+## Week of January 29, 2024

+| Published On |Topic title | Change |

+|||--|

+| 2/2/2024 | [Microsoft Copilot for Microsoft 365 requirements](/microsoft-365-copilot/microsoft-365-copilot-requirements) | modified |

+ Title: Other endpoints not included in the Microsoft 365 IP Address and URL Web service

+- must-keep

+# Other endpoints not included in the Microsoft 365 IP Address and URL Web service

+Some network endpoints were previously published and haven't been included in the [Microsoft 365 IP Address and URL Web Service](microsoft-365-ip-web-service.md). The web service publishes network endpoints that are required for Microsoft 365 connectivity across an enterprise perimeter network. This scope currently doesn't include:

+|2|**[Microsoft Support and Recovery Assistant for Office 365](https://diagnostics.office.com/#/)**|`https://autodiscover.outlook.com` <br> `https://officecdn.microsoft.com` <br> `https://api.diagnostics.office.com` <br> `https://apibasic.diagnostics.office.com` <br> `https://autodiscover-s.outlook.com` <br> `https://cloudcheckenabler.azurewebsites.net` <br> `https://login.live.com` <br> `https://login.microsoftonline.com` <br> `https://login.windows.net` <br> `https://o365diagtelemetry.trafficmanager.net` <br> `https://odc.officeapps.live.com` <br> `https://offcatedge.azureedge.net` <br> `https://officeapps.live.com` <br> `https://outlook.office365.com` <br> `https://outlookdiagnostics.azureedge.net` <br> `https://sara.api.support.microsoft.com` |Outbound server traffic|

+|6|**Mailbox Migration**<p>When mailbox migration is initiated from on-premises [Exchange Hybrid](/exchange/exchange-deployment-assistant) to Microsoft 365, Microsoft 365 connects to your published Exchange Web Services (EWS)/Mailbox Replication Services (MRS) server. If you need to allow inbound connections only from specific source IP ranges, create a permit rule for the IP addresses listed in the **Exchange Online** table in [Microsoft 365 URL & IP ranges](urls-and-ip-address-ranges.md). <p> To ensure that connectivity to published EWS endpoints (like OWA) is not blocked, make sure the MRS proxy resolves to a separate FQDN and public IP address before you restrict connections.|Customer on-premises EWS/MRS Proxy <br> TCP port 443|Inbound server traffic|

+|21|**Microsoft Stream** (needs the Microsoft Entra user token). <br> Microsoft 365 Worldwide (including GCC)|\*.cloudapp.net <br> \*.api.microsoftstream.com <br> \*.notification.api.microsoftstream.com <br> amp.azure.net <br> api.microsoftstream.com <br> az416426.vo.msecnd.net <br> s0.assets-yammer.com <br> vortex.data.microsoft.com <br> web.microsoftstream.com <br> TCP port 443|Inbound server traffic|

+[Managing Microsoft 365 endpoints](managing-office-365-endpoints.md)

+- must-keep

+To automate getting the latest list of endpoints for your Microsoft 365 cloud, see the [Microsoft 365 IP Address and URL Web service](microsoft-365-ip-web-service.md).

+[Microsoft 365 IP Address and URL Web service](microsoft-365-ip-web-service.md)

+ Title: "Microsoft 365 IP Address and URL web service"

+- must-keep

+description: Learn how to use the Microsoft 365 IP Address and URL web service to help you better identify and differentiate Microsoft 365 network traffic.

+# Microsoft 365 IP Address and URL web service

+The Microsoft 365 IP Address and URL web service helps you better identify and differentiate Microsoft 365 network traffic, making it easier for you to evaluate, configure, and stay up to date with changes. This REST-based web service replaces the previous XML downloadable files, which were phased out on October 2, 2018.

+As a customer or a network perimeter device vendor, you can build against the web service for Microsoft 365 IP address and FQDN entries. You can access the data directly in a web browser using these URLs:

+- For the latest version of the Microsoft 365 URLs and IP address ranges, use [https://endpoints.office.com/version](https://endpoints.office.com/version?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7).

+- For the data on the Microsoft 365 URLs and IP address ranges page for firewalls and proxy servers, use [https://endpoints.office.com/endpoints/worldwide](https://endpoints.office.com/endpoints/worldwide?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7).

