Updates from: 02/06/2021 04:23:16
Category Microsoft Docs article Related commit history on GitHub Change details
admin https://docs.microsoft.com/en-us/microsoft-365/admin/add-users/about-guest-users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/about-guest-users.md
@@ -15,7 +15,6 @@
- Adm_TOC - AdminSurgePortfolio-- okr_smb search.appverid: - BCS160 - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/add-users/azure-ad-roles-in-the-mac https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/azure-ad-roles-in-the-mac.md
@@ -15,7 +15,6 @@
- Adm_TOC - AdminSurgePortfolio-- okr_smb description: "Manage these Azure admin roles in the Microsoft 365 admin center."
admin https://docs.microsoft.com/en-us/microsoft-365/admin/add-users/intune-admin-roles-in-the-mac https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/intune-admin-roles-in-the-mac.md
@@ -15,7 +15,6 @@
- Adm_TOC - AdminSurgePortfolio-- okr_smb description: "Admin roles map to business functions and give permissions to do specific tasks in the admin center. For example, the Service admin opens support tickets with Microsoft."
admin https://docs.microsoft.com/en-us/microsoft-365/admin/admin-overview/get-started-with-office-365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/get-started-with-office-365.md
@@ -33,8 +33,7 @@ Your organization recently got Microsoft 365, and now you need to use it so you
****
-> [!VIDEO https://www.microsoft.com/videoplayer/embed/7dbafb22-263b-4544-9774-508728c6e01b?autoplay=false]
-
+ ::: moniker-end ## Training resources for your users
admin https://docs.microsoft.com/en-us/microsoft-365/admin/dns/create-dns-records-at-godaddy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/dns/create-dns-records-at-godaddy.md
@@ -16,7 +16,6 @@
- Adm_O365_Setup - AdminSurgePortfolio-- okr_smb search.appverid: - BCS160 - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/email/add-another-email-alias-for-a-user https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/add-another-email-alias-for-a-user.md
@@ -15,7 +15,6 @@
- Adm_TOC - MSStore_Link-- okr_smb - AdminSurgePortfolio search.appverid: - BCS160
admin https://docs.microsoft.com/en-us/microsoft-365/admin/email/configure-a-shared-mailbox https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/configure-a-shared-mailbox.md
@@ -16,7 +16,6 @@
- MSStore_Link - AdminSurgePortfolio-- okr_smb search.appverid: - BCS160 - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/get-help-with-domains/buy-a-domain-name https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/buy-a-domain-name.md
@@ -16,7 +16,6 @@
- Adm_O365_Setup - AdminSurgePortfolio-- okr_smb search.appverid: - BCS160 - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/get-help-with-domains/information-for-dns-records https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/information-for-dns-records.md
@@ -16,7 +16,6 @@
- Adm_O365_Setup - AdminSurgePortfolio-- okr_smb search.appverid: - BCS160 - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/get-help-with-domains/set-up-your-domain-host-specific-instructions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/set-up-your-domain-host-specific-instructions.md
@@ -14,7 +14,6 @@
- Adm_O365 - Adm_TOC -- okr_smb - AdminSurgePortfolio search.appverid: - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/get-help-with-domains/transfer-a-domain-from-microsoft-to-another-host https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/transfer-a-domain-from-microsoft-to-another-host.md
@@ -16,7 +16,6 @@
- Adm_O365_Setup - AdminSurgePortfolio-- okr_smb search.appverid: - BCS160 - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/manage/show-hide-new-features https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/show-hide-new-features.md
@@ -18,7 +18,7 @@ search.appverid:
- BCS160 - MET150 - MOE150
-description: "Decide which Office features to show or hide when a user chooses Help > What's New in their Office app on Windows by using the "What's new in Office" feature in the Microsoft 365 admin center."
+description: "Decide which Office features to show or hide when a user chooses Help > What's New in their Office app on Windows by using the 'What's new in Office' feature in the Microsoft 365 admin center."
# Manage which OfficeΓÇÄ features appear in What's New
admin https://docs.microsoft.com/en-us/microsoft-365/admin/manage/use-qr-code-download-outlook https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/use-qr-code-download-outlook.md
@@ -37,9 +37,9 @@ This experience is on by default. To disable this feature, follow the steps belo
2. Using PowerShell, you can disable the notifications informing your users about the Outlook mobile apps. This will also prevent the QR code sign-in flow from being shown. ```powershell
-Set-Organization -MobileAppEducationEnabled <Boolean>
+Set-OrganizationConfig -MobileAppEducationEnabled <Boolean>
``` Related topics
-[Set-OrganizationConfig](https://docs.microsoft.com/powershell/module/exchange/set-organizationconfig?view=exchange-ps)
+[Set-OrganizationConfig](https://docs.microsoft.com/powershell/module/exchange/set-organizationconfig?view=exchange-ps)
admin https://docs.microsoft.com/en-us/microsoft-365/admin/misc/set-up-dns-records-vsb https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/set-up-dns-records-vsb.md
@@ -19,7 +19,6 @@ search.appverid:
description: "Learn to verify your domain and create DNS records with Microsoft 365." -- okr_smb - AdminSurgePortfolio
admin https://docs.microsoft.com/en-us/microsoft-365/admin/misc/types-of-users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/types-of-users.md
@@ -15,7 +15,6 @@
- Adm_NonTOC - AdminSurgePortfolio-- okr_smb search.appverid: - BCS160 - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/setup/setup-apps-for-business https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/setup-apps-for-business.md
@@ -18,7 +18,6 @@
- TRN_M365B - OKR_SMB_Videos-- okr_smb - AdminSurgePortfolio search.appverid: - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/setup/setup-business-basic https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/setup-business-basic.md
@@ -18,7 +18,6 @@
- TRN_M365B - OKR_SMB_Videos-- okr_smb - AdminSurgePortfolio search.appverid: - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/setup/setup-business-standard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/setup-business-standard.md
@@ -18,7 +18,6 @@
- TRN_M365B - OKR_SMB_Videos-- okr_smb - AdminSurgePortfolio search.appverid: - MET150
admin https://docs.microsoft.com/en-us/microsoft-365/admin/setup/setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/setup.md
@@ -18,7 +18,6 @@
- TRN_M365B - OKR_SMB_Videos-- okr_smb - AdminSurgePortfolio search.appverid: - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/act-on-report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/act-on-report.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/add-admin https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/add-admin.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/add-domain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/add-domain.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/add-user https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/add-user.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/admin-center-overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/admin-center-overview.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/admin-mobile https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/admin-mobile.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/anti-malware https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/anti-malware.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/business-voice https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/business-voice.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/buy-business-voice https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/buy-business-voice.md
@@ -17,7 +17,6 @@ monikerRange: 'o365-worldwide'
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/buy-licenses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/buy-licenses.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/change-subscription https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/change-subscription.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/change-user-name-email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/change-user-name-email.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/choose-subscription https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/choose-subscription.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/collab-outlook-teams https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/collab-outlook-teams.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/company-wide-signature https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/company-wide-signature.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/connect https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/connect.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/create-sensitivity-labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/create-sensitivity-labels.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/create-web-site https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/create-web-site.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/delete-user https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/delete-user.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/employee-quick-setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/employee-quick-setup.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/files-to-onedrive https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/files-to-onedrive.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/files-to-sharepoint https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/files-to-sharepoint.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/find-help-answers https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/find-help-answers.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/get-help-support https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/get-help-support.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/group-email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/group-email.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/import-email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/import-email.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/install-apps-android https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/install-apps-android.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/install-apps-ios https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/install-apps-ios.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/install-office https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/install-office.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/join-guest-meeting https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/join-guest-meeting.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/join-team-guest https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/join-team-guest.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/moveto-microsoft-365/add-google-domain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/moveto-microsoft-365/add-google-domain.md
@@ -15,7 +15,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/moveto-microsoft-365/cancel-google https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/moveto-microsoft-365/cancel-google.md
@@ -15,7 +15,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/moveto-microsoft-365/connect-domain-tom365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/moveto-microsoft-365/connect-domain-tom365.md
@@ -15,7 +15,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/moveto-microsoft-365/migrate-email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/moveto-microsoft-365/migrate-email.md
@@ -15,7 +15,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/moveto-microsoft-365/move-from-google-workspace-overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/moveto-microsoft-365/move-from-google-workspace-overview.md
@@ -15,7 +15,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/moveto-microsoft-365/mover-migrate-files https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/moveto-microsoft-365/mover-migrate-files.md
@@ -15,7 +15,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/moveto-microsoft-365/set-up-microsoft-365-forgoogle https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/moveto-microsoft-365/set-up-microsoft-365-forgoogle.md
@@ -15,7 +15,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/org-wide-team https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/org-wide-team.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/overview-bookings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/overview-bookings.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/overview-file-sharing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/overview-file-sharing.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/overview-m365-security https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/overview-m365-security.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/overview-online-meetings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/overview-online-meetings.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/plan-event https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/plan-event.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/prevent-ransom-in-email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/prevent-ransom-in-email.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/reset-user-passwords https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/reset-user-passwords.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/safe-attachments https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/safe-attachments.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/safe-links https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/safe-links.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/schedule-guest-meeting https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/schedule-guest-meeting.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/secure-office-on-ios https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/secure-office-on-ios.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/secure-win-10-pro-devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/secure-win-10-pro-devices.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/secure-win10-pcs https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/secure-win10-pcs.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/securely-share-files-externally https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/securely-share-files-externally.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/set-up-dlp https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/set-up-dlp.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/set-up-mfa https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/set-up-mfa.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/set-up-self-serve-password-reset https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/set-up-self-serve-password-reset.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/set-up https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/set-up.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/setup-anti-phishing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/setup-anti-phishing.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/setup-outlook https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/setup-outlook.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/setup-overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/setup-overview.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/share-files-externally https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/share-files-externally.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/shared-calendar https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/shared-calendar.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/sign-up https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/sign-up.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/start-and-pin-chats https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/start-and-pin-chats.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/stop-email-auto-forward https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/stop-email-auto-forward.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/store-files https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/store-files.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/team-with-guests https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/team-with-guests.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/turn-on-mfa https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/turn-on-mfa.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/update-payment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/update-payment.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/upgrade https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/upgrade.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/view-bill https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/view-bill.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb monikerRange: 'o365-worldwide' search.appverid: - BCS160
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/what-is-admin https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/what-is-admin.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/what-is-microsoft-365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/what-is-microsoft-365.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - MET150 description: "Learn about Microsoft 365 Business Premium features."
business-video https://docs.microsoft.com/en-us/microsoft-365/business-video/work-from-anywhere https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/work-from-anywhere.md
@@ -16,7 +16,6 @@
- AdminSurgePortfolio - adminvideo-- okr_smb search.appverid: - BCS160 - MET150
business https://docs.microsoft.com/en-us/microsoft-365/business/migrate-from-microsoft-365-business-to-microsoft-365-enterprise https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business/migrate-from-microsoft-365-business-to-microsoft-365-enterprise.md
@@ -140,9 +140,7 @@ Microsoft 365 Business Premium includes Windows 10 Business, which you can insta
Your Microsoft 365 Apps for business client installed on your devices will automatically begin to use the features of Microsoft 365 Apps for enterprise. After migration, you can now use:
+ - Group Policy support
- Spreadsheet compare and inquire - Business intelligence
commerce https://docs.microsoft.com/en-us/microsoft-365/commerce/billing-and-payments/understand-your-invoice https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/understand-your-invoice.md
@@ -15,7 +15,6 @@
- commerce - AdminSurgePortfolio-- okr_smb search.appverid: - MET150 description: "Learn how to read and understand your bill or invoice for Microsoft business products."
