SharePoint in the assignment of cloud apps.|
+||[Block clients that don't support modern authentication](identity-access-policies.md#block-clients-that-dont-support-multi-factor)|Include SharePoint in the assignment of cloud apps.|
||[Apply APP data protection policies](identity-access-policies.md#apply-app-data-protection-policies)|Be sure all recommended apps are included in the list of apps. Be sure to update the policy for each platform (iOS, Android, Windows).| ||[Require compliant PCs](identity-access-policies.md#require-compliant-pcs-but-not-compliant-phones-and-tablets)|Include SharePoint in list of cloud apps.| ||[Use app enforced restrictions in SharePoint](#use-app-enforced-restrictions-in-sharepoint)|Add this new policy. This tells Azure Active Directory (Azure AD) to use the settings specified in SharePoint. This policy applies to all users, but only affects access to sites included in SharePoint access policies.|
security https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/teams-access-policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/teams-access-policies.md
@@ -27,11 +27,11 @@ This article describes how to implement the recommended identity and device-acce
These recommendations are based on three different tiers of security and protection for Teams that can be applied based on the granularity of your needs: baseline, sensitive, and highly regulated. You can learn more about these security tiers and the recommended policies referenced by these recommendations in the [Identity and device access configurations](microsoft-365-policies-configurations.md).
-Additional recommendations specific to Teams deployment are included in this article to cover specific authentication circumstances, including for users outside your organization. You will need to follow this guidance for a complete security experience.
+More recommendations specific to Teams deployment are included in this article to cover specific authentication circumstances, including for users outside your organization. You will need to follow this guidance for a complete security experience.
## Getting started with Teams before other dependent services
-You don't need to enable dependent services to get started with Microsoft Teams. These will all "just work." However, you do need to be prepared to manage the following:
+You don't need to enable dependent services to get started with Microsoft Teams. These services will all "just work." However, you do need to be prepared to manage the following service-related elements:
- Microsoft 365 groups - SharePoint team sites
@@ -47,7 +47,7 @@ To protect chat, groups and content in Teams, the following diagram illustrates
[See a larger version of this image](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/media/microsoft-365-policies-configurations/identity-access-ruleset-teams.png)
-These are the dependent services to include in the assignment of cloud apps for Teams:
+These services are the dependent services to include in the assignment of cloud apps for Teams:
- Microsoft Teams - SharePoint and OneDrive for Business
@@ -60,20 +60,20 @@ This table lists the policies that need to be revisited and links to each policy
|Protection level|Policies|Further information for Teams implementation| ||||
-|**Baseline**|[Require MFA when sign-in risk is *medium* or *high*](identity-access-policies.md#require-mfa-based-on-sign-in-risk)|Be sure Teams and dependent services are included in the list of apps. Teams has Guest Access and External Access rules to consider as well, you'll learn more about these later in this article.|
-||[Block clients that don't support modern authentication](identity-access-policies.md#block-clients-that-dont-support-modern-authentication)|Include Teams and dependent services in the assignment of cloud apps.|
+|**Baseline**|[Require MFA when sign-in risk is *medium* or *high*](identity-access-policies.md#require-mfa-based-on-sign-in-risk)|Be sure Teams and dependent services are included in the list of apps. Teams has Guest Access and External Access rules to consider as well, you'll learn more about these rules later in this article.|
+||[Block clients that don't support modern authentication](identity-access-policies.md#block-clients-that-dont-support-multi-factor)|Include Teams and dependent services in the assignment of cloud apps.|
