+### Watch: Choose a Microsoft 365 subscription

+### Need help with choosing a plan?

+Deciding on a plan can depend on your specific business needs. The Microsoft 365 plan chooser is designed to help you with this. The chooser will make recommendations based on your answers to questions such as the size of your business, your field of work, the devices you use, and what kind of features, IT support, and security you're looking for. See [Help me find the right plan for my business](https://go.microsoft.com/fwlink/p/?linkid=2224417).

+Sales consultants are available to answer your questions. Go to [Compare all products](https://products.office.com/compare-all-microsoft-office-products?tab=2) and choose one of the contact support options listed at the left side of the page.

+### Need help with choosing a plan?

+Deciding on a plan can depend on your specific business needs. The Microsoft 365 plan chooser is designed to help you with this. The chooser will make recommendations based on your answers to questions such as the size of your business, your field of work, the devices you use, and what kind of features, IT support, and security you're looking for. See [Help me find the right plan for my business](https://go.microsoft.com/fwlink/p/?linkid=2224417).

+You can also [compare plans](https://www.microsoft.com/microsoft-365/business#coreui-heading-hiatrep) yourself.

+## Watch: NPS feedback and insights

+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RWWSNo]

+- **x_mioms_m365_assis.insights_user**ΓÇöThis role is required to view the **Recommended Solutions & Articles** and **Microsoft Service Health** features in your ServiceNow instance.

+- **x_mioms_m365_assis.administrator**ΓÇöThis role is required to escalate your ServiceNow incidents to Microsoft support using your linked Microsoft 365 Admin account. Continue to the following section to link your admin account in the app's settings.

+### Link Microsoft 365 Admin account

+Continue with these instructions if you are looking to escalate your ServiceNow incidents to Microsoft support from your ServiceNow instance via the app.

+If any users are provisioned with the role **x_mioms_m365_assis.administrator** and are using different Microsoft 365 accounts to manage a Microsoft 365 support case, they must set up their Microsoft 365 admin email account by navigating to **Microsoft 365 support** > **Link Account**.

+ Title: "Automatic ServiceNow Incident Creation"

+f1.keywords:

+- NOCSH

+audience: Admin

+ms.localizationpriority: medium

+- Tier2

+- scotvorg

+- M365-subscription-management

+- Adm_TOC

+search.appverid:

+- MET150

+description: "A feature that creates new ServiceNow incidents when a Microsoft Service Health Incident is published for your Microsoft 365 tenant."

+# Automatic ServiceNow Incident Creation

+Starting with version 2.1.0, the Microsoft 365 support integration app introduces a new feature that allows creating ServiceNow incidents when a Microsoft Service Health Incident is published for your tenant. This feature seeks to empower IT teams, taking care of creating incidents in ServiceNow when Microsoft publishes new service health incidents.

+Whenever there is an update to the Microsoft Service Health Incident, the app will post the same updates to the ServiceNow incident created for it. Additionally, you can choose to have the app automatically close out the created ServiceNow incident when the Microsoft service health incident is resolved, or you can opt to manually close them out.

+Here are how the properties on the Microsoft service health incident will map to the properties on the ServiceNow incident.

+| Microsoft Service Health | ServiceNow Incident |

+| | |

+| Title | Short Description |

+| Issue type | Impact |

+| Status | Urgency |

+| All other fields | Description |

+## Configuration

+- To enable the Microsoft 365 support integration app to automatically create ServiceNow incidents, navigate to **Microsoft 365 Support** > **Service Health** in your ServiceNow instance and select the option **Enable the Microsoft 365 support integration app to create ServiceNow incidents for each Microsoft 365 service health incident**.

+- To have the app automatically close out the ServiceNow incidents, select the option **Automatically resolve ServiceNow incident when the Microsoft service health is resolved**.

+ - If the ServiceNow incident is manually resolved/closed by a user and this setting is enabled, then the app will discontinue to post updates to that incident.