+- Update your PowerShell scripts to obtain Microsoft 365 endpoint data and modify any formatting for your networking devices.

+> If you are using Azure ExpressRoute to connect to Microsoft 365, please review [Azure ExpressRoute for Microsoft 365](azure-expressroute.md) to familiarize yourself with the Microsoft 365 services supported over Azure ExpressRoute. Also review the article [Microsoft 365 URLs and IP address ranges](urls-and-ip-address-ranges.md) to understand which network requests for Microsoft 365 applications require Internet connectivity. This will help to better configure your perimeter security devices.

+- **ClientRequestId=\<guid\>** ΓÇöA required GUID that you generate for client association. Generate a unique GUID for each machine that calls the web service (the scripts included on this page generate a GUID for you). Don't use the GUIDs shown in the following examples because they might be blocked by the web service in the future. GUID format is _xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_, where x represents a hexadecimal number.

+Microsoft updates the Microsoft 365 IP address and FQDN entries at the beginning of each month. Out-of-band updates are sometimes published due to support incidents, security updates or other operational requirements.

+The data for each published instance is assigned a version number, and the version web method enables you to check for the latest version of each Microsoft 365 service instance. We recommend that you check the version not more than once an hour.

+The version web method isn't rate limited and doesn't ever return 429 HTTP Response Codes. The response to the version web method does include a cache-control header recommending caching of the data for 1 hour. The result from the version web method can be a single record or an array of records. The elements of each record are:

+- instanceΓÇöThe short name of the Microsoft 365 service instance.

+This URI returns the latest version of each Microsoft 365 service instance. Example result:

+This URI returns the latest version of the specified Microsoft 365 service instance. Example result:

+This URI shows all prior versions that have been published for the Microsoft 365 worldwide service instance. Example result:

+The endpoints web method returns all records for IP address ranges and URLs that make up the Microsoft 365 service. The latest data from the endpoints web method should always be used for network device configuration. Microsoft provides advance notice 30 days prior to publishing new additions to give you time to update access control lists and proxy server bypass lists. We recommend that you only call the endpoints web method again when the version web method indicates that a new version of the data is available.

+- **ServiceAreas=\<Common \| Exchange \| SharePoint \| Skype\>** ΓÇöA comma-separated list of service areas. Valid items are _Common_, _Exchange_, _SharePoint_, and _Skype_. Because _Common_ service area items are a prerequisite for all other service areas, the web service always includes them. If you don't include this parameter, all service areas are returned.

+- **TenantName=\<tenant_name\>** ΓÇöYour Microsoft 365 tenant name. The web service takes your provided name and inserts it in parts of URLs that include the tenant name. If you don't provide a tenant name, those parts of URLs have the wildcard character (\*).

+- categoryΓÇöThe connectivity category for the endpoint set. Valid values are _Optimize_, _Allow_, and _Default_. If you search the endpoints web method output for the category of a specific IP address or URL, it's possible that your query will return multiple categories. In such a case, follow the recommendation for the highest priority category. For example, if the endpoint appears in both _Optimize_ and _Allow_, you should follow the requirements for _Optimize_. Required.

+- required ΓÇö _True_ if this endpoint set is required to have connectivity for Microsoft 365 to be supported. _False_ if this endpoint set is optional.

+- notesΓÇöFor optional endpoints, this text describes Microsoft 365 functionality that would be unavailable if IP addresses or URLs in this endpoint set can't be accessed at the network layer. Omitted if blank.

+This URI obtains all endpoints for the Microsoft 365 worldwide instance for all workloads. Example result that shows an excerpt of the output:

+This example obtains endpoints for the Microsoft 365 Worldwide instance for Exchange Online and dependencies only.

+The output, for example, 2 is similar to example 1 except that the results wouldn't include endpoints for SharePoint or Skype for Business Online.

+The most critical changes to endpoints data are new URLs and IP addresses. Failure to add an IP address to a firewall access control list or a URL to a proxy server bypass list can cause an outage for Microsoft 365 users behind that network device. Notwithstanding operational requirements, new endpoints are published to the web service 30 days in advance of the date the endpoints are provisioned for use to give you time to update access control lists and proxy server bypass lists.