||[High risk users must change password](identity-access-policies.md#high-risk-users-must-change-password)|Forces Teams users to change their password when signing in if high-risk activity is detected for their account. Be sure Teams and dependent services are included in the list of apps.| ||[Apply APP data protection policies](identity-access-policies.md#apply-app-data-protection-policies)|Be sure Teams and dependent services are included in the list of apps. Update the policy for each platform (iOS, Android, Windows).| ||[Define device compliance policies](identity-access-policies.md#define-device-compliance-policies)|Include Teams and dependent services in this policy.| ||[Require compliant PCs](identity-access-policies.md#require-compliant-pcs-but-not-compliant-phones-and-tablets)|Include Teams and dependent services in this policy.|
-|**Sensitive**|[Require MFA when sign-in risk is *low*, *medium* or *high*](identity-access-policies.md#require-mfa-based-on-sign-in-risk)|Teams has Guest Access and External Access rules to consider as well, you'll learn more about these later in this article. Include Teams and dependent services in this policy.|
+|**Sensitive**|[Require MFA when sign-in risk is *low*, *medium* or *high*](identity-access-policies.md#require-mfa-based-on-sign-in-risk)|Teams has Guest Access and External Access rules to consider as well, you'll learn more about these rules later in this article. Include Teams and dependent services in this policy.|
||[Require compliant PCs *and* mobile devices](identity-access-policies.md#require-compliant-pcs-and-mobile-devices)|Include Teams and dependent services in this policy.| |**Highly regulated**|[*Always* require MFA](identity-access-policies.md#require-mfa-based-on-sign-in-risk)|Regardless of user identity, MFA will be used by your organization. Include Teams and dependent services in this policy. | | ## Teams dependent services architecture
-For reference, the following diagram illustrates the services Teams relies on. For more information and additional illustrations, see [Microsoft Teams and related productivity services in Microsoft 365 for IT architects](../../solutions/productivity-illustrations.md).
+For reference, the following diagram illustrates the services Teams relies on. For more information and illustrations, see [Microsoft Teams and related productivity services in Microsoft 365 for IT architects](../../solutions/productivity-illustrations.md).
[![Diagram showing Teams dependencies on SharePoint, OneDrive for Business, and Exchange](../../media/microsoft-365-policies-configurations/identity-access-logical-architecture-teams.png)](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/media/microsoft-365-policies-configurations/identity-access-logical-architecture-teams.png)
@@ -81,7 +81,7 @@ For reference, the following diagram illustrates the services Teams relies on. F
## Guest and external access for Teams
-Microsoft Teams defines the following:
+Microsoft Teams defines the following access types:
- **Guest access** uses an Azure AD B2B account for a guest or external user that can be added as a member of a team and have all permissioned access to the communication and resources of the team.
@@ -104,7 +104,7 @@ For more information about guest access and how to implement it, see [Teams gue
### External access in Teams
-External access is sometimes confused with guest access, so it's important to be clear that these two non-internal access mechanisms are actually quite different.
+External access is sometimes confused with guest access, so it's important to be clear that these two non-internal access mechanisms are different types of access.
External access is a way for Teams users from an entire external domain to find, call, chat, and set up meetings with your users in Teams. Teams administrators configure external access at the organization level. For more information, see [Manage external access in Microsoft Teams](https://docs.microsoft.com/microsoftteams/manage-external-access).
@@ -128,9 +128,9 @@ Messaging, or chat, can also be managed through the default global policy, or th
### Meeting policies
-No discussion of Teams would be complete without planning and implementing policies around Teams meetings. Meetings are an essential component of Teams, allowing people to formally meet and present to many users at once, as well as share content relevant to the meeting. Setting the right policies for your organization around meetings is essential.
+No discussion of Teams would be complete without planning and implementing policies around Teams meetings. Meetings are an essential component of Teams, allowing people to formally meet and present to many users at once, and to share content relevant to the meeting. Setting the right policies for your organization around meetings is essential.
-Please review [Manage meeting policies in Teams](https://docs.microsoft.com/microsoftteams/meeting-policies-in-teams) for more information.
+For more information, review [Manage meeting policies in Teams](https://docs.microsoft.com/microsoftteams/meeting-policies-in-teams).