+ - If the ServiceNow incident is resolved automatically, then the app will discontinue to post updates to that incident.

+ - The ServiceNow incident will be resolved with the following settings:

+| Resolution code | Closed/Resolved by Caller |

+| | |

+| Resolution note | The Microsoft service health incident was resolved on <date_time>. Please refer to the incident details in the Microsoft 365 Support tab for more information. |

+- To have the app automatically create ServiceNow incidents, you will need to configure the **Assignment group** and **Category** The **Assigned to** and **Subcategory** are not required but can be configured for improved routing and reporting.

+This catalog is designed to help customers with Azure AD P2 functionality, including access reviews, PIM, entitlement management (ELM), Access Reviews, HR-driven user provisioning, and life cycle workflows.

+### PIM

+Manage usersΓÇÖ time-bound admin access with our automated system that allows eligible users to complete privileged tasks through an approval workflow without risking exposure of sensitive data or critical configuration settings.

+### ELM

+We offer a curated list of docs and a pointer to the Azure AD admin center, where the admin can configure entitlement management.

+### Access reviews

+We offer a fully automated experience that allows you to first test and then enable the most common access review settings. This allows group owners to approve guest usage in all Microsoft 365 groups.

+### HR-driven user provisioning

+Respond faster to identity changes in your HR app and eliminate manual provisioning. Sync worker profile changes with your business apps. This includes the ability to writeback managed attributes directly from the app, whether it's a hire, name, title, manager change, or termination.

+### Lifecycle workflows

+Easily manage your users' lifecycle in Azure AD by creating custom workflows to automate repetitive onboarding and offboarding tasks, eliminating the need for manual processes. Lifecycle workflows automatically execute configured tasks when users join or leave your org and provide insights for easy troubleshooting.

+The setup guides contain a checklist of the tasks you need to complete, and you can track your progress as you go through the guides. The guides will also link to the other setup guides when necessary.

+This guide is designed to help you add cloud apps to Microsoft 365. In our guide, you can add an application to your tenant, add users to the app, assign roles, and more. If the app supports single sign-on (SSO), weΓÇÖll walk you through that configuration.

+## Configure multi-factor authentication (MFA)

+For customers with Azure P1 or Azure P2, we provide customizable Conditional Access templates that include the most common and least intrusive security standards. When Azure licensing isnΓÇÖt available, we provide a one-click solution to enable Security Defaults, a baseline protection policy for all users, or we provide steps to enable legacy (per-user) MFA.

+Conditional Access requires an Azure Active Directory P1 or P2 license. Security defaults and per-user MFA are included with all Microsoft 365 subscriptions.

+## Plan your passwordless setup guide

+Upgrade to an alternative sign-in approach that allows users to access their devices securely with one of the following passwordless authentication methods:

+- Windows Hello for Business

+- The Microsoft Authenticator app

+- Security keys

+- Temporary Access Pass (TAP)

+Use the passwordless deployment guide to discover the best authentication methods to use and receive guidance on how to deploy them.

+## Migrate from ADFS to Azure AD

+We offer custom guidance for migrating from ADFS to Azure AD. Answer a few questions about your Active Directory Federation Services (AD FS) infrastructure and then implement either pass-through authentication (PTA) or password hash sync (PHS) to give users a streamlined experience while accessing your org's apps.

+[Open the Migrate from ADFS to Azure AD guide](https://admin.microsoft.com/adminportal/home?Q=azuredocs#/modernonboarding/MigrateADFSToMicrosoftAzureAD).

+- **Attack surface reduction capabilities are rolling out**. [Attack surface reduction capabilities in Defender for Business](../security/defender-business/mdb-asr.md) include attack surface reduction rules and a new attack surface reduction rules report. Attack surface reduction rules target certain behaviors that are considered risky because they are commonly abused by attackers through malware. In the Microsoft 365 Defender portal ([https://security.microsoft.com/](https://security.microsoft.com/)), you can now view a report showing detections and configuration information for attack surface reduction rules. In the navigation pane, choose **Reports**, and under **Endpoints**, choose **Attack surface reduction rules**.