+ ΓÇö AddedIp ΓÇô An IP address was added to Microsoft 365 and will be live on the service soon. This represents a change you need to take on a firewall or other layer 3 network perimeter device. If you don't add this before we start using it, you may experience an outage.

+ ΓÇö AddedUrl ΓÇô A URL was added to Microsoft 365 and will be live on the service soon. This represents a change you need to take on a proxy server or URL parsing network perimeter device. If you don't add this URL before we start using it, you may experience an outage.

+ ΓÇö RemovedIpOrUrl ΓÇô At least one IP address or URL was removed from Microsoft 365. Remove the network endpoints from your perimeter devices, but there's no deadline for you to do this.

+ ΓÇö RemovedDuplicateIpOrUrl ΓÇô We removed a duplicate IP address or Url but it's still published for Microsoft 365. Generally no action is required.

+- previousΓÇöA substructure detailing previous values of changed elements on the endpoint set. This won't be included for newly added endpoint sets. Includes _ExpressRoute_, _serviceArea_, _category_, _required_, _tcpPorts_, _udpPorts_, and _notes_.

+This requests all previous changes to the Microsoft 365 worldwide service instance. Example result:

+This requests changes since the specified version to the Microsoft 365 Worldwide instance. In this case, the version specified is the latest. Example result:

+- Checks the version number of the current Microsoft 365 Worldwide instance endpoints by calling the web service REST API.

+The script generates a unique _ClientRequestId_ for the computer it's executed on, and reuses this ID across multiple calls. This ID is stored in the _O365_endpoints_latestversion.txt_ file.

+This script calls the REST API of the Microsoft 365 IP and URL Web Service (Worldwide instance)

+ Write-Host "New version of Microsoft 365 worldwide commercial service instance endpoints detected"

+ Write-Output "Microsoft 365 IP and UL Web Service data" | Out-File $datapath

+ Write-Host "Microsoft 365 worldwide commercial service instance endpoints are up-to-date."

+Here's a Python script, tested with Python 3.6.3 on Windows 10, that you can run to see if there are actions you need to take for updated data. This script checks the version number for the Microsoft 365 Worldwide instance endpoints. When there's a change, it downloads the endpoints and filters for the _Allow_ and _Optimize_ category endpoints. It also uses a unique ClientRequestId across multiple calls and saves the latest version found in a temporary file. Call this script once an hour to check for a version update.

+ print('New version of Microsoft 365 worldwide commercial service instance endpoints detected')

+ print('Microsoft 365 worldwide commercial service instance endpoints are up-to-date')

+Updates to the parameters or results for these web service methods may be required in the future. After the general availability version of these web services is published, Microsoft will make reasonable efforts to provide advance notice of material updates to the web service. When Microsoft believes that an update will require changes to clients using the web service, Microsoft will keep the previous version (one version back) of the web service available for at least 12 months after the release of the new version. Customers who don't upgrade during that time may be unable to access the web service and its methods. Customers must ensure that clients of the web service continue working without error if the following changes are made to the web service interface signature:

+- Adding a new web method with a new name that isn't called by the older clients.

+- To use a Power Automate solution, see [Use Power Automate to receive an email for changes to Microsoft 365 IP Addresses and URLs](https://techcommunity.microsoft.com/t5/Office-365-Networking/Use-Microsoft-Flow-to-receive-an-email-for-changes-to-Office-365/m-p/240651).

+[Get-PacFile](https://www.powershellgallery.com/packages/Get-PacFile) is a PowerShell script that reads the latest network endpoints from the Microsoft 365 IP Address and URL web service and creates a sample PAC file. For information on using Get-PacFile, see [Use a PAC file for direct routing of vital Microsoft 365 traffic](managing-office-365-endpoints.md#use-a-pac-file-for-direct-routing-of-vital-microsoft-365-traffic).