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/communication-compliance-case-study https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-case-study.md
@@ -153,7 +153,7 @@ Contoso IT administrators review and complete the [step-by-step instructions](tu
Communication compliance requires that the Yammer tenant for an organization is in Native Mode to monitor for offensive language in private messages and public community conversations.
-Contoso IT administrators make sure they review the information in the [Overview of Yammer Native Mode in Microsoft 365 article](https://docs.microsoft.com/yammer/configure-your-yammer-network/overview-native-mode) and follow the steps for running the migration tool in the [Configure your Yammer network for Native Mode for Microsoft 365](/yammer/configure-your-yammer-network/native-mode) article.
+Contoso IT administrators make sure they review the information in the [Overview of Yammer Native Mode in Microsoft 365 article](/yammer/configure-your-yammer-network/overview-native-mode) and follow the steps for running the migration tool in the [Configure your Yammer network for Native Mode for Microsoft 365](/yammer/configure-your-yammer-network/native-mode) article.
### Setting up a group for in-scope users
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager-mcca https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-mcca.md
@@ -16,18 +16,20 @@ search.appverid:
description: "Understand how to use Microsoft Compliance Configuration Analyzer to get up and running quickly with Microsoft Compliance Manager."
-# Microsoft Compliance Configuration Analyzer for Compliance Manager
+# Microsoft Compliance Configuration Analyzer for Compliance Manager (preview)
**In this article:** Learn how to install and run the Microsoft Compliance Configure Analyzer tool to get quickly started with Microsoft Compliance Manger.
-## Microsoft Compliance Configuration Analyzer (MCCA) overview
+## Microsoft Compliance Configuration Analyzer (MCCA) (preview) overview
-The Microsoft Compliance Configuration Analyzer (MCCA) is a tool that can help you get started with [Microsoft Compliance Manager](compliance-manager.md). MCCA is a PowerShell-based utility that will fetch your organizationΓÇÖs current configurations and validate them against Microsoft 365 recommended best practices. These best practices are based on a set of controls that include key regulations and standards for data protection and data governance.
+The Microsoft Compliance Configuration Analyzer (MCCA) is a preview tool that can help you get started with [Microsoft Compliance Manager](compliance-manager.md). MCCA is a PowerShell-based utility that will fetch your organizationΓÇÖs current configurations and validate them against Microsoft 365 recommended best practices. These best practices are based on a set of controls that include key regulations and standards for data protection and data governance.
MCCA can help you quickly see which improvement actions in Compliance Manger apply to your current Microsoft 365 environment. Each action identified by MCCA will give you recommendations for implementation, with direct links to Compliance Manager and the applicable solution to start taking corrective action. An additional resource for understanding MCCA is by visiting the [README instructions on GitHub](https://github.com/OfficeDev/MCCA#overview). This page provides detailed information about prerequisites and gives full installation instructions. You donΓÇÖt need a GitHub account to access this page.
+**Availability**: MCCA is available to all organizations with Office 365 and Microsoft 365 licenses and US Government Community (GCC) Moderate customers, with plans underway to expand service to to GCC High customers.
+ ## Install MCCA and run a report You can install the MCCA tool using Windows PowerShell. Once you download and install the tool, you donΓÇÖt need to repeat those steps in order to run reports. Each time you open MCCA, it will ask you for your login credentials, and it will generate a new, updated report.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers-attributes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/information-barriers-attributes.md
@@ -33,9 +33,9 @@ The attributes listed in this article can be used to define or edit segments of
2. Make sure the user accounts have values filled in for the attribute(s) you selected in Step 1. View user account details, and if necessary, edit user accounts to include attribute values.
- - To edit multiple accounts (or use PowerShell to edit a single account), see [Configure user account properties with Office 365 PowerShell](https://docs.microsoft.com/microsoft-365/enterprise/configure-user-account-properties-with-microsoft-365-powershell).
+ - To edit multiple accounts (or use PowerShell to edit a single account), see [Configure user account properties with Office 365 PowerShell](/microsoft-365/enterprise/configure-user-account-properties-with-microsoft-365-powershell).
- - To edit a single account, see [Add or update a user's profile information using Azure Active Directory](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-users-profile-azure-portal).
+ - To edit a single account, see [Add or update a user's profile information using Azure Active Directory](/azure/active-directory/fundamentals/active-directory-users-profile-azure-portal).
3. [Define segments using PowerShell](information-barriers-policies.md#define-segments-using-powershell), similar to the following examples:
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers-edit-segments-policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/information-barriers-edit-segments-policies.md
@@ -32,7 +32,7 @@ After you have [defined information barrier policies](information-barriers-polic
| [Troubleshooting information barriers](information-barriers-troubleshooting.md) | Refer to this article when you run into unexpected issues with information barriers. | > [!IMPORTANT]
-> To perform the tasks described in this article, you must be assigned an appropriate role, such as one of the following:<br/>- Microsoft 365 Enterprise Global Administrator<br/>- Global Administrator<br/>- Compliance Administrator<br/>- IB Compliance Management (this is a new role!)<br><br>To learn more about prerequisites for information barriers, see [Prerequisites (for information barrier policies)](information-barriers-policies.md#prerequisites).<br><br> Make sure to [connect to the Security & Compliance Center PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-scc-powershell).
+> To perform the tasks described in this article, you must be assigned an appropriate role, such as one of the following:<br/>- Microsoft 365 Enterprise Global Administrator<br/>- Global Administrator<br/>- Compliance Administrator<br/>- IB Compliance Management (this is a new role!)<br><br>To learn more about prerequisites for information barriers, see [Prerequisites (for information barrier policies)](information-barriers-policies.md#prerequisites).<br><br> Make sure to [connect to the Security & Compliance Center PowerShell](/powershell/exchange/connect-to-scc-powershell).
## Edit user account attributes
@@ -48,9 +48,9 @@ Use this procedure to edit attributes that are used for segmenting users. For ex
3. Edit one or more user accounts to include values for the attribute you selected in the previous step. To take this action, use one of the following procedures:
- - To edit a single account, see [Add or update a user's profile information using Azure Active Directory](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-users-profile-azure-portal).
+ - To edit a single account, see [Add or update a user's profile information using Azure Active Directory](/azure/active-directory/fundamentals/active-directory-users-profile-azure-portal).
- - To edit multiple accounts (or use PowerShell to edit a single account), see [Configure user account properties with Office 365 PowerShell](https://docs.microsoft.com/microsoft-365/enterprise/configure-user-account-properties-with-microsoft-365-powershell).
+ - To edit multiple accounts (or use PowerShell to edit a single account), see [Configure user account properties with Office 365 PowerShell](/microsoft-365/enterprise/configure-user-account-properties-with-microsoft-365-powershell).
## Edit a segment
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers-policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/information-barriers-policies.md
@@ -54,20 +54,20 @@ In addition to the [required licenses and permissions](information-barriers.md#r
- Directory data - Make sure that your organization's structure is reflected in directory data. To take this action, make sure that user account attributes, such as group membership, department name, etc. are populated correctly in Azure Active Directory (or Exchange Online). To learn more, see the following resources: - [Attributes for information barrier policies](information-barriers-attributes.md)
- - [Add or update a user's profile information using Azure Active Directory](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-users-profile-azure-portal)
- - [Configure user account properties with Office 365 PowerShell](https://docs.microsoft.com/microsoft-365/enterprise/configure-user-account-properties-with-microsoft-365-powershell)
+ - [Add or update a user's profile information using Azure Active Directory](/azure/active-directory/fundamentals/active-directory-users-profile-azure-portal)
+ - [Configure user account properties with Office 365 PowerShell](/microsoft-365/enterprise/configure-user-account-properties-with-microsoft-365-powershell)
-- Scoped directory search - Before you define your organization's first information barrier policy, you must [enable scoped directory search in Microsoft Teams](https://docs.microsoft.com/MicrosoftTeams/teams-scoped-directory-search). Wait at least 24 hours after enabling scoped directory search before you set up or define information barrier policies.
+- Scoped directory search - Before you define your organization's first information barrier policy, you must [enable scoped directory search in Microsoft Teams](/MicrosoftTeams/teams-scoped-directory-search). Wait at least 24 hours after enabling scoped directory search before you set up or define information barrier policies.
- EXO license - IB policies work only if the target users have been assigned an EXO license. - Audit logging - In order to look up the status of a policy application, audit logging must be turned on. We recommend you enable auditing before you begin to define segments or policies. To learn more, see [Turn the audit log search on or off](turn-audit-log-search-on-or-off.md). -- No address book policies - Before you define and apply information barrier policies, make sure no Exchange address book policies are in place. Information barriers are based on address book policies, but the two kinds of policies are not compatible. If you do have such policies, make sure to [remove your address book policies](https://docs.microsoft.com/exchange/address-books/address-book-policies/remove-an-address-book-policy) first. Once information barrier policies are enabled and you have hierarchical address book enabled, all users ***who are not included*** in an information barrier segment will see the [hierarchical address book](https://docs.microsoft.com/exchange/address-books/hierarchical-address-books/hierarchical-address-books) in Exchange online.
+- No address book policies - Before you define and apply information barrier policies, make sure no Exchange address book policies are in place. Information barriers are based on address book policies, but the two kinds of policies are not compatible. If you do have such policies, make sure to [remove your address book policies](/exchange/address-books/address-book-policies/remove-an-address-book-policy) first. Once information barrier policies are enabled and you have hierarchical address book enabled, all users ***who are not included*** in an information barrier segment will see the [hierarchical address book](/exchange/address-books/hierarchical-address-books/hierarchical-address-books) in Exchange online.
- PowerShell - Currently, information barrier policies are defined and managed in the Office 365 Security & Compliance Center using PowerShell cmdlets. Although several examples are provided in this article, you'll need to be familiar with PowerShell cmdlets and parameters. You will also need the Azure PowerShell module.
- - [Connect to Security & Compliance Center PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-scc-powershell)
- - [Install the Azure PowerShell module](https://docs.microsoft.com/powershell/azure/install-az-ps?view=azps-2.3.2)
+ - [Connect to Security & Compliance Center PowerShell](/powershell/exchange/connect-to-scc-powershell)
+ - [Install the Azure PowerShell module](/powershell/azure/install-az-ps?view=azps-2.3.2)
- Admin consent for information barriers in Microsoft Teams - When your policies are in place, information barriers can remove people from chat sessions they are not supposed to be in. This configuration helps ensure your organization remains compliant with policies and regulations. Use the following procedure to enable information barrier policies to work as expected in Microsoft Teams.