+### Need help with choosing a plan?

+Deciding on a plan can depend on your specific business needs. The Microsoft 365 plan chooser is designed to help you with this. The chooser will make recommendations based on your answers to questions such as the size of your business, your field of work, the devices you use, and what kind of features, IT support, and security you're looking for. See [Help me find the right plan for my business](https://go.microsoft.com/fwlink/p/?linkid=2224417).

+Use these steps to create an account and sign up for a free trial subscription of Microsoft 365 Business Standard, Microsoft 365 Business Premium, or Microsoft 365 Apps for business.

+- When you use sensitivity labels with Microsoft Defender for cloud apps, see [Governing connected apps](/defender-cloud-apps/governance-actions) and the labeling information for file governance actions.

+2. On the policy template wizard, the Contoso IT administrators and compliance specialists work together to complete the three required fields: **Policy name**, **Users or groups in scope**, and **Reviewers**.

+3. Since the policy wizard has already suggested a name for the policy, the IT administrators and compliance specialists decide to keep the suggested name and focus on the remaining fields. They select the *All users* group for the **Users or groups in scope** field and select the compliance specialists that should investigate and remediate policy alerts for the **Reviewers** field. The last step to configure the policy and start gathering alert information is to select **Create policy**.

+Use the following group management configurations to bring individual user chats and channel communications in Teams in scope:

+- **For Teams channel communications:** Assign every Microsoft Teams channel or Microsoft 365 group you want to analyze that contains a specific user to the communication compliance policy. If you add the same user to other Microsoft Teams channels or Microsoft 365 groups, be sure to add these new channels and groups to the communication compliance policy. If any member of the channel is a scoped user within a policy and the *Inbound* direction is configured in a policy, all messages sent within the channel are subject to review, and potential policy matches (even for users in the channel that aren't explicitly scoped). For example, User A is the owner or a member of a channel. User B and User C are members of the same channel and use language that is matched to the potentially inappropriate content policy that applies only to User A. User B and User C create policy matches for conversations within the channel even though they aren't directly scoped in the potentially inappropriate content policy. Teams conversations between User B and User C that are outside of the channel and include User A wouldn't be subject to the potentially inappropriate content policy that includes User A. To exclude channel members from being scoped when other members of the channel are explicitly scoped, turn off the *Inbound* communication direction setting in the applicable communication compliance policy.

+- **For Teams chats with hybrid email environments**: Communication compliance can detect chat messages for organizations with an Exchange on-premises deployment or an external email provider that have enabled Microsoft Teams. You must create a distribution group for the users with on-premises or external mailboxes. When creating a communication compliance policy, you'll assign this distribution group using the **Choose users and groups** selection in the policy wizard. For more information about the requirements and limitations for enabling cloud-based storage and Teams support for on-premises users, see [Search for Teams chat data for on-premises users](/microsoft-365/compliance/search-cloud-based-mailboxes-for-on-premises-users).

+ When you create a communication compliance policy, you define who has their communications reviewed and who performs reviews. In the policy, you'll use email addresses to identify individuals or groups of people. To simplify your setup, you can create groups for people who have their communication reviewed and groups for people who review those communications. If you're using groups, you may need several. For example, if you want to detect communications between two distinct groups of people or if you want to specify a group that isn't going to be scoped.

+|Scoped users <br> Excluded users | Distribution groups <br> Microsoft 365 Groups | Dynamic distribution groups <br> Shared mailbox <br> Nested distribution groups <br> Mail-enabled security groups <br> Microsoft 365 groups with dynamic membership |

+If you're an organization with an Exchange on-premises deployment or an external email provider and you want to detect Microsoft Teams chats for your users, you must create a distribution group for the users with on-premises or external mailboxes. Later in these steps, you'll assign this distribution group by using the **Choose users and groups** selection in the policy wizard. For more information about the requirements and limitations for enabling cloud-based storage and Teams support for on-premises users, see [Search for Teams chat data for on-premises users](/microsoft-365/compliance/search-cloud-based-mailboxes-for-on-premises-users).