+[Microsoft 365 URLs and IP address ranges](https://support.office.com/article/8548a211-3fe7-47cb-abb1-355ea5aa88a2)

+[Managing Microsoft 365 endpoints](managing-office-365-endpoints.md)

+[Microsoft 365 Network Connectivity Principles](microsoft-365-network-connectivity-principles.md)

+[Microsoft 365 network and performance tuning](network-planning-and-performance.md)

+[Assessing Microsoft 365 network connectivity](assessing-network-connectivity.md)

+[Microsoft 365 performance tuning using baselines and performance history](performance-tuning-using-baselines-and-history.md)

+[Performance troubleshooting plan for Microsoft 365](performance-troubleshooting-plan.md)

+ Title: Microsoft 365 US Government DOD endpoints

+description: Microsoft 365 requires connectivity to the Internet. The endpoints below should be reachable for customers using Microsoft 365 U.S. Government DoD plans only.

+# Microsoft 365 U.S. Government DoD endpoints

+*Applies To: Microsoft 365 Admin*

+Microsoft 365 requires connectivity to the Internet. The endpoints below should be reachable for customers using Microsoft 365 U.S. Government DoD plans only.

+**Microsoft 365 endpoints:** [Worldwide (including GCC)](urls-and-ip-address-ranges.md) \| [Microsoft 365 operated by 21 Vianet](urls-and-ip-address-ranges-21vianet.md) \| *Microsoft 365 U.S. Government DoD* \| [Microsoft 365 U.S. Government GCC High](microsoft-365-u-s-government-gcc-high-endpoints.md)

+Start with [Managing Microsoft 365 endpoints](managing-office-365-endpoints.md) to understand our recommendations for managing network connectivity using this data. Endpoints data is updated as needed at the beginning of each month with new IP Addresses and URLs published 30 days in advance of being active. This lets customers who don't yet have automated updates to complete their processes before new connectivity is required. Endpoints may also be updated during the month if needed to address support escalations, security incidents, or other immediate operational requirements. The data shown on this page below is all generated from the REST-based web services. If you're using a script or a network device to access this data, you should go to the [Web service](microsoft-365-ip-web-service.md) directly.

+Endpoint data below lists requirements for connectivity from a user's machine to Microsoft 365. It doesn't include network connections from Microsoft into a customer network, sometimes called hybrid or inbound network connections. For more information, see [Additional endpoints not included in the web service](additional-office365-ip-addresses-and-urls.md).

+- **ER**: This is **Yes** if the endpoint set is supported over Azure ExpressRoute with Microsoft 365 route prefixes. The BGP community that includes the route prefixes shown aligns with the service area listed. When ER is **No**, this means that ExpressRoute isn't supported for this endpoint set. However, it shouldn't be assumed that no routes are advertised for an endpoint set where ER is **No**. If you plan to use Microsoft Entra Connect, read the [special considerations section](/azure/active-directory/hybrid/reference-connect-instances#microsoft-azure-government) to ensure you have the appropriate Microsoft Entra Connect configuration.

+- The Security and Compliance Center (SCC) provides support for Azure ExpressRoute for Microsoft 365. The same applies for many features exposed through the SCC such as Reporting, Auditing, eDiscovery (Premium), Unified DLP, and Data Governance. Two specific features, PST Import and eDiscovery Export, currently don't support Azure ExpressRoute with only Microsoft 365 route filters due to their dependency on Azure Blob Storage. To consume those features, you need separate connectivity to Azure Blob Storage using any supportable Azure connectivity options, which include Internet connectivity or Azure ExpressRoute with Azure Public route filters. You have to evaluate establishing such connectivity for both of those features. The Microsoft 365 Information Protection team is aware of this limitation and is actively working to bring support for Azure ExpressRoute for Microsoft 365 as limited to Microsoft 365 route filters for both of those features.

+ Title: "Microsoft 365 U.S. Government GCC High endpoints"

+description: "In this article, you find endpoints reachable for customers using Microsoft 365 U.S. Government GCC High plans."

+# Microsoft 365 U.S. Government GCC High endpoints

+*Applies To: Microsoft 365 Admin*

+Microsoft 365 requires connectivity to the Internet. The endpoints below should be reachable for customers using Microsoft 365 U.S. Government GCC High plans only.