@@ -113,7 +113,7 @@ In addition to your initial list of policies, make a list of segments for your o
Determine which attributes in your organization's directory data you'll use to define segments. You can use *Department*, *MemberOf*, or any of the supported attributes. Make sure that you have values in the attribute you select for users. [See the list of supported attributes for information barriers](information-barriers-attributes.md). > [!IMPORTANT]
-> **Before you proceed to the next section, make sure your directory data has values for attributes that you can use to define segments**. If your directory data does not have values for the attributes you want to use, then the user accounts must be updated to include that information before you proceed with information barriers. To get help with this, see the following resources:<br/>- [Configure user account properties with Office 365 PowerShell](https://docs.microsoft.com/microsoft-365/enterprise/configure-user-account-properties-with-microsoft-365-powershell)<br/>- [Add or update a user's profile information using Azure Active Directory](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-users-profile-azure-portal)
+> **Before you proceed to the next section, make sure your directory data has values for attributes that you can use to define segments**. If your directory data does not have values for the attributes you want to use, then the user accounts must be updated to include that information before you proceed with information barriers. To get help with this, see the following resources:<br/>- [Configure user account properties with Office 365 PowerShell](/microsoft-365/enterprise/configure-user-account-properties-with-microsoft-365-powershell)<br/>- [Add or update a user's profile information using Azure Active Directory](/azure/active-directory/fundamentals/active-directory-users-profile-azure-portal)
### Define segments using PowerShell
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers-troubleshooting https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/information-barriers-troubleshooting.md
@@ -22,7 +22,7 @@
In the event that people run into unexpected issues after information barriers are in place, there are some steps you can take to resolve those issues. Use this article as a guide. > [!IMPORTANT]
-> To perform the tasks described in this article, you must be assigned an appropriate role, such as one of the following:<br/>- Microsoft 365 Enterprise Global Administrator<br/>- global administrator<br/>- Compliance Administrator<br/>- IB Compliance Management (this is a new role!)<p>To learn more about prerequisites for information barriers, see [Prerequisites (for information barrier policies)](information-barriers-policies.md#prerequisites).<p>Make sure to [connect to Security & Compliance Center PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-scc-powershell).
+> To perform the tasks described in this article, you must be assigned an appropriate role, such as one of the following:<br/>- Microsoft 365 Enterprise Global Administrator<br/>- global administrator<br/>- Compliance Administrator<br/>- IB Compliance Management (this is a new role!)<p>To learn more about prerequisites for information barriers, see [Prerequisites (for information barrier policies)](information-barriers-policies.md#prerequisites).<p>Make sure to [connect to Security & Compliance Center PowerShell](/powershell/exchange/connect-to-scc-powershell).
## Issue: Users are unexpectedly blocked from communicating with others in Microsoft Teams
@@ -97,7 +97,7 @@ Verify that the users in question are included in an information barrier policy.
|**Results**|**What to do next**| |:-|:|
- | No segments are listed for the selected user(s) | Do one of the following:<br/>- Assign users to an existing segment by editing their user profiles in Azure Active Directory. (See [Configure user account properties with Office 365 PowerShell](https://docs.microsoft.com/microsoft-365/enterprise/configure-user-account-properties-with-microsoft-365-powershell).)<br/>- Define a segment using a [supported attribute for information barriers](information-barriers-attributes.md). Then, either [define a new policy](information-barriers-policies.md#part-2-define-information-barrier-policies) or [edit an existing policy](information-barriers-edit-segments-policies.md#edit-a-policy) to include that segment. |
+ | No segments are listed for the selected user(s) | Do one of the following:<br/>- Assign users to an existing segment by editing their user profiles in Azure Active Directory. (See [Configure user account properties with Office 365 PowerShell](/microsoft-365/enterprise/configure-user-account-properties-with-microsoft-365-powershell).)<br/>- Define a segment using a [supported attribute for information barriers](information-barriers-attributes.md). Then, either [define a new policy](information-barriers-policies.md#part-2-define-information-barrier-policies) or [edit an existing policy](information-barriers-edit-segments-policies.md#edit-a-policy) to include that segment. |
| Segments are listed but no information barrier policies are assigned to those segments | Do one of the following:<br/>- [Define a new information barrier policy](information-barriers-policies.md#part-2-define-information-barrier-policies) for each segment in question <br/>- [Edit an existing information barrier policy](information-barriers-edit-segments-policies.md#edit-a-policy) to assign it to the correct segment | | Segments are listed and each is included in an information barrier policy | - Run the `Get-InformationBarrierPolicy` cmdlet to verify that information barrier policies are active<br/>- Run the `Get-InformationBarrierPoliciesApplicationStatus` cmdlet to confirm the policies are applied<br/>- Run the `Start-InformationBarrierPoliciesApplication` cmdlet to apply all active information barrier policies |
@@ -118,7 +118,7 @@ Information barrier policies are assigned to segments of users. Segments are def
2. Review the results to see if information barrier policies are assigned, and to which segment(s) the user(s) belong.
-3. To remove a user from a segment affected by information barriers, [update the user's profile information in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-users-profile-azure-portal).
+3. To remove a user from a segment affected by information barriers, [update the user's profile information in Azure Active Directory](/azure/active-directory/fundamentals/active-directory-users-profile-azure-portal).
4. Wait about 30 minutes for FwdSync to occur. Or, run the `Start-InformationBarrierPoliciesApplication` cmdlet to apply all active information barrier policies.
@@ -152,15 +152,15 @@ In this case, you have defined segments, defined information barrier policies, a
### What to do
-Make sure that your organization does not have [Exchange address book policies](https://docs.microsoft.com/exchange/address-books/address-book-policies/address-book-policies) in place. Such policies will prevent information barrier policies from being applied.
+Make sure that your organization does not have [Exchange address book policies](/exchange/address-books/address-book-policies/address-book-policies) in place. Such policies will prevent information barrier policies from being applied.
-1. Connect to [Exchange Online PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-exchange-online-powershell).
+1. Connect to [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell).
-2. Run the [Get-AddressBookPolicy](https://docs.microsoft.com/powershell/module/exchange/get-addressbookpolicy) cmdlet, and review the results.
+2. Run the [Get-AddressBookPolicy](/powershell/module/exchange/get-addressbookpolicy) cmdlet, and review the results.
|**Results**|**Next step**| |:-|:|
- | Exchange address book policies are listed | [Remove address book policies](https://docs.microsoft.com/exchange/address-books/address-book-policies/remove-an-address-book-policy) |
+ | Exchange address book policies are listed | [Remove address book policies](/exchange/address-books/address-book-policies/remove-an-address-book-policy) |
| No address book policies exist |Review your audit logs to find out why policy application is failing | 3. [View status of user accounts, segments, policies, or policy application](information-barriers-policies.md#view-status-of-user-accounts-segments-policies-or-policy-application).
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/information-barriers.md
@@ -42,7 +42,7 @@ To learn more about the user experience with information barriers, see:
- [Information barriers in OneDrive](/onedrive/information-barriers) > [!IMPORTANT]
-> Currently, information barriers do not apply to email communications. In addition, information barriers are independent from [compliance boundaries](set-up-compliance-boundaries.md).<p> Before you define and apply information barrier policies, make sure your organization does not have [Exchange address book policies](https://docs.microsoft.com/exchange/address-books/address-book-policies/address-book-policies) in effect. (Information barriers are based on address book policies.)
+> Currently, information barriers do not apply to email communications. In addition, information barriers are independent from [compliance boundaries](set-up-compliance-boundaries.md).<p> Before you define and apply information barrier policies, make sure your organization does not have [Exchange address book policies](/exchange/address-books/address-book-policies/address-book-policies) in effect. (Information barriers are based on address book policies.)
## What happens with information barriers
@@ -84,7 +84,7 @@ Information barriers are rolling out now, and are included in subscriptions, suc
- Microsoft 365 Compliance E5/A5 - Microsoft 365 Insider Risk Management
-For more information, see [Microsoft 365 licensing guidance for security & compliance](https://docs.microsoft.com/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#information-protection).
+For more information, see [Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#information-protection).
To [define or edit information barrier policies](information-barriers-policies.md), you must be assigned one of the following roles:
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/insider-risk-management-plan https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/insider-risk-management-plan.md
@@ -54,13 +54,13 @@ Depending on how you plan to implement insider risk management policies, you nee
**Licensing:** Insider risk management is available as part of wide selection of Microsoft 365 licensing subscriptions. For details, see the [Getting started with insider risk management](insider-risk-management-configure.md#subscriptions-and-licensing) article.
-If you don't have an existing Microsoft 365 Enterprise E5 plan and want to try insider risk management, you can [add Microsoft 365](https://docs.microsoft.com/office365/admin/try-or-buy-microsoft-365) to your existing subscription or [sign up for a trial](https://www.microsoft.com/microsoft-365/enterprise) of Microsoft 365 Enterprise E5.
+If you don't have an existing Microsoft 365 Enterprise E5 plan and want to try insider risk management, you can [add Microsoft 365](/office365/admin/try-or-buy-microsoft-365) to your existing subscription or [sign up for a trial](https://www.microsoft.com/microsoft-365/enterprise) of Microsoft 365 Enterprise E5.
**Policy template requirements:** Depending on the policy template you choose, there are requirements that you need to understand and plan for prior to configuring insider risk management in your organization: - When using the **Data theft by departing users** template, you must configure a Microsoft 365 HR connector to periodically import resignation and termination date information for users in your organization. See the [Import data with the HR connector](import-hr-data.md) article for step-by-step guidance to configure the Microsoft 365 HR connector for your organization. - When using **Data leaks** templates, you must configure at least one Data Loss Prevention (DLP) policy to define sensitive information in your organization and to receive insider risk alerts for High Severity DLP policy alerts. See the [Create, test, and tune a DLP policy](create-test-tune-dlp-policy.md) article for step-by-step guidance to configure DLP policies for your organization.-- When using **Security policy violation** templates, you must enable Microsoft Defender for Endpoint for insider risk management integration in the Defender Security Center to import security violation alerts. See the [Configure advanced features in Microsoft Defender](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features) article for step-by-step guidance to enable Defender for Endpoint integration with insider risk management.
+- When using **Security policy violation** templates, you must enable Microsoft Defender for Endpoint for insider risk management integration in the Defender Security Center to import security violation alerts. See the [Configure advanced features in Microsoft Defender](/windows/security/threat-protection/microsoft-defender-atp/advanced-features) article for step-by-step guidance to enable Defender for Endpoint integration with insider risk management.
- When using **Disgruntled user** templates, you must configure a Microsoft 365 HR connector to periodically import performance or demotion status information for users in your organization. See the [Import data with the HR connector](import-hr-data.md) article for step-by-step guidance to configure the Microsoft 365 HR connector for your organization. ## Test with a small group of users in a production environment
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/insider-risk-management-policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/insider-risk-management-policies.md
@@ -84,7 +84,7 @@ When using this template, you must also configure a Microsoft 365 HR connector t
In many organizations, users have permissions to install software on their devices or to modify device settings to help with their tasks. Either inadvertently or with malicious intent, users may install malware or disable important security features that help protect information on their device or on your network resources. This policy template uses security alerts from Microsoft Defender for Endpoint to start scoring these activities and focus detection and alerts to this risk area. Use this template to provide insights for security policy violations in scenarios when users may have a history of security policy violations that may be an indicator of insider risk.
-You'll need to have Microsoft Defender for Endpoint configured in your organization and enable Defender for Endpoint for insider risk management integration in the Defender Security Center to import security violation alerts. For more information on configuring Defender for Endpoint for insider risk management integration, see [Configure advanced features in Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features#share-endpoint-alerts-with-microsoft-compliance-center).
+You'll need to have Microsoft Defender for Endpoint configured in your organization and enable Defender for Endpoint for insider risk management integration in the Defender Security Center to import security violation alerts. For more information on configuring Defender for Endpoint for insider risk management integration, see [Configure advanced features in Defender for Endpoint](/windows/security/threat-protection/microsoft-defender-atp/advanced-features#share-endpoint-alerts-with-microsoft-compliance-center).
### Security policy violations by departing users (preview)
@@ -92,13 +92,13 @@ Departing users, whether leaving on positive or negative terms, may be higher ri
When using this template, you must configure a Microsoft 365 HR connector to periodically import resignation and termination date information for users in your organization. See the [Import data with the HR connector](import-hr-data.md) article for step-by-step guidance to configure the Microsoft 365 HR connector for your organization.