+To manage scoped users in large enterprise organizations, you may need to detect messages for all users across large groups. You can use PowerShell to configure a distribution group for a global communication compliance policy for the assigned group. This enables you to detect messages for thousands of users with a single policy and keep the communication compliance policy updated as new employees join your organization.

+ - Choose the users or groups to apply the policy to, including the users or groups you'd like to exclude. When using the conflict of interest template, you'll select two groups or two users to detect internal communications.

+ - Choose the users or groups to apply the policy to, including all users in your organization, specific users and groups, or other users and groups you'd like to exclude.

+ - Choose if you'd like to enable classifiers. Classifiers can detect potentially inappropriate language and images sent or received in the body of email messages or other types of text. You can choose the following built-in classifiers: *Targeted threat*, *Profanity*, *Targeted harassment*, *Adult images*, *Racy images*, and *Gory images*.

+1. Open an email client, Microsoft Teams, or Yammer while signed in as a scoped user defined in the policy you want to test.

+### Scoped users

+Before you start using communication compliance, you must determine who needs their communications reviewed. In the policy, user email addresses identify individuals or groups of people to apply the policy to. Some examples of these groups are Microsoft 365 Groups, Exchange-based distribution lists, Yammer communities, and Microsoft Teams channels. You also can exclude specific users or groups from checking with a specific exclusion group or a list of groups. For more information about groups types supported in communication compliance policies, see [Get started with communication compliance](/microsoft-365/compliance/communication-compliance-configure#step-3-optional-set-up-groups-for-communication-compliance).

+When you create a communication compliance policy, you must determine who reviews the messages of the scoped users. In the policy, user email addresses identify individuals or groups of people to review scoped communications. All reviewers must have mailboxes hosted on Exchange Online, must be assigned to either the *Communication Compliance Analysts* or *Communication Compliance Investigators* role groups, and must be assigned in the policy they need to investigate. When reviewers are added to a policy, they automatically receive an email message that notifies them of the assignment to the policy and provides links to information about the review process.

+### Groups for scoped users and reviewers

+To simplify your setup, we recommend you create groups for people who need their communications reviewed and groups for people who review those communications. If you're using groups, you might need several. For example, if you want to identify communications between two distinct groups of people, or if you want to specify a group that isn't in scope. When you assign a Distribution group in the policy, the policy detects all emails from each user in Distribution group. When you assign a Microsoft 365 group in the policy, the policy detects all emails sent to that group, not the individual emails received by each group member.

+|Scoped users <br> Excluded users | Distribution groups <br> Microsoft 365 Groups | Dynamic distribution groups <br> Nested distribution groups <br> Mail-enabled security groups <br> Microsoft 365 groups with dynamic membership |

+| **Sensitive information** | Detect sensitive info types | - Locations: Exchange Online, Microsoft Teams, Yammer <br> - Direction: Inbound, Outbound, Internal <br> - Review Percentage: 10% <br> - Conditions: Sensitive information, out-of-the-box content patterns, and types, custom dictionary option, attachments larger than 1 MB |

+| **Regulatory compliance** | Detect financial regulatory compliance | - Locations: Exchange Online, Microsoft Teams, Yammer <br> - Direction: Inbound, Outbound <br> - Review Percentage: 10% <br> - Conditions: custom dictionary option, attachments larger than 1 MB |

+| **Conflict of interest** | Detect conflict of interest | - Locations: Exchange Online, Microsoft Teams, Yammer <br> - Direction: Internal <br> - Review Percentage: 100% <br> - Conditions: None |

+4. On the **Detect user-reported messages** pane, assign reviewers for the policy. Reviewers must have mailboxes hosted on Exchange Online. When reviewers are added to a policy, they automatically receive an email message that notifies them of the assignment to the policy and provides links to information about the review process.