+ **Microsoft 365 endpoints:** [Worldwide (including GCC)](urls-and-ip-address-ranges.md) \| [Microsoft 365 operated by 21 Vianet](urls-and-ip-address-ranges-21vianet.md) \| [Microsoft 365 U.S. Government DoD](microsoft-365-u-s-government-dod-endpoints.md) \| *Microsoft 365 U.S. Government GCC High*

+ Start with [Managing Microsoft 365 endpoints](managing-office-365-endpoints.md) to understand our recommendations for managing network connectivity using this data. Endpoints data is updated as needed at the beginning of each month with new IP Addresses and URLs published 30 days in advance of being active. This lets customers who don't yet have automated updates to complete their processes before new connectivity is required. Endpoints may also be updated during the month if needed to address support escalations, security incidents, or other immediate operational requirements. The data shown on this page below is all generated from the REST-based web services. If you're using a script or a network device to access this data, you should go to the [Web service](microsoft-365-ip-web-service.md) directly.

+Endpoint data below lists requirements for connectivity from a userΓÇÖs machine to Microsoft 365. It doesn't include network connections from Microsoft into a customer network, sometimes called hybrid or inbound network connections.

+- **ER**: This is **Yes** if the endpoint set is supported over Azure ExpressRoute with Microsoft 365 route prefixes. The BGP community that includes the route prefixes shown aligns with the service area listed. When ER is **No**, this means that ExpressRoute isn't supported for this endpoint set. However, it shouldn't be assumed that no routes are advertised for an endpoint set where ER is **No**. If you plan to use Microsoft Entra Connect, read the [special considerations section](/azure/active-directory/hybrid/reference-connect-instances#microsoft-azure-government) to ensure you have the appropriate Microsoft Entra Connect configuration.

+- The Security and Compliance Center (SCC) provides support for Azure ExpressRoute for Microsoft 365. The same applies for many features exposed through the SCC such as Reporting, Auditing, eDiscovery (Premium), Unified DLP, and Data Governance. Two specific features, PST Import and eDiscovery Export, currently don't support Azure ExpressRoute with only Microsoft 365 route filters due to their dependency on Azure Blob Storage. To consume those features, you need separate connectivity to Azure Blob Storage using any supportable Azure connectivity options, which include Internet connectivity or Azure ExpressRoute with Azure Public route filters. You have to evaluate establishing such connectivity for both of those features. The Microsoft 365 Information Protection team is aware of this limitation and is actively working to bring support for Azure ExpressRoute for Microsoft 365 as limited to Microsoft 365 route filters for both of those features.

+ Title: "URLs and IP address ranges for Microsoft 365 operated by 21Vianet"

+description: This article lists the URLs and IP address ranges for Microsoft 365 when operated by 21Vianet in China.

+# URLs and IP address ranges for Microsoft 365 operated by 21Vianet

+*Applies To: Microsoft 365 operated by 21Vianet - Small Business Admin, Microsoft 365 operated by 21Vianet - Admin*

+**Summary**: The following endpoints (FQDNs, ports, URLs, IPv4, and IPv6 prefixes) apply to Microsoft 365 operated by 21 Vianet and are designed to deliver productivity services to organizations using only these plans.

+**Microsoft 365 endpoints:** [Worldwide (including GCC)](urls-and-ip-address-ranges.md) | *Microsoft 365 operated by 21 Vianet* | [Microsoft 365 U.S. Government DoD](microsoft-365-u-s-government-dod-endpoints.md) | [Microsoft 365 U.S. Government GCC High](microsoft-365-u-s-government-gcc-high-endpoints.md) |

+Start with [Managing Microsoft 365 endpoints](managing-office-365-endpoints.md) to understand our recommendations for managing network connectivity using this data. Endpoints data is updated as needed at the beginning of each month with new IP Addresses and URLs published 30 days in advance of being active. This allows for customers who don't yet have automated updates to complete their processes before new connectivity is required. Endpoints may also be updated during the month if needed to address support escalations, security incidents, or other immediate operational requirements. The data shown on this page below is all generated from the REST-based web services. If you're using a script or a network device to access this data, you should go to the [Web service](microsoft-365-ip-web-service.md) directly.

+Endpoint data below lists requirements for connectivity from a userΓÇÖs machine to Microsoft 365. It doesn't include network connections from Microsoft into a customer network, sometimes called hybrid or inbound network connections.