-You'll need to have Microsoft Defender for Endpoint configured in your organization and enable Defender for Endpoint for insider risk management integration in the Defender Security Center to import security violation alerts. For more information on configuring Defender for Endpoint for insider risk management integration, see [Configure advanced features in Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features#share-endpoint-alerts-with-microsoft-compliance-center).
+You'll need to have Microsoft Defender for Endpoint configured in your organization and enable Defender for Endpoint for insider risk management integration in the Defender Security Center to import security violation alerts. For more information on configuring Defender for Endpoint for insider risk management integration, see [Configure advanced features in Defender for Endpoint](/windows/security/threat-protection/microsoft-defender-atp/advanced-features#share-endpoint-alerts-with-microsoft-compliance-center).
### Security policy violations by priority users (preview) Protecting against security violations for users in your organization may depend on their position, level of access to sensitive information, or risk history. Because security violations by priority users may have an outsized impact on your organization's critical areas, this policy template starts scoring on these indicators and uses Microsoft Defender for Endpoint alerts to provide insights into security-related activities for these users. These may include the priority users installing malware or other potentially harmful applications and disabling security features on their devices. Priority users are defined in priority user groups configured in the insider risk management settings area.
-You'll need to have Microsoft Defender for Endpoint configured in your organization and enable Defender for Endpoint for insider risk management integration in the Defender Security Center to import security violation alerts. For more information on configuring Defender for Endpoint for insider risk management integration, see [Configure advanced features in Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features#share-endpoint-alerts-with-microsoft-compliance-center). Additionally, you will need to assign priority user groups created in **Insider risk management** > **Settings** > **Priority user groups** to the policy.
+You'll need to have Microsoft Defender for Endpoint configured in your organization and enable Defender for Endpoint for insider risk management integration in the Defender Security Center to import security violation alerts. For more information on configuring Defender for Endpoint for insider risk management integration, see [Configure advanced features in Defender for Endpoint](/windows/security/threat-protection/microsoft-defender-atp/advanced-features#share-endpoint-alerts-with-microsoft-compliance-center). Additionally, you will need to assign priority user groups created in **Insider risk management** > **Settings** > **Priority user groups** to the policy.
### Security policy violations by disgruntled users (preview)
@@ -106,7 +106,7 @@ Users that experience employment stressors may be at a higher risk for inadverte
When using this template, you must also configure a Microsoft 365 HR connector to periodically import performance improvement notifications, poor performance review status, or job level change information for users in your organization. See the [Import data with the HR connector](import-hr-data.md) article for step-by-step guidance to configure the Microsoft 365 HR connector for your organization.
-You'll also need to have Microsoft Defender for Endpoint configured in your organization and enable Defender for Endpoint for insider risk management integration in the Defender Security Center to import security violation alerts. For more information on configuring Defender for Endpoint for insider risk management integration, see [Configure advanced features in Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features#share-endpoint-alerts-with-microsoft-compliance-center).
+You'll also need to have Microsoft Defender for Endpoint configured in your organization and enable Defender for Endpoint for insider risk management integration in the Defender Security Center to import security violation alerts. For more information on configuring Defender for Endpoint for insider risk management integration, see [Configure advanced features in Defender for Endpoint](/windows/security/threat-protection/microsoft-defender-atp/advanced-features#share-endpoint-alerts-with-microsoft-compliance-center).
### Policy template prerequisites and triggering events
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/insider-risk-management-settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/insider-risk-management-settings.md
@@ -55,7 +55,7 @@ Policy indicators are segmented into the following areas. You can choose the ind
- **Office indicators**: These include policy indicators for SharePoint sites, Teams, and email messaging. - **Device indicators**: These include policy indicators for activity such as sharing files over the network or with devices. Indicators include activity involving Microsoft Office files, .CSV files, and .PDF files. If you select **Device indicators**, activity is processed only for devices with Windows 10 Build 1809 or higher. For more information on configuring devices for integration with insider risk, see the following [Enable device indicators and onboard devices](insider-risk-management-settings.md#OnboardDevices) section.-- **Security policy violation indicator**: These include indicators from Microsoft Defender for Endpoint related to unapproved or malicious software installation or bypassing security controls. To receive alerts in insider risk management, you must have an active Defender for Endpoint license and insider risk integration enabled. For more information on configuring Defender for Endpoint for insider risk management integration, see [Configure advanced features in Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features\#share-endpoint-alerts-with-microsoft-compliance-center).
+- **Security policy violation indicator**: These include indicators from Microsoft Defender for Endpoint related to unapproved or malicious software installation or bypassing security controls. To receive alerts in insider risk management, you must have an active Defender for Endpoint license and insider risk integration enabled. For more information on configuring Defender for Endpoint for insider risk management integration, see [Configure advanced features in Microsoft Defender for Endpoint](/windows/security/threat-protection/microsoft-defender-atp/advanced-features\#share-endpoint-alerts-with-microsoft-compliance-center).
- **Risk score boosters**: These include raising the risk score for unusual activities or past policy violations. Enabling risk score boosters increase risk scores and the likelihood of alerts for these types of activities. Risk score boosters can only be selected if one or more indicators are selected. ![Insider risk management indicator settings](../media/insider-risk-settings-indicators.png)
@@ -77,7 +77,7 @@ To enable the monitoring of risk activities on devices and include policy indica
Make sure that the Windows 10 devices that you plan on reporting in insider risk management meet these requirements. 1. Must be running Windows 10 x64 build 1809 or later and must have installed the [Windows 10 update (OS Build 17763.1075)](https://support.microsoft.com/help/4537818/windows-10-update-kb4537818) from February 20, 2020.
-2. All devices must be [Azure Active Directory (AAD) joined](https://docs.microsoft.com/azure/active-directory/devices/concept-azure-ad-join), or Hybrid Azure AD joined.
+2. All devices must be [Azure Active Directory (AAD) joined](/azure/active-directory/devices/concept-azure-ad-join), or Hybrid Azure AD joined.
3. Install Microsoft Chromium Edge browser on the endpoint device to monitor actions for the cloud upload activity. See, [Download the new Microsoft Edge based on Chromium](https://support.microsoft.com/help/4501095/download-the-new-microsoft-edge-based-on-chromium). #### Step 2: Onboarding devices
@@ -87,7 +87,7 @@ You must enable device monitoring and onboard your endpoints before you can moni
When you want to onboard devices that haven't been onboarded yet, you'll download the appropriate script and deploy as outlined in the following steps.
-If you already have devices onboarded into [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/), they will already appear in the managed devices list. Follow [Step 3: If you have devices onboarded into Microsoft Defender for Endpoint](insider-risk-management-settings.md#OnboardStep3) in the next section.
+If you already have devices onboarded into [Microsoft Defender for Endpoint](/windows/security/threat-protection/), they will already appear in the managed devices list. Follow [Step 3: If you have devices onboarded into Microsoft Defender for Endpoint](insider-risk-management-settings.md#OnboardStep3) in the next section.
In this deployment scenario, you'll onboard devices that have not been onboarded yet, and you just want to monitor insider risk activities on Windows 10 devices.
@@ -100,7 +100,7 @@ In this deployment scenario, you'll onboard devices that have not been onboarded
3. Choose **Device management** to open the **Devices** list. The list will be empty until you onboard devices. 4. Choose **Onboarding** to begin the onboarding process. 5. Choose the way you want to deploy to these more devices from the **Deployment method** list and then **download package**.
-6. Follow the appropriate procedures in [Onboarding tools and methods for Windows 10 machines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints). This link takes you to a landing page where you can access Microsoft Defender for Endpoint procedures that match the deployment package you selected in step 5:
+6. Follow the appropriate procedures in [Onboarding tools and methods for Windows 10 machines](/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints). This link takes you to a landing page where you can access Microsoft Defender for Endpoint procedures that match the deployment package you selected in step 5:
- Onboard Windows 10 machines using Group Policy - Onboard Windows machines using Microsoft Endpoint Configuration Manager - Onboard Windows 10 machines using Mobile Device Management tools
@@ -122,7 +122,7 @@ If Microsoft Defender for Endpoint is already deployed and there are endpoints r
3. Choose **Device management** to open the **Devices** list. You should see the list of devices that are already reporting in to Microsoft Defender for Endpoint. 4. Choose **Onboarding** if you need to onboard more devices. 5. Choose the way you want to deploy to these more devices from the **Deployment method** list and then **Download package**.
-6. Follow the appropriate procedures in [Onboarding tools and methods for Windows 10 machines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints). This link takes you to a landing page where you can access Microsoft Defender for Endpoint procedures that match the deployment package you selected in step 5:
+6. Follow the appropriate procedures in [Onboarding tools and methods for Windows 10 machines](/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints). This link takes you to a landing page where you can access Microsoft Defender for Endpoint procedures that match the deployment package you selected in step 5:
- Onboard Windows 10 machines using Group Policy - Onboard Windows machines using Microsoft Endpoint Configuration Manager - Onboard Windows 10 machines using Mobile Device Management tools
@@ -179,7 +179,7 @@ User activities detected by insider risk policies are assigned a specific risk s
### Microsoft Defender for Endpoint (preview)
-[Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection) is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. To have better visibility of security violation in your organization, you can import and filter Defender for Endpoint alerts for activities used in policies created from insider risk management security violation policy templates.
+[Microsoft Defender for Endpoint](/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection) is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. To have better visibility of security violation in your organization, you can import and filter Defender for Endpoint alerts for activities used in policies created from insider risk management security violation policy templates.
Depending on the types of signals you are interested in, you can choose to import alerts to insider risk management based on the Defender for Endpoint alert triage status. You can define one or more of the following alert triage statuses in the global settings to import:
@@ -193,7 +193,7 @@ Alerts from Defender for Endpoint are imported daily. Depending on the triage st
For example, if you select *New*, *In progress*, and *Resolved* for this setting, when a Microsoft Defender for Endpoint alert is generated and the status is *New*, an initial alert activity is imported for the user in insider risk. When the Defender for Endpoint triage status changes to *In progress*, a second activity for this alert is imported for the user in insider risk. When the final Defender for Endpoint triage status of *Resolved* is set, a third activity for this alert is imported for the user in insider risk. This functionality allows investigators to follow the progression of the Defender for Endpoint alerts and choose the level of visibility that their investigation requires. >[!IMPORTANT]
->You'll need to have Microsoft Defender for Endpoint configured in your organization and enable Defender for Endpoint for insider risk management integration in the Defender Security Center to import security violation alerts. For more information on configuring Defender for Endpoint for insider risk management integration, see [Configure advanced features in Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features\#share-endpoint-alerts-with-microsoft-compliance-center).
+>You'll need to have Microsoft Defender for Endpoint configured in your organization and enable Defender for Endpoint for insider risk management integration in the Defender Security Center to import security violation alerts. For more information on configuring Defender for Endpoint for insider risk management integration, see [Configure advanced features in Defender for Endpoint](/windows/security/threat-protection/microsoft-defender-atp/advanced-features\#share-endpoint-alerts-with-microsoft-compliance-center).
### Domains (preview)
@@ -207,7 +207,7 @@ For each of the following domain settings, you can enter up to 500 domains:
## Export alerts (preview)
-Insider risk management alert information is exportable to security information and event management (SIEM) services via the [Office 365 Management Activity API schema](https://docs.microsoft.com/office/office-365-management-api/office-365-management-activity-api-schema#security-and-compliance-alerts-schema). You can use the Office 365 Management Activity APIs to export alert information to other applications your organization may use to manage or aggregate insider risk information.
+Insider risk management alert information is exportable to security information and event management (SIEM) services via the [Office 365 Management Activity API schema](/office/office-365-management-api/office-365-management-activity-api-schema#security-and-compliance-alerts-schema). You can use the Office 365 Management Activity APIs to export alert information to other applications your organization may use to manage or aggregate insider risk information.