+- **Inbound**: Detects communications sent **to** scoped users from external and internal senders, including other scoped users in the policy.

+- **Outbound**: Detects communications sent **from** scoped users to external and internal recipients, including other scoped users in the policy.

+- **Internal**: Detects communications **between** the scoped users or groups in the policy.

+| **Attachment is any of these file types** <br><br> **Attachment is none of these file types** | To bring communications into scope that include or exclude specific types of attachments, enter the file extensions (such as .exe or .pdf). If you want to include or exclude multiple file extensions, enter file types separated by a comma (example *.exe,.pdf,.zip*). Do not include spaces between items separated by a comma. Only one attachment extension must match for the policy to apply.|

+In some instances, you must provide information to regulatory or compliance auditors to prove that user activities and communications are scoped. This information may be a summary of all activities associated with a defined organizational policy or anytime a communication compliance policy changes. Communication compliance policies have built-in audit trails for complete readiness for internal or external audits. Detailed audit histories of every create, edit, and delete action are captured by your communication policies to provide proof of scoped procedures.

+For example, the following example returns the activities for all the scoped review activities (policies and rules):

+Communication compliance policy matches are stored in a scoped mailbox for each policy. In some cases, you may need to check the size of your scoped mailbox for a policy to make sure you aren't approaching the current 100-GB storage size or 1 million message limit. If the mailbox limit is reached, policy matches aren't captured and you'll need to create a new policy (with the same settings) to continue to capture matches for the same activities.

+To check the size of a scoped mailbox for a policy, complete the following steps:

+- **Business conduct**: Corporate sabotage (preview), Discrimination, Profanity, Threat, and Targeted harassment classifiers

+ Most organizations must comply with some type of regulatory compliance standards as part of their normal operating procedures. These regulations often require organizations to implement some type of scoping or oversight process for messaging that is appropriate for their industry. The Financial Industry Regulatory Authority (FINRA) Rule 3110 is a good example of a requirement for organizations to have scoping procedures in place to check user communications and the types of businesses in which it engages. Another example may be a need to review broker-dealer communications in your organization to safeguard against potential insider trading, collusion, or bribery activities. Communication compliance policies can help your organization meet these requirements by providing a process to both analyze and report on corporate communications. For more information on support for financial organizations, see [Key compliance and security considerations for US banking and capital markets](../solutions/financial-services-secure-collaboration.md).

+- **Microsoft Teams**: Chat communications for public and private [Microsoft Teams](/MicrosoftTeams/Teams-overview) channels and individual chats are supported in communication compliance as a standalone channel source or with other Microsoft 365 services. You'll need to manually add individual users, distribution groups, or specific Microsoft Teams channels when you select users and groups to apply a communication compliance policy to. Teams users can also self-report potentially inappropriate messages in private and group channels and chats for review and remediation.

+- **Detect sensitive info types**: Use this template to quickly create a policy to check communications containing defined sensitive information types or keywords to help make sure that important data isn't shared with people that shouldn't have access.

+- **Detect financial regulatory compliance**: Use this template to quickly create a policy to check communications for references to standard financial terms associated with regulatory standards.

+- **Detect conflict of interest**: Use this template to quickly create a policy to detect communications between two groups or two users to help avoid conflicts of interest.

+ - Removing an assessment-based role won't remove the user's overall Compliance Manager role if they have one. If you want to change a user's overall role, you'll have to change it from the **Permissions** page in the Microsoft Purview compliance portal.

+This [downloadable spreadsheet](https://download.microsoft.com/download/6/b/f/6bfff670-47c3-4e45-b01b-64a2610eaefa/mde-urls-commercial.xlsx) lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an allow rule specifically for them.