+- **ER**: This is **Yes** if the endpoint set is supported over Azure ExpressRoute with Microsoft 365 route prefixes. The BGP community that includes the route prefixes shown aligns with the service area listed. When ER is **No**, this means that ExpressRoute isn't supported for this endpoint set. However, it shouldn't be assumed that no routes are advertised for an endpoint set where ER is **No**.

+ Title: "Microsoft 365 URLs and IP address ranges"

+- must-keep

+description: "Summary: Microsoft 365 requires connectivity to the Internet. The endpoints below should be reachable for customers using Microsoft 365 plans, including Government Community Cloud (GCC)."

+# Microsoft 365 URLs and IP address ranges

+Microsoft 365 requires connectivity to the Internet. The endpoints below should be reachable for customers using Microsoft 365 plans, including Government Community Cloud (GCC).

+*Microsoft 365 Worldwide (+GCC)* \| [Microsoft 365 operated by 21 Vianet](urls-and-ip-address-ranges-21vianet.md) \| [Microsoft 365 U.S. Government DoD](microsoft-365-u-s-government-dod-endpoints.md) \| [Microsoft 365 U.S. Government GCC High](microsoft-365-u-s-government-gcc-high-endpoints.md) \|

+Start with [Managing Microsoft 365 endpoints](managing-office-365-endpoints.md) to understand our recommendations for managing network connectivity using this data. Endpoints data is updated as needed at the beginning of each month with new IP Addresses and URLs published 30 days in advance of being active. This cadence allows for customers who don't yet have automated updates to complete their processes before new connectivity is required. Endpoints may also be updated during the month if needed to address support escalations, security incidents, or other immediate operational requirements. The data shown on this page below is all generated from the REST-based web services. If you're using a script or a network device to access this data, you should go to the [Web service](microsoft-365-ip-web-service.md) directly.

+Endpoint data below lists requirements for connectivity from a user's machine to Microsoft 365. For detail on IP addresses used for network connections from Microsoft into a customer network, sometimes called hybrid or inbound network connections, see [Additional endpoints](additional-office365-ip-addresses-and-urls.md) for more information.

+ You can read about these categories and guidance for their management in [New Microsoft 365 endpoint categories](microsoft-365-network-connectivity-principles.md#new-office-365-endpoint-categories).

+- **ER**: This is **Yes** if the endpoint set is supported over Azure ExpressRoute with Microsoft 365 route prefixes. The BGP community that includes the route prefixes shown aligns with the service area listed. When ER is **No**, this means that ExpressRoute is not supported for this endpoint set.

+[Additional endpoints not included in the Microsoft 365 IP Address and URL Web service](additional-office365-ip-addresses-and-urls.md)

+[Managing Microsoft 365 endpoints](managing-office-365-endpoints.md)

+## Week of January 29, 2024

+| Published On |Topic title | Change |

+|||--|

+| 1/29/2024 | [GDPR simplified: A guide for your small business](/microsoft-365/admin/security-and-compliance/gdpr-compliance?view=o365-worldwide) | modified |

+| 1/29/2024 | [Accept an email invitation to a Microsoft 365 for business subscription organization using an Outlook, Yahoo, Gmail or other account (User)](/microsoft-365/admin/simplified-signup/user-invite-msa-nodomain-join?view=o365-worldwide) | modified |

+| 1/29/2024 | [SharePoint Cross-tenant SharePoint migration Step 5 (preview)](/microsoft-365/enterprise/cross-tenant-sharepoint-migration-step5?view=o365-worldwide) | modified |

+| 1/29/2024 | [SharePoint site Cross-tenant SharePoint migration Step 6 (preview)](/microsoft-365/enterprise/cross-tenant-sharepoint-migration-step6?view=o365-worldwide) | modified |

+| 1/29/2024 | [Mailbox utilization service alerts](/microsoft-365/enterprise/microsoft-365-mailbox-utilization-service-alerts?view=o365-worldwide) | modified |

+| 1/29/2024 | [Microsoft Azure Architectures for SharePoint 2013](/microsoft-365/enterprise/microsoft-azure-architectures-for-sharepoint-2013?view=o365-worldwide) | modified |