### App permission policies
security https://docs.microsoft.com/en-us/microsoft-365/security/top-security-tasks-for-remote-work https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/top-security-tasks-for-remote-work.md
@@ -69,7 +69,7 @@ Applying these policies will take only a few minutes, but be prepared to support
||| |Microsoft 365 plans (without Azure AD P1 or P2)|[Enable Security defaults in Azure AD](https://docs.microsoft.com/azure/active-directory/fundamentals/concept-fundamentals-security-defaults). Security defaults in Azure AD include MFA for users and administrators.| |Microsoft 365 E3 (with Azure AD P1)|Use [Common Conditional Access policies](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-conditional-access-policy-common) to configure the following policies: <br/>- [Require MFA for administrators](https://docs.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-policy-admin-mfa) <br/>- [Require MFA for all users](https://docs.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa) <br/> - [Block legacy authentication](https://docs.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-policy-block-legacy)|
-|Microsoft 365 E5 (with Azure AD P2)|Taking advantage of Azure AD Identity Protection, begin to implement Microsoft's [recommended set of conditional access and related policies](./office-365-security/identity-access-policies.md) by creating these two policies:<br/> - [Require MFA when sign-in risk is medium or high](./office-365-security/identity-access-policies.md#require-mfa-based-on-sign-in-risk) <br/>- [Block clients that don't support modern authentication](./office-365-security/identity-access-policies.md#block-clients-that-dont-support-modern-authentication)<br/>- [High risk users must change password](./office-365-security/identity-access-policies.md#high-risk-users-must-change-password)|
+|Microsoft 365 E5 (with Azure AD P2)|Taking advantage of Azure AD Identity Protection, begin to implement Microsoft's [recommended set of conditional access and related policies](./office-365-security/identity-access-policies.md) by creating these two policies:<br/> - [Require MFA when sign-in risk is medium or high](./office-365-security/identity-access-policies.md#require-mfa-based-on-sign-in-risk) <br/>- [Block clients that don't support modern authentication](./office-365-security/identity-access-policies.md#block-clients-that-dont-support-multi-factor)<br/>- [High risk users must change password](./office-365-security/identity-access-policies.md#high-risk-users-must-change-password)|
| ## 2: Protect against threats
solutions https://docs.microsoft.com/en-us/microsoft-365/solutions/empower-people-to-work-remotely-secure-sign-in https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/empower-people-to-work-remotely-secure-sign-in.md
@@ -33,7 +33,7 @@ There are three ways to require your users to use MFA based on your Microsoft 36
||| |All Microsoft 365 plans (without Azure AD Premium P1 or P2 licenses) |[Enable Security defaults in Azure AD](https://docs.microsoft.com/azure/active-directory/fundamentals/concept-fundamentals-security-defaults). Security defaults in Azure AD include MFA for users and administrators. | |Microsoft 365 E3 (includes Azure AD Premium P1 licenses) | Use [Common Conditional Access policies](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-conditional-access-policy-common) to configure the following policies: <br>- [Require MFA for administrators](https://docs.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-policy-admin-mfa) <br>- [Require MFA for all users](https://docs.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa) <br> - [Block legacy authentication](https://docs.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-policy-block-legacy) |
-|Microsoft 365 E5 (includes Azure AD Premium P2 licenses) | Taking advantage of Azure AD Identity Protection, begin to implement Microsoft's [recommended set of Conditional Access and related policies](../security/office-365-security/identity-access-policies.md) by creating these policies:<br> - [Require MFA when sign-in risk is medium or high](../security/office-365-security/identity-access-policies.md#require-mfa-based-on-sign-in-risk) <br>- [Block clients that don't support modern authentication](../security/office-365-security/identity-access-policies.md#block-clients-that-dont-support-modern-authentication)<br>- [High risk users must change password](../security/office-365-security/identity-access-policies.md#high-risk-users-must-change-password) |
+|Microsoft 365 E5 (includes Azure AD Premium P2 licenses) | Taking advantage of Azure AD Identity Protection, begin to implement Microsoft's [recommended set of Conditional Access and related policies](../security/office-365-security/identity-access-policies.md) by creating these policies:<br> - [Require MFA when sign-in risk is medium or high](../security/office-365-security/identity-access-policies.md#require-mfa-based-on-sign-in-risk) <br>- [Block clients that don't support modern authentication](../security/office-365-security/identity-access-policies.md#block-clients-that-dont-support-multi-factor)<br>- [High risk users must change password](../security/office-365-security/identity-access-policies.md#high-risk-users-must-change-password) |
| | | ## Security defaults