To use the APIs to review insider risk alert information:
@@ -235,7 +235,7 @@ The following fields and values are exported for insider risk management alerts
| Status | The status of the alert. Values are *Active* (*Needs Review* in insider risk), *Investigating* (*Confirmed* in insider risk), *Resolved* (*Resolved* in insider risk), *Dismissed* (*Dismissed* in insider risk). | | Version | The version of the security and compliance alert schema. |
-The following fields and values are exported for insider risk management alerts for the [Office 365 Management Activity API common schema](https://docs.microsoft.com/office/office-365-management-api/office-365-management-activity-api-schema#common-schema).
+The following fields and values are exported for insider risk management alerts for the [Office 365 Management Activity API common schema](/office/office-365-management-api/office-365-management-activity-api-schema#common-schema).
- UserId - Id
@@ -344,7 +344,7 @@ Complete the following steps to delete a priority physical asset:
## Power Automate flows (preview)
-[Microsoft Power Automate](https://docs.microsoft.com/power-automate/getting-started) is a workflow service that automates actions across applications and services. By using flows from templates or created manually, you can automate common tasks associated with these applications and services. When you enable Power Automate flows for insider risk management, you can automate important tasks for cases and users. You can configure Power Automate flows to retrieve user, alert, and case information and share this information with stakeholders and other applications, as well as automate actions in insider risk management, such as posting to case notes. Power Automate flows are applicable for cases and any user in scope for a policy.
+[Microsoft Power Automate](/power-automate/getting-started) is a workflow service that automates actions across applications and services. By using flows from templates or created manually, you can automate common tasks associated with these applications and services. When you enable Power Automate flows for insider risk management, you can automate important tasks for cases and users. You can configure Power Automate flows to retrieve user, alert, and case information and share this information with stakeholders and other applications, as well as automate actions in insider risk management, such as posting to case notes. Power Automate flows are applicable for cases and any user in scope for a policy.
Customers with Microsoft 365 subscriptions that include insider risk management do not need additional Power Automate licenses to use the recommended insider risk management Power Automate templates. These templates can be customized to support your organization and cover core insider risk management scenarios. If you choose to use premium Power Automate features in these templates, create a custom template using the Microsoft 365 compliance connector, or use Power Automate templates for other compliance areas in Microsoft 365, you may need more Power Automate licenses.
@@ -388,8 +388,8 @@ Some processes and workflows for your organization may be outside of the recomme
Complete the following steps to create a custom Power Automate template for insider risk management: 1. **Check your Power Automate flow license**: To create customized Power Automate flows that use insider risk management triggers, you'll need a Power Automate license. The recommended insider risk management flow templates do not require extra licensing and are included as part of your insider risk management license.
-2. **Create an automated flow**: Create a flow that performs one or more tasks after it's triggered by an insider risk management event. For details on how to create an automated flow, see [Create a flow in Power Automate](https://docs.microsoft.com/power-automate/get-started-logic-flow).
-3. **Select the Microsoft 365 compliance connector**: Search for and select the Microsoft 365 compliance connector. This connector enables insider risk management triggers and actions. For more information on connectors, see the [Connector reference overview](https://docs.microsoft.com/connectors/connector-reference/) article.
+2. **Create an automated flow**: Create a flow that performs one or more tasks after it's triggered by an insider risk management event. For details on how to create an automated flow, see [Create a flow in Power Automate](/power-automate/get-started-logic-flow).
+3. **Select the Microsoft 365 compliance connector**: Search for and select the Microsoft 365 compliance connector. This connector enables insider risk management triggers and actions. For more information on connectors, see the [Connector reference overview](/connectors/connector-reference/) article.
4. **Choose insider risk management triggers for your flow**: Insider risk management has two triggers available for custom Power Automate flows: - **For a selected insider risk management case**: Flows with this trigger can be selected from the insider risk management Cases dashboard page. - **For a selected insider risk management user**: Flows with this trigger can be selected from the insider risk management Users dashboard page.
@@ -449,7 +449,7 @@ Compliance analysts and investigators can easily use Microsoft Teams for collabo
After Microsoft Teams is enabled for insider risk management, a dedicated Microsoft Teams team is created every time an alert is confirmed and a case is created. By default, the team automatically includes all members of the *Insider Risk Management*, *Insider Risk Management Analysts*, and *Insider Risk Management Investigators* role groups (up to 100 initial users). Additional organization contributors may be added to the team after it is created and as appropriate. For existing cases created before enabling Microsoft Teams, analysts and investigators can choose to create a new Microsoft Teams team when working in a case if needed. Once you resolve the associated case in insider risk management, the team is automatically archived (moved to hidden and read-only).
-For more information on how to use teams and channels in Microsoft Teams, see [Overview of teams and channels in Microsoft Teams](https://docs.microsoft.com/MicrosoftTeams/teams-channels-overview).
+For more information on how to use teams and channels in Microsoft Teams, see [Overview of teams and channels in Microsoft Teams](/MicrosoftTeams/teams-channels-overview).
Enabling Microsoft Teams support for cases is quick and easy to configure. To enable Microsoft Teams for insider risk management, complete the following steps:
@@ -462,7 +462,7 @@ Enabling Microsoft Teams support for cases is quick and easy to configure. To en
If you enable Microsoft Teams support for insider risk management after you have existing cases, you'll need to manually create a team for each case as needed. After enabling Microsoft Teams support in insider risk management settings, new cases will automatically create a new Microsoft Teams team.
-Users need permission to create Microsoft 365 groups in your organization to create a Microsoft Teams team from a case. For more information about managing permissions for Microsoft 365 Groups, see [Manage who can create Microsoft 365 Groups](https://docs.microsoft.com/microsoft-365/solutions/manage-creation-of-groups).
+Users need permission to create Microsoft 365 groups in your organization to create a Microsoft Teams team from a case. For more information about managing permissions for Microsoft 365 Groups, see [Manage who can create Microsoft 365 Groups](/microsoft-365/solutions/manage-creation-of-groups).
To create a team for a case, you'll use the Create Microsoft Team control when working directly in an existing case. Complete the following steps to create a new team:
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/privileged-access-management-configuration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/privileged-access-management-configuration.md
@@ -45,7 +45,7 @@ Users submitting and responding to privileged access management requests must be
>[!IMPORTANT] >Office 365 Advanced Compliance is no longer sold as a standalone subscription. When current subscriptions expire, customers should transition to one of the subscriptions above, which contain the same or additional compliance features.
-If you don't have an existing Office 365 Enterprise E5 plan and want to try privileged access management, you can [add Microsoft 365](https://docs.microsoft.com/office365/admin/try-or-buy-microsoft-365) to your existing Office 365 subscription or [sign up for a trial](https://www.microsoft.com/microsoft-365/enterprise) of Microsoft 365 Enterprise E5.
+If you don't have an existing Office 365 Enterprise E5 plan and want to try privileged access management, you can [add Microsoft 365](/office365/admin/try-or-buy-microsoft-365) to your existing Office 365 subscription or [sign up for a trial](https://www.microsoft.com/microsoft-365/enterprise) of Microsoft 365 Enterprise E5.
## Enable and configure privileged access management
@@ -70,7 +70,7 @@ Follow these steps to set up and use privileged access in your organization:
After approval is granted, the requesting user can execute the intended task and privileged access will authorize and execute the task on behalf of the user. The approval remains valid for the requested duration (default duration is 4 hours), during which the requester can execute the intended task multiple times. All such executions are logged and made available for security and compliance auditing. >[!NOTE]
->If you want to use Exchange Management PowerShell to enable and configure privileged access, follow the steps in [Connect to Exchange Online PowerShell using Multi-Factor authentication](https://docs.microsoft.com/powershell/exchange/connect-to-exchange-online-powershell#connect-to-exchange-online-powershell-using-mfa) to connect to Exchange Online PowerShell with your Office 365 credentials. You do not need to enable multi-factor authentication for your organization to use the steps to enable privileged access while connecting to Exchange Online PowerShell. Connecting with multi-factor authentication creates an OAuth token that is used by privileged access for signing your requests.
+>If you want to use Exchange Management PowerShell to enable and configure privileged access, follow the steps in [Connect to Exchange Online PowerShell using Multi-Factor authentication](/powershell/exchange/connect-to-exchange-online-powershell#connect-to-exchange-online-powershell-using-mfa) to connect to Exchange Online PowerShell with your Office 365 credentials. You do not need to enable multi-factor authentication for your organization to use the steps to enable privileged access while connecting to Exchange Online PowerShell. Connecting with multi-factor authentication creates an OAuth token that is used by privileged access for signing your requests.
<a name="step1"> </a>
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/privileged-access-management-overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/privileged-access-management-overview.md
@@ -30,7 +30,7 @@ For a quick overview of the integrated Customer Lockbox and privileged access ma
## Layers of protection
-Privileged access management complements other data and access feature protections within the Microsoft 365 security architecture. Including privileged access management as part of an integrated and layered approach to security provides a security model that maximizes protection of sensitive information and Microsoft 365 configuration settings. As shown in the diagram, privileged access management builds on the protection provided with native encryption of Microsoft 365 data and the role-based access control security model of Microsoft 365 services. When used with [Azure AD Privileged Identity Management](https://docs.microsoft.com/azure/active-directory/active-directory-privileged-identity-management-configure), these two features provide access control with just-in-time access at different scopes.
+Privileged access management complements other data and access feature protections within the Microsoft 365 security architecture. Including privileged access management as part of an integrated and layered approach to security provides a security model that maximizes protection of sensitive information and Microsoft 365 configuration settings. As shown in the diagram, privileged access management builds on the protection provided with native encryption of Microsoft 365 data and the role-based access control security model of Microsoft 365 services. When used with [Azure AD Privileged Identity Management](/azure/active-directory/active-directory-privileged-identity-management-configure), these two features provide access control with just-in-time access at different scopes.
![Layered protection in Microsoft 365](../media/pam-layered-protection.png)
@@ -88,7 +88,7 @@ No, you need the Exchange Role Management role assigned to accounts that manage
### How is privileged access management related to Customer Lockbox?
-[Customer Lockbox](https://docs.microsoft.com/office365/admin/manage/customer-lockbox-requests) allows a level of access control for organizations when Microsoft accesses data. Privileged access management allows granular access control within an organization for all Microsoft 365 privileged tasks.
+[Customer Lockbox](/office365/admin/manage/customer-lockbox-requests) allows a level of access control for organizations when Microsoft accesses data. Privileged access management allows granular access control within an organization for all Microsoft 365 privileged tasks.
## Ready to get started?
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/relevance-module-retirement https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/relevance-module-retirement.md
@@ -0,0 +1,40 @@
+
+ Title: "Retirement of Relevance module in Advanced eDiscovery"
+f1.keywords:
+- NOCSH
+++
+audience: Admin
++
+localization_priority: Normal
+search.appverid:
+- MET150
+
+description: "The Relevance module in Advanced eDiscovery will be retired on March 10, 2021. This article explains what to do before Relevance is retired. Specifically, finishing any unfinished models by running Batch calculation so that you can retain the metadata from the model."
++
+# Retirement of the Relevance module in Advanced eDiscovery
+
+On March 10, 2021, we are retiring the Relevance module in Advanced eDiscovery. This retirement means that organizations will no longer have access to the Relevance module (by going to **Manage review set** > **Relevance** in an Advanced eDiscovery case) or be able to access any existing Relevance models. The current Relevance module that is being retired will be replaced with a new predictive coding solution in Q2 CY 2021. This new functionality will let organizations build their own predictive coding models in an easier and more intuitive workflow.