+| 1/29/2024 | [Deploy Microsoft Defender for Endpoint on Linux with SaltStack](/microsoft-365/security/defender-endpoint/linux-install-with-saltack?view=o365-worldwide) | modified |

+| 1/29/2024 | [Collect support logs in Microsoft Defender for Endpoint using live response](/microsoft-365/security/defender-endpoint/troubleshoot-collect-support-log?view=o365-worldwide) | modified |

+| 1/29/2024 | [Microsoft Defender Antivirus event IDs and error codes](/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus?view=o365-worldwide) | modified |

+| 1/29/2024 | [Step 2. Configure Microsoft Outlook](/microsoft-365/solutions/apps-config-step-2?view=o365-worldwide) | modified |

+| 1/29/2024 | [Key Compliance and Security Considerations for the Energy Industry](/microsoft-365/solutions/energy-secure-collaboration?view=o365-worldwide) | modified |

+| 1/29/2024 | [To identity and beyondΓÇöOne architect's viewpoint](/microsoft-365/solutions/identity-design-principles?view=o365-worldwide) | modified |

+| 1/29/2024 | [Communicating with Microsoft Defender Experts](/microsoft-365/security/defender/communicate-defender-experts-xdr?view=o365-worldwide) | added |

+| 1/29/2024 | [How to use the Microsoft Defender Experts for XDR service](/microsoft-365/security/defender/start-using-mdex-xdr?view=o365-worldwide) | modified |

+| 1/29/2024 | [How to schedule an update of the Microsoft Defender for Endpoint (Linux)](/microsoft-365/security/defender-endpoint/linux-update-mde-linux?view=o365-worldwide) | modified |

+| 1/29/2024 | [What's new in Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-whatsnew?view=o365-worldwide) | modified |

+| 1/30/2024 | [Protect macOS security settings with tamper protection](/microsoft-365/security/defender-endpoint/tamperprotection-macos?view=o365-worldwide) | modified |

+| 1/30/2024 | [Get started with Microsoft Defender Experts for XDR](/microsoft-365/security/defender/get-started-xdr?view=o365-worldwide) | modified |

+| 1/30/2024 | [View Microsoft 365 account license and service details with PowerShell](/microsoft-365/enterprise/view-account-license-and-service-details-with-microsoft-365-powershell?view=o365-worldwide) | modified |

+| 1/30/2024 | [Microsoft 365 OneDrive usage reports](/microsoft-365/admin/activity-reports/onedrive-for-business-usage-ww?view=o365-worldwide) | modified |

+| 1/30/2024 | [Microsoft 365 network provider assessments.](/microsoft-365/enterprise/office-365-network-mac-perf-nppdata?view=o365-worldwide) | modified |

+| 1/30/2024 | [Network provider connectivity attribution in the Microsoft 365 Admin Center](/microsoft-365/enterprise/office-365-network-mac-perf-nppux?view=o365-worldwide) | modified |

+| 1/30/2024 | [Network connectivity in the Microsoft 365 Admin Center](/microsoft-365/enterprise/office-365-network-mac-perf-overview?view=o365-worldwide) | modified |

+| 1/30/2024 | [Configuration analyzer for security policies](/microsoft-365/security/office-365-security/configuration-analyzer-for-security-policies?view=o365-worldwide) | modified |

+| 1/31/2024 | [Network provider details in the Microsoft 365 Admin Center (PREVIEW)](/microsoft-365/enterprise/office-365-network-mac-perf-nppdetails?view=o365-worldwide) | added |

+| 1/31/2024 | [Security advisories](/microsoft-365/security/defender-vulnerability-management/tvm-weaknesses-security-advisories?view=o365-worldwide) | added |

+| 1/31/2024 | [Vulnerability methods and properties](/microsoft-365/security/defender-endpoint/api/vulnerability?view=o365-worldwide) | modified |

+| 1/31/2024 | [Use basic permissions to access the portal](/microsoft-365/security/defender-endpoint/basic-permissions?view=o365-worldwide) | modified |

+| 1/31/2024 | [Vulnerabilities in my organization](/microsoft-365/security/defender-vulnerability-management/tvm-weaknesses?view=o365-worldwide) | modified |