+Now rolling out in preview, sensitivity labels support [administrative units that have been configured in Azure Active Directory](/azure/active-directory/roles/administrative-units):

+> [!NOTE]

+> If you're using the AIP add-in for labeling in Office apps, we recommend you move to built-in labeling. For more information, see [Migrate the Azure Information Protection (AIP) add-in to built-in labeling for Office apps](sensitivity-labels-aip.md).

+ Title: Review data with the insider risk management content explorer

+# Review data with the insider risk management content explorer

+For new cases, it usually takes about an hour for content to populate in Content explorer. For cases with large amounts of content, it may take longer to create a snapshot. If content is still loading in Content explorer, you'll see a progress indicator that displays the completion percentage.

+If the content includes Information Rights Management permissions, these permissions are maintained for the copied content and users assigned the *Insider Risk Management Investigators* role will need these permissions and rights if they need to open and view the files. Each file and message are automatically assigned a unique file ID in the insider risk management case for management purposes. Documents associated with device indicator activities aren't included in Content explorer.

+| **Conversation ID** | Conversation ID from the message. |

+| **Family ID** | Family ID groups together all items; for email, this column includes the message and all attachments; for documents, this column includes the document and any embedded items. |

+| **Immutable ID** | Immutable ID as stored in Office 365. |

+## Immediately start scoring user activity

+There may be scenarios where you need to start assigning risk scores to users with insider risk policies outside of the insider risk management triggering event workflow. Use **Start scoring activity for users** on the **Policies** tab to manually add a user (or users) to one or more insider risk policies for a specific amount of time, to start assigning risk scores to their activity, and to bypass the requirement for a user to have a triggering indicator (like a DLP policy match or an Employment End Date from the HR Connector). You can also add a reason for adding the user to the policy, which will appear on the users' activity timeline. Users manually added to policies are displayed in the **Users** dashboard and alerts are created if the activity meets the policy alert thresholds. At any given time, you can have up to 4,000 users in scope that have been manually added using the **Start scoring activity for users** feature.

+|*Experience for internal recipient*|Recipients receive an HTML message, which they download and open in a web browser or mobile app|Native inline experience in Outlook clients|Native inline experience for recipients in the same organization using Outlook clients. Recipients can read message from encrypted message portal using clients other than Outlook (no download or app required).|

+Microsoft Purview Advanced Message Encryption offers more capabilities on top of Microsoft Purview Message Encryption. You must have Microsoft Purview Message Encryption set up in your organization in order to use Advanced Message Encryption. Also, in order to use these capabilities, recipients must view and reply to secure mail through the Microsoft Purview Message Encryption Portal. The advanced capabilities include:

+Advanced Message Encryption isn't supported in GCC High.

+These new capabilities work with [sensitivity labels](sensitivity-labels.md) only.

+- SharePoint and OneDrive don't automatically apply sensitivity labels to existing files that have been encrypted using the older-style Azure Information Protection labels that used to be published from the Azure portal. For the features to work after you enable sensitivity labels for Office files in SharePoint and OneDrive, download these files and then upload them to their original location in SharePoint or OneDrive.

+> [!CAUTION]

+> Private CDN configuration is in the process of deprecation. You are no longer required to configure a private CDN. Image file types are served through a private CDN out of the box. However, if a private CDN is in use for other file types, like JS or CSS, we recommend using a public CDN for better performance. Going forward, non-image file types will not be supported through private CDNs.

+ - tier1

+ - tier1

+ - tier1

+ - tier1

+- Must have at least one license of Microsoft 365 Business Premium, Microsoft 365 E3, Microsoft 365 E5, Windows 365 Business, or Microsoft Defender for Business

+To help protect your network and devices, Microsoft Defender for Business includes several attack surface reduction capabilities that are rolling out now. This article provides an overview of those capabilities, and includes links to more detailed information.

+These rules help protect your network and devices but shouldn't cause disruption for users. Use Intune to set up your ASR rules.

+2. Choose **Create policy** to create a new policy.