+
+To prepare for this upcoming retirement, we recommend that organizations who use the Relevance module export their modelΓÇÖs output before the retirement date by running a Batch calculation for all existing models. All Relevance scores from your model will be permanently stored in the corresponding review set and accessible when documents are exported. Relevance scores are also retained as metadata in the load file. Also, you will still be able to filter content in the review set based on relevance score and have access to all metadata produced by your Relevance models.
+
+## Complete unfinished models
+
+For any unfinished Relevance models, please complete assessment, training, and Batch calculation so that you can apply the model to the documents in a review set. Completing the Batch calculation will preserve the information after the retirement date of the Relevance module.
+
+Here are the steps to complete any unfinished models:
+
+1. Train your model until it is stabilized and ready for Batch calculation. See [Tagging and Relevance training](tagging-and-relevance-training-in-advanced-ediscovery.md).
+
+ The following screenshot shows a module that is ready for a Batch calculation. Notice that the Assessment and Training is complete, and the next step is to run Batch calculation.
+
+ ![Screenshot of model ready for Batch calculation](../media/ReadyForBatchCalculation.png)
+
+2. Run the Batch calculation. See [Performing Batch calculation](track-relevance-analysis-in-advanced-ediscovery.md#performing-batch-calculation).
+
+3. Verify that Batch calculation was successful. See [Batch calculation results](track-relevance-analysis-in-advanced-ediscovery.md#batch-calculation-results).
+
+For help with completing unfinished Relevance models, contact Microsoft Support.
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/sp-compatible-pdf-readers-for-irm https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sp-compatible-pdf-readers-for-irm.md
@@ -34,6 +34,6 @@ To use PDF files in libraries that the owner has protected with IRM, the user wi
|Windows 10 <br/> |Azure Information Protection app <br/> Foxit Reader <br/> NitroPDF <br/> Edge Chromium <br/> |[Download Azure Information Protection app](https://go.microsoft.com/fwlink/?linkid=837797) <br/> [Download Foxit Reader](https://go.microsoft.com/fwlink/?linkid=2139326) <br/> [Download NitroPDF](https://go.microsoft.com/fwlink/?linkid=2139327) <br/> [Download Edge Chromium](https://support.microsoft.com/microsoft-edge/download-the-new-microsoft-edge-based-on-chromium-0f4a3dd7-55df-60f5-739f-00010dba52cf) <br/> | |Android <br/> |Azure Information Protection app <br/> Foxit MobilePDF with RMS <br/> |[Download Azure Information Protection app](https://go.microsoft.com/fwlink/?linkid=836827) <br/> [Purchase Foxit MobilePDF](https://play.google.com/store/apps/details?id=com.foxit.mobile.pdf.lite) <br/> | |Windows Phone <br/> |N/A <br/> |N/A <br/> |
-|macOS <br/> |N/A <br/> |N/A <br/> |
+|macOS <br/> |Edge Chromium <br/> |[Download Edge Chromium](https://support.microsoft.com/microsoft-edge/download-the-new-microsoft-edge-based-on-chromium-0f4a3dd7-55df-60f5-739f-00010dba52cf) <br/> |
|IOS <br/> |Azure Information Protection app <br/> Foxit MobilePDF with RMS <br/> |[Download Azure Information Protection app](https://go.microsoft.com/fwlink/?linkid=836828) <br/> [Purchase Foxit MobilePDF](https://play.google.com/store/apps/details?id=com.foxit.mobile.pdf.lite) <br/> |
compliance https://docs.microsoft.com/en-us/microsoft-365/compliance/use-a-script-to-add-users-to-a-hold-in-ediscovery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/use-a-script-to-add-users-to-a-hold-in-ediscovery.md
@@ -46,17 +46,9 @@ Here are the steps to make this happen:
- The script adds the list of users to a new hold that is associated with an existing case. Be sure the case that you want to associate the hold with is created before you run the script. -- The script in this article supports modern authentication when connecting to Security & Compliance Center PowerShell. You can use the script as-is if you are a Microsoft 365 or a Microsoft 365 GCC organization. If you are an Office 365 Germany organization, a Microsoft 365 GCC High organization, or a Microsoft 365 DoD organization, you will have to edit the script to successfully run it. Specifically, you have to edit the line `Connect-IPPSSession` and use the *ConnectionUri* and *AzureADAuthorizationEndpointUri* parameters (and the appropriate values for your organization type) to connect to Security & Compliance Center PowerShell. For more information, see the examples in [Connect to Security & Compliance Center PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-scc-powershell#connect-to-security--compliance-center-powershell-without-using-mfa).
+- The script in this article supports modern authentication when connecting to Security & Compliance Center PowerShell and SharePoint Online Management Shell. You can use the script as-is if you are a Microsoft 365 or a Microsoft 365 GCC organization. If you are an Office 365 Germany organization, a Microsoft 365 GCC High organization, or a Microsoft 365 DoD organization, you will have to edit the script to successfully run it. Specifically, you have to edit the line `Connect-IPPSSession` and use the *ConnectionUri* and *AzureADAuthorizationEndpointUri* parameters (and the appropriate values for your organization type) to connect to Security & Compliance Center PowerShell. For more information, see the examples in [Connect to Security & Compliance Center PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-scc-powershell#connect-to-security--compliance-center-powershell-without-using-mfa).
-- Each time you run the script, new Security & Compliance PowerShell and SharePoint Online Management Shell sessions are created. So you could use up all the PowerShell sessions available to you. To prevent this from happening, you can run the following commands to disconnect your active PowerShell sessions.-
- ```powershell
- Get-PSSession | Remove-PSSession
- ```
-
- ```powershell
- Disconnect-SPOService
- ```
+- The script automatically disconnects from Security & Compliance Center PowerShell and SharePoint Online Management Shell.
- The script includes minimal error handling. Its primary purpose is to quickly and easily place the mailbox and OneDrive for Business site of each user on hold.
@@ -66,7 +58,7 @@ Here are the steps to make this happen:
The first step is to install the SharePoint Online Management Shell if it's not already installed on your local computer. You don't have to use the shell in this procedure, but you have to install it because it contains pre-requisites required by the script that you run in Step 3. These prerequisites allow the script to communicate with SharePoint Online to get the URLs for the OneDrive for Business sites.
-Go to [Set up the SharePoint Online Management Shell Windows PowerShell environment](https://go.microsoft.com/fwlink/p/?LinkID=286318) and perform Step 1 and Step 2 to install the SharePoint Online Management Shell on your local computer.
+Go to [Set up the SharePoint Online Management Shell Windows PowerShell environment](https://go.microsoft.com/fwlink/p/?LinkID=286318) and perform Step 1 and Step 2 to install the SharePoint Online Management Shell on your local computer.
## Step 2: Generate a list of users
@@ -110,177 +102,169 @@ After you've collected the information that the script will prompt you for, the
1. Save the following text to a Windows PowerShell script file by using a filename suffix of `.ps1`. For example, `AddUsersToHold.ps1`.
- ```powershell
- #script begin
- " "
- write-host "***********************************************"
- write-host " Security & Compliance Center " -foregroundColor yellow -backgroundcolor darkgreen
- write-host " eDiscovery cases - Add users to a hold " -foregroundColor yellow -backgroundcolor darkgreen
- write-host "***********************************************"
- " "
- # Connect to SCC PowerShell using modern authentication
- if (!$SccSession)
- {
- Import-Module ExchangeOnlineManagement
- Connect-IPPSSession
- }
- # Get user credentials to connect to SPO Management Shell
- $credentials = Get-Credential -Message "Type your credentials again to connect to SharePoint Online Management Shell"
- # Load the SharePoint assemblies from the SharePoint Online Management Shell
- # To install, go to https://go.microsoft.com/fwlink/p/?LinkId=255251
- if (!$SharePointClient -or !$SPRuntime -or !$SPUserProfile)
- {
- $SharePointClient = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client")
- $SPRuntime = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.Runtime")
- $SPUserProfile = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.UserProfiles")
- if (!$SharePointClient)
- {
- Write-Error "The SharePoint Online Management Shell isn't installed. Please install it from: https://go.microsoft.com/fwlink/p/?LinkId=255251 and then re-run this script."
- return;
- }
- }
- if (!$spCreds)
- {
- $spCreds = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($credentials.UserName, $credentials.Password)
- }
- # Get the user's MySite domain name. We use this to create the admin URL and root URL for OneDrive for Business
- ""
- $mySiteDomain = Read-Host "Enter the name of your organization's MySite domain. For example, 'contoso' for 'https://contoso-my.sharepoint.com'"
- ""
- # Get other required information
- do{
- $casename = Read-Host "Enter the name of the case"
- $caseexists = (get-compliancecase -identity "$casename" -erroraction SilentlyContinue).isvalid
- if($caseexists -ne 'True')
- {""
- write-host "A case named '$casename' doesn't exist. Please specify the name of an existing case, or create a new case and then re-run the script." -foregroundColor Yellow
- ""}
- }While($caseexists -ne 'True')
- ""
- do{
- $holdName = Read-Host "Enter the name of the new hold"
- $holdexists=(get-caseholdpolicy -identity "$holdname" -case "$casename" -erroraction SilentlyContinue).isvalid
- if($holdexists -eq 'True')
- {""
- write-host "A hold named '$holdname' already exists. Please specify a new hold name." -foregroundColor Yellow
- ""}
- }While($holdexists -eq 'True')
- ""
- $holdQuery = Read-Host "Enter a search query to create a query-based hold, or press Enter to hold all content"
- ""
- $holdstatus = read-host "Do you want the hold enabled after it's created? (Yes/No)"
- do{
- ""
- $inputfile = read-host "Enter the name of the text file that contains the email addresses of the users to add to the hold"
- ""
- $fileexists = test-path -path $inputfile
- if($fileexists -ne 'True'){write-host "$inputfile doesn't exist. Please enter a valid file name." -foregroundcolor Yellow}
- }while($fileexists -ne 'True')
- #Import the list of addresses from the txt file. Trim any excess spaces and make sure all addresses
- #in the list are unique.
- [array]$emailAddresses = Get-Content $inputfile -ErrorAction SilentlyContinue | where {$_.trim() -ne ""} | foreach{ $_.Trim() }
- [int]$dupl = $emailAddresses.count
- [array]$emailAddresses = $emailAddresses | select-object -unique
- $dupl -= $emailAddresses.count
- #Validate email addresses so the hold creation does not run in to an error.