+| 1/31/2024 | [Automatic attack disruption in Microsoft Defender XDR](/microsoft-365/security/defender/automatic-attack-disruption?view=o365-worldwide) | modified |

+| 1/31/2024 | [Microsoft 365 for frontline workers - scenario posters](/microsoft-365/frontline/flw-scenario-posters?view=o365-worldwide) | modified |

+| 1/31/2024 | [Threat protection report in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/threat-protection-reports?view=o365-worldwide) | modified |

+| 2/1/2024 | [Deploy and manage device control in Microsoft Defender for Endpoint with Group Policy](/microsoft-365/security/defender-endpoint/device-control-deploy-manage-gpo?view=o365-worldwide) | added |

+| 2/1/2024 | [Deploy and manage device control in Microsoft Defender for Endpoint with Microsoft Intune](/microsoft-365/security/defender-endpoint/device-control-deploy-manage-intune?view=o365-worldwide) | added |

+| 2/1/2024 | [Microsoft Defender for Endpoint Device Control frequently asked questions](/microsoft-365/security/defender-endpoint/device-control-faq?view=o365-worldwide) | renamed |

+| 2/1/2024 | [Device control in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/device-control-overview?view=o365-worldwide) | added |

+| 2/1/2024 | [Device control policies in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/device-control-policies?view=o365-worldwide) | added |

+| 2/1/2024 | [Device control walkthroughs](/microsoft-365/security/defender-endpoint/device-control-walkthroughs?view=o365-worldwide) | added |

+| 2/1/2024 | Deploy and manage using group policy | removed |

+| 2/1/2024 | Deploy and manage printer protection using Intune | removed |

+| 2/1/2024 | Deploy and manage Removable Storage Access Control using group policy | removed |

+| 2/1/2024 | Deploy and manage Removable Storage Access Control using Intune | removed |

+| 2/1/2024 | Microsoft Defender for Endpoint Device Control Removable Storage Access Control, removable storage media | removed |

+| 2/1/2024 | Microsoft Defender for Endpoint Device Control Removable Storage Protection | removed |

+| 2/1/2024 | [View device control events and information in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/device-control-report?view=o365-worldwide) | modified |

+| 2/1/2024 | Microsoft Defender for Endpoint Device Control Device Installation | removed |

+| 2/1/2024 | Printer Protection frequently asked questions | removed |

+| 2/1/2024 | Printer Protection Overview | removed |

+| 2/1/2024 | Microsoft Defender for Endpoint Device Control Printer Protection | removed |

+| 2/1/2024 | [How Microsoft identifies malware and potentially unwanted applications](/microsoft-365/security/intelligence/criteria?view=o365-worldwide) | modified |

+| 2/2/2024 | [Synchronize users in multitenant organizations in Microsoft 365 (Preview)](/microsoft-365/enterprise/sync-users-multi-tenant-orgs?view=o365-worldwide) | modified |

+| 2/2/2024 | [View licensed and unlicensed Microsoft 365 users with PowerShell](/microsoft-365/enterprise/view-licensed-and-unlicensed-users-with-microsoft-365-powershell?view=o365-worldwide) | modified |

+| 2/2/2024 | [View Microsoft 365 licenses and services with PowerShell](/microsoft-365/enterprise/view-licenses-and-services-with-microsoft-365-powershell?view=o365-worldwide) | modified |

+| 2/2/2024 | [Attack surface reduction rules reference](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide) | modified |

+| 2/2/2024 | [Microsoft Defender XDR # < 60 chars](/microsoft-365/security/defender/index?view=o365-worldwide) | modified |

+- Windows 11 IoT Enterprise

+- Windows 10 IoT Enterprise (including LTSC)

+ - essentials-manage

+- The data connector for Microsoft Defender XDR (formerly named Microsoft 365 Defender) enabled in Microsoft Sentinel for incidents and alerts

+When using a custom environment, model creators must be assigned the Environment Maker security role. Model users must have permission to use (not edit) the model file in SharePoint libraries. For more information, see [Assign a security role to a user](/power-platform/admin/assign-security-roles). Custom security roles can be created to specifically grant access to the AI Builder tables as the Environment Maker role so those users can create models. You don't need to assign users this role if you're using the default Power Platform environment.