+ - For **Platform**, choose **Windows 10, Windows 11, and Windows Server**.

+> [!TIP]

+> If you prefer, you can set up your ASR rules in audit mode at first to see detections before files or processes are actually blocked. For more detailed information about ASR rules, see [ASR rules deployment overview](../defender-endpoint/attack-surface-reduction-rules-deployment.md).

+- **[Attack surface reduction rules](#enable-standard-attack-surface-reduction-rules)** (rolling out now), which help protect your network and devices from cyberthreats and attacks

+- Network protection (turned on by default with [next-generation protection](mdb-next-gen-configuration-settings.md)).

+- Web protection (turned on by default with [web content filtering](#set-up-web-content-filtering)).

+- Firewall protection (turned on by default with [firewall policies](mdb-firewall.md)).

+> To be eligible to acquire Microsoft Defender for Endpoint Server licenses (one per covered server instance), you must have already purchased a combined minimum of 50 licenses for one or more of the following:

+>

+> - Microsoft Defender for Endpoint (per user)

+> - Windows E5/A5

+> - Microsoft 365 E5/A5

+> - Microsoft 365 E5 Security User subscription licenses.

+| [Defender for Endpoint Plan 1](defender-endpoint-plan-1.md) | - [Next-generation protection](defender-endpoint-plan-1.md#next-generation-protection) (includes antimalware and antivirus)<br/>- [Attack surface reduction](defender-endpoint-plan-1.md#attack-surface-reduction)<br/>- [Manual response actions](defender-endpoint-plan-1.md#manual-response-actions)<br/>- [Centralized management](defender-endpoint-plan-1.md#centralized-management)<br/>- [Security reports](defender-endpoint-plan-1.md#reporting)<br/>- [APIs](defender-endpoint-plan-1.md#apis)<br/>- [Support for Windows 10, iOS, Android OS, and macOS devices](defender-endpoint-plan-1.md#cross-platform-support)|

+| [Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) | All of the Defender for Endpoint Plan 1 capabilities, plus:<br/>- [Device discovery](device-discovery.md)<br/>- [Device inventory](machines-view-overview.md)<br/>- [Core Defender Vulnerability Management capabilities](../defender-vulnerability-management/defender-vulnerability-management-capabilities.md)<br/>- [Threat Analytics](threat-analytics.md)<br/>- [Automated investigation and response](automated-investigations.md)<br/>- [Advanced hunting](advanced-hunting-overview.md)<br/>- [Endpoint detection and response](overview-endpoint-detection-response.md)<br/>- [Endpoint Attack Notifications](endpoint-attack-notifications.md)<br/>- Support for [Windows](configure-endpoints.md) (client only) and [non-Windows platforms](configure-endpoints-non-windows.md) (macOS, iOS, Android, and Linux) |

+| [Defender Vulnerability Management add-on](../defender-vulnerability-management/defender-vulnerability-management-capabilities.md) | More Defender Vulnerability Management capabilities for Defender for Endpoint Plan 2: <br/>- [Security baselines assessment](../defender-vulnerability-management/tvm-security-baselines.md)<br/>- [Block vulnerable applications](../defender-vulnerability-management/tvm-block-vuln-apps.md)<br/>- [Browser extensions](../defender-vulnerability-management/tvm-browser-extensions.md)<br/>- [Digital certificate assessment](../defender-vulnerability-management/tvm-certificate-inventory.md)<br/>- [Network share analysis](../defender-vulnerability-management/tvm-network-share-assessment.md)<br/>- Support for [Windows](configure-endpoints.md) (client and server) and [non-Windows platforms](configure-endpoints-non-windows.md) (macOS, iOS, Android, and Linux) |

+| [Defender for Business](../defender-business/mdb-overview.md) ^[[1](#fn1)] | [Services optimized for small and medium-sized businesses](../defender-business/compare-mdb-m365-plans.md) include: <br/>- Email protection<br/>- Antispam protection<br/>- Antimalware protection<br/>- Next-generation protection<br/>- Attack surface reduction<br/>- Endpoint detection and response<br/>- Automated investigation and response <br/>- Vulnerability management<br/>- Centralized reporting<br/>- APIs (for integration with custom apps or reporting solutions)<br/>- [Integration with Microsoft 365 Lighthouse](../defender-business/mdb-lighthouse-integration.md) |

+- **Microsoft Defender for Endpoint for Servers** (*if you already have these licenses*). See [Defender for Endpoint onboarding Windows Server](onboard-windows-server.md).