- if($emailaddresses.count -gt 0){
- write-host ($emailAddresses).count "addresses were found in the text file. There were $dupl duplicate entries in the file." -foregroundColor Yellow
- ""
- Write-host "Validating the email addresses. Please wait..." -foregroundColor Yellow
- ""
- $finallist =@()
- foreach($emailAddress in $emailAddresses)
- {
- if((get-recipient $emailaddress -erroraction SilentlyContinue).isvalid -eq 'True')
- {$finallist += $emailaddress}
- else {"Unable to find the user $emailaddress"
- [array]$excludedlist += $emailaddress}
- }
- ""
- #find user's OneDrive Site URL using email address
- Write-Host "Getting the URL for each user's OneDrive for Business site." -foregroundColor Yellow
- ""
- $AdminUrl = "https://$mySiteDomain-admin.sharepoint.com"
- $mySiteUrlRoot = "https://$mySiteDomain-my.sharepoint.com"
- # Add the path of the User Profile Service to the SPO admin URL, then create a new webservice proxy to access it
- $proxyaddr = "$AdminUrl/_vti_bin/UserProfileService.asmx?wsdl"
- $UserProfileService= New-WebServiceProxy -Uri $proxyaddr -UseDefaultCredential False
- $UserProfileService.Credentials = $credentials
- # Take care of auth cookies
- $strAuthCookie = $spCreds.GetAuthenticationCookie($AdminUrl)
- $uri = New-Object System.Uri($AdminUrl)
- $container = New-Object System.Net.CookieContainer
- $container.SetCookies($uri, $strAuthCookie)
- $UserProfileService.CookieContainer = $container
- $urls = @()
- foreach($emailAddress in $emailAddresses)
- {
- try{
- $prop = $UserProfileService.GetUserProfileByName("i:0#.f|membership|$emailAddress") | Where-Object { $_.Name -eq "PersonalSpace" }
- $url = $prop.values[0].value
- if($url -ne $null){
- $furl = $mySiteUrlRoot + $url
- $urls += $furl
- Write-Host "- $emailAddress => $furl"
- [array]$ODadded += $furl}
- else{
- Write-Warning "Couldn't locate OneDrive for $emailAddress"
- [array]$ODExluded += $emailAddress
- }}
- catch {
- Write-Warning "Could not locate OneDrive for $emailAddress"
- [array]$ODExluded += $emailAddress
- Continue }
- }
- if(($finallist.count -gt 0) -or ($urls.count -gt 0)){
- ""
- Write-Host "Creating the hold named $holdname. Please wait..." -foregroundColor Yellow
- if(($holdstatus -eq "Y") -or ($holdstatus -eq "y") -or ($holdstatus -eq "yes") -or ($holdstatus -eq "YES")){
- New-CaseHoldPolicy -Name "$holdName" -Case "$casename" -ExchangeLocation $finallist -SharePointLocation $urls -Enabled $True | out-null
- New-CaseHoldRule -Name "$holdName" -Policy "$holdname" -ContentMatchQuery $holdQuery | out-null
- }
- else{
- New-CaseHoldPolicy -Name "$holdName" -Case "$casename" -ExchangeLocation $finallist -SharePointLocation $urls -Enabled $false | out-null
- New-CaseHoldRule -Name "$holdName" -Policy "$holdname" -ContentMatchQuery $holdQuery -disabled $true | out-null
- }
- ""
- }
- else {"No valid locations were identified. Therefore, the hold wasn't created."}
- #write log files (if needed)
- $newhold=Get-CaseHoldPolicy -Identity "$holdname" -Case "$casename" -erroraction SilentlyContinue
- $newholdrule=Get-CaseHoldRule -Identity "$holdName" -erroraction SilentlyContinue
- if(($ODAdded.count -gt 0) -or ($ODExluded.count -gt 0) -or ($finallist.count -gt 0) -or ($excludedlist.count -gt 0) -or ($newhold.isvalid -eq 'True') -or ($newholdrule.isvalid -eq 'True'))
- {
- Write-Host "Generating output files..." -foregroundColor Yellow
- if($ODAdded.count -gt 0){
- "OneDrive Locations" | add-content .\LocationsOnHold.txt
- "==================" | add-content .\LocationsOnHold.txt
- $newhold.SharePointLocation.name | add-content .\LocationsOnHold.txt}
- if($ODExluded.count -gt 0){
- "Users without OneDrive locations" | add-content .\LocationsNotOnHold.txt
- "================================" | add-content .\LocationsNotOnHold.txt
- $ODExluded | add-content .\LocationsNotOnHold.txt}
- if($finallist.count -gt 0){
- " " | add-content .\LocationsOnHold.txt
- "Exchange Locations" | add-content .\LocationsOnHold.txt
- "==================" | add-content .\LocationsOnHold.txt
- $newhold.ExchangeLocation.name | add-content .\LocationsOnHold.txt}
- if($excludedlist.count -gt 0){
- " "| add-content .\LocationsNotOnHold.txt
- "Mailboxes not added to the hold" | add-content .\LocationsNotOnHold.txt
- "===============================" | add-content .\LocationsNotOnHold.txt
- $excludedlist | add-content .\LocationsNotOnHold.txt}
- $FormatEnumerationLimit=-1
- if($newhold.isvalid -eq 'True'){$newhold|fl >.\GetCaseHoldPolicy.txt}
- if($newholdrule.isvalid -eq 'True'){$newholdrule|Fl >.\GetCaseHoldRule.txt}
- }
- }
- else {"The hold wasn't created because no valid entries were found in the text file."}
- ""
- Write-host "Script complete!" -foregroundColor Yellow
- ""
- #script end
- ```
+```powershell
+#script begin
+" "
+write-host "***********************************************"
+write-host " Security & Compliance Center PowerShell " -foregroundColor yellow -backgroundcolor darkgreen
+write-host " Core eDiscovery cases - Add users to a hold " -foregroundColor yellow -backgroundcolor darkgreen
+write-host "***********************************************"
+" "
+# Connect to SCC PowerShell using modern authentication
+if (!$SccSession)
+{
+ Import-Module ExchangeOnlineManagement
+ Connect-IPPSSession
+}
+
+# Get the organization's domain name. We use this to create the SharePoint admin URL and root URL for OneDrive for Business.
+""
+$mySiteDomain = Read-Host "Enter the domain name for your SharePoint organization. We use this name to connect to SharePoint admin center and for the OneDrive URLs in your organization. For example, 'contoso' in 'https://contoso-admin.sharepoint.com' and 'https://contoso-my.sharepoint.com'"
+""
+
+# Connect to PnP Online using modern authentication
+Import-Module PnP.PowerShell
+Connect-PnPOnline -Url https://$mySiteDomain-admin.sharepoint.com -UseWebLogin
+
+# Load the SharePoint assemblies from the SharePoint Online Management Shell
+# To install, go to https://go.microsoft.com/fwlink/p/?LinkId=255251
+if (!$SharePointClient -or !$SPRuntime -or !$SPUserProfile)
+{
+ $SharePointClient = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client")
+ $SPRuntime = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.Runtime")
+ $SPUserProfile = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.UserProfiles")
+ if (!$SharePointClient)
+ {
+ Write-Error "The SharePoint Online Management Shell isn't installed. Please install it from: https://go.microsoft.com/fwlink/p/?LinkId=255251 and then re-run this script."
+ return;
+ }
+}
+
+# Get other required information
+do{
+$casename = Read-Host "Enter the name of the case"
+$caseexists = (get-compliancecase -identity "$casename" -erroraction SilentlyContinue).isvalid
+if($caseexists -ne 'True')
+{""
+write-host "A case named '$casename' doesn't exist. Please specify the name of an existing case, or create a new case and then re-run the script." -foregroundColor Yellow
+""}
+}While($caseexists -ne 'True')
+""
+do{
+$holdName = Read-Host "Enter the name of the new hold"
+$holdexists=(get-caseholdpolicy -identity "$holdname" -case "$casename" -erroraction SilentlyContinue).isvalid
+if($holdexists -eq 'True')
+{""
+write-host "A hold named '$holdname' already exists. Please specify a new hold name." -foregroundColor Yellow
+""}
+}While($holdexists -eq 'True')
+""
+$holdQuery = Read-Host "Enter a search query to create a query-based hold, or press Enter to hold all content"
+""
+$holdstatus = read-host "Do you want the hold enabled after it's created? (Yes/No)"
+do{
+""
+$inputfile = read-host "Enter the name of the text file that contains the email addresses of the users to add to the hold"
+""
+$fileexists = test-path -path $inputfile
+if($fileexists -ne 'True'){write-host "$inputfile doesn't exist. Please enter a valid file name." -foregroundcolor Yellow}
+}while($fileexists -ne 'True')
+#Import the list of addresses from the txt file. Trim any excess spaces and make sure all addresses
+ #in the list are unique.
+ [array]$emailAddresses = Get-Content $inputfile -ErrorAction SilentlyContinue | where {$_.trim() -ne ""} | foreach{ $_.Trim() }
+ [int]$dupl = $emailAddresses.count
+ [array]$emailAddresses = $emailAddresses | select-object -unique
+ $dupl -= $emailAddresses.count
+#Validate email addresses so the hold creation does not run in to an error.
+if($emailaddresses.count -gt 0){
+write-host ($emailAddresses).count "addresses were found in the text file. There were $dupl duplicate entries in the file." -foregroundColor Yellow
+""
+Write-host "Validating the email addresses. Please wait..." -foregroundColor Yellow
+""
+$finallist =@()
+foreach($emailAddress in $emailAddresses)
+{
+if((get-recipient $emailaddress -erroraction SilentlyContinue).isvalid -eq 'True')
+{$finallist += $emailaddress}
+else {"Unable to find the user $emailaddress"
+[array]$excludedlist += $emailaddress}
+}
+""
+#Find user's OneDrive account URL using email address
+Write-Host "Getting the URL for each user's OneDrive for Business site." -foregroundColor Yellow
+""
+$AdminUrl = "https://$mySiteDomain-admin.sharepoint.com"
+$mySiteUrlRoot = "https://$mySiteDomain-my.sharepoint.com"
+$urls = @()
+foreach($emailAddress in $emailAddresses)
+{
+try
+{
+$url=Get-PnPUserProfileProperty -Account $emailAddress | Select PersonalUrl
+$urls += $url.PersonalUrl
+ Write-Host "- $emailAddress => $url"
+ [array]$ODadded += $url.PersonalUrl
+ }catch {
+ Write-Warning "Could not locate OneDrive for $emailAddress"
+ [array]$ODExluded += $emailAddress
+ Continue }
+}
+$urls | FL
+if(($finallist.count -gt 0) -or ($urls.count -gt 0)){
+""
+Write-Host "Creating the hold named $holdname. Please wait..." -foregroundColor Yellow
+if(($holdstatus -eq "Y") -or ($holdstatus -eq "y") -or ($holdstatus -eq "yes") -or ($holdstatus -eq "YES")){
+New-CaseHoldPolicy -Name "$holdName" -Case "$casename" -ExchangeLocation $finallist -SharePointLocation $urls -Enabled $True | out-null
+New-CaseHoldRule -Name "$holdName" -Policy "$holdname" -ContentMatchQuery $holdQuery | out-null
+}
+else{
+New-CaseHoldPolicy -Name "$holdName" -Case "$casename" -ExchangeLocation $finallist -SharePointLocation $urls -Enabled $false | out-null
+New-CaseHoldRule -Name "$holdName" -Policy "$holdname" -ContentMatchQuery $holdQuery -disabled $true | out-null
+}
+""
+}
+else {"No valid locations were identified. Therefore, the hold wasn't created."}
+#write log files (if needed)
+$newhold=Get-CaseHoldPolicy -Identity "$holdname" -Case "$casename" -erroraction SilentlyContinue
+$newholdrule=Get-CaseHoldRule -Identity "$holdName" -erroraction SilentlyContinue
+if(($ODAdded.count -gt 0) -or ($ODExluded.count -gt 0) -or ($finallist.count -gt 0) -or ($excludedlist.count -gt 0) -or ($newhold.isvalid -eq 'True') -or ($newholdrule.isvalid -eq 'True'))
+{
+Write-Host "Generating output files..." -foregroundColor Yellow
+if($ODAdded.count -gt 0){
+"OneDrive Locations" | add-content .\LocationsOnHold.txt
+"==================" | add-content .\LocationsOnHold.txt
+$newhold.SharePointLocation.name | add-content .\LocationsOnHold.txt}
+if($ODExluded.count -gt 0){
+"Users without OneDrive locations" | add-content .\LocationsNotOnHold.txt
+"================================" | add-content .\LocationsNotOnHold.txt
+$ODExluded | add-content .\LocationsNotOnHold.txt}
+if($finallist.count -gt 0){
+" " | add-content .\LocationsOnHold.txt
+"Exchange Locations" | add-content .\LocationsOnHold.txt
+"==================" | add-content .\LocationsOnHold.txt
+$newhold.ExchangeLocation.name | add-content .\LocationsOnHold.txt}
+if($excludedlist.count -gt 0){
+" "| add-content .\LocationsNotOnHold.txt
+"Mailboxes not added to the hold" | add-content .\LocationsNotOnHold.txt
+"===============================" | add-content .\LocationsNotOnHold.txt
+$excludedlist | add-content .\LocationsNotOnHold.txt}
+$FormatEnumerationLimit=-1
+if($newhold.isvalid -eq 'True'){$newhold|fl >.\GetCaseHoldPolicy.txt}
+if($newholdrule.isvalid -eq 'True'){$newholdrule|Fl >.\GetCaseHoldRule.txt}
+}
+}
+else {"The hold wasn't created because no valid entries were found in the text file."}
+""
+#Disconnect from SCC PowerShell and PnPOnline
+
+Write-host "Disconnecting from SCC PowerShell and PnP Online" -foregroundColor Yellow
+Get-PSSession | Remove-PSSession
+Disconnect-PnPOnline
+
+Write-host "Script complete!" -foregroundColor Yellow
+""