+Control Filter is not working as expected from iOS 16.1 onwards. This has impacted the Web Protection capability for Supervised devices without local loopback VPN. The issue has been resolved with iOS 16.3. Support for Control Filter is re-enabled with the new version - 1.1.38010102.

+> No restart of mdatp daemon is required for changes to _most_ configurations in mdatp_managed.json to take effect.

+ **Exception:** The following configurations require a daemon restart to take effect:

+> - cloud-diagnostic

+> - log-rotation-parameters

+3. You'll see the settings that are available.

+To be eligible to acquire Microsoft Defender for Endpoint Server licenses (one per covered server instance), you must have already purchased a combined minimum of 50 licenses for one or more of the following:

+- Microsoft Defender for Endpoint (per user)

+- Windows E5/A5

+- Microsoft 365 E5/A5

+- Microsoft 365 E5 Security User subscription licenses

+A scanning account is required to remotely access the devices. This must be a [Group Managed Service Account (gMsa)](/windows-server/security/group-managed-service-accounts/group-managed-service-accounts-overview/).

+>[!NOTE]

+> We recommend the gMSA account is a least privileged account with only the required scanning permissions and is set to cycle the password regularly.

+To create a gMsa account:

+- [Investigate alerts](investigate-alerts.md)

+> Safety Scanner is exclusively SHA-2 signed. Your devices must be updated to support SHA-2 in order to run Safety Scanner. To learn more, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](https://support.microsoft.com/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus).

+Lack of strong email authentication policies is a large problem. While organizations might not understand how email authentication works, attackers fully understand and they take advantage. Because of phishing concerns and the limited adoption of strong email authentication policies, Microsoft uses *implicit email authentication* to check inbound email.

+> [!NOTE]

+> When you report an email entity to Microsoft, everything associated with the email is copied to include it in the continual algorithm reviews. This copy includes the email content, email headers, and related data about email routing. Any message attachments are also included.

+>

+> Microsoft treats your feedback as your organization's permission to analyze all the information to fine tune the message hygiene algorithms. Your message is held in secured and audited data centers in the USA. The submission is deleted as soon as it's no longer required. Microsoft personnel might read your submitted messages and attachments, which is normally not permitted for email in Microsoft 365. However, your email is still treated as confidential between you and Microsoft, and your email or attachments isn't shared with any other party as part of the review process.

+ In the **Add a mailbox to send reported messages to** box that appears, enter the email address of an existing Exchange Online mailbox to use as the reporting mailbox that holds user reported messages from Microsoft reporting tools. Distribution groups and routing to an external or on-premises mailbox are not allowed.

+- Step 1: [Create an invoices model](#step-1-create-an-invoices-model)

+- Step 2: [Upload an example file to analyze](#step-2-upload-an-example-file-to-analyze)

+- Step 3: [Select extractors for your model](#step-3-select-extractors-for-your-model)

+- Step 4: [Apply the model](#step-4-apply-the-model)

+## Step 1: Create an invoices model

+## Step 2: Upload an example file to analyze

+ 

+## Step 3: Select extractors for your model

+## Step 4: Apply the model

+ 

+To show or hide Whiteboard in meetings, see [Meeting policy settings](/microsoftteams/meeting-policies-content-sharing). To control the availability of the Whiteboard app for each user within the organization, see [App Policies settings](/microsoftteams/app-policies).