+#script end
+```
2. On your local computer, open Windows PowerShell and go to the folder where you saved the script.
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/modern-desktop-deployment-and-management-lab https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/modern-desktop-deployment-and-management-lab.md
@@ -94,7 +94,7 @@ Detailed lab guides take you through multiple deployment and management scenario
[Download the Windows and Office Deployment Lab Kit](https://www.microsoft.com/evalcenter/evaluate-lab-kit).
-* The installed baseline version 2002 can be updated to Version 2010 using and in-console update. Please use a broad bandwidth Internet connection to download this content and allow 30-45 minutes for automatic provisioning. The lab environment requires a minimum of 16 GB of available memory and 150 GB of free disk space. For optimal performance, 32 GB of available memory and 300 GB of free space is recommended. The kit expires February 7, 2021. A new version will be published prior to expiration.
+* The installed baseline version 2002 can be updated to Version 2010 using and in-console update. Please use a broad bandwidth Internet connection to download this content and allow 30-45 minutes for automatic provisioning. The lab environment requires a minimum of 16 GB of available memory and 150 GB of free disk space. For optimal performance, 32 GB of available memory and 300 GB of free space is recommended. The kit expires February 11, 2021. A new version will be published prior to expiration.
## Additional guidance
enterprise https://docs.microsoft.com/en-us/microsoft-365/enterprise/privileged-access-microsoft-365-enterprise-dev-test-environment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/privileged-access-microsoft-365-enterprise-dev-test-environment.md
@@ -62,7 +62,7 @@ In this phase, verify that the privileged access policy is working and that user
### Test the ability to execute a task NOT defined in a privileged access policy
-First, connect to Exchange Management PowerShell with the credentials of a user configured as a Global Administrator in your test environment and attempt to create a new Journal rule. The [New-JournalRule](https://docs.microsoft.com/powershell/module/exchange/new-journalrule) task is not currently defined in a privileged access policy for your organization.
+First, connect to Exchange Management PowerShell with the credentials of a user configured as a Global Administrator in your test environment and attempt to create a new Journal rule. The [New-JournalRule](/powershell/module/exchange/new-journalrule) task is not currently defined in a privileged access policy for your organization.
1. On your local computer, open and sign in to the Exchange Online Remote PowerShell Module at **Microsoft Corporation** > **Microsoft Exchange Online Remote PowerShell Module** using the Global Admin account for your test environment.
@@ -175,4 +175,4 @@ Explore additional [information protection](m365-enterprise-test-lab-guides.md#i
[Microsoft 365 for enterprise overview](microsoft-365-overview.md)
-[Microsoft 365 for enterprise documentation](https://docs.microsoft.com/microsoft-365-enterprise/)
+[Microsoft 365 for enterprise documentation](/microsoft-365-enterprise/)
managed-desktop https://docs.microsoft.com/en-us/microsoft-365/managed-desktop/get-ready/readiness-assessment-fix https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/get-ready/readiness-assessment-fix.md
@@ -277,13 +277,13 @@ A number of licenses are required to use Microsoft Managed Desktop.
You don't have all the licenses you need to use Microsoft Managed Desktop. For more information, see [Microsoft Managed Desktop technologies](../intro/technologies.md) and [More about licenses](prerequisites.md#more-about-licenses).
-### Security account names
+### Microsoft Managed Desktop service accounts
-Certain security account names could conflict with ones created by Microsoft Managed Desktop.
+Certain account names could conflict with account names created by Microsoft Managed Desktop to manage the Microsoft Managed Desktop service.
**Not ready**
-You have at least one account name that will conflict with ones created by Microsoft Managed Desktop. Work with your Microsoft account representative to exclude these account names.
+You have at least one account name that will conflict with account names created by Microsoft Managed Desktop. Work with your Microsoft account representative to exclude these account names. We don't list the account names publicly to minimize security risk.
### Security administrator roles
managed-desktop https://docs.microsoft.com/en-us/microsoft-365/managed-desktop/get-ready/readiness-assessment-tool https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/get-ready/readiness-assessment-tool.md
@@ -23,7 +23,7 @@ For details about using the downloadable readiness assessment checker, see [Down
The online tool checks settings in Microsoft Endpoint Manager (specifically, Microsoft Intune), Azure Active Directory (Azure AD), and Microsoft 365 to ensure they will work with Microsoft Managed Desktop. Microsoft Managed Desktop retains the data associated with these checks for 12 months after the last time you run a check in your Azure AD organization (tenant). After 12 months, we retain it in de-identified form. You can choose to delete the data we collect.
-Anyone with at least the Intune Administrator role will be able to run this tool, but two of the checks ([Conditional access policies](readiness-assessment-fix.md#conditional-access-policies) and [Multifactor authentication](readiness-assessment-fix.md#multifactor-authentication) require additional permissions.
+Anyone with at least the Global Reader or Intune Administrator role will be able to run this tool, but two of the checks ([Conditional access policies](readiness-assessment-fix.md#conditional-access-policies) and [Multifactor authentication](readiness-assessment-fix.md#multifactor-authentication) require additional permissions.
The assessment tool checks these items:
solutions https://docs.microsoft.com/en-us/microsoft-365/solutions/manage-creation-of-groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/manage-creation-of-groups.md
@@ -34,7 +34,7 @@ If your business requires that you restrict who can create groups, you can do so
- Power BI (classic) - Project for the web / Roadmap
-You can restrict Microsoft 365 Group creation to the members of a particular security group. To configure this, you use Windows PowerShell. This article walks you through the needed steps.
+You can restrict Microsoft 365 Group creation to the members of a particular Microsoft 365 group or security group. To configure this, you use Windows PowerShell. This article walks you through the needed steps.
The steps in this article won't prevent members of certain roles from creating Groups. Office 365 Global admins can create Groups via any means, such as the Microsoft 365 admin center, Planner, Teams, Exchange, and SharePoint Online. Other roles can create Groups via limited means, listed below.
@@ -53,7 +53,7 @@ If you're a member of one of these roles, you can create Microsoft 365 Groups fo
To manage who creates groups, the following people need Azure AD Premium licenses or Azure AD Basic EDU licenses assigned to them: - The admin who configures these group creation settings-- The members of the security group who are allowed to create groups
+- The members of the group who are allowed to create groups
> [!NOTE] > See [Assign or remove licenses in the Azure Active Directory portal](https://docs.microsoft.com/azure/active-directory/fundamentals/license-users-groups) for more details about how to assign Azure licenses.
@@ -62,22 +62,19 @@ The following people don't need Azure AD Premium or Azure AD Basic EDU licenses
- People who are members of Microsoft 365 groups and who don't have the ability to create other groups.
-## Step 1: Create a security group for users who need to create Microsoft 365 groups
+## Step 1: Create a group for users who need to create Microsoft 365 groups
-Only one security group in your organization can be used to control who is able to create Groups. But, you can nest other security groups as members of this group.
+Only one group in your organization can be used to control who is able to create Groups. But, you can nest other groups as members of this group.
Admins in the roles listed above do not need to be members of this group: they retain their ability to create groups.
-> [!IMPORTANT]
-> Be sure to use a **security group** to restrict who can create groups. Using a Microsoft 365 group is not supported.
- 1. In the admin center, go to the [Groups page](https://admin.microsoft.com/adminportal/home#/groups). 2. Click on **Add a Group**.
-3. Choose **Security** as the group type. Remember the name of the group! You'll need it later.
+3. Choose the group type you want. Remember the name of the group! You'll need it later.
-4. Finish setting up the security group, adding people or other security groups who you want to be able to create groups in your org.
+4. Finish setting up the group, adding people or other groups who you want to be able to create groups in your org.
For detailed instructions, see [Create, edit, or delete a security group in the Microsoft 365 admin center](https://docs.microsoft.com/microsoft-365/admin/email/create-edit-or-delete-a-security-group).
@@ -93,7 +90,7 @@ You must use the preview version of [Azure Active Directory PowerShell for Graph
Copy the script below into a text editor, such as Notepad, or the [Windows PowerShell ISE](https://docs.microsoft.com/powershell/scripting/components/ise/introducing-the-windows-powershell-ise).
-Replace *\<SecurityGroupName\>* with the name of the security group that you created. For example:
+Replace *\<GroupName\>* with the name of the group that you created. For example:
`$GroupName = "Group Creators"`
@@ -108,7 +105,7 @@ Run the script by typing:
and [sign in with your administrator account](https://docs.microsoft.com/microsoft-365/enterprise/connect-to-microsoft-365-powershell#step-2-connect-to-azure-ad-for-your-microsoft-365-subscription) when prompted. ```PowerShell
-$GroupName = "<SecurityGroupName>"
+$GroupName = "<GroupName>"
$AllowGroupCreation = $False Connect-AzureAD
@@ -141,7 +138,7 @@ The last line of the script will display the updated settings:
![This is what your settings will look like when you're done.](../media/952cd982-5139-4080-9add-24bafca0830c.png)
-If in the future you want to change which security group is used, you can rerun the script with the name of the new security group.
+If in the future you want to change which group is used, you can rerun the script with the name of the new group.
If you want to turn off the group creation restriction and again allow all users to create groups, set $GroupName to "" and $AllowGroupCreation to "True" and rerun the script.
@@ -149,7 +146,7 @@ If you want to turn off the group creation restriction and again allow all users
Changes can take thirty minutes or more to take effect. You can verify the new settings by doing the following:
-1. Sign in to Microsoft 365 with a user account of someone who should NOT have the ability to create groups. That is, they are not a member of the security group you created or an administrator.
+1. Sign in to Microsoft 365 with a user account of someone who should NOT have the ability to create groups. That is, they are not a member of the group you created or an administrator.
2. Select the **Planner** tile.
@@ -157,10 +154,10 @@ Changes can take thirty minutes or more to take effect. You can verify the new s
4. You should get a message that plan and group creation is disabled.
-Try the same procedure again with a member of the security group.
+Try the same procedure again with a member of the group.
> [!NOTE]
-> If members of the security group aren't able to create groups, check that they aren't being blocked through their [OWA mailbox policy](https://go.microsoft.com/fwlink/?linkid=852135).
+> If members of the group aren't able to create groups, check that they aren't being blocked through their [OWA mailbox policy](https://go.microsoft.com/fwlink/?linkid=852135).
## Related topics